xetup/docker-compose.yml

services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:9
    container_name: xetup-forgejo
    restart: unless-stopped
    environment:
      - USER_UID=1000
      - USER_GID=1000
      # Forgejo config via env
      - FORGEJO__server__ROOT_URL=https://git.xetup.x9.cz
      - FORGEJO__server__DOMAIN=git.xetup.x9.cz
      - FORGEJO__server__SSH_DOMAIN=git.xetup.x9.cz
      - FORGEJO__server__SSH_PORT=2222
      - FORGEJO__server__LFS_START_SERVER=true
      - FORGEJO__database__DB_TYPE=sqlite3
      - FORGEJO__service__DISABLE_REGISTRATION=true
      - FORGEJO__service__REQUIRE_SIGNIN_VIEW=false
      - FORGEJO__ui__DEFAULT_THEME=forgejo-dark
      - FORGEJO__repository__DEFAULT_BRANCH=main
      - FORGEJO__actions__ENABLED=true
      - FORGEJO__indexer__REPO_INDEXER_ENABLED=true
      - FORGEJO__cors__ENABLED=true
      - FORGEJO__cors__ALLOW_DOMAIN=xetup.x9.cz
      - FORGEJO__cors__METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
      - FORGEJO__cors__HEADERS=Authorization,Content-Type
      - FORGEJO__cors__MAX_AGE=10m
    volumes:
      - forgejo-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3100:3000"     # Web UI (behind reverse proxy)
      - "2222:22"       # Git SSH
    networks:
      - xetup

  runner:
    image: code.forgejo.org/forgejo/runner:6.3.1
    container_name: xetup-runner
    restart: unless-stopped
    entrypoint: ["/bin/sh", "-c", "forgejo-runner daemon --config /etc/runner/config.yml"]
    user: "0:996"    # root:docker - needed for /var/run/docker.sock access
    depends_on:
      - forgejo
    environment:
      - DOCKER_HOST=unix:///var/run/docker.sock
    volumes:
      - runner-data:/data
      - /var/run/docker.sock:/var/run/docker.sock
      - ./runner-config.yml:/etc/runner/config.yml:ro
    networks:
      - xetup

  web:
    image: nginx:alpine
    container_name: xetup-web
    restart: unless-stopped
    volumes:
      - ./web:/usr/share/nginx/html:ro
      # data/ stays writable so the release workflow can refresh deploy.json
      # (the rest of the docroot is read-only)
      - ./web/data:/usr/share/nginx/html/data
      - ./web/nginx.conf:/etc/nginx/conf.d/default.conf:ro
    ports:
      - "3200:80"     # Web (xetup.x9.cz via reverse proxy)
    networks:
      - xetup

volumes:
  forgejo-data:
  runner-data:

networks:
  xetup:
    name: xetup