admin: installation: rootless data is in /var/lib/gitea by default

Refs: https://codeberg.org/forgejo/forgejo/issues/3869
(cherry picked from commit dc67b3c83a)

.forgejo/workflows/links.yml

@@ -1,35 +0,0 @@
-name: Links
-
-on:
-  schedule:
-    - cron: '00 18 * * *'
-jobs:
-  linkChecker:
-    runs-on: docker
-    steps:
-      - name: Checkout next
-        uses: actions/checkout@v4
-
-      - name: Checkout v7
-        uses: actions/checkout@v4
-        with:
-          path: v7
-
-      - name: Install lychee
-        run: |
-          curl -sLO "https://github.com/lycheeverse/lychee/releases/download/v0.15.0/lychee-v0.15.0-x86_64-unknown-linux-gnu.tar.gz"
-          tar -xvzf "lychee-v0.15.0-x86_64-unknown-linux-gnu.tar.gz"
-          rm "lychee-v0.15.0-x86_64-unknown-linux-gnu.tar.gz"
-          install -t "$HOME/.local/bin" -D lychee
-
-      - name: Link Checker
-        id: lychee
-        run: ./lychee docs v7/docs --format markdown
-
-      - name: Update issue
-        if: failure()
-        uses: https://github.com/peter-evans/create-issue-from-file@v5.0.0
-        with:
-          title: Dead links report
-          issue-number: 583
-          content-filepath: ./report.md

docs/admin/actions.md

@@ -178,7 +178,7 @@ services:
 
 Here, we're not running the `forgejo-runner daemon` yet because we
 need to register it first. Please note that in a recent install of
-docker `docker-compose` is not a separate command but should be run as
+docker `docker-compose`is not a separate command but should be run as
 `docker compose`.
 Follow the registration instructions below
 by starting the `runner` service with `docker-compose up -d` and
@@ -218,7 +218,7 @@ environment. They need to be installed and configured independently.
   (because it doesn't usually need one).
 
   If the Forgejo runner complains about "daemon Docker Engine socket not found", or "cannot ping the docker daemon",
-  you can use Podman to provide a Docker compatible socket from an unprivileged user
+  you can use podman to provide a Docker compatible socket from an unprivileged user
   and pass that socket on to the runner,
   e.g. by executing:
 
@@ -629,7 +629,7 @@ They can be overridden by a workflow to use `debian` and `bookworm` as follows.
 ```yaml
 runs-on: lxc
 container:
-  image: debian:bookworm
+  image: debian:bookwork
 ```
 
 See the user documentation for `jobs.<job_id>.container` for more information.

docs/admin/command-line.md

@@ -64,7 +64,6 @@ USAGE:
 
 COMMANDS:
    actions  Commands for managing Forgejo Actions
-   f3       F3
    help, h  Shows a list of commands or help for one command
 
 OPTIONS:
@@ -97,7 +96,7 @@ NAME:
    forgejo forgejo-cli actions generate-runner-token - Generate a new token for a runner to use to register with the server
 
 USAGE:
-   forgejo forgejo-cli actions generate-runner-token [command options]
+   forgejo forgejo-cli actions generate-runner-token [command options] [arguments...]
 
 OPTIONS:
    --scope value, -s value  {owner}[/{repo}] - leave empty for a global runner
@@ -111,7 +110,7 @@ NAME:
    forgejo forgejo-cli actions generate-secret - Generate a secret suitable for input to the register subcommand
 
 USAGE:
-   forgejo forgejo-cli actions generate-secret [command options]
+   forgejo forgejo-cli actions generate-secret [command options] [arguments...]
 
 OPTIONS:
    --help, -h  show help
@@ -124,7 +123,7 @@ NAME:
    forgejo forgejo-cli actions register - Idempotent registration of a runner using a shared secret
 
 USAGE:
-   forgejo forgejo-cli actions register [command options]
+   forgejo forgejo-cli actions register [command options] [arguments...]
 
 OPTIONS:
    --secret value           the secret the runner will use to connect as a 40 character hexadecimal string
@@ -137,23 +136,6 @@ OPTIONS:
    --help, -h               show help
 ```
 
-### forgejo-cli f3
-
-```
-NAME:
-   forgejo forgejo-cli f3 - F3
-
-USAGE:
-   forgejo forgejo-cli f3 command [command options]
-
-COMMANDS:
-   mirror   Mirror
-   help, h  Shows a list of commands or help for one command
-
-OPTIONS:
-   --help, -h  show help
-```
-
 ## web
 
 ```
@@ -207,7 +189,7 @@ OPTIONS:
    --verbose, -V                  Show process details (default: false)
    --quiet, -q                    Only display warnings and errors (default: false)
    --tempdir value, -t value      Temporary dir path (default: "/tmp")
-   --database value, -d value     Specify the database SQL syntax: sqlite3, mysql, postgres
+   --database value, -d value     Specify the database SQL syntax: sqlite3, mysql, mssql, postgres
    --skip-repository, -R          Skip the repository dumping (default: false)
    --skip-log, -L                 Skip the log dumping (default: false)
    --skip-custom-dir              Skip custom directory (default: false)
@@ -990,7 +972,7 @@ USAGE:
    forgejo doctor convert command [command options]
 
 DESCRIPTION:
-   A command to convert an existing MySQL database from utf8 to utf8mb4
+   A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar
 
 COMMANDS:
    help, h  Shows a list of commands or help for one command
@@ -1461,7 +1443,7 @@ OPTIONS:
    --custom-path value, -C value     Set custom path (defaults to '{WorkPath}/custom')
    --config value, -c value          Set custom config file (defaults to '{WorkPath}/custom/conf/app.ini')
    --work-path value, -w value       Set Forgejo's working path (defaults to the directory of the Forgejo binary)
-   --type value, -t value            Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages', 'actions-log', 'actions-artifacts'
+   --type value, -t value            Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages', 'actions-log', 'actions-artifacts
    --storage value, -s value         New storage type: local (default) or minio
    --path value, -p value            New storage placement if store is local (leave blank for default)
    --minio-endpoint value            Minio storage endpoint
@@ -1542,7 +1524,7 @@ NAME:
    forgejo cert - Generate self-signed certificate
 
 USAGE:
-   forgejo cert [command options]
+   forgejo cert [command options] [arguments...]
 
 DESCRIPTION:
    Generate a self-signed X.509 certificate for a TLS server.

docs/admin/config-cheat-sheet.md

@@ -55,9 +55,6 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
 ## Overall (`DEFAULT`)
 
 - `APP_NAME`: **Forgejo: Beyond coding. We forge.**: Application name, used in the page title.
-- `APP_SLOGAN`: Application slogan, used in the page title.
-- `APP_DISPLAY_NAME_FORMAT`: **{APP_NAME}: {APP_SLOGAN}**: defines how the application full name should be presented.
-  It is only used if `APP_SLOGAN` is set.
 - `RUN_USER`: **_current OS username_/`$USER`/`$USERNAME` e.g. git**: The user Forgejo will run as.
   This should be a dedicated system (non-user) account. Setting this incorrectly will cause Forgejo
   to not start.
@@ -215,7 +212,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `THEMES`: **forgejo-auto, forgejo-light, forgejo-dark, gitea-auto, gitea-light, gitea-dark, forgejo-auto-deuteranopia-protanopia, forgejo-light-deuteranopia-protanopia, forgejo-dark-deuteranopia-protanopia, forgejo-auto-tritanopia, forgejo-light-tritanopia, forgejo-dark-tritanopia**: All available themes. Allow users select personalized themes.
   regardless of the value of `DEFAULT_THEME`.
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
-- `REACTIONS`: All available reactions users can choose on issues/PRs and comments
+- `REACTIONS`: All available reactions users can choose on issues/prs and comments
   Values can be emoji alias (:smile:) or a unicode emoji.
   For custom reactions, add a tightly cropped square image to public/assets/img/emoji/reaction_name.png
 - `REACTION_MAX_USER_NUM`: **10**: Change the number of users that are displayed in reactions tooltip (triggered by mouse hover).
@@ -409,15 +406,15 @@ The following configuration set `Content-Type: application/vnd.android.package-a
     - Aliased names
       - "ecdhe_rsa_with_chacha20_poly1305" is an alias for "ecdhe_rsa_with_chacha20_poly1305_sha256"
       - "ecdhe_ecdsa_with_chacha20_poly1305" is alias for "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
-- `ENABLE_ACME`: **false**: Flag to enable automatic certificate management via an ACME capable Certificate Authority (CA) server (default: Let's Encrypt). If enabled, `CERT_FILE` and `KEY_FILE` are ignored, and the CA must resolve `DOMAIN` to this Forgejo server. Ensure that DNS records are set and either port `80` or port `443` are accessible by the CA server (the public internet by default), and redirected to the appropriate ports `PORT_TO_REDIRECT` or `HTTP_PORT` respectively.
-- `ACME_URL`: **\<empty\>**: The CA's ACME directory URL, e.g. for a self-hosted [smallstep CA server](https://github.com/smallstep/certificates), it can look like `https://ca.example.com/acme/acme/directory`. If left empty, it defaults to using Let's Encrypt's production CA (check `LETSENCRYPT_ACCEPTTOS` as well).
-- `ACME_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service of the ACME provider. The default is Let's Encrypt [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+- `ENABLE_ACME`: **false**: Flag to enable automatic certificate management via an ACME capable Certificate Authority (CA) server (default: Lets Encrypt). If enabled, `CERT_FILE` and `KEY_FILE` are ignored, and the CA must resolve `DOMAIN` to this forgejo server. Ensure that DNS records are set and either port `80` or port `443` are accessible by the CA server (the public internet by default), and redirected to the appropriate ports `PORT_TO_REDIRECT` or `HTTP_PORT` respectively.
+- `ACME_URL`: **\<empty\>**: The CA's ACME directory URL, e.g. for a self-hosted [smallstep CA server](https://github.com/smallstep/certificates), it can look like `https://ca.example.com/acme/acme/directory`. If left empty, it defaults to using Let's Encerypt's production CA (check `LETSENCRYPT_ACCEPTTOS` as well).
+- `ACME_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service of the ACME provider. The default is Lets Encrypt [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
 - `ACME_DIRECTORY`: **https**: Directory that the certificate manager will use to cache information such as certs and private keys.
 - `ACME_EMAIL`: **\<empty\>**: Email used for the ACME registration. Usually it is to notify about problems with issued certificates.
 - `ACME_CA_ROOT`: **\<empty\>**: The CA's root certificate. If left empty, it defaults to using the system's trust chain.
 - `ALLOW_GRACEFUL_RESTARTS`: **true**: Perform a graceful restart on SIGHUP
 - `GRACEFUL_HAMMER_TIME`: **60s**: After a restart the parent process will stop accepting new connections and will allow requests to finish before stopping. Shutdown will be forced if it takes longer than this time.
-- `STARTUP_TIMEOUT`: **0**: Shuts down the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts.
+- `STARTUP_TIMEOUT`: **0**: Shutsdown the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts.
 
 ## Database (`database`)
 
@@ -449,7 +446,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `LOG_SQL`: **false**: Log the executed SQL.
 - `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
 - `DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occurred.
-- `MAX_OPEN_CONNS` **100**: Database maximum open connections. Default is 100 which is the lowest default from Postgres (MariaDB + MySQL default to 151). Setting this value higher than your database server can handle will lead to issues. If you require high concurrency, try to increase this value for both Forgejo and your database server.
+- `MAX_OPEN_CONNS` **0**: Database maximum open connections - default is 0, meaning there is no limit.
 - `MAX_IDLE_CONNS` **2**: Max idle database connections on connection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL/MariaDB where it is 3s - see #6804 & #7071).
 - `CONN_MAX_IDLETIME` **0**: Sets the maximum amount of time a DB connection may be idle - default is 0, meaning there is no limit.
@@ -487,9 +484,9 @@ Configuration at `[queue]` will set defaults for queues with overrides for indiv
 - `DATADIR`: **queues/common**: Base DataDir for storing level queues. `DATADIR` for individual queues can be set in `queue.name` sections. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
 - `LENGTH`: **100000**: Maximal queue size before channel queues block
 - `BATCH_LENGTH`: **20**: Batch data before passing to the handler
-- `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the Redis queue type. For `redis-cluster` use `redis+cluster://127.0.0.1:6379/0`. Options can be set using query params. Similarly, LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
-- `QUEUE_NAME`: **\_queue**: The suffix for default Redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overridden in the specific `queue.name` section.
-- `SET_NAME`: **\_unique**: The suffix that will be added to the default Redis and disk queue `set` name for unique queues. Individual queues will default to **`name`**`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific `queue.name` section.
+- `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. For `redis-cluster` use `redis+cluster://127.0.0.1:6379/0`. Options can be set using query params. Similarly, LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
+- `QUEUE_NAME`: **\_queue**: The suffix for default redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overridden in the specific `queue.name` section.
+- `SET_NAME`: **\_unique**: The suffix that will be added to the default redis and disk queue `set` name for unique queues. Individual queues will default to **`name`**`QUEUE_NAME`_`SET_NAME`_ but can be overridden in the specific `queue.name` section.
 - `MAX_WORKERS`: **(dynamic)**: Maximum number of worker go-routines for the queue. Default value is "CpuNum/2" clipped to between 1 and 10.
 
