services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    networks:
      - internal
    environment:
      DOMAIN: "https://bitwarden.vm.local"
      DATABASE_URL: "postgres://vaultwarden:vaultwarden@postgres:5432/vaultwarden"
    volumes:
      - ./vw-data/:/data/
    expose:
      - 80
    extra_hosts:
      - "postgres:172.18.0.1"

  gitea:
    image: docker.gitea.com/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=postgres:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
      - GITEA__security__INSTALL_LOCK=true
    restart: unless-stopped
    networks:
      - internal
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    expose:
      - 3000
      - 22
    extra_hosts:
      - "postgres:172.18.0.1"

  vulnerable:
    build: /vagrant/sandbox/vuln
    ports:
      - 2222:22
    networks:
      - internal
    extra_hosts:
      - "postgres:172.18.0.1"

  nginx:
    image: nginx:latest
    container_name: nginx
    restart: unless-stopped
    networks:
      - internal
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      - ./nginx/certs:/etc/nginx/certs
    ports:
      - 80:80
      - 443:443

networks:
  internal:
    driver: bridge
    ipam:
      config:
        - subnet: 172.18.0.0/16
          gateway: 172.18.0.1