version: "3.9"
services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__server__ROOT_URL=https://code.lazyworkhorse.net
    volumes:
      - /mnt/HoardingCow_docker_data/Gitea:/data
    networks:
      - traefik-net
    restart: unless-stopped
    labels:
      - "traefik.enable=true"

      # Router for HTTP + redirection to HTTPS
      - "traefik.http.routers.gitea-http.rule=Host(`code.lazyworkhorse.net`)"
      - "traefik.http.routers.gitea-http.entrypoints=web"
      - "traefik.http.routers.gitea-http.middlewares=redirect-to-https"

      # Router for HTTPS with TLS
      - "traefik.http.routers.gitea-https.rule=Host(`code.lazyworkhorse.net`)"
      - "traefik.http.routers.gitea-https.entrypoints=websecure"
      - "traefik.http.routers.gitea-https.tls=true"
      - "traefik.http.routers.gitea-https.tls.certresolver=njalla"

      # Wildcard
      # - "traefik.http.routers.gitea-https.tls.domains[0].main=lazyworkhorse.net"
      # - "traefik.http.routers.gitea-https.tls.domains[0].sans=*.lazyworkhorse.net"

      # Middleware for redirect HTTP -> HTTPS
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      - "traefik.http.services.gitea.loadbalancer.server.port=3000"

networks:
  traefik-net:
    external: true