Gitea with Let's Encrypt Using Docker Compose

2023-09-01 18:31:13 -04:00
parent bfadd40ad7
commit ae60b92402
8 changed files with 565 additions and 108 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,33 @@
+# Traefik Variables
+TRAEFIK_IMAGE_TAG=traefik:2.9
+TRAEFIK_LOG_LEVEL=WARN
+TRAEFIK_ACME_EMAIL=callvaldemar@gmail.com
+TRAEFIK_HOSTNAME=traefik.gitea.heyvaldemar.net
+# Basic Authentication for Traefik Dashboard
+# Username: traefikadmin
+# Passwords must be encoded using MD5, SHA1, or BCrypt https://hostingcanada.org/htpasswd-generator/
+TRAEFIK_BASIC_AUTH=traefikadmin:$$2y$$10$$sMzJfirKC75x/hVpiINeZOiSm.Jkity9cn4KwNkRvO7hSQVFc5FLO
+
+# Gitea Variables
+GITEA_POSTGRES_IMAGE_TAG=postgres:15
+GITEA_IMAGE_TAG=bitnami/gitea:1.20.3
+GITEA_DB_NAME=giteadb
+GITEA_DB_USER=giteadbuser
+GITEA_DB_PASSWORD=etFneCEtAWRKkfeQmkvwLWE
+GITEA_ADMIN_USERNAME=giteaadmin
+GITEA_ADMIN_PASSWORD=XfyEVC4uJLyXnrjDtQGk
+GITEA_ADMIN_EMAIL=giteaadmin@heyvaldemar.net
+GITEA_URL=https://gitea.heyvaldemar.net
+GITEA_HOSTNAME=gitea.heyvaldemar.net
+GITEA_SHELL_SSH_PORT=2222
+
+# Backup Variables
+BACKUP_INIT_SLEEP=30m
+BACKUP_INTERVAL=24h
+POSTGRES_BACKUP_PRUNE_DAYS=7
+DATA_BACKUP_PRUNE_DAYS=7
+POSTGRES_BACKUPS_PATH=/srv/gitea-postgres/backups
+DATA_BACKUPS_PATH=/srv/gitea-application-data/backups
+DATA_PATH=/bitnami/gitea
+POSTGRES_BACKUP_NAME=gitea-postgres-backup
+DATA_BACKUP_NAME=gitea-application-data-backup
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,3 +1,4 @@
 github: heyvaldemar
 patreon: heyvaldemar
 ko_fi: heyvaldemar
+custom: ['paypal.com/paypalme/heyValdemarCOM', 'buymeacoffee.com/heyValdemar', 'ko-fi.com/heyValdemar']
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,284 @@
+# Created by https://www.toptal.com/developers/gitignore/api/git,macos,xcode,jekyll,packer,ansible,vagrant,windows,notepadpp,terraform,powershell,terragrunt,sublimetext,ansibletower,visualstudiocode,linux
+# Edit at https://www.toptal.com/developers/gitignore?templates=git,macos,xcode,jekyll,packer,ansible,vagrant,windows,notepadpp,terraform,powershell,terragrunt,sublimetext,ansibletower,visualstudiocode,linux
+
+### Ansible ###
+*.retry
+
+### AnsibleTower ###
+# Ansible runtime and backups
+*.original
+*.tmp
+*.bkp
+*.*~
+
+# Tower runtime roles
+roles/**
+!roles/requirements.yml
+
+# Avoid plain-text passwords
+*pwd*
+*pass*
+*password*
+*.txt
+
+# Exclude all binaries
+*.bin
+*.jar
+*.tar
+*.zip
+*.gzip
+*.tgz
+
+
+### Git ###
+# Created by git for backups. To disable backups in Git:
+# $ git config --global mergetool.keepBackup false
+*.orig
+
+# Created by git when using merge tools for conflicts
+*.BACKUP.*
+*.BASE.*
+*.LOCAL.*
+*.REMOTE.*
+*_BACKUP_*.txt
+*_BASE_*.txt
+*_LOCAL_*.txt
+*_REMOTE_*.txt
+
+### Jekyll ###
+_site/
+.sass-cache/
+.jekyll-cache/
+.jekyll-metadata
+# Ignore folders generated by Bundler
+.bundle/
+vendor/
