174 lines
7.9 KiB
YAML
174 lines
7.9 KiB
YAML
services:
|
|
# Gitea - Self-hosted Git service
|
|
gitea:
|
|
image: ${DEV_GITEA_IMAGE:-gitea/gitea:latest}
|
|
container_name: ${DEV_COMPOSE_PROJECT_NAME}_gitea
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- gitea_runner
|
|
ports:
|
|
- "2222:2222"
|
|
volumes:
|
|
- gitea_data:/data
|
|
- gitea_config:/etc/gitea
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- ./public:/data/gitea/public:ro
|
|
environment:
|
|
TZ: ${TIMEZONE:-Europe/Berlin}
|
|
USER_UID: 1000
|
|
USER_GID: 1000
|
|
GITEA__database__DB_TYPE: postgres
|
|
GITEA__database__HOST: ${CORE_DB_HOST}:${CORE_DB_PORT}
|
|
GITEA__database__NAME: ${DEV_GITEA_DB_NAME}
|
|
GITEA__database__USER: ${DB_USER}
|
|
GITEA__database__PASSWD: ${DB_PASSWORD}
|
|
GITEA__server__DOMAIN: ${DEV_GITEA_TRAEFIK_HOST}
|
|
GITEA__server__SSH_DOMAIN: ${DEV_GITEA_TRAEFIK_HOST}
|
|
GITEA__server__ROOT_URL: https://${DEV_GITEA_TRAEFIK_HOST}/
|
|
GITEA__server__PROTOCOL: http
|
|
GITEA__server__HTTP_PORT: 3000
|
|
GITEA__server__START_SSH_SERVER: true
|
|
GITEA__server__SSH_PORT: 2222
|
|
GITEA__server__SSH_LISTEN_PORT: 2222
|
|
GITEA__mailer__ENABLED: true
|
|
GITEA__mailer__PROTOCOL: smtps
|
|
GITEA__mailer__SMTP_ADDR: ${EMAIL_SMTP_HOST}
|
|
GITEA__mailer__SMTP_PORT: ${EMAIL_SMTP_PORT}
|
|
GITEA__mailer__USER: ${EMAIL_SMTP_USER}
|
|
GITEA__mailer__PASSWD: ${EMAIL_SMTP_PASSWORD}
|
|
GITEA__mailer__FROM: ${EMAIL_FROM}
|
|
GITEA__service__DISABLE_REGISTRATION: false
|
|
GITEA__service__REQUIRE_SIGNIN_VIEW: false
|
|
GITEA__packages__ENABLED: true
|
|
GITEA__actions__ENABLED: true
|
|
GITEA__ui__THEMES: gitea-auto,gitea-light,gitea-dark,arc-green,edge-auto,edge-dark,edge-light,everforest-auto,everforest-dark,everforest-light,gruvbox-auto,gruvbox-dark,gruvbox-light,gruvbox-material-auto,gruvbox-material-dark,gruvbox-material-light,nord,palenight,soft-era,sonokai,sonokai-andromeda,sonokai-atlantis,sonokai-espresso,sonokai-maia,sonokai-shusia
|
|
GITEA__ui__DEFAULT_THEME: gitea-dark
|
|
GITEA__ui__ENABLE_FEED: true
|
|
networks:
|
|
- compose_network
|
|
labels:
|
|
- 'traefik.enable=${DEV_TRAEFIK_ENABLED}'
|
|
# HTTP to HTTPS redirect
|
|
- 'traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-gitea-redirect-web-secure.redirectscheme.scheme=https'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-gitea-web.middlewares=${DEV_COMPOSE_PROJECT_NAME}-gitea-redirect-web-secure'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-gitea-web.rule=Host(`${DEV_GITEA_TRAEFIK_HOST}`)'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-gitea-web.entrypoints=web'
|
|
# HTTPS router
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-gitea-web-secure.rule=Host(`${DEV_GITEA_TRAEFIK_HOST}`)'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-gitea-web-secure.tls.certresolver=resolver'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-gitea-web-secure.entrypoints=web-secure'
|
|
- 'traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-gitea-web-secure-compress.compress=true'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-gitea-web-secure.middlewares=${DEV_COMPOSE_PROJECT_NAME}-gitea-web-secure-compress,security-headers@file'
|
|
# Service
|
|
- 'traefik.http.services.${DEV_COMPOSE_PROJECT_NAME}-gitea-web-secure.loadbalancer.server.port=3000'
|
|
- 'traefik.docker.network=${NETWORK_NAME}'
|
|
# Watchtower
|
|
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
|
|
|
|
# Gitea Runner - Act runner for Gitea Actions
|
|
gitea_runner:
|
|
image: ${DEV_GITEA_RUNNER_IMAGE:-gitea/act_runner:latest}
|
|
container_name: ${DEV_COMPOSE_PROJECT_NAME}_gitea_runner
|
|
restart: unless-stopped
|
|
volumes:
|
|
- gitea_runner_data:/data
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
TZ: ${TIMEZONE:-Europe/Berlin}
|
|
GITEA_INSTANCE_URL: https://${DEV_GITEA_TRAEFIK_HOST}
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: ${DEV_GITEA_RUNNER_TOKEN}
|
|
GITEA_RUNNER_NAME: ${DEV_GITEA_RUNNER_NAME:-docker-runner}