 Forgejo creates the following non-unique queues:
@@ -1167,7 +1164,7 @@ ALLOW_DATA_URI_IMAGES = true
 
 - `ELEMENT`: The element this policy applies to. Must be non-empty.
 - `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
-- `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional allowlisting of this attribute.
+- `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
 - `ALLOW_DATA_URI_IMAGES`: **false** Allow data uri images (`<img src="data:image/png;base64,..."/>`).
 
 Multiple sanitisation rules can be defined by adding unique subsections, e.g. `[markup.sanitizer.TeX-2]`.
@@ -1309,6 +1306,5 @@ PROXY_HOSTS = *.github.com
 
 - `SHOW_FOOTER_VERSION`: **true**: Show Forgejo and Go version information in the footer.
 - `SHOW_FOOTER_TEMPLATE_LOAD_TIME`: **true**: Show time of template execution in the footer.
-- `SHOW_FOOTER_POWERED_BY`: **true**: Show the "powered by" text in the footer.
 - `ENABLE_SITEMAP`: **true**: Generate sitemap.
 - `ENABLE_FEED`: **true**: Enable/Disable RSS/Atom feed.

docs/admin/installation-binary.md

@@ -4,7 +4,7 @@ license: 'CC-BY-SA-4.0'
 origin_url: 'https://github.com/DanielGibson/DanielGibson.github.io/blob/58362695f743a545d2530508ce42d5fe1eea84a9/content/post/setup-vps-with-wireguard-and-forgejo.md'
 ---
 
-## Install Forgejo and Git, create git user
+## Install Forgejo and git, create git user
 
 > **NOTE:** this guide assumes that you'll host on the server with the domain git.example.com.
 
@@ -22,17 +22,17 @@ and make it executable:
 Make sure `git` and `git-lfs` are installed:
 `# apt install git git-lfs`
 
-Create a user `git` on the system. Forgejo will run as that user, and when accessing git through SSH
+Create a user `git` on the system. Forgejo will run as that user, and when accessing git through ssh
 (which is the default), this user is part of the URL _(for example in
 `git clone git@git.example.com:YourOrg/YourRepo.git` the `git` before the `@` is the user you'll create now)._
-On **Debian, Ubuntu** and their derivatives that's done with:
+On **Debian, Ubuntu** and their derivates that's done with:
 
 ```
 # adduser --system --shell /bin/bash --gecos 'Git Version Control' \
   --group --disabled-password --home /home/git  git
 ```
 
-On **Linux distributions not based on Debian/Ubuntu** (this should at least work with Red Hat derivatives
+On **Linux distributions not based on Debian/Ubuntu** (this should at least work with Red Hat derivates
 like Fedora, CentOS etc.), run this instead:
 
 ```
@@ -51,7 +51,7 @@ Now create the directories Forgejo will use and set access rights appropriately:
 # chown git:git /var/lib/forgejo && chmod 750 /var/lib/forgejo
 ```
 
-This is the directory Forgejo will store its data in, including your Git repositories.
+This is the directory Forgejo will store its data in, including your git repos.
 
 ```
 # mkdir /etc/forgejo
@@ -64,12 +64,12 @@ then it shouldn't modify it anymore.
 
 ## Optional: Set up database
 
-When using sqlite as Forgejo's database, nothing needs to be done here.
+When using sqlite as Forgejos database, nothing needs to be done here.
 
 If you need a more powerful database, you can use MySQL/MariaDB or PostgreSQL (apparently sqlite
 is good enough for at least 10 users, but might even suffice for more).
 
-See [Forgejo's Database Preparation guide](../database-preparation/) for
+See [Forgejos Database Preparation guide](../database-preparation/) for
 setup instructions.
 
 ## Install systemd service for Forgejo
@@ -87,7 +87,7 @@ Now enable and start the Forgejo service, so you can go on with the installation
 `# systemctl enable forgejo.service`
 `# systemctl start forgejo.service`
 
-## Forgejo's web-based configuration
+## Forgejos web-based configuration
 
 You should now be able to access Forgejo in your local web browser, so open http://git.example.com:3000/.
 
@@ -116,7 +116,7 @@ Once you're done configuring, click `Install Forgejo` and a few seconds later yo
 on the dashboard (if you created an administrator account) or at the login/register screen, where you
 can create an account to then get to the dashboard.
 
-So far, so good, but we're not quite done yet - some manual configuration in the `app.ini` is needed.
+So far, so good, but we're not quite done yet - some manual configuration in the app.ini is needed.
 
 ## Further configuration in Forgejo's app.ini
 
@@ -136,7 +136,7 @@ Now (as root) edit `/etc/forgejo/app.ini`
 
 The following changes are recommended if dealing with many large files:
 
-- Forgejo allows uploading files to Git repositories through the web interface.
+- Forgejo allows uploading files to git repos through the web interface.
   By default the **file size for uploads**
   is limited to 3MB per file, and 5 files at once. To increase it, under the `[repository]` section,
   add a `[repository.upload]` section with a line like `FILE_MAX_SIZE = 4095`

docs/admin/installation-docker.md

@@ -11,7 +11,7 @@ docker pull codeberg.org/forgejo/forgejo:7.0.3
 
 If `codeberg.org` can not be accessed you can replace every mention of `codeberg.org` with `code.forgejo.org` to use our mirror.
 
-The **7** tag is set to be the latest minor release, starting with **7.0.x**. The **7** tag will then be equal to **7.0.4** when it is released and so on. The **7.0** tag is also set to be the latest patch version release.
+The **7** tag is set to be the latest minor release, starting with **7.0.3**. The **7** tag will then be equal to **7.0.3** when it is released and so on.
 
 Upgrading from **X** to **X+1** (for instance from **7** to **8**) requires a [manual operation and human verification](../upgrade/). However it is possible to use the **X** tag (for instance **7**) to get the latest minor release automatically.
 
@@ -67,7 +67,7 @@ ENABLE_PUSH_CREATE_USER = true
 
 > **NOTE:** it is not possible to use environment variables to remove an existing value, it must be done by editing the `app.ini` file.
 
-> **NOTE:** in case you are in a SELinux environment check the audit logs if you are having issues with containers.
+> **NOTE:** in case you are in a selinux environment check the audit logs if you are having issues with containers.
 
 ## Databases
 

docs/admin/installation.md

@@ -3,13 +3,10 @@ title: 'Installation'
 license: 'CC-BY-SA-4.0'
 ---
 
-Forgejo publishes a stable release every three months and a long term support
-(LTS) release every year. Patch releases are published more frequently and
-provide fixes for bugs and security vulnerabilities. Please review the
-[releases management](../../developer/release) and
-also the
-[Forgejo versioning scheme](../../user/versions) documentation for further
-information.
+Forgejo publishes a stable release every three months and a long term
+support (LTS) release every year. Patch releases are published more
+frequently and provide fixes for bugs and security
+vulnerabilities. See also how [the Forgejo versioning scheme](../../user/versions) works.
 
 This guide covers the installation of Forgejo [with
 Docker](../installation-docker/) or [from
@@ -17,9 +14,9 @@ binary](../installation-binary/). Both of these methods are created
 and extensively tested to work on every release. They consist of three
 steps:
 
-- Download and run the release,
-- connect to the web interface and complete the configuration, and,
-- finally register the first user which will be granted administrative permissions.
+- Download and run the release
+- Connect to the web interface and complete the configuration
+- And finally register the first user which will be granted administrative permissions
 
 If you already have Gitea installed through your package manager, look at the [Gitea
 migration](../gitea-migration/) guide for information on how to install Forgejo, while

docs/admin/moderation.md

@@ -7,7 +7,7 @@ Moderation tools are meant to help the Forgejo users and admins cope
 with spam bots and undesirable interactions.
 
 `[admin].SEND_NOTIFICATION_EMAIL_ON_NEW_USER` can be set to `true` on
-small Forgejo instances with an open registration. Such instances are
+small Fogejo instances with an open registration. Such instances are
 subject to occasional spam bots registrations and saves the admin the
 trouble to check on a regular basis. Read more in the [config cheat
 sheet](../config-cheat-sheet/#security-security).

docs/admin/oauth2-provider.md

@@ -3,6 +3,10 @@ title: 'OAuth2 provider'
 license: 'CC-BY-SA-4.0'
 ---
 
+Forgejo can act as an instance wide OAuth2 provider. To achieve that, OAuth2 applications must be created in the `/admin/applications` page.
+
+> **NOTE:** Third party applications obtaining a token for a user via such an application will have administrative rights. OAuth2 scopes are not yet implemented.
+
 ## Pre-registered applications
 
 The following OAuth2 applications are pre-registered because it is generally useful for Forgejo to be an OAuth2 provider for the corresponding third party software. Their usage is explained in the [Forgejo user guide](../../user/oauth2-provider/).

docs/admin/seek-assistance.md

@@ -36,7 +36,7 @@ origin_url: 'https://github.com/go-gitea/gitea/blob/e865de1e9d65dc09797d165a51c8
 3. Any error messages you are seeing.
 4. If you meet slow/hanging/deadlock problems, please report the stack trace when the problem occurs:
 
-   1. Enable pprof in `app.ini` and restart Forgejo.
+   1. Enable pprof in `app.ini` and restart Forgejo
 
       ```ini
       [server]
@@ -45,4 +45,4 @@ origin_url: 'https://github.com/go-gitea/gitea/blob/e865de1e9d65dc09797d165a51c8
 
    2. Trigger the bug, when Forgejo gets stuck, use curl or browser to visit: `http://127.0.0.1:6060/debug/pprof/goroutine?debug=1` (IP must be `127.0.0.1` and port must be `6060`).
    3. If you are using Docker, please use `docker exec -it <container-name> curl "http://127.0.0.1:6060/debug/pprof/goroutine?debug=1"`.
-   4. Report the output (the stack trace doesn't contain sensitive data).
+   4. Report the output (the stack trace doesn't contain sensitive data)

docs/admin/signing.md

@@ -54,7 +54,7 @@ There are three main options:
 
 - `none` - this prevents Forgejo from signing any commits
 - `default` - Forgejo will default to the key configured within `git config`
-- `KEYID` - Forgejo will sign commits with the GPG key with the ID
+- `KEYID` - Forgejo will sign commits with the gpg key with the ID
   `KEYID`. In this case you should provide a `SIGNING_NAME` and
   `SIGNING_EMAIL` to be displayed for this key.
 
@@ -120,7 +120,7 @@ The possible options are:
 - `never`: Never sign
 - `pubkey`: Only sign if the user has a public key
 - `twofa`: Only sign if the user logs in with two-factor authentication
-- `basesigned`: Only sign if the parent commit in the base repository is signed.
+- `basesigned`: Only sign if the parent commit in the base repo is signed.
 - `headsigned`: Only sign if the head commit in the head branch is signed.
 - `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
 - `approved`: Only sign approved merges to a protected branch.

docs/admin/storage.md

@@ -182,7 +182,6 @@ connect to a S3 compatible server:
 - `MINIO_LOCATION`: **us-east-1**: S3 location to create bucket.
 - `MINIO_USE_SSL`: **false**: S3 enabled ssl.
 - `MINIO_INSECURE_SKIP_VERIFY`: **false**: S3 skip SSL verification.
-- `MINIO_CHECKSUM_ALGORITHM`: Minio checksum algorithm: **default** (for MinIO, garage or AWS S3) or **md5** (for Cloudflare or Backblaze)
 
 When used in the `[storage]` section they apply to all
 subsystems. When used in the section specific to a subsystem (see the table in the introduction), they
@@ -201,7 +200,6 @@ MINIO_BUCKET_LOOKUP = auto
 MINIO_LOCATION = us-east-1
 MINIO_USE_SSL = false
 MINIO_INSECURE_SKIP_VERIFY = false
-MINIO_CHECKSUM_ALGORITHM = md5
 
 [lfs]
 STORAGE_TYPE = minio
@@ -236,7 +234,7 @@ within the `forgejo` bucket instead of the `lfs/` directory
 
 Although the S3 storage type is named `minio` it does not rely on any
 [MinIO](https://min.io/) specific features. The S3 storage type is
-[tested](https://code.forgejo.org/forgejo/end-to-end/src/commit/9cfd043b8af18ce0df48fa6e44772d9bd521cab4/storage/storage.sh) to be compatible with:
+[tested](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/storage/storage.sh) to be compatible with:
 
 - [MinIO](https://min.io/) 2021.3.17 and 2023-08-23
 - [garage](https://garagehq.deuxfleurs.fr/) v0.8.2

docs/admin/upgrade.md

@@ -17,7 +17,7 @@ To be notified in advance of security releases, watch or subscribe to the RSS fe
 
 ## Semantic version compliance
 
-Forgejo is compliant with [semantic versioning](https://semver.org/spec/v2.0.0.html) as of 7.0.0. In a nutshell it means that there is no breaking change unless the first number changes (e.g. when 8.0.0 is published it will contain breaking changes compared to 7.0.0). The release notes document those breaking changes and they may require manual intervention depending on the Forgejo installation.
+Forgejo is compliant with [semantic versioning](https://semver.org/spec/v2.0.0.html) as of 7.0.0. In a nutshell it means that there is no breaking change unless the first number changes (e.g. when 8.0.0 is published it will contain breaking changes compared to 7.0.0). The release notes document those breaking changes and theey may require manual intervention depending on the Forgejo installation.
 
 In versions prior to 7.0.0, the releases 1.19, 1.20 and 1.21 all contained breaking changes and the versioning scheme was not compliant with semantic versioning.
 
@@ -48,7 +48,7 @@ It is **critical** to verify that Forgejo works very carefully. Restoring the ba
 
 - Manually analyze (reading the patches to the sources of the template directory) and update the customized CSS / content.
 - Do not use `forgejo help` to figure out the location of `CustomPath`, look at the configuration tab of the `Site administration` panel when logged in as an admin.
-- `forgejo manager flush-queues`. If it times out, run it again with a more generous `--timeout` argument. It is important because the queues contain serialized data that is not guaranteed to be backward compatible between versions.
+- `forgejo manager flush-queues`. If it timesout, run it again with a more generous `--timeout` argument. It is important because the queues contain serialized data that is not guaranteed to be backward compatible between versions.
 - Go to the `Site administration` panel and pause all queues
 
 Note: Forgejo requires [docker >= 20.10.6](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0) otherwise mysterious problems will happen (mysterious in the sense that the problem will about something unrelated to the Docker version").

docs/developer/SECRETS.md

@@ -19,7 +19,7 @@ $ gopass recipients add
 ```
 
