I have also moved my git repositories to a self-hosted NUC. I have not yet bothered with a HTTP frontend to share it with the world, mostly because I don't want to provide AI scrapers with content and don't want to put the work in to block them.
It's a shame that all these companies that benefited from open source have poisoned the industry like this
I also have a self hosted Foregejo on a Pi (but probably not much longer) that acts as a mirror of my GitHub. The main issues I keep facing are:
- Repositories seem to mirror fine for a few weeks and stop. Pretty useless. I have a PAT token for it that does not expire, and yet it seems to claim otherwise, despite the token working elsewhere when I test it.
- Sometimes there is nothing in the logs, sometimes it's the database being locked for some reason. The only thing that uses the database is Forgejo.
- So far I haven't been able to tell if this is Forgejo, crappy SD IO on the Pi causing database locks, or Forgejo sucking at being a mirror.
> It's a shame that all these companies that benefited from open source have poisoned the industry like this
Open Source and the OSI are an industry plant. Look at who sponsors it.
The monopoly hyperscaler conglomerates get free labor and use it to build the world we despise: tracking panopticons, phones we can't install things on, device attestation, browser monoculture with no adblock, etc. etc.
Google made people fall in love with BSD/MIT, and look what it did.
Just a few of the classic plays:
"That Belongs to Us Now" - (1) vendors build stuff like Elasticsearch and Redis, (2) the hyperscalers yoink it into their proprietary offerings and take all the profits, (3) original authors and their companies starve.
"Embrace, Extend, Extinguish" - (1) vendors take an open source project like KTHML or Linux and build their version, (2) they flood the market with their offering, pushing out the competitors, (3) they use anti-competitive means to get their thing in front of all eyeballs, (4) once they have marketshare, they do evil things like add tracking and remove freedoms
Open Source needs to replaced with "freedom for the people, companies must pay". Source available shareware with anti-hyperscaler teeth.
Even Richard Stallman's licenses are not strong enough. CC BY-NC-SA is better.
"Pure" Open Source is corporate welfare. It was a mistake. It enabled giants to hang us with our own rope.
> Open Source and the OSI are an industry plant. Look at who sponsors it.
This is ignorant to the history of Open Source software. Software has been open long before it was subsidized by large corporations.
"Computer software was created in the early half of the 20th century.[2][3][4] In the 1950s and into the 1960s, almost all softwares were produced by academics and corporate researchers working in collaboration,[5] often shared as public-domain software." https://en.wikipedia.org/wiki/History_of_free_and_open-sourc...
One problem with all of these licenses is that however the code is available, we can’t practically prevent the LLM companies from training on it (especially given that they don’t respect IP laws anyway). No idea what to do about this. Wonder if communities will have to move to some kind of fractured system where source is gated behind a login.
Rough times out there for transparent organizations.
Why can't others just be "Others I disagree with"? Why it has to be some grand conspiracy?
I'm all for open source, most of what I do is released as MIT, almost never "Free Software", still doing the same thing since LLMs appeared, regardless of everything else.
I'm a real person, have nothing to do with OSI but willing to explain my position, as long as you take it as real opinions held by a real person, instead of going into conspiracy theory land. Ask me anything, I'll give you my honest perspective.
But our 25 year lax regulatory environment has created a world where the largest players abuse consumers and the competitive ecosystem.
Open source is one of the many strategies these companies have abused to create grave harm to our society. It's let them get further with our support and with less expenditure. It's given them an ethical smoke screen.
- Social media algorithms are the tobacco products of our century. Kids are growing up with a distorted sense of self worth, people are getting angrier and more polarized, and all of it is highly addictive - all to fuel corporate profits.
- The most popular and important computer form factor is controlled by a duopoly and we can't even own / repair / install / have rights to our devices.
- All hardware is becoming locked to device attestation, meanwhile companies are lobbying for "age verification" (read: full-on identity tracking).
- Distribution is being locked to monopolies. 92% of "URL bars" are owned by one company, and typing something into a computer goes through a bidding war protection racket.
I can go on and on about it. I shouldn't even have to. You know this.
A lot of this is because of a lack of proper competition. Since the DOJ / FTC / EU / ASEAN are being toothless (the latter are slowly waking up), the next best thing we can do is take away their open source abuse. Stop letting them use our work against us and the rest of the population.
Everyone seems to be leaving GitHub, and forgetting the entire spirit of what git is in my eyes. Git was always meant to be decentralized, the problem here is that all the tooling around git was centralized to GitHub because it was a cleaner experience, they scaled nicely, and were properly maintained. I would prefer to still see mirrors on GitHub that are auto-synched because I've seen projects for years either self-host or go somewhere niche, then the GitHub mirror dies or is removed, and said projects go poof to the sands of time for one reason or another, completely gone. Everyone seems to be picking some random git host alternative, and some of them are really simple to use.
