vosi/docker-compose.yml

## docker-compose.yml
version: "3"

services:
  app:
    image: gitea/gitea:1
    environment:
      - RUN_MODE=prod
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=postgres
      - DB_HOST=_db_host_
      - DB_NAME=_db_name_
      - DB_USER=_db_user_
      - DB_PASSWD=_db_pass_
      - SSH_DOMAIN=_ssh_domain_
      - DOMAIN=_domain_
      - PROTOCOL=https
      - SECRET_KEY=_secret_key_
      - DISABLE_REGISTRATION=true
      - REQUIRE_SIGNIN_VIEW=true
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - default
      - web
#    ports:
#      - "3000:3000"
#      - "22:22"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web"

      - "traefik.tcp.routers.githost-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.githost-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.githost-ssh.service=githost-ssh-svc"
      - "traefik.tcp.services.githost-ssh-svc.loadbalancer.server.port=2222"

      - "traefik.http.routers.githost-http.tls=true"
      - "traefik.http.routers.githost-http.tls.certresolver=acmetls"
      - "traefik.http.routers.githost-http.rule=Host(`_domain_`)"
      - "traefik.http.routers.githost-http.entrypoints=websecure"
      - "traefik.http.routers.githost-http.service=githost-http-svc"
      - "traefik.http.services.githost-http-svc.loadbalancer.server.port=3000"

  registry:
    image: registry:2
    restart: always
    volumes:
      - ./registry/stor:/var/lib/registry
      - ./registry/auth:/auth
      - ./registry/config.yml:/etc/docker/registry/config.yml
    networks:
      - default
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web"
      - "traefik.http.routers.registry-http.tls=true"
      - "traefik.http.routers.registry-http.tls.certresolver=acmetls"
      - "traefik.http.routers.registry-http.rule=Host(`_registry_domain_`)"
      - "traefik.http.routers.registry-http.entrypoints=websecure"
      - "traefik.http.routers.registry-http.service=registry-http-svc"
      - "traefik.http.services.registry-http-svc.loadbalancer.server.port=5000"

  registry-cache:
    image: registry:2
    restart: always
    volumes:
      - ./registry-cache/stor:/var/lib/registry
      - ./registry-cache/config.yml:/etc/docker/registry/config.yml
    networks:
      - default
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web"
      - "traefik.http.routers.registry-cache-http.tls=true"
      - "traefik.http.routers.registry-cache-http.tls.certresolver=acmetls"
      - "traefik.http.routers.registry-cache-http.rule=Host(`_registry_cache_domain_`)"
      - "traefik.http.routers.registry-cache-http.entrypoints=websecure"
      - "traefik.http.routers.registry-cache-http.service=registry-cache-http-svc"
      - "traefik.http.services.registry-cache-http-svc.loadbalancer.server.port=5000"

  drone-server:
    image: drone/drone
    restart: always
    depends_on:
      - app
    environment:
      - DRONE_AGENTS_ENABLED=true
      - DRONE_GITEA_SERVER=https://_domain_
      - DRONE_GITEA_CLIENT_ID=_client_id_
      - DRONE_GITEA_CLIENT_SECRET=_client_secret_
      - DRONE_RPC_SECRET=_rpc_secret_
      - DRONE_SERVER_HOST=_drone_host_
      - DRONE_SERVER_PROTO=https
      - DRONE_USER_CREATE=username:vosi,machine:false,admin:true
      - DRONE_DATABASE_DRIVER=postgres
      - DRONE_DATABASE_DATASOURCE=postgres://_db_username_:_db_password_@_db_host_:5432/drone?sslmode=disable
    networks:
      - default
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web"
      - "traefik.http.routers.drone-server.tls=true"
      - "traefik.http.routers.drone-server.tls.certresolver=acmetls"
      - "traefik.http.routers.drone-server.rule=Host(`_drone_host_`)"
      - "traefik.http.routers.drone-server.entrypoints=websecure"
      - "traefik.http.routers.drone-server.service=drone-server-svc"
      - "traefik.http.services.drone-server-svc.loadbalancer.server.port=80"

  drone-agent:
    image: drone/agent
    restart: always
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=_drone_host_
      - DRONE_RPC_SECRET=_rpc_secret_
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=agent1

networks:
  web:
    external: true
	version: "3"

	services:
	app:
	image: gitea/gitea:1
	environment:
	- RUN_MODE=prod
	- USER_UID=1000
	- USER_GID=1000
	- DB_TYPE=postgres
	- DB_HOST=_db_host_
	- DB_NAME=_db_name_
	- DB_USER=_db_user_
	- DB_PASSWD=_db_pass_
	- SSH_DOMAIN=_ssh_domain_
	- DOMAIN=_domain_
	- PROTOCOL=https
	- SECRET_KEY=_secret_key_
	- DISABLE_REGISTRATION=true
	- REQUIRE_SIGNIN_VIEW=true
	restart: always
	volumes:
	- ./gitea:/data
	- /etc/timezone:/etc/timezone:ro
	- /etc/localtime:/etc/localtime:ro
	networks:
	- default
	- web
	# ports:
	# - "3000:3000"
	# - "22:22"
	labels:
	- "traefik.enable=true"
	- "traefik.docker.network=web"