 3. [Install gopass](https://www.gopass.pw/#install)
-   > :warning: When installing on Ubuntu or Debian you can either [download the deb package](https://github.com/gopasspw/gopass/tags), install manually or build from source or use our APT repository ([github comment](https://github.com/gopasspw/gopass/issues/1849#issuecomment-802789285) with more information).
+   > :warning: When installing on Ubuntu or Debian you can either download the deb package, install manually or build from source or use our APT repository ([github comment](https://github.com/gopasspw/gopass/issues/1849#issuecomment-802789285) with more information).
 4. Clone this repo using `gopass` (the name and email are for `git config`)
 
 ```

docs/developer/dependencies.md

@@ -9,18 +9,7 @@ Forgejo relies on hundreds of Free Software components and they all need to be u
 
 Software referenced by a release (even if such a release is the hash of a commit). They are listed in the [dependency dashboard](https://codeberg.org/forgejo/forgejo/issues/2779) which is updated by [renovate](https://github.com/renovatebot/renovate) from [the renovate.json configuration file](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/renovate.json).
 
-## Decision to upgrade
-
-An upgrade is justified if:
-
-- it is beneficial to Forgejo
-- the risk of regression is low compared to the benefit
-
-There is no need to upgrade if there is no indication that it is beneficial to Forgejo.
-
-## Reviewing renovate pull requests
-
-Pull [requests are opened](https://codeberg.org/forgejo/forgejo/pulls?poster=165503) when an upgrade is available and the decision to merge (positive review) or not (request for change review) depends on what the upgrade offers. The history of past upgrades can be browsed by looking for PR with the same title (e.g. [happy-dom upgrades](https://codeberg.org/forgejo/forgejo/pulls?q=Update+dependency+happy-dom)).
+Pull [requests are opened](https://codeberg.org/forgejo/forgejo/pulls?poster=165503) when an upgrade is available and the decision to merge (positive review) or not (request for change review) depends on what the upgrade offers.
 
 - The PR contains information about the release. If it does not, it has detailed references that can be used to browse the commits in the dependency source repository and figure out what the changes are.
 - The comment of the review:
@@ -28,68 +17,7 @@ Pull [requests are opened](https://codeberg.org/forgejo/forgejo/pulls?poster=165
   - explains why the change has an impact on Forgejo
 - If the upgrade is needed, user visible changes must be included in the draft release notes for the upcoming release. See [this upgrade for an example](https://codeberg.org/forgejo/forgejo/pulls/3724/files).
 - Security fix and important bug fixes are backported to the stable releases.
-
-Note that renovate will keep a few (see `prConcurrentLimit` in [renovate.json](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/renovate.json)) pull request open at any given time. If no decision is made, newer upgrades will accumulate in the backlog visible in the [dashboard](https://codeberg.org/forgejo/forgejo/issues/2779).
-
-The [release team](https://codeberg.org/forgejo/governance/src/branch/main/TEAMS.md#releases) looks after the pull requests, to the extent that they can be tested automatically. If manual testing is required (because there is no test coverage for the part of the code that would be impacted by an upgrade), a review will be requested from the people who have the required expertise to either improve the test coverage or come up with a manual test procedure to be repeated.
-
-## Tuning a software upgrade
-
-There is no uniformity in how software is released and they call for different strategies to deal with upgrades:
-
-- **grouping related software**.
-
-  When the decision to upgrade applies to a number of related software, it is less noisy to have them all upgraded in a single PR rather than a number of individual PRs. Such dependencies can be grouped together.
-
-  - **using a renovate [group preset](https://docs.renovatebot.com/presets-group/):** e.g. `group:linters` include `eslint`, `eslint-plugin-array-func`, `eslint-plugin-github` etc. See also [an example PR](https://codeberg.org/forgejo/forgejo/pulls/3921).
-  - **creating a new group:**
-
-  ```json
-  {
-    "description": "Group golang packages",
-    "matchDepNames": [
-  	"go",
-  	"golang",
-  	"docker.io/golang",
-  	"docker.io/library/golang"
-    ],
-    "groupName": "golang packages"
-  },
-  ```
-
-- **release on every commit or so**.
-
-  There are usually no release notes and there is no notion of release ([monaco-editor](https://github.com/microsoft/monaco-editor/tags)) which may lead to frequent proposals to upgrade. It is similar to software that it tagged with a commit hash instead of a version, either because it does not publish versions ([go-ap](https://github.com/go-ap/activitypub)) or because a particular bug fix is needed before the release is available ([go-rpmutils](github.com/sassoftware/go-rpmutils)).
-
-  - control the upgrade frequency with `schedule` (e.g. `schedule:quarterly` for [pprof](https://github.com/google/pprof)).
-  - impose a delay with `minimumReleaseAge` (e.g. `monaco-editor` upgrades are considered no more frequently than once a month).
-  - require dashboard approval with `dependencyDashboardApproval` (e.g. `go-ap` upgrades will never be proposed unless manually required from the [dashboard](https://codeberg.org/forgejo/forgejo/issues/2779).
-
-- **automerge CI dependencies**.
-
-  The dependencies that are exclusively used in the CI and demonstrated to work as expected when it passes can be merged automatically. They are listed in [renovate.json](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/renovate.json)) in the `Automerge some packages when CI succeeds` stanza as follows.
-
-  - **extends:** if the software is included in a known renovate package preset (e.g. ["packages:linters"](https://docs.renovatebot.com/presets-packages/#packageslinters)). Figuring out if that is the case requires looking at the output of a renovate run and analyzing the debug logs.
-  - **matchDepNames:** to explicitly list the dependency (e.g. `markdownlint-cli`).
-  - **matchPackagePrefixes:** if a range of CI related dependency happen to share the same prefix (e.g. `@playwright/`)
-
-- **automerge patch releases**.
-
-  When a software is known to be good at publishing quality patch releases (in the [semver](https://semver.org/spec/v2.0.0.html) sense), the proposed upgrades can be merged automatically. This can be done in a way similar to `vue` in [renovate.json](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/renovate.json)).
-
-  ```json
-  {
-    "matchDepNames": [
-  	"vue"
-    ],
-    "separateMinorPatch": true
-  },
-  {
-    "matchDepNames": ["vue"],
-    "matchUpdateTypes": ["patch"],
-    "automerge": true
-  },
-  ```
+- Set the dependency label.
 
 # Soft forks
 

docs/developer/development-environment.md

@@ -29,85 +29,3 @@ Do you know how to configure it properly? Why not document that here?
 
 Vim has [a Go plugin](https://github.com/fatih/vim-go) that can likely be used to work on Forgejo's code base.
 Do you know how to configure it properly? Why not document that here?
-
-## Neovim
-
-Here's a minimal example that configures `gopls` and `golangci_lint_ls` using
-the `Lazy.nvim` plugin manager.
-
-<details>
-<summary>init.lua</summary>
-
-```lua
-local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim"
-if not vim.uv.fs_stat(lazypath) then
-	vim.fn.system({
-		"git",
-		"clone",
-		"--filter=blob:none",
-		"https://github.com/folke/lazy.nvim.git",
-		"--branch=stable", -- latest stable release
-		lazypath,
-	})
-end
-vim.opt.rtp:prepend(lazypath)
-
-require("lazy").setup({
-	"neovim/nvim-lspconfig",
-	{
-		"nvim-telescope/telescope.nvim",
-		branch = "0.1.x",
-		dependencies = {
-			"nvim-lua/plenary.nvim",
-			{
-				"nvim-telescope/telescope-fzf-native.nvim",
-				build = "make",
-				cond = vim.fn.executable("make") == 1,
-			},
-		},
-	},
-})
-
-vim.g.mapleader = " "
-vim.g.maplocalleader = " "
-
-local on_attach = function(client, bufno)
-	-- depricated since neovim 0.10
-	-- vim.api.nvim_buf_set_option(bufno, "omnifunc", "v:lua.vim.lsp.omnifunc")
-	vim.api.nvim_set_option_value("omnifunc", "v:lua.vim.lsp.omnifunc", { buf = bufno })
-
-	local ts = require("telescope.builtin")
-	local opts = { buffer = bufno }
-
-	vim.keymap.set("n", "<leader>e", vim.diagnostic.open_float)
-	vim.keymap.set("n", "K", vim.lsp.buf.hover, opts)
-	vim.keymap.set("n", "<C-k>", vim.lsp.buf.signature_help, opts)
-	vim.keymap.set("n", "gD", vim.lsp.buf.declaration, opts)
-	vim.keymap.set("n", "gd", vim.lsp.buf.definition, opts)
-	vim.keymap.set("n", "gtd", vim.lsp.buf.type_definition, opts)
-	vim.keymap.set("n", "gi", vim.lsp.buf.implementation, opts)
-	vim.keymap.set("n", "gu", ts.lsp_references, opts)
-	vim.keymap.set("n", "<leader>ca", vim.lsp.buf.code_action, opts)
-	vim.keymap.set("n", "<leader>cl", vim.lsp.codelens.run, opts)
-	vim.keymap.set("n", "<leader>r", vim.lsp.buf.rename, opts)
-	vim.keymap.set("n", "<leader>f", function()
-		vim.lsp.buf.format({ async = true })
-	end, opts)
-end
-
-local capabilities = vim.lsp.protocol.make_client_capabilities()
-
-require("lspconfig")["gopls"].setup({
-	capabilities = capabilities,
-	settings = {},
-	on_attach = on_attach,
-})
-
-require("lspconfig")["golangci_lint_ls"].setup({
-	capabilities = capabilities,
-	settings = {},
-	on_attach = on_attach,
-})
-```
-
-</details>

docs/developer/index.md

@@ -19,7 +19,6 @@ their needs.
   - [Developer Certificate of Origin (DCO)](./dco/)
   - [code.forgejo.org](./code-forgejo-org/)
   - [next.forgejo.org](./next-forgejo-org/)
-  - [static pages](./static-pages/)
   - [Forgejo runner implementation notes](https://code.forgejo.org/forgejo/runner/#hacking)
   - [Localization](./localization/)
   - [Base localization](./localization-english/)

docs/developer/infrastructure.md

@@ -3,195 +3,6 @@ title: Hardware infrastructure
 license: 'CC-BY-SA-4.0'
 ---
 
-## LXC Hosts
-
-All LXC hosts are setup with [lxc-helpers](https://code.forgejo.org/forgejo/lxc-helpers/).
-
-```sh
-name=forgejo-host
-lxc-helpers.sh lxc_container_run $name -- sudo --user debian bash
-```
-
-### Unprivileged
-
-```sh
-name=forgejo-host
-lxc-helpers.sh lxc_container_create --config "unprivileged" $name
-echo "lxc.start.auto = 1" | sudo tee -a /var/lib/lxc/$name/config
-lxc-helpers.sh lxc_container_start $name
-lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
-```
-
-### Docker enabled
-
-```sh
-name=forgejo-host
-lxc-helpers.sh lxc_container_create --config "docker" $name
-echo "lxc.start.auto = 1" | sudo tee -a /var/lib/lxc/$name/config
-lxc-helpers.sh lxc_container_start $name
-lxc-helpers.sh lxc_install_docker $name
-lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
-```
-
-### Docker and LXC enabled
-
-```sh
-name=forgejo-host
-ipv4=10.85.12
-ipv6=fc33
-lxc-helpers.sh lxc_container_create --config "docker lxc" $name
-echo "lxc.start.auto = 1" | sudo tee -a /var/lib/lxc/$name/config
-lxc-helpers.sh lxc_container_start $name
-lxc-helpers.sh lxc_install_docker $name
-lxc-helpers.sh lxc_install_lxc forgejo-runner-host $ipv4 $ipv6
-lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
-```
-
-## Host reverse proxy
-
-The reverse proxy on a host forwards to the designated LXC container with
-something like the following examples in
-`/etc/nginx/sites-available/example.com`, where A.B.C.D is the
-IP allocated to the LXC container running the web service.
-
-And symlink:
-
-```sh
-ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
-```
-
-The certificate is obtained once and automatically renewed with:
-
-```
-sudo apt-get install certbot python3-certbot-nginx
-sudo certbot -n --agree-tos --email contact@forgejo.org -d example.com --nginx
-```
-
-### Forgejo example
-
-```
-server {
-    listen 80;
-    listen [::]:80;
-
-    server_name example.com;
-
-    location / {
-        deny 47.76.209.138; # crawler that does not obey robots.txt
-        deny 47.76.99.127; # crawler that does not obey robots.txt
-        proxy_pass http://A.B.C.D:8080;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-        client_max_body_size 2G;
-	#
-	# http://nginx.org/en/docs/http/websocket.html
-	#
-        proxy_set_header Connection $http_connection;
-        proxy_set_header Upgrade $http_upgrade;
-        include proxy_params;
-    }
-}
-```
-
-### GitLab example
-
-```nginx
-server {
-    listen 80;
-    listen [::]:80;
-
-    server_name example.com;
-
-    location / {
-       proxy_set_header Upgrade $http_upgrade;
-       proxy_set_header Connection "upgrade";
-       proxy_set_header Host $http_host;
-       proxy_set_header X-Real-IP $remote_addr;
-       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-       proxy_set_header X-Forwarded-Proto $scheme;
-       proxy_set_header X-Frame-Options SAMEORIGIN;
-
-       client_body_timeout 60;
-       client_max_body_size 200M;
-       send_timeout 1200;
-       lingering_timeout 5;
-
-       proxy_buffering off;
-       proxy_connect_timeout 90;
-       proxy_send_timeout 300;
-       proxy_read_timeout 600s;
-
-       proxy_pass http://example.com;
-       proxy_http_version 1.1;
-    }
-}
-```
-
-### Vanila example
-
-```nginx
-server {
-    listen 80;
-    listen [::]:80;
-
-    server_name example.com;
-
-    location / {
-        proxy_pass http://A.B.C.D;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-    }
-}
-```
-
-## Forgejo runners
-
-The LXC container in which the runner is installed must have capabilities that support the backend.
-
-- docker:// needs a Docker enabled container
-- lxc:// needs a Docker and LXC enabled container
-
-The runners it contains are not started at boot, it must be done manually. The bash history has the command line to do so.
-
-### Installation
-
-```shell
-version=3.4.1
-sudo wget -O /usr/local/bin/forgejo-runner-$version https://code.forgejo.org/forgejo/runner/releases/download/v$version/forgejo-runner-$version-linux-amd64
-sudo chmod +x /usr/local/bin/forgejo-runner-$version
-echo 'export TERM=xterm-256color' >> .bashrc
-```
-
-### Creating a runner
-
-Multiple runners can co-exist on the same machine. To keep things
-organized they are located in a directory that is the same as the URL
-from which the token is obtained. For instance
-DIR=codeberg.org/forgejo-integration means that the token was obtained from the
-https://codeberg.org/forgejo-integration organization.
-
-If a runner only provides unprivileged docker containers, the labels
-in `config.yml` should be:
-`labels: ['docker:docker://node:20-bookworm']`.
-
-If a runner provides LXC containers and unprivileged docker
-containers, the labels in `config.yml` should be
-`labels: ['self-hosted:lxc://debian:bookworm', 'docker:docker://node:20-bookworm']`.
-
-```shell
-name=myrunner
-mkdir -p $DIR ; cd $DIR
-forgejo-runner generate-config > config-$name.yml
-## edit config-$name.yml and adjust the `labels:`
-## Obtain a $TOKEN from https://$DIR
-forgejo-runner-$version register --no-interactive --token $TOKEN --name runner --instance https://codeberg.org
-forgejo-runner-$version --config config-$name.yml daemon |& cat -v > runner.log &
-```
-
 ## Octopuce
 
 [Octopuce provides hardware](https://codeberg.org/forgejo/sustainability) managed by [the devops team](https://codeberg.org/forgejo/governance/src/branch/main/TEAMS.md#devops). It can only be accessed via SSH.
@@ -206,11 +17,19 @@ firefox http://private.forgejo.org
 
 ### Containers
 
+It hosts LXC containers setup with [lxc-helpers](https://code.forgejo.org/forgejo/lxc-helpers/).
+
 - `fogejo-host`
 
   Dedicated to http://private.forgejo.org
 
-  - Docker enabled
+  - LXC creation
+    ```sh
+    lxc-helpers.sh lxc_container_create --config "docker" forgejo-host
+    lxc-helpers.sh lxc_container_start forgejo-host
+    lxc-helpers.sh lxc_install_docker forgejo-host
+    lxc-helpers.sh lxc_container_user_install forgejo-host $(id -u) $USER
+    ```
   - upgrades checklist:
     ```sh
     emacs /home/debian/run-forgejo.sh # change the `image=`
@@ -225,18 +44,66 @@ firefox http://private.forgejo.org
 
   Has runners installed to run against private.forgejo.org
 
-  - Docker and LXC enabled 10.85.12 fc33
+  - LXC creation
+    ```sh
+    lxc-helpers.sh lxc_container_create --config "docker" forgejo-runner-host
+    lxc-helpers.sh lxc_container_start forgejo-runner-host
+    lxc-helpers.sh lxc_install_docker forgejo-runner-host
+    lxc-helpers.sh lxc_install_lxc forgejo-runner-host 10.85.12 fc33
+    lxc-helpers.sh lxc_container_user_install forgejo-runner-host $(id -u) $USER
+    ```
 
 ## Hetzner
 
-All hardware machines are running Debian GNU/linux bookworm. They are LXC hosts
-setup with [lxc-helpers](https://code.forgejo.org/forgejo/lxc-helpers/).
+All hardware is running Debian GNU/linux bookworm.
 
-> **NOTE:** only use [EX101 with a ASRockRack W680D4U-1L motherboard](https://forum.hetzner.com/index.php?thread/31135-all-ex101-with-asustek-w680-crash-on-sequential-read/).
+### hetzner01
 
-### vSwitch
+https://hetzner01.forgejo.org runs on an [EX101](https://www.hetzner.com/dedicated-rootserver/ex101) Hetzner hardware.
 
-A vSwitch is assigned via the Robot console on all servers for backend communications
+There is no backup, no redundancy and is dedicated to Forgejo runner instances.
+If the hardware reboots, the runners do not restart automatically, they have to be restarted manually.
+
+It hosts LXC containers setup with [lxc-helpers](https://code.forgejo.org/forgejo/lxc-helpers/):
+
+- `forgejo-runners`
+
+  Dedicated to Forgejo runners for the https://codeberg.org/forgejo organization.
+
+  ```sh
+  lxc-helpers.sh lxc_container_run forgejo-runners -- sudo --user debian bash
+  cd codeberg.org/forgejo/
+  forgejo-runner-3.2.0 --config config.yml daemon >& runner.log &
+  ```
+
+- `runner01-lxc`
+
+  Dedicated to Forgejo runners for the https://code.forgejo.org
+  organization with two labels: **docker** and **self-hosted**.
+
+  - https://code.forgejo.org/forgejo
+  - https://code.forgejo.org/actions
+  - https://code.forgejo.org/forgejo-integration
+  - https://code.forgejo.org/forgejo-contrib
+
+  ```sh
+  lxc-helpers.sh lxc_container_run runner01-lxc -- sudo --user debian bash
+  cd code.forgejo.org
+  for runner in forgejo-contrib forgejo forgejo-integration actions ; do ( cd $runner ; HOME=/srv/$runner forgejo-runner-3.2.0 --config config.yml daemon >&runner.log & ) ; done
+  ```
+
+The runners are installed with something like:
+
+```sh
+sudo wget -O /usr/local/bin/forgejo-runner-3.2.0 https://code.forgejo.org/forgejo/runner/releases/download/v3.2.0/forgejo-runner-3.2.0-linux-amd64
+sudo chmod +x /usr/local/bin/forgejo-runner-3.2.0
+```
+
+### hetzner{02,03}
+
+https://hetzner02.forgejo.org & https://hetzner03.forgejo.org run on [EX44](https://www.hetzner.com/dedicated-rootserver/ex44) Hetzner hardware.
+
+A vSwitch is assigned via the Robot console on both servers
 and [configured](https://docs.hetzner.com/robot/dedicated-server/network/vswitch#example-debian-configuration)
 in /etc/network/interfaces for each of them with something like:
 
@@ -249,15 +116,18 @@ iface enp5s0.4000 inet static
   mtu 1400
 ```
 
