services:
  {{ service_name }}:
    image: docker.io/gitlab/gitlab-ce:18.8.4-ce.0
    restart: {{ restart_policy }}
    shm_size: '256m'
    env_file: .env
    {% if traefik_enabled %}
    networks:
      {{ traefik_network }}:
    {% endif %}
    ports:
      {% if not traefik_enabled %}
      - "{{ ports_http }}:80"
      {% endif %}
      - "{{ ports_ssh }}:22"
      {% if registry_enabled and not traefik_enabled %}
      - "{{ ports_registry }}:5000"
      {% endif %}
    volumes:
      - ./config/gitlab.rb:/etc/gitlab/gitlab.rb:ro
      - {{ service_name }}_config:/etc/gitlab
      - {{ service_name }}_logs:/var/log/gitlab
      - {{ service_name }}_data:/var/opt/gitlab
    {% if traefik_enabled  %}
    labels:
      - traefik.enable=true
      - traefik.docker.network={{ traefik_network }}
      - traefik.http.services.{{ service_name }}_web.loadBalancer.server.port=80
      - traefik.http.routers.{{ service_name }}_http.service={{ service_name }}_web
      - traefik.http.routers.{{ service_name }}_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
      - traefik.http.routers.{{ service_name }}_http.entrypoints=web
      {% if traefik_tls_enabled %}
      - traefik.http.routers.{{ service_name }}_https.service={{ service_name }}_web
      - traefik.http.routers.{{ service_name }}_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
      - traefik.http.routers.{{ service_name }}_https.entrypoints=websecure
      - traefik.http.routers.{{ service_name }}_https.tls=true
      - traefik.http.routers.{{ service_name }}_https.tls.certresolver={{ traefik_tls_certresolver }}
      {% endif %}
      {% if registry_enabled %}
      - traefik.http.services.{{ service_name }}_registry.loadBalancer.server.port=5000
      - traefik.http.routers.{{ service_name }}_registry-http.service={{ service_name }}_registry
      - traefik.http.routers.{{ service_name }}_registry-http.rule=Host(`{{ traefik_registry_host }}`.{{ traefik_domain }}`)
      - traefik.http.routers.{{ service_name }}_registry-http.entrypoints=web
      {% if traefik_tls_enabled %}
      - traefik.http.routers.{{ service_name }}_registry-https.service={{ service_name }}_registry
      - traefik.http.routers.{{ service_name }}_registry-https.rule=Host(`{{ traefik_registry_host }}`.{{ traefik_domain }}`)
      - traefik.http.routers.{{ service_name }}_registry-https.entrypoints=websecure
      - traefik.http.routers.{{ service_name }}_registry-https.tls=true
      - traefik.http.routers.{{ service_name }}_registry-https.tls.certresolver={{ traefik_tls_certresolver }}
      {% endif %}
      {% endif %}
    {% endif %}

volumes:
  {{ service_name }}_config:
    driver: local
  {{ service_name }}_logs:
    driver: local
  {{ service_name }}_data:
    driver: local

{% if traefik_enabled %}
networks:
  {{ traefik_network }}:
    external: true
{% endif %}