Skip to main content

Forge: Forgejo (Git hosting, actions, etc)

shinyspace runs a Forgejo instance. This is so we can easily work together with people who are used to e.g. GitHub workflows.

Forgejo has a dedicated VM: forgejo1 
Forgejo now runs in a rootless podman container on brix4, making many things easier - no hard ram limits or storage limits for example, if needed it can use the entire server (unless other containers need resources too)

on it, there's a user "shinypod" that has podman permissions (subid/subgid stuff) and is configured to run Podman on (2024) Debian 11 Arch Linux (because debian's podman version was quite old and didn't support some features needed for rootless) without root, meaning /etc/containers/containers.conf had to be adjusted to use cgroupfs.

the Forgejo pod was created with this compose.yml file:

version: '3'

networks:
  forgejo:
    external: false

services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:8-rootless
    container_name: forgejo
    user: "1000:1000"  # Adjust this to match your host UID:GID
    environment:
      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=db:5432
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=Wt8ooyMTMyD4wSz47I
    restart: always
    networks:
      - forgejo
    volumes:
      - ./forgejo_data:/var/lib/gitea
      - ./forgejo_config:/etc/gitea
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:2222"  # Note: Changed from 222 to 2222 for rootless container
    depends_on:
      - db
    userns_mode: "keep-id"

  db:
    image: postgres:14
    container_name: forgejo_db
    restart: always
    environment:
      - POSTGRES_USER=forgejo
      - POSTGRES_PASSWORD=Wt8ooyMTMyD4wSz47I
      - POSTGRES_DB=forgejo
    networks:
      - forgejo
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    userns_mode: "keep-id"


x-podman:
  in_pod: false

which, if ran on a new system, should create the latest version of forgejo7 (such as 7.4). Persistent data is in the ./forgejo directory, that's why it is mounted.

Updates should be easy and smooth on forgejo 7. updating to 8 is likely going to require manual intervention.

Attention: podman won't restart containers by default. i made the following systemd unit in this case:

.config/systemd/user/compose-forgejo.service 

[Unit]
Description=Podman Compose MyService
Wants=network-online.target
After=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=%h/forgejo
ExecStart=/usr/bin/podman-compose up -d
ExecStop=/usr/bin/podman-compose down

[Install]
WantedBy=default.target

the Type and RemainAfterExit lines are what keeps the container up.

A forgejo runner was set up for the shiny.space organisation, so any repos belonging to that can use it. it runs on a dedicated VM runner1 with Docker (as the required container sockets come with docker per default, but require extra setup on podman). 

it was created (after installing dependencies such as docker) with the command

./forgejo-runner register --no-interactive --token <TOKEN> --name runner --instance https://forge.shiny.space --labels docker:docker://node:16-bullseye,self-hosted

and started as a systemd service running /root/forgejo-runner daemon

No Comments
Back to top