gitops/docker/stacks/00-core/gitea/docker-compose.yml

services:
  gitea:
    image: gitea/gitea:1.21-rootless
    container_name: gitea
    environment:
      - GITEA__database__DB_TYPE=mysql
      - GITEA__database__HOST=gitea_db:3306
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=${DB_PASS}
      - GITEA__server__ROOT_URL=https://git.kotori-waifu.cc
      - GITEA__server__SSH_PORT=2222
      - GITEA__server__SSH_DOMAIN=git.kotori-waifu.cc
      - GITEA__server__DOMAIN=git.kotori-waifu.cc
      - GITEA__server__LFS_START_SERVER=true
      - GITEA__actions__ENABLED=true
    volumes:
      # Absolute paths enforcing state segregation
      - /opt/homelab/data/gitea_data:/var/lib/gitea
      - /opt/homelab/data/gitea_config:/etc/gitea
    networks:
      - proxy_net
      - db_net
    ports:
      - "2222:2222"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`git.kotori-waifu.cc`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.tls.certresolver=cloudflare"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.docker.network=proxy_net"
    restart: unless-stopped
    depends_on:
      - gitea_db

  gitea_db:
    image: mariadb:10.11
    container_name: gitea_db
    environment:
      - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASS}
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=${DB_PASS}
    volumes:
      - /opt/homelab/data/gitea_db:/var/lib/mysql
    networks:
      - db_net
    restart: unless-stopped

  gitea-runner:
    image: gitea/act_runner:latest
    container_name: gitea_runner
    environment:
      - GITEA_INSTANCE_URL=http://gitea:3000
      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN}
      - GITEA_RUNNER_NAME=minipc-loopback-runner
      - GITEA_RUNNER_LABELS=ubuntu-latest:docker://node:20-bullseye
      # Mandates routing ephemeral pipeline containers to proxy_net
      - CONFIG_FILE=/config.yaml
    volumes:
      - /opt/homelab/data/runner_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
      # Injected relative to execution path (/opt/homelab/stacks/00-core/gitea)
      - /opt/homelab/data/gitea_config/runner-config.yaml:/config.yaml:ro
    networks:
      - proxy_net
    restart: unless-stopped
    depends_on:
      - gitea

networks:
  proxy_net:
    external: true
  db_net:
    internal: true