I’ve started building a small decentralized, non commercial app with a Rust backend + Node.js frontend running on k8s. I would have my own dedicated server for this. Just mentioning the setup because it might grow and for git there seem to be only GitHub and GitLab around and I prefer GitLab.
I care a lot about security and was wondering if it makes sense to self-host GitLab. I‘m not afraid of doing it, but after setup it shouldn’t take more than 1-2 hours per week for me to maintain it in the long run and I’m wondering if that’s realistic.
Would love to hear about the experience of people who did what I’m planning to do.
EDIT: Thanks for all the answers, trying my best to reply. I want CI/CD, container registry and secrets management that’s what I was hoping to get out of GitLab.
For self hosting there is also https://forgejo.org/ which is a fork of https://about.gitea.com/ , the latter of which started to shift to a corporate model.
technically the same as forgejo, codeberg is the main forgejo contributor/the org owning it
Quick question: forgejo is the git program that you can install self host a git server, while codeberg is probably the biggest forgejo-kind git server that is open to the public, right?
I dont have a home server to host forgejo (yet?), so I’m thinking of making an account on codeberg, is that correct reasoning?
I did an inplace upgrade of gitea to forgejo. No issues.
I’ve been self hosting this for 2 or 3 years now.
There has been zero maintenance other than the occasional update button
I use it for my docker compose files that portainer pulls from with the click of the button to update my containers when needed.
I edit the files in VS code with the git plugin and it works without issue
Thanks! This looks actually really interesting. Did you try doing CI/CD with it? In future I would probably collaborate with others who’d be also using my self-hosted Git. What would be critical for me is that I can set it up in a way that once I open a PR that branch automatically gets deployed to a dev Kubernetes environment and when I merge with main that it automatically deploys to staging and only when I release a tag the branch would end up in prod. Also I’d like to do secrets management over the platform. I like that Forgejo would be non-commercial and I would prefer it over GitLab if it can do these things well.
I remember Gitlab requiring quite a large amount of resources, so if you’re talking about a solo project, I’d skip it and go with something a lot leaner like Gitea, personally.
I’ve never had any security issues with GitHub in the past though, and extended features are free for open source projects, so it’s kind of hard to ignore.
I am selfhosting my Gitlab and it’s one of the less troubling services I run.
I followed their documentation for setup and update gitlab biyearly, as far as I remembered I never had to revert to a backup, even after I skipped updates for a little over a year.
Thanks! What resources are you running it on? I’m looking into a VPS that could host it and ChatGPT recommends 4-8 vCPUs and 16 GB Ram, which sounds reasonable. But let’s say I’m running it on k8s does that leave any room for e.g. running other services on the same cluster?
The container itself has been allocated 4 cores and 4 GiB RAM on my PVE host, RAM usage currently sits at 75%. Before I had 2 GiB of RAM allocated, felt like it was slowed down a little bit by running from a HDD then. The host CPU is an i5-9400, so nothing beefy.
Besides Gitlab, I run Home Assistant, a single tenant Nextcloud instance and pfsense on the same host without any troubles. All services combined have 14 GiB Ram allocated, most of that actually goes to HASS since its doing speech recognition and speech synthesis (6GiB)
I tried hosting Gitlab for a while, but configuration and upgrades were difficult, and your really have to stay on top of updates due to vulnerabilities. It also used a lot of resources and wasn’t super responsive.
I moved to Forgejo (a hard fork of Gitea), and haven’t looked back; I cant recommend it enough. It’s fast, doesn’t take a lot of resources, actively developed, and has all the features I need.
Codeberg is a public instance of Forgejo if you want to try it out first.
Thanks! May I ask what kind of setup you were running and if there’s any feature you might be missing that existed in GitLab but doesn’t in Forgejo?
I was on an old repurposed desktop with 16gb ram and a i7 6700k at the time.
I haven’t felt that I’ve been missing any features from Gitlab. I do use Woodpecker-CI for runners because Forgejo action’s weren’t working for Docker builds, but I think the Forgejo actions have come a long way since I made that decision; I’ll have to try them out again one of these days.
First question is why do you want a forge ? Knowing the feature you need out of it is what should drive your decision.
Personally I would question the benefit of allocating ~5% of your work time to anything that isn’t core building your product but that’s up to you.
Yea a surprisingly small number of people don’t know a git remote can literally be any folder outside of your tree, over almost any kind of connection.
I thought about doing a forge but realized that if I was the only one working on this stuff then I could do the same thing by setting my remote to a folder on my NAS.
Yup, for a solo project that you don’t want to share I would even argue that a forge is close to pointless.
Any ssh remote will work as a backup, you can run the ci/cd task on your own computer just fine (very likely faster even), you obviously don’t need to send PR and request code review to yourself and if a TODO.md isn’t enough to keep track of tasks there’s a billions lightweight task/note tracker.
I use github because I’m a lazy and it works fine as a backup but I don’t need 99% of the features for my pet projects.
I would deploy the whole app over k8s Helm charts and I would want to use the CI/CD tools and also do Traefik/Ingress for load balancing and having cloudflare point at it. In the future I might be collaborating with other people so I would want the architecture to be solid.