A major caveat I’ve noticed some people misunderstand: it’s corporate CLAs that are problematic. The Apache Foundation also requires contributors sign a CLA, but it’s to provide a legal fail safe and a way to update to say Apache 3.0 if need be one day. Apache’s non profit, open source mission aligns with respecting the rights of contributors and the community. Corporations, on the other hand, not so much.

Codeberg is run off of donations, they have no service contract revenue. Nobody, much less a volunteer, wants to commit to a 5 or 10 year service plan like that, it’s not sustainable for a small project from a non profit.

CLAs can be abusive, but not necessarily. Apache Foundation contributors need to sign CLAs, which essentially codify in contract form the terms of the Apache 2.0 license. It’s a precaution, in case some jurisdiction doesn’t uphold the passive licensing scheme used otherwise. There’s also a relicensing clause, but that’s restricted to keeping in spirit, they can’t close the source.

Arch for stuff I have physical access to. Nothing’s ever gone wrong, so it’s worth it for the immediate updates and consistency with my other systems. For VPS I use Debian though, occasionally the unstable/Sid branch if I really need the latest updates. There are almost always Debian images available on a VPS.

Forgejo is my go to, I ran it in a GCP micro instance, which has 768 MB ram and a piddling processor. One of my friends works for a company that had all their devs run a local instance in addition to the main repo, it was that light.

Gitea is the former go to, but gitea was hijacked and stolen from the community by a for profit company. Forgejo is currently a drop in replacement fork, but with added privacy features, future federation options, and a reputable parent organization.

I use netdata, it’s very good at digesting thousands of metrics to sharing actionable. The cloud portion is proprietary, but you can toggle off the data collection. I did turn on the cloud portion though, I get email notifications when something breaks. Might sound counter to the self hosted mantra, but a self hosted monitoring system isn’t very helpful when your own systems go down.