knee-cola/d-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
d-gitea/docker-compose.yaml
Nikola Derežić c16baa5ef5 (fix) the gitea runner image was incorrect
2026-01-09 10:51:15 +01:00

106 lines
3.8 KiB
YAML
Raw Permalink Blame History

version: "3.9"
networks:
traefik-network:
name: traefik-network
external: true
# this network isolates Gitea server-runner communication from other services
gitea-network:
name: gitea-network
services:
server:
image: docker.gitea.com/gitea:1.25.3-rootless
networks:
- traefik-network
- gitea-network
restart: always
stop_grace_period: 1m # Allow Gitea time to shut down gracefully
# Standalone Compose resource limits (commonly honored by Docker Compose v2)
cpus: "1.0"
mem_limit: 2g
mem_reservation: 512m
pids_limit: 512
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/healthz"]
interval: 30s
timeout: 5s
retries: 3
start_period: 200s
volumes:
- /home/knee-cola/docker/d-gitea/data:/var/lib/gitea
- /home/knee-cola/docker/d-gitea/config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# HTTP handled by Traefik; expose is optional but clarifies intent
expose:
- "3000"
ports:
- "2222:2222" # SSH port
environment:
# Ensure Gitea generates correct URLs (adjust if you terminate TLS at Traefik)
- GITEA__server__DOMAIN=gitea.budakova.org
- GITEA__server__ROOT_URL=https://gitea.budakova.org/
- GITEA__server__PROTOCOL=http # Traefik handles TLS
- GITEA__server__SSH_PORT=2222
- GITEA__server__SSH_DOMAIN=git.budakova.org # CloudFlare tunnel hostname for SSH access (must not collide with web console hostname)
# Enable Docker Registry support
- GITEA__packages__ENABLED=true
# Set public URL detection to auto so that server
# supports multiple hostnames (for registry and web console)
- GITEA__server__PUBLIC_URL_DETECTION=auto
labels:
- traefik.enable=true
- traefik.docker.network=traefik-network
- traefik.http.services.gitea.loadbalancer.server.port=3000
# Web Console
- traefik.http.routers.gitea.rule=Host(`gitea.budakova.org`)
- traefik.http.routers.gitea.entrypoints=http # using `http` - see notes below
# Note: NOT using `https` entrypoint since CloudFlare does SSL offloading
# Also CloudFlare tunnel rejects Let's Encrypt cert since it sees
# the server as running at https://10.10.1.200:443 and NOT as `gitea.budakova.org`
# - traefik.http.routers.gitea.entrypoints=https
# - traefik.http.routers.gitea.tls=true
# - traefik.http.routers.gitea.tls.certresolver=letsencrypt
# Registry (only /v2)
# Note: here we can use `https` since it's not published via CloudFlare
# but via local IP address
- traefik.http.routers.gitea-registry.entrypoints=https
- traefik.http.routers.gitea-registry.rule=Host(`registry.budakova.org`) && PathPrefix(`/v2`)
- traefik.http.routers.gitea-registry.tls=true
- traefik.http.routers.gitea-registry.tls.certresolver=letsencrypt
- traefik.http.routers.gitea-registry.service=gitea
runner:
image: docker.io/gitea/act_runner:0.2.13
networks:
- gitea-network
restart: always
depends_on:
- server
# Resource limits for CI/CD runner
cpus: "2.0"
mem_limit: 4g
mem_reservation: 1g
pids_limit: 512
environment:
CONFIG_FILE: /config.yaml
# use service name `server` since both services are on the same `gitea-network`
GITEA_INSTANCE_URL: "http://server:3000/"
GITEA_RUNNER_REGISTRATION_TOKEN: "${REGISTRATION_TOKEN:-cOUnze8BFR5OhW30pcdfCL4oSvSXbsd4PUqDzo6Y}"
GITEA_RUNNER_NAME: "${GITEA_RUNNER_NAME:-gitea-runner-1}"
volumes:
- /home/knee-cola/docker/d-gitea/runner-config.yaml:/config.yaml
- /home/knee-cola/docker/d-gitea/runner-data:/data
- /var/run/docker.sock:/var/run/docker.sock
Reference in New Issue View Git Blame Copy Permalink