Git is decentralized, GitHub is just another place you can host your code in, but you can push your code to multiple remote servers.
While I'm not forgetting the spirit of what Git is, I'm also remembering how GitHub used "all open repositories" to train their first Copilot without telling anyone.
So, no thanks. I'll not be committing any personal code there anymore.
And no, I don't care for the social aspects either. Discoverability, stars, and AI bot powered issue bombardment.
GitHub centralizes 2 things: Authentication, as well as Repository Hosting.
Does the code really need to be hosted in a central location like this? (Clearly not, which is why people are leaving GitHub in the first place)
But the one part GitHub provides that's genuinely valuable is the social aspect, and when you get a PR from a user named torvalds you can trust that this is in fact Linus. This isn't the case with more distributed systems.
That's why I'd really like to see some entity handle just the auth/identity providing. Forgejo/ Gitea/ Gitlab instances can then choose to use that. Then, for example if you want to take on another contributor and they have their own forgejo instances, you can invite them through this provider, when they fork your repo it ends up in their own forgejo, and they can easily create PR's into your repo.
GitHub is to git like Reddit was to forums. Centralized usernames and such were very nice, but it also has downsides that we’re now living with.
GitHub is still really, really nice in that it’s five seconds to throw up a repo that’s accessible worldwide (98% of the time lol) and everyone’s on there. Whatever replaces it (just like whatever replaces twitter) may be better in many ways, but it will be “worse” in others, even if just in splintering.
> That's why I'd really like to see some entity handle just the auth/identity providing. Forgejo/ Gitea/ Gitlab instances can then choose to use that. Then, for example if you want to take on another contributor and they have their own forgejo instances, you can invite them through this provider, when they fork your repo it ends up in their own forgejo, and they can easily create PR's into your repo.
Agree, I feel like a true alternative should focus on this missing piece to bridge the gap.
Forgejo is doing a lot of work to make the tooling decentralized, too. They are using open protocols and standards to link self hosted forges together.
Yes, but GitHub is more than just git. The most important aspect of the platform that everybody seems to forget is the social component and how easy it made to create a persistent, off-site repository and collaborate across repos.
People forget what FOSS is, and you get a world of unclear expectations. FOSS is code + a copyright license. How the code is created is an entirely different matter, and where FOSS projects often fall short. As FOSS projects come Forgejo is well-organized around a community governance model.
I agree with this. Moving the git repo is easy, moving the whole project surface is the hard part.
Issues, releases, CI, docs, security advisories, search and discoverability all tend to get coupled to GitHub over time.
For open-source projects, I like the idea of self-hosted as the source of truth, but still keeping a read-only GitHub mirror so people can actually find it.
...Maybe that's the answer, we need a "hub" for the smaller missing things to start, you pop in your git repository when you join, and it can sit as a thin layer over your repo with issues, releases, etc... Sounds like a lot of work, but doing it piecemeal would do it.
I think trying to re-host git itself might be more trouble than its worth. My kingdom for someone to build this so I don't have to use ADO boards anymore.
I don't think anyone is forgetting that, but most people don't care that much about the decentralized part. They care about it being user friendly, free and for companies if it has all the enterprise features / SSO etc. that they need.
Forgejo has both these things, I'd even argue Forgejo has a better runner than GitHub actions as it's less resource heavy and easier to debug when issues arise (only ran into one, and it was self inflicted).
I've also heard of Tangled [0] which is decentralized and built on the AT Protocol like Bluesky but also has some genuinely useful features that GitHub has been dragging its heels over in implementing, like PR stacking, such that entire companies have sprung up to add that feature in GitHub.
In "What I gave up" section author mentions his social graph. It is possible to take your social graph and collaboration history using GitSocial. It also allows cross-forge pull requests between any git hosts. All without 3rd party dependencies.
I run my own public instance of forgejo. Is this software I run on my own that syndicates other users' commits? GitHub *was* good for discovery; does GitSocial offer something similar? Are there ways I can push more of my contributions into GitSocial, or does that happen automatically when I start using it?
I think the GitSocial website would benefit from a "features and benefits" section rather than just a timeline view and demo, and I advise you to emphasize the benefits. I can see a TUI and a timeline of commits, but it seems like GitSocial is MUCH more exciting than just that.
To me, GitSocial offers freedom from corporate control and surveillance of my open source work, and that's really intriguing.
GitHub Actions is indeed the hard one to replace. I need Windows, Linux, Linux-ARM, macOS ARM, and macOS Intel runners. How do you guys using Forgejo and/or Codeberg do to get a similar matrix, hopefully at a low cost?
I’ve moved to self hosted gitea a year ago running in my homelab and not publicly accessible. No https, registrations disabled and repos are not public.
I’m thinking about making public instance and use it with https, but minimize the attack surface, any recommendations especially about gitea/forgejo?
