services: tailscale: hostname: ${TAILNET_NAME} image: tailscale/tailscale volumes: - ./data/tailscale:/var/lib/tailscale - ./ts-serve.json:/config/ts-serve.json:ro - /dev/net/tun:/dev/net/tun cap_add: - net_admin - sys_module environment: TS_AUTHKEY: ${TS_AUTHKEY} TS_SERVE_CONFIG: /config/ts-serve.json TS_AUTH_ONCE: true TS_STATE_DIR: /var/lib/tailscale TS_HOST: ${TAILNET_NAME} restart: unless-stopped server: image: codeberg.org/forgejo/forgejo:${FORGEJO_TAG} command: >- bash -c ' /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo forgejo-cli actions register --secret ${SHARED_SECRET}" git ; su -c "forgejo admin user create --admin --username ${ROOT_USER} --password ${ROOT_PASSWORD} --email ${ROOT_EMAIL}" git ; sleep infinity ' environment: # https://forgejo.org/docs/latest/admin/config-cheat-sheet/ - RUN_MODE=prod - USER_UID=1000 - USER_GID=1000 - APP_NAME=${APP_NAME} - FORGEJO__server__ROOT_URL=https://${FORGEJO_HOSTNAME} - FORGEJO__server__SSH_DOMAIN=${FORGEJO_HOSTNAME} # Prevent the installation wizard from running - FORGEJO__security__INSTALL_LOCK=true # Do we allow new signups? - FORGEJO__service__DISABLE_REGISTRATION=${DISABLE_REGISTRATION} # DB Setup - FORGEJO__database__DB_TYPE=postgres - FORGEJO__database__HOST=db:5432 - FORGEJO__database__NAME=gitea - FORGEJO__database__USER=gitea - FORGEJO__database__PASSWD=${FORGEJO_DB_PASSWORD} # Mail Setup - FORGEJO__mailer__ENABLED=${MAIL_ENABLED} - FORGEJO__mailer__FROM=${MAIL_FROM} - FORGEJO__mailer__PROTOCOL=${MAIL_SMTP_PROTOCOL} - FORGEJO__mailer__SMTP_ADDR=${MAIL_SMTP_ADDR} - FORGEJO__mailer__SMTP_PORT=${MAIL_SMTP_PORT} - FORGEJO__mailer__USER=${MAIL_SMTP_USER} - FORGEJO__mailer__PASSWD=${MAIL_SMTP_PASSWD} # Git rid of the splash screen and just show a project listing # on the homepage - FORGEJO__server__LANDING_PAGE=explore restart: always volumes: - ./data/data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro depends_on: - db db: image: postgres:13 restart: always environment: - POSTGRES_USER=gitea - POSTGRES_PASSWORD=${FORGEJO_DB_PASSWORD} - POSTGRES_DB=gitea volumes: - ./data/postgres:/var/lib/postgresql/data # Runner configuration is fairly complex and uses Docker-in-Docker # Pulled from this example: # https://code.forgejo.org/forgejo/runner/src/branch/main/examples/docker-compose/compose-forgejo-and-runner.yml runner-register: image: code.forgejo.org/forgejo/runner:${FORGEJO_RUNNER_TAG} links: - docker-in-docker - server environment: DOCKER_HOST: tcp://docker-in-docker:2376 volumes: - ./data/runner-data:/data user: 0:0 command: >- bash -ec ' while : ; do forgejo-runner create-runner-file --connect --instance http://server:3000 --name ${RUNNER_NAME} --secret ${SHARED_SECRET} && break ; sleep 1 ; done ; sed -i -e "s|\"labels\": null|\"labels\": ${RUNNER_LABELS}|" .runner ; forgejo-runner generate-config > config.yml ; sed -i -e "s|network: .*|network: host|" config.yml ; sed -i -e "s|^ labels: \[\]$$| labels: ${RUNNER_LABELS}|" config.yml ; sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ; sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ; sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ; chown -R 1000:1000 /data ' runner-daemon: image: code.forgejo.org/forgejo/runner:4.0.1 links: - docker-in-docker - server environment: DOCKER_HOST: tcp://docker:2376 DOCKER_CERT_PATH: /certs/client DOCKER_TLS_VERIFY: "1" volumes: - ./data/runner-data:/data - ./data/docker_certs:/certs command: >- bash -c ' while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done ' docker-in-docker: image: docker:dind hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost privileged: true environment: DOCKER_TLS_CERTDIR: /certs DOCKER_HOST: docker-in-docker volumes: - ./data/docker_certs:/certs