services:
    tailscale-gitea:
        image: ghcr.io/tailscale/tailscale:v1.84.3
        container_name: tailscale-gitea
        cap_add:
            - net_admin
            - sys_module
        environment:
            - TS_STATE_DIR=/var/lib/tailscale
            - TS_ENABLE_METRICS=true
            - TS_HOSTNAME=gitea-ps10rp
            - TS_SERVE_CONFIG=/config/serve.json
        network_mode: service:gitea
        restart: always
        volumes:
            - tailscale:/var/lib/tailscale
            - ${PWD}/serve.json:/config/serve.json
        devices:
            - /dev/net/tun:/dev/net/tun

    postgresql:
        image: docker.io/postgres:17.5-alpine3.21
        container_name: gitea-postgres
        env_file:
            - .env
        environment:
            - POSTGRES_USER=gitea
            - POSTGRES_DB=gitea
        networks:
            internal: null
        restart: always
        volumes:
            - postgresql:/var/lib/postgresql/data

    gitea:
        image: gitea/gitea:1.24.2
        container_name: gitea
        depends_on:
            - postgresql
        environment:
            - GITEA__database__DB_TYPE=postgres
            - GITEA__database__HOST=gitea-postgres:5432
            - GITEA__database__NAME=gitea
            - GITEA__database__USER=gitea
        labels:
            traefik.enable: true
            traefik.docker.network: internal
            traefik.http.routers.gitea.entrypoints: web-secure
            traefik.http.routers.gitea.rule: Host(`gitea.lebens-home.net`)
            traefik.http.routers.gitea.service: gitea
            traefik.http.services.gitea.loadbalancer.server.port: 3000
        networks:
            internal: null
        restart: always
        volumes:
            - gitea:/data
            - /etc/timezone:/etc/timezone:ro
            - /etc/localtime:/etc/localtime:ro

networks:
    internal:
        name: internal
        external: true

volumes:
    tailscale:
    postgresql:
    gitea: