docker-apps/gitea/stacks/compose.yml

name: gitea

secrets:
  gitea_postgresql_database:
    file: "${SECRETSDIR}/gitea_postgresql_database"
  gitea_postgresql_username:
    file: "${SECRETSDIR}/gitea_postgresql_username"
  gitea_postgresql_password:
    file: "${SECRETSDIR}/gitea_postgresql_password"
  smtp_from:
    file: "${SECRETSDIR}/smtp_from"
  smtp_username:
    file: "${SECRETSDIR}/smtp_username"
  smtp_password:
    file: "${SECRETSDIR}/smtp_password"
  smtp_host:
    file: "${SECRETSDIR}/smtp_host"
    
networks:
  traefik-net:
    external: true
  postgres-net:
    external: true

services:
  gitea:
    image: gitea/gitea:1.22.3-rootless
    hostname: "${APPLICATION_NAME}"
    networks:
      - postgres-net
      - traefik-net
    env_file: .gitea.env
    environment:
      GITEA__database__HOST: "gitea_postgresql:${POSTGRES_DB_PORT}"
    secrets:
      - gitea_postgresql_database
      - gitea_postgresql_username
      - gitea_postgresql_password
      - smtp_from
      - smtp_username
      - smtp_password
      - smtp_host
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - "${DATADIR}/config:/etc/gitea"
      - "${DATADIR}/appdata:/var/lib/gitea"
      - "${DATADIR}/backups:/mnt/backups"
    restart: unless-stopped
    depends_on:
      postgresql:
        condition: service_healthy
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)"
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file"
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"


  postgresql:
    image: postgres:16-alpine
    env_file: .postgresql.env
    shm_size: 128mb # https://hub.docker.com/_/postgres
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    networks:
      postgres-net:
          aliases: ["gitea_postgresql"]
    secrets:
      - ${APPLICATION_NAME}_postgresql_database
      - ${APPLICATION_NAME}_postgresql_username
      - ${APPLICATION_NAME}_postgresql_password
    volumes:
      - "${DATADIR}/pgdata:/var/lib/postgresql/data"
      - "${DATADIR}/pgbackups:/mnt/backups"