codebase/docker-compose.yaml

# Service-specific volume configurations
x-volume-configs:
  gitea: &gitea_volumes
    - type: bind
      source: /home/aetos/gitea
      target: /data
      bind:
        create_host_path: true

  drone: &drone_volumes
    - /mnt/omnissiah-vault/configs/certs:/usr/local/share/ca-certificates:ro
    - type: bind
      source: /mnt/omnissiah-vault/configs/drone
      target: /data
      bind:
        create_host_path: true

  registry: &registry_volumes
    - ./registry/config.yml:/etc/docker/registry/config.yml:ro

    - /mnt/omnissiah-vault/configs/auth:/auth:ro
    - type: bind
      source: /mnt/omnissiah-vault/data/registry
      target: /var/lib/registry
      bind:
        create_host_path: true

  registry_ui: &registry_ui_volumes
    - /mnt/omnissiah-vault/configs/auth:/auth:ro

services:
  registry-ui:
    image: joxit/docker-registry-ui:latest
    container_name: registry-ui
    ports:
      - "6001:80"
    volumes: *registry_ui_volumes
    environment:
      REGISTRY_TITLE: "Armory of the Codex"
      REGISTRY_URL: https://dcr.aetoskia.com

      REGISTRY_AUTH: "htpasswd"
      REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
      SINGLE_REGISTRY: "true"
    depends_on:
      - registry
    restart: always
    extra_hosts:
      - "dcr.aetoskia.com:192.168.1.111"
    profiles:
      - server-pi

  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=${PUID}
      - USER_GID=${PGID}
    restart: always
    ports:
      - "6002:3000"  # Web UI
      - "222:22"     # SSH
    volumes: *gitea_volumes
    extra_hosts:
      - "drone.aetoskia.com:192.168.1.111"
    profiles:
      - private-pi

  drone-server:
    image: drone/drone:2
    container_name: drone-server
    ports:
      - "6003:80"   # Drone UI/API available on https://localhost:6003
    volumes: *drone_volumes
    environment:
      DRONE_GITEA_CLIENT_ID: 8445594d-7c03-41a1-b66d-4296f34fa644
      DRONE_GITEA_CLIENT_SECRET: gto_f46d6utmlttauajdjxpfgikskb3j5epoohzhpp2r6j2jbed46iaq
      DRONE_GITEA_SERVER: https://git.aetoskia.com
      DRONE_RPC_SECRET: supersecretkey
      DRONE_SERVER_HOST: drone.aetoskia.com
      DRONE_SERVER_PROTO: https
    restart: always
    extra_hosts:
      - "git.aetoskia.com:192.168.1.111"
    command: sh -c "update-ca-certificates && drone-server"
    profiles:
      - server-pi

  drone-runner:
    image: drone/drone-runner-docker:latest
    container_name: drone-runner
    restart: always
    network_mode: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      DRONE_RPC_PROTO: https
      DRONE_RPC_HOST: drone.aetoskia.com
      DRONE_RPC_SECRET: supersecretkey
      DRONE_RUNNER_CAPACITY: 2
      DRONE_RUNNER_NAME: runner1
      DRONE_RUNNER_OS: linux
      DRONE_RUNNER_ARCH: arm64
      DRONE_LOGS_DEBUG: true
      DRONE_LOGS_TRACE: true
    extra_hosts:
      - "server-pi:192.168.1.35"
      - "private-pi:192.168.1.111"
    profiles:
      - server-pi

  registry:
    image: registry:2
    container_name: registry
    ports:
      - "6005:5000"
    volumes: *registry_volumes
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    restart: always
    profiles:
      - server-pi