Atay-Makhzan-Ops/docs/RUNBOOK.md

Atay Makhzan Runbook

Deployment shape

Atay Makhzan currently runs as a Docker Compose stack on a VPS:

• Stack directory: /opt/gitea
• Gitea container: gitea
• PostgreSQL container: gitea-db
• Public HTTPS: https://ataymakhzan.com
• Local Gitea HTTP: http://127.0.0.1:3001
• Git SSH: ssh://git@ataymakhzan.com:2222/<owner>/<repo>.git

Normal health check

From the VPS:

cd /opt/gitea
docker compose ps
curl -fsS http://127.0.0.1:3001/api/v1/version
docker exec -u git gitea gitea doctor check -c /data/gitea/conf/app.ini -w /data/gitea

From outside:

curl -fsS https://ataymakhzan.com/api/v1/version
ssh -p 2222 -o BatchMode=yes -T git@ataymakhzan.com
git ls-remote --heads ssh://git@ataymakhzan.com:2222/ibnezzoubayr/Empire-OS.git

Backup before maintenance

sudo STACK_DIR=/opt/gitea ./scripts/backup-gitea.sh

A proper backup should include:

• Gitea built-in dump
• PostgreSQL pg_dump -Fc
• docker-compose.yml
• app.ini
• metadata and checksums

Upgrade policy

1. Inspect current state.
2. Create backup.
3. Pull target image.
4. Pin explicit Gitea version in Compose.
5. Recreate only the Gitea service.
6. Verify web, API, SSH, git ls-remote, and doctor check.

Do not run production on gitea/gitea:latest.

Rollback policy

Rollback can involve code image rollback, config rollback, or database restore.

• Re-tagged Docker images are low-risk.
• Restoring database dumps is destructive and requires explicit owner approval.
• Never delete volumes during an emergency unless a verified backup exists.

Routine cleanup candidates

• Remove obsolete Compose version: key from the live stack.
• Move deprecated Gitea [picture] options out of app.ini if still present.
• Add backup retention and offsite backup storage.
• Add uptime/health monitoring.