I've added a few more bells and whistles to my agentic rube goldberg, but the gist is forgejo tag listeners triggering argo workflows to orchestrate<p>1. issue tag<p>2. write pr<p>3. testing<p>4. review+revise loop<p>5. merge mutex to ensure you don't get a merge storm<p>6. rebase and merge<p>I've been trying really hard to have it properly implement agentic identity where the pod gets a spiffe-attested token and then trades that for access to the vault secret for a project-scoped forgejo service account. I wish forgejo could configure a trusted external jwt signing authority so I could skip vault and the accounts.<p>Here's the inspiration for the auth model I've been trying to implement: <a href="https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/" rel="nofollow">https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/</a><p>The last piece has been using gvisor + kubernetes agent sandboxes. My fable adventure last week was having it debug the process of attesting and distributing workload identities for agents running in gvisor, as it creates a layer of indirection that confuses spire to the point it won't issue an ID.
I've been doing something pretty similar, except instead of having a persistent opencode server, I've been using this workflow that runs opencode inside of the Forgejo action runners:<p><a href="https://codeberg.org/dragonfyre13/forgejo-opencode" rel="nofollow">https://codeberg.org/dragonfyre13/forgejo-opencode</a><p>Still tinkering with it, but the gist is that I can invoke Opencode with /oc inside of an Forgejo issue, then it will come back with a PR for me to review.
Some times I feel like a lot of people in tech independently go through the same things right around the same time with few people writing/sharing about it.<p>I am also creating this and enjoyed the post and comments all going through the same thing :)
Not only in tech. This is a common phenomenon. We're not that original.
I have created this in 3 different ways, also with e2b.dev (great service). And yeah, that is my problem - I spend 99% of time hacking cool stuff, 1% yapping about it. Should do more yapping.
Depressingly in todays attention economy, you absolutely should! It'll be good for you directly. At least one upside is it can help others too I suppose, I just get sad when I think about how important attention is now
I think it’s because people in tech expect everything for free.<p>I had a conversation with my lawyer and I had “just one more question” that was going to take more than the time we had left in the current meeting. He said “schedule another 30 and let’s talk about that.”<p>Fair!
I've got a gitea instance and a systemd timer polling for issues assigned to my bot. The systemd timer clones the repo etc and spawns the agent in a restricted environment where it has a private localhost (enforced by systemd), and then I set HTTP_PROXY to an inner proxy that connects to an outer proxy over a unix socket. The outer proxy enforces an allowlist and injects credentials. The agent doesn't have access to any credentials inside its sandbox.<p>For the agent I was using `claude -p` with a pro subscription, but they've been treating their paying subscribers like they're on a free trial (they're subsidizing it so heavily it might as well be). So now I'm using an ollama pro subscription and a homebuilt agent with a bash tool and a str_replace tool. It gets on just fine with only those two
I've been trying to find the motivation to do a write up on my AI lab, and this is just what I needed. Thanks for sharing. My setup is a similar idea, just with n8n/git/argo/k3s. It's mainly for automated workflows that Qwen or Gemma4 can handle.
This is great. Homelab AI feels like it's going to fun as heck. I currently have Claude maintain my homelab across all devices; it made homelab setup and maintenance go from "This is a trap that will fascinate you for years but never fully work right and waste time that would have better been spent elsewhere" to "This is actually a great idea and really extends my capabilities."
I’ve found, even using the latest models, there are some time saving nuggets but mostly subtle config difficulties that just cause an enormous amount of debugging and a net negative on balance, unless you’re just asking for super targeted tasks like “set up a docker compose file” or “give me an NSD config.” But with both of those you need to already know you need the underlying tech and what to ask.
Im doing something very similar. Running my OpenCode on a proxmox lxc. I have an additional layer of Kimaki, which gives you Discord integration (hate it or love it). Chatting with your codebase (voice messages, too, if that’s your jam), is very very cool.
Any idea as of why this domain is blocked by quad9 resolvers? I am unable to open the website because Quad9 filters the domain:<p>dig @9.9.9.9 rsgm.dev NS<p><pre><code> ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 17 (Filtered)</code></pre>
If I had to guess, it's because the registration is brand new (about 8 hours old), created at 2026-06-15 14:01:25 UTC.
It's on a malware list: <a href="https://quad9.net/result/?url=rsgm.dev#domain-tester" rel="nofollow">https://quad9.net/result/?url=rsgm.dev#domain-tester</a>
I’m working on an open source Forgejo Frontend that exposes additional features like this, and offers a better user experience, faster large diffs, and basically fixes every little thing I don’t like about Forgejo. Would be interested in hearing more of your complaints so I can continue to improve.
Two main reasons I don't have this setup already is
- the resource you need to give the VM running opencode to build your projects
- Faster testing<p>I run pi coding agent right on my mac and I run our entire software suite - example: redis, postgres, kratos, .. etc. With coding agent running on my main development device, I can build faster (assuming opencode VM is a on a low specd machine) as well as test it faster. Example: I can just rebuild the backend and restart it and test it on the UI client with the new changes.
