docker/gitea/docker-compose.yaml

networks:
  proxy:
    external: true
  gitea:
    name: gitea
    external: false
    enable_ipv6: true

volumes:
  gitea:
    name: gitea
  gitea-db:
    name: gitea-db
  gitea-runner:
    name: gitea-runner

services:
  gitea:
    image: gitea/gitea
    container_name: gitea
    hostname: gitea
    environment:
      USER_UID: 1000
      USER_GID: 1000
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: gitea-db:5432
      GITEA__database__NAME: ${DB_NAME}
      GITEA__database__USER: ${DB_USER}
      GITEA__database__PASSWD: ${DB_PASS}
      GITEA__server__START_SSH_SERVER: true
      GITEA__server__SSH_PORT: 22
      GITEA__server__SSH_LISTEN_PORT: 222
    restart: unless-stopped
    depends_on:
      - gitea-db
    volumes:
      - gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - proxy
      - gitea
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.git.entrypoints=web"
      - "traefik.http.routers.git.rule=Host(`gitea.fam-steinle.de`)"
      - "traefik.http.routers.git.middlewares=git"
      - "traefik.http.middlewares.git.redirectscheme.scheme=https"
      - "traefik.http.routers.git-secure.entrypoints=websecure"
      - "traefik.http.routers.git-secure.rule=Host(`gitea.fam-steinle.de`)"
      - "traefik.http.routers.git-secure.service=git-secure"
      - "traefik.http.routers.git-secure.tls=true"
      - "traefik.http.routers.git-secure.tls.certresolver=myresolver"
      - "traefik.http.services.git-secure.loadbalancer.server.port=3000"
      - "traefik.tcp.routers.git-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.git-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.git-ssh.service=git-ssh"
      - "traefik.tcp.services.git-ssh.loadbalancer.server.port=222"

  gitea-db:
    image: postgres:17-alpine
    container_name: gitea-db
    hostname: gitea-db
    restart: unless-stopped
    volumes:
      - gitea-db:/var/lib/postgresql/data
    networks:
      - gitea
    environment:
      POSTGRES_PASSWORD: ${DB_PASS}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_DB: ${DB_NAME}
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U $DB_USER" ]

  runner:
    image: gitea/act_runner
    restart: always
    privileged: true
    depends_on:
      - gitea
    volumes:
      - gitea-runner:/data
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - gitea
    environment:
      - GITEA_INSTANCE_URL=https://gitea.fam-steinle.de
      - GITEA_RUNNER_REGISTRATION_TOKEN=FQDt05qG37BLO0OBl6eX94aNNVE9Ni5nFdeVFoKm