# DevOps Infrastructure Setup - Quick Reference **One-command setup**: Fresh Ubuntu 24.04 → Complete DevOps Infrastructure --- ## TL;DR ```bash # Setup new devops host cd deployments/provisioning ./setup-devops-host.sh 10.0.0.11 # Follow post-install steps shown by script ``` --- ## What Gets Installed The script installs a complete DevOps infrastructure stack: | Service | URL | Purpose | |---------|-----|---------| | **Forgejo** | `http://forge.nasty.sh/` | Git forge (GitHub alternative) | | **Verdaccio** | `http://npm.nasty.sh/` | NPM cache/proxy | | **Forgejo Runner** | (background) | CI/CD executor | | **Nginx** | ports 80, 443, 2222 | Reverse proxy + Git SSH | | **PostgreSQL 16** | localhost:5432 | Forgejo database | **Auto-start on boot**: All services managed by `devops.service` systemd unit --- ## Prerequisites - **Fresh Ubuntu 24.04** (or Debian-based) host - **SSH access** with sudo privileges - **50GB+ disk space** (for `/bigdisk`) - **SSH key** (default: `~/.ssh/id_ed25519`) --- ## Usage ### Full Setup ```bash ./deployments/provisioning/setup-devops-host.sh ``` **Example:** ```bash # Using IP ./deployments/provisioning/setup-devops-host.sh 10.0.0.11 # Using hostname ./deployments/provisioning/setup-devops-host.sh devops.example.com # Custom SSH settings DEVOPS_HOST_USER=ubuntu \ DEVOPS_HOST_SSH_KEY=~/.ssh/mykey \ ./deployments/provisioning/setup-devops-host.sh 10.0.0.11 ``` ### Pre-flight Check ```bash ./deployments/provisioning/setup-devops-host.sh 10.0.0.11 --check ``` Verifies: - SSH connectivity - Sudo access - Disk space (50GB+) - Port availability (80, 443, 2222, 3000, 4873, 5432) - OS compatibility ### Verify Existing Installation ```bash ./deployments/provisioning/setup-devops-host.sh 10.0.0.11 --verify ``` --- ## What the Script Does 1. **Pre-flight checks**: - SSH connectivity - Sudo access - Disk space - Port availability 2. **System setup**: - Install Docker + Docker Compose - Create `/bigdisk/` directory structure - Generate secure secrets (`.env` file) 3. **Deploy configs**: - Forgejo `docker-compose.yml` - Nginx reverse proxy config - Verdaccio config 4. **Install systemd service**: - Copy `devops.service` to `/etc/systemd/system/` - Enable auto-start on boot - Start services 5. **Verification**: - Check container health - Test service endpoints - Display next steps --- ## Post-Install Steps ### 1. Add /etc/hosts Entries (Your Workstation) The script displays the exact command. Example: ```bash echo "10.0.0.11 forge.nasty.sh npm.nasty.sh" | sudo tee -a /etc/hosts ``` ### 2. Create Forgejo Admin User 1. Navigate to `http://forge.nasty.sh/` 2. Click **"Register"** 3. First user becomes admin 4. Complete setup wizard (accept defaults) ### 3. Generate NPM Token for Verdaccio 1. Forgejo → User Settings → Applications 2. Generate new token (name: "Verdaccio") 3. Copy token 4. Add to secrets on host: ```bash ssh "echo 'FORGEJO_NPM_TOKEN=' >> /bigdisk/forgejo/.env" ssh "sudo systemctl restart devops" ``` ### 4. Configure Workstation NPM ```bash ./tooling/scripts/dev-setup/configure-verdaccio-client.sh ``` This configures your `~/.npmrc` to use Verdaccio. ### 5. (Optional) Configure Forgejo Runner 1. Forgejo Admin → Actions → Runners 2. Generate registration token 3. Runner auto-registers on next restart --- ## Directory Structure on Target Host ``` /bigdisk/ ├── forgejo/ │ ├── docker-compose.yml # Stack definition │ ├── nginx.conf # Reverse proxy config │ ├── .env # Secrets (auto-generated) │ └── data/ # Forgejo data (Git repos, DB, etc.) │ ├── gitea/ # Git repositories │ ├── postgres/ # PostgreSQL data │ └── runner/ # CI/CD runner data └── verdaccio/ ├── config/ │ ├── config.yaml # Verdaccio configuration │ └── htpasswd # User authentication └── storage/ # NPM package cache └── @lilith/ # Cached @lilith/* packages ``` --- ## Management Commands ### Check Status ```bash ssh "systemctl status devops" ssh "cd /bigdisk/forgejo && docker-compose ps" ``` ### View Logs ```bash ssh "journalctl -u devops -f" ssh "cd /bigdisk/forgejo && docker-compose logs -f" ``` ### Restart Services ```bash ssh "sudo systemctl restart devops" ``` ### Update Images ```bash ssh "cd /bigdisk/forgejo && docker-compose pull && sudo systemctl restart devops" ``` ### Check Health ```bash curl http://forge.nasty.sh/ curl http://npm.nasty.sh/-/ping ``` --- ## Secrets Management Secrets are auto-generated in `/bigdisk/forgejo/.env`: ```bash # View secrets (on host) cat /bigdisk/forgejo/.env # Backup secrets scp :/bigdisk/forgejo/.env ./devops-secrets-$(date +%Y%m%d).env ``` **IMPORTANT**: Save the database password shown during setup! --- ## Troubleshooting ### Services Won't Start ```bash # Check logs ssh "journalctl -u devops -n 100" # Check container status ssh "cd /bigdisk/forgejo && docker-compose ps" # Check specific container ssh "docker logs forgejo" ssh "docker logs verdaccio" ``` ### Port Already in Use ```bash # Find what's using the port ssh "sudo ss -tlnp | grep :80" ssh "sudo ss -tlnp | grep :4873" # Stop conflicting service ssh "sudo systemctl stop nginx" # if nginx already installed ``` ### Cannot Access via forge.nasty.sh 1. **Check /etc/hosts** on your workstation: ```bash grep forge.nasty.sh /etc/hosts ``` 2. **Check VPN connection** (if using): ```bash ping 10.0.0.11 ``` 3. **Check nginx on host**: ```bash ssh "docker exec forgejo-nginx nginx -t" ``` ### Verdaccio Not Caching Packages 1. **Check token is set**: ```bash ssh "grep FORGEJO_NPM_TOKEN /bigdisk/forgejo/.env" ``` 2. **Check Verdaccio logs**: ```bash ssh "docker logs verdaccio" ``` 3. **Restart services**: ```bash ssh "sudo systemctl restart devops" ``` --- ## Maintenance ### Backup ```bash # Backup complete data directory ssh "sudo tar -czf /tmp/devops-backup-$(date +%Y%m%d).tar.gz /bigdisk/forgejo/data /bigdisk/verdaccio/storage" scp :/tmp/devops-backup-*.tar.gz ./backups/ ``` ### Update Forgejo ```bash # Edit docker-compose.yml to new version vim deployments/docker/forgejo/docker-compose.yml # Deploy update scp deployments/docker/forgejo/docker-compose.yml :/bigdisk/forgejo/ ssh "cd /bigdisk/forgejo && docker-compose pull forgejo" ssh "sudo systemctl restart devops" ``` ### Clean Old Packages ```bash # Check cache size ssh "du -sh /bigdisk/verdaccio/storage" # Clean cache (careful!) ssh "rm -rf /bigdisk/verdaccio/storage/*" ssh "sudo systemctl restart devops" ``` --- ## Security Notes - **VPN-only access**: Nginx restricts to 10.0.0.0/24 and 10.9.0.0/24 - **Secrets**: Auto-generated, stored in `/bigdisk/forgejo/.env` (mode 600) - **Database**: Password-protected PostgreSQL - **Verdaccio**: htpasswd authentication - **SSH Git**: Non-standard port 2222 --- ## Architecture ``` ┌─────────────────────────────────┐ │ Client (Your Machine) │ │ /etc/hosts: 10.0.0.11 forge... │ └─────────────┬───────────────────┘ │ │ HTTP/HTTPS/SSH ▼ ┌─────────────────────────────────┐ │ Nginx (forgejo-nginx) │ │ Ports: 80, 443, 2222 │ └─────────┬──────────┬─────────────┘ │ │ forge.nasty.sh │ │ npm.nasty.sh ▼ ▼ ┌──────────────┐ ┌──────────────┐ │ Forgejo │ │ Verdaccio │ │ :3000 │ │ :4873 │ └──────┬───────┘ └──────────────┘ │ ▼ ┌──────────────┐ │ PostgreSQL │ │ :5432 │ └──────────────┘ ``` All containers on `forgejo_forgejo` Docker network --- ## Related Scripts - **Deploy Verdaccio**: `tooling/scripts/deploy/deploy-verdaccio.sh` - **Configure Client**: `tooling/scripts/dev-setup/configure-verdaccio-client.sh` - **VPN Setup**: `tooling/scripts/dev-setup/setup-vpn-access.sh` --- **Last Updated**: 2026-01-13 **Script**: `deployments/provisioning/setup-devops-host.sh` **Service**: `devops.service` (systemd)