From c7b7ce85854a6d835be0f014ff1da536489721d6 Mon Sep 17 00:00:00 2001
From: Bensuperpc <bensuperpc@gmail.com>
Date: Sun, 29 Jun 2025 10:37:57 +0200
Subject: [PATCH] Forgejo

---
 Makefile                                      | 17 ++--
 README.md                                     | 22 +++++
 infrastructure/docker-compose.yml             |  2 +
 .../caddy/config/bensuperpc.org/Caddyfile     |  4 +
 .../forgejo/docker-compose.forgejo.yml        | 90 +++++++++++++++++++
 .../services/forgejo/env/forgejo.env          | 25 ++++++
 .../services/forgejo/env/forgejo_db.env       |  4 +
 .../services/forgejo/env/forgejo_runner.env   |  0
 .../services/gitea/docker-compose.gitea.yml   |  5 +-
 .../services/homepage/config/services.yaml    |  6 ++
 .../openssh/docker-compose.openssh.yml        |  2 +
 11 files changed, 167 insertions(+), 10 deletions(-)
 create mode 100644 infrastructure/services/forgejo/docker-compose.forgejo.yml
 create mode 100644 infrastructure/services/forgejo/env/forgejo.env
 create mode 100644 infrastructure/services/forgejo/env/forgejo_db.env
 create mode 100644 infrastructure/services/forgejo/env/forgejo_runner.env

diff --git a/Makefile b/Makefile
index c3a0325..e30fc43 100644
--- a/Makefile
+++ b/Makefile
@@ -11,17 +11,20 @@
 #//                                                          //
 #//////////////////////////////////////////////////////////////
 
-BLOG_SERVICES := wordpress
-TORRENTS_SERVICES := qbittorrent transmission
-SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs gitea syncthing
+#BLOG_SERVICES := wordpress
+#TORRENTS_SERVICES := qbittorrent transmission
+#SHARING_SERVICES := psitransfer picoshare privatebin projectsend jellyfin dufs syncthing
+GIT_SERVICES := forgejo forgejo-runner
 ADMIN_SERVICES := yacht uptime-kuma openssh
-UTILS_SERVICES := it-tools stirlingpdf omni-tools
-IA_SERVICES := open-webui
+# gitea
+#UTILS_SERVICES := it-tools stirlingpdf omni-tools
+#IA_SERVICES := open-webui
 # gitea-runner
-GAME_SERVICES := mc-server mc-backup
+GAME_SERVICES := 
+#mc-server mc-backup
 # 7daystodie_server 7daystodie_backup satisfactory_server satisfactory_backup
 PROJECT_DIRECTORY := infrastructure
 
-DOCKER_PROFILES := main_infrastructure caddy homepage $(BLOG_SERVICES) $(SHARING_SERVICES) $(TORRENTS_SERVICES) $(ADMIN_SERVICES) $(UTILS_SERVICES) $(IA_SERVICES) $(GAME_SERVICES) 
+DOCKER_PROFILES := main_infrastructure caddy homepage $(BLOG_SERVICES) $(SHARING_SERVICES) $(TORRENTS_SERVICES) $(ADMIN_SERVICES) $(UTILS_SERVICES) $(IA_SERVICES) $(GAME_SERVICES) $(GIT_SERVICES)
 
 include DockerCompose.mk
diff --git a/README.md b/README.md
index 928f2e3..8a7d21e 100644
--- a/README.md
+++ b/README.md
@@ -279,6 +279,26 @@ You can change the homepage config in these files:
 - [settings.yaml](infrastructure/services/homepage/config/settings.yaml)
 - [widgets.yaml](infrastructure/services/homepage/config/widgets.yaml)
 
+### Forgejo
+
+```sh
+docker exec -it forgejo_runner /bin/bash
+```
+```sh
+forgejo-runner generate-config > /data/config.yml
+```
+
+```sh
+forgejo-runner register
+```
+
+```sh
+https://forgejo.bensuperpc.org/
+<Your Registration Token, in https://forgejo.bensuperpc.org/admin/actions/runners>
+main
+ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
+```
+
 ### Docker volumes
 
