networks:
  default:
    external: true
    name: traefik

services:
  server:
    image: gitea/gitea
    container_name: gitea
    restart: always
    environment:
      - USER_UID=1000
      - USER_GID=1000
    volumes:
      - ./data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "2345:3000"
      - "2346:22"
    healthcheck:
      # checks availability of Gitea's front-end with curl
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 10s
      retries: 3
      start_period: 30s
      timeout: 10s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea-secure.entrypoints=websecure"
      - "traefik.http.routers.gitea-secure.rule=Host(`git.unkrig.dev`)"
      - "traefik.http.routers.gitea-secure.tls=true"
      - "traefik.http.routers.gitea-secure.service=gitea@docker"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.docker.network=traefik"
    security_opt:
      - no-new-privileges:true

  runner-1:
    image: gitea/act_runner
    restart: always
    depends_on:
      server:
        # required so runner can attach to gitea, see "healthcheck"
        condition: service_healthy
    volumes:
      - ./data/act_runner:/data
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - GITEA_INSTANCE_URL=https://git.unkrig.dev
      # When using Docker Secrets, it's also possible to use
      # GITEA_RUNNER_REGISTRATION_TOKEN_FILE to pass the location.
      # The env var takes precedence.
      # Needed only for the first start.
      - GITEA_RUNNER_REGISTRATION_TOKEN=2rhXpOnN2fcX99evlq4Gz7XqVnFkbuUoIWLqefM5