# Atay Makhzan Ops Open-source operations repository for **Atay Makhzan**, Saad ibn Zoubayr's self-hosted Gitea forge. Atay Makhzan is currently a sovereign Git forge running Gitea on a VPS with Docker Compose, PostgreSQL, Nginx, and SSH Git access. ## Current production snapshot | Area | Current value | |---|---| | Public domain | `ataymakhzan.com` | | Forge | Gitea | | Gitea image | `gitea/gitea:1.26.2` | | Database | PostgreSQL via `postgres:16-alpine` | | Stack path | `/opt/gitea` | | Web proxy | Nginx + Certbot TLS | | Local Gitea HTTP | `127.0.0.1:3001` / container port `3001` | | Git SSH | `ataymakhzan.com:2222` | ## What belongs in this repo - Sanitized Docker Compose templates - Nginx reverse-proxy templates - Backup, verification, and upgrade scripts - Restore and maintenance runbooks - Architecture decision records - Public roadmap for future Atay Makhzan evolution ## What must never be committed - `.env` with real secrets - Gitea `app.ini` with secrets - PostgreSQL passwords - SSH private keys - Gitea dumps or database dumps - Repository backups - API tokens or access tokens - TLS private keys See [`SECURITY.md`](SECURITY.md). ## Quick commands Verify a live instance: ```bash DOMAIN=ataymakhzan.com \ SSH_PORT=2222 \ OWNER=ibnezzoubayr \ PROBE_REPO=Empire-OS \ ./scripts/verify-gitea.sh ``` Create a rollback backup on the VPS: ```bash sudo STACK_DIR=/opt/gitea ./scripts/backup-gitea.sh ``` Prepare an upgrade dry-run: ```bash sudo TARGET_VERSION=1.26.2 STACK_DIR=/opt/gitea ./scripts/upgrade-gitea.sh ``` Apply an upgrade intentionally: ```bash sudo TARGET_VERSION=1.26.2 STACK_DIR=/opt/gitea APPLY=1 ./scripts/upgrade-gitea.sh ``` ## Strategic direction This repo starts as **ops/infrastructure** for the official Gitea-based Atay Makhzan deployment. Later, if Atay Makhzan needs product behavior that Gitea cannot cleanly support through configuration, themes, plugins, or external automation, we can create a separate source fork and maintain it as its own product. Until then, the CTO rule is: > Do not fork Gitea prematurely. First make the deployment reproducible, observable, backed up, and safe to upgrade. See [`docs/FUTURE-GITEA-FORK.md`](docs/FUTURE-GITEA-FORK.md).