mirror of
https://github.com/terraphim/gitea-infrastructure.git
synced 2026-07-16 00:00:32 +02:00
2b5ab840f737594fe4bb62bb1ed622d20f894870
Two complementary articles: - ARTICLE-agent-task-management.md: CTO voice, ~2800 words, narrative style - ARTICLE-agent-task-consolidation.md: Technical reference, ~6000 words, full configs Both cover: beads (Go) vs br (Rust) vs Agent Mail vs Gitea with 12 labels, 1Password integration, SeaweedFS S3 storage, Docker Compose deployment, and the three API gotchas (label swap, assignees, dependencies). All commands verified against live Gitea 1.22.6. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ultimate Build Machine using Gitea
Self-hosted Git infrastructure with S3-compatible storage, monitoring, and proper secrets management.
Stack Components
- Gitea (1.22.6) - Git hosting with Actions and LFS support
- PostgreSQL (15) - Database
- SeaweedFS - Distributed S3-compatible object storage
- Prometheus (v2.21.0) - Metrics and monitoring
- Caddy - Reverse proxy with automatic HTTPS
- 1Password - Secrets management via
op inject
Quick Start
Prerequisites
-
1Password Vault Items - Create in
zesticai-non-prodvault:op item create --vault="zesticai-non-prod" --category=login \ --title="gitea-postgres" --generate-password=20 username=gitea op item create --vault="zesticai-non-prod" --category=custom \ --title="gitea-s3" access-key="$(openssl rand -hex 20)" \ secret-key="$(openssl rand -hex 40)" -
SSH Access - Ensure
ssh bigboxworks -
1Password Service Account -
~/op_zesticai_non_prod.shon bigbox
Deploy to Bigbox
./deploy-to-bigbox.sh
Access Services
After deployment:
Public (via HTTPS on terraphim.cloud):
- Gitea Web: https://git.terraphim.cloud
- Gitea SSH: ssh://bigbox:222
Tailscale Network Only (100.106.66.7):
- Prometheus: http://100.106.66.7:9000
- S3 API: http://100.106.66.7:8333
Note: Prometheus and S3 are only accessible within the Tailscale VPN network, not from the public internet.
Documentation
- Research Document - Phase 1 analysis
- Implementation Plan - Phase 2 design
- Deployment Summary - Post-deployment guide
Security
- No hardcoded secrets - All credentials managed via 1Password
- Template files (
.template) containop://references - Generated files excluded from git (
.gitignore) - Caddy provides automatic HTTPS
- Secret injection at deployment time via
op inject
TODO
- Automatic spin up and registration of gitea runners (github compatible)
- Earthly buildkit daemon (not satellite - with gitea runners we don't need earthly satellites)
Description
Languages
Shell
100%