No description
Jason Hall
15ea287728
- $10/month project budget via google_billing_budget, alerts to admin_email - forgejo-reboot.timer at 04:30 UTC applies staged COS updates - relocate cloud-init scripts to /var/lib/google/forgejo (COS noexec on /var) - runbook: updated zone, script paths, added "How updates work" section Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| cloud-init | ||
| config | ||
| docs | ||
| scripts | ||
| terraform | ||
| .gitignore | ||
| plan.md | ||
| README.md | ||
forge
Self-hosted Forgejo on GCP. e2-micro VM on Container-Optimized OS, Caddy for HTTPS, IAP for admin SSH, nightly backups to GCS. Targets ~$3–5/month.
See plan.md for the full design rationale.
Quick start
# 1. Set the active project, enable APIs
gcloud config set project YOUR_PROJECT
gcloud services enable compute.googleapis.com secretmanager.googleapis.com \
iap.googleapis.com storage.googleapis.com
# 2. Generate the Forgejo secrets in Secret Manager (one-time)
./scripts/bootstrap-secrets.sh
# 3. Configure Terraform (terraform.tfvars is gitignored)
$EDITOR terraform/terraform.tfvars
# 4. Apply
cd terraform
terraform init
terraform apply
Point your domain's A record at the static_ip output, then visit https://<your-domain> to run the Forgejo installer.
Day two
- docs/runbook.md — admin SSH, container ops, backups, upgrades
- docs/disaster-recovery.md — recovery scenarios
- plan.md — full design, cost breakdown, security checklist
Layout
terraform/ GCP infrastructure (VM, network, IAM, GCS, optional DNS)
cloud-init/ user-data.yaml.tpl — systemd units that boot Forgejo + Caddy + Watchtower
config/ Caddyfile template (reference; the live copy is embedded in cloud-init)
scripts/ bootstrap-secrets.sh, backup.sh, restore.sh, test-restore.sh
docs/ runbook + disaster recovery