When I adopted Foregjo I did so because I didn't like the sound of some political arguments across threads about some alleged security issues Foregjo raised with Gitea who allegedly ignored them.
What keeps you using Gitea? I'm wondering if I should try it over Foregejo now.
> I’m thinking about making public instance and use it with https, but minimize the attack surface, any recommendations especially about gitea/forgejo?
I've done this too in the past, I'm still running the internal/lan Forgejo instance, but not any public instance at the moment. But in the past, I've setup a public read-only instance, which mirrors my internal one, then one reverse-proxy connection from the internal to the public instance, which the public one uses for getting the git data. Then it mostly just kept on working by itself, whenever I changed anything in the internal Forgejo, the public one got updated, yet I could keep all issues, CI and more completely private and on lan.
Yup, I’ve done this. I use a fly.io proxy that runs nginx, fail2ban, and that forwards to my tailnet where Caddy resolves to the actual instance. It’s critical that you disable local registration - I have authentik (only available on the tailnet) as an IdP but you can also just disable reg after making your own account of course. I also have a robots.txt that disables some stuff like all the individual rendered git commit views otherwise scrapers get stuck in an endless loop and also I strictly forbid access to the forgejo package repository since I have some private packages and the permission granularity there is not what I want it to be, still dialing that in. I’m keeping an eye on it and so far nothing terrible has happened. docs.eblu.me if you would like details… I could also link straight to the infra code if you like.
You’re welcome! I only ran in to this last week and I might not have this straight yet because I haven’t had time to sit and untangle it. I have a private repo that has a release workflow that publishes a Python package to the forgejo package repository using my public user profile. I mistakenly assumed that because the repo was private the package would be as well but that link is not enough to set public/private and it is instead fully public. Listable and everything, no PAT needed. This is where I’m less clear: I think I could make my user profile private and this would hide the packages, but I want my profile public. So I just black-holed the entire packages api outside of the tailnet.
What if you don't want to self host? Who offers low feature git hosting for a small price? Something like the old $7 account before github was bought by MS?
All I want is hosting and a read only web interface, plus access control in case I have collaborators.
All the offerings are enterprise priced because they offer "minutes of CI", "AI assistants" and other icing on the cake.
This is literaly just a bare repo over ssh, and a gitweb interface.
It's too trivial for anyone to be selling that. And I don't think there's a large market for $5-$10 barebones setup when GH is free and you can self host.
> I'd be more curious as to why people are staying on GitHub
Vanity metrics.
GitHub initially tried to shy away from this, I remember conversations with early GitHub engineers trying to make sure "Stars" and "Followers" numbers were going into the direction of being just for vanity and popularity.
Then eventually the profile READMEs appeared, which people now use for showing even more vanity metrics and brag about how much code they can produce in how little days.
Since employers also ask you for a GitHub profile, it ends up being needed for new developers to make an entry into the industry, without it companies will basically ignore you. Unless you're really, really good, which to be honest, most of us aren't.
I have been using my self hosted forgejo in May, and liking it just fine, I recommend it for anybody who is curious. I don't really trust GitHub to keep things private anymore.
The hardest parts of switching to forgejo: 1) coming up with a comfortable way to pronounce "forgejo" in my head, and 2) adapting to not having the same GitHub v3 API and needing to switch to a different CLI for PR creation, repo creation, etc.
The pronunciation thing is probably the more difficult of the two.
People constantly cry out for decentralization.
In reality, however, most systems eventually end up centralized.
Perhaps when people ask for decentralization, they are actually seeking a new center where they can become the new pioneers.
It seems that when they feel they have no chance of winning under the existing rules, they use decentralization as a pretext to overturn the board.
It was more about the symbolism. If the goal is decentralization,
“I moved to a personal forge I control” is the post's core idea.
But framing it as “leaving GitHub for Forgejo” inevitably creates a new flag to gather around.
That may be useful and even necessary, but it also shows that decentralization movements often produce new centers, names, and identities.
What's the portability blocker with git? It's pretty easy to pull your repo and clone it to a new server, and you keep your history and everything I thought.
Nothing. That’s why SaaS providers like GitHub start to build up features like GitHub CI to lock people in. You can easily move the repo, but moving your full CI has a real cost that businesses will take into account when they are considering to move anything.
What do you think, what is the business for GitHub in providing limitless private and public repo hosting?
I think some people are mentally ill, and think decentralization is a libertarian ideal where they can have all benefits of society, but they don't have to pay for the roads, the fire department, etc. That some how, those things will spontaneously appear because of <free market babble>.
Others recognize there's some kind of more comfortable middle ground where decentralization means the same as a town/city/state type of social good that is independent and capable of working without larger centralized structures. Having to work towards it, pay money into it, etc, are expected but because the work that goes into maintaining the infrastructure has a clear line of derivation (taxes clearly go to X, Y, Z) would be a benefit.