	- "traefik.tcp.routers.githost-ssh.rule=HostSNI(`*`)"
	- "traefik.tcp.routers.githost-ssh.entrypoints=ssh"
	- "traefik.tcp.routers.githost-ssh.service=githost-ssh-svc"
	- "traefik.tcp.services.githost-ssh-svc.loadbalancer.server.port=2222"

	- "traefik.http.routers.githost-http.tls=true"
	- "traefik.http.routers.githost-http.tls.certresolver=acmetls"
	- "traefik.http.routers.githost-http.rule=Host(`_domain_`)"
	- "traefik.http.routers.githost-http.entrypoints=websecure"
	- "traefik.http.routers.githost-http.service=githost-http-svc"
	- "traefik.http.services.githost-http-svc.loadbalancer.server.port=3000"

	registry:
	image: registry:2
	restart: always
	volumes:
	- ./registry/stor:/var/lib/registry
	- ./registry/auth:/auth
	- ./registry/config.yml:/etc/docker/registry/config.yml
	networks:
	- default
	- web
	labels:
	- "traefik.enable=true"
	- "traefik.docker.network=web"
	- "traefik.http.routers.registry-http.tls=true"
	- "traefik.http.routers.registry-http.tls.certresolver=acmetls"
	- "traefik.http.routers.registry-http.rule=Host(`_registry_domain_`)"
	- "traefik.http.routers.registry-http.entrypoints=websecure"
	- "traefik.http.routers.registry-http.service=registry-http-svc"
	- "traefik.http.services.registry-http-svc.loadbalancer.server.port=5000"

	registry-cache:
	image: registry:2
	restart: always
	volumes:
	- ./registry-cache/stor:/var/lib/registry
	- ./registry-cache/config.yml:/etc/docker/registry/config.yml
	networks:
	- default
	- web
	labels:
	- "traefik.enable=true"
	- "traefik.docker.network=web"
	- "traefik.http.routers.registry-cache-http.tls=true"
	- "traefik.http.routers.registry-cache-http.tls.certresolver=acmetls"
	- "traefik.http.routers.registry-cache-http.rule=Host(`_registry_cache_domain_`)"
	- "traefik.http.routers.registry-cache-http.entrypoints=websecure"
	- "traefik.http.routers.registry-cache-http.service=registry-cache-http-svc"
	- "traefik.http.services.registry-cache-http-svc.loadbalancer.server.port=5000"

	drone-server:
	image: drone/drone
	restart: always
	depends_on:
	- app
	environment:
	- DRONE_AGENTS_ENABLED=true
	- DRONE_GITEA_SERVER=https://_domain_
	- DRONE_GITEA_CLIENT_ID=_client_id_
	- DRONE_GITEA_CLIENT_SECRET=_client_secret_
	- DRONE_RPC_SECRET=_rpc_secret_
	- DRONE_SERVER_HOST=_drone_host_
	- DRONE_SERVER_PROTO=https
	- DRONE_USER_CREATE=username:vosi,machine:false,admin:true
	- DRONE_DATABASE_DRIVER=postgres
	- DRONE_DATABASE_DATASOURCE=postgres://_db_username_:_db_password_@_db_host_:5432/drone?sslmode=disable
	networks:
	- default
	- web
	labels:
	- "traefik.enable=true"
	- "traefik.docker.network=web"
	- "traefik.http.routers.drone-server.tls=true"
	- "traefik.http.routers.drone-server.tls.certresolver=acmetls"
	- "traefik.http.routers.drone-server.rule=Host(`_drone_host_`)"
	- "traefik.http.routers.drone-server.entrypoints=websecure"
	- "traefik.http.routers.drone-server.service=drone-server-svc"
	- "traefik.http.services.drone-server-svc.loadbalancer.server.port=80"

	drone-agent:
	image: drone/agent
	restart: always
	depends_on:
	- drone-server
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	environment:
	- DRONE_RPC_PROTO=https
	- DRONE_RPC_HOST=_drone_host_
	- DRONE_RPC_SECRET=_rpc_secret_
	- DRONE_RUNNER_CAPACITY=2
	- DRONE_RUNNER_NAME=agent1

	networks:
	web:
	external: true