Nice! I am still looking for the best AI integration for my setup. Currently I don't have any interaction between Forgejo and my coding agent. I experimented with a Forgejo Actions runner, but the problem that I had was there's not a great way to manage the context there: you get what's in the issue or PR, but it gets muddy once you have multiple rounds and/or discussion moves from the issue to the PR.
> I set up OpenCode Web UI with Git access to make my homelab easier to manage. OpenCode pushes to Git, I approve the PRs, GitOps deploys the changes. Best of all, OpenCode runs as a server with persistent coding sessions synced across devices.<p>> I’ll share my homelab setup soon. There are about a dozen docker compose stacks for the services that I manage.<p>That is probably neat, but before I read, how many thousands of dollars would I need to spend to acquire the RAM and GPUs needed to do something similar?
Very cool, we're doing similar except we let agents open PRs as well + we track release metadata and agentic sessions via our ReARM system + we've recently launched an option for agents to track helm-based deployments via ReARM - <a href="https://docs.rearmhq.com/workflows/devops.html" rel="nofollow">https://docs.rearmhq.com/workflows/devops.html</a>
How do you run inference for Open Code? What models are you running
For me personally: I sync OpenCode authentication tokens across all containers using Syncthing (will probably get a NAS at some point) and keep it signed it to Codex, DeepSeek, Kimi as well as a local Gemma 4 12B running on a MacMini. For frontier inference API endpoints you can also use vibeproxy to give you OpenAI compatible endpoints to Codex/Antigravity.
We have a lot of folks using Sourcebot in their home lab as a nice free code search across their projects. Hope it could be helpful!<p><a href="https://github.com/sourcebot-dev/sourcebot" rel="nofollow">https://github.com/sourcebot-dev/sourcebot</a>
I wonder how gitops is done with docker compose
I see a lot of people using Komodo for it, though if I had to pick I'd go with Doco CD[0]. You can also use standard Ansible for just cron+bash script to git pull.<p>On the Podman side, I wrote a tool named Materia[1] for it, but there's also the wonderful Ansible quadlet role as well as Quadit and Orchess.<p>[0] <a href="https://github.com/kimdre/doco-cd" rel="nofollow">https://github.com/kimdre/doco-cd</a><p>[1] <a href="https://primamateria.systems" rel="nofollow">https://primamateria.systems</a> or <a href="https://github.com/stryan/materia" rel="nofollow">https://github.com/stryan/materia</a>
I recently setup Arcane and started migrating stuff from Truenas apps, they were all deployed as custom docker compose services so it worked out. Arcane supports Git syncs to auto deploy compose stacks, <a href="https://getarcane.app/docs/features/projects#sync-from-git" rel="nofollow">https://getarcane.app/docs/features/projects#sync-from-git</a>
I'll write up some posts on my full setup soon.
A long long time ago I wrote something for the company I was with to allow for pre-merge staging environments (preview environments but I didn't have a name for them then)<p>Used docker-compose + git for application servers, and docker-compose + sync for static sites.<p>Actually worked pretty well! There's bound to be better options nowadays.
I get DNS_PROBE_POSSIBLE trying to open that domain
So first post in the blog, and it went directly HN frontpage.<p>Then, I said homelab AI, I thought it's an interesting post about local GPU setup (and I am really interested in this topic).. but no, just another hype post about how to use whatever-code...
I looked into running local models last month. They just aren't quite there for agentic tool use workflows without spending a small fortune. I'm hopeful smaller local models get much better soon.<p>I was also hoping to put out another post on my homelab setup, it has some neat stuff, but I haven't had a chance to finish it.
I think it heavily depends on what you're asking the model to do. Qwen3.6, both 27B and 35B-A3B, do agentic tool use very well. Their decision making is sus, but the dense model is decent in that way. A 4-bit quant for either of those can run on many home systems with a bit of configuration.<p>The biggest issue I've noticed is that the chat templates for open models are really hit or miss. The default Qwen3.6 chat template mostly works these days, but depending on your workload it may cause major issues. There are plenty of "fixed" chat templates on hugging face, but people report mixed success. It really seems to depend a lot on what the tool you're using expects.
My workflow is too different right now (gradually constrained to network less builds for reasons) but I am really enjoying how zeds agents have worked out in the past few weeks.<p>I have 27b, 35B-A3B and a cpu backed gpt-oss configured and use them in parallel, checking if one is getting ratholed and adding context or manual fixes.<p>I had various other systems setup and commercial models but really don’t use them.<p>It may be too interactive for some people, but it is a good mix of fail fast and often the places qwen3.6 was failing was eventually problems with the frontier models.<p>And this is with the unsloth defaults and hardened llama.cpp podman containers.<p>I do sometimes load other models or honestly just feed things into google’s free agent. But that is rare and to be honest manually fixing is typically faster and less error prone
you can't explain the HN hug. You feel it, or your servers do.
Do you use this at work or is it for vibe coding? Also, I don’t quite understand the problem you are solving. The solutions is a lot of technical parts put together, but why?
i work on something similar, hope to finish soon
Really cool! Do you autoapprove edits or do you approve manually?
[flagged]
[flagged]
[flagged]
[dead]