From c626b843244e0ea8bbc49075abd1d9ba199be4d6 Mon Sep 17 00:00:00 2001
From: Tero Halla-aho <thallaa@gmail.com>
Date: Thu, 11 Dec 2025 22:10:50 +0200
Subject: [PATCH] Add Forgejo deployment scaffolding and CI workflow

---
 .forgejo/workflows/ci.yml  | 18 +++++++++++++
 PROGRESS.md                |  1 +
 forgejo/README.md          | 53 ++++++++++++++++++++++++++++++++++++++
 forgejo/docker-compose.yml | 36 ++++++++++++++++++++++++++
 4 files changed, 108 insertions(+)
 create mode 100644 .forgejo/workflows/ci.yml
 create mode 100644 forgejo/README.md
 create mode 100644 forgejo/docker-compose.yml

diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
new file mode 100644
index 0000000..6a5e4b5
--- /dev/null
+++ b/.forgejo/workflows/ci.yml
@@ -0,0 +1,18 @@
+name: CI
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  checks:
+    runs-on: docker
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      - run: npm ci
+      - run: npm run lint
+      - run: npm run type-check
+      - run: npm run format:check
diff --git a/PROGRESS.md b/PROGRESS.md
index 9bdf8ac..d367160 100644
--- a/PROGRESS.md
+++ b/PROGRESS.md
@@ -82,3 +82,4 @@
 - New admin monitoring dashboard at `/admin/monitor` surfaces Hetzner node status, Kubernetes nodes/pods health, and PostgreSQL connection/size checks with auto-refresh.
 - Netdata installed on k3s node (`node1.lomavuokraus.fi:8443`) and DB host (`db1.lomavuokraus.fi:8443`) behind self-signed TLS + basic auth; DB Netdata includes Postgres metrics via dedicated `netdata` role.
 - Footer now includes a minimal cookie usage statement (essential cookies only; site requires acceptance).
+- Forgejo deployment scaffolding added: Docker Compose + runner config guidance and Apache vhost for git.halla-aho.net, plus CI workflow placeholder under `.forgejo/workflows/`.
diff --git a/forgejo/README.md b/forgejo/README.md
new file mode 100644
index 0000000..d1c233d
--- /dev/null
+++ b/forgejo/README.md
@@ -0,0 +1,53 @@
+Forgejo on halla-aho.net
+========================
+
+Lightweight Git hosting + CI with Forgejo (Gitea fork) behind Apache on halla-aho.net.
+
+What’s included
+- Docker Compose for Forgejo + SSH and an Actions runner (`forgejo/docker-compose.yml`).
+- Apache vhost snippet (added to `default-ssl.conf`) to reverse-proxy `git.halla-aho.net` to the Forgejo container on port 3000.
+
+Prereqs
+- Docker installed on halla-aho.net.
+- SSLMate certs for `git.halla-aho.net` placed on the host (paths referenced in `default-ssl.conf`).
+- A DNS record for `git.halla-aho.net` pointing to the server.
+
+Deploy Forgejo
+1) Create host dirs for data:
+   ```
+   sudo mkdir -p /srv/forgejo/data /srv/forgejo/runner
+   sudo chown -R $USER:$USER /srv/forgejo
+   ```
+2) Start the Forgejo service:
+   ```
+   docker compose -f forgejo/docker-compose.yml up -d forgejo
+   ```
+3) Configure Apache (already added to `default-ssl.conf`):
+   - VirtualHost `git.halla-aho.net:9443` proxies to `http://127.0.0.1:3000/`.
+   - TLS files: `/etc/apache2/ssl/git.halla-aho.net.{crt,key,chain.crt}` (update if different).
+   - Enable the site and reload Apache.
+4) Finish setup in the UI at `https://git.halla-aho.net/`:
+   - Create the admin user.
+   - Configure SMTP in the admin UI (Mail settings).
+   - Set `ROOT_URL`/`SSH_DOMAIN` if you change ports/domains.
+
+Register the Actions runner
+1) In Forgejo, create a runner registration token (Site Admin → Runners).
+2) Register the runner (writes `/srv/forgejo/runner/config.yaml`):
+   ```
+   docker compose -f forgejo/docker-compose.yml run --rm runner \
+     forgejo-runner register \
+     --instance https://git.halla-aho.net \
+     --token <REGISTRATION_TOKEN> \
+     --name halla-runner \
+     --labels docker \
+     --config /data/config.yaml
+   ```
+3) Start the runner:
+   ```
+   docker compose -f forgejo/docker-compose.yml up -d runner
+   ```
+
+CI workflow for this repo
+- Add workflows under `.forgejo/workflows/`.
+- Example included: `ci.yml` runs npm install + lint + type-check + format check on push/PR using the `docker` runner label.
diff --git a/forgejo/docker-compose.yml b/forgejo/docker-compose.yml
new file mode 100644
index 0000000..b513a2e
--- /dev/null
+++ b/forgejo/docker-compose.yml
@@ -0,0 +1,36 @@
+version: "3.8"
+
+services:
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:10
+    container_name: forgejo
+    restart: unless-stopped
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - TZ=Europe/Helsinki
+      - FORGEJO__SERVER__DOMAIN=git.halla-aho.net
+      - FORGEJO__SERVER__ROOT_URL=https://git.halla-aho.net/
+      - FORGEJO__SERVER__HTTP_PORT=3000
+      - FORGEJO__SERVER__PROTOCOL=http
+      - FORGEJO__SERVER__SSH_DOMAIN=git.halla-aho.net
+      - FORGEJO__SERVER__SSH_PORT=2222
+      - FORGEJO__DATABASE__DB_TYPE=sqlite3
+      - FORGEJO__DATABASE__PATH=/data/forgejo.db
+      - FORGEJO__MAILER__ENABLED=false
+    volumes:
+      - /srv/forgejo/data:/data
+    ports:
+      - "3000:3000" # HTTP (Apache will reverse proxy)
+      - "2222:22"   # SSH for git
+
+  runner:
+    image: codeberg.org/forgejo/runner:4
+    container_name: forgejo-runner
+    restart: unless-stopped
+    depends_on:
+      - forgejo
+    volumes:
+      - /srv/forgejo/runner:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    command: ["forgejo-runner", "daemon", "--config", "/data/config.yaml"]