-The IP address ends with the same number as the hardware (hetzner02 => .2).
+#### Root filesystem backups
 
-### DRBD
+- `hetzner03:/etc/cron.daily/backup-hetzner02`
+  `rsync -aHS --delete-excluded --delete --numeric-ids --exclude /proc --exclude /dev --exclude /sys --exclude /srv --exclude /var/lib/lxc 10.53.100.2:/ /srv/backups/hetzner02/`
+- `hetzner02:/etc/cron.daily/backup-hetzner03`
+  `rsync -aHS --delete-excluded --delete --numeric-ids --exclude /proc --exclude /dev --exclude /sys --exclude /srv --exclude /var/lib/lxc 10.53.100.3:/ /srv/backups/hetzner03/`
 
-DRBD is [configured](https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#p-work) like in the following example with hetzner02 as the primary and hetzner03 as the secondary:
+#### DRBD
 
-```sh
-$ apt-get install drbd-utils
-$ cat /etc/drbd.d/r0.res
+DRBD is configured with hetzner02 as the primary and hetzner03 as the secondary:
+
+```
 resource r0 {
     net {
         # A : write completion is determined when data is written to the local disk and the local TCP transmission buffer
@@ -292,28 +162,21 @@ resource r0 {
         }
     }
 }
-$ sudo drbdadm create-md r0
-$ sudo drbdadm up r0
 ```
 
-On hetzner02 (the primary), [pretend all is in sync](https://linbit.com/drbd-user-guide/drbd-guide-9_0-en/#s-skip-initial-resync) to save the initial bitmap sync since
-there is actually no data at all.
+The DRBD device is mounted on `/var/lib/lxc`.
 
-```sh
-sudo drbdadm new-current-uuid --clear-bitmap r0/0
-```
-
-The DRBD device is mounted on `/var/lib/lxc` in `/etc/fstab` there is a noauto line:
+In `/etc/fstab` there is a noauto line:
 
 ```
 /dev/drbd0 /var/lib/lxc ext4 noauto,defaults 0 0
 ```
 
 To prevent split brain situations a manual step is required at boot
-time, on the machine that is going to be the primary.
+time, on the machine that is going to be the primary, which is
+hetzner02 in a normal situation.
 
