cloud-swarm/services/docker-compose.yml

version: '3.8'

x-traefik-enable-labels: &traefik-labels
  traefik.enable: "true"
  traefik.swarm.network: "traefik"
  traefik.constraint-label: "traefik"

x-api-deploy: &api-deployment
  mode: replicated
  update_config:
    parallelism: 1
    delay: 5s
    order: start-first
    failure_action: rollback
  rollback_config:
    order: start-first
  restart_policy:
    condition: on-failure
    delay: 5s
    max_attempts: 3
    window: 120s


services:
  gitea:
    image: gitea/gitea:1.23.7
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=mysql
      - GITEA__database__HOST=database:3306
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=${GITEA_DB_PASSWORD}
      - GITEA__server__ROOT_URL=https://gitea.szabolcsi.dev
      - GITEA__server__START_SSH_SERVER=false
      - GITEA__admin__DISABLE_REGULAR_ORG_CREATION=true
      - GITEA__service__DISABLE_REGISTRATION=true
      - GITEA__service__DEFAULT_USER_VISIBILITY=private
      - GITEA__service__DEFAULT_ORG_VISIBILITY=private
      - GITEA__session__PROVIDER=file
    networks:
      - local
      - traefik
      - runner
    volumes:
      - gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "222:22"
    deploy:
      replicas: 1
      <<: *api-deployment
      labels:
        <<: *traefik-labels
        traefik.http.routers.gitea.rule: "Host(`gitea.szabolcsi.dev`)"
        traefik.http.routers.gitea.entrypoints: "https"
        traefik.http.routers.gitea.tls: "true"
        traefik.http.routers.gitea.tls.certresolver: "letsencrypt"
        traefik.http.services.gitea.loadbalancer.server.port: "3000"
        #traefik.http.services.gitea.loadbalancer.healthCheck.path: "/"
        #traefik.http.services.gitea.loadbalancer.healthCheck.interval: "30s"
        #traefik.http.services.gitea.loadbalancer.healthCheck.timeout: "1s"


  gitea-runner:
    image: gitea/act_runner:0.2.11
    environment:
      - GITEA_INSTANCE_URL=http://services_gitea:3000
      - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN}
      - CONFIG_FILE=/config.yaml
    networks:
      - local
      - runner
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - gitea-runner:/data
    configs:
      - source: gitea_runner
        target: /config.yaml
    deploy:
      replicas: 1
      mode: replicated
      update_config:
        parallelism: 1
        delay: 5s
        order: stop-first
        failure_action: rollback
      rollback_config:
        order: stop-first
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
      placement:
        constraints:
          - node.labels.gitea.runner == true

  proxy:
    image: haproxy:3.1.7-alpine
    networks:
      local:
        aliases:
          - database
          - portainer.szabolcsi.dev
      runner:
        aliases:
          - portainer.szabolcsi.dev
      database:
        aliases:
          - services-proxy
      portainer:
        aliases:
          - service-proxy
    configs:
      - source: haproxy
        target: /usr/local/etc/haproxy/haproxy.cfg
    deploy:
      replicas: 1
      <<: *api-deployment
    


networks:
  local:
    name: services
    driver: overlay
    internal: true
    ipam:
      config:
        - subnet: 172.30.14.0/24
  runner:
    name: gitea-runner
    driver: overlay
    internal: false
    attachable: true
    ipam:
      config:
        - subnet: 172.30.15.0/24
  traefik:
    external: true
  database:
    external: true
  portainer:
    external: true


volumes:
  gitea:
    name: gitea-data
    driver: local
    driver_opts:
      type: nfs
      device: ":/nfs_share/services/gitea"
      o: "addr=10.0.0.3,rw,soft,nfsvers=4"
  gitea-runner:
    name: gitea-runner-data
    driver: local

configs:
  haproxy:
    name: "${HAPROXY_CONFIG_NAME}"
    external: true
  gitea_runner:
    name: "${GITEA_RUNNER_CONFIG_NAME}"
    external: true