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### NotepadPP ###
+# Notepad++ backups #
+*.bak
+
+### Packer ###
+# Cache objects
+packer_cache/
+
+# Crash log
+crash.log
+
+# https://www.packer.io/guides/hcl/variables
+# Exclude all .pkrvars.hcl files, which are likely to contain sensitive data,
+# such as password, private keys, and other secrets. These should not be part of
+# version control as they are data points which are potentially sensitive and
+# subject to change depending on the environment.
+#
+*.pkrvars.hcl
+
+# For built boxes
+*.box
+
+### Packer Patch ###
+# ignore temporary output files
+output-*/
+
+### PowerShell ###
+# Exclude packaged modules
+
+# Exclude .NET assemblies from source
+*.dll
+
+### SublimeText ###
+# Cache files for Sublime Text
+*.tmlanguage.cache
+*.tmPreferences.cache
+*.stTheme.cache
+
+# Workspace files are user-specific
+*.sublime-workspace
+
+# Project files should be checked into the repository, unless a significant
+# proportion of contributors will probably not be using Sublime Text
+# *.sublime-project
+
+# SFTP configuration file
+sftp-config.json
+sftp-config-alt*.json
+
+# Package control specific files
+Package Control.last-run
+Package Control.ca-list
+Package Control.ca-bundle
+Package Control.system-ca-bundle
+Package Control.cache/
+Package Control.ca-certs/
+Package Control.merged-ca-bundle
+Package Control.user-ca-bundle
+oscrypto-ca-bundle.crt
+bh_unicode_properties.cache
+
+# Sublime-github package stores a github token in this file
+# https://packagecontrol.io/packages/sublime-github
+GitHub.sublime-settings
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+### Terragrunt ###
+# terragrunt cache directories
+**/.terragrunt-cache/*
+
+# Terragrunt debug output file (when using `--terragrunt-debug` option)
+# See: https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-debug
+terragrunt-debug.tfvars.json
+
+### Vagrant ###
+# General
+.vagrant/
+
+# Log files (if you are creating logs in debug mode, uncomment this)
+# *.log
+
+### Vagrant Patch ###
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+### Xcode ###
+## User settings
+xcuserdata/
+
+## Xcode 8 and earlier
+*.xcscmblueprint
+*.xccheckout
+
+### Xcode Patch ###
+*.xcodeproj/*
+!*.xcodeproj/project.pbxproj
+!*.xcodeproj/xcshareddata/
+!*.xcodeproj/project.xcworkspace/
+!*.xcworkspace/contents.xcworkspacedata
+/*.gcno
+**/xcshareddata/WorkspaceSettings.xcsettings
+
+# End of https://www.toptal.com/developers/gitignore/api/git,macos,xcode,jekyll,packer,ansible,vagrant,windows,notepadpp,terraform,powershell,terragrunt,sublimetext,ansibletower,visualstudiocode,linux
--- a/.infragenie/infrastructure_model.png
+++ b/.infragenie/infrastructure_model.png
--- a/README.md
+++ b/README.md
@ -1,35 +1,101 @@
-# Gitea with Let's Encrypt in a Docker Compose
+# Gitea with Let's Encrypt Using Docker Compose

