Oh right, I dealt with this a few months ago too: I got a notice from
Let's Encrypt that our code.openneo.net SSL certificate was going to
expire soon. And last time, restarting the Forgejo service fixed it and
got a new certificate issued immediately!
My inference is that the logic to check on the certificate status only
happens on startup. So, let's add code to the service file to ensure
that Forgejo will terminate after 7 days of runtime; and the
`Restart=always` setting will ensure that it comes immediately back up.
Back when I had secrets just hardcoded into the repo, I added these to
make sure I wouldn't publish the repo without realizing I had left
those in! But now I've gone back and obliterated them from git history,
so we're okay to share! (Not just I committed over them, but they are
*fully gone*.)
EDIT: I originally committed the actual secrets into this file, but
since came back in git history and rewrote this commit to redact them!
I wasn't expecting to share this repo, but now I am!
