version: '3.8'

services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:7
    container_name: forgejo
    restart: unless-stopped
    environment:
      - USER_UID=1000
      - USER_GID=1000

      # DB
      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=forgejo-db:5432
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=forgejo_password
      - FORGEJO__service__DISABLE_REGISTRATION=true

      # 🔐 LFS + JWT (needed for LFS auth)
      - FORGEJO__server__LFS_START_SERVER=true
      - FORGEJO__server__LFS_CONTENT_PATH=/data/lfs
      # Generate some long random string here:
      - FORGEJO__security__JWT_SECRET=change_me_to_a_long_random_string

      # Optional: allow larger uploads through web UI (not LFS, just normal uploads)
      - FORGEJO__repository__UPLOAD__ENABLED=true
      - FORGEJO__repository__UPLOAD__FILE_MAX_SIZE=512  # MB, for normal uploads
      # ✅ Correct external URL (very important for clone URLs, webhooks, etc.)
      - FORGEJO__server__ROOT_URL=https://forgejo.rozic-dev.com/
      # ✅ LFS: use [lfs] PATH instead of deprecated LFS_CONTENT_PATH
      - FORGEJO__server__LFS_START_SERVER=true
      - FORGEJO__lfs__PATH=/data/lfs
    volumes:
      - ./forgejo/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - traefik_default
      - forgejo-internal
    depends_on:
      - forgejo-db
    labels:
      - "traefik.enable=true"

     # HTTP → HTTPS redirect
      - "traefik.http.routers.forgejo.entrypoints=web"
      - "traefik.http.routers.forgejo.rule=Host(`forgejo.rozic-dev.com`)"
      - "traefik.http.middlewares.forgejo-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.forgejo.middlewares=forgejo-https-redirect"

      # Secure HTTPS Router
      - "traefik.http.routers.forgejo-secure.entrypoints=websecure"
      - "traefik.http.routers.forgejo-secure.rule=Host(`forgejo.rozic-dev.com`)"
      - "traefik.http.routers.forgejo-secure.tls=true"
      - "traefik.http.routers.forgejo-secure.tls.certresolver=letsencrypt"
      # Service
      - "traefik.http.routers.forgejo-secure.service=forgejo"
      - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
      - "traefik.docker.network=traefik_default"

  forgejo-db:
    image: postgres:15-alpine
    container_name: forgejo-db
    restart: unless-stopped
    environment:
      - POSTGRES_USER=forgejo
      - POSTGRES_PASSWORD=forgejo_password
      - POSTGRES_DB=forgejo
    volumes:
      - ./forgejo/postgres:/var/lib/postgresql/data
    networks:
      - forgejo-internal

networks:
  traefik_default:
    external: true
  forgejo-internal:
    driver: bridge