117 lines
3.3 KiB
YAML
117 lines
3.3 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
app:
|
|
image: "gitea/gitea:1.13.6"
|
|
configs:
|
|
- source: app_ini
|
|
target: /data/gitea/conf/app.ini
|
|
secrets:
|
|
- db_passwd
|
|
- internal_token
|
|
- jwt_secret
|
|
- secret_key
|
|
- smtp_passwd
|
|
environment:
|
|
- GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION
|
|
- GITEA_APP_NAME
|
|
- GITEA_AUTO_WATCH_NEW_REPOS
|
|
- GITEA_DB_HOST="db:3306"
|
|
- GITEA_DB_NAME=gitea
|
|
- GITEA_DB_TYPE=mysql
|
|
- GITEA_DB_USER=gitea
|
|
- GITEA_DISABLE_REGISTRATION
|
|
- GITEA_DOMAIN=${DOMAIN}
|
|
- GITEA_ENABLE_NOTIFY_MAIL
|
|
- GITEA_ENABLE_OPENID_SIGNIN
|
|
- GITEA_ENABLE_OPENID_SIGNUP
|
|
- GITEA_MAILER_FROM
|
|
- GITEA_MAILER_HOST
|
|
- GITEA_MAILER_USER
|
|
- GITEA_SSH_PORT
|
|
volumes:
|
|
- "git:/data"
|
|
- "/etc/timezone:/etc/timezone:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:3000"]
|
|
interval: 15s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 30s
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
order: start-first
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
|
|
- "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh"
|
|
- "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=${GITEA_SSH_PORT}"
|
|
- "coop-cloud.${STACK_NAME}.app.version=${ABRA_TYPE_APP_VERSION}-${ABRA_TYPE_APP_DIGEST}"
|
|
|
|
db:
|
|
image: "mariadb:10.5"
|
|
command: |
|
|
mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
|
|
environment:
|
|
- MYSQL_DATABASE=gitea
|
|
- MYSQL_USER=gitea
|
|
- MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
|
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
|
|
secrets:
|
|
- db_passwd
|
|
- db_root_passwd
|
|
volumes:
|
|
- "mariadb:/var/lib/mysql"
|
|
networks:
|
|
- internal
|
|
deploy:
|
|
labels:
|
|
- "coop-cloud.${STACK_NAME}.db.version=${ABRA_TYPE_DB_VERSION}-${ABRA_TYPE_DB_DIGEST}"
|
|
|
|
networks:
|
|
internal:
|
|
proxy:
|
|
external: true
|
|
|
|
configs:
|
|
app_ini:
|
|
name: ${STACK_NAME}_app_ini_${APP_INI_VERSION}
|
|
file: app.ini.tmpl
|
|
template_driver: golang
|
|
|
|
# Note(decentral1se): migrate from passwd -> password
|
|
# See https://git.autonomic.zone/coop-cloud/abra/pulls/33
|
|
secrets:
|
|
db_passwd:
|
|
name: ${STACK_NAME}_db_passwd_${SECRET_DB_PASSWORD_VERSION}
|
|
external: true
|
|
db_root_passwd:
|
|
name: ${STACK_NAME}_db_root_passwd_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
|
external: true
|
|
internal_token:
|
|
name: ${STACK_NAME}_internal_token_${SECRET_INTERNAL_TOKEN_VERSION}
|
|
external: true
|
|
jwt_secret:
|
|
name: ${STACK_NAME}_jwt_secret_${SECRET_JWT_SECRET_VERSION}
|
|
external: true
|
|
secret_key:
|
|
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
|
external: true
|
|
smtp_passwd:
|
|
name: ${STACK_NAME}_smtp_passwd_${SECRET_SMTP_PASSWORD_VERSION}
|
|
external: true
|
|
|
|
volumes:
|
|
git:
|
|
mariadb:
|