gitlab-in-docker/docker-compose.yml

version: '3.7'

services:
    gitlab:
      image: ${DOCKER_IMAGE_GITLAB}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB}
      restart: always
      depends_on:
        - postgresql
        - redis
      ports:
        - "${GITLAB_SSH_PORT}:22"
        # - 80:80
        # - 443:443
      expose:
        - 80
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.gitlab-rm-server.entrypoints=https"
        - "traefik.http.routers.gitlab-rm-server.rule=Host(`${GITLAB_HOST}`)"
        - "traefik.http.routers.gitlab-rm-server.tls=true"
        - "traefik.http.routers.gitlab-rm-server.tls.certresolver=letsEncrypt"
        - "traefik.http.services.gitlab-rm-server-service.loadbalancer.server.port=80"
        - "traefik.docker.network=webproxy"
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab:/home/git/data:Z
        - ./ssl-certs:/certs
      environment:
        - DEBUG=false

        - DB_ADAPTER=postgresql
        - DB_HOST=${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
        - DB_PORT=5432
        - DB_USER=${DB_USER}
        - DB_PASS=${DB_PASS}
        - DB_NAME=${DB_NAME}

        - REDIS_HOST=${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
        - REDIS_PORT=6379

        - TZ=UTC
        - GITLAB_TIMEZONE=${GITLAB_TIMEZONE}

        - GITLAB_HTTPS=true
        - SSL_SELF_SIGNED=false

        - GITLAB_HOST=${GITLAB_HOST}
        - GITLAB_PORT=443
        - GITLAB_SSH_PORT=${GITLAB_SSH_PORT}
        - GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE}
        - GITLAB_SECRETS_SECRET_KEY_BASE=${GITLAB_SECRETS_SECRET_KEY_BASE}
        - GITLAB_SECRETS_OTP_KEY_BASE=${GITLAB_SECRETS_OTP_KEY_BASE}

        - GITLAB_ROOT_PASSWORD=${GITLAB_ROOT_PASSWORD}
        - GITLAB_ROOT_EMAIL=${GITLAB_ROOT_EMAIL}

        - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
        - GITLAB_NOTIFY_PUSHER=false

        - GITLAB_EMAIL=${GITLAB_EMAIL}
        - GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO}
        - GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS}

        - GITLAB_PAGES_ENABLED=false

        - SMTP_ENABLED=${SMTP_ENABLED}
        # - SMTP_DOMAIN=${SMTP_DOMAIN}
        # - SMTP_HOST=${SMTP_HOST}
        # - SMTP_PORT=${SMTP_PORT}
        # - SMTP_USER=${SMTP_USER}
        # - SMTP_PASS=${SMTP_PASS}
        # - SMTP_STARTTLS=${SMTP_STARTTLS}
        # - SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION}

        - IMAP_ENABLED=false

        - LDAP_ENABLED=${LDAP_ENABLED}
        - LDAP_LABEL=${LDAP_LABEL}
        - LDAP_HOST=${LDAP_HOST}
        - LDAP_PORT=${LDAP_PORT}
        - LDAP_UID=${LDAP_UID}
        - LDAP_METHOD=${LDAP_METHOD}
        - LDAP_VERIFY_SSL=${LDAP_VERIFY_SSL}
        - LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY}
        - LDAP_BASE=${LDAP_BASE}
        - LDAP_USER_FILTER=${LDAP_USER_FILTER}
        - LDAP_BIND_DN=${LDAP_BIND_DN}
        - LDAP_PASS=${LDAP_PASS}

        - GITLAB_REGISTRY_ENABLED=true
        - GITLAB_REGISTRY_HOST=${REGISTRY_HOST}
        - GITLAB_REGISTRY_API_URL=http://registry:5000/
        - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key
      healthcheck:
        test: ["CMD", "/usr/local/sbin/healthcheck"]
        interval: 1m
        timeout: 5s
        retries: 5
        start_period: 2m
      networks:
        - ${WEBPROXY_NETWORK}
        - ${SERVICE_NETWORK}

    registry:
      image: ${DOCKER_IMAGE_REGISTRY}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY}
      restart: always
      expose:
        - 5000
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.gitlab-rm-registry.entrypoints=https"
        - "traefik.http.routers.gitlab-rm-registry.rule=Host(`${REGISTRY_HOST}`)"
        - "traefik.http.routers.gitlab-rm-registry.tls=true"
        - "traefik.http.routers.gitlab-rm-registry.tls.certresolver=letsEncrypt"
        - "traefik.http.services.gitlab-rm-registry-service.loadbalancer.server.port=5000"
        - "traefik.docker.network=webproxy"
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/shared/registry:/registry
        - ./ssl-certs:/certs
      environment:
        - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false
        - REGISTRY_LOG_LEVEL=debug
        - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
        - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth
        - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
        - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
        - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
        - REGISTRY_STORAGE_DELETE_ENABLED=true
        # - REGISTRY_STORAGE=s3
        # - REGISTRY_STORAGE_S3_ACCESSKEY=${REGISTRY_STORAGE_S3_ACCESSKEY}
        # - REGISTRY_STORAGE_S3_SECRETKEY=${REGISTRY_STORAGE_S3_SECRETKEY}
        # - REGISTRY_STORAGE_S3_REGIONENDPOINT=${REGISTRY_STORAGE_S3_REGIONENDPOINT}
        # - REGISTRY_STORAGE_S3_REGION=${REGISTRY_STORAGE_S3_REGION}
        # - REGISTRY_STORAGE_S3_BUCKET=${REGISTRY_STORAGE_S3_BUCKET}
        # - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory
      networks:
        - ${WEBPROXY_NETWORK}
        - ${SERVICE_NETWORK}

