services:
  gitea:
    image: docker.gitea.com/gitea:1.23.8
    container_name: gitea
    restart: unless-stopped
    environment:
      - GITEA_CUSTOM=/etc/gitea
    volumes:
      - ./hdd0/gitea:/data
      - ./config/gitea:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.enable=true
      # HTTP/S
      - traefik.http.routers.gitea.rule=Host(`git.bouvais.lu`)
      - traefik.http.routers.gitea.entrypoints=websecure
      - traefik.http.routers.gitea.tls.certresolver=myresolver
      - traefik.http.services.gitea.loadbalancer.server.port=3000
      # SSH
      - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
      - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
      - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22

  gitea-runner:
    image: docker.io/gitea/act_runner:latest
    container_name: gitea-runner
    restart: unless-stopped
    environment:
      CONFIG_FILE: /config.yaml
      GITEA_INSTANCE_URL: https://git.bouvais.lu/
      GITEA_RUNNER_REGISTRATION_TOKEN: jBEK4cLzDp2wqv1Ru3SHyzC0xzl1FV94IcsGe5kd
    volumes:
      - ./config/gitea-runner/config.yaml:/config.yaml
      - ./hdd0/gitea-runner:/data
      - /var/run/docker.sock:/var/run/docker.sock
      - ./hdd0/mkdocs-sites:/sites

  mkdocs-zippondb:
    image: squidfunk/mkdocs-material
    container_name: mkdocs-zippondb
    restart: unless-stopped
    volumes:
      - ./hdd0/mkdocs-sites/zippondb:/docs
    labels:
      - traefik.enable=true
      - traefik.http.routers.gitea_runner.rule=Host(`docs.bouvais.lu`)
      - traefik.http.routers.gitea_runner.entrypoints=websecure
      - traefik.http.routers.gitea_runner.tls.certresolver=myresolver
      - traefik.http.routers.gitea_runner.middlewares=auth@docker
      - traefik.http.services.gitea_runner.loadbalancer.server.port=3000

  registry:
    image: registry:2
    container_name: registry
    restart: unless-stopped
    environment:
      - REGISTRY_AUTH_HTPASSWD_REALM=Bouvais Registry
      - REGISTRY_AUTH_HTPASSWD_PATH=/etc/docker/registry/htpasswd
      - REGISTRY_HTTP_SECRET=${MASTER_PASSWORD}
      - REGISTRY_HEALTH_STORAGEDRIVER_ENABLED=true
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    volumes:
      - ./hdd0/registry/data:/var/lib/registry
      - ./hdd0/registry/htpasswd:/etc/docker/registry/htpasswd:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.registry.rule=Host(`registry.bouvais.lu`)
      - traefik.http.routers.registry.entrypoints=websecure
      - traefik.http.routers.registry.tls.certresolver=myresolver 
      - traefik.http.services.registry.loadbalancer.server.port=5000 

  registry-ui:
    image: joxit/docker-registry-ui:latest
    container_name: registry-ui
    depends_on: [registry]
    restart: unless-stopped
    environment:
      - DELETE_IMAGES=true
      - REGISTRY_TITLE=Bouvais Docker Registry
      - NGINX_PROXY_PASS_URL=http://registry:5000
      - SINGLE_REGISTRY=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.registry_ui.rule=Host(`registry-ui.bouvais.lu`)
      - traefik.http.routers.registry_ui.entrypoints=websecure
      - traefik.http.routers.registry_ui.tls.certresolver=myresolver 
      - traefik.http.services.registry_ui.loadbalancer.server.port=80