It's your private code, you shouldn't have to pay for "enterprise" to protect your IP from training AI.
This is simply my own homelab AWS terraform that I decided could help others escape GitHub (or just experiment). Once spun up you have a full GitHub-like UI with authentication, organizations, actions, and other useful tools.
Note that the total cost of these services with the default config here is ~$30USD/month, but will depend on region.
For more info see Forgejo Docs
- Shared across components:
TF_VAR_region(default=us-east-1)TF_VAR_availability_zone_1(default=us-east-1a)TF_VAR_availability_zone_2(default=us-east-1a)TF_VAR_local_ip_with_range(required, no default) - example:123.432.543.65/32
- Postgres RDS backend: powers the application.
TF_VAR_forgejo_db_name(default=postgres)TF_VAR_forgejo_db_user(required, no default)TF_VAR_forgejo_db_password(required, no default)TF_VAR_forgejo_db_instance_id(default=postgres-db)TF_VAR_forgejo_db_instance_class(default=db.t3.micro)TF_VAR_forgejo_db_version(default=17.6)TF_VAR_forgejo_db_storage(default=20GB)
- EC2 server instance: hosts Forgejo via a Docker container.
TF_VAR_forgejo_instance_key(default=forgejo-key, MUST BE MADE MANUALLY)TF_VAR_forgejo_instance_type(default=t3.micro)
- EBS Volume server storage: deatttachable EBS storage avoids loosing server-side data.
TF_VAR_forgejo_ebs_size(default=30Gbs)
- Time-synced DB + server data encrypted backups: because loosing your IP is the worst possible outcome, and doing both backups at the same time avoids sync issues when repairing.
TF_VAR_forgejo_backup_cron(default=cron(0 10 ? * SUN *))TF_VAR_forgejo_backup_retention(days, default=30)
- Install
terraformand navigate into/infra. - Run
terraform initto install dependencies - Run
terraform plan, which should prompt for variable inputs (see "Components" section). - Finally run
terraform applyand pour yourself a coffee.
Here we do a similar process as documented by Forgejo here, but with some adjustments for RDS.
- First connect to the dbase using the
postgresuser with your tooling of choice. - Next we create
forgejodbusing a template.
CREATE DATABASE forgejodb TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';- Then we need to create a user
forgejoand assign it all relevant privileges.
CREATE ROLE forgejo WITH LOGIN PASSWORD 'PASSWORD HERE'
GRANT ALL PRIVILEGES ON DATABASE forgejodb TO forgejo;
GRANT ALL ON SCHEMA public TO forgejo;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO forgejo;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO forgejo;
GRANT ALL ON SCHEMA public TO forgejo;
ALTER SCHEMA public OWNER TO forgejo;
GRANT CREATE ON SCHEMA public TO forgejo;- Using the SSH command output by
terraform apply, connect to your instance. - Open the
.sshdirectory and download your key from AWS to it, before runningchmod 400 FILE_NAME-key.pem - Run
sudo ssh -i FILE_NAME-key.pem ec2-user@IPto connect to the instance. - If not done yet, create Forgejo storage directory that we mount to our EBS volume.
sudo mkdir -p /mnt/forgejo_data
sudo mkfs -t xfs /dev/xvdf # use lsblk to find storage, might be named different
sudo mount /dev/xvdf /mnt/forgejo_data # mount it- Configure our disk such that if we can't connect to it, the instance can still be accessed
# get UUID with sudo blkid /dev/nvme1n1
# open our filesystem config
sudo vi /etc/fstab
# write this to reference the EBS volume mount, and set to nofail
UUID=YOUR_UUID /mnt/forgejo_data xfs defaults,nofail 0 2- Install docker and config to avoid needing to
sudoeverything
sudo dnf update -y
sudo dnf install -y docker
# Start the Docker service and enable on reboot
sudo systemctl start docker
sudo systemctl enable docker
# Give ownership to the ec2-user so you can manage files easily
sudo usermod -aG docker ec2-user
sudo chown -R ec2-user:ec2-user /mnt/forgejo_data
# then refresh
newgrp docker- Finally run
docker compose upand navigate to the server URL output byterraform apply.