svc:
  domain: "git.serguzim.me"
  name: forgejo
  port: 3000
  caddy_extra: header /attachments/* Access-Control-Allow-Origin *
  db:
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
  ssh_port: 22
  ssh_port_alt: 3022

svc_env:
  FORGEJO__database__DB_TYPE: "postgres"
  FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
  FORGEJO__database__NAME: "forgejo"
  FORGEJO__database__USER: "{{ vault_forgejo.db.user }}"
  FORGEJO__database__PASSWD: "{{ vault_forgejo.db.pass }}"
  FORGEJO__database__SSL_MODE: "verify-full"

  FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true
  FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: true
  FORGEJO__repository__DEFAULT_BRANCH: "main"

  FORGEJO__cors__ENABLED: true
  FORGEJO__cors__SCHEME: "https"

  FORGEJO__ui__DEFAULT_THEME: "arc-green"

  FORGEJO__server__DOMAIN: "{{ svc.domain }}"
  FORGEJO__server__SSH_DOMAIN: "{{ svc.domain }}"
  FORGEJO__server__SSH_PORT: "{{ svc.ssh_port }}"
  FORGEJO__server__ROOT_URL: "https://{{ svc.domain }}"
  FORGEJO__server__OFFLINE_MODE: true
  FORGEJO__server__LFS_JWT_SECRET: "{{ vault_forgejo.server_lfs_jwt_secret }}"
  FORGEJO__server__LFS_START_SERVER: true

  FORGEJO__security__INSTALL_LOCK: true
  FORGEJO__security__INTERNAL_TOKEN: "{{ vault_forgejo.security_internal_token }}"
  FORGEJO__security__SECRET_KEY: "{{ vault_forgejo.security_secret_key }}"

  FORGEJO__openid__ENABLE_OPENID_SIGNUP: true
  FORGEJO__openid__ENABLE_OPENID_SIGNIN: false

  FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
  FORGEJO__service__ENABLE_BASIC_AUTHENTICATION: false
  FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: true
  FORGEJO__service__NO_REPLY_ADDRESS: "discard.msrg.cc"

  FORGEJO__webhook__DELIVER_TIMEOUT: 60

  FORGEJO__mailer__ENABLED: true
  FORGEJO__mailer__PROTOCOL: "smtp+starttls"
  FORGEJO__mailer__SMTP_ADDR: "mail.serguzim.me"
  FORGEJO__mailer__SMTP_PORT: 587
  FORGEJO__mailer__FROM: "Forgejo <git@serguzim.me>"
  FORGEJO__mailer__USER: "git@serguzim.me"
  FORGEJO__mailer__PASSWD: "{{ vault_forgejo.mailer_passwd }}"
  FORGEJO__mailer__SEND_AS_PLAIN_TEXT: true

  FORGEJO__picture__DISABLE_GRAVATAR: true

  FORGEJO__oauth2__JWT_SECRET: "{{ vault_forgejo. oauth2_jwt_secret}}"

  FORGEJO__metrics__ENABLED: true
  FORGEJO__metrics__TOKEN: "{{ vault_metrics_token }}"

  FORGEJO__actions__ENABLED: true

  FORGEJO__storage__STORAGE_TYPE: "minio"
  FORGEJO__storage__MINIO_ENDPOINT: "s3.serguzim.me"
  FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ vault_forgejo.minio.access_key_id }}"
  FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ vault_forgejo.minio.secret_access_key }}"
  FORGEJO__storage__MINIO_BUCKET: "forgejo"
  FORGEJO__storage__MINIO_LOCATION: "de-contabo-1"
  FORGEJO__storage__MINIO_USE_SSL: true

  FORGEJO__other__SHOW_FOOTER_VERSION: true
  FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false

compose:
  watchtower: true
  image: codeberg.org/forgejo/forgejo:1.21
  env: true
  volumes:
    - data:/data
    - /etc/timezone:/etc/timezone:ro
    - /etc/localtime:/etc/localtime:ro
  file:
    services:
      app:
        ports:
          - "{{ svc.ssh_port }}:{{ svc.ssh_port }}"
          - "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
    volumes:
      data: