Docker-Gitea/docker-compose.yml

name: gitea

services:
  server:
    image: gitea/gitea:latest
    container_name: gitea
    depends_on:
      - db_pg17
    restart: unless-stopped
    volumes:
      - data:/data
      - /srv/gitea/public:/data/gitea/public
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      #- "3005:3000"
      - "2222:22"
    networks:
      - internal
      - proxy
    environment:
      USER_UID: 30003
      USER_GID: 30003
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: db_pg17
      GITEA__database__NAME__FILE: /run/secrets/db_name
      GITEA__database__USER__FILE: /run/secrets/db_user
      GITEA__database__PASSWD__FILE: /run/secrets/db_pass
      GITEA__security__SECRET_KEY__FILE: /run/secrets/secret
      GITEA__security__INTERNAL_TOKEN__FILE: /run/secrets/token
      GITEA__server__ROOT_URL__FILE: /run/secrets/root_url
      GITEA__server__DOMAIN__FILE: /run/secrets/domain
      GITEA__server__SSH_DOMAIN__FILE: /run/secrets/ssh_domain
      GITEA__server__SSH_PORT__FILE: /run/secrets/ssh_port
      GITEA__mailer__ENABLED: true
      GITEA__mailer__PROTOCOL: smtp+starttls
      GITEA__mailer__SMTP_PORT: 587
      GITEA__mailer__SMTP_ADDR__FILE: /run/secrets/mail_server
      GITEA__mailer__FROM__FILE: /run/secrets/mail_from
      GITEA__mailer__USER__FILE: /run/secrets/mail_user
      GITEA__mailer__PASSWD__FILE: /run/secrets/mail_pass
      GITEA__oauth2_client__REGISTER_EMAIL_CONFIRM: false
      GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION: true
      GITEA__oauth2_client__ACCOUNT_LINKING: login
      GITEA__oauth2_client__USERNAME: nickname
      GITEA__openid__ENABLE_OPENID_SIGNIN: false
      GITEA__service__DISABLE_REGISTRATION: false
      GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: true
      GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: false
      GITEA__repository__MAX_CREATION_LIMIT: 0
      GITEA__ui__THEMES: catppuccin-latte-mauve,catppuccin-frappe-mauve,catppuccin-macchiato-mauve,catppuccin-mocha-mauve,catppuccin-mauve-auto
      GITEA__ui__DEFAULT_THEME: catppuccin-mauve-auto
      GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/runner_token
    secrets:
      - db_user
      - db_pass
      - db_name
      - secret
      - token
      - runner_token
      - root_url
      - domain
      - ssh_domain
      - ssh_port
      - mail_server
      - mail_user
      - mail_pass
      - mail_from

  runner:
    image: gitea/act_runner:latest
    container_name: gitea_runner
    depends_on:
      - server
    restart: unless-stopped
    volumes:
      - runner:/data
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - internal
    environment:
      GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/runner_token
      GITEA_INSTANCE_URL: http://server:3000/
      GITEA_RUNNER_NAME: Gitea Runner
    secrets:
      - runner_token

  db_pg17:
    image: postgres:17
    container_name: gitea_db_pg17
    restart: unless-stopped
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`" ]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - db_pg17:/var/lib/postgresql/data
    networks:
      - internal
    environment:
      POSTGRES_DB_FILE: /run/secrets/db_name
      POSTGRES_USER_FILE: /run/secrets/db_user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_pass
    secrets:
      - db_user
      - db_pass
      - db_name

volumes:
  db_pg17:
    name: gitea_db_pg17
  data:
    name: gitea_data
  runner:
    name: gitea_runner_data

networks:
  internal:
    name: gitea-internal
  proxy:
      name: proxy-git
      external: true

secrets:
  db_name:
    file: /srv/docker/secrets/gitea/db/name.txt
  db_user:
    file: /srv/docker/secrets/gitea/db/user.txt
  db_pass:
    file: /srv/docker/secrets/gitea/db/pass.key
  secret:
    file: /srv/docker/secrets/gitea/keys/secret.key
  token:
    file: /srv/docker/secrets/gitea/keys/token.key
  runner_token:
    file: /srv/docker/secrets/gitea/keys/runner_token.key
  root_url:
    file: /srv/docker/secrets/gitea/root_url.txt
  domain:
    file: /srv/docker/secrets/gitea/domain.txt
  ssh_domain:
    file: /srv/docker/secrets/gitea/ssh_domain.txt
  ssh_port:
    file: /srv/docker/secrets/gitea/ssh_port.txt
  mail_from:
    file: /srv/docker/secrets/gitea/mail_from.txt
  mail_user:
    file: /srv/docker/secrets/mail/user.txt
  mail_pass:
    file: /srv/docker/secrets/mail/pass.key
  mail_server:
    file: /srv/docker/secrets/mail/host.txt