|
|
GITEA_RUNNER_LABELS: ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://node:20-bookworm,ubuntu-20.04:docker://node:18-buster
|
|
networks:
|
|
- compose_network
|
|
|
|
# Coolify - Self-hosted deployment platform
|
|
coolify:
|
|
image: ${DEV_COOLIFY_IMAGE:-ghcr.io/coollabsio/coolify:latest}
|
|
container_name: ${DEV_COMPOSE_PROJECT_NAME}_coolify
|
|
restart: unless-stopped
|
|
depends_on:
|
|
coolify_soketi:
|
|
condition: service_started
|
|
volumes:
|
|
- coolify_data:/data/coolify
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /data/coolify/ssh:/var/www/html/storage/app/ssh
|
|
- /data/coolify/applications:/var/www/html/storage/app/applications
|
|
- /data/coolify/databases:/var/www/html/storage/app/databases
|
|
- /data/coolify/services:/var/www/html/storage/app/services
|
|
- /data/coolify/backups:/var/www/html/storage/app/backups
|
|
environment:
|
|
- APP_ID=${DEV_COOLIFY_APP_ID}
|
|
- APP_KEY=${DEV_COOLIFY_APP_KEY}
|
|
- APP_NAME=Coolify
|
|
- APP_ENV=production
|
|
- APP_URL=https://${DEV_COOLIFY_TRAEFIK_HOST}
|
|
- APP_PORT=8000
|
|
- DB_HOST=${CORE_DB_HOST}
|
|
- DB_PORT=${CORE_DB_PORT}
|
|
- DB_DATABASE=${DEV_COOLIFY_DB_NAME}
|
|
- DB_USERNAME=${DB_USER}
|
|
- DB_PASSWORD=${DB_PASSWORD}
|
|
- REDIS_HOST=${CORE_REDIS_HOST}
|
|
- REDIS_PORT=${CORE_REDIS_PORT}
|
|
- PUSHER_HOST=coolify_soketi
|
|
- PUSHER_PORT=6001
|
|
- PUSHER_APP_ID=${DEV_COOLIFY_PUSHER_APP_ID}
|
|
- PUSHER_APP_KEY=${DEV_COOLIFY_PUSHER_APP_KEY}
|
|
- PUSHER_APP_SECRET=${DEV_COOLIFY_PUSHER_APP_SECRET}
|
|
- SSL_MODE=off
|
|
networks:
|
|
- compose_network
|
|
labels:
|
|
- 'traefik.enable=${DEV_TRAEFIK_ENABLED}'
|
|
# HTTP to HTTPS redirect
|
|
- 'traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-coolify-redirect-web-secure.redirectscheme.scheme=https'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-coolify-web.middlewares=${DEV_COMPOSE_PROJECT_NAME}-coolify-redirect-web-secure'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-coolify-web.rule=Host(`${DEV_COOLIFY_TRAEFIK_HOST}`)'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-coolify-web.entrypoints=web'
|
|
# HTTPS router
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-coolify-web-secure.rule=Host(`${DEV_COOLIFY_TRAEFIK_HOST}`)'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-coolify-web-secure.tls.certresolver=resolver'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-coolify-web-secure.entrypoints=web-secure'
|
|
- 'traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-coolify-web-secure-compress.compress=true'
|
|
- 'traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-coolify-web-secure.middlewares=${DEV_COMPOSE_PROJECT_NAME}-coolify-web-secure-compress,security-headers@file'
|
|
# Service
|
|
- 'traefik.http.services.${DEV_COMPOSE_PROJECT_NAME}-coolify-web-secure.loadbalancer.server.port=8000'
|
|
- 'traefik.docker.network=${NETWORK_NAME}'
|
|
# Watchtower
|
|
- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'
|
|
|
|
# Coolify Soketi (WebSocket server)
|
|
coolify_soketi:
|
|
image: quay.io/soketi/soketi:1.0-16-alpine
|
|
container_name: ${DEV_COMPOSE_PROJECT_NAME}_coolify_soketi
|
|
restart: unless-stopped
|
|
environment:
|
|
- SOKETI_DEFAULT_APP_ID=${DEV_COOLIFY_PUSHER_APP_ID}
|
|
- SOKETI_DEFAULT_APP_KEY=${DEV_COOLIFY_PUSHER_APP_KEY}
|
|
- SOKETI_DEFAULT_APP_SECRET=${DEV_COOLIFY_PUSHER_APP_SECRET}
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-qO-", "http://localhost:6001/ready"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 10
|
|
networks:
|
|
- compose_network
|
|
|
|
volumes:
|
|
gitea_data:
|
|
name: ${DEV_COMPOSE_PROJECT_NAME}_gitea_data
|
|
gitea_config:
|
|
name: ${DEV_COMPOSE_PROJECT_NAME}_gitea_config
|
|
gitea_runner_data:
|
|
name: ${DEV_COMPOSE_PROJECT_NAME}_gitea_runner_data
|
|
coolify_data:
|
|
name: ${DEV_COMPOSE_PROJECT_NAME}_coolify_data
|
|
|
|
networks:
|
|
compose_network:
|
|
name: ${NETWORK_NAME}
|
|
external: true
|