-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathforgejo.yml
More file actions
137 lines (133 loc) · 4.79 KB
/
forgejo.yml
File metadata and controls
137 lines (133 loc) · 4.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
networks:
frp:
forgejo:
proxy:
volumes:
forgejo-data:
forgejo-database-data:
forgejo-runner-data:
forgejo-docker-certs:
services:
forgejo:
# note: to automatically create a new user, add to the executed command, before sleep infinity:
# forgejo admin user create --admin --username user --password password --email email@domain.tld
image: codeberg.org/forgejo/forgejo:14.0.3-rootless
command: >-
bash -ec '
gitea --config /etc/gitea/app.ini &
sleep 10 ;
forgejo forgejo-cli actions register --secret ${FORGEJO_RUNNER_SECRET} --name box || true ;
forgejo admin auth add-oauth --provider=openidConnect --name=Authelia --key=${AUTH_FORGEJO_CLIENT_ID} --secret=${AUTH_FORGEJO_CLIENT_SECRET} --auto-discover-url=https://auth.${PROXY_PUBLIC_DOMAIN}/.well-known/openid-configuration --scopes=openid --scopes=email --scopes=profile --scopes=groups --group-claim-name=groups --admin-group=forgejo_admin --skip-local-2fa || true ;
sleep infinity ;
'
depends_on:
forgejo-database:
condition: service_healthy
environment:
- APP_NAME=Code
- USER_UID=1000
- USER_GID=1000
- GITEA_APP_INI=/etc/gitea/app.ini
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=forgejo-database
- FORGEJO__database__NAME=${FORGEJO_DB_DATABASE_NAME}
- FORGEJO__database__PASSWD=${FORGEJO_DB_PASSWORD}
- FORGEJO__database__USER=${FORGEJO_DB_USERNAME}
- FORGEJO__git__PULL_REQUEST_PUSH_MESSAGE=false
- FORGEJO__git__VERBOSE_PUSH=false
- FORGEJO__openid__ENABLE_OPENID_SIGNUP=false
- FORGEJO__openid__ENABLE_OPENID_SIGNIN=false
- FORGEJO__security__INSTALL_LOCK=true
- FORGEJO__security__INTERNAL_TOKEN=${FORGEJO_INTERNAL_TOKEN}
- FORGEJO__security__REVERSE_PROXY_TRUSTED_PROXIES=127.0.0.0/8,::1/128
- FORGEJO__security__SECRET_KEY=${FORGEJO_SECRET_KEY}
- FORGEJO__server__DOMAIN=code.${PROXY_PUBLIC_DOMAIN}
- FORGEJO__server__LFS_JWT_SECRET=${FORGEJO_LFS_JWT_SECRET}
- FORGEJO__server__ROOT_URL=https://code.${PROXY_PUBLIC_DOMAIN}
- FORGEJO__server__SSH_DOMAIN=git.${PROXY_PUBLIC_DOMAIN}
- FORGEJO__server__SSH_LISTEN_PORT=2222
- FORGEJO__server__SSH_PORT=22
- FORGEJO__server__START_SSH_SERVER=true
- FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE=true
- FORGEJO__service__DISABLE_REGISTRATION=true
- FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
- FORGEJO__service__ENABLE_INTERNAL_SIGNIN=false
- FORGEJO__oauth2_client__UPDATE_AVATAR=true
expose:
- 3000 # webui
- 2222 # ssh
extends:
file: common.yml
service: log-to-json
restart: unless-stopped
networks:
- proxy
- forgejo
- frp
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- forgejo-data:/var/lib/gitea
forgejo-database:
image: docker.io/postgres:14-alpine
environment:
- POSTGRES_USER=${FORGEJO_DB_USERNAME}
- POSTGRES_PASSWORD=${FORGEJO_DB_PASSWORD}
- POSTGRES_DB=${FORGEJO_DB_DATABASE_NAME}
healthcheck:
test: pg_isready --dbname='${FORGEJO_DB_DATABASE_NAME}' --username='${FORGEJO_DB_USERNAME}'
extends:
file: common.yml
service: log-to-json
networks:
- forgejo
restart: unless-stopped
volumes:
- forgejo-database-data:/var/lib/postgresql/data
# note: enable when necessary
# forgejo-dind:
# image: docker.io/docker:dind
# hostname: docker # must set hostname as TLS certificates are only valid for docker or localhost
# privileged: true
# environment:
# - DOCKER_TLS_CERTDIR=/certs
# - DOCKER_HOST=forgejo-dind
# expose:
# - 2376 # tcp
# extends:
# file: common.yml
# service: log-to-json
# networks:
# - forgejo
# volumes:
# - forgejo-docker-certs:/certs
#
# forgejo-runner:
# image: code.forgejo.org/forgejo/runner:12.7.2
# command: >-
# bash -ec '
# while : ; do
# forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name box --secret $FORGEJO_RUNNER_SECRET && break ;
# sleep 1 ;
# done ;
# chown -R 1000:1000 /data ;
# while : ; do test -w .runner && forgejo-runner --config runner.yml daemon ; sleep 1 ; done
# '
# depends_on:
# - forgejo
# - forgejo-dind
# environment:
# - FORGEJO_RUNNER_SECRET=${FORGEJO_RUNNER_SECRET}
# - DOCKER_HOST=tcp://docker:2376
# - DOCKER_CERT_PATH=/certs/client
# - DOCKER_TLS_VERIFY=1
# extends:
# file: common.yml
# service: log-to-json
# networks:
# - forgejo
# restart: unless-stopped
# volumes:
# - forgejo-runner-data:/data
# - forgejo-docker-certs:/certs
# - ./forgejo/runner.yml:/data/runner.yml