# Forgejo

[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/forgejo/status.svg)](https://build.coopcloud.tech/coop-cloud/forgejo)

<!-- metadata -->
* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@fauno](https://git.coopcloud.tech/fauno)
* **Category**: Development
* **Status**: 5
* **Image**: [`forgejo/forgejo`](https://codeberg.org/forgejo/-/packages/container/forgejo/13-rootless), 4, upstream
* **Healthcheck**: Yes
* **Backups**: Yes
* **Email**: Yes
* **Tests**: 2
* **SSO**: 3 (OAuth)
<!-- endmetadata -->

## Basic usage

1. Set up Docker Swarm and [`abra`][abra]
2. Deploy [`coop-cloud/traefik`][cc-traefik]
3. `abra app new forgejo --secrets` (optionally with `--pass` if you'd like
   to save secrets in `pass`)
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
   your Docker swarm box
5. `abra app deploy YOURAPPDOMAIN`

## Create first user

Run

```bash
abra app run YOURAPPNAME app forgejo -c /etc/gitea/app.ini admin user create --username USERNAME --admin --random-password --email EMAIL
```

See the [Gitea command-line documentation](https://docs.gitea.io/en-us/command-line/) for more options.  Make sure not to forget the `-c /etc/gitea/app.ini`.

## Enable SSH

You most certainly want to be able to access your repository over SSH.  To do so, make sure you uncomment the right lines in the configuration for `traefik`.
```
abra app config YOURTRAEFIKAPP
```
There uncomment or add these lines:
```
GITEA_SSH_ENABLED=1
COMPOSE_FILE="compose.yml:compose.gitea.yml"
```
Then redeploy traefik:
```
abra app undeploy YOURTRAEFIKAPP
abra app deploy YOURTRAEFIKAPP
```
You might need to wait a bit.  To check if it worked, you can run
```
telnet my.gitea.example.com 2222
```
Once you have added a public SSH key, you can check that you can connect to your gitea server with
```
ssh -T -p 2222 git@my.gitea.example.com
```

Note that gitea should be configured to listen to port 2222, i.e. `GITEA_SSH_PORT=2222` in the gitea config.

## Protect Forgejo from scrapers with Anubis

Uncomment the Anubis compose file from the `.env` file and re-deploy the
app.  Don't forget to actually [enable Anubis on the Traefik app
too](https://recipes.coopcloud.tech/traefik)!

## [Instance Commit Signing](https://forgejo.org/docs/latest/admin/advanced/signing/)

To allow Forgejo to sign commits, uncomment the corresponding
configuration block, and then generate and insert the SSH keys:

```sh
abra app config git.example.coop
ssh-keygen -t ed25519
app app secret insert git.example.coop signing_public_key v1 -f ~/.ssh/id_ed25519.pub
app app secret insert git.example.coop signing_private_key v1 -f ~/.ssh/id_ed25519
app app deploy git.example.coop
```