services:
  forgejo-db:
    image: postgres:16-alpine
    container_name: forgejo-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: forgejo
      POSTGRES_USER: forgejo
      POSTGRES_PASSWORD: "{{ forgejo_db_password }}"
    volumes:
      - {{ forgejo_data_dir }}/db:/var/lib/postgresql/data
    networks:
      - internal
    logging:
      driver: gelf
      options:
        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
        tag: "forgejo-db"

  forgejo:
    image: codeberg.org/forgejo/forgejo:{{ forgejo_version }}
    container_name: forgejo
    restart: unless-stopped
    depends_on:
      - forgejo-db
    environment:
      USER_UID: 1000
      USER_GID: 1000
      FORGEJO__database__DB_TYPE: postgres
      FORGEJO__database__HOST: forgejo-db:5432
      FORGEJO__database__NAME: forgejo
      FORGEJO__database__USER: forgejo
      FORGEJO__database__PASSWD: "{{ forgejo_db_password }}"
      FORGEJO__server__DOMAIN: "{{ forgejo_domain }}"
      FORGEJO__server__ROOT_URL: "https://{{ forgejo_domain }}"
      FORGEJO__server__SSH_DOMAIN: "{{ forgejo_domain }}"
      FORGEJO__server__SSH_PORT: "{{ forgejo_ssh_port }}"
      FORGEJO__server__SSH_LISTEN_PORT: 22
      FORGEJO__security__SECRET_KEY: "{{ forgejo_secret_key }}"
      FORGEJO__security__INTERNAL_TOKEN: "{{ forgejo_internal_token }}"
      FORGEJO__lfs__JWT_SECRET: "{{ forgejo_lfs_jwt_secret }}"
      FORGEJO__mailer__ENABLED: "true"
      FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}"
      FORGEJO__mailer__SMTP_PORT: "{{ smtp_port }}"
      FORGEJO__mailer__FROM: "{{ smtp_from }}"
      FORGEJO__mailer__USER: "{{ smtp_user }}"
      FORGEJO__mailer__PASSWD: "{{ smtp_password }}"
      FORGEJO__openid__ENABLE_OPENID_SIGNIN: "true"
      FORGEJO__openid__ENABLE_OPENID_SIGNUP: "false"
      FORGEJO__oauth2_client__REGISTER_EMAIL_CONFIRM: "false"
      FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION: "true"
      FORGEJO__log__LEVEL: warn
    ports:
      - "{{ forgejo_ssh_port }}:22"
    volumes:
      - {{ forgejo_data_dir }}/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.forgejo.rule=Host(`{{ forgejo_domain }}`)"
      - "traefik.http.routers.forgejo.tls=true"
      - "traefik.http.routers.forgejo.tls.certresolver=letsencrypt"
      - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
    networks:
      - internal
      - {{ sovereign_network_name }}
    logging:
      driver: gelf
      options:
        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
        tag: "forgejo"

networks:
  internal:
  {{ sovereign_network_name }}:
    external: true