version: '3.7'

networks:
  traefik:
    external: true

volumes:
  gitlab__etc_config:
    external: true
  gitlab__var_log_gitlab:
    external: true
  gitlab__var_opt_gitlab:
    external: true
  gitlab__backups:
    external: true
  gitlab__run_secrets:
    external: true

services:
  gitlab:
    image: {{ gitlab_image|default("gitlab/gitlab-ce") }}:{{ gitlab_version|default("latest") }}
    container_name: gitlab
    restart: 'unless-stopped'
    labels:
{% if gitlab_through_traefik == "true" %}
      traefik.enable: "true"
{% if gitlab_headers_accesscontrolallowcredentials is defined %}
      traefik.http.middlewares.gitlab.headers.accesscontrolallowcredentials: "{{ gitlab_headers_accesscontrolallowcredentials }}"
{% endif %}
{% if gitlab_headers_accesscontrolallowheaders is defined %}
      traefik.http.middlewares.gitlab.headers.accesscontrolallowheaders: "{{ gitlab_headers_accesscontrolallowheaders }}"
{% endif %}
{% if gitlab_headers_accesscontrolallowmethods is defined %}
      traefik.http.middlewares.gitlab.headers.accesscontrolallowmethods: "{{ gitlab_headers_accesscontrolallowmethods }}"
{% endif %}
{% if gitlab_headers_accesscontrolalloworiginlist is defined %}
      traefik.http.middlewares.gitlab.headers.accesscontrolalloworiginlist: "{{ gitlab_headers_accesscontrolalloworiginlist }}"
{% endif %}
{% if gitlab_headers_accesscontrolmaxage is defined %}
      traefik.http.middlewares.gitlab.headers.accesscontrolmaxage: "{{ gitlab_headers_accesscontrolmaxage }}"
{% endif %}
{% if gitlab_registry_domain is defined %}
      traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_domain }}`) || Host(`{{ gitlab_registry_domain }}`)"
{% else %}
      traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_domain }}`)"
{% endif %}
      traefik.http.routers.gitlab.tls: true
      traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
      traefik.http.routers.gitlab.entrypoints: "{{ gitlab_entrypoints }}"
{% if gitlab_ipwhitelist is defined %}
      traefik.http.routers.gitlab.middlewares: "clientips@docker"
{% endif %}
      traefik.http.services.gitlab.loadbalancer.server.port: "80"
{% endif %}
      com.centurylinklabs.watchtower.enable: {{ gitlab_watchtower_enable | default('true') }}
    cap_add:
      - SYS_ADMIN
    environment:
      GITLAB_SIGNUP_ENABLED: 'false'
      GITLAB_OMNIBUS_CONFIG: |-
        {{ gitlab_omnibus_config | indent(width=8)}}
    ports: {{ gitlab_ports }}
    volumes:
      - 'gitlab__etc_config:/etc/gitlab'
      - 'gitlab__var_log_gitlab:/var/log/gitlab'
      - 'gitlab__var_opt_gitlab:/var/opt/gitlab'
      - 'gitlab__run_secrets:/run/secrets'
      - '{{ gitlab_backup_path|default("gitlab__backups") }}:/backups_internal_mount'
    logging:
      driver: syslog
      options:
        tag: docker_gitlab
    networks:
      - traefik