version: '3.8' networks: traefik-public: external: true gitea-internal: driver: overlay attachable: true volumes: gitea_data: gitea_db_data: secrets: gitea_db_password: external: true services: gitea: image: gitea/gitea:latest volumes: - gitea_data:/data networks: - traefik-public - gitea-internal ports: - "2222:22" environment: - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=gitea-db:5432 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD_FILE=/run/secrets/gitea_db_password - GITEA__server__DOMAIN=git.sj98.duckdns.org - GITEA__server__ROOT_URL=https://git.sj98.duckdns.org - GITEA__server__SSH_DOMAIN=git.sj98.duckdns.org - GITEA__server__SSH_PORT=2222 - GITEA__service__DISABLE_REGISTRATION=false secrets: - gitea_db_password depends_on: - gitea-db healthcheck: test: ["CMD-SHELL", "wget -q --spider http://localhost:3000 || exit 1"] interval: 30s timeout: 10s retries: 3 deploy: placement: constraints: - node.role == manager resources: limits: memory: 1G cpus: '1.0' reservations: memory: 256M cpus: '0.2' restart_policy: condition: on-failure delay: 5s max_attempts: 3 labels: - "traefik.enable=true" - "traefik.http.routers.gitea.rule=Host(`git.sj98.duckdns.org`)" - "traefik.http.routers.gitea.entrypoints=websecure" - "traefik.http.routers.gitea.tls.certresolver=leresolver" - "traefik.http.services.gitea.loadbalancer.server.port=3000" - "traefik.docker.network=traefik-public" gitea-db: image: postgres:15-alpine volumes: - gitea_db_data:/var/lib/postgresql/data networks: - gitea-internal environment: - POSTGRES_USER=gitea - POSTGRES_PASSWORD_FILE=/run/secrets/gitea_db_password - POSTGRES_DB=gitea secrets: - gitea_db_password healthcheck: test: ["CMD-SHELL", "pg_isready -U gitea"] interval: 30s timeout: 5s retries: 3 deploy: placement: constraints: - node.role == manager resources: limits: memory: 512M cpus: '0.5' reservations: memory: 128M cpus: '0.1' restart_policy: condition: on-failure delay: 5s max_attempts: 3