Initial commit

mgmt/gitea/.env.example

@@ -0,0 +1,8 @@
+DOMAIN_NAME=
+SUBDOMAIN=
+
+GITEA__database__DB_TYPE=
+GITEA__database__HOST=
+GITEA__database__NAME=
+GITEA__database__USER=
+GITEA__database__PASSWD__FILE=/run/secrets/DB_PASS

mgmt/gitea/compose.yml

@@ -0,0 +1,49 @@
+services:
+  gitea:
+    image: docker.gitea.com/gitea:1.24.6-rootless
+    container_name: gitea
+    restart: always
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.gitea.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
+      - traefik.http.routers.gitea.tls=true
+      - traefik.http.routers.gitea.entrypoints=web,websecure
+      - traefik.http.routers.gitea.tls.certresolver=cloudflare
+      - traefik.http.middlewares.gitea.headers.SSLRedirect=true
+      - traefik.http.middlewares.gitea.headers.STSSeconds=315360000
+      - traefik.http.middlewares.gitea.headers.browserXSSFilter=true
+      - traefik.http.middlewares.gitea.headers.contentTypeNosniff=true
+      - traefik.http.middlewares.gitea.headers.forceSTSHeader=true
+      - traefik.http.middlewares.gitea.headers.SSLHost=${DOMAIN_NAME}
+      - traefik.http.middlewares.gitea.headers.STSIncludeSubdomains=true
+      - traefik.http.middlewares.gitea.headers.STSPreload=true
+      - traefik.http.middlewares.gitea.headers.frameDeny=true
+      - traefik.http.routers.gitea.middlewares=gitea@docker
+      - traefik.http.services.gitea.loadbalancer.server.port=3000
+      - traefik.docker.network=webapp
+    env_file:
+      - .env
+    secrets:
+      - DB_PASS
+    volumes:
+      - gitea-data:/var/lib/gitea
+      - ./config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    # ports:
+    #   - "3000:3000"
+    #   - "2222:2222"
+    networks:
+      - webapp
+      - db
+volumes:
+  gitea-data:
+    name: gitea-data
+networks:
+  webapp:
+    external: true
+  db:
+    external: true
+secrets:
+  DB_PASS:
+    file: .secrets/DB_PASS