99 lines
3.4 KiB
YAML
99 lines
3.4 KiB
YAML
volumes:
|
|
traefik: { driver: local }
|
|
|
|
services:
|
|
traefik:
|
|
image: docker.io/traefik:${TRAEFIK_RELEASE:-v2.9.8}
|
|
restart: always
|
|
command:
|
|
- --api.insecure=false
|
|
- --providers.docker=true
|
|
- --providers.docker.exposedbydefault=false
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.web.http.redirections.entryPoint.to=websecure
|
|
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
|
- --entrypoints.websecure.address=:443
|
|
- --certificatesresolvers.le.acme.tlschallenge=true
|
|
- --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL?need email for cert expiry notifications}
|
|
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
volumes:
|
|
- traefik:/letsencrypt:rw
|
|
- /run/docker.sock:/var/run/docker.sock:ro
|
|
networks:
|
|
- default
|
|
|
|
gitea:
|
|
image: gitea/gitea:1.22.3-rootless
|
|
environment:
|
|
# Database
|
|
- GITEA__database__DB_TYPE=mysql
|
|
- GITEA__database__HOST=db:3306
|
|
- GITEA__database__NAME=${GITEA__database__NAME}
|
|
- GITEA__database__USER=${GITEA__database__USER}
|
|
- GITEA__database__PASSWD=${GITEA__database__PASSWD}
|
|
# Mailer
|
|
- GITEA__mailer__ENABLED=true
|
|
- GITEA__mailer__FROM=${GITEA__mailer__FROM:?GITEA__mailer__FROM not set}
|
|
- GITEA__mailer__SMTP_ADDR=${GITEA__mailer__SMTP_ADDR:?GITEA__mailer__SMTP_ADDR not set}
|
|
- GITEA__mailer__USER=${GITEA__mailer__USER:-apikey}
|
|
- GITEA__mailer__PASSWD=${GITEA__mailer__PASSWD:?GITEA__mailer__PASSWD not set}
|
|
- GITEA__mailer__SMTP_PORT=${GITEA__mailer__SMTP_PORT:?GITEA__mailer__SMTP_PORT not set}
|
|
- GITEA__mailer__PROTOCOL=${GITEA__mailer__PROTOCOL:?GITEA__mailer__PROTOCOL not set}
|
|
# Service
|
|
- GITEA__service__REGISTER_EMAIL_CONFIRM=true
|
|
- GITEA__service__ENABLE_CAPTCHA=true
|
|
- GITEA__service__REQUIRE_CAPTCHA_FOR_LOGIN=true
|
|
- GITEA__service__KEEP_EMAIL_PRIVATE=true
|
|
- GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=false
|
|
# Repository
|
|
- GITEA__repository__DEFAULT_PRIVATE=true
|
|
- GITEA__repository__MAX_CREATION_LIMIT=0
|
|
- GITEA__repository__DISABLE_MIGRATIONS=false
|
|
# Default
|
|
# Fails due to special character - override in app.ini
|
|
# - GITEA__APP_NAME="moeny: git moeny with a cup of gitea"
|
|
- GITEA__RUN_MODE=prod
|
|
# Security
|
|
- GITEA__security__INSTALL_LOCK=true
|
|
- GITEA__security__MIN_PASSWORD_LENGTH=8
|
|
restart: always
|
|
volumes:
|
|
- ./data:/var/lib/gitea
|
|
- ./config:/etc/gitea
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- "3000:3000"
|
|
- "2222:2222"
|
|
depends_on:
|
|
- db
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.gitea.rule=Host(`${DOMAIN:?DOMAIN not set}`)"
|
|
- "traefik.http.routers.gitea.entrypoints=websecure"
|
|
- "traefik.http.routers.gitea.tls=true"
|
|
- "traefik.http.routers.gitea.tls.certresolver=le"
|
|
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
|
|
networks:
|
|
- default
|
|
|
|
db:
|
|
image: mysql:8
|
|
restart: always
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
|
- MYSQL_USER=${MYSQL_USER}
|
|
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
|
volumes:
|
|
- ./mysql:/var/lib/mysql
|
|
networks:
|
|
- default
|
|
|
|
networks:
|
|
default:
|
|
name: gitea_default
|