-Install Docker Engine and Docker Compose by following my [guide](https://www.heyvaldemar.com/install-docker-engine-and-docker-compose-on-ubuntu-server/).
+📙 The complete installation guide is available on my [website](https://www.heyvaldemar.com/install-gitea-using-docker-compose/).

-Run `gitea-restore-application-data.sh` to restore application data if needed.
+❗ Change variables in the `.env` to meet your requirements.

-Run `gitea-restore-database.sh` to restore database if needed.
+💡 Note that the .env file should be in the same directory as `gitea-traefik-letsencrypt-docker-compose.yml`.

-Deploy Gitea server with a Docker Compose using the command:
+Create networks for your services before deploying the configuration using the commands:
+
+`docker network create traefik-network`
+
+`docker network create gitea-network`
+
+Deploy Gitea using Docker Compose:

 `docker compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d`

-# Infrastructure Model
-![Infrastructure model](.infragenie/infrastructure_model.png)
+# Backups
+
+The `backups` container in the configuration is responsible for the following:
+
+1. **Database Backup**: Creates compressed backups of the PostgreSQL database using pg_dump.
+Customizable backup path, filename pattern, and schedule through variables like `POSTGRES_BACKUPS_PATH`, `POSTGRES_BACKUP_NAME`, and `BACKUP_INTERVAL`.
+
+2. **Application Data Backup**: Compresses and stores backups of the application data on the same schedule. Controlled via variables such as `DATA_BACKUPS_PATH`, `DATA_BACKUP_NAME`, and `BACKUP_INTERVAL`.
+
+3. **Backup Pruning**: Periodically removes backups exceeding a specified age to manage storage. Customizable pruning schedule and age threshold with `POSTGRES_BACKUP_PRUNE_DAYS` and `DATA_BACKUP_PRUNE_DAYS`.
+
+By utilizing this container, consistent and automated backups of the essential components of your instance are ensured. Moreover, efficient management of backup storage and tailored backup routines can be achieved through easy and flexible configuration using environment variables.
+
+# gitea-restore-database.sh Description
+
+This script facilitates the restoration of a database backup:
+
+1. **Identify Containers**: It first identifies the service and backups containers by name, finding the appropriate container IDs.
+
+2. **List Backups**: Displays all available database backups located at the specified backup path.
+
+3. **Select Backup**: Prompts the user to copy and paste the desired backup name from the list to restore the database.
+
+4. **Stop Service**: Temporarily stops the service to ensure data consistency during restoration.
+
+5. **Restore Database**: Executes a sequence of commands to drop the current database, create a new one, and restore it from the selected compressed backup file.
+
+6. **Start Service**: Restarts the service after the restoration is completed.
+
+To make the `gitea-restore-database.shh` script executable, run the following command:
+
+`chmod +x gitea-restore-database.sh`
+
+Usage of this script ensures a controlled and guided process to restore the database from an existing backup.
+
+# gitea-restore-application-data.sh Description
+
+This script is designed to restore the application data:
+
+1. **Identify Containers**: Similarly to the database restore script, it identifies the service and backups containers by name.
+
+2. **List Application Data Backups**: Displays all available application data backups at the specified backup path.
+
+3. **Select Backup**: Asks the user to copy and paste the desired backup name for application data restoration.
+
+4. **Stop Service**: Stops the service to prevent any conflicts during the restore process.
+
+5. **Restore Application Data**: Removes the current application data and then extracts the selected backup to the appropriate application data path.
+
+6. **Start Service**: Restarts the service after the application data has been successfully restored.
+
+To make the `gitea-restore-application-data.sh` script executable, run the following command:
+
+`chmod +x gitea-restore-application-data.sh`
+
+By utilizing this script, you can efficiently restore application data from an existing backup while ensuring proper coordination with the running service.

 # Author
-hey, I’m Vladimir Mikhalev, but my friends call me Valdemar.
+
+I’m Vladimir Mikhalev, the [Docker Captain](https://www.docker.com/captains/vladimir-mikhalev/), but my friends can call me Valdemar.

 🌐 My [website](https://www.heyvaldemar.com/) with detailed IT guides\
 🎬 Follow me on [YouTube](https://www.youtube.com/channel/UCf85kQ0u1sYTTTyKVpxrlyQ?sub_confirmation=1)\
 🐦 Follow me on [Twitter](https://twitter.com/heyValdemar)\
 🎨 Follow me on [Instagram](https://www.instagram.com/heyvaldemar/)\
+🧵 Follow me on [Threads](https://www.threads.net/@heyvaldemar)\
+🐘 Follow me on [Mastodon](https://hachyderm.io/@heyValdemar)\
+🧊 Follow me on [Bluesky](https://bsky.app/profile/heyvaldemar.bsky.social)\
 🎸 Follow me on [Facebook](https://www.facebook.com/heyValdemarFB/)\
 🎥 Follow me on [TikTok](https://www.tiktok.com/@heyvaldemar)\
 💻 Follow me on [LinkedIn](https://www.linkedin.com/in/heyvaldemar/)\
 🐈 Follow me on [GitHub](https://github.com/heyvaldemar)

 # Communication
+
 👾 Chat with IT pros on [Discord](https://discord.gg/AJQGCCBcqf)\
 📧 Reach me at ask@sre.gg

 # Give Thanks
+
 💎 Support on [GitHub](https://github.com/sponsors/heyValdemar)\
 🏆 Support on [Patreon](https://www.patreon.com/heyValdemar)\
 🥤 Support on [BuyMeaCoffee](https://www.buymeacoffee.com/heyValdemar)\
--- a/gitea-restore-application-data.sh
+++ b/gitea-restore-application-data.sh
@ -1,17 +1,32 @@
 #!/bin/bash

