Benjamin Weinlich
8ba375caaa
First stack mirrored 1:1 from /opt/ai-apps/forgejo/ on the server. Includes docker-compose.yml (forgejo + postgres 16), .env.example template (NO real secrets), backup.sh (nightly pg_dump + tar), plus Agent.md and README.md. Known gotchas documented in Agent.md: - Volume mount on /data not /var/lib/gitea - SSH port 2222 in container (system sshd occupies 22) - OIDC config lives in DB table login_source, not app.ini Refs OP#1119
18 lines
683 B
Text
18 lines
683 B
Text
# Forgejo Stack — environment template
|
|
# Copy to .env and fill in actual values. NEVER commit .env to Git.
|
|
|
|
# Postgres password (generate: openssl rand -hex 32)
|
|
DB_PASSWORD=<openssl rand -hex 32>
|
|
|
|
# Forgejo internal crypto
|
|
FORGEJO_SECRET_KEY=<openssl rand -hex 32>
|
|
FORGEJO_INTERNAL_TOKEN=<openssl rand -hex 64>
|
|
|
|
# SMTP via Mailcow
|
|
SMTP_USER=electric-horses@sdda.eu
|
|
SMTP_PASSWORD=<aus Mailcow>
|
|
|
|
# OIDC (Authentik) — applied via CLI after first boot, reference only here
|
|
OIDC_CLIENT_ID=<from Authentik Application 'Forgejo'>
|
|
OIDC_CLIENT_SECRET=<from Authentik Application 'Forgejo'>
|
|
OIDC_DISCOVERY_URL=https://welcome.sdda.eu/application/o/forgejo/.well-known/openid-configuration
|