---
version: "3.7"

networks:
  woodpecker:
  forgejo:
  proxy:
    driver: bridge


volumes:
  forgejo:
  postgres:
  woodpecker:
  traefik_config:
  traefik_certs:
  traefik_logs:
  traefik_acme:
  registry:
  artifacts_data:
  verdaccio_data:
  verdaccio_config:
  verdaccio_plugins:

services:
  traefik:
    image: traefik:v2.10.5
    container_name: traefik
    restart: always
    # using network mode host allows traefik access to all "docker networks"
    # otherwise traefik needs to be part of any network defined
    network_mode: host
    command:
      - "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.email=richard.attermeyer@gmail.com"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
      - "traefik_certs:/etc/certs"
      - "traefik_logs:/var/log/traefik"
      - "traefik_acme:/etc/acme"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.dashboard.entrypoints=https"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.local-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.0.0/16, 172.16.0.0/12"

  smtp:
    image: "maildev/maildev:2.1.0"
    networks:
      - proxy
    ports:
      - "1025:1025"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mail.rule=Host(`${MAIL_HOST}`)"
      - "traefik.http.routers.mail.tls=true"
      - "traefik.http.routers.mail.entrypoints=https"
      - "traefik.http.services.mail.loadbalancer.server.port=1080"

  forgejo:
    image: codeberg.org/forgejo/forgejo:1.20
    container_name: forgejo
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=db:5432
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=forgejo
      - FORGEJO__server__ROOT_URL=${FORGEJO_URL}
      - FORGEJO__webhook__SKIP_TLS_VERIFY=true
      - FORGEJO__webhook__ALLOWED_HOST_LIST=external,*
      - FORGEJO__webhook__DELIVER_TIMEOUT=20
      - FORGEJO__mailer__SMTP_ADDR=smtp
      - FORGEJO__mailer__SMTP_PORT=1025
      - FORGEJO__mailer__SMTP_ENABLED=true
      - FORGEJO__server__LFS_START_SERVER=true
      - FORGEJO__CRON__ENABLED=true
      - FORGEJO__service__DISABLE_REGISTRATION=true
    restart: always
    ports:
      - "3000:3000"
    networks:
      - forgejo
      - proxy
    volumes:
      - forgejo:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - db
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.forgejo.rule=Host(`${FORGEJO_HOST}`)"
      - "traefik.http.routers.forgejo.entrypoints=https"
      - "traefik.http.routers.forgejo.tls=true"
      - "traefik.http.routers.forgejo.tls.certresolver=letsencrypt"
      - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
      - "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.forgejo-ssh.service=gitea-ssh-svc"
      - "traefik.tcp.services.forgejo-ssh-svc.loadbalancer.server.port=22"

  db:
    image: postgres:14
    restart: always
    environment:
      - POSTGRES_USER=forgejo
      - POSTGRES_PASSWORD=forgejo
      - POSTGRES_DB=forgejo
    networks:
      - forgejo
    volumes:
      - postgres:/var/lib/postgresql/data

  woodpecker-server:
    image: woodpeckerci/woodpecker-server:v1.0.5
    container_name: woodpecker-server
    restart: unless-stopped
    cpus: 0.5
    mem_limit: 512m
    networks:
      - woodpecker
      - proxy
    environment:
      - "WOODPECKER_OPEN=true"
      - "WOODPECKER_HOST=${WOODPECKER_URL}"
      - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
      - "WOODPECKER_ADMIN=${WOODPECKER_ADMIN}"
      - "WOODPECKER_GITEA=true"
      - "WOODPECKER_GITEA_URL=${WOODPECKER_FORGEJO_URL}"
      - "WOODPECKER_GITEA_CLIENT=${WOODPECKER_FORGEJO_CLIENT}"
      - "WOODPECKER_GITEA_SECRET=${WOODPECKER_FORGEJO_SECRET}"
      - "WOODPECKER_GITEA_SKIP_VERIFY=true"
      - "WOODPECKER_LIMIT_MEM=2147483648"
      - "WOODPECKER_LIMIT_MEM_SWAP=2147483648"
    volumes:
      - "woodpecker:/var/lib/woodpecker"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.woodpecker.rule=Host(`${WOODPECKER_HOST}`)"
      - "traefik.http.routers.woodpecker.tls=true"
      - "traefik.http.routers.woodpecker.tls.certresolver=letsencrypt"
      - "traefik.http.routers.woodpecker.entrypoints=https"
      - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"

  woodpecker-agent:
    container_name: woodpecker-agent
    image: woodpeckerci/woodpecker-agent:v1.0.5
    restart: unless-stopped
    cpus: 0.5
    mem_limit: 512m
    depends_on:
      - woodpecker-server
    networks:
      - woodpecker
    environment:
      - "WOODPECKER_SERVER=woodpecker-server:9000"
      - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
      - "WOODPECKER_MAX_WORKFLOWS=2"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"

  registry:
    image: registry:2
    container_name: registry
    networks:
      - proxy
    environment:
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    volumes:
      - registry:/var/lib/registry
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.registry.rule=Host(`${REGISTRY_HOST}`)"
      - "traefik.http.routers.registry.tls=true"
      - "traefik.http.routers.registry.entrypoints=https"
      - "traefik.http.services.registry.loadbalancer.server.port=5000"
  ui:
    image: joxit/docker-registry-ui:latest
    environment:
      - DELETE_IMAGES=true
      - REGISTRY_TITLE=My Private Docker Registry
      - NGINX_PROXY_PASS_URL=http://registry:5000
      - SINGLE_REGISTRY=true
    depends_on: ['registry']
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.regui.rule=Host(`${REGISTRY_UI_HOST}`)"
      - "traefik.http.routers.regui.tls=true"
      - "traefik.http.routers.regui.tls.certresolver=letsencrypt"
      - "traefik.http.routers.regui.entrypoints=https"
      - "traefik.http.services.regui.loadbalancer.passhostheader=true"
  mvn-registry:
    image: ghcr.io/dzikoysk/reposilite:3.5.0
    container_name: reposilite
    deploy:
      resources:
        limits:
          memory: ${REPOSILITE_MEMORY}
    networks:
      - proxy
    volumes:
      - artifacts_data:/app/data
    stdin_open: true
    environment:
      - JAVA_OPTS=-Xmx${REPOSILITE_MEMORY} ${REPOSILITE_JAVA_COMPOSE_OPTS}
      - REPOSILITE_OPTS=--port ${REPOSILITE_PORT} ${REPOSILITE_COMPOSE_OPTS}
    tty: true
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mvn.rule=Host(`${REPOSILITE_HOST}`)"
      - "traefik.http.routers.mvn.entrypoints=http"
      - "traefik.http.services.mvn.loadbalancer.server.port=${REPOSILITE_PORT}"

  verdaccio:
    image: verdaccio/verdaccio:5
    container_name: verdaccio
    volumes:
      - verdaccio_data:/verdaccio/storage
      - verdaccio_config:/verdaccio/conf
      - verdaccio_plugins:/verdaccio/plugins
    ports:
      - "4873:4873"
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.npm.rule=Host(`${VERDACCIO_HOST}`)"
      - "traefik.http.routers.npm.entrypoints=http"
      - "traefik.http.services.npm.loadbalancer.server.port=4873"
  #
  #watchtower:
  # image: containrrr/watchtower:latest
  # volumes:
  #   - /var/run/docker.sock:/var/run/docker.sock