It's typically the first class tho that dominates all conversations regarding decentralization, and that class includes the Epstein billionaires who just dont want laws to apply anywhere they want to do unethical, immoral and whatever. eg, money is the only law.
It could be a strategy, or it could be a sense of ethics. And your point makes sense, and I also agree with you. The first part of your comment is a bit harsh, but if you soften your reply a bit, it matches my thoughts. I'm giving you an upvote because I agree with your idea.
I moved all my repos (well, I have two left to move) to https://forge.sciactive.com which is also a self hosted Forgejo instance. It was a really easy process, and I’m really impressed with Forgejo.
I now use syncthing for the .git directory, excluding HEAD file and a few others, between my few devices and a vps on hetzner.
Most of git is append only immutable blobs - just sharing these between devices just works for me. "users" and authentication is handled by syncthing.
I have pre and post hooks to make sure no device tries to change HEAD of branch owned by another device, just to be safe, be it hasn't been activated once yet.
If you have a VPS that's always running, you can just use it as a git remote through SSH without moving things around or any third party software, just put the Git repo on the VPS and clone it via "git clone ssh://user@host/path". You get authentication, encryption and synchronization out of the box with just ssh/git.
Had to vouch for your comment, not sure why it was marked as dead.
Definitively the easiest way to approach this, and the most standard way too. If you already have ssh, which I'm guessing you do if you managed to setup syncthing on it in the first place, then you can literally just point git to host+path and it'll use whatever ssh authentication you already have in place.
One of my friends made fremforge.com (an EU-sovereign CI/CD with Git included). It's currently in closed beta but goes live next week (tm). It is built upon Forgejo and EU-based services using T-Cloud as the underlying hyperscaler. Have a look! I don't make any money from it, by the way. And yes, it will cost a little bit, but rest assured: because you are paying for it, you will not be the product.
“It’s not because of outages” - goes on to complain about outages.
The outages might be due to AI load, but that’s to relevant because your leaving isn’t due to outages. Even though the article is primarily about outages.
If you have a problem with your code being scanned for AI training, then write that article.
Didn’t realize the Dutch government was rad until I read this.
Frankly, the modern internet as a whole is scary. Google has so much power, Github, Meta, etc., they all control such fundamental parts of society now and get to run free since they’re private companies. Not saying they should be government owned, that would drastically worse, but some more detailed oversight would be nice.
I got my own Forgejo, but I'm still on Github. That's the easiest way to check what the people I follow push, comment or star. I like this part of Github a lot.
I keep CI/CD super super simple, but was able to set it up for my Python repos in 15 minutes, with compatibility with GitHub actions (using the same yaml file at the same path)
From personal experience, there have been a few papercuts (mostly trying to figure out why runners aren't picking up jobs), but it isn't too hard to debug and the CI format is simple. When it works, it works well enough. It uses a similar workflow as GitHub actions. Some, but not all, actions are even interchangeable or at least portable from GitHub without much fuss.
I have also moved my git repositories to a self-hosted NUC. I have not yet bothered with a HTTP frontend to share it with the world, mostly because I don't want to provide AI scrapers with content and don't want to put the work in to block them.
It's a shame that all these companies that benefited from open source have poisoned the industry like this
I also have a self hosted Foregejo on a Pi (but probably not much longer) that acts as a mirror of my GitHub. The main issues I keep facing are:
- Repositories seem to mirror fine for a few weeks and stop. Pretty useless. I have a PAT token for it that does not expire, and yet it seems to claim otherwise, despite the token working elsewhere when I test it.
- Sometimes there is nothing in the logs, sometimes it's the database being locked for some reason. The only thing that uses the database is Forgejo.
- So far I haven't been able to tell if this is Forgejo, crappy SD IO on the Pi causing database locks, or Forgejo sucking at being a mirror.
Probably the mirror? I have zero problems like that on my Forgejo Pi setup. I am not mirroring
> It's a shame that all these companies that benefited from open source have poisoned the industry like this
Open Source and the OSI are an industry plant. Look at who sponsors it.
The monopoly hyperscaler conglomerates get free labor and use it to build the world we despise: tracking panopticons, phones we can't install things on, device attestation, browser monoculture with no adblock, etc. etc.
Google made people fall in love with BSD/MIT, and look what it did.
Just a few of the classic plays:
"That Belongs to Us Now" - (1) vendors build stuff like Elasticsearch and Redis, (2) the hyperscalers yoink it into their proprietary offerings and take all the profits, (3) original authors and their companies starve.
"Embrace, Extend, Extinguish" - (1) vendors take an open source project like KTHML or Linux and build their version, (2) they flood the market with their offering, pushing out the competitors, (3) they use anti-competitive means to get their thing in front of all eyeballs, (4) once they have marketshare, they do evil things like add tracking and remove freedoms
Open Source needs to replaced with "freedom for the people, companies must pay". Source available shareware with anti-hyperscaler teeth.
