Self host your own code repo. Forgejo is adding activitypub and federation features, not sure how far long they are, but someday if enough people start self-hosting we might have a viable decentralized way to collaborate on and contribute to each others' projects.
this post was submitted on 06 Apr 2026
90 points (98.9% liked)
Selfhosted
56957 readers
782 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
The scraping/bandwidth abuse problem can easily be worked around.
But there still are actual good reasons to not host a public forge.
For example, as long as pull requests are allowed (which is required for actual contributors), anyone can abuse the PR feature to fork your repository, then start pushing random shit into their fork (since the fork is an actual separate git repository).
Bad actors can do it on github all they want, it's not my storage, not my server used to host potentially illegal content.
Self-hosting public services where you are the only authenticated user and sole publisher of content is easy (using your public forge as a mirror with account creation disabled is fine), hosting other's people content is another can of worms. Think twice before you do that.
The scraping/bandwidth abuse problem can easily be worked around.
how?
anubis does not protect the APIs, and it cannot protect against bot traffic coming from many different residential proxies
It can protect APIs as much as any other URL. Or more simply you could disallow any unauthenticated API access in gitea or at the reverse proxy level?
cannot protect against bot traffic coming from many different residential proxies
It can block anything that doesn't pass the proof-of-work/JS challenge. Most bots don't interpret JS.
With AI search engines hosting public repo is very expensive.
Because of the AI-induced scraping traffic? While not perfect, Anubis and similar are coarse-but-effective solutions for self-hosting repos.
And if it it were acceptable to outsource such protection to a CDN (eg Cloudflare) in order to retain firm control over the repo, then that's a choice that's also available. Not everyone agrees that CDNs have a role in self-hosting -- fair enough -- but when a project's very repo and existence can be wiped off the internet, owning a domain name and the affirmative upstream repository is a tractable and intermediate goal, even if it doesn't achieve full independence.
Self hosting is an exercise in harm reduction.
Centralization strikes again
There are forks and they are still accessible. So decentralization works.
~~VLLM~~ litellm supply chain attack.
Creator possibly was compromised and likely a security measure.
Affected versions were not pushed IMO, but the owners machine may have been compromised.
No, my whole account has been set to private. KitchenOwl never contained the malicious versions of litellm. The last pinned versions in the lock file on the dev branch were 1.82 and with the latest release 1.83. Sadly, GitHub just decided to flag my account and set it to private without notifying me... I'm waiting for a support response.
Glad to hear! Thanks for giving some info.
Still could be some half baked github response. Not saying it's actually the case, but a possibility.
Hoping you can get a timely response and your account back!
How do you know that?
I do not know for sure, but the repo did contain the dependency litellm with version specifier >=1.65.0 (if I recall correctly) and an early march build did use the version 1.81.0 per the uv.lock (version before the compromised litellm==1.82.7 and litellm==1.82.8 )
https://docs.litellm.ai/blog/security-update-march-2026
Not saying that the Dev was compromised, but it is possible, and it could be some Github precaution to disable repos with that dependency where a pip install at the wrong time could have compromised all the Devs credentials.
Honestly as much as people hate the complexity sometimes replicating the repo from Github to Codeberg or other places is great for redundancy. Or maybe use a local repo for all development and releases and push out to public VSC.