ab050fddd7
- Pin Miniflux to 2.2.19, Gitea to 1.25 (from :latest) - Add security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy) to all Caddy sites - Add Docker JSON log rotation (10m x 3 files) to all containers - Add SHA256 checksum verification for GoatCounter binary download - Install and configure unattended-upgrades for security patches Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
56 lines
1.3 KiB
YAML
56 lines
1.3 KiB
YAML
services:
|
|
gitea:
|
|
image: gitea/gitea:1.25
|
|
restart: unless-stopped
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
ports:
|
|
- "127.0.0.1:3000:3000"
|
|
- "2222:22"
|
|
volumes:
|
|
- gitea_data:/data
|
|
environment:
|
|
GITEA__database__DB_TYPE: postgres
|
|
GITEA__database__HOST: db:5432
|
|
GITEA__database__NAME: gitea
|
|
GITEA__database__USER: gitea
|
|
GITEA__database__PASSWD: "${GITEA_DB_PASSWORD}"
|
|
GITEA__server__ROOT_URL: "https://git.monotrope.au/"
|
|
GITEA__server__DOMAIN: "git.monotrope.au"
|
|
GITEA__server__SSH_DOMAIN: "git.monotrope.au"
|
|
GITEA__server__SSH_PORT: 2222
|
|
env_file:
|
|
- .env
|
|
|
|
db:
|
|
image: postgres:16-alpine
|
|
restart: unless-stopped
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
volumes:
|
|
- gitea_db:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_DB: gitea
|
|
POSTGRES_USER: gitea
|
|
POSTGRES_PASSWORD: "${GITEA_DB_PASSWORD}"
|
|
env_file:
|
|
- .env
|
|
healthcheck:
|
|
test: ["CMD", "pg_isready", "-U", "gitea"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
volumes:
|
|
gitea_data:
|
|
gitea_db:
|