-GITEA_CONTAINER=$(docker ps -aqf "name=gitea_gitea")
-GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea_backups")
+# # gitea-restore-application-data.sh Description
+# This script is designed to restore the application data.
+# 1. **Identify Containers**: Similarly to the database restore script, it identifies the service and backups containers by name.
+# 2. **List Application Data Backups**: Displays all available application data backups at the specified backup path.
+# 3. **Select Backup**: Asks the user to copy and paste the desired backup name for application data restoration.
+# 4. **Stop Service**: Stops the service to prevent any conflicts during the restore process.
+# 5. **Restore Application Data**: Removes the current application data and then extracts the selected backup to the appropriate application data path.
+# 6. **Start Service**: Restarts the service after the application data has been successfully restored.
+# To make the `gitea-restore-application-data.sh` script executable, run the following command:
+# `chmod +x gitea-restore-application-data.sh`
+# By utilizing this script, you can efficiently restore application data from an existing backup while ensuring proper coordination with the running service.
+
+GITEA_CONTAINER=$(docker ps -aqf "name=gitea-gitea")
+GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea-backups")
+BACKUP_PATH="/srv/gitea-application-data/backups/"
+RESTORE_PATH="/gitea/data/"
+BACKUP_PREFIX="gitea-application-data"

 echo "--> All available application data backups:"

-for entry in $(docker container exec -it $GITEA_BACKUPS_CONTAINER sh -c "ls /srv/gitea-application-data/backups/")
+for entry in $(docker container exec -it "$GITEA_BACKUPS_CONTAINER" sh -c "ls $BACKUP_PATH")
 do
  echo "$entry"
 done

 echo "--> Copy and paste the backup name from the list above to restore application data and press [ENTER]
--> Example: gitea-application-data-backup-YYYY-MM-DD_hh-mm.tar.gz"
+--> Example: ${BACKUP_PREFIX}-backup-YYYY-MM-DD_hh-mm.tar.gz"
 echo -n "--> "

 read SELECTED_APPLICATION_BACKUP
@ -19,11 +34,11 @@ read SELECTED_APPLICATION_BACKUP
 echo "--> $SELECTED_APPLICATION_BACKUP was selected"

 echo "--> Stopping service..."
-docker stop $GITEA_CONTAINER
+docker stop "$GITEA_CONTAINER"

 echo "--> Restoring application data..."
-docker exec -it $GITEA_BACKUPS_CONTAINER sh -c "rm -rf /etc/gitea/* && tar -zxpf /srv/gitea-application-data/backups/$SELECTED_APPLICATION_BACKUP -C /"
+docker exec -it "$GITEA_BACKUPS_CONTAINER" sh -c "rm -rf ${RESTORE_PATH}* && tar -zxpf ${BACKUP_PATH}${SELECTED_APPLICATION_BACKUP} -C /"
 echo "--> Application data recovery completed..."

 echo "--> Starting service..."
-docker start $GITEA_CONTAINER
+docker start "$GITEA_CONTAINER"
--- a/gitea-restore-database.sh
+++ b/gitea-restore-database.sh
@ -1,11 +1,27 @@
 #!/bin/bash

-GITEA_CONTAINER=$(docker ps -aqf "name=gitea_gitea")
-GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea_backups")
+# # gitea-restore-database.sh Description
+# This script facilitates the restoration of a database backup.
+# 1. **Identify Containers**: It first identifies the service and backups containers by name, finding the appropriate container IDs.
+# 2. **List Backups**: Displays all available database backups located at the specified backup path.
+# 3. **Select Backup**: Prompts the user to copy and paste the desired backup name from the list to restore the database.
+# 4. **Stop Service**: Temporarily stops the service to ensure data consistency during restoration.
+# 5. **Restore Database**: Executes a sequence of commands to drop the current database, create a new one, and restore it from the selected compressed backup file.
+# 6. **Start Service**: Restarts the service after the restoration is completed.
+# To make the `gitea-restore-database.shh` script executable, run the following command:
+# `chmod +x gitea-restore-database.sh`
+# Usage of this script ensures a controlled and guided process to restore the database from an existing backup.
+
+GITEA_CONTAINER=$(docker ps -aqf "name=gitea-gitea")
+GITEA_BACKUPS_CONTAINER=$(docker ps -aqf "name=gitea-backups")
+GITEA_DB_NAME="giteadb"
+GITEA_DB_USER="giteadbuser"
+POSTGRES_PASSWORD=$(docker exec $GITEA_BACKUPS_CONTAINER printenv PGPASSWORD)
+BACKUP_PATH="/srv/gitea-postgres/backups/"

 echo "--> All available database backups:"

