chore: bootstrap Atay Makhzan ops repo
This commit is contained in:
@@ -0,0 +1,82 @@
|
||||
# Atay Makhzan Ops
|
||||
|
||||
Open-source operations repository for **Atay Makhzan**, Saad ibn Zoubayr's self-hosted Gitea forge.
|
||||
|
||||
Atay Makhzan is currently a sovereign Git forge running Gitea on a VPS with Docker Compose, PostgreSQL, Nginx, and SSH Git access.
|
||||
|
||||
## Current production snapshot
|
||||
|
||||
| Area | Current value |
|
||||
|---|---|
|
||||
| Public domain | `ataymakhzan.com` |
|
||||
| Forge | Gitea |
|
||||
| Gitea image | `gitea/gitea:1.26.2` |
|
||||
| Database | PostgreSQL via `postgres:16-alpine` |
|
||||
| Stack path | `/opt/gitea` |
|
||||
| Web proxy | Nginx + Certbot TLS |
|
||||
| Local Gitea HTTP | `127.0.0.1:3001` / container port `3001` |
|
||||
| Git SSH | `ataymakhzan.com:2222` |
|
||||
|
||||
## What belongs in this repo
|
||||
|
||||
- Sanitized Docker Compose templates
|
||||
- Nginx reverse-proxy templates
|
||||
- Backup, verification, and upgrade scripts
|
||||
- Restore and maintenance runbooks
|
||||
- Architecture decision records
|
||||
- Public roadmap for future Atay Makhzan evolution
|
||||
|
||||
## What must never be committed
|
||||
|
||||
- `.env` with real secrets
|
||||
- Gitea `app.ini` with secrets
|
||||
- PostgreSQL passwords
|
||||
- SSH private keys
|
||||
- Gitea dumps or database dumps
|
||||
- Repository backups
|
||||
- API tokens or access tokens
|
||||
- TLS private keys
|
||||
|
||||
See [`SECURITY.md`](SECURITY.md).
|
||||
|
||||
## Quick commands
|
||||
|
||||
Verify a live instance:
|
||||
|
||||
```bash
|
||||
DOMAIN=ataymakhzan.com \
|
||||
SSH_PORT=2222 \
|
||||
OWNER=ibnezzoubayr \
|
||||
PROBE_REPO=Empire-OS \
|
||||
./scripts/verify-gitea.sh
|
||||
```
|
||||
|
||||
Create a rollback backup on the VPS:
|
||||
|
||||
```bash
|
||||
sudo STACK_DIR=/opt/gitea ./scripts/backup-gitea.sh
|
||||
```
|
||||
|
||||
Prepare an upgrade dry-run:
|
||||
|
||||
```bash
|
||||
sudo TARGET_VERSION=1.26.2 STACK_DIR=/opt/gitea ./scripts/upgrade-gitea.sh
|
||||
```
|
||||
|
||||
Apply an upgrade intentionally:
|
||||
|
||||
```bash
|
||||
sudo TARGET_VERSION=1.26.2 STACK_DIR=/opt/gitea APPLY=1 ./scripts/upgrade-gitea.sh
|
||||
```
|
||||
|
||||
## Strategic direction
|
||||
|
||||
This repo starts as **ops/infrastructure** for the official Gitea-based Atay Makhzan deployment.
|
||||
|
||||
Later, if Atay Makhzan needs product behavior that Gitea cannot cleanly support through configuration, themes, plugins, or external automation, we can create a separate source fork and maintain it as its own product.
|
||||
|
||||
Until then, the CTO rule is:
|
||||
|
||||
> Do not fork Gitea prematurely. First make the deployment reproducible, observable, backed up, and safe to upgrade.
|
||||
|
||||
See [`docs/FUTURE-GITEA-FORK.md`](docs/FUTURE-GITEA-FORK.md).
|
||||
Reference in New Issue
Block a user