volumes: traefik: { driver: local } services: traefik: image: docker.io/traefik:${TRAEFIK_RELEASE:-v2.9.8} restart: always command: - --api.insecure=false - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.web.http.redirections.entryPoint.to=websecure - --entrypoints.web.http.redirections.entryPoint.scheme=https - --entrypoints.websecure.address=:443 - --certificatesresolvers.le.acme.tlschallenge=true - --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL?need email for cert expiry notifications} - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json ports: - 80:80 - 443:443 volumes: - traefik:/letsencrypt:rw - /run/docker.sock:/var/run/docker.sock:ro networks: - default gitea: image: gitea/gitea:1.22.3-rootless environment: # Database - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=db:3306 - GITEA__database__NAME=${GITEA__database__NAME} - GITEA__database__USER=${GITEA__database__USER} - GITEA__database__PASSWD=${GITEA__database__PASSWD} # Mailer - GITEA__mailer__ENABLED=true - GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set} - GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set} - GITEA__mailer__USER=${GITEA__mailer__USER:-apikey} - GITEA__mailer__PASSWD=${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set} - GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set} - GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:?GITEA__mailer__PROTOCOL not set} # Service - GITEA__service__REGISTER_EMAIL_CONFIRM=true - GITEA__service__ENABLE_CAPTCHA=true - GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN=true - GITEA__service__KEEP_EMAIL_PRIVATE=true - GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=false # Repository - GITEA__repository__DEFAULT_PRIVATE=true - GITEA__repository__MAX_CREATION_LIMIT=0 - GITEA__repository__DISABLE_MIGRATIONS=false # Default # Fails due to special character - override in app.ini # - GITEA__APP_NAME="moeny: git moeny with a cup of gitea" - GITEA__RUN_MODE=prod # Security - GITEA__security__INSTALL_LOCK=true - GITEA__security__MIN_PASSWORD_LENGTH=8 restart: always volumes: - ./data:/var/lib/gitea - ./config:/etc/gitea - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "2222:2222" depends_on: - db labels: - "traefik.enable=true" - "traefik.http.routers.gitea.rule=Host(`${DOMAIN:?DOMAIN not set}`)" - "traefik.http.routers.gitea.entrypoints=websecure" - "traefik.http.routers.gitea.tls=true" - "traefik.http.routers.gitea.tls.certresolver=le" - "traefik.http.services.gitea.loadbalancer.server.port=3000" networks: - default db: image: mysql:8 restart: always environment: - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - MYSQL_USER=${MYSQL_USER} - MYSQL_PASSWORD=${MYSQL_PASSWORD} - MYSQL_DATABASE=${MYSQL_DATABASE} volumes: - ./mysql:/var/lib/mysql networks: - default networks: default: name: gitea_default