From the very get go, this site has been written in markup and then built and deployed via CI/CD. As of today, through several iterations, the exact same thing is happening but all of it is happening on my own infrastructure via Forgejo.
Note: This is not a how-to post, I hope to make a Getting Started guide one day. Most posts here are written for me and maybe a couple other people find it helpful, this one is probably a pretty firm audience of 1.
I just wanted to quickly mark the occasion and capture some of the history today. Capturing the history is an interesting phrase here since this site has always been hosted via a public repo, so the history has always been out there. The main motivation was to learn the world of Continuous Integration and Continuous Deployment (CI/CD) through hands-on experience, do work in the open (scary!), and ‘own’ my own content. And while those goals were met from the beginning the last one was ill-defined as best. I did have all my words and photos in plain text and files and not snarfled up into some database or binary blob, but I was still dependent upon the infrastructure and availability of a platform run by someone else.
I started the hosting of this site with Sourcehut’s CI/CD and Pages for static deployment. I still think that their solution for having a git repo that builds and deploys to their Pages is the simplest and most elegant. I was and continue to be happy with what they provide. However, there was a time when they were getting brutally attacked via denial of service bots and that got me thinking more about my setup. While this site isn’t mission critical and I already had the source and could go elsewhere I wanted to have more control and understanding and hence wanted serve my own site.
I’m grateful that Sourcehut has an excellent selection of images so I was able to use the same Nix flake to build and test locally that would be used on Sourcehut. A Nix container based build system allows for reproducibility, which makes also portability easy, so I could be confident that the same output hosted by Sourcehut is what I was getting locally (and wherever I decide to build). So I started serving my site from a VPS via Caddy which was already doing a lot of reverse-proxying. With a simple DNS change I was serving my own site. But this wasn’t going to be great long term since it required me to build locally and then deploy manually, kicking everything off with a simple git push was a luxury I was too accustomed to. I did briefly consider going to Codeberg (which I consider the canonical public repo for this site at this point) but it didn’t solve the control issue and Codeberg actions don’t provide a Nix image anyway (yet). I would like to keep the Codeberg option alive as a backup in the future and I’m running Forgejo so a move or fallback would be seamless.
Forgejo, finally, the titular character! I’ve run Forgejo, and Gitea before that, for many years and it has been awesome to see all the great functionality that has been added over time (Actions for instance). I am also very much looking forward Forgejo’s federation, the real promise of distributed development and collaboration. I’ve wanted to move the CI/CD infrastructure to Forgejo but had to work through several things:
- Get Forgejo actions setup locally
- Learn the github actions syntax
- Work around the fact that checkout action doesn’t work due to node missing from the image (then realizing I needed to clone over SSH anyway)
- Setup secrets management for both the clone and the deploy
- Work through forgejo-runner on Podman, with help from great article by Jan as always
- Move the runner on the VPS
- Setup a systemd service
- And it all works, yay!
This is all running on my Forgejo instance but I’m not exposing that to the web. Just seeing how hard my static site gets hit with bots, expensive end-points like git will knock me over in no time (eventually maybe with Anubis in the middle). So Codeberg will remain my public remain facing repo and the main branch will reflect what is deployed on the site.
PS: Ironically, looks like Codeberg is suffering another outage (bots no doubt) at this moment so another reason to use my own infrastructure and lighten the load where possible. I’ll keep supporting Codeberg and Sourcehut, we need these great alternatives!
PPS: GNU elpa is down too, what a confluence, really driving home the point of reducing dependencies today. I might need to bake in an image everything I need and serve that from my own container registry (like I needed an excuse to fall deeper into rabbit holes).
¹Mascot is licensed under CC BY-SA 4.0 
.