From b1b1f0d9700ef0aebdd22174064d07745c3d2334 Mon Sep 17 00:00:00 2001
From: thomasabishop <thomasabishop@tuta.com>
Date: Sun, 17 Aug 2025 16:42:24 +0100
Subject: [PATCH] chore: update README with details of Garage and FJ runners

---
 README.md | 41 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 33cbc8d..77479ef 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,9 @@ Configuration of self-hosted third-party software on my Hetzner Cloud VPS.
 
 ## Third-party applications
 
-### Services
+### Docker-based
+
+#### Services
 
 | Server port | Docker port | Subdomain                    | Service  | Description                |
 | ----------- | ----------- | ---------------------------- | -------- | -------------------------- |
@@ -16,7 +18,7 @@ Configuration of self-hosted third-party software on my Hetzner Cloud VPS.
 | 8004        | 3000        | wakapi.systemsobscure.net    | Wakapi   | Coding statistics tracker  |
 | 8005        | 8080        | miniflux.systemsobscure.net  | Miniflux | RSS aggregator             |
 
-### Service data
+#### Service data
 
 Some applicaton data is stored in a network-attached Hetzner Storagebox drive
 ("Storagebox Alpha"). Docker volumes are mapped to this location.
@@ -32,8 +34,41 @@ Other application data is stored on the small harddrive of the VPS:
 | Forgejo | MySQL database  | `/data/mysql/forgejo` | Database data only. Repositories stored in NAS. |
 | Wakapi  | SQLite database | `/data/sqlite/wakapi` |                                                 |
 
+### Native-based ("bare metal")
+
+#### Forgejo runners
+
+Although my Forgejo instance runs in Docker, the `forgejo-runner` [software](https://forgejo.org/docs/latest/admin/actions/runner-installation/) that manages the
+runners necessary to execute [Forgejo Actions](https://forgejo.org/docs/v8.0/user/actions/) is installed on the metal.
+
+This service runs as a `systemd` service configured at
+`/etc/systemd/system/forgejo-runner.service`.
+
+I currently only have a single global runner in operation (`self-host-server`)
+that runs on `ubuntu-latest`.
+
+#### Garage object storage
+
+I run a single-zone instance of [Garage](https://garagehq.deuxfleurs.fr/) at
+`s3.systemsobscure.net`. This subdomain is used for authenticated API and
+`awscli` access to my buckets.
+
+Garage is configured at `/etc/garage.toml`. Garage runs as a `systemd` service configured at
+`/etc/systemd/system/garage.service`.
+
+Certain buckets are publicly exposed to the Internet on subdomains for un-authenticated
+access:
+
+- [eolas.s3.systemsobscure.net](https://eolas.s3.systemsobscure.net/test.txt)
+
+The naming convention here is
+`[bucket-name].[garage_instance].[server_address]`.
+
 ## My applications
 
+> All the applications that I have built and which I currently host are installed on the bare metal of the
+> server and do not use Docker.
+
 ### systemsobscure.blog
 
-This is a static website served from `/var/www/` directory.
+This is a static website served from the `/var/www/systemsobscure.blog` directory.