job "gitea" {
  datacenters = ["dc1"]
  type        = "service"

  group "gitea-server" {
    count = 1

    network {
      
      # Define ports for Gitea's web UI (HTTP) and SSH
      port "http" {
        static = 3000
        to = 3000
      }
      port "ssh" {
        to = 22
      }
    }

    service {
      name = "gitea"
      tags = ["git-server", "web", "sslcert",   
          "traefik.http.routers.gitea.rule=Host(`gitea.service.dc1.consul`,`gitea.service.dc1.fbleagh.duckdns.org`)",
          "traefik.http.routers.gitea.tls=true",
          "traefik.http.middlewares.gitea-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
          "traefik.http.routers.gitea.middlewares=gitea-headers"
]
      port = "http"

      # Health check to ensure Gitea is running
      check {
        type     = "http"
        path     = "/"
        interval = "10s"
        timeout  = "2s"
      }
    }

    task "gitea" {
      driver = "docker"

      config {
        image = "gitea/gitea:latest"
        memory_hard_limit = "20480"
        ports = ["http", "ssh"]
        volumes = ["/mnt/Public/configs/gitea:/data"]
      }

      # Gitea uses environment variables for configuration.
      env {
        # --- Database Configuration (PostgreSQL) ---
        # The main data (users, repos metadata, issues, etc.)
        GITEA__database__DB_TYPE = "postgres"
        GITEA__database__HOST    = "master.postgres.service.dc1.consul:5432" # Replace with your endpoint
        GITEA__database__NAME    = "gitea"
        # Best practice is to use a secure secret management solution like Vault
        # to inject these values, but here they are hardcoded for the example.
        GITEA__database__USER    = "postgres"
        GITEA__database__PASSWD  = "postgres"
        GITEA__database__SSL_MODE = "disable" # Change if using TLS
        GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES = "*" # Trust traefik

        # --- Gitea Host Configuration ---
        # Used for generating URLs in emails, SSH clone links, etc.
        GITEA__server__DOMAIN       = "gitea.service.dc1.fbleagh.duckdns.org"
        GITEA__server__ROOT_URL     = "https://gitea.service.dc1.fbleagh.duckdns.org/" # Adjust if using a reverse proxy
        GITEA__server__SSH_LISTEN_PORT = "22"
        GITEA__server__SSH_PORT       = "${NOMAD_HOST_PORT_ssh}" # The port exposed on the host for SSH

        GITEA__actions__ENABLED=true

        # Set the user Gitea runs as inside the container (important for permissions)
        USER_UID = "1000"
        USER_GID = "1000"
      }
      resources {
        cpu    = 500
        memory = 256
      }      
    }
  }
}