 ```sh
-sudo drbdadm up r0
 sudo drbdsetup status
 sudo drbdadm primary r0
 sudo mount /var/lib/lxc
@@ -322,114 +185,37 @@ sudo lxc-ls -f
 sudo drbdsetup status
 ```
 
-### hetzner{01,04}
+#### Fast storage on /srv
 
-https://hetzner{01,04}.forgejo.org run on [EX101](https://www.hetzner.com/dedicated-rootserver/ex101) Hetzner hardware.
+The second disk on each node is mounted on /srv and can be used when
+fast storage is needed and there is no need for backups, such as Forgejo runners.
 
 #### LXC
 
-```sh
-lxc-helpers.sh lxc_install_lxc_inside 10.41.13 fc29
+LXC is setup with [lxc-helpers](https://code.forgejo.org/forgejo/lxc-helpers/).
+
+The `/etc/default/lxc-net` file is the same on both machines:
+
 ```
-
-#### Disk partitioning
-
-- First disk
-  - OS
-  - a partition mounted on /srv where non precious data goes such as the LXC containers with runners.
-- Second disk
-  - configured with DRBD for precious data.
-
-#### Root filesystem backups
-
-- `hetzner01:/etc/cron.daily/backup-hetzner04`
-  `rsync -aHS --delete-excluded --delete --numeric-ids --exclude /proc --exclude /dev --exclude /sys --exclude /precious --exclude /srv --exclude /var/lib/lxc 10.53.100.4:/ /srv/backups/hetzner04/ >& /var/log/$(basename $0).log`
-- `hetzner04:/etc/cron.daily/backup-hetzner01`
-  `rsync -aHS --delete-excluded --delete --numeric-ids --exclude /proc --exclude /dev --exclude /sys --exclude /precious --exclude /srv --exclude /var/lib/lxc 10.53.100.1:/ /srv/backups/hetzner01/ >& /var/log/$(basename $0).log`
-
-#### LXC containers
-
-- `forgejo-runners` (hetzner01)
-
-  Dedicated to Forgejo runners for the https://codeberg.org/forgejo organization.
-
-  - Docker enabled
-  - codeberg.org/forgejo/config\*.yml
-
-- `runner01-lxc` (hetzner01)
-
-  Dedicated to Forgejo runners for https://code.forgejo.org.
-
-  - Docker and LXC enabled 10.194.201 fc35
-  - code.forgejo.org/forgejo/config\*.yml
-  - code.forgejo.org/actions/config\*.yml
-  - code.forgejo.org/forgejo-integration/config\*.yml
-  - code.forgejo.org/forgejo-contrib/config\*.yml
-  - code.forgejo.org/f3/config\*.yml
-  - code.forgejo.org/forgefriends/config\*.yml
-
-- `forgefriends-forum` (hetzner04)
-
-  Dedicated to https://forum.forgefriends.org
-
-  - Docker enabled
-
-- `forgefriends-gitlab` (hetzner04)
-
-  Dedicated to https://lab.forgefriends.org
-
-  - Docker enabled
-
-- `forgefriends-cloud` (hetzner04)
-
-  Dedicated to https://cloud.forgefriends.org
-
-  - Docker enabled
-
-- `gna-forgejo` (hetzner04)
-
-  Dedicated to https://forgejo.gna.org
-
-  - Docker enabled
-
-- `gna-forum` (hetzner04)
-
-  Dedicated to https://forum.gna.org
-
-  - Docker enabled
-
-### hetzner{02,03}
-
-https://hetzner02.forgejo.org & https://hetzner03.forgejo.org run on [EX44](https://www.hetzner.com/dedicated-rootserver/ex44) Hetzner hardware.
-
-#### LXC
-
-```sh
-lxc-helpers.sh lxc_install_lxc_inside 10.6.83 fc16
+USE_LXC_BRIDGE="true"
+LXC_ADDR="10.6.83.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="10.6.83.0/24"
+LXC_DHCP_RANGE="10.6.83.2,10.6.83.254"
+LXC_DHCP_MAX="253"
+LXC_IPV6_ADDR="fc16::216:3eff:fe00:1"
+LXC_IPV6_MASK="64"
+LXC_IPV6_NETWORK="fc16::/64"
+LXC_IPV6_NAT="true"
 ```
 
-#### Disk partitioning
-
-- First disk
-  - OS
-  - a partition configured with DRBD for precious data mounted on /var/lib/lxc
-- Second disk
-  - non precious data such as the LXC containers with runners.
-
-#### Root filesystem backups
-
-- `hetzner03:/etc/cron.daily/backup-hetzner02`
-  `rsync -aHS --delete-excluded --delete --numeric-ids --exclude /proc --exclude /dev --exclude /sys --exclude /srv --exclude /var/lib/lxc 10.53.100.2:/ /srv/backups/hetzner02/`
-- `hetzner02:/etc/cron.daily/backup-hetzner03`
-  `rsync -aHS --delete-excluded --delete --numeric-ids --exclude /proc --exclude /dev --exclude /sys --exclude /srv --exclude /var/lib/lxc 10.53.100.3:/ /srv/backups/hetzner03/`
-
 #### Public IP addresses
 
 The public IP addresses attached to the hosts are not failover IPs that can be moved from one host to the next.
 The DNS entry needs to be updated if the primary hosts changes.
 
 When additional IP addresses are attached to the server, they are added to `/etc/network/interfaces` like
-ipv4 65.21.67.71 and ipv6 2a01:4f9:3081:51ec::102 below.
+65.21.67.71 and 2a01:4f9:3081:51ec::102 below.
 
 ```
 auto enp5s0
@@ -472,13 +258,56 @@ add chain ip code prerouting {
 
 with `nft -f /root/code.nftables`.
 
+#### Reverse proxy
+
+The reverse proxy forwards to the designated LXC container with
+something like the following in
+`/etc/nginx/sites-enabled/code.forgejo.org`, where 10.6.83.195 is the
+IP allocated to the LXC container running the web service:
+
+```
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name code.forgejo.org;
+
+    location / {
+        deny 47.76.209.138; # crawler that does not obey robots.txt
+        deny 47.76.99.127; # crawler that does not obey robots.txt
+        proxy_pass http://10.6.83.195:8080;
+        client_max_body_size 2G;
+	#
+	# http://nginx.org/en/docs/http/websocket.html
+	#
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        include proxy_params;
+    }
+}
+```
+
+The LE certificate is obtained once and automatically renewed with:
+
+```
+sudo certbot -n --agree-tos --email contact@forgejo.org -d code.forgejo.org --nginx
+```
+
 #### Containers
 
+It hosts LXC containers setup with [lxc-helpers](https://code.forgejo.org/forgejo/lxc-helpers/).
+
 - `fogejo-code` on hetzner02
 
   Dedicated to https://code.forgejo.org
 
-  - Docker enabled
+  - LXC creation
+    ```sh
+    lxc-helpers.sh lxc_container_create --config "docker" forgejo-code
+    lxc-helpers.sh lxc_container_start forgejo-code
+    lxc-helpers.sh lxc_install_docker forgejo-code
+    lxc-helpers.sh lxc_container_user_install forgejo-code $(id -u) $USER
+    ```
   - upgrades checklist:
     - `ssh -t debian@hetzner02.forgejo.org lxc-helpers.sh lxc_container_run forgejo-code -- sudo --user debian bash`
       ```sh
@@ -499,7 +328,7 @@ with `nft -f /root/code.nftables`.
 
   Dedicated to https://next.forgejo.org
 
-  - Docker enabled
+  - LXC creation same as code.forgejo.org
   - `/etc/cron.hourly/forgejo-upgrade` runs `/home/debian/run-forgejo.sh > /home/debian/run-forgejo-$(date +%d).log`
   - When a new major version is published (8.0 for instance) `run-forgejo.sh` must be updated with it
   - Reset everything
@@ -534,7 +363,7 @@ with `nft -f /root/code.nftables`.
 
   Dedicated to https://v7.next.forgejo.org
 
-  - Docker enabled
+  - LXC creation same as code.forgejo.org
   - `/etc/cron.hourly/forgejo-upgrade` runs `/home/debian/run-forgejo.sh > /home/debian/run-forgejo-$(date +%d).log`
   - Reset everything
     ```sh
@@ -564,12 +393,6 @@ with `nft -f /root/code.nftables`.
 
