commit 669bd46e133cc7063a18df1a65d988817173c620
Author: Jens Beckmann <jens@ljh31.de>
Date:   Sun Jun 7 17:59:54 2026 +0000

    docker-compose.yaml hinzugefügt

diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..347a00b
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,171 @@
+networks:
+  traefik_net:
+    external: true
+
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=postgres.lan:5432
+      - GITEA__database__NAME=git
+      - GITEA__database__USER=git
+      - GITEA__database__PASSWD=wb3AihmrUU5ocbmtdnc       # ⚠️ bitte ändern!
+      - GITEA__server__DOMAIN=git.ljh31.de
+      - GITEA__server__ROOT_URL=https://git.ljh31.de
+      - GITEA__server__SSH_DOMAIN=git.ljh31.de
+      # ── Keycloak / OIDC ────────────────────────────────────────────────────
+      - GITEA__oauth2__ENABLE=true
+      - GITEA__oauth2__JWT_SECRET=Gn7pQg4GOCFcMvk7EZoKKlnjtgEaXZAD  # ← openssl rand -hex 16
+      - GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=false
+      - GITEA__service__SHOW_REGISTRATION_BUTTON=false
+    ports:
+      - "2222:22"
+      - "5000:3000"
+    volumes:
+      - /mnt/docker/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - traefik_net
+    labels:
+      # ── Traefik ──────────────────────────────────────────────────────────────
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik_net"
+      - "traefik.http.routers.gitea.rule=Host(\`git.ljh31.de\`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.gitea.service=gitea"
+
+      - "traefik.http.routers.gitea-http.rule=Host(\`git.ljh31.de\`)"
+      - "traefik.http.routers.gitea-http.entrypoints=web"
+      - "traefik.http.routers.gitea-http.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+      # Korrigiert: Verwendet Docker-Service-Namen & internen Port statt statischer IP
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      
+      # ── Homepage ─────────────────────────────────────────────────────────────
+      - "homepage.group=Development"
+      - "homepage.name=Gitea"
+      - "homepage.icon=gitea.png"
+      - "homepage.href=https://git.ljh31.de"
+      - "homepage.description=Self-hosted Git Service"
+      - "homepage.widget.type=gitea"
+      - "homepage.widget.url=https://git.ljh31.de"
+      - "homepage.widget.key=c77a5470c1c58fd0964a3239939afc4201a638f6"  # ← Gitea API-Token eintragen
+
+  gitea-runner-1:
+    image: gitea/act_runner:latest
+    container_name: gitea-runner-1
+    restart: unless-stopped
+    environment:
+      - GITEA_INSTANCE_URL=http://gitea:3000
+      - GITEA_RUNNER_NAME=runner-1
+      # ⚠️ Token im Gitea Web UI erstellen oder via CLI generieren:
+      # docker exec gitea gitea generate register-token
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<DEIN_ERSTER_TOKEN_HIER>
+    networks:
+      - traefik_net
+
+  gitea-runner-2:
+    image: gitea/act_runner:latest
+    container_name: gitea-runner-2
+    restart: unless-stopped
+    environment:
+      - GITEA_INSTANCE_URL=http://gitea:3000
+      - GITEA_RUNNER_NAME=runner-2
+      # ⚠️ Zweiter, eindeutiger Token erforderlich
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<DEIN_ZWEITER_TOKEN_HIER>
+    networks:
+      - networks:
+  traefik_net:
+    external: true
+
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=postgres.lan:5432
+      - GITEA__database__NAME=git
+      - GITEA__database__USER=git
+      - GITEA__database__PASSWD=wb3AihmrUU5ocbmtdnc       # ⚠️ bitte ändern!
+      - GITEA__server__DOMAIN=git.ljh31.de
+      - GITEA__server__ROOT_URL=https://git.ljh31.de
+      - GITEA__server__SSH_DOMAIN=git.ljh31.de
+      # ── Keycloak / OIDC ────────────────────────────────────────────────────
+      - GITEA__oauth2__ENABLE=true
+      - GITEA__oauth2__JWT_SECRET=Gn7pQg4GOCFcMvk7EZoKKlnjtgEaXZAD  # ← openssl rand -hex 16
+      - GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=false
+      - GITEA__service__SHOW_REGISTRATION_BUTTON=false
+    ports:
+      - "2222:22"
+      - "5000:3000"
+    volumes:
+      - /mnt/docker/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - traefik_net
+    labels:
+      # ── Traefik ──────────────────────────────────────────────────────────────
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik_net"
+      - "traefik.http.routers.gitea.rule=Host(\`git.ljh31.de\`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.gitea.service=gitea"
+
+      - "traefik.http.routers.gitea-http.rule=Host(\`git.ljh31.de\`)"
+      - "traefik.http.routers.gitea-http.entrypoints=web"
+      - "traefik.http.routers.gitea-http.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+      # Korrigiert: Verwendet Docker-Service-Namen & internen Port statt statischer IP
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      
+      # ── Homepage ─────────────────────────────────────────────────────────────
+      - "homepage.group=Development"
+      - "homepage.name=Gitea"
+      - "homepage.icon=gitea.png"
+      - "homepage.href=https://git.ljh31.de"
+      - "homepage.description=Self-hosted Git Service"
+      - "homepage.widget.type=gitea"
+      - "homepage.widget.url=https://git.ljh31.de"
+      - "homepage.widget.key=c77a5470c1c58fd0964a3239939afc4201a638f6"  # ← Gitea API-Token eintragen
+
+  gitea-runner-1:
+    image: gitea/act_runner:latest
+    container_name: gitea-runner-1
+    restart: unless-stopped
+    environment:
+      - GITEA_INSTANCE_URL=http://gitea:3000
+      - GITEA_RUNNER_NAME=runner-1
+      # ⚠️ Token im Gitea Web UI erstellen oder via CLI generieren:
+      # docker exec gitea gitea generate register-token
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<DEIN_ERSTER_TOKEN_HIER>
+    networks:
+      - infra-traefik_default
+
+  gitea-runner-2:
+    image: gitea/act_runner:latest
+    container_name: gitea-runner-2
+    restart: unless-stopped
+    environment:
+      - GITEA_INSTANCE_URL=http://gitea:3000
+      - GITEA_RUNNER_NAME=runner-2
+      # ⚠️ Zweiter, eindeutiger Token erforderlich
+      - GITEA_RUNNER_REGISTRATION_TOKEN=<DEIN_ZWEITER_TOKEN_HIER>
+    networks:
+      - infra-traefik_default
\ No newline at end of file