Adds the Architecture Decision Records that were written during the
Forgejo deployment (M7.1) as part of moving docs from the iCloud folder
into this versioned repository.
Includes:
- ADR-0001: Forgejo vs Gitea (non-profit stewardship)
- ADR-0002: ai-apps placement (no separate VM)
- ADR-0003: Native OIDC, not ForwardAuth
- ADR-0004: Subdomain code.sdda.eu
- ADR-0005: Volume mount on /data (lesson learned)
- ADR-0006: Silent SSO via OAuth2 launch URL (lesson learned)
Plus a docs/adr/README.md that explains the ADR format, lists the
current ADRs, and provides a template for future entries.
Refs OP#1118
Mirrors /opt/ai-apps/eh-search/ on the server, including the full
FastAPI app (intent routing, FTS+fuzzy+substring hybrid, multi-source
federation across vehicles + blog + brands + pages + static + tag
bridge), SQL schema (Postgres materialized view with german_unaccent
text search, pg_trgm for fuzzy), Dockerfile and compose.
Sanitized the hardcoded password in sql/01_init.sql — replaced with
REPLACE_ME_BEFORE_APPLYING placeholder since this repo is public.
The eh-search service binds only on the private network (10.0.0.8:8200)
and is reachable only via Pegasus nginx proxy at /api/search.
Refs OP#1094 OP#1105 OP#1112 OP#1116 OP#1117
First stack mirrored 1:1 from /opt/ai-apps/forgejo/ on the server.
Includes docker-compose.yml (forgejo + postgres 16), .env.example
template (NO real secrets), backup.sh (nightly pg_dump + tar), plus
Agent.md and README.md.
Known gotchas documented in Agent.md:
- Volume mount on /data not /var/lib/gitea
- SSH port 2222 in container (system sshd occupies 22)
- OIDC config lives in DB table login_source, not app.ini
Refs OP#1119
Captures the current state of all Docker stacks running on ai-apps
(Hetzner cx22, 10.0.0.8) as of 2026-04-11. Includes resource budget,
DNS records, Traefik integration pattern, and backup situation.
This is a point-in-time snapshot; update when new stacks are added.
Refs OP#1118
- README.md explains scope, conventions, what does / does not belong here
- Agent.md is the AI session briefing with workflow rules
- .gitignore blocks secrets, runtime data, and build artifacts
Refs OP#1119
