secrets: gitea_postgresql_password: file: "${STACKSDIR}/secrets/${APP_NAME}_postgresql_password" networks: traefik: external: true # pgadmin cannot access postgres if it's on backend network gitea-backend: name: gitea-backend services: gitea: image: gitea/gitea:1.22.3-rootless hostname: "${APP_NAME}" #user: "${PUID}:${PGID}" networks: - "${APP_NAME}-backend" - traefik environment: - PUID - PGID - TZ - GITEA__database__DB_TYPE - GITEA__database__NAME - GITEA__database__USER - GITEA__database__HOST="${APP_NAME}_postgresql:5432" - GITEA__mailer__ENABLED - GITEA__mailer__FROM - GITEA__mailer__PROTOCOL - GITEA__mailer__SMTP_ADDR - GITEA__mailer__SMTP_PORT - GITEA__mailer__USER - GIT_DISCOVERY_ACROSS_FILESYSTEM volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - "${DATADIR}/config:/etc/gitea" - "${DATADIR}/appdata:/var/lib/gitea" - "${DATADIR}/backups:/mnt/backups" restart: unless-stopped depends_on: postgresql: condition: service_healthy labels: - traefik.enable=true - "traefik.http.routers.${APP_NAME}.entrypoints=web" - "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_NAME}.${DOMAINNAME}`)" - "traefik.http.middlewares.${APP_NAME}-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.${APP_NAME}.middlewares=${APP_NAME}-https-redirect" - "traefik.http.routers.${APP_NAME}-secure.entrypoints=websecure" - "traefik.http.routers.${APP_NAME}-secure.rule=Host(`${APP_NAME}.${DOMAINNAME}`)" - "traefik.http.routers.${APP_NAME}-secure.tls=true" - "traefik.http.routers.${APP_NAME}-secure.tls.certresolver=sthomeresolver" - "traefik.http.routers.${APP_NAME}-secure.service=${APP_NAME}" - "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000" - traefik.docker.network=traefik postgresql: image: postgres:16-alpine container_name: "${APP_NAME}_postgresql" hostname: "${APP_NAME}_postgresql" shm_size: 128mb # https://hub.docker.com/_/postgres restart: unless-stopped #user: "${PG_UID}:${PG_GID}" # postgress is unhealthy when this is not 70:70 healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s networks: - "${APP_NAME}-backend" # - traefik # required for pgadmin access secrets: # Generate the password with openssl rand 36 | base64 -w 0 - "${APP_NAME}_postgresql_password" environment: - PGID - PG_GID - TZ - POSTGRES_PASSWORD_FILE - POSTGRES_USER - POSTGRES_DB volumes: - "${DATADIR}/pgdata:/var/lib/postgresql/data" - "${DATADIR}/pgbackups:/mnt/backups"