From 1c5d9359ff509e37d1600c1ff4885812d77a0555 Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 5 Feb 2025 20:09:28 +0100 Subject: [PATCH 01/39] add sub repositories --- .gitignore | 0 .gitmodules | 6 ++++++ apps/backend/src | 1 + apps/frontend/src | 1 + 4 files changed, 8 insertions(+) create mode 100644 .gitignore create mode 100644 .gitmodules create mode 160000 apps/backend/src create mode 160000 apps/frontend/src diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..d543125 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "apps/backend/src"] + path = apps/backend/src + url = https://gitea.mindboost.team/Mindboost/mindboost-backend.git +[submodule "apps/frontend/src"] + path = apps/frontend/src + url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git diff --git a/apps/backend/src b/apps/backend/src new file mode 160000 index 0000000..0a0ce37 --- /dev/null +++ b/apps/backend/src @@ -0,0 +1 @@ +Subproject commit 0a0ce37688b0ed26aa5003c9d4deafbb1835fec1 diff --git a/apps/frontend/src b/apps/frontend/src new file mode 160000 index 0000000..1b500d8 --- /dev/null +++ b/apps/frontend/src @@ -0,0 +1 @@ +Subproject commit 1b500d84fac57f15099223ef63798f6778670040 From 2dbc359bd251d9e86c329c7813e7917f55f8a5e2 Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 7 Feb 2025 02:13:26 +0100 Subject: [PATCH 02/39] Erste Compose Files und Scripte zum deployen. Lokal wird mit docker-compose.overwrite.yml gestartet --- apps/README.md | 0 apps/backend/src | 2 +- apps/docker-compose.overwrite.yml | 63 +++++++++++++++++++++++++++ apps/docker-compose.prod.yml | 71 +++++++++++++++++++++++++++++++ config/.env.backend | 49 +++++++++++++++++++++ config/.env.db | 8 ++++ config/.env.frontend | 1 + config/.env.shared | 1 + config/.env.traefik | 24 +++++++++++ scripts/deploy-app.sh | 22 ++++++++++ 10 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 apps/README.md create mode 100644 apps/docker-compose.overwrite.yml create mode 100644 apps/docker-compose.prod.yml create mode 100644 config/.env.backend create mode 100644 config/.env.db create mode 100644 config/.env.frontend create mode 100644 config/.env.shared create mode 100644 config/.env.traefik create mode 100755 scripts/deploy-app.sh diff --git a/apps/README.md b/apps/README.md new file mode 100644 index 0000000..e69de29 diff --git a/apps/backend/src b/apps/backend/src index 0a0ce37..1ef8c2a 160000 --- a/apps/backend/src +++ b/apps/backend/src @@ -1 +1 @@ -Subproject commit 0a0ce37688b0ed26aa5003c9d4deafbb1835fec1 +Subproject commit 1ef8c2a309d5905eae19d362d57c8dac9996f45f diff --git a/apps/docker-compose.overwrite.yml b/apps/docker-compose.overwrite.yml new file mode 100644 index 0000000..df15d4a --- /dev/null +++ b/apps/docker-compose.overwrite.yml @@ -0,0 +1,63 @@ +## +## DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER +## +## Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass +## bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src +## Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik. +## +## Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik) +## Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt +## +services: + mariadb: + image: mariadb:latest + container_name: local_mariadb + command: --bind-address=0.0.0.0 + environment: + - ALLOW_EMPTY_PASSWORD + - MARIADB_USER=mindboost + - MARIADB_DATABASE=mindboost + - MARIADB_PASSWORD=mindboost + - MARIADB_ROOT_PASSWORD=root-mindboost + networks: + - backend + frontend: + build: + context: ./frontend/src + dockerfile: Dockerfile.dev + container_name: local_frontend + volumes: + - ./frontend/src:/app + - /app/node_modules + ports: + - "3000:3000" + networks: + - backend + environment: + NODE_ENV: development + + backend: + build: + context: ./backend/src + dockerfile: Dockerfile.dev + container_name: local_backend + ports: + - "8000:8000" + - "5173:5173" + volumes: + - ./backend/src:/var/www + networks: + - backend + depends_on: + - mariadb + adminer: + image: adminer + container_name: local_adminer + restart: always + ports: + - 8080:8080 + networks: + - backend +networks: + backend: + external: false \ No newline at end of file diff --git a/apps/docker-compose.prod.yml b/apps/docker-compose.prod.yml new file mode 100644 index 0000000..62ce5e3 --- /dev/null +++ b/apps/docker-compose.prod.yml @@ -0,0 +1,71 @@ +# Stack for Mindboost Webapp + +services: + prod-mariadb: + image: mariadb:latest + container_name: prod-mariadb + hostname: mariadb + command: --bind-address=0.0.0.0 + env_file: + - ../config/.env.db + networks: + - ${BACKEND_NETWORK} + volumes: + - ../volumes/daten/mariadb:/var/lib/mysql + prod-redis: + image: redis:alpine + container_name: prod-redis + hostname: redis + networks: + - ${BACKEND_NETWORK} + restart: unless-stopped + command: redis-server --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben + volumes: + - ../volumes/daten/redis:/data + prod-frontend: + build: + context: ./frontend/src + dockerfile: Dockerfile + container_name: prod-frontend + networks: + - ${BACKEND_NETWORK} + - ${TRAEFIK_NETWORK} + env_file: + - ../config/.env.frontend + - ../config/.env.traefik + labels: + - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.http.routers.prod-frontend.entrypoints=${TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT}" + - "traefik.http.routers.prod-frontend.rule=${TRAEFIK_ROUTER_FRONTEND_RULE}" + - "traefik.http.routers.prod-frontend.tls=${TRAEFIK_ROUTER_FRONTEND_TLS}" + - "traefik.http.routers.prod-frontend.tls.certresolver=${TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER}" + - "traefik.http.routers.prod-frontend.tls.domains[0].main=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN}" + - "traefik.http.routers.prod-frontend.tls.domains[0].sans=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS}" + - "traefik.http.services.prod-frontend.loadbalancer.server.port=${TRAEFIK_SERVICE_FRONTEND_PORT}" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + prod-backend: + build: + context: ./backend/src + dockerfile: Dockerfile + env_file: + - ../config/.env.backend + - ../config/.env.traefik + labels: + - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.http.routers.prod-backend.entrypoints=${TRAEFIK_ROUTER_BACKEND_ENTRYPOINT}" + - "traefik.http.routers.prod-backend.rule=${TRAEFIK_ROUTER_BACKEND_RULE}" + - "traefik.http.routers.prod-backend.tls=${TRAEFIK_ROUTER_BACKEND_TLS}" + - "traefik.http.routers.prod-backend.tls.certresolver=${TRAEFIK_ROUTER_BACKEND_CERTRESOLVER}" + - "traefik.http.routers.prod-backend.tls.domains[0].main=${TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN}" + - "traefik.http.services.prod-backend.loadbalancer.server.port=${TRAEFIK_SERVICE_BACKEND_PORT}" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + networks: + - ${BACKEND_NETWORK} + - ${TRAEFIK_NETWORK} + depends_on: + - prod-mariadb +networks: + prod-backend: + external: false + proxy: + external: true diff --git a/config/.env.backend b/config/.env.backend new file mode 100644 index 0000000..8330154 --- /dev/null +++ b/config/.env.backend @@ -0,0 +1,49 @@ +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- +MARIADB_USER=mindboost +MARIADB_DATABASE=mindboost +MARIADB_PASSWORD=1stronges-mindboostdb-passwort +MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb + +# ---------------------------------- +# Redis +# ---------------------------------- +REDIS_PASSWORD=laravel-redis-passwort +REDIS_PORT=6379 + +# ---------------------------------- +# Vue Frontend (Nuxt.js) +# ---------------------------------- +VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team +VUE_FRONTEND_PORT=3001 +VUE_INTERNAL_PORT=3000 +VUE_FRONTEND_DOMAIN_1=app.mindboost.team +VUE_FRONTEND_DOMAIN_2=mindboost.app + +# ---------------------------------- +# Laravel Backend +# ---------------------------------- +BACKEND_NETWORK=backend +APP_NAME="mindboost backend - Compose Deployment" +APP_URL=https://b.mindboost.team +LARAVEL_PORT=8000 +LARAVEL_VITE_PORT=5173 +DB_HOST=mariadb +DB_PORT=3306 +DB_PASSWORD=1stronges-mindboostdb-passwort +DB_USERNAME=mindboost +DB_DATABASE=mindboost +LARAVEL_DOMAIN=b.mindboost.team +JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F +# ---------------------------------- +# Traefik +# ---------------------------------- +TRAEFIK_CERT_RESOLVER=http_resolver +TRAEFIK_ENTRYPOINT=websecure +TRAEFIK_NETWORK=proxy + +# ---------------------------------- +# Adminer +# ---------------------------------- +ADMINER_PORT=8080 diff --git a/config/.env.db b/config/.env.db new file mode 100644 index 0000000..e736b27 --- /dev/null +++ b/config/.env.db @@ -0,0 +1,8 @@ +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- +MARIADB_USER=mindboost +MARIADB_DATABASE=mindboost +MARIADB_PASSWORD=1stronges-mindboostdb-passwort +MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb +ADMINER_PORT=8000 \ No newline at end of file diff --git a/config/.env.frontend b/config/.env.frontend new file mode 100644 index 0000000..abe3bd8 --- /dev/null +++ b/config/.env.frontend @@ -0,0 +1 @@ +DB_HOST= BLALBLAB diff --git a/config/.env.shared b/config/.env.shared new file mode 100644 index 0000000..abe3bd8 --- /dev/null +++ b/config/.env.shared @@ -0,0 +1 @@ +DB_HOST= BLALBLAB diff --git a/config/.env.traefik b/config/.env.traefik new file mode 100644 index 0000000..bce6c97 --- /dev/null +++ b/config/.env.traefik @@ -0,0 +1,24 @@ +# ---------------------------------- +# Traefik +# ---------------------------------- + +# Allgemein +TRAEFIK_ENABLE=true +TRAEFIK_NETWORK=proxy + +# Backend +TRAEFIK_ROUTER_BACKEND_ENTRYPOINT=websecure +TRAEFIK_ROUTER_BACKEND_RULE=Host(`b.mindboost.team`) +TRAEFIK_ROUTER_BACKEND_TLS=true +TRAEFIK_ROUTER_BACKEND_CERTRESOLVER=http_resolver +TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN=b.mindboost.team +TRAEFIK_SERVICE_BACKEND_PORT=8000 + +# Frontend +TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT=websecure +TRAEFIK_ROUTER_FRONTEND_RULE=Host(`app.mindboost.team` || `mindboost.app`) +TRAEFIK_ROUTER_FRONTEND_TLS=true +TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER=http_resolver +TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN=app.mindboost.team +TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS=mindboost.app +TRAEFIK_SERVICE_FRONTEND_PORT=3000 diff --git a/scripts/deploy-app.sh b/scripts/deploy-app.sh new file mode 100755 index 0000000..78a95b2 --- /dev/null +++ b/scripts/deploy-app.