Setting Forgejo and Forgejo actions with `Docker Compose`, with `Nix` based actions
Docker Compose Configuration
traefik:
# ...
command:
# ...
- "--entrypoints.ssh.address=:222"
ports:
# ...
- "222:222"
forgejo:
container_name: forgejo
image: codeberg.org/forgejo/forgejo:11
environment:
- USER_UID=1000
- USER_GID=1000
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=pgforgejo:5432
- FORGEJO__database__NAME=forgejo
- FORGEJO__database__USER=forgejo
- FORGEJO__database__PASSWD=forgejo
restart: always
networks:
- forgejo
- <network name>
volumes:
- ./forgejo:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
# ports:
# - "3000:3000"
# - "222:22"
depends_on:
- pgforgejo
labels:
- "traefik.enable=true"
- "traefik.http.routers.forgejo.rule=Host(`git.example.com`)"
- "traefik.http.routers.forgejo.entrypoints=websecure"
- "traefik.http.routers.forgejo.tls.certresolver=myhttpchallenge"
- "traefik.http.routers.forgejo.service=forgejo"
- "traefik.http.routers.forgejo-http.rule=Host(`git.example.com`)"
- "traefik.http.routers.forgejo-http.entrypoints=web"
- "traefik.http.routers.forgejo-http.middlewares=forgejo-redirect"
- "traefik.http.middlewares.forgejo-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.forgejo-redirect.redirectscheme.permanent=true"
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
- "traefik.docker.network=<network name>"
- "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
- "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
- "traefik.tcp.routers.forgejo-ssh.service=forgejo-ssh"
- "traefik.tcp.services.forgejo-ssh.loadbalancer.server.port=22"
pgforgejo:
container_name: pgforgejo
image: postgres:17.6-alpine
restart: always
environment:
- POSTGRES_USER=forgejo
- POSTGRES_PASSWORD=forgejo
- POSTGRES_DB=forgejo
networks:
- forgejo
volumes:
- ./pgforgejo:/var/lib/postgresql/data
docker-in-docker:
container_name: docker-dind
image: docker:dind
privileged: "true"
command: ["dockerd", "-H", "tcp://0.0.0.0:2375", "--tls=false"]
restart: "unless-stopped"
networks:
- forgejo
forgejo-action:
container_name: "forgejo-action"
image: "data.forgejo.org/forgejo/runner:9"
links:
- docker-in-docker
depends_on:
docker-in-docker:
condition: service_started
environment:
DOCKER_HOST: tcp://docker-in-docker:2375
networks:
- forgejo
# User without root privileges, but with access to `./data`.
user: 1001:1001
volumes:
- ./forgejo-data:/data
restart: "unless-stopped"
# command: '/bin/sh -c "while : ; do sleep 1 ; done ;"'
command: '/bin/sh -c "sleep 5; forgejo-runner --config config.yaml daemon"'
Forgejo Actions
docker exec -it forgejo-action /bin/sh
forgejo-runner register --no-interactive --token {TOKEN} --name runner --instance https://git.example.com --labels bookworm:docker://node:24-bookworm
forgejo-runner generate-config > config.yaml
# config.yaml
container:
force_pull: true
force_rebuild: true
# .runner
{
"WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
"id": 1,
"uuid": "****",
"name": "<runner name>",
"token": "****",
"address": "https://git.example.com",
"labels": [
"bookworm:docker://node:24-bookworm",
"nix-base:docker://docker.nix-community.org/nixpkgs/nix-unstable:latest",
"nix:docker://git.nexveridian.com/nexveridian/action-attic:latest"
]
}
Available runner images
- bookworm: closest to GitHub actions
- nix-base: for bootstrapping
- nix: custom image with packages pre installed, see Creating custom runner images
Thanks for reading! Read other posts?