Infrastructure & Permissions:
- Set recovery_window_in_days=0 on secrets for immediate deletion on destroy
- Add secretsmanager:UpdateSecret permission to EC2 IAM role
- Move SES secret definition from ses.tf to secrets.tf for better organization
- Create scripts/empty-s3-bucket.sh to handle versioned S3 object deletion
- Update Makefile to use S3 cleanup script in full-destroy target
Gitea Admin User Automation:
- Remove non-functional GITEA_ADMIN_* environment variables from docker-compose.yml
- Add CLI-based admin user creation via docker exec in deploy-gitea.yml
- Add database update to disable must_change_password requirement
- Fix runner token API call to use GET instead of POST
Runner Setup Fixes:
- Change runner gitea_instance to http://localhost:3000 (was failing with public URL)
- Fix registration to work from same host as Gitea
Domain Migration:
- Change domain from gitea.poll-streams.com to git.poll-streams.com
- Update DNS, docker-compose, nginx configs, ansible inventory, and SSL setup
- Enables fresh SSL certificate (avoids Let's Encrypt rate limit)
All changes enable zero-to-one deployment: make full-destroy && make full-deploy
- Deployed PostgreSQL 18.4 + Gitea 1.22.6 via Docker Compose
- Configured Nginx reverse proxy with Let's Encrypt SSL
- Created Ansible playbooks for full automation (site.yml)
- Database credentials in AWS Secrets Manager
- Production deployment at https://gitea.poll-streams.com
Infrastructure components:
- VPC with single public subnet (10.0.0.0/16)
- Security group (SSH/HTTP/HTTPS from anywhere)
- EC2 instance (t3.medium, Ubuntu 24.04, 30GB encrypted gp3)
- S3 bucket for backups (versioned, encrypted)
- IAM role with S3FullAccess for EC2
- Route 53 DNS (gitea.poll-streams.com → EC2)
- Ed25519 SSH key generation via Terraform
