jfraeysd/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/roles/forgejo/templates/docker-compose.yml.j2
Jeremie Fraeys dbe7b1b6b2
feat(docker): add timezone mounts to all containers for log sync 
Add /etc/localtime:/etc/localtime:ro volume mount to:
- alertmanager, authelia, traefik
- exporters (node-exporter, cadvisor)
- fail2ban, lldap, postfix
- forgejo, forgejo_runner
- grafana, loki, prometheus
- watchtower, app_core (postgres, redis)

Ensures container logs use host timezone for consistent timestamps.
2026-03-06 15:13:52 -05:00

84 lines
2.9 KiB
Django/Jinja
Raw Blame History

services:
# Redis disabled for 1GB node - re-enable on 2GB+ node
# redis:
# image: redis:7-alpine
# command: ["redis-server", "--appendonly", "yes"]
# volumes:
# - redis_data:/data
# - /etc/localtime:/etc/localtime:ro
# networks:
# - forgejo
# restart: unless-stopped
forgejo:
image: codeberg.org/forgejo/forgejo:9
environment:
FORGEJO__server__DOMAIN: "{{ forgejo_hostname }}"
FORGEJO__server__ROOT_URL: "https://{{ forgejo_hostname }}/"
FORGEJO__server__SSH_DOMAIN: "{{ forgejo_hostname }}"
FORGEJO__server__SSH_PORT: "2222"
FORGEJO__server__DISABLE_SSH: "false"
FORGEJO__actions__ENABLED: "true"
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
FORGEJO__service__DISABLE_REGISTRATION: "true"
FORGEJO__service__REQUIRE_SIGNIN_VIEW: "false"
FORGEJO__repository__DISABLE_PUBLIC_REPOS: "false"
FORGEJO__database__DB_TYPE: sqlite3
# FORGEJO__cache__ADAPTER: redis
# FORGEJO__cache__HOST: redis:6379
FORGEJO__auth__OIDC_ISSUER_URL: https://{{ auth_hostname }}/.well-known/openid-configuration
FORGEJO__auth__OIDC_CLIENT_ID: forgejo
FORGEJO__auth__OIDC_CLIENT_SECRET: "{{ forgejo_oidc_client_secret }}"
FORGEJO__auth__OIDC_SCOPES: openid email profile groups
FORGEJO__auth__OIDC_GROUP_CLAIM_NAME: groups
FORGEJO__auth__OIDC_ADMIN_GROUP: admins
FORGEJO__ui__DEFAULT_THEME: "gitea"
FORGEJO__ui__SHOW_USER_EMAIL: "false"
# SMTP Configuration for email notifications
FORGEJO__mailer__ENABLED: "true"
FORGEJO__mailer__PROTOCOL: "smtp"
FORGEJO__mailer__SMTP_ADDR: "postfix"
FORGEJO__mailer__SMTP_PORT: "25"
FORGEJO__mailer__FROM: "{{ forgejo_mailer_from | default('forgejo@' + forgejo_hostname) }}"
volumes:
- forgejo_data:/data
- ./robots.txt:/data/forgejo/public/robots.txt:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "2222:22"
networks:
- proxy
# - forgejo
restart: unless-stopped
security_opt:
- no-new-privileges:true
tmpfs:
- /tmp:noexec,nosuid,size=100m
- /var/run:noexec,nosuid,size=50m
- /var/tmp:noexec,nosuid,size=50m
deploy:
resources:
limits:
memory: 512M
reservations:
memory: 256M
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.routers.forgejo.rule=Host(`{{ forgejo_hostname }}`)
- traefik.http.routers.forgejo.entrypoints=websecure
- traefik.http.routers.forgejo.tls=true
- traefik.http.routers.forgejo.tls.certresolver={{ traefik_certresolver }}
- traefik.http.routers.forgejo.middlewares=security-headers@file,compress@file,rate-limit@file
- traefik.http.services.forgejo.loadbalancer.server.port=3000
- com.centurylinklabs.watchtower.enable=true
volumes:
forgejo_data:
# redis_data:
networks:
proxy:
external: true
# forgejo:
# external: true
Reference in a new issue View git blame Copy permalink