No description
Jason Hall
af57959480
- uptime check probes https://forge.kontain.me/api/v1/version every 60s - alert: Forgejo is down (uptime fails 5+ min) - alert: TLS cert expiring (<7 days remaining) - alert: data disk >80% full (hourly disk-check.timer writes DISK_HIGH to journal; log-based metric) - alert: container logs match panic/FATAL (cos_containers log-based metric) - all alerts email admin_email via the existing notification channel Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| cloud-init | ||
| config | ||
| docs | ||
| scripts | ||
| terraform | ||
| .gitignore | ||
| plan.md | ||
| README.md | ||
forge
Self-hosted Forgejo on GCP. e2-micro VM on Container-Optimized OS, Caddy for HTTPS, IAP for admin SSH, nightly backups to GCS. Targets ~$3–5/month.
See plan.md for the full design rationale.
Quick start
# 1. Set the active project, enable APIs
gcloud config set project YOUR_PROJECT
gcloud services enable compute.googleapis.com secretmanager.googleapis.com \
iap.googleapis.com storage.googleapis.com
# 2. Generate the Forgejo secrets in Secret Manager (one-time)
./scripts/bootstrap-secrets.sh
# 3. Configure Terraform (terraform.tfvars is gitignored)
$EDITOR terraform/terraform.tfvars
# 4. Apply
cd terraform
terraform init
terraform apply
Point your domain's A record at the static_ip output, then visit https://<your-domain> to run the Forgejo installer.
Day two
- docs/runbook.md — admin SSH, container ops, backups, upgrades
- docs/disaster-recovery.md — recovery scenarios
- plan.md — full design, cost breakdown, security checklist
Layout
terraform/ GCP infrastructure (VM, network, IAM, GCS, optional DNS)
cloud-init/ user-data.yaml.tpl — systemd units that boot Forgejo + Caddy + Watchtower
config/ Caddyfile template (reference; the live copy is embedded in cloud-init)
scripts/ bootstrap-secrets.sh, backup.sh, restore.sh, test-restore.sh
docs/ runbook + disaster recovery