Add hermes Gitea mirror: push-to-hermes.sh + deployment docs

- scripts/push-to-hermes.sh: one-command push to VPS Gitea (fetches token via SSH on each run, never stores it in git) - replit.md: document hermes Gitea setup (PostgreSQL-backed), backup instructions, push workflow
2026-03-20 02:25:40 +00:00
parent 8da43b097a
commit cdb104e34f
2 changed files with 58 additions and 0 deletions
--- a/replit.md
+++ b/replit.md
@@ -357,6 +357,32 @@ The root `.replit` file may show an older `deploymentTarget = "autoscale"` and
 platform protection blocked agent edits. **artifact.toml is the source of
 truth**; `.replit` entries for this artifact should be ignored.

+### Hermes Gitea (backup / deployment source)
+
+All workspace code is mirrored to a self-hosted Gitea instance on hermes backed by PostgreSQL.
+This is the second git remote — independent of the Mac Tailscale Gitea — so no single machine holds all the code.
+
+| Item | Value |
+|---|---|
+| Web UI | `http://143.198.27.163:3000/admin/timmy-tower` |
+| SSH (git) | `ssh://git@143.198.27.163:2222` |
+| DB backend | PostgreSQL (`gitea` DB on hermes) |
+| Admin user | `admin` |
+| Token store | `/root/.gitea-replit-token` on VPS |
+
+**Push from Replit** (any session):
+```bash
+bash scripts/push-to-hermes.sh
+```
+This script fetches the API token from the VPS over SSH (never stored in git), adds the `hermes` remote, and pushes all branches + tags.
+
+**Postgres backup** — the Gitea metadata lives in the `gitea` PostgreSQL DB. Backup with:
+```bash
+# On hermes
+sudo -u postgres pg_dump gitea > /root/gitea-backup-$(date +%Y%m%d).sql
+```
+The bare git objects live in `/var/lib/gitea/repositories/` and can be backed up with rsync or tar.
+
 ### VPS deployment (hermes — 143.198.27.163)

 The production instance runs on the user's VPS via systemd, outside Replit:
--- a/scripts/push-to-hermes.sh
+++ b/scripts/push-to-hermes.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# Push current workspace to hermes Gitea (backup / deployment source)
+# Usage: bash scripts/push-to-hermes.sh
+#
+# The hermes remote uses an API token embedded in the URL.
+# Token is stored in /root/.gitea-replit-token on the VPS.
+# Re-fetch and re-add the remote if this is a fresh Replit session.
+
+set -e
+HERMES_IP="143.198.27.163"
+GITEA_PORT="3000"
+GITEA_USER="admin"
+GITEA_REPO="timmy-tower"
+SSH_KEY="${HOME}/.ssh/id_ed25519"
+
+# Fetch token from VPS each run (avoids storing token in git)
+echo "[hermes] Fetching push token from VPS..."
+TOKEN=$(ssh -o StrictHostKeyChecking=no -i "$SSH_KEY" "root@$HERMES_IP" \
+  "cat /root/.gitea-replit-token")
+
+REMOTE_URL="http://${GITEA_USER}:${TOKEN}@${HERMES_IP}:${GITEA_PORT}/${GITEA_USER}/${GITEA_REPO}.git"
+
+# Add/update remote
+git remote remove hermes 2>/dev/null || true
+git remote add hermes "$REMOTE_URL"
+
+# Push all branches and tags
+echo "[hermes] Pushing all branches..."
+git push hermes --all --no-verify
+git push hermes --tags --no-verify
+
+echo "[hermes] Done. Gitea UI: http://${HERMES_IP}:${GITEA_PORT}/${GITEA_USER}/${GITEA_REPO}"