forgejo-stack/.env.example
forgejo_admin 18dfc4e696 fix(forgejo): use forgejo.localhost ROOT_URL for cross-network resolution (#6)
Single hostname resolves both from browsers (RFC 6761) and inside docker (DNS alias). Fixes artifact upload ECONNREFUSED.
2026-05-17 18:30:00 +04:00

107 lines
4.8 KiB
Text

# .env.example — copy to .env and adjust. setup.sh fills random values for any
# secret left empty. Do not commit .env.
# ---------- Forgejo ----------
FORGEJO_IMAGE=codeberg.org/forgejo/forgejo:10
FORGEJO_DOMAIN=forgejo.localhost
FORGEJO_SSH_DOMAIN=localhost
FORGEJO_HTTP_PORT=3000
FORGEJO_SSH_PORT=2222
# Use forgejo.localhost (not bare localhost) so the same URL resolves both:
# - From browsers: *.localhost → 127.0.0.1 (RFC 6761; honored by Chrome,
# Firefox, Safari without /etc/hosts entries). Host port 3000 is mapped
# to the forgejo container.
# - From job containers: Docker DNS resolves forgejo.localhost via the
# network alias declared in docker-compose.yml (forgejo service).
# This avoids the ACTIONS_RUNTIME_URL mismatch that breaks artifact uploads
# when ROOT_URL is host-facing http://localhost:3000/.
FORGEJO_ROOT_URL=http://forgejo.localhost:3000/
# Admin user — created by bootstrap if absent
FORGEJO_ADMIN_USER=forgejo_admin
FORGEJO_ADMIN_EMAIL=admin@localhost
FORGEJO_ADMIN_PASSWORD= # auto-generated if empty
FORGEJO_ADMIN_TOKEN= # auto-generated by bootstrap
# Forgejo internal secrets — auto-generated if empty
FORGEJO_SECRET_KEY=
FORGEJO_INTERNAL_TOKEN=
FORGEJO_JWT_SECRET=
FORGEJO_LFS_JWT_SECRET=
# ---------- Postgres ----------
POSTGRES_IMAGE=postgres:16-alpine
POSTGRES_DB=forgejo
POSTGRES_USER=forgejo
POSTGRES_PASSWORD= # auto-generated if empty
# ---------- Forgejo Actions runner ----------
RUNNER_IMAGE=code.forgejo.org/forgejo/runner:6
RUNNER_NAME=local-runner
# Override job container image (must be available locally; see runner-image/).
# RUNNER_JOB_IMAGE=forgejo-stack/job:latest
# RUNNER_BUILD_ANDROID_IMAGE=true # set false to skip the ~5 min android image build
# RUNNER_ANDROID_JOB_IMAGE=forgejo-stack/job-android:latest
# Concurrent jobs per runner. Each slot can saturate a CPU core during build —
# size to host capacity. Default 6; set to `nproc` on a dedicated CI host, or
# lower if the box is shared with workstation use.
# RUNNER_CAPACITY=6
# Extra `docker run` args forwarded into every job container. Default mounts a
# shared `actions/setup-*` toolcache (=AGENT_TOOLSDIRECTORY for catthehacker
# images) so Node/Go/Python downloads only happen once. Append more `-v ...`
# flags if you want to share additional caches.
# RUNNER_JOB_OPTIONS=-v forgejo-stack-hostedtoolcache:/opt/hostedtoolcache
# Named volumes referenced from RUNNER_JOB_OPTIONS must be allow-listed here
# (comma-separated) — forgejo-runner silently drops unlisted mounts with the
# warning "is not a valid volume, will be ignored". Keep in sync with the
# volume names used above.
# RUNNER_VALID_VOLUMES=forgejo-stack-hostedtoolcache
# ---------- Runner image yarn cache pre-warm ----------
# Comma-separated list of `<owner>/<repo>[@<branch>]` entries. The
# `runner-refresh` service polls each repo's yarn.lock + package.json and
# rebuilds forgejo-stack/job:latest whenever they change, so the in-image
# yarn offline cache stays current automatically. Branch defaults to the
# repo's default_branch. First-listed repo wins — its lockfile is what
# gets baked. Leave empty to disable pre-warm (the runner-refresh service
# idles in that case).
# RUNNER_CACHE_SEED_REPOS=forgejo_admin/exifcleaner-web
# Seconds between polls. 300 = 5 min. Lower for tighter latency on lockfile
# changes; bump if you don't want frequent docker builds.
# RUNNER_REFRESH_INTERVAL=300
# ---------- Internal network MTU ----------
# Default 1500 works on bare-metal LAN. Lower this when the host's default
# route goes through a VPN/tunnel (WireGuard typically ~1320-1420). Symptom of
# wrong MTU: yarn/npm/pip install hangs at "Fetching packages" with no error.
# Check tunnel MTU: ip link show $(ip route get 1.1.1.1 | grep -oP 'dev \K\S+')
INTERNAL_NETWORK_MTU=1500
# ---------- forgejo-mcp ----------
# Verified working image: ronmi/forgejo-mcp on Docker Hub, built from the
# raohwork/forgejo-mcp Go project (https://github.com/raohwork/forgejo-mcp).
# Entrypoint is /forgejo-mcp; default subcommand is "stdio".
# Configured via FORGEJOMCP_SERVER and FORGEJOMCP_TOKEN env vars.
FORGEJO_MCP_IMAGE=ronmi/forgejo-mcp:latest
FORGEJO_MCP_TOKEN= # auto-generated by bootstrap
FORGEJO_MCP_HTTP_PORT=8181 # host port for the HTTP/SSE MCP endpoint
# ---------- Bot users ----------
CLAUDE_BOT_USER=claude-bot
CLAUDE_BOT_EMAIL=claude-bot@localhost
CLAUDE_BOT_PASSWORD=
CLAUDE_BOT_TOKEN=
GEMINI_BOT_USER=gemini-bot
GEMINI_BOT_EMAIL=gemini-bot@localhost
GEMINI_BOT_PASSWORD=
GEMINI_BOT_TOKEN=
# ---------- LLM API keys (org-level secrets) ----------
ANTHROPIC_API_KEY=
GEMINI_API_KEY=
CLAUDE_BOT_ENABLED=true
GEMINI_BOT_ENABLED=true
# ---------- GitHub migration ----------
# Required only for migrate-from-github.sh. Scopes: repo, read:org
GITHUB_TOKEN=