   ```
 
-- `static-pages` on hetzner02
-
-  See [the static pages documenation](../static-pages/) for more information.
-
-  - Unprivileged
-
 - `runner-forgejo-helm` on hetzner03
 
   Dedicated to https://codeberg.org/forgejo-contrib/forgejo-helm and running from an ephemeral disk
@@ -595,3 +418,61 @@ Forgejo contributors with SSH access to this machine are:
 
 - https://codeberg.org/popey
 - https://codeberg.org/earl-warren
+
+## Installing Forgejo runners
+
+### Preparing the LXC hypervisor
+
+```shell
+git clone https://code.forgejo.org/forgejo/lxc-helpers/
+
+lxc-helpers.sh lxc_prepare_environment
+sudo lxc-helpers.sh lxc_install_lxc_inside 10.120.13
+```
+
+### Creating an LXC container
+
+```shell
+lxc-helpers.sh lxc_container_create forgejo-runners
+lxc-helpers.sh lxc_container_start forgejo-runners
+lxc-helpers.sh lxc_install_docker forgejo-runner
+lxc-helpers.sh lxc_install_lxc forgejo-runner 10.85.12 fc33
+lxc-helpers.sh lxc_container_user_install forgejo-runners $(id -u) $USER
+lxc-helpers.sh lxc_container_run forgejo-runners -- sudo --user debian bash
+sudo apt-get update
+sudo apt-get install -y wget emacs-nox
+lxc-helpers.sh lxc_prepare_environment
+sudo wget -O /usr/local/bin/forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v3.4.1/forgejo-runner-3.4.1-linux-amd64
+sudo chmod +x /usr/local/bin/forgejo-runner
+echo 'export TERM=vt100' >> .bashrc
+```
+
+### Creating a runner
+
+Multiple runners can co-exist on the same machine. To keep things
+organized they are located in a directory that is the same as the url
+from which the token is obtained. For instance
+DIR=codeberg.org/forgejo-integration means that the token was obtained from the
+https://codeberg.org/forgejo-integration organization.
+
+If a runner only provides unprivileged docker containers, the labels
+in `config.yml` should be:
+`labels: ['docker:docker://node:20-bookworm']`.
+
+If a runner provides LXC containers and unprivileged docker
+containers, the labels in `config.yml` should be
+`labels: ['self-hosted:lxc://debian:bookworm', 'docker:docker://node:20-bookworm']`.
+
+```shell
+mkdir -p $DIR ; cd $DIR
+forgejo-runner generate-config > config.yml
+## edit config.yml and adjust the `labels:`
+## Obtain a $TOKEN from https://$DIR
+forgejo-runner register --no-interactive --token $TOKEN --name runner --instance https://codeberg.org
+forgejo-runner --config config.yml daemon |& cat -v > runner.log &
+```
+
+#### codeberg.org config.yml
+
+- `fetch_timeout: 30s` # because it can be slow at times
+- `fetch_interval: 60s` # because there is throttling and 429 replies will mess up the runner

docs/developer/localization-admin.md

@@ -16,7 +16,7 @@ development branch as follows:
 - announce in the chatroom: `@room the translations will be locked for maintenance in about 15 minutes. Make sure you don't try to save a translation when that happens as it will be lost.`
 - go to the [Weblate repository admin page](https://translate.codeberg.org/projects/forgejo/forgejo/#repository)
 - click `Commit`. This is done optionally to make tests run before interrupting anyone, to reduce the total maintenance time
-- post a "Warning" [announcement in Weblate](https://translate.codeberg.org/projects/forgejo/forgejo/#announcement): `The translations will be locked for maintenance soon. Make sure you don't try to save a translation when that happens as it will be lost.`. Make sure to unckeck the notification option.
+- post an [announcement in Weblate](https://translate.codeberg.org/projects/forgejo/#announcement): `The translations will be locked for maintenance soon. Make sure you don't try to save a translation when that happens as it will be lost.`
 - wait 15 minutes
 - click `Lock`
 - reload the page

docs/developer/localization-english.md

@@ -9,11 +9,11 @@ Forgejo base localization is English. This means that all translations are deriv
 
 English localization strings are stored in the file `options/locale/locale_en-US.ini`. Strings are [translated](../localization) on Weblate and string management is partially done by it.
 
-When a new string needs to be added to Forgejo, it must be added to the base language to be picked up by Weblate.
+When a new string needs to be added to Forgejo, it must be added to the base language to be picked up by Weblate. Optionally, if the author knows other languages, string translations for other languages can be added so they don't need to be translated for those languages after the PR is merged. This is not necessary and translation can be delegated to the translators at Weblate.
 
 When a string key needs to be changed, it must be mass-changed for all languages into which the string has already been translated, so that existing translations aren't lost.
 
-When an unused string needs to be deleted, it should be only deleted for the base language to avoid merge conflicts. The string will disappear from all translations automatically after the PR is merged.
+When a string needs to be deleted, it should only be deleted for the base language. Weblate will delete strings for other languages after the PR is merged.
 
 ## Localization style
 

docs/developer/localization.md

@@ -3,87 +3,72 @@ title: Localization
 license: 'CC-BY-SA-4.0'
 ---
 
-Forgejo is translated via Weblate, a libre web-based translation platform.
+Forgejo is translated via Weblate - libre web-based translation platform.
 
 ## Translating via Weblate
 
-The Forgejo project's localization project is publicly available via the [Codeberg Translate](https://translate.codeberg.org/projects/forgejo/forgejo/) Weblate instance.
+The Weblate project of Forgejo localization is publicly available at [Codeberg Translate](https://translate.codeberg.org/projects/forgejo/forgejo/) Weblate instance.
 
 ### Translation guidelines
 
-1. Only suggest changes that benefit all users of the translation. Please do not suggest changes that will only make the translation better in cases specific to any self-hosted Forgejo instance. Instead customize such instances separately from Forgejo upstream.
-2. Keep the translation as beginner-friendly as possible.
-3. Users are not obligated to complete any translation. When unsure about the translation, feel free to leave it for others to translate.
+1. Please only suggest changes that will benefit all potential users of the translation. Do not suggest changes that will only make the translation better in cases specific to you or your Forgejo instance. Instead you can customize your instance separately from Forgejo upstream.
+2. Try to keep the translation beginner-friendly.
+3. Remember that you're not obligated to do the translation. If you're unsure about translation, feel free to leave it for somebody else to translate later.
 
 ### Discovering the translation
 
-Go to the [Project](https://translate.codeberg.org/projects/forgejo/forgejo/) page for a list of languages that are currently available for translation.
+Go to the [Project](https://translate.codeberg.org/projects/forgejo/forgejo/) page. You'll see the list of languages that are currently available for translation. Click on your language.
 
-From the language page it is possible to browse all translation strings, as well as untranslated, unfinished and failing translations.
+From the language page you can browse all translation strings, as well as untranslated, unfinished and failing ones.
 
 ### Suggesting changes
 
-Anonymous suggestions for changes and additions to the existing translation can be submitted by finding the string for which to suggest a change, typing the change in, and then clicking "Suggest".
-
-All suggested change will be checked before being accepted. Since most localization members are likewise volunteers, this can take a while.
+You can suggest changes and additions to the existing translation anonymously: find the string for which you want to suggest a change, type your change in, and click "Suggest". Your change will be checked before being accepted. Most contributors are volunteers, this can take a while.
 
 ### Making direct changes, accepting suggestions
 
-Direct changes require a [Codeberg](https://codeberg.org/) account which can be used to access the [Codeberg Translate](https://translate.codeberg.org/) account.
+Making direct changes requires a [Codeberg](https://codeberg.org/) account. Use it to log into [Codeberg Translate](https://translate.codeberg.org/).
 
-If the translation is not approved it is possible to edit the string again and use the "Save" button to save the change. Existing suggestions can either be applied, or rejected by optionally specifying the rejection reason.
+If the string is not translated or approved, you can edit it and use the "Save" button to save the change. You can also apply existing suggestions by clicking the checkmark icon, or reject, optionally specifying the rejection reason.
 
-Once the string is translated and approved it can only be changed by a Forgejo **Localization Team** member, though everyone else is still able suggest changes.
+If the string is translated and approved, it can only be changed by a Forgejo Localization team member, but everyone else is still able suggest changes.
 
 To protect the existing translations from vandalism, all strings imported from Gitea were automatically marked as approved.
 
 ### Adding a new language
 
-If your language is not available in the language list it must be added first before translating.
+If your language is not available in the language list, you must add first it before translating.
 
-To add a new language, go to the [page for starting new translation](https://translate.codeberg.org/new-lang/forgejo/forgejo/), select a language and click "Start new translation".
+To add a new language, go to the [page for starting new translation](https://translate.codeberg.org/new-lang/forgejo/forgejo/), select your language and click "Start new translation".
 
 ### E-mail privacy
 
-By default, Weblate will use an accounts primary e-mail address for all contributions. If you want to adjust this behavior go to [Weblate settings - Account](https://translate.codeberg.org/accounts/profile/#account) and select a different e-mail under "Commit e-mail" section. Select `@users.noreply.translate.codeberg.org` address to avoid using a unmasked e-mail address.
+By default, Weblate will use your primary e-mail address for your contributions. If you want to adjust this behavior, go to [Weblate settings - Account](https://translate.codeberg.org/accounts/profile/#account) and select a different e-mail under "Commit e-mail" section. You can select `@users.noreply.translate.codeberg.org` address to avoid using any real e-mail address.
+
+## Joining the Localization team
+
+If you want to be more involved in maintaining the translation - consider becoming a part of the Localization team.
+
+In order to apply to the team you must open a new issue at [forgejo/governance](https://codeberg.org/forgejo/governance) repository. See [previous applications](https://codeberg.org/forgejo/governance/issues?q=application+to+the+localization+team&state=closed) for inspiration.
+
+In your application message, please include:
+
+- your motivation for becoming a member
+- your experience at translating other projects and using Weblate. e.g. link(s) to your public translation profile(s) or contributions
+
+Application process takes 2 weeks or more. However, it doesn't prevent you from working on the translation: you can add suggestions which you will be able accept later being a team member, translate new strings, add comments and discuss the translation.
+
+It is a good idea to work on the translation first for a bit, before applying to the Localization team, to see how the workflow looks like.
+
+Please apply to the team only if you want your actions as a team member to be beneficial to all translation users.
 
 ## Discussing the translation
 
-To ask questions, clarify string meaning, report vandalism or suggest changes to source strings post in [Matrix room](https://matrix.to/#/#forgejo-localization:matrix.org) or [issues](https://codeberg.org/forgejo/forgejo/issues). Doing this is not restricted to members of the **Localization Team**.
-
-## Joining the Localization Team
-
-Any [Codeberg Translate](https://translate.codeberg.org) user is able to suggest translations, translate new strings, add comments and discuss existing translations with our **Localization Team**.
-
-If you would like to maintain the translation, join the **Localization Team** as a member by sending us an application.
-
-However, before doing that, we recommend working on translations independently before applying. This allows time to get used to the workflow and collaborating within the **Localization Team**. Members are able to accept their own suggestions.
-
-### Applying
-
-In order to become a member of the team apply by opening a new issue at [forgejo/governance](https://codeberg.org/forgejo/governance) repository. See [previous applications](https://codeberg.org/forgejo/governance/issues?q=application+to+the+localization+team&state=closed) for inspiration.
-
-In the application message, state the following:
-
-- Motivation for becoming a member.
-- Experience translating other projects and using Weblate. E.g. link(s) to public translation profile(s) or contribution(s).
-
-The application process will take approximately two (2) weeks (or more) to complete.
-
-### Responsibilities
-
-Becoming a part of any of our team comes with a couple of responsibilities:
-
-- Members must act in accordance to the [Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
-- Members must act in accordance to all other rules and process that Forgejo agrees on through [its decision making process](https://codeberg.org/forgejo-contrib/governance/src/branch/main/DECISION-MAKING.md).
-
-Translations should aim to target people of different backgrounds across all reasonable end user locales.
-
-Since text is highly subjective, this is simply a goal that should be striven for and not a measurable requirement. Remain receptive to creative feedback from the **Localization Team** members.
+Ask questions, clarify string meaning, report vandalism and suggest changes to source strings in [Matrix room](https://matrix.to/#/#forgejo-localization:matrix.org) or [issues](https://codeberg.org/forgejo/forgejo/issues). For this you don't need to be a member of the Localization team.
 
 ## Troubleshooting
 
-When having problems using Weblate, there are multiple support channels available:
+If you have problems using Weblate, there are multiple support channels available:
 
 - [Weblate documentation](https://docs.weblate.org)
 - [Weblate issues](https://github.com/WeblateOrg/weblate/issues)

docs/developer/static-pages.md

@@ -1,121 +0,0 @@
----
-title: Static pages
-license: 'CC-BY-SA-4.0'
----
-
-LXC container dedicated to hosting static HTML pages.
-
-# LXC container
-
-See the [static-pages section in the infrastructure documentation](../infrastructure/).
-
-# SSL on the LXC host
-
-Each domain has a `/etc/nginx/sites-available/f3.forgefriends.forgejo.org` file similar to the following
-on the host where the LXC container resides.
-
-```nginx
-server {
-    listen 80;
-    listen [::]:80;
-
-    server_name f3.forgefriends.forgejo.org;
-
-    location / {
-        proxy_pass http://10.6.83.106:80;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-}
-```
-
-Obtain the certificate:
-
-```sh
-ln -sf /etc/nginx/sites-available/f3.forgefriends.forgejo.org /etc/nginx/sites-enabled/f3.forgefriends.forgejo.org
-sudo certbot -n --agree-tos --email contact@forgejo.org -d f3.forgefriends.forgejo.org --nginx
-```
-
-# Creation in the LXC container
-
-With the example of `f3.forgefriends.forgejo.org` and
-`f3.forgefriends.org` serving the same content.
-
-## login
-
-From the LXC host:
-
-```sh
-lxc-helpers.sh lxc_container_run static-pages -- sudo --user $USER bash
-```
-
-## nginx
-
-```
-$ cat /etc/nginx/sites-enabled/f3.forgefriends.org
-server {
-        listen 80;
-        listen [::]:80;
-
-        server_name f3.forgefriends.org f3.forgefriends.forgejo.org;
-
-        root /var/www/f3.forgefriends.org;
-
-        location / {
-                try_files $uri $uri/ =404;
-        }
-}
-```
-
-## clone
-
-```sh
-git clone https://code.forgejo.org/f3/html-documentation /var/www/f3.forgefriends.org
-```
-
-# Update in the LXC container
-
-## Webhook
-
-Create a `POST` webhook with the URL `https://f3.forgefriends.forgejo.org/.well-known/forgejo/f3.forgefriends.org` on https://code.forgejo.org/f3/html-documentation. It is expected to fail with 404, the information will be extracted from the web server logs.
-
-To verify that it works:
-
-- `journalctl -f --unit static-pages`
-- `Test delivery` at https://code.forgejo.org/f3/html-documentation/settings/hooks/4
-
-## Service
-
-### git pull on change
-
-```sh
-$ cat /usr/local/bin/static-pages.sh
-#!/bin/bash
-
-sudo tail -f /var/log/nginx/access.log | sed --silent --regexp-extended --unbuffered --expression 's|.*.well-known/forgejo/([^ /]+) .*|\1|p' | while read server ; do
-    d="/var/www/$server"
-    if test -d "$d" ; then
-        echo "update $server"
-        cd "$d"
-        git pull
-    else
-        echo "unknown server $server"
-    fi
-done
-```
-
-### service
-
-```sh
-$ cat /etc/systemd/system/static-pages.service
-[Unit]
-Description=Static pages
-
-[Service]
-User=debian
-ExecStart=/usr/local/bin/static-pages.sh
-
-[Install]
-WantedBy=multi-user.target
-$ sudo systemctl enable static-pages
-```

docs/index.md

@@ -1,5 +1,5 @@
 ---
-title: 'Forgejo prerelease documentation'
+title: 'Forgejo v7.0 documentation'
 ---
 
 - [What is Forgejo?](/)

docs/license.md

@@ -22,4 +22,4 @@ licensed under [multiple licenses](https://fontawesome.com/license/free).
 
 Codeberg and the Codeberg Logo are trademarks of Codeberg e.V.
 
-"Knut the Polar Bear" has been derived from [Polar bear remix](https://web.archive.org/web/20240318012628if_/https://openclipart.org/detail/193243/polar-bear-remix), under CC0 1.0
+"Knut the Polar Bear" has been derived from https://openclipart.org/detail/193243/polar-bear-remix, under CC0 1.0

docs/user/actions.md

@@ -166,11 +166,8 @@ by using the https://code.forgejo.org/actions/cache action.
 There is no guarantee that the cache is populated, even when two `jobs`
 run in sequence. It is not a substitute for `artifacts`.
 
-See also the [set of examples](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/actions/example-cache/.forgejo/workflows/).
-
-> **NOTE:** [actions/cache](https://code.forgejo.org/actions/cache) will us `zstd` if present when compressing files to be sent to the cache. It is faster than the default compression.
-
-> **NOTE:** if the runner is not configured to provide a cache, [actions/cache](https://code.forgejo.org/actions/cache) will fail with the following error: `Cache action is only supported on GHES version >= 3.5`.
+Note that [actions/cache](https://code.forgejo.org/actions/cache) has `zstd`
+as a dependency for creating tar archives in the runner.
 
 ## Auto cancellation of workflows
 
@@ -179,7 +176,7 @@ triggered by parent commits are canceled.
 
 ## Services
 
-PostgreSQL, Redis and other services can be run from container images with something similar to the following. See also the [set of examples](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/actions/example-service/.forgejo/workflows/).
+PostgreSQL, redis and other services can be run from container images with something similar to the following. See also the [set of examples](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/actions/example-service/.forgejo/workflows/).
 
 ```yaml
 services:
@@ -210,7 +207,7 @@ A list of command and arguments, equivalent to [[COMMAND] [ARG...]](https://docs
 
 A string of additional options, as documented [docker run](https://docs.docker.com/engine/reference/commandline/run/). For instance: "--workdir /myworkdir --ulimit nofile=1024:1024".
 
-> **NOTE:** the `--volume` option is restricted to a allowlist of volumes configured in the runner executing the task. See the [Forgejo Actions administrator guide](../../admin/actions/) for more information.
+> **NOTE:** the `--volume` option is restricted to a whitelist of volumes configured in the runner executing the task. See the [Forgejo Actions administrator guide](../../admin/actions/) for more information.
 
 ### username
 
@@ -650,7 +647,7 @@ jobs:
     runs-on: docker
 ```
 
-means that the `Forgejo runner` that claims to provide a kind of machine labeled `docker` will be selected by `Forgejo` and sent the job to be run.
+means that the `Forgejo runner` that claims to provide a kind of machine labelled `docker` will be selected by `Forgejo` and sent the job to be run.
 
 The actual machine provided by the runner **entirely depends on how the `Forgejo runner` was registered** (see the [Forgejo Actions administrator guide](../../admin/actions/) for more information).
 
@@ -679,8 +676,8 @@ jobs:
     runs-on: self-hosted
     strategy:
       matrix:
-        variant: ['bookworm', 'bullseye']
-        node: ['18', '20']
+        variant: ["bookworm", "bullseye"]
+	node: ["18", "20"]
 ```
 
 Will create four jobs where:
@@ -707,7 +704,7 @@ steps:
 ### `jobs.<job_id>.container.image`
 
 - **Docker or Podman:**
-  If the default image is unsuitable, a job can specify an alternate container image with `container:`, [as shown in this example](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/actions/example-container/.forgejo/workflows/test.yml). If not specified, the shell defaults to `sh`. For instance the following will ensure the job is run using [Alpine 3.18](https://hub.docker.com/_/alpine/tags?name=3.18).
+  If the default image is unsuitable, a job can specify an alternate container image with `container:`, [as shown in this example](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/actions/example-container/.forgejo/workflows/test.yml). For instance the following will ensure the job is run using [Alpine 3.18](https://hub.docker.com/_/alpine/tags?name=3.18).
 
