gitea_admin/dev-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add: Gitignore and .env.example

Browse Source
This commit is contained in:
gitea_admin
2026-05-04 16:27:38 +00:00
parent de66f3ce83
commit 8fcd8e85dc
5 changed files with 146 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-compose.yml
+113 -3
View File
@@ -21,6 +21,49 @@ services:
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik_letsencrypt:/letsencrypt
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.mota-thomas.com`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=traefik-errors-403,traefik-errors-401,traefik-auth"
- "traefik.http.routers.traefik.priority=1"
- "traefik.http.middlewares.traefik-auth.forwardauth.address=http://oauth2-proxy:4180/oauth2/auth"
- "traefik.http.middlewares.traefik-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.traefik-auth.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
- "traefik.http.middlewares.traefik-errors-401.errors.status=401"
- "traefik.http.middlewares.traefik-errors-401.errors.service=oauth2-proxy@docker"
- "traefik.http.middlewares.traefik-errors-401.errors.query=/oauth2/sign_in?rd=https://traefik.mota-thomas.com/dashboard/"
- "traefik.http.middlewares.traefik-errors-403.errors.status=403"
- "traefik.http.middlewares.traefik-errors-403.errors.service=oauth2-proxy@docker"
- "traefik.http.middlewares.traefik-errors-403.errors.query=/oauth2/sign_out?rd=/oauth2/sign_in"
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
restart: unless-stopped
environment:
OAUTH2_PROXY_PROVIDER: oidc
OAUTH2_PROXY_OIDC_ISSUER_URL: https://keycloak.mota-thomas.com/auth/realms/dev-platform
OAUTH2_PROXY_CLIENT_ID: ${OAUTH2_PROXY_CLIENT_ID}
OAUTH2_PROXY_CLIENT_SECRET: ${OAUTH2_PROXY_CLIENT_SECRET}
OAUTH2_PROXY_COOKIE_SECRET: ${OAUTH2_PROXY_COOKIE_SECRET}
OAUTH2_PROXY_EMAIL_DOMAINS: "*"
OAUTH2_PROXY_REDIRECT_URL: https://traefik.mota-thomas.com/oauth2/callback
OAUTH2_PROXY_UPSTREAMS: static://200
OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
OAUTH2_PROXY_REVERSE_PROXY: "true"
OAUTH2_PROXY_SCOPE: "openid email profile"
OAUTH2_PROXY_OIDC_GROUPS_CLAIM: groups
OAUTH2_PROXY_ALLOWED_GROUPS: admins
OAUTH2_PROXY_PROMPT: "login"
labels:
- "traefik.enable=true"
- "traefik.http.routers.oauth2.rule=Host(`traefik.mota-thomas.com`) && PathPrefix(`/oauth2/`)"
- "traefik.http.routers.oauth2.entrypoints=websecure"
- "traefik.http.routers.oauth2.tls.certresolver=letsencrypt"
- "traefik.http.routers.oauth2.priority=100"
- "traefik.http.services.oauth2.loadbalancer.server.port=4180"
gitea-db:
image: postgres:15
@@ -42,6 +85,7 @@ services:
GITEA__database__USER: gitea
GITEA__database__PASSWD: ${GITEA_DB_PASSWORD}
GITEA__server__ROOT_URL: https://gitea.mota-thomas.com/
GITEA__actions__ENABLED: "true"
volumes:
- gitea_data:/data
labels:
@@ -51,6 +95,22 @@ services:
- "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
gitea-runner:
image: gitea/act_runner:latest
restart: unless-stopped
depends_on:
- gitea
environment:
CONFIG_FILE: /config.yaml
GITEA_INSTANCE_URL: https://gitea.mota-thomas.com
GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN}
GITEA_RUNNER_NAME: dev-platform-runner
GITEA_RUNNER_LABELS: ubuntu-latest:docker://node:20-bookworm
volumes:
- ./gitea-runner/config.yaml:/config.yaml
- gitea_runner_data:/data
- /var/run/docker.sock:/var/run/docker.sock
keycloak-db:
image: postgres:15
environment:
@@ -89,7 +149,7 @@ services:
container_name: sonarqube-db
environment:
POSTGRES_USER: sonar
POSTGRES_PASSWORD: sonar
POSTGRES_PASSWORD: ${SONAR_DB_PASSWORD}
POSTGRES_DB: sonarqube
volumes:
- sonarqube_db_data:/var/lib/postgresql/data
@@ -102,7 +162,7 @@ services:
environment:
SONAR_JDBC_URL: jdbc:postgresql://sonarqube-db:5432/sonarqube
SONAR_JDBC_USERNAME: sonar
SONAR_JDBC_PASSWORD: sonar
SONAR_JDBC_PASSWORD: ${SONAR_DB_PASSWORD}
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_logs:/opt/sonarqube/logs
@@ -114,12 +174,62 @@ services:
- "traefik.http.routers.sonarqube.tls.certresolver=letsencrypt"
- "traefik.http.services.sonarqube.loadbalancer.server.port=9000"
code-server:
image: lscr.io/linuxserver/code-server:latest
container_name: code-server
environment:
PUID: 1000
PGID: 1000
TZ: Europe/Zurich
DEFAULT_WORKSPACE: /config/workspace
volumes:
- code_server_config:/config
- ./workspace:/config/workspace
networks:
- default
restart: unless-stopped
oauth2-proxy-code:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
container_name: oauth2-proxy-code
depends_on:
- code-server
environment:
OAUTH2_PROXY_PROVIDER: keycloak-oidc
OAUTH2_PROXY_CLIENT_ID: ${CODE_SERVER_OAUTH2_CLIENT_ID}
OAUTH2_PROXY_CLIENT_SECRET: ${CODE_SERVER_OAUTH2_CLIENT_SECRET}
OAUTH2_PROXY_COOKIE_SECRET: ${CODE_SERVER_OAUTH2_COOKIE_SECRET}
OAUTH2_PROXY_COOKIE_SECURE: "true"
OAUTH2_PROXY_EMAIL_DOMAINS: "*"
OAUTH2_PROXY_REDIRECT_URL: https://code.mota-thomas.com/oauth2/callback
OAUTH2_PROXY_OIDC_ISSUER_URL: https://keycloak.mota-thomas.com/auth/realms/dev-platform
OAUTH2_PROXY_UPSTREAMS: http://code-server:8443
OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
OAUTH2_PROXY_REVERSE_PROXY: "true"
OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true"
OAUTH2_PROXY_PASS_USER_HEADERS: "true"
OAUTH2_PROXY_SET_XAUTHREQUEST: "true"
OAUTH2_PROXY_WHITELIST_DOMAINS: .mota-thomas.com
OAUTH2_PROXY_COOKIE_DOMAINS: .mota-thomas.com
OAUTH2_PROXY_COOKIE_NAME: "_oauth2_proxy_code"
OAUTH2_PROXY_CODE_CHALLENGE_METHOD: S256
labels:
traefik.enable: "true"
traefik.http.routers.code-server.rule: Host(`code.mota-thomas.com`)
traefik.http.routers.code-server.entrypoints: websecure
traefik.http.routers.code-server.tls.certresolver: letsencrypt
traefik.http.services.code-server.loadbalancer.server.port: "4180"
networks:
- default
restart: unless-stopped
volumes:
gitea_db_data:
gitea_data:
gitea_runner_data:
keycloak_db_data:
traefik_letsencrypt:
sonarqube_db_data:
sonarqube_data:
sonarqube_logs:
sonarqube_extensions:
code_server_config: