services: # Forgejo git forge (git.nasarek.dev). Replaces GitLab. forgejo: image: codeberg.org/forgejo/forgejo:${FORGEJO_VERSION:-11} container_name: forgejo environment: USER_UID: 1000 USER_GID: 1000 FORGEJO__database__DB_TYPE: postgres FORGEJO__database__HOST: postgres:5432 FORGEJO__database__NAME: ${FORGEJO_DB_NAME} FORGEJO__database__USER: ${FORGEJO_DB_USER} FORGEJO__database__PASSWD: ${FORGEJO_DB_PASSWORD} FORGEJO__server__DOMAIN: ${FORGEJO_DOMAIN} FORGEJO__server__ROOT_URL: https://${FORGEJO_DOMAIN}/ FORGEJO__server__SSH_DOMAIN: ${FORGEJO_DOMAIN} FORGEJO__server__HTTP_PORT: "3000" # Advertised in clone URLs (Traefik forgejo-ssh entrypoint, formerly GitLab's port). FORGEJO__server__SSH_PORT: "2424" FORGEJO__server__SSH_LISTEN_PORT: "22" FORGEJO__actions__ENABLED: "true" # Skip the web installer; auto-migrate against Postgres on boot. FORGEJO__security__INSTALL_LOCK: "true" FORGEJO__service__DISABLE_REGISTRATION: "true" labels: - traefik.enable=true - traefik.docker.network=traefik # HTTP - traefik.http.routers.forgejo.rule=Host(`${FORGEJO_DOMAIN}`) - traefik.http.routers.forgejo.entrypoints=web,websecure - traefik.http.routers.forgejo.middlewares=https-redirect - traefik.http.routers.forgejo.tls=true - traefik.http.routers.forgejo.tls.certresolver=le - traefik.http.services.forgejo.loadbalancer.server.port=3000 # SSH over dedicated Traefik TCP entrypoint (port 2424) - "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)" - "traefik.tcp.routers.forgejo-ssh.entrypoints=forgejo-ssh" - "traefik.tcp.services.forgejo-ssh.loadbalancer.server.port=22" volumes: - forgejo-data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro networks: - traefik - database restart: unless-stopped volumes: forgejo-data: name: forgejo-data networks: traefik: name: traefik external: true database: name: database external: true