services:
  gitea:
    image: gitea/gitea
    container_name: gitea
    environment:
      USER_UID: 1000
      USER_GID: 1000
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: gitea-postgres:5432
      GITEA__database__NAME: gitea
      GITEA__database__USER: gitea
      GITEA__database__PASSWD: ${GITEA_DB_PASSWD}
    networks:
      - proxy
    restart: unless-stopped
    ports:
      - "3000"
      - "222:22"
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    security_opt:
      - no-new-privileges:true
  

  postgres:
    image: library/postgres
    container_name: gitea-postgres
    read_only: true
    restart: always
    tmpfs:
      - /tmp
      - /run/postgresql
    volumes:
      - gitea-postgres:/var/lib/postgresql
    networks:
      - proxy
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=${GITEA_POSTGRES_PASSWORD}
      - POSTGRES_DB=gitea
    security_opt:
      - no-new-privileges:true

volumes:
  gitea-data:
  gitea-postgres:

networks:
  proxy:
    name: proxy
    external: true