-for entry in $(docker container exec -it $GITEA_BACKUPS_CONTAINER sh -c "ls /srv/gitea-postgres/backups/")
+for entry in $(docker container exec "$GITEA_BACKUPS_CONTAINER" sh -c "ls $BACKUP_PATH")
 do
  echo "$entry"
 done
@ -19,13 +35,13 @@ read SELECTED_DATABASE_BACKUP
 echo "--> $SELECTED_DATABASE_BACKUP was selected"

 echo "--> Stopping service..."
-docker stop $GITEA_CONTAINER
+docker stop "$GITEA_CONTAINER"

 echo "--> Restoring database..."
-docker exec -it $GITEA_BACKUPS_CONTAINER sh -c 'PGPASSWORD="$(echo $POSTGRES_PASSWORD)" dropdb -h postgres -p 5432 giteadb -U giteadbuser \
-&& PGPASSWORD="$(echo $POSTGRES_PASSWORD)" createdb -h postgres -p 5432 giteadb -U giteadbuser \
-&& PGPASSWORD="$(echo $POSTGRES_PASSWORD)" gunzip -c /srv/gitea-postgres/backups/'$SELECTED_DATABASE_BACKUP' | PGPASSWORD=$(echo $POSTGRES_PASSWORD) psql -h postgres -p 5432 giteadb -U giteadbuser'
+docker exec "$GITEA_BACKUPS_CONTAINER" sh -c "dropdb -h postgres -p 5432 $GITEA_DB_NAME -U $GITEA_DB_USER \
+&& createdb -h postgres -p 5432 $GITEA_DB_NAME -U $GITEA_DB_USER \
+&& gunzip -c ${BACKUP_PATH}${SELECTED_DATABASE_BACKUP} | psql -h postgres -p 5432 $GITEA_DB_NAME -U $GITEA_DB_USER"
 echo "--> Database recovery completed..."

 echo "--> Starting service..."
-docker start $GITEA_CONTAINER
+docker start "$GITEA_CONTAINER"
--- a/gitea-traefik-letsencrypt-docker-compose.yml
+++ b/gitea-traefik-letsencrypt-docker-compose.yml
@ -1,12 +1,62 @@
-# Gitea with Let's Encrypt in a Docker Compose
+# Gitea with Let's Encrypt Using Docker Compose
+
+# The complete installation guide is available on my https://www.heyvaldemar.com/install-gitea-using-docker-compose/
+
+# Change variables in the `.env` to meet your requirements.
+# Note that the .env file should be in the same directory as `gitea-traefik-letsencrypt-docker-compose.yml`.
+
+# Create networks for your services before deploying the configuration using the commands:
+# `docker network create traefik-network`
+# `docker network create gitea-network`
+
+# Deploy Gitea using Docker Compose:
+# `docker compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d`
+
+# Backups
+# The `backups` container in the configuration is responsible for the following:
+# 1. **Database Backup**: Creates compressed backups of the PostgreSQL database using pg_dump.
+# Customizable backup path, filename pattern, and schedule through variables like `POSTGRES_BACKUPS_PATH`, `POSTGRES_BACKUP_NAME`, and `BACKUP_INTERVAL`.
+# 2. **Application Data Backup**: Compresses and stores backups of the application data on the same schedule. Controlled via variables such as `DATA_BACKUPS_PATH`, `DATA_BACKUP_NAME`, and `BACKUP_INTERVAL`.
+# 3. **Backup Pruning**: Periodically removes backups exceeding a specified age to manage storage.
+# Customizable pruning schedule and age threshold with `POSTGRES_BACKUP_PRUNE_DAYS` and `DATA_BACKUP_PRUNE_DAYS`.
+# By utilizing this container, consistent and automated backups of the essential components of your instance are ensured.
+# Moreover, efficient management of backup storage and tailored backup routines can be achieved through easy and flexible configuration using environment variables.
+
+# # gitea-restore-database.sh Description
+# This script facilitates the restoration of a database backup.
+# 1. **Identify Containers**: It first identifies the service and backups containers by name, finding the appropriate container IDs.
+# 2. **List Backups**: Displays all available database backups located at the specified backup path.
+# 3. **Select Backup**: Prompts the user to copy and paste the desired backup name from the list to restore the database.
+# 4. **Stop Service**: Temporarily stops the service to ensure data consistency during restoration.
+# 5. **Restore Database**: Executes a sequence of commands to drop the current database, create a new one, and restore it from the selected compressed backup file.
+# 6. **Start Service**: Restarts the service after the restoration is completed.
+# To make the `gitea-restore-database.shh` script executable, run the following command:
+# `chmod +x gitea-restore-database.sh`
+# Usage of this script ensures a controlled and guided process to restore the database from an existing backup.
+
+# # gitea-restore-application-data.sh Description
+# This script is designed to restore the application data.
+# 1. **Identify Containers**: Similarly to the database restore script, it identifies the service and backups containers by name.
+# 2. **List Application Data Backups**: Displays all available application data backups at the specified backup path.
+# 3. **Select Backup**: Asks the user to copy and paste the desired backup name for application data restoration.
+# 4. **Stop Service**: Stops the service to prevent any conflicts during the restore process.
+# 5. **Restore Application Data**: Removes the current application data and then extracts the selected backup to the appropriate application data path.
+# 6. **Start Service**: Restarts the service after the application data has been successfully restored.
+# To make the `gitea-restore-application-data.sh` script executable, run the following command:
+# `chmod +x gitea-restore-application-data.sh`
+# By utilizing this script, you can efficiently restore application data from an existing backup while ensuring proper coordination with the running service.