Even Richard Stallman's licenses are not strong enough. CC BY-NC-SA is better.
"Pure" Open Source is corporate welfare. It was a mistake. It enabled giants to hang us with our own rope.
> Open Source and the OSI are an industry plant. Look at who sponsors it.
This is ignorant to the history of Open Source software. Software has been open long before it was subsidized by large corporations.
"Computer software was created in the early half of the 20th century.[2][3][4] In the 1950s and into the 1960s, almost all softwares were produced by academics and corporate researchers working in collaboration,[5] often shared as public-domain software." https://en.wikipedia.org/wiki/History_of_free_and_open-sourc...
One problem with all of these licenses is that however the code is available, we can’t practically prevent the LLM companies from training on it (especially given that they don’t respect IP laws anyway). No idea what to do about this. Wonder if communities will have to move to some kind of fractured system where source is gated behind a login.
Rough times out there for transparent organizations.
Why can't others just be "Others I disagree with"? Why it has to be some grand conspiracy?
I'm all for open source, most of what I do is released as MIT, almost never "Free Software", still doing the same thing since LLMs appeared, regardless of everything else.
I'm a real person, have nothing to do with OSI but willing to explain my position, as long as you take it as real opinions held by a real person, instead of going into conspiracy theory land. Ask me anything, I'll give you my honest perspective.
When you come into a convo saying even Stallman isn't extreme enough, it's probably a good time to take a step back and evaluate your life.
I don't see a reason anyone needs to stop and evaluate their life for this reason.
Is it a danger to anyone, or damaging in any way? I think not.
Does one have to be a danger before they should evaluate their life? I sure hope not.
I'm actually a capitalist.
But our 25 year lax regulatory environment has created a world where the largest players abuse consumers and the competitive ecosystem.
Open source is one of the many strategies these companies have abused to create grave harm to our society. It's let them get further with our support and with less expenditure. It's given them an ethical smoke screen.
- Social media algorithms are the tobacco products of our century. Kids are growing up with a distorted sense of self worth, people are getting angrier and more polarized, and all of it is highly addictive - all to fuel corporate profits.
- The most popular and important computer form factor is controlled by a duopoly and we can't even own / repair / install / have rights to our devices.
- All hardware is becoming locked to device attestation, meanwhile companies are lobbying for "age verification" (read: full-on identity tracking).
- Distribution is being locked to monopolies. 92% of "URL bars" are owned by one company, and typing something into a computer goes through a bidding war protection racket.
I can go on and on about it. I shouldn't even have to. You know this.
A lot of this is because of a lack of proper competition. Since the DOJ / FTC / EU / ASEAN are being toothless (the latter are slowly waking up), the next best thing we can do is take away their open source abuse. Stop letting them use our work against us and the rest of the population.
Everyone seems to be leaving GitHub, and forgetting the entire spirit of what git is in my eyes. Git was always meant to be decentralized, the problem here is that all the tooling around git was centralized to GitHub because it was a cleaner experience, they scaled nicely, and were properly maintained. I would prefer to still see mirrors on GitHub that are auto-synched because I've seen projects for years either self-host or go somewhere niche, then the GitHub mirror dies or is removed, and said projects go poof to the sands of time for one reason or another, completely gone. Everyone seems to be picking some random git host alternative, and some of them are really simple to use.
Git is decentralized, GitHub is just another place you can host your code in, but you can push your code to multiple remote servers.
While I'm not forgetting the spirit of what Git is, I'm also remembering how GitHub used "all open repositories" to train their first Copilot without telling anyone.
So, no thanks. I'll not be committing any personal code there anymore.
And no, I don't care for the social aspects either. Discoverability, stars, and AI bot powered issue bombardment.
I'm fine like this.
Also, remember, "Open Source is not about You".
GitHub centralizes 2 things: Authentication, as well as Repository Hosting.
Does the code really need to be hosted in a central location like this? (Clearly not, which is why people are leaving GitHub in the first place)
But the one part GitHub provides that's genuinely valuable is the social aspect, and when you get a PR from a user named torvalds you can trust that this is in fact Linus. This isn't the case with more distributed systems.
That's why I'd really like to see some entity handle just the auth/identity providing. Forgejo/ Gitea/ Gitlab instances can then choose to use that. Then, for example if you want to take on another contributor and they have their own forgejo instances, you can invite them through this provider, when they fork your repo it ends up in their own forgejo, and they can easily create PR's into your repo.
GitHub is to git like Reddit was to forums. Centralized usernames and such were very nice, but it also has downsides that we’re now living with.
GitHub is still really, really nice in that it’s five seconds to throw up a repo that’s accessible worldwide (98% of the time lol) and everyone’s on there. Whatever replaces it (just like whatever replaces twitter) may be better in many ways, but it will be “worse” in others, even if just in splintering.
Signed commits could solve this in a more decentralized way if people post their public keys on their own domains.