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +echo "Prüfe, ob Traefik läuft..." + +if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then + echo "Traefik läuft nicht." + read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer + if [[ "$answer" =~ ^[Yy]$ ]]; then + echo "Starte lokale Version..." + docker compose -f ../apps/docker-compose.overwrite.yml up -d + else + echo "Deployment abgebrochen." + exit 1 + fi +else + echo "Traefik läuft." + echo "Starte Deployment mit docker-compose.prod.yml..." + docker compose -f ../apps/docker-compose.prod.yml up -d +fi + +echo "Deployment abgeschlossen." From 302f9be36cd368a8d68c0613528e7fd7ad0c37ce Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 7 Feb 2025 02:29:07 +0100 Subject: [PATCH 03/39] update Repository sources --- .gitignore | 3 +++ apps/backend/src | 2 +- apps/frontend/src | 2 +- scripts/backup.sh | 44 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 scripts/backup.sh diff --git a/.gitignore b/.gitignore index e69de29..b5a5813 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,3 @@ +volumes +apps/proxy +.DS_Store \ No newline at end of file diff --git a/apps/backend/src b/apps/backend/src index 1ef8c2a..0e3ecbb 160000 --- a/apps/backend/src +++ b/apps/backend/src @@ -1 +1 @@ -Subproject commit 1ef8c2a309d5905eae19d362d57c8dac9996f45f +Subproject commit 0e3ecbb0a788f2afa5699185ef65901781d11c79 diff --git a/apps/frontend/src b/apps/frontend/src index 1b500d8..2d8bcb6 160000 --- a/apps/frontend/src +++ b/apps/frontend/src @@ -1 +1 @@ -Subproject commit 1b500d84fac57f15099223ef63798f6778670040 +Subproject commit 2d8bcb6067b626ef0d83a364d070db3659bedcf3 diff --git a/scripts/backup.sh b/scripts/backup.sh new file mode 100644 index 0000000..c7e5e0d --- /dev/null +++ b/scripts/backup.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# # # # # # # # # # # # # # # # # # # # # # # # +# Konfiguration # +# # # # # # # # # # # # # # # # # # # # # # # # + +# Verzeichnis, das gesichert werden soll +source_dir="../volumes" +# Verzeichnis, in dem die Backups gespeichert werden sollen +backup_dir="/opt/docker_backups" +# Anzahl der zu behaltenden Backups +keep_backups=10 +# Aktuelles Datum und Uhrzeit +current_datetime=$(date +"%Y-%m-%d_%H-%M-%S") +# Name für das Backup-Archiv +backup_filename="${current_datetime}-backup.tar" +# Zielserver-Informationen +remote_user="root" +remote_server="TARGET NOT YET DEVICED" +remote_dir="/opt/docker_backups" + +# # # # # # # # # # # # # # # # # # # # # # # # +# Ende der Konfiguration # +# # # # # # # # # # # # # # # # # # # # # # # # + +remote_target="${remote_user}@${remote_server}" +backup_fullpath="${backup_dir}/${backup_filename}" + +# Docker-Container herunterfahren +docker stop $(docker ps -q) +# Erstelle das Backup-Archiv +tar -cpf "${backup_fullpath}" "${source_dir}" +# Docker-Container wieder starten +docker start $(docker ps -a -q) +# Komprimiere das Backup-Archiv +gzip "${backup_fullpath}" +backup_fullpath="${backup_fullpath}.gz" +# Kopiere das Backup auf den Zielserver mit SCP ohne Passwort +scp "${backup_fullpath}" "${remote_target}:$remote_dir/" +# Lösche ältere lokale Backups mit `find` +find "$backup_dir" -type f -name "*-backup.tar.gz" -mtime +$keep_backups -exec rm {} \; +# Lösche ältere remote Backups mit `find` +ssh "${remote_target}" "find ${remote_dir} -type f -name '*-backup.tar.gz' -mtime +$keep_backups -exec rm {} \;" + +echo "Backup wurde erstellt: ${backup_fullpath} und auf ${remote_target} kopiert." \ No newline at end of file From 388475fafc068c088cac5bda307f3fefa6af9ed7 Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 7 Feb 2025 12:22:53 +0100 Subject: [PATCH 04/39] add volume to database to persist data of local development e.g. users --- apps/docker-compose.overwrite.yml | 2 ++ apps/docker-compose.prod.yml | 38 ++++++++++++++++++++++++++++++- scripts/deploy-traefik.sh | 22 ++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100755 scripts/deploy-traefik.sh diff --git a/apps/docker-compose.overwrite.yml b/apps/docker-compose.overwrite.yml index df15d4a..8d07011 100644 --- a/apps/docker-compose.overwrite.yml +++ b/apps/docker-compose.overwrite.yml @@ -19,6 +19,8 @@ services: - MARIADB_DATABASE=mindboost - MARIADB_PASSWORD=mindboost - MARIADB_ROOT_PASSWORD=root-mindboost + volumes: + - ../volumes/daten/mariadb:/var/lib/mysql networks: - backend frontend: diff --git a/apps/docker-compose.prod.yml b/apps/docker-compose.prod.yml index 62ce5e3..e33a4ee 100644 --- a/apps/docker-compose.prod.yml +++ b/apps/docker-compose.prod.yml @@ -1,4 +1,13 @@ -# Stack for Mindboost Webapp +## +## DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER +## +## Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass +## bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src +## Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik. +## +## Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik) +## Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt +## services: prod-mariadb: @@ -64,6 +73,33 @@ services: - ${TRAEFIK_NETWORK} depends_on: - prod-mariadb + # Traefik-Crowdsec Stack + crowdsec: + extends: + file: ./proxy/docker-compose.yml + service: crowdsec + networks: + - ${TRAEFIK_NETWORK} + + traefik: + extends: + file: ./proxy/docker-compose.yml + service: traefik + networks: + - ${TRAEFIK_NETWORK} + depends_on: + - crowdsec + + traefik_crowdsec_bouncer: + extends: + file: ./proxy/docker-compose.yml + service: traefik_crowdsec_bouncer + networks: + - ${TRAEFIK_NETWORK} + depends_on: + - crowdsec + - traefik + networks: prod-backend: external: false diff --git a/scripts/deploy-traefik.sh b/scripts/deploy-traefik.sh new file mode 100755 index 0000000..78a95b2 --- /dev/null +++ b/scripts/deploy-traefik.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +echo "Prüfe, ob Traefik läuft..." + +if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then + echo "Traefik läuft nicht." + read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer + if [[ "$answer" =~ ^[Yy]$ ]]; then + echo "Starte lokale Version..." + docker compose -f ../apps/docker-compose.overwrite.yml up -d + else + echo "Deployment abgebrochen." + exit 1 + fi +else + echo "Traefik läuft." + echo "Starte Deployment mit docker-compose.prod.yml..." + docker compose -f ../apps/docker-compose.prod.yml up -d +fi + +echo "Deployment abgeschlossen." From 83e78eb652efc54f7db5e35f29d3281902fe0dbf Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 17 Feb 2025 18:08:50 +0100 Subject: [PATCH 05/39] Environment Variables for local development and dev status --- env/.env.all | 10 ++++++ env/.env.backend | 49 ++++++++++++++++++++++++++ env/.env.db | 8 +++++ env/.env.frontend | 1 + env/.env.shared | 1 + env/.env.traefik | 24 +++++++++++++ env/development/.env.administration | 2 ++ env/development/.env.backend | 42 ++++++++++++++++++++++ env/development/.env.database | 7 ++++ env/development/.env.develop | 7 ++++ env/development/.env.frontend | 1 + env/development/.env.proxy | 54 +++++++++++++++++++++++++++++ env/development/.env.tools | 0 env/development/.env.website | 0 14 files changed, 206 insertions(+) create mode 100644 env/.env.all create mode 100644 env/.env.backend create mode 100644 env/.env.db create mode 100644 env/.env.frontend create mode 100644 env/.env.shared create mode 100644 env/.env.traefik create mode 100644 env/development/.env.administration create mode 100644 env/development/.env.backend create mode 100644 env/development/.env.database create mode 100644 env/development/.env.develop create mode 100644 env/development/.env.frontend create mode 100644 env/development/.env.proxy create mode 100644 env/development/.env.tools create mode 100644 env/development/.env.website diff --git a/env/.env.all b/env/.env.all new file mode 100644 index 0000000..667e208 --- /dev/null +++ b/env/.env.all @@ -0,0 +1,10 @@ +## +## Einstellung die für das gesamte Projekt gelten. Also der Name und der Admin +## Das Environment muss "production","staging" oder "development" heißen + +INFRASTRUCTURE_LABEL=mindboost_dev +ENVIRONMENT=development + +ADMIN_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +ADMIN_PASSWORD_HASH='$2y$05$U7noO29Ru/4VB5x8TpZo3.b4VjH6AAnhufJJUG2Vs7qHCM2Cd8yIK' # for development = admin + diff --git a/env/.env.backend b/env/.env.backend new file mode 100644 index 0000000..8330154 --- /dev/null +++ b/env/.env.backend @@ -0,0 +1,49 @@ +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- +MARIADB_USER=mindboost +MARIADB_DATABASE=mindboost +MARIADB_PASSWORD=1stronges-mindboostdb-passwort +MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb + +# ---------------------------------- +# Redis +# ---------------------------------- +REDIS_PASSWORD=laravel-redis-passwort +REDIS_PORT=6379 + +# ---------------------------------- +# Vue Frontend (Nuxt.js) +# ---------------------------------- +VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team +VUE_FRONTEND_PORT=3001 +VUE_INTERNAL_PORT=3000 +VUE_FRONTEND_DOMAIN_1=app.mindboost.team +VUE_FRONTEND_DOMAIN_2=mindboost.app + +# ---------------------------------- +# Laravel Backend +# ---------------------------------- +BACKEND_NETWORK=backend +APP_NAME="mindboost backend - Compose Deployment" +APP_URL=https://b.mindboost.team +LARAVEL_PORT=8000 +LARAVEL_VITE_PORT=5173 +DB_HOST=mariadb +DB_PORT=3306 +DB_PASSWORD=1stronges-mindboostdb-passwort +DB_USERNAME=mindboost +DB_DATABASE=mindboost +LARAVEL_DOMAIN=b.mindboost.team +JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F +# ---------------------------------- +# Traefik +# ---------------------------------- +TRAEFIK_CERT_RESOLVER=http_resolver +TRAEFIK_ENTRYPOINT=websecure +TRAEFIK_NETWORK=proxy + +# ---------------------------------- +# Adminer +# ---------------------------------- +ADMINER_PORT=8080 diff --git a/env/.env.db b/env/.env.db new file mode 100644 index 0000000..e736b27 --- /dev/null +++ b/env/.env.db @@ -0,0 +1,8 @@ +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- +MARIADB_USER=mindboost +MARIADB_DATABASE=mindboost +MARIADB_PASSWORD=1stronges-mindboostdb-passwort +MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb +ADMINER_PORT=8000 \ No newline at end of file diff --git a/env/.env.frontend b/env/.env.frontend new file mode 100644 index 0000000..abe3bd8 --- /dev/null +++ b/env/.env.frontend @@ -0,0 +1 @@ +DB_HOST= BLALBLAB diff --git a/env/.env.shared b/env/.env.shared new file mode 100644 index 0000000..abe3bd8 --- /dev/null +++ b/env/.env.shared @@ -0,0 +1 @@ +DB_HOST= BLALBLAB diff --git a/env/.env.traefik b/env/.env.traefik new file mode 100644 index 0000000..07794dc --- /dev/null +++ b/env/.env.traefik @@ -0,0 +1,24 @@ +# ---------------------------------- +# Traefik +# ---------------------------------- + +# Allgemein +TRAEFIK_ENABLE=true +TRAEFIK_NETWORK=proxy + +# Backend +TRAEFIK_ROUTER_BACKEND_ENTRYPOINT=websecure +TRAEFIK_ROUTER_BACKEND_RULE=Host(`b.mindboost.team`) +TRAEFIK_ROUTER_BACKEND_TLS=true +TRAEFIK_ROUTER_BACKEND_CERTRESOLVER=http_resolver +TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN=b.mindboost.team +TRAEFIK_SERVICE_BACKEND_PORT=8000 + +# Frontend +TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT=websecure +TRAEFIK_ROUTER_FRONTEND_RULE=Host(`app.mindboost.team`) +TRAEFIK_ROUTER_FRONTEND_TLS=true +TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER=http_resolver +TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN=app.mindboost.team +TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS=mindboost.app +TRAEFIK_SERVICE_FRONTEND_PORT=3000 diff --git a/env/development/.env.administration b/env/development/.env.administration new file mode 100644 index 0000000..bea518f --- /dev/null +++ b/env/development/.env.administration @@ -0,0 +1,2 @@ +PORTAINER_IMAGE=portainer/portainer-ce:latest +PORTAINER_DATA_PATH=./../../volumes/administration/portainer/data diff --git a/env/development/.env.backend b/env/development/.env.backend new file mode 100644 index 0000000..baabdec --- /dev/null +++ b/env/development/.env.backend @@ -0,0 +1,42 @@ + + +# ---------------------------------- +# Redis +# ---------------------------------- +REDIS_PASSWORD=laravel-redis-passwort +REDIS_PORT=6379 + +# ---------------------------------- +# Vue Frontend (Nuxt.js) +# ---------------------------------- +VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team +VUE_INTERNAL_PORT=3000 +VUE_FRONTEND_DOMAIN_1=app.mindboost.team +VUE_FRONTEND_DOMAIN_2=mindboost.app + +# ---------------------------------- +# Laravel Backend +# ---------------------------------- +BACKEND_NETWORK=backend +APP_NAME="mindboost backend - Compose Deployment" +APP_URL=https://b.mindboost.team +LARAVEL_PORT=8000 +LARAVEL_VITE_PORT=5173 +DB_HOST=mariadb +DB_PORT=3306 +DB_PASSWORD=1stronges-mindboostdb-passwort +DB_USERNAME=mindboost +DB_DATABASE=mindboost + +JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F +# ---------------------------------- +# Traefik +# ---------------------------------- +TRAEFIK_CERT_RESOLVER=http_resolver +TRAEFIK_ENTRYPOINT=websecure +TRAEFIK_NETWORK=proxy + +# ---------------------------------- +# Adminer +# ---------------------------------- +ADMINER_PORT=8080 diff --git a/env/development/.env.database b/env/development/.env.database new file mode 100644 index 0000000..2544ad9 --- /dev/null +++ b/env/development/.env.database @@ -0,0 +1,7 @@ +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- +MARIADB_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +MARIADB_DATABASE=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +MARIADB_PASSWORD=1stronges-mindboostdb-passwort +MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb diff --git a/env/development/.env.develop b/env/development/.env.develop new file mode 100644 index 0000000..ec5c567 --- /dev/null +++ b/env/development/.env.develop @@ -0,0 +1,7 @@ +USER_UID=1000 +USER_GID=1000 +GITEA__database__DB_TYPE=postgres +GITEA__database__HOST=db:5432 +GITEA__database__NAME=${GITEA_DB_NAME:-gitea} +GITEA__database__USER=${GITEA_DB_USER:-gitea} +GITEA__database__PASSWD=gitea-datenbank-passwort \ No newline at end of file diff --git a/env/development/.env.frontend b/env/development/.env.frontend new file mode 100644 index 0000000..986524d --- /dev/null +++ b/env/development/.env.frontend @@ -0,0 +1 @@ +# Frontend diff --git a/env/development/.env.proxy b/env/development/.env.proxy new file mode 100644 index 0000000..25cd183 --- /dev/null +++ b/env/development/.env.proxy @@ -0,0 +1,54 @@ +## +## GENERAL +## +TRAEFIK_ENABLE=true +TRAEFIK_NETWORK=proxy +TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} +TRAEFIK_CERT_RESOLVER=http_resolver + +## +## Domains when TRAEFIK is ENABLED +## +PORTAINER_DOMAIN=portainer.local +FRONTEND_DOMAIN=frontend.local +FRONTEND_DOMAIN_2=app.frontend.local +BACKEND_DOMAIN=backend.local +WEBSITE_DOMAIN=web.local +GITEA_DOMAIN=gitea.local +LIMESURVEY_DOMAIN=survey.local +LINKSTACK_DOMAIN=linkstack.local +TRAEFIK_DOMAIN=traefik.local + +### TLS for Domains +PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN} +FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN} +FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2} +BACKEND_TLS_DOMAIN_MAIN=${BACKEND_DOMAIN} +WEBSITE_TLS_DOMAIN_MAIN=${WEBSITE_DOMAIN} +GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN} +LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN} +LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN} +TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN} + +FRONTEND_DOMAIN=frontend.local +BACKEND_DOMAIN=backend.local +WEBSITE_DOMAIN=web.local +GITEA_DOMAIN=gitea.local +LIMESURVEY_DOMAIN=survey.local +LINKSTACK_DOMAIN=linkstack.local +TRAEFIK_DOMAIN=traefik.local + +## +## MIDDLEWARES +## +TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-https-redirect +TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-basic-auth + +## +## ENTRYPOINTS +## + +TRAEFIK_ENTRYPOINT=websecure +TRAEFIK_ENTRYPOINT_HTTP=web +TRAEFIK_ENTRYPOINT_HTTP + diff --git a/env/development/.env.tools b/env/development/.env.tools new file mode 100644 index 0000000..e69de29 diff --git a/env/development/.env.website b/env/development/.env.website new file mode 100644 index 0000000..e69de29 From c0a3fc7a10ef14e57a0bdcb060f305d62fc3393e Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 17 Feb 2025 18:09:34 +0100 Subject: [PATCH 06/39] compose files for basically all apps --- apps/backend/docker-compose.yml | 36 +++++++++++ apps/database/docker-compose.yml | 40 ++++++++++++ apps/develop/docker-compose.yml | 9 +++ apps/develop/gitea/docker-compose.yml | 44 +++++++++++++ apps/develop/jenkins/docker-compose.yml | 30 +++++++++ apps/docker-compose.all.yml | 48 ++++++++++++++ apps/frontend/docker-compose.yml | 27 ++++++++ apps/security/docker-compose.linuxserver.yml | 30 +++++++++ apps/security/docker-compose.yml | 50 +++++++++++++++ apps/tools/docker-compose.yml | 67 ++++++++++++++++++++ apps/website/docker-compose.yml | 23 +++++++ 11 files changed, 404 insertions(+) create mode 100644 apps/backend/docker-compose.yml create mode 100644 apps/database/docker-compose.yml create mode 100644 apps/develop/docker-compose.yml create mode 100644 apps/develop/gitea/docker-compose.yml create mode 100644 apps/develop/jenkins/docker-compose.yml create mode 100644 apps/docker-compose.all.yml create mode 100644 apps/frontend/docker-compose.yml create mode 100644 apps/security/docker-compose.linuxserver.yml create mode 100644 apps/security/docker-compose.yml create mode 100644 apps/tools/docker-compose.yml create mode 100644 apps/website/docker-compose.yml diff --git a/apps/backend/docker-compose.yml b/apps/backend/docker-compose.yml new file mode 100644 index 0000000..22ac631 --- /dev/null +++ b/apps/backend/docker-compose.yml @@ -0,0 +1,36 @@ +### Backend (./apps/backend/docker-compose.yml) + +services: + backend: + container_name: ${INFRASTRUCTURE_LABEL}-laravel-${ENVIRONMENT} + profiles: ["laravel", "backend", "all", "app"] + env_file: + - ../../env/.env.all + - ../../env/${ENVIRONMENT}/.env.proxy + - ../../env/${ENVIRONMENT}/.env.database + - ../../env/${ENVIRONMENT}/.env.backend + depends_on: + - database + build: + context: ./src + dockerfile: Dockerfile + labels: + - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}" + - "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)" + - "traefik.http.routers.backend.tls=true" + - "traefik.http.routers.backend.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" + - "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`" + - "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + # Traefik-Crowdsec Stack + backend-redis: + image: redis:alpine + container_name: ${INFRASTRUCTURE_LABEL}-laravelredis-${ENVIRONMENT} + profiles: ["redis", "backend", "all"] + restart: unless-stopped + command: redis-server --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben + volumes: + - ../../volumes/backend/redis:/data +networks: + backend: diff --git a/apps/database/docker-compose.yml b/apps/database/docker-compose.yml new file mode 100644 index 0000000..f4f3687 --- /dev/null +++ b/apps/database/docker-compose.yml @@ -0,0 +1,40 @@ +### Database (./apps/database/docker-compose.yml) +# - [ ] Create a MariaDB service +# - [ ] Configure volumes for persistent storage of database data +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/database.env) +# - [ ] Configure networking to allow connections from the backend service +# - [ ] Set up regular backup jobs for the database +# - [ ] Configure appropriate resource limits and restart policies +services: + database: + profiles: ["all", "mariadb", "backend", "app"] + image: mariadb:latest + container_name: ${INFRASTRUCTURE_LABEL}-mariadb-${ENVIRONMENT} + command: --bind-address=0.0.0.0 + hostname: ${MARIADB_HOST} + env_file: + - ../../env/.env.all + - ../../env/${ENVIRONMENT:-development}/.env.database + - ../../env/${ENVIRONMENT:-development}/.env.proxy + environment: + - MARIADB_USER=${MARIADB_USER} + - MARIADB_DATABASE=${MARIADB_DATABASE} + - MARIADB_PASSWORD=${MARIADB_PASSWORD} + - MARIADB_ROOT_PASSWORD=root-mindboost + volumes: + - ../../volumes/database/mariadb:/var/lib/mysql + networks: + - backend + healthcheck: + test: ["CMD", "mysqladmin", "ping", "-h", "localhost"] + interval: 10s + retries: 3 + adminer: + profiles: ["all", "mariadb", "backend", "app"] + image: adminer + container_name: local_adminer + restart: always + ports: + - 8082:8080 + networks: + - backend \ No newline at end of file diff --git a/apps/develop/docker-compose.yml b/apps/develop/docker-compose.yml new file mode 100644 index 0000000..343142b --- /dev/null +++ b/apps/develop/docker-compose.yml @@ -0,0 +1,9 @@ +### Develop (./apps/develop/docker-compose.yml) +# - [ ] Create services for Gitea, Jenkins, and Adminer +# - [ ] Configure volumes for persistent storage of Git repositories, Jenkins data, and Adminer settings +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/develop.env) +# - [ ] Configure networking to allow these services to communicate with each other and the necessary application services +# - [ ] Set up access controls and security measures for development tools + +include: + - ./gitea/docker-compose.yml diff --git a/apps/develop/gitea/docker-compose.yml b/apps/develop/gitea/docker-compose.yml new file mode 100644 index 0000000..344052b --- /dev/null +++ b/apps/develop/gitea/docker-compose.yml @@ -0,0 +1,44 @@ +services: + gitea: + image: gitea/gitea:latest + container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea + profiles: ["all", "gitea","develop"] + restart: always + volumes: + - ${GITEA_VOLUME_PATH}:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + depends_on: + - gitea_db + labels: + - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.http.routers.gitea.entrypoints=${TRAEFIK_ENTRYPOINT}" + - "traefik.http.routers.gitea.rule=(Host(`${GITEA_DOMAIN})`)" + - "traefik.http.routers.gitea.tls=true" + - "traefik.http.routers.gitea.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" + - "traefik.http.routers.gitea.service=gitea" + - 'traefik.http.services.gitea.loadbalancer.gitea.port=3000' + - "traefik.http.routers.gitea.tls.domains[0].main=`${GITEA_TLS_DOMAIN_MAIN}`" + + # SSH routing, can't route based on host so anything to port 222 will come to this container + - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" + - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh" + - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc" + - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.gitea.port=22" + + gitea_db: + image: mysql:latest + container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea_db + profiles: ["all", "gitea","develop"] + restart: always + environment: + - MYSQL_ROOT_PASSWORD=${GITEA_MYSQL_ROOT_PASSWORD} + - MYSQL_DATABASE=${GITEA_MYSQL_DATABASE} + - MYSQL_USER=${GITEA_MYSQL_USER} + - MYSQL_PASSWORD=${GITEA_MYSQL_PASSWORD} + volumes: + - ${GITEA_DATABASE_VOLUME_PATH}:/var/lib/mysql + +networks: + gitea: + diff --git a/apps/develop/jenkins/docker-compose.yml b/apps/develop/jenkins/docker-compose.yml new file mode 100644 index 0000000..f71dc7e --- /dev/null +++ b/apps/develop/jenkins/docker-compose.yml @@ -0,0 +1,30 @@ +version: '3.8' + +services: + jenkins: + image: jenkins/jenkins:lts + container_name: jenkins + ports: + - "50000:50000" # Jenkins Agent Port + volumes: + - jenkins_home:/var/jenkins_home + environment: + - JAVA_OPTS=-Djenkins.install.runSetupWizard=false + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.jenkins.rule=Host(`j.haslach2025.de`)" + - "traefik.http.routers.jenkins.entrypoints=websecure" + - "traefik.http.routers.jenkins.tls=true" + - "traefik.http.routers.jenkins.tls.certresolver=http_resolver" + - "traefik.http.services.jenkins.loadbalancer.server.port=8080" # interner Port von Jenkins + - "traefik.docker.network=proxy" + +volumes: + jenkins_home: + driver: local + +networks: + proxy: + external: true diff --git a/apps/docker-compose.all.yml b/apps/docker-compose.all.yml new file mode 100644 index 0000000..61435db --- /dev/null +++ b/apps/docker-compose.all.yml @@ -0,0 +1,48 @@ +## +## ONE SCRIPT TO RULE THEM ALL +## +## Dieses Compose-File startet alle verfügbaren Services, abhängig von dem angegebenen ENVIRONMENT. + +## Um diese Konfiguration zu verwenden, kannst du folgende Befehle nutzen: +## Um alle Services zu starten: +## docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile all up -d + +## Um nur bestimmte Services zu starten (z.B. frontend und backend): +## docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile frontend --profile backend up -d + +## +## Stellen Sie sicher, dass die .env.all Datei im angegebenen Verzeichnis existiert und den ENVIRONMENT Wert enthält. +## + +include: + - path: ./proxy/docker-compose.yml + env_file: + - ../env/.env.all + - ../env/${ENVIRONMENT:-development}/.env.proxy + - path: ./frontend/docker-compose.yml + env_file: + - ../env/.env.all + - ../env/${ENVIRONMENT:-development}/.env.frontend + - ../env/${ENVIRONMENT:-development}/.env.proxy + - path: ./backend/docker-compose.yml + - path: ./database/docker-compose.yml + - path: ./website/docker-compose.yml + env_file: + - ../env/.env.all + - ../env/${ENVIRONMENT:-development}/.env.website + - ../env/${ENVIRONMENT:-development}/.env.proxy + - path: ./administration/docker-compose.yml + env_file: + - ../env/.env.all + - ../env/${ENVIRONMENT:-development}/.env.administration + - ../env/${ENVIRONMENT:-development}/.env.proxy + - path: ./develop/docker-compose.yml + env_file: + - ../env/.env.all + - ../env/${ENVIRONMENT:-development}/.env.develop + - ../env/${ENVIRONMENT:-development}/.env.proxy + - path: ./tools/docker-compose.yml + env_file: + - ../env/.env.all + - ../env/${ENVIRONMENT:-development}/.env.tools + - ../env/${ENVIRONMENT:-development}/.env.proxy \ No newline at end of file diff --git a/apps/frontend/docker-compose.yml b/apps/frontend/docker-compose.yml new file mode 100644 index 0000000..1660091 --- /dev/null +++ b/apps/frontend/docker-compose.yml @@ -0,0 +1,27 @@ +### Frontend (./apps/frontend/docker-compose.yml) +# - [ ] Create a Vue.js frontend service +# - [ ] Set up a Node.js environment for the frontend +# - [ ] Configure volumes for persistent storage of frontend assets +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/frontend.env) +# - [ ] Configure networking to communicate with the backend service +# - [ ] Set up healthchecks for the frontend service +services: + webapp: + build: + context: ./src + dockerfile: Dockerfile + container_name: ${INFRASTRUCTURE_LABEL}-frontend-${ENVIRONMENT} + profiles: ["webapp", "frontend", "all", "app"] + depends_on: + - database + - backend + labels: + - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}" + - 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)' + - "traefik.http.routers.webapp.tls=true" + - "traefik.http.routers.webapp.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" + - "traefik.http.routers.webapp.tls.domains[0].main=${FRONTEND_DOMAIN}" + - "traefik.http.routers.webapp.tls.domains[0].sans=${FRONTEND_DOMAIN_2}" + - "traefik.http.services.webapp.loadbalancer.server.port=3000" + - "traefik.docker.network=${TRAEFIK_NETWORK}" \ No newline at end of file diff --git a/apps/security/docker-compose.linuxserver.yml b/apps/security/docker-compose.linuxserver.yml new file mode 100644 index 0000000..cf15d4c --- /dev/null +++ b/apps/security/docker-compose.linuxserver.yml @@ -0,0 +1,30 @@ +services: + wireguard: + image: linuxserver/wireguard + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - SERVERURL=${SERVER_IP:?"❌ ERROR = SERVERURL is not set. Run set-server-ip.sh first."} + - SERVERPORT=51820 + - PEERS=3 # Number of VPN clients to generate + - PEERDNS=auto + - INTERNAL_SUBNET=22.22.22.0 + volumes: + - ../../volumes/security/wireguard/config:/config + - /lib/modules:/lib/modules + ports: + - "51820:51820/udp" + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + restart: unless-stopped + networks: + - wireguard_network + +networks: + wireguard_network: + driver: bridge diff --git a/apps/security/docker-compose.yml b/apps/security/docker-compose.yml new file mode 100644 index 0000000..5547c09 --- /dev/null +++ b/apps/security/docker-compose.yml @@ -0,0 +1,50 @@ +volumes: + etc_wireguard: + +services: + wg-easy: + environment: + # Change Language: + # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi, ja, si) + - LANG=de + # ⚠️ Required: + # Change this to your host's public address + - WG_HOST=${SERVER_IP} + + # Optional: + # - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash) + # - PORT=51821 + # - WG_PORT=51820 + # - WG_CONFIG_PORT=92820 + - WG_DEFAULT_ADDRESS=22.22.22.0 + # - WG_DEFAULT_DNS=1.1.1.1 + # - WG_MTU=1420 + # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 + # - WG_PERSISTENT_KEEPALIVE=25 + # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt + # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt + # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt + # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt + # - UI_TRAFFIC_STATS=true + # - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart) + # - WG_ENABLE_ONE_TIME_LINKS=true + # - UI_ENABLE_SORT_CLIENTS=true + # - WG_ENABLE_EXPIRES_TIME=true + # - ENABLE_PROMETHEUS_METRICS=false + # - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$vkvKpeEAHD78gasyawIod.1leBMKg8sBwKW.pQyNsq78bXV3INf2G # (needs double $$, hash of 'prometheus_password'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash) + + image: ghcr.io/wg-easy/wg-easy + container_name: wg-easy + volumes: + - ../../volumes/wireguardeasy/:/etc/wireguard + ports: + - "51820:51820/udp" + - "51821:51821/tcp" + restart: unless-stopped + cap_add: + - NET_ADMIN + - SYS_MODULE + # - NET_RAW # ⚠️ Uncomment if using Podman + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 \ No newline at end of file diff --git a/apps/tools/docker-compose.yml b/apps/tools/docker-compose.yml new file mode 100644 index 0000000..15224f7 --- /dev/null +++ b/apps/tools/docker-compose.yml @@ -0,0 +1,67 @@ +### Tools (./apps/tools/docker-compose.yml) +# - [ ] Create services for Nextcloud, LimeSurvey, and LinkStack +# - [ ] Configure volumes for persistent storage of files, survey data, and link management data +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/tools.env) +# - [ ] Configure networking to expose these services to the internet via the proxy +# - [ ] Set up regular backup jobs for critical data in these services + +services: + nextcloud-db: + image: mariadb:10.6 + container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-db-${ENVIRONMENT} + profiles: ["all", "tools", "nextcloud"] + command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - ../../volumes/tools/${INFRASTRUCTURE_LABEL}_cloud/database:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben + - MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben + - MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name + - MYSQL_USER=mindboostcloud #SQL Nutzername + - MYSQL_INITDB_SKIP_TZINFO=1 + - MARIADB_AUTO_UPGRADE=1 + nextcloud-redis: + image: redis:alpine + container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-redis-${ENVIRONMENT} + profiles: ["all", "tools", "nextcloud"] + hostname: nextcloud-redis + restart: unless-stopped + command: redis-server --requirepass redis-mindboost-passwort # Redis Passwort eingeben + cloud: + image: nextcloud + container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-app-${ENVIRONMENT} + profiles: ["all", "tools", "nextcloud"] + restart: unless-stopped + depends_on: + - nextcloud-db + - nextcloud-redis + environment: + TRUSTED_PROXIES: 172.16.255.254/16 + OVERWRITEPROTOCOL: https + OVERWRITECLIURL: https://${CLOUD_DOMAIN} + OVERWRITEHOST: ${CLOUD_DOMAIN} + REDIS_HOST: nextcloud-redis + REDIS_HOST_PASSWORD: redis-mindboost-passwort # Redis Passwort von oben wieder eingeben + volumes: + - ./app:/var/www/html + - ../../volumes/tools/${INFRASTRUCTURE_LABEL}_cloudapp/:/var/www/html/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.entrypoints=websecure" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.rule=Host(`${CLOUD_DOMAIN}`)" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.tls=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.tls.certresolver=http_resolver" + - 'traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.service=cloud' + - "traefik.http.services.cloud.loadbalancer.server.port=80" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.middlewares=nextcloud-dav,default@file" + - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" + - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" + networks: + - ${TRAEFIK_NETWORK} +networks: + nextcloud: + name: ${INFRASTRUCTURE_LABEL}_nextcloud diff --git a/apps/website/docker-compose.yml b/apps/website/docker-compose.yml new file mode 100644 index 0000000..c90bfcb --- /dev/null +++ b/apps/website/docker-compose.yml @@ -0,0 +1,23 @@ +services: + kirbycms: + build: + context: ./kirby + dockerfile: Dockerfile + image: kirbycms + container_name: ${INFRASTRUCTURE_LABEL}-kirbycms-${ENVIRONMENT} + profiles: ["website","kirbycms","all"] + volumes: + - ../../volumes/website/kirbycms:/var/www/html:rw # Persistente Daten + restart: unless-stopped + networks: + - ${TRAEFIK_NETWORK} + labels: + - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + - "traefik.http.routers.kirbycms.service=kirbycms" + - "traefik.http.routers.kirbycms.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" + - "traefik.http.routers.kirbycms.tls.domains[0].main=`${WEBSITE_DOMAIN}`" + - "traefik.http.routers.kirbycms.rule=Host(`${WEBSITE_DOMAIN}`)" + - "traefik.http.routers.kirbycms.entrypoints=${TRAEFIK_ENTRYPOINT}" + - "traefik.http.routers.kirbycms.tls=true" + - "traefik.http.services.kirbycms.loadbalancer.server.port=80" From 36869596443da9b9b08c8fd7607cc8610e5308bd Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 17 Feb 2025 18:10:12 +0100 Subject: [PATCH 07/39] rename config to env --- config/.env.backend | 49 -------------------------------------------- config/.env.db | 8 -------- config/.env.frontend | 1 - config/.env.shared | 1 - config/.env.traefik | 24 ---------------------- 5 files changed, 83 deletions(-) delete mode 100644 config/.env.backend delete mode 100644 config/.env.db delete mode 100644 config/.env.frontend delete mode 100644 config/.env.shared delete mode 100644 config/.env.traefik diff --git a/config/.env.backend b/config/.env.backend deleted file mode 100644 index 8330154..0000000 --- a/config/.env.backend +++ /dev/null @@ -1,49 +0,0 @@ -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- -MARIADB_USER=mindboost -MARIADB_DATABASE=mindboost -MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb - -# ---------------------------------- -# Redis -# ---------------------------------- -REDIS_PASSWORD=laravel-redis-passwort -REDIS_PORT=6379 - -# ---------------------------------- -# Vue Frontend (Nuxt.js) -# ---------------------------------- -VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team -VUE_FRONTEND_PORT=3001 -VUE_INTERNAL_PORT=3000 -VUE_FRONTEND_DOMAIN_1=app.mindboost.team -VUE_FRONTEND_DOMAIN_2=mindboost.app - -# ---------------------------------- -# Laravel Backend -# ---------------------------------- -BACKEND_NETWORK=backend -APP_NAME="mindboost backend - Compose Deployment" -APP_URL=https://b.mindboost.team -LARAVEL_PORT=8000 -LARAVEL_VITE_PORT=5173 -DB_HOST=mariadb -DB_PORT=3306 -DB_PASSWORD=1stronges-mindboostdb-passwort -DB_USERNAME=mindboost -DB_DATABASE=mindboost -LARAVEL_DOMAIN=b.mindboost.team -JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F -# ---------------------------------- -# Traefik -# ---------------------------------- -TRAEFIK_CERT_RESOLVER=http_resolver -TRAEFIK_ENTRYPOINT=websecure -TRAEFIK_NETWORK=proxy - -# ---------------------------------- -# Adminer -# ---------------------------------- -ADMINER_PORT=8080 diff --git a/config/.env.db b/config/.env.db deleted file mode 100644 index e736b27..0000000 --- a/config/.env.db +++ /dev/null @@ -1,8 +0,0 @@ -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- -MARIADB_USER=mindboost -MARIADB_DATABASE=mindboost -MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb -ADMINER_PORT=8000 \ No newline at end of file diff --git a/config/.env.frontend b/config/.env.frontend deleted file mode 100644 index abe3bd8..0000000 --- a/config/.env.frontend +++ /dev/null @@ -1 +0,0 @@ -DB_HOST= BLALBLAB diff --git a/config/.env.shared b/config/.env.shared deleted file mode 100644 index abe3bd8..0000000 --- a/config/.env.shared +++ /dev/null @@ -1 +0,0 @@ -DB_HOST= BLALBLAB diff --git a/config/.env.traefik b/config/.env.traefik deleted file mode 100644 index bce6c97..0000000 --- a/config/.env.traefik +++ /dev/null @@ -1,24 +0,0 @@ -# ---------------------------------- -# Traefik -# ---------------------------------- - -# Allgemein -TRAEFIK_ENABLE=true -TRAEFIK_NETWORK=proxy - -# Backend -TRAEFIK_ROUTER_BACKEND_ENTRYPOINT=websecure -TRAEFIK_ROUTER_BACKEND_RULE=Host(`b.mindboost.team`) -TRAEFIK_ROUTER_BACKEND_TLS=true -TRAEFIK_ROUTER_BACKEND_CERTRESOLVER=http_resolver -TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN=b.mindboost.team -TRAEFIK_SERVICE_BACKEND_PORT=8000 - -# Frontend -TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT=websecure -TRAEFIK_ROUTER_FRONTEND_RULE=Host(`app.mindboost.team` || `mindboost.app`) -TRAEFIK_ROUTER_FRONTEND_TLS=true -TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER=http_resolver -TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN=app.mindboost.team -TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS=mindboost.app -TRAEFIK_SERVICE_FRONTEND_PORT=3000 From ebe6da4fbb38fb11c29a6be07466f1433a11afcc Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 17 Feb 2025 18:10:50 +0100 Subject: [PATCH 08/39] creating env files especially for the project structure (development only) --- env/development/.env.administration | 2 +- env/development/.env.backend | 26 ++++++-------------------- env/development/.env.database | 3 +++ env/development/.env.develop | 21 ++++++++++++++++----- env/development/.env.proxy | 14 ++++---------- 5 files changed, 30 insertions(+), 36 deletions(-) diff --git a/env/development/.env.administration b/env/development/.env.administration index bea518f..f404684 100644 --- a/env/development/.env.administration +++ b/env/development/.env.administration @@ -1,2 +1,2 @@ PORTAINER_IMAGE=portainer/portainer-ce:latest -PORTAINER_DATA_PATH=./../../volumes/administration/portainer/data +PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data diff --git a/env/development/.env.backend b/env/development/.env.backend index baabdec..5eee0e5 100644 --- a/env/development/.env.backend +++ b/env/development/.env.backend @@ -6,35 +6,21 @@ REDIS_PASSWORD=laravel-redis-passwort REDIS_PORT=6379 -# ---------------------------------- -# Vue Frontend (Nuxt.js) -# ---------------------------------- -VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team -VUE_INTERNAL_PORT=3000 -VUE_FRONTEND_DOMAIN_1=app.mindboost.team -VUE_FRONTEND_DOMAIN_2=mindboost.app - # ---------------------------------- # Laravel Backend # ---------------------------------- BACKEND_NETWORK=backend APP_NAME="mindboost backend - Compose Deployment" -APP_URL=https://b.mindboost.team +APP_URL=https://backend.local LARAVEL_PORT=8000 LARAVEL_VITE_PORT=5173 -DB_HOST=mariadb -DB_PORT=3306 -DB_PASSWORD=1stronges-mindboostdb-passwort -DB_USERNAME=mindboost -DB_DATABASE=mindboost +DB_HOST=${MARIADB_HOST} +DB_PORT=${MARIADB_PORT} +DB_PASSWORD=${MARIADB_PASSWORD} +DB_USERNAME=${MARIADB_USER} +DB_DATABASE=${MARIADB_DATABASE} JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F -# ---------------------------------- -# Traefik -# ---------------------------------- -TRAEFIK_CERT_RESOLVER=http_resolver -TRAEFIK_ENTRYPOINT=websecure -TRAEFIK_NETWORK=proxy # ---------------------------------- # Adminer diff --git a/env/development/.env.database b/env/development/.env.database index 2544ad9..8604761 100644 --- a/env/development/.env.database +++ b/env/development/.env.database @@ -5,3 +5,6 @@ MARIADB_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} MARIADB_DATABASE=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} MARIADB_PASSWORD=1stronges-mindboostdb-passwort MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb + +MARIADB_PORT=3306 +MARIADB_HOST=${INFRASTRUCTURE_LABEL}_database_${ENVIRONMENT} diff --git a/env/development/.env.develop b/env/development/.env.develop index ec5c567..d0430b7 100644 --- a/env/development/.env.develop +++ b/env/development/.env.develop @@ -1,7 +1,18 @@ USER_UID=1000 USER_GID=1000 -GITEA__database__DB_TYPE=postgres -GITEA__database__HOST=db:5432 -GITEA__database__NAME=${GITEA_DB_NAME:-gitea} -GITEA__database__USER=${GITEA_DB_USER:-gitea} -GITEA__database__PASSWD=gitea-datenbank-passwort \ No newline at end of file + +GITEA_VOLUME_PATH=../../../volumes/develop/gitea/gitea +GITEA_DATABASE_VOLUME_PATH=../../../volumes/develop/gitea/gitea_db + +GITEA_MYSQL_ROOT_PASSWORD=very-difficult-passwort-gitea +GITEA_MYSQL_USER=gitea +GITEA_MYSQL_PASSWORD=very-difficult-gitea +GITEA_MYSQL_DATABASE=gitea +GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true + + +DB_HOST=gitea_db:3306 +DB_NAME=gitea +DB_PASSWD=very-difficult-gitea +DB_TYPE=mysql +DB_USER=gitea diff --git a/env/development/.env.proxy b/env/development/.env.proxy index 25cd183..07afbba 100644 --- a/env/development/.env.proxy +++ b/env/development/.env.proxy @@ -4,7 +4,7 @@ TRAEFIK_ENABLE=true TRAEFIK_NETWORK=proxy TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} -TRAEFIK_CERT_RESOLVER=http_resolver +TRAEFIK_CERT_RESOLVER= ## ## Domains when TRAEFIK is ENABLED @@ -18,6 +18,7 @@ GITEA_DOMAIN=gitea.local LIMESURVEY_DOMAIN=survey.local LINKSTACK_DOMAIN=linkstack.local TRAEFIK_DOMAIN=traefik.local +CLOUD_DOMAIN=cloud.local ### TLS for Domains PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN} @@ -29,14 +30,7 @@ GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN} LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN} LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN} TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN} - -FRONTEND_DOMAIN=frontend.local -BACKEND_DOMAIN=backend.local -WEBSITE_DOMAIN=web.local -GITEA_DOMAIN=gitea.local -LIMESURVEY_DOMAIN=survey.local -LINKSTACK_DOMAIN=linkstack.local -TRAEFIK_DOMAIN=traefik.local +CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN} ## ## MIDDLEWARES @@ -50,5 +44,5 @@ TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-basic-auth TRAEFIK_ENTRYPOINT=websecure TRAEFIK_ENTRYPOINT_HTTP=web -TRAEFIK_ENTRYPOINT_HTTP + From ac27973330ce8613d835a6d01d12229da69d777d Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 17 Feb 2025 18:13:54 +0100 Subject: [PATCH 09/39] environment variables all the different production setups ( not yet adapted, sensitive info as well) --- env/production/.env.administration | 0 env/production/.env.backend | 1 + env/production/.env.database | 7 +++++++ env/production/.env.develop | 1 + env/production/.env.frontend | 0 env/production/.env.portainer | 3 +++ env/production/.env.proxy | 32 ++++++++++++++++++++++++++++++ env/production/.env.tools | 0 env/production/.env.website | 0 9 files changed, 44 insertions(+) create mode 100644 env/production/.env.administration create mode 100644 env/production/.env.backend create mode 100644 env/production/.env.database create mode 100644 env/production/.env.develop create mode 100644 env/production/.env.frontend create mode 100644 env/production/.env.portainer create mode 100644 env/production/.env.proxy create mode 100644 env/production/.env.tools create mode 100644 env/production/.env.website diff --git a/env/production/.env.administration b/env/production/.env.administration new file mode 100644 index 0000000..e69de29 diff --git a/env/production/.env.backend b/env/production/.env.backend new file mode 100644 index 0000000..da3fa1c --- /dev/null +++ b/env/production/.env.backend @@ -0,0 +1 @@ +${REDIS_PASSWORD} \ No newline at end of file diff --git a/env/production/.env.database b/env/production/.env.database new file mode 100644 index 0000000..2544ad9 --- /dev/null +++ b/env/production/.env.database @@ -0,0 +1,7 @@ +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- +MARIADB_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +MARIADB_DATABASE=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +MARIADB_PASSWORD=1stronges-mindboostdb-passwort +MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb diff --git a/env/production/.env.develop b/env/production/.env.develop new file mode 100644 index 0000000..d0483c8 --- /dev/null +++ b/env/production/.env.develop @@ -0,0 +1 @@ +ADMINER_PORT=8000 \ No newline at end of file diff --git a/env/production/.env.frontend b/env/production/.env.frontend new file mode 100644 index 0000000..e69de29 diff --git a/env/production/.env.portainer b/env/production/.env.portainer new file mode 100644 index 0000000..82f3f7d --- /dev/null +++ b/env/production/.env.portainer @@ -0,0 +1,3 @@ +PORTAINER_IMAGE=portainer/portainer-ce:latest +PORTAINER_DATA_PATH=/opt/containers/portainer/data +PORTAINER_DOMAIN=portainer.yourdomain.com \ No newline at end of file diff --git a/env/production/.env.proxy b/env/production/.env.proxy new file mode 100644 index 0000000..829151c --- /dev/null +++ b/env/production/.env.proxy @@ -0,0 +1,32 @@ +TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-https-redirect +TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-basic-auth +TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} + +# Service Crowdsec +SERVICES_CROWDSEC_CONTAINER_NAME=crowdsec +SERVICES_CROWDSEC_HOSTNAME=crowdsec +SERVICES_CROWDSEC_IMAGE=crowdsecurity/crowdsec +SERVICES_CROWDSEC_IMAGE_VERSION=latest +SERVICES_CROWDSEC_NETWORKS_CROWDSEC_IPV4=172.31.254.254 + +# Service Traefik +SERVICES_TRAEFIK_CONTAINER_NAME=${INFRASTRUCTURE_LABEL}-traefik +SERVICES_TRAEFIK_HOSTNAME=${INFRASTRUCTURE_LABEL}-traefik +SERVICES_TRAEFIK_IMAGE=traefik +SERVICES_TRAEFIK_IMAGE_VERSION=2.11 +SERVICES_TRAEFIK_LABELS_TRAEFIK_HOST=`traefik.haslach2025.de` +SERVICES_TRAEFIK_NETWORKS_CROWDSEC_IPV4=172.31.254.253 +SERVICES_TRAEFIK_NETWORKS_PROXY_IPV4=172.30.255.254 + +# Service Traefik Crowdsec Bouncer +SERVICES_TRAEFIK_CROWDSEC_BOUNCER_CONTAINER_NAME=traefik_crowdsec_bouncer +SERVICES_TRAEFIK_CROWDSEC_BOUNCER_HOSTNAME=traefik-crowdsec-bouncer +SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE=fbonalair/traefik-crowdsec-bouncer +SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE_VERSION=latest +SERVICES_TRAEFIK_CROWDSEC_BOUNCER_NETWORKS_CROWDSEC_IPV4=172.31.254.252 + +# Netzwerkeinstellungen +NETWORKS_PROXY_NAME=proxy +NETWORKS_PROXY_SUBNET_IPV4=172.30.0.0/16 +NETWORKS_CROWDSEC_NAME=crowdsec +NETWORKS_CROWDSEC_SUBNET_IPV4=172.31.0.0/16 diff --git a/env/production/.env.tools b/env/production/.env.tools new file mode 100644 index 0000000..e69de29 diff --git a/env/production/.env.website b/env/production/.env.website new file mode 100644 index 0000000..e69de29 From a5b26ebde1ef847c9c70f6f82bea866cb3e95bd1 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 10:26:06 +0100 Subject: [PATCH 10/39] created initial script for different service profiles --- scripts/deploy-administration.sh | 75 +++++++++++++++ scripts/deploy-all.sh | 105 ++++++++++++++++++++ scripts/deploy-app.sh | 67 ++++++++++--- scripts/deploy-overwrite.sh | 22 +++++ scripts/deploy-proxy.sh | 54 +++++++++++ scripts/deploy-traefik.sh | 158 +++++++++++++++++++++++++++++-- 6 files changed, 456 insertions(+), 25 deletions(-) create mode 100755 scripts/deploy-administration.sh create mode 100755 scripts/deploy-all.sh create mode 100755 scripts/deploy-overwrite.sh create mode 100755 scripts/deploy-proxy.sh diff --git a/scripts/deploy-administration.sh b/scripts/deploy-administration.sh new file mode 100755 index 0000000..112f438 --- /dev/null +++ b/scripts/deploy-administration.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +# Pfad zur .env.all Datei +ENV_FILE="../env/.env.all" + +# Funktion zum Überprüfen der Existenz einer Datei +check_file_exists() { + if [ ! -f "$1" ]; then + echo "Fehler: Die Datei $1 existiert nicht." + return 1 + fi +} + +# Überprüfe die Existenz von .env.all +check_file_exists "../env/.env.all" + +# Funktion zum Auslesen von Variablen aus der .env.all Datei +get_env_var() { + grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 +} + +# Auslesen der INFRASTRUCTURE und ENVIRONMENT Variablen +INFRASTRUCTURE=$(get_env_var "INFRASTRUCTURE_LABEL") +ENVIRONMENT=$(get_env_var "ENVIRONMENT") + +# Load environment variables from the .env files +set -o allexport +source ../env/.env.all +source ../env/${ENVIRONMENT}/.env.administration +set +o allexport + +# Liste Stacks +STACKS=("administration") + +# Liste aller Environments +ENVIRONMENTS=("development" "staging" "production") + + +# Überprüfe die Existenz aller Stack-spezifischen .env Dateien +missing_files=0 +for stack in "${STACKS[@]}"; do + env_file="../env/${ENVIRONMENT}/.env.${stack}" + if ! check_file_exists "$env_file"; then + missing_files=$((missing_files + 1)) + fi +done + +if [ $missing_files -eq 0 ]; then + echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT}-Environment sind vorhanden." +else + echo "Warnung: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren." +fi + +# Überprüfe die Existenz aller Stack-spezifischen .env Dateien für alle Environments +for env in "${ENVIRONMENTS[@]}"; do + if [ "$env" != "$ENVIRONMENT" ]; then + for stack in "${STACKS[@]}"; do + env_file="../env/${env}/.env.${stack}" + if ! check_file_exists "$env_file"; then + echo "Warnung: Die Datei $env_file fehlt für das Environment $env." + fi + done + fi +done + + +# Ausgabe der Variablen +echo " " +echo "Deploying to:" +echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}" +echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" +echo "-----------------------------------" + +# Ausführen des Docker Compose Befehls +docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile administration up --remove-orphans diff --git a/scripts/deploy-all.sh b/scripts/deploy-all.sh new file mode 100755 index 0000000..16c1505 --- /dev/null +++ b/scripts/deploy-all.sh @@ -0,0 +1,105 @@ +#!/bin/bash + +# Pfad zur .env.all Datei +ENV_FILE="../env/.env.all" +# Funktion zum Auslesen von Variablen aus der .env.all Datei +get_env_var() { + grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 +} + +# Auslesen der INFRASTRUCTURE und ENVIRONMENT Variablen +INFRASTRUCTURE=$(get_env_var "INFRASTRUCTURE_LABEL") +ENVIRONMENT=$(get_env_var "ENVIRONMENT") +SERVER_IP=$(curl -s https://api.ipify.org) + +# Liste aller Stacks +STACKS=("administration" "frontend" "develop" "database" "proxy" "tools" "website" "backend") + +# Liste aller Environments +ENVIRONMENTS=("development" "staging" "production") + +# Funktion zum Überprüfen der Existenz einer Datei +check_file_exists() { + if [ ! -f "$1" ]; then + echo "Fehler: Die Datei $1 existiert nicht." + return 1 + fi +} +#!