version: "3"

services:
  # 1. 資料庫服務
  db:
    image: postgres:14
    container_name: gitea_db
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=gitea
    networks:
      gitea-net:
        ipv4_address: 172.24.0.3
    volumes:
      - postgres_db:/var/lib/postgresql/data

  # 2. Gitea 主程式
  server:
    image: gitea/gitea:latest
    container_name: gitea_server
    restart: always
    environment:
      - USER_UID=1000
      - USER_GID=1000
      # 資料庫連線設定
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
      # 啟用 Actions (關鍵設定)
      - GITEA__actions__ENABLED=true
      # 開啟內建 Registry 功能
      - GITEA__packages__ENABLED=true
      # 允許發送 webhook 到內部 IP
      - GITEA__webhook__ALLOWED_HOST_LIST=*
    networks:
      gitea-net:
        ipv4_address: 172.24.0.10
      webproxy: {}
    depends_on:
      - db
    ports:
      - "7800:3000"  # 網頁瀏覽埠
      - "7822:22"    # SSH Clone 埠
    volumes:
      - /mnt/data/External/gitea/gitea_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      
# 3. DinD Service (新增：獨立的 Docker Daemon)
  docker:
    image: docker:dind
    container_name: gitea_dind
    restart: always
    privileged: true  # DinD 必須開啟此權限才能運作
    environment:
      - DOCKER_TLS_CERTDIR= # 設為空字串以關閉 TLS，簡化內部連線
    # 允許連回 Gitea 的 Registry (因為是 HTTP)
    # 設置 DNS 讓內部容器能解析 gitea-net 的 service name
    command: 
      - "dockerd"
      - "--host=unix:///var/run/docker.sock"
      - "--host=tcp://0.0.0.0:2375"
      - "--insecure-registry=172.24.0.10:3000"
      - "--insecure-registry=server:3000"
      - "--dns=172.24.0.1"
      - "--dns=8.8.8.8"
    networks:
      gitea-net:
        ipv4_address: 172.24.0.11
    volumes:
      - gitea_docker_certs:/certs/client
      - gitea_docker_data:/var/lib/docker # 持久化，避免重啟後又要重新 pull image
      
  # 4. Actions Runner (負責跑自動化腳本)
  runner:
    image: gitea/act_runner:latest
    container_name: gitea_runner
    restart: always
    networks:
      gitea-net:
        ipv4_address: 172.24.0.5
    volumes:
      - /mnt/data/External/gitea/runner_data:/data
    environment:
      - CONFIG_FILE=/data/config.yaml
      # 注意：Runner 需要註冊 Token，我們在啟動後手動輸入一次即可
      - GITEA_INSTANCE_URL=http://server:3000
      # 關鍵修改：告訴 Runner 不要找 Socket，而是用 TCP 連線到 docker 容器
      - DOCKER_HOST=tcp://docker:2375
      - GITEA_RUNNER_REGISTRATION_TOKEN=${REGISTRATION_TOKEN}
    depends_on:
      - server
      - docker

volumes:
  postgres_db:
  gitea_docker_certs:
  gitea_docker_data:

networks:
  gitea-net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.24.0.0/16
  # npm bridge
  webproxy:
    external: true