version: "2"

services:
  server:
    image: ghcr.io/polarix-containers/gitea:latest 
    environment:
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=gitea-db-1:5432
      - GITEA__database__NAME=giteadb
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=
    restart: always
    volumes:
      - ./data:/var/lib/gitea
      - ./config:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3004:3000"
      - "2220:2220"
    depends_on:
      - db
    read_only: false
    user: "3002:3002"
    security_opt:
      - "no-new-privileges=true"
#    cap_drop:
#      - ALL

  db:
    image: ghcr.io/polarix-containers/postgres:17
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=
      - POSTGRES_DB=giteadb
    volumes:
      - ./postgres:/var/lib/postgresql/data:Z
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "gitea", "-d", "giteadb"]
      interval: 15s
      timeout: 5s
    ports:
      - "5433:5432"
    user: "70:70"
    read_only: true
    tmpfs:
      - /var/run/postgresql:size=50M,mode=0770,uid=70,gid=70,noexec,nosuid,nodev
    security_opt:
      - "no-new-privileges=true"
    cap_drop:
      - ALL