# forge

Self-hosted [Forgejo](https://forgejo.org/) on GCP. e2-micro VM on Container-Optimized OS, Caddy for HTTPS, IAP for admin SSH, nightly backups to GCS. Targets ~$3–5/month.

See [plan.md](plan.md) for the full design rationale.

## Quick start

```bash
# 1. Set the active project, enable APIs
gcloud config set project YOUR_PROJECT
gcloud services enable compute.googleapis.com secretmanager.googleapis.com \
  iap.googleapis.com storage.googleapis.com

# 2. Generate the Forgejo secrets in Secret Manager (one-time)
./scripts/bootstrap-secrets.sh

# 3. Configure Terraform (terraform.tfvars is gitignored)
$EDITOR terraform/terraform.tfvars

# 4. Apply
cd terraform
terraform init
terraform apply
```

Point your domain's A record at the `static_ip` output, then visit `https://<your-domain>` to run the Forgejo installer.

## Day two

- [docs/runbook.md](docs/runbook.md) — admin SSH, container ops, backups, upgrades
- [docs/disaster-recovery.md](docs/disaster-recovery.md) — recovery scenarios
- [plan.md](plan.md) — full design, cost breakdown, security checklist

## Layout

```
terraform/    GCP infrastructure (VM, network, IAM, GCS, optional DNS)
cloud-init/   user-data.yaml.tpl — systemd units that boot Forgejo + Caddy + Watchtower
config/       Caddyfile template (reference; the live copy is embedded in cloud-init)
scripts/      bootstrap-secrets.sh, backup.sh, restore.sh, test-restore.sh
docs/         runbook + disaster recovery
```