2.2 KiB
Atay Makhzan Ops
Open-source operations repository for Atay Makhzan, Saad ibn Zoubayr's self-hosted Gitea forge.
Atay Makhzan is currently a sovereign Git forge running Gitea on a VPS with Docker Compose, PostgreSQL, Nginx, and SSH Git access.
Current production snapshot
| Area | Current value |
|---|---|
| Public domain | ataymakhzan.com |
| Forge | Gitea |
| Gitea image | gitea/gitea:1.26.2 |
| Database | PostgreSQL via postgres:16-alpine |
| Stack path | /opt/gitea |
| Web proxy | Nginx + Certbot TLS |
| Local Gitea HTTP | 127.0.0.1:3001 / container port 3001 |
| Git SSH | ataymakhzan.com:2222 |
What belongs in this repo
- Sanitized Docker Compose templates
- Nginx reverse-proxy templates
- Backup, verification, and upgrade scripts
- Restore and maintenance runbooks
- Architecture decision records
- Public roadmap for future Atay Makhzan evolution
What must never be committed
.envwith real secrets- Gitea
app.iniwith secrets - PostgreSQL passwords
- SSH private keys
- Gitea dumps or database dumps
- Repository backups
- API tokens or access tokens
- TLS private keys
See SECURITY.md.
Quick commands
Verify a live instance:
DOMAIN=ataymakhzan.com \
SSH_PORT=2222 \
OWNER=ibnezzoubayr \
PROBE_REPO=Empire-OS \
./scripts/verify-gitea.sh
Create a rollback backup on the VPS:
sudo STACK_DIR=/opt/gitea ./scripts/backup-gitea.sh
Prepare an upgrade dry-run:
sudo TARGET_VERSION=1.26.2 STACK_DIR=/opt/gitea ./scripts/upgrade-gitea.sh
Apply an upgrade intentionally:
sudo TARGET_VERSION=1.26.2 STACK_DIR=/opt/gitea APPLY=1 ./scripts/upgrade-gitea.sh
Strategic direction
This repo starts as ops/infrastructure for the official Gitea-based Atay Makhzan deployment.
Later, if Atay Makhzan needs product behavior that Gitea cannot cleanly support through configuration, themes, plugins, or external automation, we can create a separate source fork and maintain it as its own product.
Until then, the CTO rule is:
Do not fork Gitea prematurely. First make the deployment reproducible, observable, backed up, and safe to upgrade.