44 lines
1.4 KiB
Markdown
44 lines
1.4 KiB
Markdown
|
# forge
|
|||
|
|
|
|||
|
|
Self-hosted [Forgejo](https://forgejo.org/) on GCP. e2-micro VM on Container-Optimized OS, Caddy for HTTPS, IAP for admin SSH, nightly backups to GCS. Targets ~$3–5/month.
|
|||
|
|
|
|||
|
|
See [plan.md](plan.md) for the full design rationale.
|
|||
|
|
|
|||
|
|
## Quick start
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 1. Set the active project, enable APIs
|
|||
|
|
gcloud config set project YOUR_PROJECT
|
|||
|
|
gcloud services enable compute.googleapis.com secretmanager.googleapis.com \
|
|||
|
|
iap.googleapis.com storage.googleapis.com
|
|||
|
|
|
|||
|
|
# 2. Generate the Forgejo secrets in Secret Manager (one-time)
|
|||
|
|
./scripts/bootstrap-secrets.sh
|
|||
|
|
|
|||
|
|
# 3. Configure Terraform (terraform.tfvars is gitignored)
|
|||
|
|
$EDITOR terraform/terraform.tfvars
|
|||
|
|
|
|||
|
|
# 4. Apply
|
|||
|
|
cd terraform
|
|||
|
|
terraform init
|
|||
|
|
terraform apply
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
Point your domain's A record at the `static_ip` output, then visit `https://<your-domain>` to run the Forgejo installer.
|
|||
|
|
|
|||
|
|
## Day two
|
|||
|
|
|
|||
|
|
- [docs/runbook.md](docs/runbook.md) — admin SSH, container ops, backups, upgrades
|
|||
|
|
- [docs/disaster-recovery.md](docs/disaster-recovery.md) — recovery scenarios
|
|||
|
|
- [plan.md](plan.md) — full design, cost breakdown, security checklist
|
|||
|
|
|
|||
|
|
## Layout
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
terraform/ GCP infrastructure (VM, network, IAM, GCS, optional DNS)
|
|||
|
|
cloud-init/ user-data.yaml.tpl — systemd units that boot Forgejo + Caddy + Watchtower
|
|||
|
|
config/ Caddyfile template (reference; the live copy is embedded in cloud-init)
|
|||
|
|
scripts/ bootstrap-secrets.sh, backup.sh, restore.sh, test-restore.sh
|
|||
|
|
docs/ runbook + disaster recovery
|
|||
|
|
```
|