homelab/stacks/gitea/docker-compose.yaml

services:
  server:
    image: gitea/gitea@sha256:1926e89ad28358ef2146bb8a1b9c3ba24bae681cb02b72d2df11125fdc675abe
    container_name: gitea
    restart: unless-stopped
    environment:
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=postgres:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD_FILE=/run/secrets/gitea_postgres_password

      - GITEA__server__DOMAIN=${GITEA_DOMAIN}
      - GITEA__server__ROOT_URL=https://${GITEA_DOMAIN}
      - GITEA__server__SSH_PORT=2222
      - GITEA__server__SSH_LISTEN_PORT=2222

      - GITEA__service__DISABLE_REGISTRATION=true
      - GITEA__service__ENABLE_BASIC_AUTHENTICATION=false
      - GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM=false
      - GITEA__service__ENABLE_PASSKEY_AUTHENTICATION=false
      - GITEA__openid__ENABLE_OPENID_SIGNIN=false
      - GITEA__openid__ENABLE_OPENID_SIGNUP=false

      - GITEA__actions__ENABLED=true
      - GITEA__packages__ENABLED=true
    networks:
      - homelab_apps
      - homelab_db
    ports:
      - "2222:2222"
    volumes:
      - gitea_data:/var/lib/gitea
      - gitea_config:/etc/gitea
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    secrets:
      - gitea_postgres_password
    labels:
      - traefik.enable=true
      - traefik.docker.network=homelab_apps
      - traefik.http.routers.gitea.rule=Host(`${GITEA_DOMAIN}`)
      - traefik.http.routers.gitea.entrypoints=websecure
      - traefik.http.routers.gitea.tls=true
      - traefik.http.routers.gitea.tls.certresolver=le
      - traefik.http.services.gitea.loadbalancer.server.port=3000

  runner:
    image: gitea/act_runner:latest
    container_name: gitea_runner
    restart: unless-stopped
    depends_on:
      - server
    environment:
      GITEA_INSTANCE_URL: https://${GITEA_DOMAIN}
      GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/gitea_runner_token
      GITEA_RUNNER_NAME: homelab-runner
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - gitea_runner_data:/data
    secrets:
      - gitea_runner_token

volumes:
  gitea_data:
    driver: local
  gitea_config:
    driver: local
  gitea_runner_data:
    driver: local

networks:
  homelab_apps:
    external: true
  homelab_db:
    external: true

secrets:
  gitea_postgres_password:
    environment: GITEA_POSTGRES_PASSWORD
  gitea_runner_token:
    environment: GITEA_RUNNER_TOKEN