services: tunnel: image: cloudflare/cloudflared command: tunnel --no-autoupdate run restart: unless-stopped environment: - TUNNEL_TOKEN=${TUNNEL_TOKEN} server: image: codeberg.org/forgejo/forgejo:${FORGEJO_TAG} command: >- bash -c ' /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo forgejo-cli actions register --secret ${SHARED_SECRET}" git ; su -c "forgejo admin user create --admin --username ${ROOT_USER} --password ${ROOT_PASSWORD} --email ${ROOT_EMAIL}" git ; sleep infinity ' environment: # https://forgejo.org/docs/latest/admin/config-cheat-sheet/ - RUN_MODE=prod - USER_UID=1000 - USER_GID=1000 - APP_NAME=${APP_NAME} - FORGEJO__server__ROOT_URL=${ROOT_URL} # Because we're using Cloudflare, we need the SSH domain # to be on a different name, like `git-ssh.yourname.com` so # we override the SSH Domain - FORGEJO__server__SSH_DOMAIN=${SSH_DOMAIN} # Prevent the installation wizard from running - FORGEJO__security__INSTALL_LOCK=true # Do we allow new signups? - FORGEJO__service__DISABLE_REGISTRATION=${DISABLE_REGISTRATION} # DB Setup - FORGEJO__database__DB_TYPE=postgres - FORGEJO__database__HOST=db:5432 - FORGEJO__database__NAME=gitea - FORGEJO__database__USER=gitea - FORGEJO__database__PASSWD=${FORGEJO_DB_PASSWORD} # Mail Setup - FORGEJO__mailer__ENABLED=${MAIL_ENABLED} - FORGEJO__mailer__FROM=${MAIL_FROM} - FORGEJO__mailer__PROTOCOL=${MAIL_SMTP_PROTOCOL} - FORGEJO__mailer__SMTP_ADDR=${MAIL_SMTP_ADDR} - FORGEJO__mailer__SMTP_PORT=${MAIL_SMTP_PORT} - FORGEJO__mailer__USER=${MAIL_SMTP_USER} - FORGEJO__mailer__PASSWD=${MAIL_SMTP_PASSWD} # Git rid of the splash screen and just show a project listing # on the homepage - FORGEJO__server__LANDING_PAGE=explore restart: always volumes: - ./data/data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro depends_on: - db db: image: postgres:13 restart: always environment: - POSTGRES_USER=gitea - POSTGRES_PASSWORD=${FORGEJO_DB_PASSWORD} - POSTGRES_DB=gitea volumes: - ./data/postgres:/var/lib/postgresql/data # Runner configuration is fairly complex and uses Docker-in-Docker # Pulled from this example: # https://code.forgejo.org/forgejo/runner/src/branch/main/examples/docker-compose/compose-forgejo-and-runner.yml runner-register: image: code.forgejo.org/forgejo/runner:${FORGEJO_RUNNER_TAG} links: - docker-in-docker - server environment: DOCKER_HOST: tcp://docker-in-docker:2376 volumes: - ./data/runner-data:/data user: 0:0 command: >- bash -ec ' while : ; do forgejo-runner create-runner-file --connect --instance http://server:3000 --name ${RUNNER_NAME} --secret ${SHARED_SECRET} && break ; sleep 1 ; done ; sed -i -e "s|\"labels\": null|\"labels\": ${RUNNER_LABELS}|" .runner ; forgejo-runner generate-config > config.yml ; sed -i -e "s|network: .*|network: host|" config.yml ; sed -i -e "s|^ labels: \[\]$$| labels: ${RUNNER_LABELS}|" config.yml ; sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ; sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ; sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ; chown -R 1000:1000 /data ' runner-daemon: image: code.forgejo.org/forgejo/runner:4.0.1 links: - docker-in-docker - server environment: DOCKER_HOST: tcp://docker:2376 DOCKER_CERT_PATH: /certs/client DOCKER_TLS_VERIFY: "1" volumes: - ./data/runner-data:/data - ./data/docker_certs:/certs command: >- bash -c ' while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done ' docker-in-docker: image: docker:dind hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost privileged: true environment: DOCKER_TLS_CERTDIR: /certs DOCKER_HOST: docker-in-docker volumes: - ./data/docker_certs:/certs