gitlab/compose.yml

---
version: "3.8"

services:
  app:
    image: 'gitlab/gitlab-ce:17.7.3-ce.0'
    networks:
      - proxy
      - internal
    configs:
      - source: gitlab_conf
        target: /gitlab.rb
      - source: entrypoint
        target: /entrypoint.sh
        mode: 0555
    entrypoint:
      /entrypoint.sh
    volumes:
      - 'gitlabconfig:/etc/gitlab'
      - 'gitlablogs:/var/log/gitlab'
      - 'gitlabdata:/var/opt/gitlab'
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh"
        - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=${GITLAB_SSH_PORT}"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/etc/gitlab/,/var/log/gitlab/,/var/opt/gitlab/"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-240}"
        - "coop-cloud.${STACK_NAME}.version=0.1.3+17.7.3-ce.0"
    secrets:
      - initial_root_password
      - runner_token
      - sso_provider_secret
    healthcheck:
      test: ["CMD", "bash", "/opt/gitlab/etc/gitlab-healthcheck-rc" ]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 2m

secrets:
  initial_root_password:
    external: true
    name: ${STACK_NAME}_initial_root_password_${SECRET_INITIAL_ROOT_PASSWORD_VERSION}
  runner_token:
    external: true
    name: ${STACK_NAME}_runner_token_${SECRET_RUNNER_TOKEN_VERSION}
  sso_provider_secret:
    external: true
    name: ${STACK_NAME}_sso_provider_secret_${SECRET_SSO_PROVIDER_SECRET_VERSION}

volumes:
  gitlabconfig:
  gitlablogs:
  gitlabdata:

configs:
  gitlab_conf:
    name: ${STACK_NAME}_gitlab_conf_${GITLAB_CONF_VERSION}
    file: gitlab.rb.tmpl
    template_driver: golang
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

networks:
  proxy:
    external: true
  internal: