openneo-code/README.md

# OpenNeo Code

This is the deployment code we use to set up and manage code.openneo.net,
a self-hosted copy of [Forgejo][fj]! It's a very GitHub-like service, but we
control the data. (Microsoft's recent approach to AI has me feeling real
anxious about continuing to develop on there!)

We like to use Ansible playbooks to keep track of how we set up our servers,
here's how we've structured them! (We don't use very fancy Ansible features, we
just use them as idempotent command-line scripts!)

- `setup-users.yml`: Sets up the user accounts for the system, with their SSH
  keys for login.
- `setup-security.yml`: Sets up firewall rules and automatic system updates.
  (This is a standard playbook I use for all my servers!)
- `setup-forgejo.yml`: Sets up the Forgejo server itself, as a `systemd`
  service running Forgejo's official Linux binary. This is mostly a 1:1 port
  of [Forgejo's "Installation from binary" guide][fj-install]!

You can run them individually, or all at once, with `run.sh`:

    run.sh setup-all.yml

If you're interested in setting up your own Forgejo service, this could be
useful as a starting point, there's not much custom here! Just a couple things
to note:

- `setup-users.yml` contains my own username and my own SSH public keys—you'll
  want to replace those! (Public SSH keys aren't secret, don't worry, I'm fine!)
- `files/app.ini` includes some custom config you'll need to replace, like our
  domain name. (We also opt to use Forgejo's built-in HTTPS support, via
  Let's Encrypt!)
- You'll need to create your own copy of the secret token files in
  `files/secrets`. See the `README` in there for more details!
- We used the latest version of Forgejo available at the time we deployed,
  but it's possible you're reading this later. It's worth checking out
  Forgejo's own self-hosting instructions, and making sure you download the
  latest version.
- This code is distributed under the GPLv3 license; see the `LICENSE` file for
  more details.

Hope this helps!

[fj]: https://forgejo.org/
[fj-install]: https://forgejo.org/docs/latest/admin/installation-binary/
Remove warnings-to-self about secrets Back when I had secrets just hardcoded into the repo, I added these to make sure I wouldn't publish the repo without realizing I had left those in! But now I've gone back and obliterated them from git history, so we're okay to share! (Not just I committed over them, but they are fully gone.) 2024-01-15 00:02:57 -08:00			`# OpenNeo Code`

Write a README I adapted this from the one I wrote last night for the `openneo-analytics` repo! 2024-01-15 00:08:36 -08:00			`This is the deployment code we use to set up and manage code.openneo.net,`
			`a self-hosted copy of [Forgejo][fj]! It's a very GitHub-like service, but we`
			`control the data. (Microsoft's recent approach to AI has me feeling real`
			`anxious about continuing to develop on there!)`

			`We like to use Ansible playbooks to keep track of how we set up our servers,`
Copy-edits and comments 2024-01-15 00:38:30 -08:00			`here's how we've structured them! (We don't use very fancy Ansible features, we`
			`just use them as idempotent command-line scripts!)`
Write a README I adapted this from the one I wrote last night for the `openneo-analytics` repo! 2024-01-15 00:08:36 -08:00
			- `setup-users.yml`: Sets up the user accounts for the system, with their SSH
			`keys for login.`
			- `setup-security.yml`: Sets up firewall rules and automatic system updates.
			`(This is a standard playbook I use for all my servers!)`
			- `setup-forgejo.yml`: Sets up the Forgejo server itself, as a `systemd`
Copy-edits and comments 2024-01-15 00:38:30 -08:00			`service running Forgejo's official Linux binary. This is mostly a 1:1 port`
			`of [Forgejo's "Installation from binary" guide][fj-install]!`
Write a README I adapted this from the one I wrote last night for the `openneo-analytics` repo! 2024-01-15 00:08:36 -08:00
			You can run them individually, or all at once, with `run.sh`:

			`run.sh setup-all.yml`

			`If you're interested in setting up your own Forgejo service, this could be`
			`useful as a starting point, there's not much custom here! Just a couple things`
			`to note:`

			- `setup-users.yml` contains my own username and my own SSH public keys—you'll
			`want to replace those! (Public SSH keys aren't secret, don't worry, I'm fine!)`
			- `files/app.ini` includes some custom config you'll need to replace, like our
			`domain name. (We also opt to use Forgejo's built-in HTTPS support, via`
			`Let's Encrypt!)`
			`- You'll need to create your own copy of the secret token files in`
			`files/secrets`. See the `README` in there for more details!
			`- We used the latest version of Forgejo available at the time we deployed,`
			`but it's possible you're reading this later. It's worth checking out`
			`Forgejo's own self-hosting instructions, and making sure you download the`
			`latest version.`
			- This code is distributed under the GPLv3 license; see the `LICENSE` file for
			`more details.`

			`Hope this helps!`

			`[fj]: https://forgejo.org/`
Copy-edits and comments 2024-01-15 00:38:30 -08:00			`[fj-install]: https://forgejo.org/docs/latest/admin/installation-binary/`