# File: /share/np-dms/git/docker-compose.yml
# DMS Container v1.8.6 — Application: git, Service: gitea

x-restart: &restart_policy
  restart: unless-stopped

x-logging: &default_logging
  logging:
    driver: 'json-file'
    options:
      max-size: '10m'
      max-file: '5'
name: lcbp3-gitea
networks:
  lcbp3:
    external: true
  giteanet:
    external: true
    name: gitnet

services:
  gitea:
    <<: [*restart_policy, *default_logging]
    image: gitea/gitea:1.22.3-rootless
    container_name: gitea
    deploy:
      resources:
        limits:
          cpus: '2.0'
          memory: 2G
        reservations:
          cpus: '0.25'
          memory: 512M
    security_opt:
      - no-new-privileges:true
    env_file:
      - .env
    environment:
      # ---- File ownership in QNAP ----
      USER_UID: '1000'
      USER_GID: '1000'
      TZ: Asia/Bangkok
      # ---- Server / Reverse proxy (NPM) ----
      GITEA__server__ROOT_URL: https://git.np-dms.work/
      GITEA__server__DOMAIN: git.np-dms.work
      GITEA__server__SSH_DOMAIN: git.np-dms.work
      GITEA__server__START_SSH_SERVER: 'true'
      GITEA__server__SSH_PORT: '22'
      GITEA__server__SSH_LISTEN_PORT: '22'
      GITEA__server__LFS_START_SERVER: 'true'
      GITEA__server__HTTP_ADDR: '0.0.0.0'
      GITEA__server__HTTP_PORT: '3000'
      GITEA__server__TRUSTED_PROXIES: '127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
      # --- การตั้งค่าฐานข้อมูล
      GITEA__database__DB_TYPE: mysql
      GITEA__database__HOST: mariadb:3306
      GITEA__database__NAME: 'gitea'
      GITEA__database__USER: 'gitea'
      GITEA__database__PASSWD: ${GITEA_DB_PASSWORD:?GITEA_DB_PASSWORD required}
      # --- repos
      GITEA__repository__ROOT: /var/lib/gitea/git/repositories
      DISABLE_HTTP_GIT: 'false'
      ENABLE_BASIC_AUTHENTICATION: 'true'
      # --- Enable Package Registry ---
      GITEA__packages__ENABLED: 'true'
      GITEA__packages__REGISTRY__ENABLED: 'true'
      GITEA__packages__REGISTRY__STORAGE_TYPE: local
      GITEA__packages__REGISTRY__STORAGE_PATH: /data/registry
      # Optional: lock install after setup (เปลี่ยนเป็น true เมื่อจบ onboarding)
      GITEA__security__INSTALL_LOCK: 'true'
    volumes:
      - /share/np-dms/gitea/backup:/backup
      - /share/np-dms/gitea/etc:/etc/gitea
      - /share/np-dms/gitea/lib:/var/lib/gitea
      # ให้ repo root ใช้จาก /share/dms-data/gitea_repos
      - /share/np-dms/gitea/gitea_repos:/var/lib/gitea/git/repositories
      - /share/np-dms/gitea/gitea_registry:/data/registry
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - '3003:3000' # HTTP (ไปหลัง NPM)
      - '2222:22' # SSH สำหรับ git clone/push
    networks:
      - lcbp3
      - giteanet
    healthcheck:
      test: ['CMD', 'wget', '--spider', '-q', 'http://localhost:3000/api/healthz']
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
# L4: ขั้นตอน ops (folder permissions, DB bootstrap) ย้ายไปที่:
# specs/04-Infrastructure-OPS/04-08-release-management-policy.md