From bc796cd1254337217ed345ac9b7e0ec0f87ce5a2 Mon Sep 17 00:00:00 2001
From: nathan <nathan@castaldifamily.com>
Date: Mon, 20 Apr 2026 19:56:09 -0400
Subject: [PATCH] feat: add Gitea service configuration with PostgreSQL
 database and Traefik integration

---
 nodes/heimdall/gitea/compose.yaml | 67 +++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 nodes/heimdall/gitea/compose.yaml

diff --git a/nodes/heimdall/gitea/compose.yaml b/nodes/heimdall/gitea/compose.yaml
new file mode 100644
index 0000000..593264a
--- /dev/null
+++ b/nodes/heimdall/gitea/compose.yaml
@@ -0,0 +1,67 @@
+services:
+  db:
+    container_name: gitea-db
+    image: postgres:17.4
+    restart: always
+    networks:
+      - proxy-net
+    environment:
+      - POSTGRES_DB=${GITEA_DB_NAME}
+      - POSTGRES_USER=${GITEA_DB_USER}
+      - POSTGRES_PASSWORD=${GITEA_DB_PASSWORD}
+      - TZ=${TZ}
+    volumes:
+      - /mnt/appdata/gitea/database:/var/lib/postgresql/data
+
+  server:
+    container_name: gitea-server
+    image: gitea/gitea:1.23.7
+    restart: always
+    depends_on:
+      - db
+    networks:
+      - proxy-net
+    environment:
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=${GITEA_DB_HOST}
+      - GITEA__database__NAME=${GITEA_DB_NAME}
+      - GITEA__database__USER=${GITEA_DB_USER}
+      - GITEA__database__PASSWD=${GITEA_DB_PASSWORD}
+      - GITEA__server__ROOT_URL=${GITEA_ROOT_URL}
+      - TZ=${TZ}
+      - GITEA__server__SSH_KEY_EXCHANGES=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+      - GITEA__server__SSH_CIPHERS=aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
+      - GITEA__server__SSH_ALGORITHMS=rsa-sha2-256,rsa-sha2-512,ssh-ed25519
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.rule=Host(`${GITEA_HOST}`)"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=cloudflare"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+    volumes:
+      - /mnt/appdata/gitea/data:/data
+
+  # runner:
+  #   container_name: gitea_runner
+  #   image: gitea/act_runner:0.2.11
+  #   restart: always
+  #   depends_on:
+  #     - server
+  #   networks:
+  #     - proxy-net
+  #   environment:
+  #     - CONFIG_FILE=/config.yaml
+  #     - GITEA_INSTANCE_URL=${GITEA_ROOT_URL}
+  #     - GITEA_RUNNER_NAME=homelab
+  #     - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN}
+  #     - TZ=${TZ}
+  #   volumes:
+  #     - /mnt/appdata/gitea/config.yaml:/config.yaml
+  #     - /mnt/appdata/gitea/runner/data:/data
+  #     - /var/run/docker.sock:/var/run/docker.sock
+
+networks:
+  proxy-net:
+    name: proxy-net
+    external: true