   ```yaml
   runs-on: docker
@@ -752,7 +749,7 @@ container:
 
 Set the volumes for the container to use, as if provided with the `--volume` argument of the `docker run` command.
 
-> **NOTE:** the `--volume` option is restricted to a allowlist of volumes configured in the runner executing the task. See the [Forgejo Actions administrator guide](../../admin/actions/) for more information.
+> **NOTE:** the `--volume` option is restricted to a whitelist of volumes configured in the runner executing the task. See the [Forgejo Actions administrator guide](../../admin/actions/) for more information.
 
 > **NOTE:** ignored if `jobs.<job_id>.runs-on` is an LXC container.
 
@@ -762,7 +759,7 @@ Set the volumes for the container to use, as if provided with the `--volume` arg
 
 A string of additional options, as documented in [docker run](https://docs.docker.com/engine/reference/commandline/run/). For instance: "--workdir /myworkdir --ulimit nofile=1024:1024".
 
-> **NOTE:** the `--volume` option is restricted to a allowlist of volumes configured in the runner executing the task. See the [Forgejo Actions administrator guide](../../admin/actions/) for more information.
+> **NOTE:** the `--volume` option is restricted to a whitelist of volumes configured in the runner executing the task. See the [Forgejo Actions administrator guide](../../admin/actions/) for more information.
 
 > **NOTE:** ignored if `jobs.<job_id>.runs-on` is an LXC container.
 
@@ -828,7 +825,7 @@ jobs:
     steps:
       - run: |
           grep Alpine /etc/os-release
-          echo SUCCESS
+	  echo SUCCESS
 ```
 
 [Check out the example](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/actions/example-container/.forgejo/workflows/test.yml)
@@ -844,41 +841,12 @@ The working directory from which the script specified with `jobs.<job_id>.step[*
 
 ### `jobs.<job_id>.steps[*].shell`
 
-The shell used to run the script specified with `jobs.<job_id>.step[*].run`. If not specified it defaults to `bash`.
-
-For instance:
+The shell used to run the script specified with `jobs.<job_id>.step[*].run`. For instance:
 
 ```yaml
-jobs:
-  test:
-    runs-on: docker
-    steps:
-      - run: echo using bash here
-```
-
-Or to specify that `sh` must be used instead:
-
-```yaml
-jobs:
-  test:
-    runs-on: docker
-    steps:
-      - shell: sh
-	    run: echo using sh here
-```
-
-If `jobs.<job_id>.container.image` is set and the shell is not specified, it defaults to `sh`.
-
-For instance:
-
-```yaml
-jobs:
-  test:
-    runs-on: docker
-    container:
-      image: alpine:3.20
-    steps:
-      - run: echo using sh here
+steps:
+  - shell: bash
+    run: echo $PATH
 ```
 
 [Check out the example](https://code.forgejo.org/forgejo/end-to-end/src/branch/main/actions/example-pull-request/.forgejo/workflows/test.yml)
@@ -1070,14 +1038,13 @@ test "KEY2=$KEY2" = "KEY2=value2"
 ## Glossary
 
 - **action:** a repository that can be used in a way similar to a function in any programming language to run a single **step**.
-- **artifact:** a file or collection of files produced during a **workflow** **run**.
-- **automatic token:** the unique token created during each **run** by the **runner**.
-- **context:** top level objects containing the current state of a **run** containing information about the **workflow** and the **runner** handling the **job**.
+- **artifact** is a file or collection of files produced during a **workflow** run.
+- **automatic token** is the token created at the beginning of each **workflow**.
+- **context** is a top level object available in an expression that contains information about the running workflow.
 - **expression:** a string enclosed in `${{ ... }}` and evaluated at runtime.
 - **job:** a sequential set of **steps**.
-- **label:** the kind of machine that is matched against the value of `runs-on` in a **workflow**.
-- **run:** the execution of a **job**.
-- **runner:** the [Forgejo runner](https://code.forgejo.org/forgejo/runner) daemon created to execute the **workflows**.
+- **label** the kind of machine that is matched against the value of `runs-on` in a **workflow**.
+- **runner:** the [Forgejo runner](https://code.forgejo.org/forgejo/runner) daemon tasked to execute the **workflows**.
 - **step:** a command the **runner** is required to carry out.
-- **workflow:** a file in the `.forgejo/workflows` directory containing **jobs**.
-- **workspace:** the directory where the files of the **job** are stored and shared between all **step**s.
+- **workflow or task:** a file in the `.forgejo/workflows` directory that contains **jobs**.
+- **workspace** is the directory where the files of the **job** are stored and shared between all **step**s.

docs/user/code-search.md

@@ -7,18 +7,10 @@ Forgejo supports code search through an indexer and `git-grep` as a fallback whe
 
 # Basic (git-grep)
 
-![Code search results page using git-grep](../_images/user/code-search/gitgrep.png)
-
 If `REPO_INDEXER_ENABLED` is set to `false`, the code search function will be limited to a single repository and will use [`git-grep`](https://git-scm.com/docs/git-grep).
 
-Currently, only fixed strings are supported and any case differences are ignored. The search results will include the matched line, along with a single line before and after the match.
-
-Since, the searches are performed in the fly they may be performed on any valid branch or tag.
+Currently, only fixed strings are supported and any case differences are ignored. The search results will include the matched line, along with a context of three lines before and after the match. The search query will be executed on the default branch of the repository.
 
 # Indexer
 
-![Code search results page using indexer](../_images/user/code-search/indexer.png)
-
 For advanced search queries and searching across an entire organisation or instance, `REPO_INDEXER_ENABLED: true` enables code search via bleve/elasticsearch.
-
-However, search results are limited to the HEAD of the repository.

docs/user/email-settings.md

@@ -27,7 +27,7 @@ In the section “Manage Email Addresses”, you can select one of the following
 When you're finished, press the button “Set Email Preference” to confirm your selection.
 
 > **Note:**
-> Disabling email notifications doesn't mean that you'll stop receiving important messages from the Forgejo organization.
+> Disabling email notifications doesn't mean that you'll stop receiving important messages from the Forgejo organisation.
 
 ## Issue notifications
 

docs/user/first-repository.md

@@ -24,32 +24,31 @@ Here's an explanation of the form's fields:
 
 - **Owner** Here, you can specify whether you want this to be your own personal project or whether you want it to be part of an organization that you're a part of
 - **Repository name** A name for your repository (which will also be part of its path, in this case `https://codeberg.org/knut/foobar`)
-- **Visibility** Repositories are either _public_ or _private_, where public means that everyone will be able to access your repository, while your private repositories can only be accessed by you and your collaborators (see [Invite Collaborators](https://docs.codeberg.org/collaborating/invite-collaborators/))
+- **Visibility** Repositories are either _public_ or _private_, where public means that everyone will be able to access your repository, while your private repositories can only be accessed by you and your collaborators (see [Invite Collaborators](../invite-collaborators))
 - **Description** A short description that appears next to your repository's name where appropriate
 - **Template** Occasionally you may want to generate your repository from an existing template. In that case, you can specify that template here. Otherwise, simply leave this field empty.
 - **Issue Labels** If you want to initialize your project's issue tracker with a set of labels that you can use to categorize issues, you can choose one here. You don't have to choose this right away though, as you can choose and modify issue labels at a later time as well.
-- **.gitignore** A [.gitignore](https://git-scm.com/docs/gitignore) file defines which files Git should not keep track of. This is useful, for example to prevent configuration files or binaries to be tracked in version control. You can choose to add a predefined file matching the programming language you use now, or add one manually later.
+- **.gitignore** A [.gitignore](https://git-scm.com/docs/gitignore) file defines which files Git should not keep track of. This is useful, for example to prevent configuration files or binaries to be tracked in version control. You can choose to add a pre-defined file matching the programming language you use now, or add one manually later.
 - **License** Here, you can choose from a list of FSF/OSI approved licenses. A `LICENSE` file will then be added to the repository. For some help on choosing the correct license, have a look at our [licensing article](/getting-started/licensing/).
 - **README** is the first file one should read when accessing a repository. It's also the first file displayed when accessing a repository, a bit like the "homepage" of your repository. On Forgejo, this is interpreted as a [Markdown](/markdown/) file.
 - **Initialize repository** In order to add the `LICENSE`, `README` and `.gitignore` files mentioned above to your new repository, make sure you tick this box.
 - **Default branch** Using this field, you can choose how to name the default branch of your Git repository. We recommend you use the predefined default.
-- **Object format** is the repository's object format. We recommend SHA1 as it's the most compatible. It cannot be changed later once the repository has been created.
 
 It's okay to only specify owner and repository name, if you want to get started quickly.
 After filling out the fields, click the green "Create Repository" button on the bottom of the page.
 
 You should now see a screen similar to the one below. If you haven't chosen to generate `LICENSE`, `README` and `.gitignore` the screen might show instructions instead, which will vanish after [your first commit](#making-your-first-commit/).
 
-![screenshot showing a freshly baked repository](../_images/user/first-repository/create-repo-3.png)
+![screenshot showing a freshly baken repository](../_images/user/first-repository/create-repo-3.png)
 
 Here's what the most important buttons do:
 
 - **Repository Settings (1)** is where you can make adjustments to your repository settings, such as setting a project website, changing the repository description, enabling/disabling a wiki and issue tracker or deleting the repository. You may want to give this page a visit right now, to get an overview of your options.
-- **The RSS, Watch, Star and Fork buttons (2)** allow you to interact with other people's repositories. While they don't do much for your own repository, when visiting another user's repository, you can click on "Watch" to get notified about everything important happening in that repository, "Star" to show the user your appreciation (and to help other users find interesting projects more quickly) and "Fork" to create your own copy of the repository, for example to make modifications that you want to share with the original author. You can also use the RSS button to get the RSS feed of the repository.
-- **The Repository Tabs (3)** contain links to every important feature within this repository (some may not be visible by default):
+- **The Watch, Star and Fork buttons (2)** allow you to interact with other people's repositories. While they don't do much for your own repository, when visiting another user's repository, you can click on "Watch" to get notified about everything important happening in that repository, "Star" to show the user your appreciation (and to help other users find interesting projects more quickly) and "Fork" to create your own copy of the repository, for example to make modifications that you want to share with the original author.
+- **The Repository Tabs (3)** contain links to every important feature within this repository:
   - **Code** lets you browse through all versions of this repository's code.
   - **Issues** is a very important communication tool between the author, their users and their contributors. Think of it as part bug-tracker, part forum.
-    For more information on this, have a look at [The Basics of Issue Tracking](../issue-tracking-basics/)
+    For more information on this, have a look at [The Basics of Issue Tracking](/getting-started/issue-tracking-basics/)
   - **Pull Requests** is where other users can ask the author to "pull" in code, from a fork into the author's program.
   - **Releases** is a space where the author can upload finished versions of their program, e.g. binaries
   - **Wiki** is a basic wiki feature built into Forgejo.
@@ -136,7 +135,7 @@ When you clone a repository from the Internet, the URL that you got your copy of
 If your local copy of the repository is missing some commits that exist in the remote repository, pushing will result in an error. There are two ways to fix this:
 
 - Run `git pull` to combine your local changes with the changes that exist in the remote repository. If this does not work, please follow the instructions in your terminal.
-- If you know what you are doing, you can also overwrite the remote repository using `git -f push`.
+- If you know what you are doing, you can also overwrite the remote repository uaing `git -f push`.
   This action will **permanently** alter your remote repository and is not suitable if you are working on a project together with other people.
 
 ## Making your first commit

docs/user/issue-tracking-basics.md

@@ -24,7 +24,7 @@ You can switch between issues that are still open, and those that are already re
 Some projects define milestones **(4)**, to which issues can be assigned. They are good for
 visualizing the progress of a project's development.
 
-You can create an issue by clicking on the orange "New Issue" button **(5)** at the top right
+You can create an issue by clicking on the green "New Issue" button **(5)** at the top left
 of the issues list.
 
 Issues in the issue tracker are public, and everyone is able to read and answer them.

docs/user/language-detection.md

@@ -32,7 +32,7 @@ While some of the categories are rather straightforward, a little explanation ab
 
 **Dotfiles** are files whose name starts with a dot, which by convention, suggests they should be hidden, and as such, they are excluded from language statistics.
 
-**Programming languages** and **Markup languages** are more or less self explanatory. The former category includes languages like C, Go, Rust, JavaScript, and many, many others. Markup languages are CSS, HTML, Jinja templates, Jupyter Notebooks, and numerous other formats.
+**Programming languages** and **Markup languages** are more or less self explanatory. The former category includes languages like C, Go, Rust, JavaScript, and many, many others. Markup languages are CSS, HTML, Jinja templates, Jupyter Notebooks, and numeruous other formats.
 
