services:
  db:
    image: mariadb:11
    restart: unless-stopped
    hostname: ${GITEA_DB_HOST}
    container_name: gitea-db
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
    volumes:
      - db_data:/var/lib/mysql
    networks:
      - proxy-tier

  app:
    image: gitea/gitea:latest
    restart: unless-stopped
    ports:
      - "2222:22"
    environment:
      - VIRTUAL_HOST=${VIRTUAL_HOST}
      - VIRTUAL_PORT=3000
      - LETSENCRYPT_HOST=${LETSENCRYPT_HOST}
      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
      - DB_TYPE=mysql
      - DB_HOST=${GITEA_DB_HOST}:3306
      - DB_NAME=${MYSQL_DATABASE}
      - DB_USER=${MYSQL_USER}
      - DB_PASSWD=${MYSQL_PASSWORD}
    volumes:
      - ./data:/data
    depends_on:
      - db
    networks:
      - proxy-tier

  actions-runner:
    image: gitea/act_runner:latest
    restart: unless-stopped
    environment:
      - GITEA_INSTANCE_URL=https://${VIRTUAL_HOST}
      - GITEA_RUNNER_REGISTRATION_TOKEN=${RUNNER_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock   # 👈 give runner access to host Docker
    networks:
      - proxy-tier
    depends_on:
      - app
    privileged: true   # often needed for job containers


volumes:
  db_data:

networks:
  proxy-tier:
    external: true