version: '3.8'

services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: unless-stopped
    ports:
      - "3000:3000"
      - "2222:22"
    volumes:
      - gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__server__ROOT_URL=https://git.vibnai.com
      - GITEA__server__DOMAIN=git.vibnai.com
    labels:
      - "traefik.enable=true"
      # HTTP router (will redirect to HTTPS)
      - "traefik.http.routers.gitea-http.rule=Host(`git.vibnai.com`)"
      - "traefik.http.routers.gitea-http.entrypoints=http"
      - "traefik.http.routers.gitea-http.middlewares=redirect-to-https@docker"
      # HTTPS router
      - "traefik.http.routers.gitea-https.rule=Host(`git.vibnai.com`)"
      - "traefik.http.routers.gitea-https.entrypoints=https"
      - "traefik.http.routers.gitea-https.tls=true"
      - "traefik.http.routers.gitea-https.tls.certresolver=letsencrypt"
      # Service
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      # Redirect middleware
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
      # Coolify managed label (so Coolify doesn't ignore it)
      - "coolify.managed=true"

volumes:
  gitea_data:
    driver: local