services:
  twingate-famous-alligator:
    image: twingate/connector@sha256:30864d606a6a252ac919220ad32b7d9ea6335497e8ce774216b13bf05aabd4bf
    container_name: twingate-famous-alligator
    restart: always
    environment:
      - TWINGATE_NETWORK=$TWINGATE_NETWORK
      - TWINGATE_ACCESS_TOKEN=$TWINGATE_ACCESS_TOKEN
      - TWINGATE_REFRESH_TOKEN=$TWINGATE_REFRESH_TOKEN
      - TWINGATE_LABEL_HOSTNAME=${HOSTNAME}
      - TWINGATE_LABEL_DEPLOYED_BY=docker
    sysctls:
      - net.ipv4.ping_group_range=0 2147483647

  docker-in-docker:
    image: docker:dind
    container_name: 'docker_dind'
    privileged: 'true'
    command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false']
    restart: 'unless-stopped'

  gitea:
    image: 'code.forgejo.org/forgejo/runner:3.5.1'
    links:
      - docker-in-docker
    depends_on:
      docker-in-docker:
        condition: service_started
    container_name: 'runner'
    environment:
      DOCKER_HOST: tcp://docker-in-docker:2375
    # User without root privileges, but with access to `/data`.
    user: 1000:1000
    volumes:
      - /home/mafyuh/data:/data
    restart: 'unless-stopped'

    command: '/bin/sh -c "sleep 5; forgejo-runner daemon"'