# gitlab/gitlab-ce:18.1.2-ce.0 - https://hub.docker.com/r/gitlab/gitlab-ce/tags

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    hostname: "git.wompmacho.com" # This hostname is mostly for internal consistency
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://git.wompmacho.com'
        gitlab_rails['gitlab_shell_ssh_port'] = 4446
        letsencrypt['enable'] = false # Assuming your external Nginx handles Let's Encrypt

        puma['worker_processes'] = 2 # Reduce Puma worker processes
        prometheus_monitoring['enable'] = false # Disable Prometheus monitoring
        sidekiq['max_concurrency'] = 10 # Reduce Sidekiq concurrency

        # --- Settings for Nginx Reverse Proxy with SSL termination ---
        nginx['listen_port'] = 80 # GitLab's internal Nginx listens on HTTP port 80 (inside the container)
        nginx['listen_https'] = false # GitLab's internal Nginx should NOT listen for HTTPS

        # Tell GitLab that it's behind an HTTPS proxy
        nginx['proxy_set_headers'] = {
          "X-Forwarded-Proto" => "https",
          "X-Forwarded-Ssl" => "on"
        }
        # Add your Nginx proxy's internal IP address to trusted proxies
        # Replace 172.x.x.x/xx with the actual network range of your Docker bridge or external Nginx IP
        gitlab_rails['trusted_proxies'] = ['172.17.0.0/16'] # Example: Docker default bridge network range
    ports:
      # Map container port 80 (HTTP) to your desired host port, e.g., 4444.
      # Your external Nginx will then proxy to this host port (or directly to the container's IP:80 if on the same Docker network).
      - "4444:80"
      - "4446:22" # SSH port (usually handled directly, not proxied by Nginx for Git over SSH)
      # Port 443 mapping is usually removed from GitLab's side if Nginx handles it,
      # or used for internal communication if your Nginx connects to GitLab over HTTPS internally.
      # For simplicity, if Nginx terminates SSL, GitLab listens HTTP.
      # So, no need for 4445:443 mapping here.
    volumes:
      - "${GITLAB_HOME}/config:/etc/gitlab"
      - "${GITLAB_HOME}/logs:/var/log/gitlab"
      - "${GITLAB_HOME}/data:/var/opt/gitlab"
    deploy:
      resources:
        limits:
          memory: 8g
    logging:
      driver: "json-file"
      options:
        max-size: "512m"
        max-file: "3"
    shm_size: "4g"
    env_file:
      - path: ./.env
        required: true
    restart: unless-stopped

  gitlab-runner:
    image: gitlab/gitlab-runner:latest
    container_name: gitlab-runner
    restart: unless-stopped
    volumes:
      - "${GITLAB_HOME}/gitlab-runner/config:/etc/gitlab-runner"
      - /var/run/docker.sock:/var/run/docker.sock