gitea/docker-compose.yaml
2024-10-30 19:50:07 -04:00

99 lines
3.4 KiB
YAML

volumes:
traefik: { driver: local }
services:
traefik:
image: docker.io/traefik:${TRAEFIK_RELEASE:-v2.9.8}
restart: always
command:
- --api.insecure=false
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.websecure.address=:443
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL?need email for cert expiry notifications}
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
ports:
- 80:80
- 443:443
volumes:
- traefik:/letsencrypt:rw
- /run/docker.sock:/var/run/docker.sock:ro
networks:
- default
gitea:
image: gitea/gitea:1.22.3-rootless
environment:
# Database
- GITEA__database__DB_TYPE=mysql
- GITEA__database__HOST=db:3306
- GITEA__database__NAME=${GITEA__database__NAME}
- GITEA__database__USER=${GITEA__database__USER}
- GITEA__database__PASSWD=${GITEA__database__PASSWD}
# Mailer
- GITEA__mailer__ENABLED=true
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
- GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
- GITEA__mailer__USER=${GITEA__mailer__USER:-apikey}
- GITEA__mailer__PASSWD=${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}
- GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
- GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:?GITEA__mailer__PROTOCOL not set}
# Service
- GITEA__service__REGISTER_EMAIL_CONFIRM=true
- GITEA__service__ENABLE_CAPTCHA=true
- GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN=true
- GITEA__service__KEEP_EMAIL_PRIVATE=true
- GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=false
# Repository
- GITEA__repository__DEFAULT_PRIVATE=true
- GITEA__repository__MAX_CREATION_LIMIT=0
- GITEA__repository__DISABLE_MIGRATIONS=false
# Default
# Fails due to special character - override in app.ini
# - GITEA__APP_NAME="moeny: git moeny with a cup of gitea"
- GITEA__RUN_MODE=prod
# Security
- GITEA__security__INSTALL_LOCK=true
- GITEA__security__MIN_PASSWORD_LENGTH=8
restart: always
volumes:
- ./data:/var/lib/gitea
- ./config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:2222"
depends_on:
- db
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`${DOMAIN:?DOMAIN not set}`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.tls.certresolver=le"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
networks:
- default
db:
image: mysql:8
restart: always
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
volumes:
- ./mysql:/var/lib/mysql
networks:
- default
networks:
default:
name: gitea_default