 This infrastructure uses docker volumes to store data, all configuration/data for each service are not shared between services for security and maintenance reasons, but **public_data** and **private_data** are shared between all services to store your data.
@@ -333,6 +353,8 @@ ssh -p 2222 admin@bensuperpc.org
 - [Stirling PDF](https://github.com/Stirling-Tools/Stirling-PDF)
 - [open-webui](https://github.com/open-webui/open-webui)
 - [Fix docker volume](https://pratikpc.medium.com/use-docker-compose-named-volumes-as-non-root-within-your-containers-1911eb30f731)
+- [Forgejo-runner](https://code.forgejo.org/forgejo/runner)
+- [Forgejo-runner](https://huijzer.xyz/posts/55)
 
 ## License
 
diff --git a/infrastructure/docker-compose.yml b/infrastructure/docker-compose.yml
index ae3f587..624d7ab 100644
--- a/infrastructure/docker-compose.yml
+++ b/infrastructure/docker-compose.yml
@@ -9,6 +9,8 @@ include:
   - services/dufs/docker-compose.dufs.yml
 # Gitea
   - services/gitea/docker-compose.gitea.yml
+# Forgejo
+  - services/forgejo/docker-compose.forgejo.yml
 # Homepage
   - services/homepage/docker-compose.homepage.yml
 # It-tools
diff --git a/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile b/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile
index ded3957..24558da 100644
--- a/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile
+++ b/infrastructure/services/caddy/config/bensuperpc.org/Caddyfile
@@ -94,6 +94,10 @@ git.{$MAIN_DOMAIN} {
 	reverse_proxy gitea:3000
 }
 
