Add self-contained Docker Compose stacks for pivoine.art infrastructure

Migrated 11 services from monolithic docker-compose project into independent stacks,
each with dedicated databases, minimal .env configuration, and bind-mount data volumes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

gitea/compose.yml

@@ -0,0 +1,104 @@
+---
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    environment:
+      TZ: ${TIMEZONE:-Europe/Amsterdam}
+      USER_UID: 1000
+      USER_GID: 1000
+      GITEA__APP_NAME: dev.pivoine.art
+      GITEA__database__DB_TYPE: postgres
+      GITEA__database__HOST: gitea_db:5432
+      GITEA__database__NAME: gitea
+      GITEA__database__USER: gitea
+      GITEA__database__PASSWD: gitea
+      GITEA__server__DOMAIN: ${TRAEFIK_HOST}
+      GITEA__server__SSH_DOMAIN: ${TRAEFIK_HOST}
+      GITEA__server__ROOT_URL: https://${TRAEFIK_HOST}/
+      GITEA__server__PROTOCOL: http
+      GITEA__server__HTTP_PORT: 3000
+      GITEA__server__START_SSH_SERVER: "true"
+      GITEA__server__SSH_PORT: 2222
+      GITEA__server__SSH_LISTEN_PORT: 2222
+      GITEA__mailer__ENABLED: "true"
+      GITEA__mailer__PROTOCOL: smtp
+      GITEA__mailer__SMTP_ADDR: mailpit
+      GITEA__mailer__SMTP_PORT: 1025
+      GITEA__service__DISABLE_REGISTRATION: "false"
+      GITEA__service__REQUIRE_SIGNIN_VIEW: "false"
+      GITEA__service__ENABLE_NOTIFY_MAIL: "true"
+      GITEA__service__DEFAULT_EMAIL_NOTIFICATIONS: enabled
+      GITEA__packages__ENABLED: "true"
+      GITEA__actions__ENABLED: "true"
+      GITEA__ui__THEMES: gitea-auto,gitea-light,gitea-dark,arc-green,edge-auto,edge-dark,edge-light,everforest-auto,everforest-dark,everforest-light,gruvbox-auto,gruvbox-dark,gruvbox-light,gruvbox-material-auto,gruvbox-material-dark,gruvbox-material-light,nord,palenight,soft-era,sonokai,sonokai-andromeda,sonokai-atlantis,sonokai-espresso,sonokai-maia,sonokai-shusia
+      GITEA__ui__DEFAULT_THEME: edge-dark
+      GITEA__ui__ENABLE_FEED: "true"
+    ports:
+      - "2222:2222"
+    volumes:
+      - ../.data/gitea/data:/data
+      - ../.data/gitea/config:/etc/gitea
+      - ./themes:/data/gitea/public/assets/css:ro
+      - /etc/localtime:/etc/localtime:ro
+    depends_on:
+      db:
+        condition: service_healthy
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.gitea-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.gitea-web.middlewares=gitea-redirect-web-secure"
+      - "traefik.http.routers.gitea-web.rule=Host(`${TRAEFIK_HOST}`)"
+      - "traefik.http.routers.gitea-web.entrypoints=web"
+      - "traefik.http.routers.gitea-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
+      - "traefik.http.routers.gitea-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.gitea-web-secure.entrypoints=web-secure"
+      - "traefik.http.routers.gitea-web-secure.middlewares=security-headers@file"
+      - "traefik.http.services.gitea-web-secure.loadbalancer.server.port=3000"
+      - "traefik.docker.network=${NETWORK_NAME}"
+      - "com.centurylinklabs.watchtower.enable=true"
+    networks:
+      - compose_network
+  runner:
+    image: gitea/act_runner:latest
+    container_name: gitea_runner
+    privileged: true
+    command: ["act_runner", "daemon", "--config", "/data/config.yaml"]
+    environment:
+      TZ: ${TIMEZONE:-Europe/Amsterdam}
+      GITEA_INSTANCE_URL: https://${TRAEFIK_HOST}
+      GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN}
+      GITEA_RUNNER_NAME: docker-runner
+      GITEA_RUNNER_LABELS: ubuntu-latest:docker://catthehacker/ubuntu:act-latest,ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04,ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04
+      DOCKER_HOST: unix:///var/run/docker.sock
+    volumes:
+      - ../.data/gitea/runner:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./runner-config.yaml:/data/config.yaml:ro
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    restart: always
+    networks:
+      - compose_network
+  db:
+    image: postgres:16-alpine
+    container_name: gitea_db
+    environment:
+      POSTGRES_DB: gitea
+      POSTGRES_USER: gitea
+      POSTGRES_PASSWORD: gitea
+    volumes:
+      - ../.data/gitea/db:/var/lib/postgresql/data
+    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    networks:
+      - compose_network
+networks:
+  compose_network:
+    name: ${NETWORK_NAME}
+    external: true

gitea/runner-config.yaml

@@ -0,0 +1,32 @@
+log:
+  level: info
+
+runner:
+  file: .runner
+  capacity: 1
+  envs: {}
+  env_file: .env
+  timeout: 3h
+  insecure: false
+  fetch_timeout: 5s
+  fetch_interval: 2s
+  labels: []
+
+cache:
+  enabled: true
+  dir: ""
+  host: ""
+  port: 0
+  external_server: ""
+
+container:
+  network: ""
+  privileged: false
+  options: "-v /var/run/docker.sock:/var/run/docker.sock"
+  workdir_parent: ""
+  valid_volumes: []
+  docker_host: ""
+  force_pull: false
+
+host:
+  workdir_parent: ""