 # Author
-# hey, I’m Vladimir Mikhalev, but my friends call me Valdemar.
+# I’m Vladimir Mikhalev, the Docker Captain, but my friends can call me Valdemar.
+# https://www.docker.com/captains/vladimir-mikhalev/

 # My website with detailed IT guides: https://www.heyvaldemar.com/
 # Follow me on YouTube: https://www.youtube.com/channel/UCf85kQ0u1sYTTTyKVpxrlyQ?sub_confirmation=1
 # Follow me on Twitter: https://twitter.com/heyValdemar
 # Follow me on Instagram: https://www.instagram.com/heyvaldemar/
+# Follow me on Threads: https://www.threads.net/@heyvaldemar
+# Follow me on Mastodon: https://hachyderm.io/@heyValdemar
+# Follow me on Bluesky: https://bsky.app/profile/heyvaldemar.bsky.social
 # Follow me on Facebook: https://www.facebook.com/heyValdemarFB/
 # Follow me on TikTok: https://www.tiktok.com/@heyvaldemar
 # Follow me on LinkedIn: https://www.linkedin.com/in/heyvaldemar/
@ -23,37 +73,33 @@
 # Support on Ko-fi: https://ko-fi.com/heyValdemar
 # Support on PayPal: https://www.paypal.com/paypalme/heyValdemarCOM

-# Install Docker Engine and Docker Compose by following my guide: https://www.heyvaldemar.com/install-docker-engine-and-docker-compose-on-ubuntu-server/
-
-# Run gitea-restore-application-data.sh to restore application data if needed.
-# Run gitea-restore-database.sh to restore database if needed.
-
-# Deploy Gitea server with a Docker Compose using the command:
-# docker compose -f gitea-traefik-letsencrypt-docker-compose.yml -p gitea up -d
+networks:
+  gitea-network:
+    external: true
+  traefik-network:
+    external: true

 volumes:
  gitea-data:
-  gitea-config:
  gitea-postgres:
+  gitea-postgres-backup:
  gitea-data-backups:
-  gitea-postgres-backups:
+  gitea-database-backups:
  traefik-certificates:

 services:
  postgres:
-    # Image tag (replace with yours)
-    image: postgres:14
+    image: ${GITEA_POSTGRES_IMAGE_TAG}
    volumes:
      - gitea-postgres:/var/lib/postgresql/data
    environment:
-      # Database name (replace with yours)
-      POSTGRES_DB: giteadb
-      # Database user (replace with yours)
-      POSTGRES_USER: giteadbuser
-      # Database password (replace with yours)
-      POSTGRES_PASSWORD: etFneCEtAWRKkfeQmkvwLWE
+      POSTGRES_DB: ${GITEA_DB_NAME}
+      POSTGRES_USER: ${GITEA_DB_USER}
+      POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD}
+    networks:
+      - gitea-network
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres -h 127.0.0.1"]
+      test: [ "CMD", "pg_isready", "-q", "-d", "${GITEA_DB_NAME}", "-U", "${GITEA_DB_USER}" ]
      interval: 10s
      timeout: 5s
      retries: 3
@ -61,28 +107,29 @@ services:
    restart: unless-stopped

