I think that any guides you find for Gitea + Renovate should work still for Forgejo + Renovate.

I believe the process is:

• Create Forgejo instance
• Create a user for Renovate within Forgejo
• Using the CLI on your local machine (or another tool to complete this step), create an SSH public/private key for the Renovate user
• Log into Forgejo using the Renovate user and configure the previously created SSH keys and separately generate a Forgejo token
• Create a Renovate instance with settings for at least RENOVATE_GIT_PRIVATE_KEY (SSH private key value), RENOVATE_TOKEN (Forgejo token value), RENOVATE_PLATFORM (gitea), RENOVATE_ENDPOINT (Forgejo API base URL), and any other Renovate settings that you may find helpful/necessary to configure (eg: GITHUB_COM_TOKEN, RENOVATE_AUTODISCOVER, etc.)
• Depending on how you want things to work, you may need to give the Renovate Forgejo user access to individual repos

It is not clear that this is the app that will be used for the new watches. I imagine it will support the new RePebble watches, but I believe that app was intended for the original Pebble watches.

The thing that makes it so unclear to me is that this is a repo owned by the Rebble team, not the RePebble team. I do not know how much overlap there is between the two teams, but the RePebble team does not have any open source repos that I could find. Any mention of open source software by RePebble (including the OS) are links to repos owned by other teams, which is a little concerning.

I understand that the watch operating system is open source. However, it seems that the watch will connect to a companion smartphone app. Do you know if the app is a requirement and/or if the app will be open source?

Congrats on getting everything working - it looks great!

One piece of (unprovoked, potentially unwanted) advice is to setup SSL. I know you’re running your services behind Wireguard so there isn’t too much of a security concern running your services on HTTP. However, as the number of your services or users (family, friends, etc.) increases, you’re more likely to run into issues with services not running on HTTPS.

The creation and renewal of SSL certificates can be done for free (assuming you have a domain name already) and automatically with certain reverse proxy services like NGINXProxyManager or Traefik, which can both be run in Docker. If you set everything up with a wildcard certificate via DNS challenge, you can still keep the services you run hidden from people scanning DNS records on your domain (ie people won’t know that an SSL certificate was issued for immich.your.domain). How you set up the DNS challenge will vary by the DNS provider and reverse proxy service, but the only additional thing that you will likely need to set up a wildcard challenge, regardless of which services you use, is an email address (again, assuming you have a domain name).