+forgejo.{$MAIN_DOMAIN} {
+	reverse_proxy forgejo:3000
+}
+
 jellyfin.{$MAIN_DOMAIN} {
 	reverse_proxy jellyfin:8096
 }
diff --git a/infrastructure/services/forgejo/docker-compose.forgejo.yml b/infrastructure/services/forgejo/docker-compose.forgejo.yml
new file mode 100644
index 0000000..762a141
--- /dev/null
+++ b/infrastructure/services/forgejo/docker-compose.forgejo.yml
@@ -0,0 +1,90 @@
+services:
+  # forgejo
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:11-rootless
+    container_name: forgejo
+    profiles:
+      - forgejo
+    restart: on-failure:5
+    depends_on:
+      - database_forgejo
+      - caddy
+    ports:
+      - "5555:5555"
+    env_file:
+      - ./env/forgejo.env
+    volumes:
+    # /var/lib/gitea/custom/conf/app.ini
+      - forgejo_data:/var/lib/gitea
+      - forgejo_config:/etc/gitea
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+  
+  # Database forgejo
+  database_forgejo:
+    image: mariadb:latest
+    container_name: database_forgejo
+    profiles:
+      - forgejo
+    depends_on:
+      - caddy
+    restart: on-failure:5
+    volumes:
+      - forgejo_db:/var/lib/mysql:rw
+    env_file:
+      - ./env/forgejo_db.env
+    command: '--default-authentication-plugin=mysql_native_password'
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+
+  # forgejo-runner
+  docker-in-docker:
+    image: docker:dind
+    networks:
+      - infra-network
+    profiles:
+      - forgejo
+    container_name: 'docker_dind'
+    privileged: true
+    command: [ 'dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false' ]
+    restart: 'unless-stopped'
+
+  forgejo_runner:
+    image: 'code.forgejo.org/forgejo/runner:6.3.1'
+    networks:
+      - infra-network
+    profiles:
+      - forgejo
+    links:
+      - docker-in-docker
+    depends_on:
+      docker-in-docker:
+        condition: service_started
+    container_name: 'forgejo_runner'
+    environment:
+      DOCKER_HOST: tcp://docker-in-docker:2375
+#    user: 1001:1001
+    volumes:
+      - forgejo_runner:/data
+    restart: 'unless-stopped'
+
+#    command: '/bin/sh -c "while : ; do sleep 1 ; done ;"'
+    command: '/bin/sh -c "sleep 5; forgejo-runner -c /data/config.yml daemon"'
+
+volumes:
+  forgejo_data:
+    name: forgejo_data
+  forgejo_config:
+    name: forgejo_config
+  forgejo_db:
+    name: forgejo_db
+  forgejo_certs:
+    name: forgejo_certs
+  forgejo_runner:
+    name: forgejo_runner
diff --git a/infrastructure/services/forgejo/env/forgejo.env b/infrastructure/services/forgejo/env/forgejo.env
new file mode 100644
index 0000000..464f27e
--- /dev/null
+++ b/infrastructure/services/forgejo/env/forgejo.env
@@ -0,0 +1,25 @@
+USER_UID=1000
+USER_GID=1000
+FORGEJO__database__DB_TYPE=mysql
+FORGEJO__database__HOST=database_forgejo:3306
+FORGEJO__database__NAME=forgejo
+FORGEJO__database__USER=bensuperpc
+FORGEJO__database__PASSWD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
+FORGEJO__APP_NAME=The Homelab Git
+FORGEJO__APP_SLOGAN=Personal Code, Mirrors, and More
+FORGEJO__server__DOMAIN=forgejo.bensuperpc.org
+FORGEJO__server__SSH_DOMAIN=forgejo.bensuperpc.org
+FORGEJO__server__HTTP_PORT=3000
+FORGEJO__server__SSH_LISTEN_PORT=5555
+FORGEJO__server__SSH_PORT=5555
+FORGEJO__server__ROOT_URL=https://forgejo.bensuperpc.org
+FORGEJO__security__SECRET_KEY=ykcZt23an1E4lFHWvrCKdAyt16WAiK9c
+#FORGEJO__security__INTERNAL_TOKEN=
+#FORGEJO__security__INSTALL_LOCK=true
+FORGEJO__security__MIN_PASSWORD_LENGTH=8
+FORGEJO__actions__ENABLED=true
+FORGEJO__actions__DEFAULT_ACTIONS_URL="https://forgejo.bensuperpc.org"
+#FORGEJO__log__LEVEL: "debug"
+FORGEJO__repository__ENABLE_PUSH_CREATE_USER=true
+FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE=false
+FORGEJO__repository__DEFAULT_REPO_UNITS=repo.code,repo.actions
\ No newline at end of file
diff --git a/infrastructure/services/forgejo/env/forgejo_db.env b/infrastructure/services/forgejo/env/forgejo_db.env
new file mode 100644
index 0000000..9dd9bbb
--- /dev/null
+++ b/infrastructure/services/forgejo/env/forgejo_db.env
@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=xpc4zIhHZzWKqVHcjBu4aW6aS7jG8d7X
+MARIADB_USER=bensuperpc
+MARIADB_PASSWORD=K7s5yoHknnEd7vsZoxb8I3dK9mjToF1j
+MARIADB_DATABASE=forgejo
\ No newline at end of file
diff --git a/infrastructure/services/forgejo/env/forgejo_runner.env b/infrastructure/services/forgejo/env/forgejo_runner.env
new file mode 100644
index 0000000..e69de29
diff --git a/infrastructure/services/gitea/docker-compose.gitea.yml b/infrastructure/services/gitea/docker-compose.gitea.yml
index d462692..1e17824 100644
--- a/infrastructure/services/gitea/docker-compose.gitea.yml
+++ b/infrastructure/services/gitea/docker-compose.gitea.yml
@@ -16,8 +16,8 @@ services:
     volumes:
       - gitea_data:/var/lib/gitea
       - gitea_config:/etc/gitea
-#      - /etc/timezone:/etc/timezone:ro
-#      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
     networks:
       - infra-network
     security_opt:
@@ -28,7 +28,6 @@ services:
     image: mariadb:latest
     container_name: database_gitea
     profiles:
-      - database
       - gitea
     depends_on:
       - caddy
diff --git a/infrastructure/services/homepage/config/services.yaml b/infrastructure/services/homepage/config/services.yaml
index aefa155..d425e15 100644
--- a/infrastructure/services/homepage/config/services.yaml
+++ b/infrastructure/services/homepage/config/services.yaml
@@ -96,6 +96,12 @@
         description: Gitea
         ping: gitea.bensuperpc.org
         container: gitea
+    - forgejo:
+        icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/forgejo.png
+        href: https://forgejo.bensuperpc.org/
+        description: Forgejo
+        ping: forgejo.bensuperpc.org
+        container: forgejo
     - open-webui:
         icon: https://cdn.jsdelivr.net/gh/walkxcode/dashboard-icons@master/png/open-webui.png
         href: https://open-webui.bensuperpc.org/
diff --git a/infrastructure/services/openssh/docker-compose.openssh.yml b/infrastructure/services/openssh/docker-compose.openssh.yml
index 1076834..f4582b8 100644
--- a/infrastructure/services/openssh/docker-compose.openssh.yml
+++ b/infrastructure/services/openssh/docker-compose.openssh.yml
@@ -77,3 +77,5 @@ volumes:
     name: minecraft_proxy_data
   minecraft_rcon_data:
     name: minecraft_rcon_data
+# forgejo
+# gitea