networks:
  forgejo:
    external: false

services:
  tailscale:
    hostname: git
    image: tailscale/tailscale
    volumes:
      - ./data/tailscale:/var/lib/tailscale
      - ./ts-serve.json:/config/ts-serve.json:ro
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    environment:
      TS_HOSTNAME: git
      TS_AUTH_KEY: ${TS_AUTH_KEY}
      TS_SERVE_CONFIG: /config/ts-serve.json
      TS_AUTH_ONCE: true
      TS_STATE_DIR: /var/lib/tailscale
      TS_EXTRA_ARGS: --advertise-tags=tag:forgejo
    restart: unless-stopped
    healthcheck:
      test: tailscale status --peers=false --json | grep 'Online.*true'
      start_period: 3s
      interval: 1s
      retries: 3
    init: true
    networks:
      - forgejo

  server:
    image: codeberg.org/forgejo/forgejo:11
    container_name: server
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - FORGEJO__server__ROOT_URL=${FORGEJO_ROOT_URL}
      - FORGEJO__server__SSH_DOMAIN=${FORGEJO_SSH_DOMAIN}
      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=db:5432
      - FORGEJO__database__NAME=${FORGEJO_DB_NAME}
      - FORGEJO__database__USER=${FORGEJO_DB_USER}
      - FORGEJO__database__PASSWD=${FORGEJO_DB_PASS}
    restart: always
    volumes:
      - /srv/@git/git:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - '3000:3000'
      - '222:22'
    networks:
      - forgejo

  db:
    image: postgres:13
    restart: always
    environment:
      - POSTGRES_USER=${FORGEJO_DB_USER}
      - POSTGRES_PASSWORD=${FORGEJO_DB_PASS}
      - POSTGRES_DB=${FORGEJO_DB_NAME}
    volumes:
      - ./data/postgres:/var/lib/postgresql/data
    networks:
      - forgejo