Single hostname resolves both from browsers (RFC 6761) and inside docker (DNS alias). Fixes artifact upload ECONNREFUSED.
107 lines
4.8 KiB
Text
107 lines
4.8 KiB
Text
# .env.example — copy to .env and adjust. setup.sh fills random values for any
|
|
# secret left empty. Do not commit .env.
|
|
|
|
# ---------- Forgejo ----------
|
|
FORGEJO_IMAGE=codeberg.org/forgejo/forgejo:10
|
|
FORGEJO_DOMAIN=forgejo.localhost
|
|
FORGEJO_SSH_DOMAIN=localhost
|
|
FORGEJO_HTTP_PORT=3000
|
|
FORGEJO_SSH_PORT=2222
|
|
# Use forgejo.localhost (not bare localhost) so the same URL resolves both:
|
|
# - From browsers: *.localhost → 127.0.0.1 (RFC 6761; honored by Chrome,
|
|
# Firefox, Safari without /etc/hosts entries). Host port 3000 is mapped
|
|
# to the forgejo container.
|
|
# - From job containers: Docker DNS resolves forgejo.localhost via the
|
|
# network alias declared in docker-compose.yml (forgejo service).
|
|
# This avoids the ACTIONS_RUNTIME_URL mismatch that breaks artifact uploads
|
|
# when ROOT_URL is host-facing http://localhost:3000/.
|
|
FORGEJO_ROOT_URL=http://forgejo.localhost:3000/
|
|
|
|
# Admin user — created by bootstrap if absent
|
|
FORGEJO_ADMIN_USER=forgejo_admin
|
|
FORGEJO_ADMIN_EMAIL=admin@localhost
|
|
FORGEJO_ADMIN_PASSWORD= # auto-generated if empty
|
|
FORGEJO_ADMIN_TOKEN= # auto-generated by bootstrap
|
|
|
|
# Forgejo internal secrets — auto-generated if empty
|
|
FORGEJO_SECRET_KEY=
|
|
FORGEJO_INTERNAL_TOKEN=
|
|
FORGEJO_JWT_SECRET=
|
|
FORGEJO_LFS_JWT_SECRET=
|
|
|
|
# ---------- Postgres ----------
|
|
POSTGRES_IMAGE=postgres:16-alpine
|
|
POSTGRES_DB=forgejo
|
|
POSTGRES_USER=forgejo
|
|
POSTGRES_PASSWORD= # auto-generated if empty
|
|
|
|
# ---------- Forgejo Actions runner ----------
|
|
RUNNER_IMAGE=code.forgejo.org/forgejo/runner:6
|
|
RUNNER_NAME=local-runner
|
|
# Override job container image (must be available locally; see runner-image/).
|
|
# RUNNER_JOB_IMAGE=forgejo-stack/job:latest
|
|
# RUNNER_BUILD_ANDROID_IMAGE=true # set false to skip the ~5 min android image build
|
|
# RUNNER_ANDROID_JOB_IMAGE=forgejo-stack/job-android:latest
|
|
# Concurrent jobs per runner. Each slot can saturate a CPU core during build —
|
|
# size to host capacity. Default 6; set to `nproc` on a dedicated CI host, or
|
|
# lower if the box is shared with workstation use.
|
|
# RUNNER_CAPACITY=6
|
|
# Extra `docker run` args forwarded into every job container. Default mounts a
|
|
# shared `actions/setup-*` toolcache (=AGENT_TOOLSDIRECTORY for catthehacker
|
|
# images) so Node/Go/Python downloads only happen once. Append more `-v ...`
|
|
# flags if you want to share additional caches.
|
|
# RUNNER_JOB_OPTIONS=-v forgejo-stack-hostedtoolcache:/opt/hostedtoolcache
|
|
# Named volumes referenced from RUNNER_JOB_OPTIONS must be allow-listed here
|
|
# (comma-separated) — forgejo-runner silently drops unlisted mounts with the
|
|
# warning "is not a valid volume, will be ignored". Keep in sync with the
|
|
# volume names used above.
|
|
# RUNNER_VALID_VOLUMES=forgejo-stack-hostedtoolcache
|
|
|
|
# ---------- Runner image yarn cache pre-warm ----------
|
|
# Comma-separated list of `<owner>/<repo>[@<branch>]` entries. The
|
|
# `runner-refresh` service polls each repo's yarn.lock + package.json and
|
|
# rebuilds forgejo-stack/job:latest whenever they change, so the in-image
|
|
# yarn offline cache stays current automatically. Branch defaults to the
|
|
# repo's default_branch. First-listed repo wins — its lockfile is what
|
|
# gets baked. Leave empty to disable pre-warm (the runner-refresh service
|
|
# idles in that case).
|
|
# RUNNER_CACHE_SEED_REPOS=forgejo_admin/exifcleaner-web
|
|
# Seconds between polls. 300 = 5 min. Lower for tighter latency on lockfile
|
|
# changes; bump if you don't want frequent docker builds.
|
|
# RUNNER_REFRESH_INTERVAL=300
|
|
|
|
# ---------- Internal network MTU ----------
|
|
# Default 1500 works on bare-metal LAN. Lower this when the host's default
|
|
# route goes through a VPN/tunnel (WireGuard typically ~1320-1420). Symptom of
|
|
# wrong MTU: yarn/npm/pip install hangs at "Fetching packages" with no error.
|
|
# Check tunnel MTU: ip link show $(ip route get 1.1.1.1 | grep -oP 'dev \K\S+')
|
|
INTERNAL_NETWORK_MTU=1500
|
|
|
|
# ---------- forgejo-mcp ----------
|
|
# Verified working image: ronmi/forgejo-mcp on Docker Hub, built from the
|
|
# raohwork/forgejo-mcp Go project (https://github.com/raohwork/forgejo-mcp).
|
|
# Entrypoint is /forgejo-mcp; default subcommand is "stdio".
|
|
# Configured via FORGEJOMCP_SERVER and FORGEJOMCP_TOKEN env vars.
|
|
FORGEJO_MCP_IMAGE=ronmi/forgejo-mcp:latest
|
|
FORGEJO_MCP_TOKEN= # auto-generated by bootstrap
|
|
FORGEJO_MCP_HTTP_PORT=8181 # host port for the HTTP/SSE MCP endpoint
|
|
|
|
# ---------- Bot users ----------
|
|
CLAUDE_BOT_USER=claude-bot
|
|
CLAUDE_BOT_EMAIL=claude-bot@localhost
|
|
CLAUDE_BOT_PASSWORD=
|
|
CLAUDE_BOT_TOKEN=
|
|
GEMINI_BOT_USER=gemini-bot
|
|
GEMINI_BOT_EMAIL=gemini-bot@localhost
|
|
GEMINI_BOT_PASSWORD=
|
|
GEMINI_BOT_TOKEN=
|
|
|
|
# ---------- LLM API keys (org-level secrets) ----------
|
|
ANTHROPIC_API_KEY=
|
|
GEMINI_API_KEY=
|
|
CLAUDE_BOT_ENABLED=true
|
|
GEMINI_BOT_ENABLED=true
|
|
|
|
# ---------- GitHub migration ----------
|
|
# Required only for migrate-from-github.sh. Scopes: repo, read:org
|
|
GITHUB_TOKEN=
|