knee-cola/d-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d042387f43156bfd732d3f262d270c7183b6756
d-gitea/docker-compose.yaml
Nikola Derežić 1d042387f4 Add Gitea runner service with resource limits 
- Added act-runner service for CI/CD automation
- Configured runner with 2 CPU cores, 4GB memory limit
- Isolated runner on gitea-network for security
- Added gitea-network to server service for runner communication
- Fixed typos in comments (sincer→since, Not→Note, colide→collide)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 10:40:44 +01:00

106 lines
3.8 KiB
YAML
Raw Blame History

version: "3.9"
networks:
traefik-network:
name: traefik-network
external: true
# this network isolates Gitea server-runner communication from other services
gitea-network:
name: gitea-network
services:
server:
image: docker.gitea.com/gitea:1.25.3-rootless
networks:
- traefik-network
- gitea-network
restart: always
stop_grace_period: 1m # Allow Gitea time to shut down gracefully
# Standalone Compose resource limits (commonly honored by Docker Compose v2)
cpus: "1.0"
mem_limit: 2g
mem_reservation: 512m
pids_limit: 512
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/healthz"]
interval: 30s
timeout: 5s
retries: 3
start_period: 200s
volumes:
- /home/knee-cola/docker/d-gitea/data:/var/lib/gitea
- /home/knee-cola/docker/d-gitea/config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# HTTP handled by Traefik; expose is optional but clarifies intent
expose:
- "3000"
ports:
- "2222:2222" # SSH port
environment:
# Ensure Gitea generates correct URLs (adjust if you terminate TLS at Traefik)
- GITEA__server__DOMAIN=gitea.budakova.org
- GITEA__server__ROOT_URL=https://gitea.budakova.org/
- GITEA__server__PROTOCOL=http # Traefik handles TLS
- GITEA__server__SSH_PORT=2222
- GITEA__server__SSH_DOMAIN=git.budakova.org # CloudFlare tunnel hostname for SSH access (must not collide with web console hostname)
# Enable Docker Registry support
- GITEA__packages__ENABLED=true
# Set public URL detection to auto so that server
# supports multiple hostnames (for registry and web console)
- GITEA__server__PUBLIC_URL_DETECTION=auto
labels:
- traefik.enable=true
- traefik.docker.network=traefik-network
- traefik.http.services.gitea.loadbalancer.server.port=3000
# Web Console
- traefik.http.routers.gitea.rule=Host(`gitea.budakova.org`)
- traefik.http.routers.gitea.entrypoints=http # using `http` - see notes below
# Note: NOT using `https` entrypoint since CloudFlare does SSL offloading
# Also CloudFlare tunnel rejects Let's Encrypt cert since it sees
# the server as running at https://10.10.1.200:443 and NOT as `gitea.budakova.org`
# - traefik.http.routers.gitea.entrypoints=https
# - traefik.http.routers.gitea.tls=true
# - traefik.http.routers.gitea.tls.certresolver=letsencrypt
# Registry (only /v2)
# Note: here we can use `https` since it's not published via CloudFlare
# but via local IP address
- traefik.http.routers.gitea-registry.entrypoints=https
- traefik.http.routers.gitea-registry.rule=Host(`registry.budakova.org`) && PathPrefix(`/v2`)
- traefik.http.routers.gitea-registry.tls=true
- traefik.http.routers.gitea-registry.tls.certresolver=letsencrypt
- traefik.http.routers.gitea-registry.service=gitea
runner:
image: gitea/act-runner:0.2.13
networks:
- gitea-network
restart: always
depends_on:
- server
# Resource limits for CI/CD runner
cpus: "2.0"
mem_limit: 4g
mem_reservation: 1g
pids_limit: 512
environment:
CONFIG_FILE: /config.yaml
# use service name `server` since both services are on the same `gitea-network`
GITEA_INSTANCE_URL: "http://server:3000/"
GITEA_RUNNER_REGISTRATION_TOKEN: "${REGISTRATION_TOKEN:-cOUnze8BFR5OhW30pcdfCL4oSvSXbsd4PUqDzo6Y}"
GITEA_RUNNER_NAME: "${GITEA_RUNNER_NAME:-gitea-runner-1}"
volumes:
- /home/knee-cola/docker/d-gitea/runner-config.yaml:/config.yaml
- /home/knee-cola/docker/d-gitea/runner-data:/data
- /var/run/docker.sock:/var/run/docker.sock
Reference in New Issue View Git Blame Copy Permalink