/bin/bash + +# Prüfe, ob das Skript nur in der Entwicklungsumgebung ausgeführt wird +if [ "$ENVIRONMENT" == "development" ]; then + # Sicherstellen, dass acme_letsencrypt.json existiert und korrekte Berechtigungen hat + ACME_FILE="../apps/proxy/traefik/acme_letsencrypt.json" + + if [ ! -f "$ACME_FILE" ]; then + echo "🔹 Erstelle $ACME_FILE..." + touch "$ACME_FILE" + fi + + echo "🔹 Setze Berechtigungen für $ACME_FILE auf 600..." + chmod 600 "$ACME_FILE" + + echo "🔹 ENVIRONMENT ist 'development' – Hosts aus .env.proxy werden hinzugefügt und Container gestartet." + + # Pfad zur Proxy-Env-Datei + ENV_PROXY_FILE="../env/development/.env.proxy" + + # Hosts-Datei Pfad (Linux/macOS) + HOSTS_FILE="/etc/hosts" + + # Prüfe, ob die Env-Datei existiert + if [ ! -f "$ENV_PROXY_FILE" ]; then + echo "❌ Fehler: Die Datei $ENV_PROXY_FILE existiert nicht!" + exit 1 + fi + + # Lese alle Zeilen, die auf *_DOMAIN= enden und extrahiere die Werte + DOMAINS=($(grep -E '^[A-Z_]+_DOMAIN=' "$ENV_PROXY_FILE" | cut -d '=' -f2)) + + # Füge jede Domain zur /etc/hosts Datei hinzu, falls sie fehlt + for DOMAIN in "${DOMAINS[@]}"; do + if ! grep -q "$DOMAIN" "$HOSTS_FILE"; then + echo "127.0.0.1 $DOMAIN" | sudo tee -a "$HOSTS_FILE" > /dev/null + echo "✅ $DOMAIN zu /etc/hosts hinzugefügt" + else + echo "✅ $DOMAIN ist bereits in /etc/hosts vorhanden" + fi + done + +else + echo "❌ ENVIRONMENT ist nicht 'development' – Routing über externen DNS erwartet" +fi + +# Überprüfe die Existenz von .env.all +check_file_exists "../env/.env.all" + +# Überprüfe die Existenz aller Stack-spezifischen .env Dateien +missing_files=0 +for stack in "${STACKS[@]}"; do + env_file="../env/${ENVIRONMENT}/.env.${stack}" + if ! check_file_exists "$env_file"; then + missing_files=$((missing_files + 1)) + fi +done + +if [ $missing_files -eq 0 ]; then + echo "Alle erforderlichen .env Dateien sind vorhanden." +else + echo "WARNUNG: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren." +fi + +# Ausgabe der Variablen +echo "Deploying to:" +echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}" +echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" +echo "-----------------------------------" + +# Check for the --build argument +BUILD_OPTION="" +if [[ "$1" == "--build" ]]; then + BUILD_OPTION="--build" +fi + +# Ausführen des Docker Compose Befehls +docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION diff --git a/scripts/deploy-app.sh b/scripts/deploy-app.sh index 78a95b2..f57bd09 100755 --- a/scripts/deploy-app.sh +++ b/scripts/deploy-app.sh @@ -1,22 +1,59 @@ #!/bin/bash -set -e -echo "Prüfe, ob Traefik läuft..." +# Pfad zur .env.all Datei +ENV_FILE="../env/.env.all" +# Funktion zum Auslesen von Variablen aus der .env.all Datei +get_env_var() { + grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 +} -if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then - echo "Traefik läuft nicht." - read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer - if [[ "$answer" =~ ^[Yy]$ ]]; then - echo "Starte lokale Version..." - docker compose -f ../apps/docker-compose.overwrite.yml up -d - else - echo "Deployment abgebrochen." - exit 1 +# Auslesen der INFRASTRUCTURE und ENVIRONMENT Variablen +INFRASTRUCTURE=$(get_env_var "INFRASTRUCTURE_LABEL") +ENVIRONMENT=$(get_env_var "ENVIRONMENT") +SERVER_IP=$(curl -s https://api.ipify.org) + +# Liste aller Stacks +STACKS=("administration" "frontend" "develop" "database" "proxy" "tools" "website" "backend") + +# Liste aller Environments +ENVIRONMENTS=("development" "staging" "production") + +# Funktion zum Überprüfen der Existenz einer Datei +check_file_exists() { + if [ ! -f "$1" ]; then + echo "Fehler: Die Datei $1 existiert nicht." + return 1 fi +} +# Überprüfe die Existenz von .env.all +check_file_exists "../env/.env.all" + +# Überprüfe die Existenz aller Stack-spezifischen .env Dateien +missing_files=0 +for stack in "${STACKS[@]}"; do + env_file="../env/${ENVIRONMENT}/.env.${stack}" + if ! check_file_exists "$env_file"; then + missing_files=$((missing_files + 1)) + fi +done + +if [ $missing_files -eq 0 ]; then + echo "Alle erforderlichen .env Dateien sind vorhanden." else - echo "Traefik läuft." - echo "Starte Deployment mit docker-compose.prod.yml..." - docker compose -f ../apps/docker-compose.prod.yml up -d + echo "WARNUNG: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren." fi -echo "Deployment abgeschlossen." +# Ausgabe der Variablen +echo "Deploying to:" +echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}" +echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" +echo "-----------------------------------" + +# Check for the --build argument +BUILD_OPTION="" +if [[ "$1" == "--build" ]]; then + BUILD_OPTION="--build" +fi + +# Ausführen des Docker Compose Befehls +docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile app up --remove-orphans $BUILD_OPTION diff --git a/scripts/deploy-overwrite.sh b/scripts/deploy-overwrite.sh new file mode 100755 index 0000000..78a95b2 --- /dev/null +++ b/scripts/deploy-overwrite.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +echo "Prüfe, ob Traefik läuft..." + +if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then + echo "Traefik läuft nicht." + read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer + if [[ "$answer" =~ ^[Yy]$ ]]; then + echo "Starte lokale Version..." + docker compose -f ../apps/docker-compose.overwrite.yml up -d + else + echo "Deployment abgebrochen." + exit 1 + fi +else + echo "Traefik läuft." + echo "Starte Deployment mit docker-compose.prod.yml..." + docker compose -f ../apps/docker-compose.prod.yml up -d +fi + +echo "Deployment abgeschlossen." diff --git a/scripts/deploy-proxy.sh b/scripts/deploy-proxy.sh new file mode 100755 index 0000000..8560a47 --- /dev/null +++ b/scripts/deploy-proxy.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# Pfad zur .env.all Datei +ENV_FILE="../env/.env.all" + +# Funktion zum Auslesen von Variablen aus der .env.all Datei +get_env_var() { + grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 +} + +# Auslesen der INFRASTRUCTURE und ENVIRONMENT Variablen +INFRASTRUCTURE=$(get_env_var "INFRASTRUCTURE_LABEL") +ENVIRONMENT=$(get_env_var "ENVIRONMENT") + +# Liste aller Stacks +STACKS=("proxy") + +# Liste aller Environments +ENVIRONMENTS=("development" "staging" "production") + +# Funktion zum Überprüfen der Existenz einer Datei +check_file_exists() { + if [ ! -f "$1" ]; then + echo "Fehler: Die Datei $1 existiert nicht." + return 1 + fi +} + +# Überprüfe die Existenz von .env.all +check_file_exists "../env/.env.all" + +# Überprüfe die Existenz aller Stack-spezifischen .env Dateien +missing_files=0 +for stack in "${STACKS[@]}"; do + env_file="../env/${ENVIRONMENT}/.env.${stack}" + if ! check_file_exists "$env_file"; then + missing_files=$((missing_files + 1)) + fi +done + +if [ $missing_files -eq 0 ]; then + echo "Alle erforderlichen .env Dateien sind vorhanden." +else + echo "WARNUNG: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren." +fi + +# Ausgabe der Variablen +echo "Deploying to:" +echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}" +echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" +echo "-----------------------------------" + +# Ausführen des Docker Compose Befehls +docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile proxy up --remove-orphans diff --git a/scripts/deploy-traefik.sh b/scripts/deploy-traefik.sh index 78a95b2..d0061ef 100755 --- a/scripts/deploy-traefik.sh +++ b/scripts/deploy-traefik.sh @@ -1,22 +1,160 @@ #!/bin/bash set -e +# Funktion zur Überprüfung der Produktivumgebung +is_production() { + local prod_ip="85.215.56.185" # IP-Adresse deines Produktivservers + local current_ip + + # Überprüfe das Betriebssystem + case "$OSTYPE" in + msys*|cygwin*|mingw*) + # Windows + current_ip=$(ipconfig | grep -i "IPv4 Address" | head -n 1 | awk '{print $NF}') + ;; + darwin*) + # macOS + current_ip=$(ipconfig getifaddr en0) # Für Wi-Fi + if [ -z "$current_ip" ]; then + current_ip=$(ipconfig getifaddr en1) # Für Ethernet + fi + ;; + linux*|bsd*|solaris*) + # Linux und andere Unix-ähnliche Systeme + current_ip=$(hostname -I | awk '{print $1}') + ;; + *) + echo "Unbekanntes Betriebssystem: $OSTYPE" + return 1 + ;; + esac + + echo "Erkannte IP-Adresse: $current_ip" + + if [ "$current_ip" == "$prod_ip" ]; then + echo "Produktivumgebung erkannt." + return 0 # True, wir sind in der Produktivumgebung + else + echo "Lokale Entwicklungsumgebung erkannt." + return 1 # False, wir sind in der lokalen Umgebung + fi +} + +# Funktion zum Setzen der Umgebungsvariablen +set_environment_variables() { + if is_production; then + export DOMAIN_SUFFIX=".mindboost.team" + export TRAEFIK_DASHBOARD_DOMAIN="traefik${DOMAIN_SUFFIX}" + export PORTAINER_DOMAIN="portainer${DOMAIN_SUFFIX}" + export FRONTEND_DOMAIN="app${DOMAIN_SUFFIX}" + export BACKEND_DOMAIN="b${DOMAIN_SUFFIX}" + else + export DOMAIN_SUFFIX=".local" + export TRAEFIK_DASHBOARD_DOMAIN="traefik${DOMAIN_SUFFIX}" + export PORTAINER_DOMAIN="portainer${DOMAIN_SUFFIX}" + export FRONTEND_DOMAIN="frontend${DOMAIN_SUFFIX}" + export BACKEND_DOMAIN="backend${DOMAIN_SUFFIX}" + fi +} + + echo "Prüfe, ob Traefik läuft..." +set_environment_variables + +if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then + echo "Traefik läuft nicht. Starte Traefik mit CrowdSec Bouncer..." + + if is_production; then + echo "Wir befinden uns in der Produktivumgebung." + echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.prod.yml..." + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/proxy/docker-compose.traefik.prod.yml up -d + else + echo "Wir befinden uns in der lokalen Entwicklungsumgebung." + echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.local.yml..." + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/docker-compose.traefik.local.yml up -d + fi +else + echo "Traefik läuft bereits. Aktualisiere die Konfiguration..." + + if is_production; then + echo "Aktualisiere Traefik und CrowdSec Bouncer in der Produktivumgebung..." + docker compose -f ../apps/docker-compose.traefik.prod.yml up -d + else + echo "Aktualisiere Traefik