> That's why I'd really like to see some entity handle just the auth/identity providing. Forgejo/ Gitea/ Gitlab instances can then choose to use that. Then, for example if you want to take on another contributor and they have their own forgejo instances, you can invite them through this provider, when they fork your repo it ends up in their own forgejo, and they can easily create PR's into your repo.
Agree, I feel like a true alternative should focus on this missing piece to bridge the gap.
Forgejo is doing a lot of work to make the tooling decentralized, too. They are using open protocols and standards to link self hosted forges together.
I can’t wait for federation in Forgejo. With that, there’s honestly no reason not to host your own forge.
Yes, but GitHub is more than just git. The most important aspect of the platform that everybody seems to forget is the social component and how easy it made to create a persistent, off-site repository and collaborate across repos.
The "social component" is a big problem in actual FOSS.
People forget what FOSS is, and you get a world of unclear expectations. FOSS is code + a copyright license. How the code is created is an entirely different matter, and where FOSS projects often fall short. As FOSS projects come Forgejo is well-organized around a community governance model.
I agree with this. Moving the git repo is easy, moving the whole project surface is the hard part.
Issues, releases, CI, docs, security advisories, search and discoverability all tend to get coupled to GitHub over time.
For open-source projects, I like the idea of self-hosted as the source of truth, but still keeping a read-only GitHub mirror so people can actually find it.
...Maybe that's the answer, we need a "hub" for the smaller missing things to start, you pop in your git repository when you join, and it can sit as a thin layer over your repo with issues, releases, etc... Sounds like a lot of work, but doing it piecemeal would do it.
I think trying to re-host git itself might be more trouble than its worth. My kingdom for someone to build this so I don't have to use ADO boards anymore.
I don't think anyone is forgetting that, but most people don't care that much about the decentralized part. They care about it being user friendly, free and for companies if it has all the enterprise features / SSO etc. that they need.
I think you're forgetting issue tracking and CI.
Forgejo has both these things, I'd even argue Forgejo has a better runner than GitHub actions as it's less resource heavy and easier to debug when issues arise (only ran into one, and it was self inflicted).
I've also heard of Tangled [0] which is decentralized and built on the AT Protocol like Bluesky but also has some genuinely useful features that GitHub has been dragging its heels over in implementing, like PR stacking, such that entire companies have sprung up to add that feature in GitHub.
Has anyone tried this?
[0] https://tangled.org/
In "What I gave up" section author mentions his social graph. It is possible to take your social graph and collaboration history using GitSocial. It also allows cross-forge pull requests between any git hosts. All without 3rd party dependencies.
Thank you for this, GitSocial is a very cool piece of software!
github is a social network. git hosting is just a minor feature. thats why none of these alternatives ever take off .
TIL. Thanks!
You're welcome! I'm the creator of GitSocial, happy to answer any questions.
I'm very interested.
I run my own public instance of forgejo. Is this software I run on my own that syndicates other users' commits? GitHub *was* good for discovery; does GitSocial offer something similar? Are there ways I can push more of my contributions into GitSocial, or does that happen automatically when I start using it?
I think the GitSocial website would benefit from a "features and benefits" section rather than just a timeline view and demo, and I advise you to emphasize the benefits. I can see a TUI and a timeline of commits, but it seems like GitSocial is MUCH more exciting than just that.
To me, GitSocial offers freedom from corporate control and surveillance of my open source work, and that's really intriguing.
GitHub Actions is indeed the hard one to replace. I need Windows, Linux, Linux-ARM, macOS ARM, and macOS Intel runners. How do you guys using Forgejo and/or Codeberg do to get a similar matrix, hopefully at a low cost?
CircleCI?
I’ve moved to self hosted gitea a year ago running in my homelab and not publicly accessible. No https, registrations disabled and repos are not public.
I’m thinking about making public instance and use it with https, but minimize the attack surface, any recommendations especially about gitea/forgejo?
When I adopted Foregjo I did so because I didn't like the sound of some political arguments across threads about some alleged security issues Foregjo raised with Gitea who allegedly ignored them.
What keeps you using Gitea? I'm wondering if I should try it over Foregejo now.
> I’m thinking about making public instance and use it with https, but minimize the attack surface, any recommendations especially about gitea/forgejo?
I've done this too in the past, I'm still running the internal/lan Forgejo instance, but not any public instance at the moment. But in the past, I've setup a public read-only instance, which mirrors my internal one, then one reverse-proxy connection from the internal to the public instance, which the public one uses for getting the git data. Then it mostly just kept on working by itself, whenever I changed anything in the internal Forgejo, the public one got updated, yet I could keep all issues, CI and more completely private and on lan.
