Forgejo Podman Quadlet Setup

A rootless Forgejo instance running as a Podman Quadlet with systemd.

What's included

• forgejo.container — Podman Quadlet container definition
• forgejo.network — Podman network
• forgejo-data.volume — Persistent data volume
• forgejo-config.ini.example — Forgejo configuration template (no secrets)
• forgejo.env.example — Template for secrets (tokens, SMTP credentials)
• forgejo-templates/ — Custom templates (landing page, analytics header)
• forgejo-public/ — Custom static assets
• install.sh — Setup script that generates secrets and starts the service

Configuration highlights

• SQLite database, no external dependencies
• Public registration with manual admin approval
• New users cannot create repos or orgs (contribute-only by default)
• SMTP via mailbox.org (STARTTLS on port 587)
• Email notifications enabled
• Gravatar disabled
• Default repo visibility: private
• Time tracking disabled
• Secrets kept out of config via FORGEJO__section__key env var overrides

Install

# Clone into the systemd quadlet directory
git clone <repo-url> ~/.config/containers/systemd

# Run the install script
cd ~/.config/containers/systemd
chmod +x install.sh
./install.sh

The script generates cryptographic secrets, prompts for SMTP credentials, and starts Forgejo.

Post-install

Create an admin user:

podman exec --user git forgejo forgejo admin user create \
  --admin --username <name> --email <email>

Customization

• Edit forgejo-config.ini for Forgejo settings
• Edit forgejo.env for secrets and SMTP credentials
• Replace forgejo-public/assets/img/landing.webp with your own landing image
• Edit forgejo-templates/home.tmpl for the landing page
• Edit forgejo-templates/custom/header.tmpl for injected <head> content (analytics, etc.)

After changes:

systemctl --user daemon-reload
systemctl --user restart forgejo.service

Reverse proxy

Forgejo listens on 127.0.0.1:3000. You'll need a reverse proxy (Caddy, nginx, etc.) to terminate TLS and forward traffic.