jfraeysd/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/roles/forgejo/templates/docker-compose.yml.j2
Jeremie Fraeys 1a7cde2939
feat(forgejo): add AI scrapers blocklist, OIDC config, and UI settings 
- Add AI scrapers robots.txt update script with weekly cron job
- Add OIDC group claim and admin group configuration for Authelia
- Add UI settings (SHOW_USER_EMAIL: false)
- Increase memory limit to 512M
2026-03-06 10:31:46 -05:00

70 lines
2.4 KiB
Django/Jinja
Raw Blame History

services:
# Redis disabled for 1GB node - re-enable on 2GB+ node
# redis:
# image: redis:7-alpine
# command: ["redis-server", "--appendonly", "yes"]
# volumes:
# - redis_data:/data
# networks:
# - forgejo
# restart: unless-stopped
forgejo:
image: codeberg.org/forgejo/forgejo:9
environment:
FORGEJO__server__DOMAIN: "{{ forgejo_hostname }}"
FORGEJO__server__ROOT_URL: "https://{{ forgejo_hostname }}/"
FORGEJO__server__SSH_DOMAIN: "{{ forgejo_hostname }}"
FORGEJO__server__SSH_PORT: "2222"
FORGEJO__server__DISABLE_SSH: "false"
FORGEJO__actions__ENABLED: "true"
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
FORGEJO__service__DISABLE_REGISTRATION: "true"
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
FORGEJO__repository__DISABLE_PUBLIC_REPOS: "false"
FORGEJO__database__DB_TYPE: sqlite3
# FORGEJO__cache__ADAPTER: redis
# FORGEJO__cache__HOST: redis:6379
FORGEJO__auth__OIDC_ISSUER_URL: https://{{ auth_hostname }}/.well-known/openid-configuration
FORGEJO__auth__OIDC_CLIENT_ID: forgejo
FORGEJO__auth__OIDC_CLIENT_SECRET: "{{ forgejo_oidc_client_secret }}"
FORGEJO__auth__OIDC_SCOPES: openid email profile groups
FORGEJO__auth__OIDC_GROUP_CLAIM_NAME: groups
FORGEJO__auth__OIDC_ADMIN_GROUP: admins
FORGEJO__ui__DEFAULT_THEME: "gitea"
FORGEJO__ui__SHOW_USER_EMAIL: "false"
volumes:
- forgejo_data:/data
- ./robots.txt:/data/forgejo/public/robots.txt:ro
ports:
- "2222:22"
networks:
- proxy
# - forgejo
restart: unless-stopped
deploy:
resources:
limits:
memory: 512M
reservations:
memory: 256M
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.routers.forgejo.rule=Host(`{{ forgejo_hostname }}`)
- traefik.http.routers.forgejo.entrypoints=websecure
- traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver={{ traefik_certresolver }}
- traefik.http.routers.forgejo.middlewares=security-headers@file,compress@file,rate-limit@file
- traefik.http.services.forgejo.loadbalancer.server.port=3000
- com.centurylinklabs.watchtower.enable=true
volumes:
forgejo_data:
# redis_data:
networks:
proxy:
external: true
# forgejo:
# external: true
Reference in a new issue View git blame Copy permalink