Ugh, apparently yesterday a bot visited my Forgejo instance and queried everything, which caused Forgejo to create repo archives for everything. Git on the instance is 2.1 GB in size, but the repo archive filled up everything and is 120 GB. I really didn’t expect such a spike.
That meant that it filled up the whole hard drive and the server and all the services and websites on it went down while I was sleeping.
Luckily it seems that just deleting that directory fixes the problem temporarily. I also disabled the possibility of downloading archived from the UI but I’m not sure if this will prevent bots from generating those archives again. I also can’t just make the directory read only because it uses it for other things like mirroring, etc too.
For small instances like mine those archives are quite a headache.
A few days late, but I have a pretty similar usecase to you on https://forgejo.ellis.link/. My solution is go-away, https://git.gammaspectra.live/git/go-away, which just sits as a reverse proxy in between traefik and Forgejo. I haven’t enabled fancy stuff like TLS fingerprinting. It’s been effective enough at killing the bots downloading archives and DDoSing the server from residential IPs. My config is based on the example Forgejo config, but with a few tweaks. Too long to post here, though, so message me if you need access
For now I feel disabling archives and my simple list of bots to drop in Nginx seems to work very well, it doesn’t create the archives anymore and the load went down also on the server.