Yup, I’ve done this. I use a fly.io proxy that runs nginx, fail2ban, and that forwards to my tailnet where Caddy resolves to the actual instance. It’s critical that you disable local registration - I have authentik (only available on the tailnet) as an IdP but you can also just disable reg after making your own account of course. I also have a robots.txt that disables some stuff like all the individual rendered git commit views otherwise scrapers get stuck in an endless loop and also I strictly forbid access to the forgejo package repository since I have some private packages and the permission granularity there is not what I want it to be, still dialing that in. I’m keeping an eye on it and so far nothing terrible has happened. docs.eblu.me if you would like details… I could also link straight to the infra code if you like.
Hey thanks for the answer and link to docs. I don’t use tailscale, it’s running in a NUC, accessible with wireguard for now. (Docker + 4 runners)
I try to keep things simple in the homelab and thinking only using fail2ban and caddy reverse proxy and expose it.
Package registry isn’t private by default and accessible with PAT. Or am I mistaken?
You’re welcome! I only ran in to this last week and I might not have this straight yet because I haven’t had time to sit and untangle it. I have a private repo that has a release workflow that publishes a Python package to the forgejo package repository using my public user profile. I mistakenly assumed that because the repo was private the package would be as well but that link is not enough to set public/private and it is instead fully public. Listable and everything, no PAT needed. This is where I’m less clear: I think I could make my user profile private and this would hide the packages, but I want my profile public. So I just black-holed the entire packages api outside of the tailnet.
What if you don't want to self host? Who offers low feature git hosting for a small price? Something like the old $7 account before github was bought by MS?
All I want is hosting and a read only web interface, plus access control in case I have collaborators.
All the offerings are enterprise priced because they offer "minutes of CI", "AI assistants" and other icing on the cake.
This is literaly just a bare repo over ssh, and a gitweb interface.
It's too trivial for anyone to be selling that. And I don't think there's a large market for $5-$10 barebones setup when GH is free and you can self host.
Just hosting the code is hard now, right? The hosting company is signing up for a battle against infinite-appetite scraping organizations.
I think Gitlab is probably the best option, or gitea. Personally I'm not a fan of Codeberg - I think their licensing is a mess.
SourceHut sounds very close to what you describe: https://sr.ht/
Unfortunately all the current managed offerings aren't very good. I'm still wondering why nobody starts a new startup
There are multiple alternatives to Github for example Gitlab, Codeberg or sourcehut
At this point I really don't think this needs to be justified. I'd be more curious as to why people are staying on GitHub.
> I'd be more curious as to why people are staying on GitHub
Vanity metrics.
GitHub initially tried to shy away from this, I remember conversations with early GitHub engineers trying to make sure "Stars" and "Followers" numbers were going into the direction of being just for vanity and popularity.
Then eventually the profile READMEs appeared, which people now use for showing even more vanity metrics and brag about how much code they can produce in how little days.
Since employers also ask you for a GitHub profile, it ends up being needed for new developers to make an entry into the industry, without it companies will basically ignore you. Unless you're really, really good, which to be honest, most of us aren't.
I'm making my jump over to Tangled, which is built on the AT Protocol (so it uses the same account as Bluesky and others). I'm finding it lovely.
https://vale.rocks/micros/20260511-0440
I have been self-hosting Forgejo for some time now. It is impressively easy to maintain and operate. I can highly recommend giving it a spin.
It was a sad day when Microsoft bought GitHub, we all know eventually it will go the way of Hotmail and Skype.
I have been using my self hosted forgejo in May, and liking it just fine, I recommend it for anybody who is curious. I don't really trust GitHub to keep things private anymore.
The hardest parts of switching to forgejo: 1) coming up with a comfortable way to pronounce "forgejo" in my head, and 2) adapting to not having the same GitHub v3 API and needing to switch to a different CLI for PR creation, repo creation, etc.
The pronunciation thing is probably the more difficult of the two.
Apparently it's pronounced (phonetically) as for-JAY-oh, an audio sample is here: https://forgejo.org/faq/
You piqued my curiosity :)
edit: Ah, I was beaten to the punch :(
They make it rather easy by providing an audio pronunciation: https://forgejo.org/static/forgejo.mp4
With my American accent, I don't quite say it exactly like the recording, but pretty close: "for-JAY-oh"
People constantly cry out for decentralization. In reality, however, most systems eventually end up centralized. Perhaps when people ask for decentralization, they are actually seeking a new center where they can become the new pioneers. It seems that when they feel they have no chance of winning under the existing rules, they use decentralization as a pretext to overturn the board.
If only you bothered to read the first line of the article, directly under the title:
>I moved my code from GitHub to a self-hosted Forgejo
My ponit was not against self-hosting.
It was more about the symbolism. If the goal is decentralization, “I moved to a personal forge I control” is the post's core idea. But framing it as “leaving GitHub for Forgejo” inevitably creates a new flag to gather around.
That may be useful and even necessary, but it also shows that decentralization movements often produce new centers, names, and identities.
I think decentralization is the wrong answer for what people really need: portability.
