Dedicated aicoder user for AI coding tools. OpenCode and Claude Code
installed per-user, service runs from ~/codeprojects. Also fixes
forgejo-shell and SSH passthrough ordering in playbook.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
docker exec needs -u git to avoid running as root (Forgejo refuses root),
and the config path inside the container is /data/gitea/conf/app.ini.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Automated server provisioning with Pangolin reverse proxy, Forgejo git
server with SSH passthrough, and OpenCode dev environment. Includes
server hardening (UFW, fail2ban, SSH lockdown), Docker, Rust, Python/uv,
and unattended security upgrades.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