  gitea:
-    # Image tag (replace with yours)
-    image: gitea/gitea:1.17
+    image: ${GITEA_IMAGE_TAG}
    volumes:
-      - gitea-data:/data
-      - gitea-config:/etc/gitea
+      - gitea-data:/${DATA_PATH}
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
-      DB_TYPE: postgres
-      DB_HOST: postgres:5432
-      # Database name (replace with yours)
-      DB_NAME: giteadb
-      # Database user (replace with yours)
-      DB_USER: giteadbuser
-      # Database password (replace with yours)
-      DB_PASSWD: etFneCEtAWRKkfeQmkvwLWE
-      RUN_MODE: prod
-      SSH_PORT: 0
-      DISABLE_SSH: 'true'
-      HTTP_PORT: 3000
-      # Gitea URL (replace with yours)
-      ROOT_URL: https://gitea.heyvaldemar.net
+      GITEA_DATABASE_HOST: postgres
+      GITEA_DATABASE_NAME: ${GITEA_DB_NAME}
+      GITEA_DATABASE_USERNAME: ${GITEA_DB_USER}
+      GITEA_DATABASE_PASSWORD: ${GITEA_DB_PASSWORD}
+      GITEA_ADMIN_USER: ${GITEA_ADMIN_USERNAME}
+      GITEA_ADMIN_PASSWORD: ${GITEA_ADMIN_PASSWORD}
+      GITEA_ADMIN_EMAIL: ${GITEA_ADMIN_EMAIL}
+      GITEA_RUN_MODE: prod
+      GITEA_DOMAIN: ${GITEA_HOSTNAME}
+      GITEA_SSH_DOMAIN: ${GITEA_HOSTNAME}
+      GITEA_ROOT_URL: ${GITEA_URL}
+      GITEA_HTTP_PORT: 3000
+      GITEA_SSH_PORT: ${GITEA_SHELL_SSH_PORT}
+      GITEA_SSH_LISTEN_PORT: 22
+    networks:
+      - gitea-network
+      - traefik-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/"]
      interval: 10s
@ -91,8 +138,7 @@ services:
      start_period: 90s
    labels:
      - "traefik.enable=true"
-      # Gitea URL (replace with yours)
-      - "traefik.http.routers.gitea.rule=Host(`gitea.heyvaldemar.net`)"
+      - "traefik.http.routers.gitea.rule=Host(`${GITEA_HOSTNAME}`)"
      - "traefik.http.routers.gitea.service=gitea"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
@ -101,6 +147,11 @@ services:
      - "traefik.http.services.gitea.loadbalancer.passhostheader=true"
      - "traefik.http.routers.gitea.middlewares=compresstraefik"
      - "traefik.http.middlewares.compresstraefik.compress=true"
+      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh"
+      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
+      - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22"
+      - "traefik.docker.network=traefik-network"
    restart: unless-stopped
    depends_on:
      postgres:
@ -109,10 +160,9 @@ services:
        condition: service_healthy

  traefik:
-    # Image tag (replace with yours)
-    image: traefik:2.8
+    image: ${TRAEFIK_IMAGE_TAG}
    command:
-      - "--log.level=WARN"
+      - "--log.level=${TRAEFIK_LOG_LEVEL}"
      - "--accesslog=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
@ -121,12 +171,12 @@ services:
      - "--entryPoints.ping.address=:8082"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
+      - "--entryPoints.ssh.address=:${GITEA_SHELL_SSH_PORT}"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedByDefault=false"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
-      # Email for Let's Encrypt (replace with yours)
-      - "--certificatesresolvers.letsencrypt.acme.email=callvaldemar@gmail.com"
+      - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json"
      - "--metrics.prometheus=true"
      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
@ -135,7 +185,10 @@ services:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik-certificates:/etc/traefik/acme
+    networks:
+      - traefik-network
    ports:
+      - "${GITEA_SHELL_SSH_PORT}:${GITEA_SHELL_SSH_PORT}"
      - "80:80"
      - "443:443"
    healthcheck:
@ -146,8 +199,7 @@ services:
      start_period: 5s
    labels:
      - "traefik.enable=true"
-      # Traefik URL (replace with yours)
-      - "traefik.http.routers.dashboard.rule=Host(`traefik.gitea.heyvaldemar.net`)"
+      - "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOSTNAME}`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=websecure"
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
@ -155,10 +207,7 @@ services:
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
      - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
      - "traefik.http.routers.dashboard.middlewares=authtraefik"
-      # Basic Authentication for Traefik Dashboard
-      # Username: traefikadmin (replace with yours)
-      # Passwords must be encoded using MD5, SHA1, or BCrypt https://hostingcanada.org/htpasswd-generator/
-      - "traefik.http.middlewares.authtraefik.basicauth.users=traefikadmin:$$2y$$10$$sMzJfirKC75x/hVpiINeZOiSm.Jkity9cn4KwNkRvO7hSQVFc5FLO"
+      - "traefik.http.middlewares.authtraefik.basicauth.users=${TRAEFIK_BASIC_AUTH}"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
@ -166,43 +215,36 @@ services:
    restart: unless-stopped

