services:
  forgejo-ts:
    image: tailscale/tailscale
    container_name: forgejo-ts
    cap_add:
      - net_admin
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - ./tailscale/state:/var/lib/tailscale
      - ./serveconfig:/config
    environment:
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_EXTRA_ARGS=--advertise-tags=tag:forgejo --reset
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve-config.json
      - TS_USERSPACE=false
    hostname: git
    restart: unless-stopped

  forgejo:
    image: codeberg.org/forgejo/forgejo:11
    container_name: forgejo
    network_mode: service:forgejo-ts
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=forgejo_db:5432
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=${POSTGRES_PASSWORD}
      - FORGEJO__database__SSL_MODE=disable
      - FORGEJO__database__SCHEMA=public
      - FORGEJO__database__CHARSET=utf8
    volumes:
      - ./forgejo:/data
      # - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

  forgejo_db:
    image: postgres:16
    container_name: forgejo-postgres
    environment:
      - POSTGRES_DB=forgejo
      - POSTGRES_USER=forgejo
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_HOST_AUTH_METHOD=md5
    volumes:
      - ./postgres:/var/lib/postgresql/data
    restart: always