What's the portability blocker with git? It's pretty easy to pull your repo and clone it to a new server, and you keep your history and everything I thought.
Nothing. That’s why SaaS providers like GitHub start to build up features like GitHub CI to lock people in. You can easily move the repo, but moving your full CI has a real cost that businesses will take into account when they are considering to move anything.
What do you think, what is the business for GitHub in providing limitless private and public repo hosting?
I think some people are mentally ill, and think decentralization is a libertarian ideal where they can have all benefits of society, but they don't have to pay for the roads, the fire department, etc. That some how, those things will spontaneously appear because of <free market babble>.
Others recognize there's some kind of more comfortable middle ground where decentralization means the same as a town/city/state type of social good that is independent and capable of working without larger centralized structures. Having to work towards it, pay money into it, etc, are expected but because the work that goes into maintaining the infrastructure has a clear line of derivation (taxes clearly go to X, Y, Z) would be a benefit.
It's typically the first class tho that dominates all conversations regarding decentralization, and that class includes the Epstein billionaires who just dont want laws to apply anywhere they want to do unethical, immoral and whatever. eg, money is the only law.
It could be a strategy, or it could be a sense of ethics. And your point makes sense, and I also agree with you. The first part of your comment is a bit harsh, but if you soften your reply a bit, it matches my thoughts. I'm giving you an upvote because I agree with your idea.
The first paragraph comes from the Epstein files. https://www.theguardian.com/technology/2026/feb/09/jeffrey-e...
I moved all my repos (well, I have two left to move) to https://forge.sciactive.com which is also a self hosted Forgejo instance. It was a really easy process, and I’m really impressed with Forgejo.
I now use syncthing for the .git directory, excluding HEAD file and a few others, between my few devices and a vps on hetzner.
Most of git is append only immutable blobs - just sharing these between devices just works for me. "users" and authentication is handled by syncthing.
I have pre and post hooks to make sure no device tries to change HEAD of branch owned by another device, just to be safe, be it hasn't been activated once yet.
Super interesting, mind sharing your exclusions and hooks?
If you have a VPS that's always running, you can just use it as a git remote through SSH without moving things around or any third party software, just put the Git repo on the VPS and clone it via "git clone ssh://user@host/path". You get authentication, encryption and synchronization out of the box with just ssh/git.
Had to vouch for your comment, not sure why it was marked as dead.
Definitively the easiest way to approach this, and the most standard way too. If you already have ssh, which I'm guessing you do if you managed to setup syncthing on it in the first place, then you can literally just point git to host+path and it'll use whatever ssh authentication you already have in place.
Can hardly get simpler :)
One of my friends made fremforge.com (an EU-sovereign CI/CD with Git included). It's currently in closed beta but goes live next week (tm). It is built upon Forgejo and EU-based services using T-Cloud as the underlying hyperscaler. Have a look! I don't make any money from it, by the way. And yes, it will cost a little bit, but rest assured: because you are paying for it, you will not be the product.
“It’s not because of outages” - goes on to complain about outages.
The outages might be due to AI load, but that’s to relevant because your leaving isn’t due to outages. Even though the article is primarily about outages.
If you have a problem with your code being scanned for AI training, then write that article.
But this article is about outages.
For self hosting... and personal code repo, why not just git... and expose something like Stagit for the web?
CI/CD, package registry, issue tracking in one place?
Fair enough for the formers.
Issue tracking though...
Didn’t realize the Dutch government was rad until I read this.
Frankly, the modern internet as a whole is scary. Google has so much power, Github, Meta, etc., they all control such fundamental parts of society now and get to run free since they’re private companies. Not saying they should be government owned, that would drastically worse, but some more detailed oversight would be nice.
some of my identity is built around github, i think im in love with the github brand
also: releases, packages, actions... its all very convenient
"The Dutch government's choice of Forgejo, not GitLab, was deliberate."
And since Gitlab seems to have looked over at what is happening at Github and decided, we want some of that, that was probably the right choice.
Question for anyone, why do people use GitHub or an alternative rather than just spinning up your own Gitea docker container or similar?
I got my own Forgejo, but I'm still on Github. That's the easiest way to check what the people I follow push, comment or star. I like this part of Github a lot.
Is Forgejo Actions any good? CI/CD would be cool.
We just released support for Forgejo with RWX CI/CD: https://www.rwx.com/docs/getting-started/forgejo
I keep CI/CD super super simple, but was able to set it up for my Python repos in 15 minutes, with compatibility with GitHub actions (using the same yaml file at the same path)
From personal experience, there have been a few papercuts (mostly trying to figure out why runners aren't picking up jobs), but it isn't too hard to debug and the CI format is simple. When it works, it works well enough. It uses a similar workflow as GitHub actions. Some, but not all, actions are even interchangeable or at least portable from GitHub without much fuss.
It’s act runner. So you can continue using GitHub actions with minor changes