Automated deployment of local Forgejo Git server on Proxmox LXC using OpenTofu and Ansible.
- 🚀 Automated LXC container creation (OpenTofu)
- 🐳 Docker-based Forgejo + PostgreSQL
- 📦 Automated daily backups to NAS
- 🔒 UFW firewall + SSH hardening
- 🌐 Nginx reverse proxy with self-signed SSL
- OpenTofu installed (
>= 1.11) - Ansible installed (
>= 2.19) - SSH keys generated (
~/.ssh/id_ed25519) - Proxmox VE accessible (
>= 9.1) - NAS mount at
/shared-storage/shareon Proxmox host
See opentofu/README.md for detailed configuration options.
cd opentofu
cp secrets.auto.tfvars.example secrets.auto.tfvars
nano secrets.auto.tfvars # Edit: pm_api_url, root_password, ip_prod/test
tofu init
tofu workspace new prod
tofu workspace new test
tofu workspace select prod # or test
tofu applySee ansible/README.md for detailed configuration options.
cd ../ansible
cp secrets.yml.example secrets.yml
nano secrets.yml # Edit: db_password
ansible-playbook playbook.yml -l prod # or test- Web UI:
https://<container_ip> - System SSH:
ssh ansible@<container_ip> -p 2222 - Git SSH: Port
22(configure in Forgejo web UI)
openssl rand -base64 32- Schedule: Daily at 3:00 AM (± 30min randomized delay)
- Location:
/opt/backups/forgejo/ - Retention: 10 days
ssh ansible@<container_ip> -p 2222 'sudo /opt/forgejo/forgejo-backup.sh'
ssh ansible@<container_ip> -p 2222 'sudo /opt/forgejo/forgejo-restore.sh <backup-file>'Monitor component versions to track server lifecycle:
# Setup
cp scripts/check-updates.sh.example scripts/check-updates.sh
# Edit SERVER variable in the script: ip + ssh port
nano scripts/check-updates.sh
# Run
./scripts/check-updates.shOutput shows current vs latest versions for:
- Forgejo
- PostgreSQL
- Docker
- Nginx
- Debian
This project is licensed under the MIT License - see the LICENSE file for details.
