networks:
  default:
    enable_ipv6: true

volumes:
  gitlab-config:
    driver: local
  gitlab-logs:
    driver: local
  gitlab-data:
    driver: local

services:
  gitlab:
    image: gitlab/gitlab-ce:17.8.1-ce.0
    container_name: gitlab
    restart: always
    hostname: "gitlab.gnous.eu"
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.gnous.eu'
        registry_external_url 'https://registry.gnous.eu'
        nginx['listen_https'] = false
        nginx['listen_port'] = 80
        registry_nginx['listen_https'] = false
        registry_nginx['listen_port'] = 81
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "${SMTP_HOST}"
        gitlab_rails['smtp_port'] = 587
        gitlab_rails['gitlab_email_from'] = '${SMTP_USER}'
        gitlab_rails['smtp_user_name'] = "${SMTP_USER}"
        gitlab_rails['smtp_password'] = "${SMTP_PASS}"
        gitlab_rails['smtp_authentication'] = "plain"
        gitlab_rails['smtp_enable_starttls_auto'] = true
        require_email_verification = true
        gitlab_rails['gitlab_shell_ssh_port'] = 2223
    ports:
      - "3005:80"
      - "3006:81"
      - "3007:22"
    volumes:
      - gitlab-config:/etc/gitlab
      - gitlab-logs:/var/log/gitlab
      - gitlab-data:/var/opt/gitlab
    shm_size: "256m"
    labels:
      - "traefik.enable=true"
      # Web
      - "traefik.http.services.gitlab-gnous.loadbalancer.server.port=3005"
      - "traefik.http.routers.gitlabgnous.rule=Host(`gitlab.gnous.eu`)"
      - "traefik.http.routers.gitlabgnous.tls=true"
      - "traefik.http.routers.gitlabgnous.tls.certresolver=defaultacme"
      - "traefik.http.routers.gitlabgnous.entrypoints=websecure"
      - "traefik.http.routers.gitlabgnous.service=gitlab-gnous"
      - "traefik.http.routers.gitlabgnous.middlewares=proxyHeader@file,proxyError@file"
      # Registry
      - "traefik.http.services.registry-gnous.loadbalancer.server.port=3006"
      - "traefik.http.routers.registrygnous.rule=Host(`pkg.gnous.eu`)"
      - "traefik.http.routers.registrygnous.tls=true"
      - "traefik.http.routers.registrygnous.tls.certresolver=defaultacme"
      - "traefik.http.routers.registrygnous.entrypoints=websecure"
      - "traefik.http.routers.registrygnous.service=registry-gnous"
      - "traefik.http.routers.registrygnous.middlewares=proxyHeader@file,proxyError@file"
      #  ssh service
      - "traefik.tcp.routers.gitlabssh.entrypoints=sshgitlab"
      - "traefik.tcp.routers.gitlabssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitlabssh.service=gitlab-ssh"
      - "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=3007"