Add initial infrastructure and backup scripts for Gitea and homelab deployment

- Create README.md with project layout and quick start instructions
- Implement backup scripts for Gitea, including database and repository exports
- Add systemd service and timer for automated Gitea backups
- Develop bootstrap scripts for homelab and VPS setup
- Document architecture and restore procedures
- Configure Caddy reverse proxy and Docker Compose for service management
- Establish secrets management guidelines

README.md

@@ -0,0 +1,37 @@
+# ops
+
+Infrastructure-as-code repo for reproducible VPS edge + homelab deployment.
+
+## Layout
+
+- `bootstrap/` host bootstrap scripts
+- `edge/caddy/` VPS edge reverse proxy stack
+- `stacks/` app stack modules
+- `backups/` backup + restore scripts
+- `secrets/` encrypted secret placeholders and guidance
+- `docs/` architecture and restore runbooks
+
+## Quick Start
+
+1. Fill `secrets/*.age` with encrypted values.
+2. Update domain/IP placeholders in `edge/caddy/Caddyfile`.
+3. Copy `.env.example` files to `.env` per stack.
+4. Run bootstrap scripts on target hosts.
+
+## Ops Repo Source Strategy
+
+When the ops repo lives on self-hosted Gitea, bootstrap should not depend on one source.
+
+- Primary source: self-hosted Gitea URL (`OPS_REPO_PRIMARY_URL`)
+- Optional mirror source: secondary git host (`OPS_REPO_FALLBACK_URL`)
+- Last-resort source: local bundle file (`OPS_BUNDLE_PATH`, default `/srv/backups/ops/latest/ops.bundle`)
+
+The bootstrap scripts automatically try those in that order.
+
+Current default primary URL is `https://git.sketchferret.com/sketchferret/ops.git`.
+
+## Retention Policy
+
+- Keep all backup files for 7 days (daily recovery points).
+- From day 8 to day 365, keep one backup per ISO week per folder.
+- Keep files under any `latest/` folder (for bootstrap fallback pointers).