networks:
  infra-traefik_default:
    external: true

services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: unless-stopped
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=postgres.lan:5432
      - GITEA__database__NAME=git
      - GITEA__database__USER=git
      - GITEA__database__PASSWD=wb3AihmrUU5ocbmtdnc       # ⚠️ bitte ändern!
      - GITEA__server__DOMAIN=git.ljh31.de
      - GITEA__server__ROOT_URL=https://git.ljh31.de
      - GITEA__server__SSH_DOMAIN=git.ljh31.de
      # ── Keycloak / OIDC ────────────────────────────────────────────────────
      - GITEA__oauth2__ENABLED=true
      - GITEA__oauth2__JWT_SECRET=Gn7pQg4GOCFcMvk7EZoKKlnjtgEaXZAD  # ← openssl rand -hex 16
      - GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=false
      - GITEA__service__SHOW_REGISTRATION_BUTTON=false
    ports:
      - "2222:22"
      - "5000:3000"
    volumes:
      - /mnt/docker/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - infra-traefik_default
    labels:
      # ── Traefik ──────────────────────────────────────────────────────────────
      - "traefik.enable=true"
      - "traefik.docker.network=infra-traefik_default"
      - "traefik.http.routers.gitea.rule=Host(`git.ljh31.de`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
      - "traefik.http.routers.gitea.service=gitea"

      - "traefik.http.routers.gitea-http.rule=Host(`git.ljh31.de`)"
      - "traefik.http.routers.gitea-http.entrypoints=web"
      - "traefik.http.routers.gitea-http.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # Korrigiert: Verwendet Docker-Service-Namen & internen Port statt statischer IP
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      
      # ── Homepage ─────────────────────────────────────────────────────────────
      - "homepage.group=Development"
      - "homepage.name=Gitea"
      - "homepage.icon=gitea.png"
      - "homepage.href=https://git.ljh31.de"
      - "homepage.description=Self-hosted Git Service"
      - "homepage.widget.type=gitea"
      - "homepage.widget.url=https://git.ljh31.de"
      - "homepage.widget.key=c77a5470c1c58fd0964a3239939afc4201a638f6"  # ← Gitea API-Token eintragen

  gitea-runner-1:
    image: gitea/act_runner:latest
    container_name: gitea-runner-1
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - GITEA_INSTANCE_URL=http://gitea:3000
      - GITEA_RUNNER_NAME=runner-1
      - GITEA_RUNNER_REGISTRATION_TOKEN=qjdTCfVkQ6q3gm3MK1yRsjsofFu8fVzf26BKNEQr
    networks:
      - infra-traefik_default

  gitea-runner-2:
    image: gitea/act_runner:latest
    container_name: gitea-runner-2
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - GITEA_INSTANCE_URL=http://gitea:3000
      - GITEA_RUNNER_NAME=runner-2
      - GITEA_RUNNER_REGISTRATION_TOKEN=qjdTCfVkQ6q3gm3MK1yRsjsofFu8fVzf26BKNEQr
    networks:
      - infra-traefik_default