services:
  {{ service_name | default('gitlab') }}:
    image: docker.io/gitlab/gitlab-ce:18.3.1-ce.0
    container_name: {{ container_name | default('gitlab') }}
    shm_size: '256m'
{% if traefik_enabled %}
    networks:
      - {{ traefik_network }}
{% endif %}
    volumes:
      - ./config/gitlab.rb:/etc/gitlab/gitlab.rb:ro
      - gitlab-config:/etc/gitlab
      - gitlab-logs:/var/log/gitlab
      - gitlab-data:/var/opt/gitlab
{% if ports_enabled %}
    ports:
      - "{{ ports_http }}:80"
      - "{{ ports_https }}:443"
      - "{{ ssh_port }}:22"
{% else %}
    ports:
      - "{{ ssh_port }}:22"
{% endif %}
{% if traefik_enabled %}
    labels:
      - traefik.enable=true
      - traefik.http.services.{{ container_name }}.loadbalancer.server.port=80
      - traefik.http.services.{{ container_name }}.loadbalancer.server.scheme=http
      - traefik.http.routers.{{ container_name }}-http.service={{ container_name }}
      - traefik.http.routers.{{ container_name }}-http.rule=Host(`{{ traefik_host }}`)
      - traefik.http.routers.{{ container_name }}-http.entrypoints={{ traefik_entrypoint | default('web') }}
      {% if traefik_tls_enabled %}
      - traefik.http.routers.{{ container_name }}-https.service={{ container_name }}
      - traefik.http.routers.{{ container_name }}-https.rule=Host(`{{ traefik_host }}`)
      - traefik.http.routers.{{ container_name }}-https.entrypoints={{ traefik_tls_entrypoint | default('websecure') }}
      - traefik.http.routers.{{ container_name }}-https.tls=true
      - traefik.http.routers.{{ container_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
      {% endif %}
{% if registry_enabled %}
      - traefik.http.services.{{ container_name }}-registry.loadbalancer.server.port={{ registry_port }}
      - traefik.http.services.{{ container_name }}-registry.loadbalancer.server.scheme=http
      - traefik.http.routers.{{ container_name }}-registry-http.service={{ container_name }}-registry
      - traefik.http.routers.{{ container_name }}-registry-http.rule=Host(`{{ registry_hostname }}`)
      - traefik.http.routers.{{ container_name }}-registry-http.entrypoints={{ traefik_entrypoint | default('web') }}
      {% if traefik_tls_enabled %}
      - traefik.http.routers.{{ container_name }}-registry-https.service={{ container_name }}-registry
      - traefik.http.routers.{{ container_name }}-registry-https.rule=Host(`{{ registry_hostname }}`)
      - traefik.http.routers.{{ container_name }}-registry-https.entrypoints={{ traefik_tls_entrypoint | default('websecure') }}
      - traefik.http.routers.{{ container_name }}-registry-https.tls=true
      - traefik.http.routers.{{ container_name }}-registry-https.tls.certresolver={{ traefik_tls_certresolver }}
      {% endif %}
{% endif %}
{% endif %}
    restart: {{ restart_policy }}

volumes:
  gitlab-config:
    driver: local
  gitlab-logs:
    driver: local
  gitlab-data:
    driver: local

{% if traefik_enabled %}
networks:
  {{ traefik_network }}:
    external: true
{% endif %}