dumontix/forgejo-autohebergement
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
forgejo-autohebergement/README.md
Horacio Duran 822e42dbb8 Add Template to deploy forgejo. 
This template allows deploying a forgejo en either Scaleway or Hetzner
(untested) without much knowledge about them.
It DOES require knowledge about Terragrunt and ansible. A wizard of
sorts is provided but it will not guarantee success without some
knowledge about the underlying technology.
2026-01-09 16:07:44 +01:00

166 lines
5 KiB
Markdown
Raw Permalink Blame History

# Forgejo Self-Hosting
Deploy your own **Forgejo** Git server on **Scaleway** or **Hetzner** with automated infrastructure provisioning and secure configuration.
## Features
- **One-command deployment** via interactive setup wizard
- **Infrastructure as Code** using Terraform/Terragrunt
- **Automated configuration** via Ansible
- **Secure by default**: Tailscale VPN + UFW firewall
- **Automatic HTTPS** via Caddy and Let's Encrypt
- **PostgreSQL database** with optimized settings
- **Redis caching** for improved performance
- **Automated backups** with configurable retention
- **Docker-based** Forgejo deployment
## Supported Providers
- **Scaleway** (France) - European cloud provider
- **Hetzner** (Germany) - European cloud provider
## Prerequisites
- macOS or Linux
- [Terraform](https://terraform.io) >= 1.5.0
- [Terragrunt](https://terragrunt.gruntwork.io)
- [Ansible](https://ansible.com) >= 2.14
- SSH key pair
- Cloud provider account (Scaleway or Hetzner)
- Domain name with DNS access
## Quick Start
```bash
# Clone the repository
git clone https://git.dumontix.eu/dumontix/forgejo-autohebergement.git
cd forgejo-autohebergement
# Run the interactive setup wizard
./setup-wizard.sh
```
The wizard will guide you through:
1. Checking dependencies
2. Selecting your SSH key
3. Choosing cloud provider (Scaleway/Hetzner)
4. Configuring secrets (Ansible Vault)
5. Setting up cloud credentials
6. Configuring your domain
7. Creating infrastructure
8. Deploying Forgejo
9. Setting up Tailscale VPN
10. Enabling UFW firewall
## Architecture
```
┌─────────────────────────────────────────────────────────────┐
│ Internet │
└─────────────────────────────────────────────────────────────┘
┌─────────┴─────────┐
│ Caddy (HTTPS) │ ← Let's Encrypt
│ Port 80, 443 │
└─────────┬─────────┘
┌─────────┴─────────┐
│ Forgejo │ ← Docker Container
│ Port 3000 │
└─────────┬─────────┘
┌─────────────────┼─────────────────┐
│ │ │
┌────────┴────────┐ ┌──────┴──────┐ ┌────────┴──────┐
│ PostgreSQL │ │ Redis │ │ Tailscale │
│ (Database) │ │ (Cache) │ │ (VPN/SSH) │
└─────────────────┘ └─────────────┘ └───────────────┘
```
## Security
- **SSH access**: Only via Tailscale VPN (port 22 blocked publicly)
- **Git SSH**: Only via Tailscale (port 2222 blocked publicly)
- **Web access**: HTTPS only (HTTP redirects to HTTPS)
- **Firewall**: UFW with strict rules
- **2FA**: Enabled by default for user accounts
## Configuration
After deployment, you can customize your Forgejo instance:
```bash
# Edit configuration
make ansible-vault-edit
# Re-deploy with changes
make deploy
```
See `docs/CONFIGURATION.md` for all available options.
## Operations
```bash
# Check status
make status
# View logs
make logs
# Create backup
make backup
# Update Forgejo
make update
# SSH to server (via Tailscale)
ssh root@<tailscale-hostname>
```
See `docs/OPERATIONS.md` for detailed operations guide.
## File Structure
```
forgejo-selfhosting/
├── ansible/
│ ├── inventory/production/ # Server inventory
│ ├── playbooks/ # Deployment playbooks
│ └── roles/forgejo/ # Forgejo role
├── terraform/
│ ├── scaleway/ # Scaleway infrastructure
│ └── hetzner/ # Hetzner infrastructure
├── docs/ # Documentation
├── setup-wizard.sh # Interactive setup
└── Makefile # Convenience commands
```
## Troubleshooting
### Cannot SSH after UFW enabled
SSH is only accessible via Tailscale after UFW is enabled. Use:
```bash
ssh root@<tailscale-ip-or-hostname>
```
### Forgejo not starting
Check logs:
```bash
docker logs forgejo
```
### Database connection issues
Verify PostgreSQL is running and accessible:
```bash
systemctl status postgresql
```
## License
Apache 2.0 see LICENSE for details
## Contributing
Contributions are welcome! Please read the contributing guidelines before submitting PRs.
View git blame Copy permalink