Add Template to deploy forgejo.

This template allows deploying a forgejo en either Scaleway or Hetzner (untested) without much knowledge about them. It DOES require knowledge about Terragrunt and ansible. A wizard of sorts is provided but it will not guarantee success without some knowledge about the underlying technology.
2026-01-09 16:07:44 +01:00 · 2026-01-09 16:07:44 +01:00 · 822e42dbb8
commit 822e42dbb8
parent a9f546f92a
48 changed files with 6846 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,166 @@
-# forgejo-autohebergement
+# Forgejo Self-Hosting

-Modele pour demarrer un auto hebergement de forgejo dans un cloud europeen
+Deploy your own **Forgejo** Git server on **Scaleway** or **Hetzner** with automated infrastructure provisioning and secure configuration.
+
+## Features
+
+- **One-command deployment** via interactive setup wizard
+- **Infrastructure as Code** using Terraform/Terragrunt
+- **Automated configuration** via Ansible
+- **Secure by default**: Tailscale VPN + UFW firewall
+- **Automatic HTTPS** via Caddy and Let's Encrypt
+- **PostgreSQL database** with optimized settings
+- **Redis caching** for improved performance
+- **Automated backups** with configurable retention
+- **Docker-based** Forgejo deployment
+
+## Supported Providers
+
+- **Scaleway** (France) - European cloud provider
+- **Hetzner** (Germany) - European cloud provider
+
+## Prerequisites
+
+- macOS or Linux
+- [Terraform](https://terraform.io) >= 1.5.0
+- [Terragrunt](https://terragrunt.gruntwork.io)
+- [Ansible](https://ansible.com) >= 2.14
+- SSH key pair
+- Cloud provider account (Scaleway or Hetzner)
+- Domain name with DNS access
+
+## Quick Start
+
+```bash
+# Clone the repository
+git clone https://git.dumontix.eu/dumontix/forgejo-autohebergement.git
+cd forgejo-autohebergement
+
+# Run the interactive setup wizard
+./setup-wizard.sh
+```
+
+The wizard will guide you through:
+
+1. Checking dependencies
+2. Selecting your SSH key
+3. Choosing cloud provider (Scaleway/Hetzner)
+4. Configuring secrets (Ansible Vault)
+5. Setting up cloud credentials
+6. Configuring your domain
+7. Creating infrastructure
+8. Deploying Forgejo
+9. Setting up Tailscale VPN
+10. Enabling UFW firewall
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                         Internet                            │
+└─────────────────────────────────────────────────────────────┘
+                              │
+                    ┌─────────┴─────────┐
+                    │   Caddy (HTTPS)   │ ← Let's Encrypt
+                    │   Port 80, 443    │
+                    └─────────┬─────────┘
+                              │
+                    ┌─────────┴─────────┐
+                    │     Forgejo       │ ← Docker Container
+                    │   Port 3000       │
+                    └─────────┬─────────┘
+                              │
+            ┌─────────────────┼─────────────────┐
+            │                 │                 │
+   ┌────────┴────────┐ ┌──────┴──────┐ ┌────────┴──────┐
+   │   PostgreSQL    │ │    Redis    │ │   Tailscale   │
+   │   (Database)    │ │   (Cache)   │ │  (VPN/SSH)    │
+   └─────────────────┘ └─────────────┘ └───────────────┘
+```
+
+## Security
+
+- **SSH access**: Only via Tailscale VPN (port 22 blocked publicly)
+- **Git SSH**: Only via Tailscale (port 2222 blocked publicly)
+- **Web access**: HTTPS only (HTTP redirects to HTTPS)
+- **Firewall**: UFW with strict rules
+- **2FA**: Enabled by default for user accounts
+
+## Configuration
+
+After deployment, you can customize your Forgejo instance:
+
+```bash
+# Edit configuration
+make ansible-vault-edit
+
+# Re-deploy with changes
+make deploy
+```
+
+See `docs/CONFIGURATION.md` for all available options.
+
+## Operations
+
+```bash
+# Check status
+make status
+
+# View logs
+make logs
+
+# Create backup
+make backup
+
+# Update Forgejo
+make update
+
+# SSH to server (via Tailscale)
+ssh root@<tailscale-hostname>
+```
+
+See `docs/OPERATIONS.md` for detailed operations guide.
+
+## File Structure
+
+```
+forgejo-selfhosting/
+├── ansible/
+│   ├── inventory/production/    # Server inventory
+│   ├── playbooks/              # Deployment playbooks
+│   └── roles/forgejo/          # Forgejo role
+├── terraform/
+│   ├── scaleway/               # Scaleway infrastructure
+│   └── hetzner/                # Hetzner infrastructure
+├── docs/                       # Documentation
+├── setup-wizard.sh             # Interactive setup
+└── Makefile                    # Convenience commands
+```
+
+## Troubleshooting
+
+### Cannot SSH after UFW enabled
+SSH is only accessible via Tailscale after UFW is enabled. Use:
+```bash
+ssh root@<tailscale-ip-or-hostname>
+```
+
+### Forgejo not starting
+Check logs:
+```bash
+docker logs forgejo
+```
+
+### Database connection issues
+Verify PostgreSQL is running and accessible:
+```bash
+systemctl status postgresql
+```
+
+## License
+
+Apache 2.0 see LICENSE for details
+
+## Contributing
+
+Contributions are welcome! Please read the contributing guidelines before submitting PRs.