690418:1638 Refactor Infra gitea

specs/04-Infrastructure-OPS/04-00-docker-compose/QNAP/gitea/docker-compose.yml

@@ -0,0 +1,93 @@
+# File: /share/np-dms/git/docker-compose.yml
+# DMS Container v1.8.6 — Application: git, Service: gitea
+
+x-restart: &restart_policy
+  restart: unless-stopped
+
+x-logging: &default_logging
+  logging:
+    driver: 'json-file'
+    options:
+      max-size: '10m'
+      max-file: '5'
+name: lcbp3-gitea
+networks:
+  lcbp3:
+    external: true
+  giteanet:
+    external: true
+    name: gitnet
+
+services:
+  gitea:
+    <<: [*restart_policy, *default_logging]
+    image: gitea/gitea:1.22.3-rootless
+    container_name: gitea
+    deploy:
+      resources:
+        limits:
+          cpus: '2.0'
+          memory: 2G
+        reservations:
+          cpus: '0.25'
+          memory: 512M
+    security_opt:
+      - no-new-privileges:true
+    env_file:
+      - .env
+    environment:
+      # ---- File ownership in QNAP ----
+      USER_UID: '1000'
+      USER_GID: '1000'
+      TZ: Asia/Bangkok
+      # ---- Server / Reverse proxy (NPM) ----
+      GITEA__server__ROOT_URL: https://git.np-dms.work/
+      GITEA__server__DOMAIN: git.np-dms.work
+      GITEA__server__SSH_DOMAIN: git.np-dms.work
+      GITEA__server__START_SSH_SERVER: 'true'
+      GITEA__server__SSH_PORT: '22'
+      GITEA__server__SSH_LISTEN_PORT: '22'
+      GITEA__server__LFS_START_SERVER: 'true'
+      GITEA__server__HTTP_ADDR: '0.0.0.0'
+      GITEA__server__HTTP_PORT: '3000'
+      GITEA__server__TRUSTED_PROXIES: '127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
+      # --- การตั้งค่าฐานข้อมูล
+      GITEA__database__DB_TYPE: mysql
+      GITEA__database__HOST: mariadb:3306
+      GITEA__database__NAME: 'gitea'
+      GITEA__database__USER: 'gitea'
+      GITEA__database__PASSWD: ${GITEA_DB_PASSWORD:?GITEA_DB_PASSWORD required}
+      # --- repos
+      GITEA__repository__ROOT: /var/lib/gitea/git/repositories
+      DISABLE_HTTP_GIT: 'false'
+      ENABLE_BASIC_AUTHENTICATION: 'true'
+      # --- Enable Package Registry ---
+      GITEA__packages__ENABLED: 'true'
+      GITEA__packages__REGISTRY__ENABLED: 'true'
+      GITEA__packages__REGISTRY__STORAGE_TYPE: local
+      GITEA__packages__REGISTRY__STORAGE_PATH: /data/registry
+      # Optional: lock install after setup (เปลี่ยนเป็น true เมื่อจบ onboarding)
+      GITEA__security__INSTALL_LOCK: 'true'
+    volumes:
+      - /share/np-dms/gitea/backup:/backup
+      - /share/np-dms/gitea/etc:/etc/gitea
+      - /share/np-dms/gitea/lib:/var/lib/gitea
+      # ให้ repo root ใช้จาก /share/dms-data/gitea_repos
+      - /share/np-dms/gitea/gitea_repos:/var/lib/gitea/git/repositories
+      - /share/np-dms/gitea/gitea_registry:/data/registry
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - '3003:3000' # HTTP (ไปหลัง NPM)
+      - '2222:22' # SSH สำหรับ git clone/push
+    networks:
+      - lcbp3
+      - giteanet
+    healthcheck:
+      test: ['CMD', 'wget', '--spider', '-q', 'http://localhost:3000/api/healthz']
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+# L4: ขั้นตอน ops (folder permissions, DB bootstrap) ย้ายไปที่:
+# specs/04-Infrastructure-OPS/04-08-release-management-policy.md