apes/.claude/skills/gcloud/SKILL.md

# gcloud Skill

Common GCP patterns for the apes platform. All commands invoke gcloud/kubectl/docker directly via Bash.

**Project:** `apes-platform`
**Region:** `europe-west1`
**Zone:** `europe-west1-b`

## Current Infrastructure

| Service | Host | VM | IP |
|---------|------|----|----|
| Gitea | git.unslope.com | gitea-vm | 34.78.255.104 |
| Chat (planned) | apes.unslope.com | TBD | TBD |

## SSH into VMs

```bash
# Gitea VM
gcloud compute ssh gitea-vm --zone=europe-west1-b --project=apes-platform

# Run a command remotely
gcloud compute ssh gitea-vm --zone=europe-west1-b --project=apes-platform --command="sudo docker ps"
```

## Docker Compose on VMs

```bash
# Restart a service
gcloud compute ssh <vm> --zone=europe-west1-b --project=apes-platform \
  --command="sudo bash -c 'cd /opt/<service> && docker compose restart <container>'"

# View logs
gcloud compute ssh <vm> --zone=europe-west1-b --project=apes-platform \
  --command="sudo docker logs <container> --tail 50"

# Full redeploy
gcloud compute ssh <vm> --zone=europe-west1-b --project=apes-platform \
  --command="sudo bash -c 'cd /opt/<service> && docker compose pull && docker compose up -d'"
```

## Static IPs & DNS

```bash
# Reserve a new static IP
gcloud compute addresses create <name> --region=europe-west1 --project=apes-platform

# Get IP value
gcloud compute addresses describe <name> --region=europe-west1 --project=apes-platform --format='value(address)'

# DNS: add A record at Namecheap (Advanced DNS tab) pointing subdomain to IP
```

## Firewall Rules

```bash
# List rules
gcloud compute firewall-rules list --project=apes-platform

# Open a port
gcloud compute firewall-rules create <name> --allow=tcp:<port> --target-tags=web-server --project=apes-platform
```

## New VM Pattern

```bash
gcloud compute instances create <name> \
  --project=apes-platform \
  --zone=europe-west1-b \
  --machine-type=e2-small \
  --image-family=debian-12 \
  --image-project=debian-cloud \
  --boot-disk-size=20GB \
  --tags=web-server \
  --address=<static-ip-name> \
  --metadata-from-file=startup-script=<script-path>
```

## Gitea API (git.unslope.com)

```bash
# Auth: basic auth or token
# Create API token:
curl -u user:pass -X POST 'https://git.unslope.com/api/v1/users/<user>/tokens' \
  -H 'Content-Type: application/json' -d '{"name":"my-token","scopes":["all"]}'

# Create repo
curl -u user:token -X POST 'https://git.unslope.com/api/v1/user/repos' \
  -H 'Content-Type: application/json' -d '{"name":"repo-name"}'

# Add collaborator
curl -u user:token -X PUT 'https://git.unslope.com/api/v1/repos/owner/repo/collaborators/username' \
  -H 'Content-Type: application/json' -d '{"permission":"write"}'

# Create user (admin only)
sudo docker exec -u git gitea gitea admin user create --username <user> --password '<pass>' --email '<email>'

# DNS not resolved? Use --resolve flag:
curl --resolve git.unslope.com:443:34.78.255.104 ...
```

## IAM

```bash
gcloud auth list
gcloud projects get-iam-policy apes-platform --format=json
```

## Troubleshooting

| Error | Fix |
|-------|-----|
| VM SSH timeout | Check firewall: `gcloud compute firewall-rules list --project=apes-platform` |
| Docker not running | SSH in, run `sudo systemctl start docker` |
| Caddy cert failed | Check DNS propagation: `dig @dns1.registrar-servers.com <domain> A +short` |
| Container not starting | Check logs: `sudo docker logs <container> --tail 50` |
| DNS not resolving | Flush local cache: `sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder` |