# Repository Setup Guide ## What to Include in Git ### ✅ Include These Files: **Configuration Templates (Safe):** - `docker-compose.yml.template` - Template with op:// references - `s3_config.json.template` - Template with op:// references - `Caddyfile` - Caddy configuration (no secrets) **Documentation:** - `README.md` - Project overview - `ARTICLE-gitea-deployment.md` - Deployment article - `.docs/` - All documentation **Scripts:** - `deploy-to-bigbox.sh` - Deployment automation **Git Configuration:** - `.gitignore` - Excludes secrets and data ### ❌ DO NOT Include: **Files with Resolved Secrets:** - ❌ `docker-compose.yml` - Contains actual passwords - ❌ `s3_config.json` - Contains actual credentials - ❌ `.env` - Environment variables with secrets **Data Directories:** - ❌ `gitea/` - Application data - ❌ `postgres/` - Database files - ❌ `seaweedfs/` - Object storage data - ❌ `seaweedfs_filter/` - Filer data **Logs:** - ❌ `*.log` - Log files ## Step-by-Step: Create Repository and Push ### Step 1: Initialize Repository Locally ```bash cd /home/alex/infrastructure/gitea_config # Remove any existing git history (if needed) # rm -rf .git # Initialize fresh repository git init # Add all safe files git add README.md git add ARTICLE-gitea-deployment.md git add Caddyfile git add deploy-to-bigbox.sh git add docker-compose.yml.template git add s3_config.json.template git add .gitignore git add .docs/ # Commit git commit -m "Initial commit: Gitea deployment configuration - Docker Compose templates with 1Password integration - Caddy reverse proxy configuration - Deployment automation script - Documentation and article - Security: No secrets or data included" ``` ### Step 2: Create Repository in Gitea **Option A: Via Web Interface** 1. Go to https://git.terraphim.cloud 2. Click "+" → "New Repository" 3. Owner: Select "terraphim" organization 4. Repository Name: `gitea-infrastructure` 5. Visibility: **Private** 6. Check "Initialize Repository" (optional) 7. Click "Create Repository" **Option B: Via Gitea CLI (if installed)** ```bash # Create repository under terraphim org gitea admin repo create \ --owner terraphim \ --name gitea-infrastructure \ --private \ --description "Gitea deployment configuration with 1Password and Caddy" ``` ### Step 3: Add Remote and Push ```bash # Add the Gitea remote git remote add origin https://git.terraphim.cloud/terraphim/gitea-infrastructure.git # Or use SSH: # git remote add origin ssh://git@bigbox:222/terraphim/gitea-infrastructure.git # Push to main branch git branch -M main git push -u origin main ``` ### Step 4: Verify Repository ```bash # Check repository on Gitea curl -s https://git.terraphim.cloud/terraphim/gitea-infrastructure | head -20 # Or visit in browser: # https://git.terraphim.cloud/terraphim/gitea-infrastructure ``` ## Repository Structure After Push ``` gitea-infrastructure/ ├── .docs/ │ ├── RESEARCH-gitea-bigbox-deployment.md │ ├── IMPLEMENTATION-gitea-bigbox-deployment.md │ ├── DEPLOYMENT-SUMMARY.md │ └── summary-*.md ├── .gitignore ├── ARTICLE-gitea-deployment.md ├── Caddyfile ├── README.md ├── deploy-to-bigbox.sh ├── docker-compose.yml.template └── s3_config.json.template ``` ## Security Checklist Before pushing, verify: - [ ] No `docker-compose.yml` in repository (only `.template`) - [ ] No `s3_config.json` in repository (only `.template`) - [ ] No `.env` file - [ ] No data directories (`gitea/`, `postgres/`, etc.) - [ ] No log files - [ ] All secrets use `op://` references in templates - [ ] `.gitignore` properly configured ## Quick Verification Script ```bash #!/bin/bash echo "Checking for files that should NOT be committed..." FORBIDDEN=( "docker-compose.yml" "s3_config.json" ".env" "*.secret" "*.decrypted" ) for file in "${FORBIDDEN[@]}"; do if [ -f "$file" ]; then echo "❌ WARNING: $file exists (should not be committed)" fi done echo "" echo "Checking .gitignore..." if grep -q "docker-compose.yml" .gitignore; then echo "✅ docker-compose.yml is ignored" else echo "❌ docker-compose.yml is NOT ignored" fi if grep -q "s3_config.json" .gitignore; then echo "✅ s3_config.json is ignored" else echo "❌ s3_config.json is NOT ignored" fi echo "" echo "Files ready to commit:" git ls-files ``` ## Deploying from Repository After cloning on a new machine: ```bash # Clone repository git clone https://git.terraphim.cloud/terraphim/gitea-infrastructure.git cd gitea-infrastructure # Create 1Password vault items (if not exist) # See ARTICLE-gitea-deployment.md for instructions # Source credentials and deploy source ~/op_zesticai_non_prod.sh op inject --in-file docker-compose.yml.template --out-file docker-compose.yml op inject --in-file s3_config.json.template --out-file s3_config.json # Start services docker compose up -d ``` ## Maintenance Workflow **To update configuration:** 1. Edit `.template` files 2. Commit and push 3. On bigbox: `git pull` and re-run deployment **To rotate secrets:** 1. Update in 1Password vault 2. On bigbox: Re-run `op inject` and `docker compose up -d` 3. No git changes needed! **To backup data (NOT in git):** ```bash # Backup data directories separately rsync -avz bigbox:~/gitea-stack/gitea /backup/ rsync -avz bigbox:~/gitea-stack/postgres /backup/ ``` --- **Repository:** https://git.terraphim.cloud/terraphim/gitea-infrastructure