Skip to content

sergey88889999/proxmox-lxc-forgejo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OpenTofu Ansible Docker Forgejo PostgreSQL

Debian Proxmox

Forgejo Logo

Forgejo-server (IaC)

Automated deployment of local Forgejo Git server on Proxmox LXC using OpenTofu and Ansible.

Features

  • 🚀 Automated LXC container creation (OpenTofu)
  • 🐳 Docker-based Forgejo + PostgreSQL
  • 📦 Automated daily backups to NAS
  • 🔒 UFW firewall + SSH hardening
  • 🌐 Nginx reverse proxy with self-signed SSL

Quick Start

Prerequisites

  • OpenTofu installed (>= 1.11)
  • Ansible installed (>= 2.19)
  • SSH keys generated (~/.ssh/id_ed25519)
  • Proxmox VE accessible (>= 9.1)
  • NAS mount at /shared-storage/share on Proxmox host

Step 1: Deploy Infrastructure

See opentofu/README.md for detailed configuration options.

cd opentofu
cp secrets.auto.tfvars.example secrets.auto.tfvars
nano secrets.auto.tfvars # Edit: pm_api_url, root_password, ip_prod/test
tofu init
tofu workspace new prod
tofu workspace new test
tofu workspace select prod   # or test
tofu apply

Step 2: Configure Services

See ansible/README.md for detailed configuration options.

cd ../ansible
cp secrets.yml.example secrets.yml
nano secrets.yml # Edit: db_password
ansible-playbook playbook.yml -l prod   # or test

Step 3: Access Forgejo

  • Web UI: https://<container_ip>
  • System SSH: ssh ansible@<container_ip> -p 2222
  • Git SSH: Port 22 (configure in Forgejo web UI)

Configuration

Password Generation

openssl rand -base64 32

Backups

  • Schedule: Daily at 3:00 AM (± 30min randomized delay)
  • Location: /opt/backups/forgejo/
  • Retention: 10 days

Manual backup/restore

ssh ansible@<container_ip> -p 2222 'sudo /opt/forgejo/forgejo-backup.sh'

ssh ansible@<container_ip> -p 2222 'sudo /opt/forgejo/forgejo-restore.sh <backup-file>'

Maintenance

Check for Updates

Monitor component versions to track server lifecycle:

# Setup
cp scripts/check-updates.sh.example scripts/check-updates.sh
# Edit SERVER variable in the script: ip + ssh port
nano scripts/check-updates.sh

# Run
./scripts/check-updates.sh

Output shows current vs latest versions for:

  • Forgejo
  • PostgreSQL
  • Docker
  • Nginx
  • Debian

License

This project is licensed under the MIT License - see the LICENSE file for details.