 Please consult the [enry][enry] or [linguist][linguist] documentation for more details.
 

docs/user/merge-message-templates.md

@@ -37,4 +37,4 @@ You can use the following variables enclosed in `${}` inside these templates whi
 When rebasing without a merge commit, `REBASE_TEMPLATE.md` modifies the message of the last commit. The following additional variables are available in this template:
 
 - CommitTitle: Commit's title
-- CommitBody: Commit's body text
+- CommitBody: Commits's body text

docs/user/oauth2-provider.md

@@ -6,12 +6,6 @@ origin_url: 'https://github.com/go-gitea/gitea/blob/e865de1e9d65dc09797d165a51c8
 
 Forgejo supports acting as an OAuth2 provider to allow third party applications to access its resources with the user's consent.
 
-> **NOTE:** scoped tokens or personal access tokens are entirely different from OAuth2, see the [Access Token scope](../token-scope/) section for more information.
-
-Forgejo can act as an instance wide OAuth2 provider. To achieve that, OAuth2 applications must be created in the `/admin/applications` page.
-
-> **NOTE:** Third party applications obtaining a token for a user via such an application will have administrative rights. OAuth2 scopes are not yet implemented.
-
 ## Endpoints
 
 | Endpoint                 | URL                                 |
@@ -31,6 +25,10 @@ At the moment Forgejo only supports the [**Authorization Code Grant**](https://t
 
 To use the Authorization Code Grant as a third party application it is required to register a new application via the "Settings" (`/user/settings/applications`) section of the settings. To test or debug you can use the web-tool https://oauthdebugger.com/.
 
+## Scoped Tokens
+
+See the [Access Token scope](../token-scope/) section for more information.
+
 ## Client types
 
 Forgejo supports both confidential and public client types, [as defined by RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1).
@@ -76,45 +74,6 @@ It is possible for any user to manually register a new OAuth2 application in the
 
 ## Examples
 
-### Using a Codeberg as an authentication source
-
-In this example https://v7.next.forgejo.org will be configured to add the option to delegate user registration to https://codeberg.org.
-
-![Login page with Codeberg authentication source](../_images/user/oauth2-provider/authsource-intro-login-page.png)
-
-> **NOTE:** in the OAuth2 jargon, https://v7.next.forgejo.org is the OAuth2 client and Codeberg is the OAuth2 provider
-
-- Choose an arbitrary but distinctive name for the OAuth2 provider: (e.g. **Codeberg**).
-- Choose an existing Codeberg user to create the OAuth2 application. It does not need to be a user with elevated privileges. (e.g. **user-for-oauth-application**)
-- On https://codeberg.org, login as **user-for-oauth-application**
-  - Visit https://codeberg.org/user/settings/applications and create a new OAuth2 application. There needs to be only one redirect URI, composed with the abitrary name that was chosen above: https://v7.next.forgejo.org/user/oauth2/Codeberg/callback.
-    ![Create a new OAuth2 application](../_images/user/oauth2-provider/authsource-provider-create.png)
-  - When created, the OAuth2 application is given a **Client ID** and a **Client secret** that https://v7.next.forgejo.org will need to let https://codeberg.org know it is an authorized OAuth2 client.
-    ![Client ID and secret of a new OAuth2 application](../_images/user/oauth2-provider/authsource-provider-show.png)
-- On https://v7.next.forgejo.org, login as a user with admin privileges
-  - Create a new authentication source on https://v7.next.forgejo.org, the Forgejo instance that is going to act as the OAuth2 client, allowing its users to register using the account they have on https://codeberg.org.
-    - Visit https://v7.next.forgejo.org/admin/auths/new to create the authentication source with:
-      - **Authentication type:** OAuth2
-      - **Authentication name:** the abitrary name that was chosen above (e.g. **Codeberg**)
-      - **OAuth2 provider:** OpenID Connect
-      - **Client ID:** copy/pasted from the OAuth2 application created on Codebeg
-      - **Client Secret:** copy/pasted from the OAuth2 application created on Codebeg
-      - **Icon URL:** https://design.codeberg.org/logo-kit/icon.svg
-      - **OpenID Connect Auto Discovery URL:** https://codeberg.org/.well-known/openid-configuration
-      - Leave all other fields to their default values
-        ![Create a new OAuth2 authentication soure](../_images/user/oauth2-provider/authsource-client-create.png)
-    - It will show in the list of authentication sources at https://v7.next.forgejo.org/admin/auths.
-      ![List of OAuth2 authentication soure](../_images/user/oauth2-provider/authsource-client-list.png)
-- On https://v7.next.forgejo.org, not logged in
-  - Visit https://v7.next.forgejo.org/user/login
-    ![Login page with Codeberg authentication source](../_images/user/oauth2-provider/authsource-intro-login-page.png)
-  - Click on **Sign in with Codeberg** to be redirected to Codeberg and authorize https://v7.next.forgejo.org to obtain the details of your account (user name, email, etc.). If you are not already logged in Codeberg, you will need to before this authorization request is presented to you.
-    ![Authorizing v7.next.forgejo.org](../_images/user/oauth2-provider/authsource-intro-login-confirm.png)
-  - Review the pre-filled information that will be used to create your account on https://v7.next.forgejo.org.
-    ![Filling account information](../_images/user/oauth2-provider/authsource-intro-login-create.png)
-  - You are redirected to the home page of the newly created account.
-    ![User home page](../_images/user/oauth2-provider/authsource-intro-login-home.png)
-
 ### Confidential client
 
 **Note:** This example does not use PKCE.

docs/user/packages/container.md

@@ -37,7 +37,7 @@ docker build -t {registry}/{owner}/{image}:{tag} .
 docker tag {some-existing-image}:{tag} {registry}/{owner}/{image}:{tag}
 ```
 
-where your registry is the domain of your forgejo instance (e.g. forgejo.example.com).
+where your registry is the domain of your gitea instance (e.g. gitea.example.com).
 For example, these are all valid image names for the owner `testuser`:
 
 `forgejo.example.com/testuser/myimage`

docs/user/profile.md

@@ -22,7 +22,7 @@ Making the `.profile` repository private will hide the Profile README.
 Rather than supporting multiple social links on the profile card, under the user
 avatar, such links - including
 [`rel=me`](https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel/me)
-attributes - can be placed in the `.profile` README instead. This gives a user a
+attributes - can be placed in the `.profile` readme instead. This gives a user a
 lot of flexibility on how they wish to display these links. To add a `rel=me`
 attribute, the link should be written in HTML, rather than in Markdown format,
 for example: `<a rel="me"

docs/user/repo-mirror.md

@@ -28,7 +28,7 @@ For an existing remote repository, you can set up pull mirroring as follows:
 
 The repository now gets mirrored periodically from the remote repository. You can force a sync by selecting **Synchronize Now** in the repository settings.
 
-:exclamation::exclamation: **NOTE:** You can only set up pull mirroring for repositories that don't exist yet on your instance. Once the repository is created, you can't convert it into a pull mirror anymore. :exclamation::exclamation:
+:exclamation::exclamation: **NOTE:** You can only set up pull mirroring for repos that don't exist yet on your instance. Once the repo is created, you can't convert it into a pull mirror anymore. :exclamation::exclamation:
 
 ## Pushing to a remote repository
 

docs/user/repo-permissions.md

@@ -6,7 +6,7 @@ origin_url: 'https://codeberg.org/Codeberg/Documentation/src/commit/85d333f48bad
 
 When you invite collaborators to join your repository or when you create teams for your organization, you have to decide what each collaborator/team is allowed to do.
 
-You can assign teams different levels of permission for each unit (e.g. issues, PRs, wiki).
+You can assign teams different levels of permission for each unit (e.g. issues, PR's, wiki).
 
 ## Profile and Visibility
 

docs/user/token-scope.md

@@ -30,7 +30,7 @@ Forgejo token scopes are as follows:
 |     **read:notification**  | Grants read access to user notifications, such as which notifications users are subscribed to and read new notifications.                            |
 |     **write:notification** | Grants read/write/delete access to user notifications, such as marking notifications as read.                                                        |
 | **organization**                          | `orgs/*` and `teams/*` API routes: Organization and team management operations.                                                                      |
-|     **read:organization**  | Grants read access to org and team status, such as listing all organizations a user has visibility to, teams, and team members.                      |
+|     **read:organization**  | Grants read access to org and team status, such as listing all orgs a user has visibility to, teams, and team members.                               |
 |     **write:organization** | Grants read/write/delete access to org and team status, such as creating and updating teams and updating org settings.                               |
 | **package**                               | `/packages/*` API routes: Packages operations                                                                                                        |
 |     **read:package**       | Grants read access to package operations, such as reading and downloading available packages.                                                        |
@@ -39,5 +39,5 @@ Forgejo token scopes are as follows:
 |     **read:repository**    | Grants read access to repository operations, such as getting repository files, releases, collaborators.                                              |
 |     **write:repository**   | Grants read/write/delete access to repository operations, such as getting updating repository files, creating pull requests, updating collaborators. |
 | **user**                                  | `/user/*` and `/users/*` API routes: User-related operations.                                                                                        |
-|     **read:user**          | Grants read access to user operations, such as getting user repository subscriptions and user settings.                                              |
-|     **write:user**         | Grants read/write/delete access to user operations, such as updating user repository subscriptions, followed users, and user settings.               |
+|     **read:user**          | Grants read access to user operations, such as getting user repo subscriptions and user settings.                                                    |
+|     **write:user**         | Grants read/write/delete access to user operations, such as updating user repo subscriptions, followed users, and user settings.                     |

docs/user/versions.md

@@ -23,7 +23,7 @@ and they match what is displayed by the CLI or the web UI.
 
 ## Compatibility with Gitea
 
-As of Forgejo 7.0.0 tools designed to work with Gitea 1.22.0 and
+As of Forgejeo 7.0.0 tools designed to work with Gitea 1.22.0 and
 below are compatible and do not need any modification to keep working.
 
 In the future, if a tool wants to assert the level of compatibility of

docs/user/webhooks.md

@@ -119,7 +119,7 @@ X-Gitea-Event: push
 
 ### Example
 
-This is an example of how to use webhooks to run a PHP script upon push requests to the repository.
+This is an example of how to use webhooks to run a php script upon push requests to the repository.
 In your repository Settings, under Webhooks, Setup a Forgejo webhook as follows:
 
 - Target URL: http://example.com/webhook.php
@@ -129,7 +129,7 @@ In your repository Settings, under Webhooks, Setup a Forgejo webhook as follows:
 - Trigger On: Push Events
 - Active: Checked
 
-Now on your server create the PHP file webhook.php
+Now on your server create the php file webhook.php
 
 ```
 <?php

docs/user/wiki.md

@@ -5,7 +5,7 @@ origin_url: 'https://codeberg.org/Codeberg/Documentation/src/commit/85d333f48bad
 ---
 
 A [wiki](https://en.wikipedia.org/wiki/Wiki) is a collaborative space on the web. It is a common practice to use wikis to collect knowledge and share information.  
-Codeberg allows you to add a wiki to a repository for additional documentation.
+Codeberg allows you to add a wiki to a repo for additional documentation.
 
 The user in these examples is `knut`, the polar bear and its repository is `foobar`.
 
@@ -23,7 +23,7 @@ To edit the wiki `write` permission to the repository is required, unless the `A
 
 ## Wiki structure
 
-The wiki is essentially a separate Git repository in your repository with a predefined name in the form of `<your-repository-name>.wiki.git`.
+The wiki is essentially a separate Git repo in your repository with a predefined name in the form of `<your-repository-name>.wiki.git`.
 
 It consists of [Markdown](https://en.wikipedia.org/wiki/Markdown) files (file extension `.md`) and additional assets like images.  
 No further stylesheets are needed. The Markdown files are automatically rendered according to the selected Forgejo theme.
@@ -40,7 +40,7 @@ Clicking on the "Insert Image" button will make the following text appear in you
 
 ## Adding content using a local Git client
 
-You can work with the wiki repository as you would with any other Git repository on Forgejo.
+You can work with the wiki repo as you would with any other Git repo on Forgejo.
 
 ```shell
 git clone git@codeberg.org:knut/foobar.wiki.git

lychee.toml

@@ -1,9 +0,0 @@
-no_progress = true
-output = "report.md"
-cache = true
-accept = ["200", "429"]
-scheme = ["https","http"]
-skip_missing = false
-include_verbatim = false
-exclude = ['^https://forgejo\.octopuce\.forgejo\.org','http://private.forgejo.org', 'https://codeberg.org/forgejo/forgejo/vX.Y/forgejo']
-exclude_all_private = true

scripts/cli-docs.sh

@@ -79,7 +79,6 @@ function generate() {
     section "###" "forgejo-cli actions generate-runner-token"
     section "###" "forgejo-cli actions generate-secret"
     section "###" "forgejo-cli actions register"
-    section "###" "forgejo-cli f3"
 
     section "##" "web"