This very ForgeJo instance! https://code.openneo.net/
Find a file
Emi Matchu a9db85d7c8 Restart every week, to help ensure SSL certificate renews
Oh right, I dealt with this a few months ago too: I got a notice from
Let's Encrypt that our code.openneo.net SSL certificate was going to
expire soon. And last time, restarting the Forgejo service fixed it and
got a new certificate issued immediately!

My inference is that the logic to check on the certificate status only
happens on startup. So, let's add code to the service file to ensure
that Forgejo will terminate after 7 days of runtime; and the
`Restart=always` setting will ensure that it comes immediately back up.
2024-06-10 13:03:19 -07:00
files Restart every week, to help ensure SSL certificate renews 2024-06-10 13:03:19 -07:00
inventory.cfg initial commit: it runs! 2024-01-13 21:47:50 -08:00
LICENSE Add license file 2024-01-14 23:59:18 -08:00
README.md Copy-edits and comments 2024-01-15 00:38:30 -08:00
run.sh initial commit: it runs! 2024-01-13 21:47:50 -08:00
setup-all.yml Write a README 2024-01-15 00:08:36 -08:00
setup-forgejo.yml Upgrade to Forgejo v7.0.3 2024-05-27 13:58:54 -07:00
setup-machine.yml Configure machine's hostname as code.openneo.net 2024-06-10 12:55:00 -07:00
setup-security.yml initial commit: it runs! 2024-01-13 21:47:50 -08:00

OpenNeo Code

This is the deployment code we use to set up and manage code.openneo.net, a self-hosted copy of Forgejo! It's a very GitHub-like service, but we control the data. (Microsoft's recent approach to AI has me feeling real anxious about continuing to develop on there!)

We like to use Ansible playbooks to keep track of how we set up our servers, here's how we've structured them! (We don't use very fancy Ansible features, we just use them as idempotent command-line scripts!)

  • setup-users.yml: Sets up the user accounts for the system, with their SSH keys for login.
  • setup-security.yml: Sets up firewall rules and automatic system updates. (This is a standard playbook I use for all my servers!)
  • setup-forgejo.yml: Sets up the Forgejo server itself, as a systemd service running Forgejo's official Linux binary. This is mostly a 1:1 port of Forgejo's "Installation from binary" guide!

You can run them individually, or all at once, with run.sh:

run.sh setup-all.yml

If you're interested in setting up your own Forgejo service, this could be useful as a starting point, there's not much custom here! Just a couple things to note:

  • setup-users.yml contains my own username and my own SSH public keys—you'll want to replace those! (Public SSH keys aren't secret, don't worry, I'm fine!)
  • files/app.ini includes some custom config you'll need to replace, like our domain name. (We also opt to use Forgejo's built-in HTTPS support, via Let's Encrypt!)
  • You'll need to create your own copy of the secret token files in files/secrets. See the README in there for more details!
  • We used the latest version of Forgejo available at the time we deployed, but it's possible you're reading this later. It's worth checking out Forgejo's own self-hosting instructions, and making sure you download the latest version.
  • This code is distributed under the GPLv3 license; see the LICENSE file for more details.

Hope this helps!