Erich Blume
3017f759a7
## Summary - Migrate Forgejo from Homebrew to source-built binary with mcquack LaunchAgent - Matches the established pattern used by zot, caddy, and alloy - Upgrades to v14.0.3 (7 security fixes: PKCE bypass, OAuth scope bypass, open redirect, and more) ## Changes - **Ansible role**: Replace brew install/services with binary stat check + LaunchAgent - **Paths**: `/opt/homebrew/var/forgejo` → `~/forgejo`, binary at `~/code/3rd/forgejo/forgejo` - **Run user**: `forgejo` → `erichblume` (LaunchAgent user; SSH git user stays `forgejo`) - **Docs**: Updated Forgejo reference card, restart-indri guide - **Service review**: Stamped frigate-notify, cloudnative-pg, blumeops-pg as current ## One-time migration steps (manual, on indri) 1. Clone from Codeberg, add forge mirror remote 2. Check out v14.0.3, build with `make build && make forgejo` 3. Stop brew, `cp -a` data to `~/forgejo`, fix ownership 4. Run `provision-indri --tags forgejo` 5. Verify, then `brew uninstall forgejo` ## Data safety - `cp -a` preserves everything (repos, SQLite DB, LFS, sessions, OAuth config) - Brew version stays installed as rollback until verification passes - No schema changes between 14.0.2 → 14.0.3 Reviewed-on: #316
26 lines
769 B
Django/Jinja
26 lines
769 B
Django/Jinja
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!-- {{ ansible_managed }} -->
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>Label</key>
|
|
<string>mcquack.eblume.forgejo</string>
|
|
<key>ProgramArguments</key>
|
|
<array>
|
|
<string>{{ forgejo_binary }}</string>
|
|
<string>-w</string>
|
|
<string>{{ forgejo_work_path }}</string>
|
|
<string>-c</string>
|
|
<string>{{ forgejo_config_path }}</string>
|
|
<string>web</string>
|
|
</array>
|
|
<key>RunAtLoad</key>
|
|
<true/>
|
|
<key>KeepAlive</key>
|
|
<true/>
|
|
<key>StandardOutPath</key>
|
|
<string>{{ forgejo_log_dir }}/mcquack.forgejo.out.log</string>
|
|
<key>StandardErrorPath</key>
|
|
<string>{{ forgejo_log_dir }}/mcquack.forgejo.err.log</string>
|
|
</dict>
|
|
</plist>
|