  backups:
-    # Image tag (replace with yours)
-    image: postgres:14
-    # Database backups prune interval (replace with yours). Default is 7 days.
-    # find /srv/gitea-postgres/backups -type f -mtime +7 | xargs rm -f
-
-    # Application data backups prune interval (replace with yours). Default is 7 days.
-    # find /srv/gitea-application-data/backups -type f -mtime +7 | xargs rm -f
-
-    # Gitea backups interval (replace with yours). Default is 1 day.
-    # sleep 24h
-
-    # Run gitea-restore-application-data.sh to restore application data if needed.
-    # Run gitea-restore-database.sh to restore database if needed.
-    command: sh -c 'sleep 30m
-             && while true; do
-             PGPASSWORD="$$(echo $$POSTGRES_PASSWORD)"
-             pg_dump
-             -h postgres
-             -p 5432
-             -d giteadb
-             -U giteadbuser | gzip > /srv/gitea-postgres/backups/gitea-postgres-backup-$$(date "+%Y-%m-%d_%H-%M").gz
-             && tar -zcpf /srv/gitea-application-data/backups/gitea-application-data-backup-$$(date "+%Y-%m-%d_%H-%M").tar.gz /etc/gitea
-             && find /srv/gitea-postgres/backups -type f -mtime +7 | xargs rm -f
-             && find /srv/gitea-application-data/backups -type f -mtime +7 | xargs rm -f;
-             sleep 24h; done'
+    image: ${GITEA_POSTGRES_IMAGE_TAG}
+    command: >-
+      sh -c 'sleep $BACKUP_INIT_SLEEP &&
+      while true; do
+        pg_dump -h postgres -p 5432 -d $GITEA_DB_NAME -U $GITEA_DB_USER | gzip > $POSTGRES_BACKUPS_PATH/$POSTGRES_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").gz &&
+        tar -zcpf $DATA_BACKUPS_PATH/$DATA_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").tar.gz $DATA_PATH &&
+        find $POSTGRES_BACKUPS_PATH -type f -mtime +$POSTGRES_BACKUP_PRUNE_DAYS | xargs rm -f &&
+        find $DATA_BACKUPS_PATH -type f -mtime +$DATA_BACKUP_PRUNE_DAYS | xargs rm -f;
+        sleep $BACKUP_INTERVAL; done'
    volumes:
-      - gitea-data:/etc/gitea
-      # Application data backups location
-      - gitea-data-backups:/srv/gitea-application-data/backups
-      # Database backups location
-      - gitea-postgres-backups:/srv/gitea-postgres/backups
+      - gitea-postgres-backup:/var/lib/postgresql/data
+      - gitea-data:${DATA_PATH}
+      - gitea-data-backups:${DATA_BACKUPS_PATH}
+      - gitea-database-backups:${POSTGRES_BACKUPS_PATH}
    environment:
-      # Database password (replace with yours)
-      POSTGRES_PASSWORD: etFneCEtAWRKkfeQmkvwLWE
+      GITEA_DB_NAME: ${GITEA_DB_NAME}
+      GITEA_DB_USER: ${GITEA_DB_USER}
+      PGPASSWORD: ${GITEA_DB_PASSWORD}
+      BACKUP_INIT_SLEEP: ${BACKUP_INIT_SLEEP}
+      BACKUP_INTERVAL: ${BACKUP_INTERVAL}
+      POSTGRES_BACKUP_PRUNE_DAYS: ${POSTGRES_BACKUP_PRUNE_DAYS}
+      DATA_BACKUP_PRUNE_DAYS: ${DATA_BACKUP_PRUNE_DAYS}
+      POSTGRES_BACKUPS_PATH: ${POSTGRES_BACKUPS_PATH}
+      DATA_BACKUPS_PATH: ${DATA_BACKUPS_PATH}
+      DATA_PATH: ${DATA_PATH}
+      POSTGRES_BACKUP_NAME: ${POSTGRES_BACKUP_NAME}
+      DATA_BACKUP_NAME: ${DATA_BACKUP_NAME}
+    networks:
+      - gitea-network
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
-      gitea:
-        condition: service_healthy