    postgresql:
      image: ${DOCKER_IMAGE_PGSQL}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
      restart: always
      environment:
        - DB_USER=${DB_USER}
        - DB_PASS=${DB_PASS}
        - DB_NAME=${DB_NAME}
        - DB_EXTENSION=pg_trgm,btree_gist
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/postgresql:/var/lib/postgresql:Z
      networks:
        - ${SERVICE_NETWORK}

    redis:
      restart: always
      image: ${DOCKER_IMAGE_REDIS}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
      command:
        - --loglevel warning
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z
      networks:
        - ${SERVICE_NETWORK}

    runner_1:
      image: ${DOCKER_IMAGE_RUNNER}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1
      restart: always
      depends_on:
        - gitlab
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner
        - /var/run/docker.sock:/var/run/docker.sock
      command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
      environment:
        - CI_SERVER_URL=https://${GITLAB_HOST}
        - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
        - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
        - RUNNER_TOKEN=${RUNNER_TOKEN}
        - RUNNER_DESCRIPTION=gitab-runner_1
        - RUNNER_EXECUTOR=docker
        - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
      networks:
        - ${SERVICE_NETWORK}

    runner_2:
      image: ${DOCKER_IMAGE_RUNNER}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2
      restart: always
      depends_on:
        - gitlab
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner
        - /var/run/docker.sock:/var/run/docker.sock
      command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
      environment:
        - CI_SERVER_URL=https://${GITLAB_HOST}
        - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
        - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
        - RUNNER_TOKEN=${RUNNER_TOKEN}
        - RUNNER_DESCRIPTION=gitab-runner_2
        - RUNNER_EXECUTOR=docker
        - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
      networks:
        - ${SERVICE_NETWORK}

    runner_3:
      image: ${DOCKER_IMAGE_RUNNER}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3
      restart: always
      depends_on:
        - gitlab
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner
        - /var/run/docker.sock:/var/run/docker.sock
      command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
      environment:
        - CI_SERVER_URL=https://${GITLAB_HOST}
        - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
        - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
        - RUNNER_TOKEN=${RUNNER_TOKEN}
        - RUNNER_DESCRIPTION=gitab-runner_3
        - RUNNER_EXECUTOR=docker
        - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
      networks:
        - ${SERVICE_NETWORK}

    runner_4:
      image: ${DOCKER_IMAGE_RUNNER}
      container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4
      restart: always
      depends_on:
        - gitlab
      volumes:
        - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner
        - /var/run/docker.sock:/var/run/docker.sock
      command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
      environment:
        - CI_SERVER_URL=https://${GITLAB_HOST}
        - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
        - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
        - RUNNER_TOKEN=${RUNNER_TOKEN}
        - RUNNER_DESCRIPTION=gitab-runner_4
        - RUNNER_EXECUTOR=docker
        - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
      networks:
       - ${SERVICE_NETWORK}

    # backup:
    #   image: ${DOCKER_IMAGE_BACKUP}
    #   restart: always
    #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_BACKUP}
    #   command: gitlab backup --storage S3://<BACKBLAZE-MOUNT-POINT>/gitlab --online
    #   volumes:
    #     - /var/run/docker.sock:/var/run/docker.sock
    #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/backups:${BACKUP_DIR}:Z
    #     - ${DOCKER_COMPOSE_DIR}:${DOCKER_COMPOSE_DIR}
    #   environment:
    #     - BACKUP_SCHEDULE=${BACKUP_SCHEDULE}
    #     - BACKUP_DIR=${BACKUP_DIR}
    #     - DOCKER_COMPOSE_DIR=${DOCKER_COMPOSE_DIR}
    #     - ${SERVICE_NETWORK}
    #     - CONTAINER_NAME_GITLAB=${CONTAINER_NAME_GITLAB}
    #     - S3_HOST_BASE=${S3_HOST_BASE}
    #     - S3_ACCOUNT_ID=${S3_ACCOUNT_ID}
    #     - S3_APPLICATION_KEY=${S3_APPLICATION_KEY}
    #   networks:
    #     - ${SERVICE_NETWORK}

networks:
    service:
        name: ${SERVICE_NETWORK}
    webproxy:
        external:
            name: ${WEBPROXY_NETWORK}