From 0b61e7f1d771e6c1bed54dadf72915ffda6cc474 Mon Sep 17 00:00:00 2001
From: moeny-matt <matt@masiero.tech>
Date: Wed, 30 Oct 2024 19:50:07 -0400
Subject: [PATCH] Initial commit

---
 .gitignore          |  1 +
 README.md           | 19 +++++++++
 docker-compose.yaml | 98 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 118 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 docker-compose.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2eea525
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..73cf155
--- /dev/null
+++ b/README.md
@@ -0,0 +1,19 @@
+# Gitea
+
+## Overview
+Gitea is a lightweight, self-hosted Git service written in Go. It's designed to be the easiest, fastest, and most painless way to set up a self-hosted Git service.
+
+## Features
+- Easy installation
+- Cross-platform support
+- Lightweight (<100MB RAM)
+- Git-powered repositories
+- User dashboard, activity timeline
+- Repository file editor
+- Branch management
+- Issue tracking and pull requests
+- Organization and team management
+- Webhook support
+- API support
+- Two-factor authentication
+- Email notifications
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..364c7ab
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,98 @@
+volumes:
+  traefik: { driver: local }
+
+services:
+  traefik:
+    image: docker.io/traefik:${TRAEFIK_RELEASE:-v2.9.8}
+    restart: always
+    command:
+      - --api.insecure=false
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entryPoint.to=websecure
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      - --entrypoints.websecure.address=:443
+      - --certificatesresolvers.le.acme.tlschallenge=true
+      - --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL?need email for cert expiry notifications}
+      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - traefik:/letsencrypt:rw
+      - /run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - default
+
+  gitea:
+    image: gitea/gitea:1.22.3-rootless
+    environment:
+      # Database
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=db:3306
+      - GITEA__database__NAME=${GITEA__database__NAME}
+      - GITEA__database__USER=${GITEA__database__USER}
+      - GITEA__database__PASSWD=${GITEA__database__PASSWD}
+      # Mailer
+      - GITEA__mailer__ENABLED=true
+      - GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
+      - GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
+      - GITEA__mailer__USER=${GITEA__mailer__USER:-apikey}
+      - GITEA__mailer__PASSWD=${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}
+      - GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
+      - GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:?GITEA__mailer__PROTOCOL not set}
+      # Service
+      - GITEA__service__REGISTER_EMAIL_CONFIRM=true
+      - GITEA__service__ENABLE_CAPTCHA=true
+      - GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN=true
+      - GITEA__service__KEEP_EMAIL_PRIVATE=true
+      - GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=false
+      # Repository
+      - GITEA__repository__DEFAULT_PRIVATE=true
+      - GITEA__repository__MAX_CREATION_LIMIT=0
+      - GITEA__repository__DISABLE_MIGRATIONS=false
+      # Default
+      # Fails due to special character - override in app.ini
+      # - GITEA__APP_NAME="moeny: git moeny with a cup of gitea"
+      - GITEA__RUN_MODE=prod
+      # Security
+      - GITEA__security__INSTALL_LOCK=true
+      - GITEA__security__MIN_PASSWORD_LENGTH=8
+    restart: always
+    volumes:
+      - ./data:/var/lib/gitea
+      - ./config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "2222:2222"
+    depends_on:
+      - db
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`${DOMAIN:?DOMAIN not set}`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=le"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+    networks:
+      - default
+
+  db:
+    image: mysql:8
+    restart: always
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+    volumes:
+      - ./mysql:/var/lib/mysql
+    networks:
+      - default
+
+networks:
+  default:
+    name: gitea_default