images:
  gitea-latest: .
  certbot-latest: ../certbot

volumes:
  gitea-data: {}
  certbot-webroot: {}
  certbot-config-gitea: {}

jails:
  gitea:
    meta:
      domains:
        - xyz.com
        - www.xyz.com
    image: gitea-latest
    mounts:
      gitea-data: /var/db/gitea
    ip4.addr: 127.0.8.1
    exec.start: |
      export IP4_ADDR=127.0.8.1 && \
      export DOMAIN_NAME=xyz.com && \
      export GITEA_CONF=/usr/local/etc/gitea/conf/app.ini && \
      chown git:git /var/db/gitea && \
      sed -i -e "s/127.0.0.1/${IP4_ADDR}/g" $GITEA_CONF && \
      sed -i -e "s/localhost/${DOMAIN_NAME}/g" $GITEA_CONF && \
      crudini --set --inplace $GITEA_CONF server ROOT_URL https://${DOMAIN_NAME} && \
      crudini --set --inplace $GITEA_CONF server DISABLE_SSH true && \
      export SECRET_CONF=/var/db/gitea/focker-secrets.ini && \
      if [ ! -f $SECRET_CONF ]; then
        touch $SECRET_CONF && \
        chown root:git $SECRET_CONF && \
        chmod 640 $SECRET_CONF && \
        crudini --set --inplace $SECRET_CONF oauth2 JWT_SECRET `gitea generate secret JWT_SECRET` && \
        crudini --set --inplace $SECRET_CONF security INTERNAL_TOKEN `gitea generate secret INTERNAL_TOKEN` && \
        crudini --set --inplace $SECRET_CONF security SECRET_KEY `gitea generate secret SECRET_KEY`; \
      fi && \
      if [ ! -f /var/db/gitea/gitea.db ]; then \
        su git -c 'gitea migrate -c $GITEA_CONF' && \
        su git -c 'gitea admin -c $GITEA_CONF create-user --username admin1 --password "AdminAdmin1+" --email "invaliduser@nonexistentdomain.com" --admin'; \
      fi && \
      crudini --set --inplace $GITEA_CONF oauth2 JWT_SECRET `crudini --get $SECRET_CONF oauth2 JWT_SECRET` && \
      crudini --set --inplace $GITEA_CONF security INTERNAL_TOKEN `crudini --get $SECRET_CONF security INTERNAL_TOKEN` && \
      crudini --set --inplace $GITEA_CONF security SECRET_KEY `crudini --get $SECRET_CONF security SECRET_KEY` && \
      /bin/sh /etc/rc

  certbot-gitea:
    image: certbot-latest
    mounts:
      certbot-webroot: /certbot/webroot
      certbot-config-gitea: /usr/local/etc/letsencrypt
    ip4.addr: 127.0.9.1
    exec.start: |
      if [ ! -f /usr/local/etc/letsencrypt/cli.ini ]; then
        echo 'webroot-path=/certbot/webroot' >>/usr/local/etc/letsencrypt/cli.ini && \
        echo 'authenticator=webroot' >>/usr/local/etc/letsencrypt/cli.ini;
      fi && \
      /bin/sh /etc/rc