Docker /etc/gitlab mount keeps chmod-ing the directory to root

Docker /etc/gitlab mount keeps forcefully chmod-ing the directory to root (on host)

Background: I have GitLab 15.0.3-ce.0 running as a docker stack (using Portainer and a docker-compose file). I have the config directory, which contains the gitlab directory, right next to the docker-compose.yml file, because I’d love to have all GitLab-related configuration in one place, versioned and backed up.

Problem: while the UID/GID of all files inside config/gitlab seem to keep their owner (host Linux user and group), whenever I fire-up the stack, the gitlab folder ownership is transferred to root:root it seems.
The folder seems to contain quite a few generated SSL certificates and SSH keys. I would not mind versioning them, too, as I am running GitLab on a home server and I do not care about having these files in my repository.

I get the following message during start up:

Thank you for using GitLab Docker Image!
Current version: gitlab-ce=15.0.3-ce.0
Configure GitLab for your system by editing /etc/gitlab/gitlab.rb file
And restart this container to reload settings.
To do it use docker exec:
  docker exec -it gitlab editor /etc/gitlab/gitlab.rb
  docker restart gitlab

For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
If this container fails to start due to permission problems try to fix it by executing:
  docker exec -it gitlab update-permissions
  docker restart gitlab

Cleaning stale PIDs & sockets

I suppose Cleaning stale PIDs & sockets chmods the directory back to root:root, which is unfortunate, because my configurations repository is in the home directory of my primary user, who is a sudoer, but it’s still is annoying.

Question: is there a way to force GitLab to keep the ownership of /home/strange/stacks/gitlab/config/gitlab as is? I tried adding the user: "${UID}:${GID}" to the docker-compose.yml (see below) without any impact.

docker-compose.yml (host is only available within my LAN and works):

services:
  gitlab:
    container_name: gitlab
    image: gitlab/gitlab-ce:latest
    hostname: gitlab.my.family
    restart: unless-stopped
    shm_size: '256m'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.my.family'
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        nginx['proxy_set_headers'] = {
          "X-Forwarded-Proto" => "https",
          "X-Forwarded-Ssl" => "on"
        }
    ports:
      - "8822:22"
    volumes:
      - '/home/strange/stacks/gitlab/config/gitlab:/etc/gitlab'
      - 'gitlab-data:/var/opt/gitlab'
      - 'gitlab-logs:/var/log/gitlab'
      - 'gitlab-tmp:/tmp'
    labels:
      # Routing
      - "traefik.enable=true"
      - "traefik.http.routers.gitlab.rule=Host(`gitlab.my.family`)"
      - "traefik.http.routers.gitlab.entrypoints=websecure"
      - "traefik.http.routers.gitlab.tls=true"
      - "traefik.http.services.gitlab.loadbalancer.server.port=80"
    networks:
      - services-network

volumes:
  gitlab-data:
    external: true
  gitlab-logs:
    external: true
  gitlab-tmp:
    external: true

networks:
  services-network:
    external: true
  default:
    external:
      name: "services-network"