version: "3"
services:

  # Gluetun is used to connect container to VPN
  forgejo-gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP={{ proxy_server_ip }}
      - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
      - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
      - WIREGUARD_PRIVATE_KEY={{ git_service_privkey }}
      - WIREGUARD_ADDRESSES=10.0.0.3/32
      - FIREWALL_VPN_INPUT_PORTS=3000,22,222,5432
    ports:
      - "3000:3000"
      - "222:22"
    networks:
      forgejo:

  forgejo:
    image: codeberg.org/forgejo/forgejo:1.21
    network_mode: "service:forgejo-gluetun"
    environment:
      # Service git UID and GID
      - USER_UID=1006
      - USER_GID=1007

      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=11.1.0.22:5432
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD={{ service_git_postgres_pass }}
    restart: always
    volumes:
      - ./forgejo-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - forgejo-db

  forgejo-db:
    image: postgres:16-alpine
    restart: always
    environment:
      - POSTGRES_DB=forgejo
      - POSTGRES_USER=forgejo
      - POSTGRES_PASSWORD={{ service_git_postgres_pass }}
    volumes:
      - ./postgres-data:/var/lib/postgresql/data
    networks:
      forgejo:
        ipv4_address: 11.1.0.22

networks:
  forgejo:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: forgejo
        #      com.docker.network.driver.enable_ip_masquerade: 0
    ipam:
      config:
        - subnet: 11.1.0.0/16
          #          gateway: 11.5.0.1