und CrowdSec Bouncer in der lokalen Umgebung..." + docker compose -f ../apps/docker-compose.traefik.local.yml up -d + fi +fi + +echo "Traefik und CrowdSec Bouncer Deployment abgeschlossen." + +================= + + +echo "Prüfe, ob Traefik läuft..." + +set_environment_variables + +if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then + echo "Traefik läuft nicht. Starte Traefik und Portainer..." +else + echo "Traefik läuft bereits. Aktualisiere die Konfiguration..." +fi + + +if is_production; then + echo "Wir befinden uns in der Produktivumgebung." + echo "Starte/Aktualisiere Deployment mit docker-compose.prod.yml..." + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/docker-compose.prod.yml up -d +else + echo "Wir befinden uns in der lokalen Entwicklungsumgebung." + echo "Starte/Aktualisiere lokale Version mit docker-compose.overwrite.yml..." + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/docker-compose.overwrite.yml up -d +fi + + if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then echo "Traefik läuft nicht." - read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer - if [[ "$answer" =~ ^[Yy]$ ]]; then - echo "Starte lokale Version..." - docker compose -f ../apps/docker-compose.overwrite.yml up -d + + if is_production; then + echo "Wir befinden uns in der Produktivumgebung." + set_environment_variables + echo "Starte Deployment mit docker-compose.prod.yml..." + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/docker-compose.prod.yml up -d else - echo "Deployment abgebrochen." - exit 1 + echo "Wir befinden uns in der lokalen Entwicklungsumgebung." + read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer + if [[ "$answer" =~ ^[Yy]$ ]]; then + echo "Starte lokale Version..." + set_environment_variables + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/docker-compose.overwrite.yml up -d + else + echo "Deployment abgebrochen." + exit 1 + fi fi else - echo "Traefik läuft." - echo "Starte Deployment mit docker-compose.prod.yml..." - docker compose -f ../apps/docker-compose.prod.yml up -d + echo "Traefik läuft bereits." + + if is_production; then + echo "Wir befinden uns in der Produktivumgebung." + set_environment_variables + echo "Aktualisiere Deployment mit docker-compose.prod.yml..." + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/docker-compose.prod.yml up -d + else + echo "Wir befinden uns in der lokalen Entwicklungsumgebung." + set_environment_variables + echo "Aktualisiere lokale Version mit docker-compose.overwrite.yml..." + env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an + docker compose -f ../apps/docker-compose.overwrite.yml up -d + fi fi -echo "Deployment abgeschlossen." +echo "Deployment abgeschlossen." \ No newline at end of file From ba5d253c199eecc3a1f2001043be2f66c4c6f7d0 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 10:26:52 +0100 Subject: [PATCH 11/39] kirby cms website --- apps/website/kirby/Dockerfile | 49 ++++++++++++++++++++++++++++++++ apps/website/kirby/default.conf | 9 ++++++ apps/website/kirby/entrypoint.sh | 7 +++++ apps/website/kirby/id.env | 1 + 4 files changed, 66 insertions(+) create mode 100644 apps/website/kirby/Dockerfile create mode 100644 apps/website/kirby/default.conf create mode 100644 apps/website/kirby/entrypoint.sh create mode 100644 apps/website/kirby/id.env diff --git a/apps/website/kirby/Dockerfile b/apps/website/kirby/Dockerfile new file mode 100644 index 0000000..be49a8a --- /dev/null +++ b/apps/website/kirby/Dockerfile @@ -0,0 +1,49 @@ +# Use latest offical ubuntu image +FROM ubuntu:latest + +# Set timezone +ENV TZ=Europe/Berlin + +# Set geographic area using above variable +# This is necessary, otherwise building the image doesn't work +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +# Remove annoying messages during package installation +ARG DEBIAN_FRONTEND=noninteractive + +# Install packages: web server & PHP plus extensions +RUN apt-get update && apt-get install -y \ + apache2 \ + apache2-utils \ + ca-certificates \ + php \ + libapache2-mod-php \ + php-curl \ + php-dom \ + php-gd \ + php-intl \ + php-json \ + php-mbstring \ + php-xml \ + php-zip && \ + apt-get clean && rm -rf /var/lib/apt/lists/* + +# Copy virtual host configuration from current path onto existing 000-default.conf +COPY default.conf /etc/apache2/sites-available/000-default.conf + +# Remove default content (existing index.html) +RUN rm /var/www/html/* + +# Activate Apache modules headers & rewrite +RUN a2enmod headers rewrite + +# Ensure Group Ownership for www-data every member of kirbygroup should edit files +RUN groupadd -g 1003 kirbygroup && usermod -aG kirbygroup www-data +RUN chown -R www-data:kirbygroup /var/www/html +RUN chmod -R g+rw /var/www/html && find /var/www/html -type d -exec chmod g+xs {} \; + +# Tell container to listen to port 80 at runtime +EXPOSE 80 + +# Start Apache web server +CMD [ "/usr/sbin/apache2ctl", "-DFOREGROUND" ] diff --git a/apps/website/kirby/default.conf b/apps/website/kirby/default.conf new file mode 100644 index 0000000..9c20cf5 --- /dev/null +++ b/apps/website/kirby/default.conf @@ -0,0 +1,9 @@ + + ServerName localhost + # Set the document root + DocumentRoot "/var/www/html" + + # Allow overriding the default configuration via `.htaccess` + AllowOverride All + + diff --git a/apps/website/kirby/entrypoint.sh b/apps/website/kirby/entrypoint.sh new file mode 100644 index 0000000..cc7816e --- /dev/null +++ b/apps/website/kirby/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e -u + +[[ $USERID ]] && usermod --uid "${USERID}" www-data + +exec "$@" diff --git a/apps/website/kirby/id.env b/apps/website/kirby/id.env new file mode 100644 index 0000000..05aac46 --- /dev/null +++ b/apps/website/kirby/id.env @@ -0,0 +1 @@ +USERID=0 From fd36d17e1289bda7d88a6f976f12b0a36d089b64 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 11:01:10 +0100 Subject: [PATCH 12/39] add script to set the ENV variable Server-IP based on the host --- apps/security/set-server-ip.sh | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 apps/security/set-server-ip.sh diff --git a/apps/security/set-server-ip.sh b/apps/security/set-server-ip.sh new file mode 100644 index 0000000..e1dcc19 --- /dev/null +++ b/apps/security/set-server-ip.sh @@ -0,0 +1,2 @@ +#!/bin/bash +export SERVER_IP=$(curl -s https://api.ipify.org) \ No newline at end of file From 2cb9a141b25036a44d64a035ef6fa0a37c8e677d Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 11:01:48 +0100 Subject: [PATCH 13/39] update gitignore to avoid builds --- .gitignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index b5a5813..826710d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ volumes apps/proxy -.DS_Store \ No newline at end of file +.DS_Store +apps/administration/* +apps/tools/app/* \ No newline at end of file From c45823ee911a040c1a7269ea9b0b449182331dcb Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 11:02:21 +0100 Subject: [PATCH 14/39] add the inital README for project structure --- README.md | 195 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 194 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ade65a5..926b763 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,196 @@ # mindboost-infrastructure -All the software used and hosted by mindboost organized in containers. +All the software used and hosted by mindboost organized in containers. + +## Project Structure + +./apps/ +├── docker-compose.all.yml # Orchestriert alle Docker Compose Stacks +│ +├── frontend/ +│ ├── docker-compose.yml +│ └── src/ # Vue.js frontend source code +│ +├── backend/ +│ ├── docker-compose.yml +│ └── src/ # Laravel backend source code +│ +├── database/ +│ └── docker-compose.yml # MariaDB stack +│ +├── website/ +│ └── docker-compose.yml # KirbyCMS public site stack +│ +├── administration/ +│ └── docker-compose.yml # Portainer stack +│ +├── proxy/ +│ └── docker-compose.yml # Traefik, Crowdsec, and Bouncer stack +│ +├── develop/ +│ └── docker-compose.yml # Gitea, Jenkins, and Adminer stack +│ +└── tools/ + └── docker-compose.yml # Nextcloud, LimeSurvey, and LinkStack stack + +## Current Services + +1. Frontend (Vue.js) +2. Backend (Laravel) +3. Database (MariaDB) +4. Proxy (Traefik, Crowdsec, Bouncer) + +## Upcoming Services + +1. Website (KirbyCMS) +2. Administration (Portainer) +3. Development Tools (Gitea, Jenkins, Adminer) +4. Utility Tools (Nextcloud, LimeSurvey, LinkStack) + +## Service Descriptions + +### Current Services + +- **Frontend**: Vue.js based user interface for the mindboost application. +- **Backend**: Laravel based API and server-side logic for the mindboost application. +- **Database**: MariaDB for data storage and management. +- **Proxy**: Traefik for reverse proxy, Crowdsec and Bouncer for security. + +### Upcoming Services + +- **Website**: KirbyCMS for the public-facing website. +- **Administration**: Portainer for container management and monitoring. +- **Development Tools**: + - Gitea: Self-hosted Git service + - Jenkins: Continuous Integration/Continuous Deployment (CI/CD) tool + - Adminer: Database management tool +- **Utility Tools**: + - Nextcloud: File hosting and collaboration platform + - LimeSurvey: Online survey tool + - LinkStack: Link management tool + +## Deployment + +Each service or group of related services has its own `docker-compose.yml` file in its respective folder under `./apps/`. This structure allows for modular deployment and easier management of individual services. + +To deploy a service, navigate to its directory and run: + +```bash +docker-compose up -d +``` + +For the entire infrastructure, a root `docker-compose.yml` file can be created to orchestrate all services together. + +## Environment Configuration + +Environment variables are managed in a centralized `env` folder at the root of the project. This structure allows for easy management of different environments and services. + +./env/ +│ +├── development/ +│ ├── frontend.env +│ ├── backend.env +│ ├── database.env +│ └── ... +│ +├── staging/ +│ ├── frontend.env +│ ├── backend.env +│ ├── database.env +│ └── ... +│ +└── production/ + ├── frontend.env + ├── backend.env + ├── database.env + └── ... + +Each service's `docker-compose.yml` file references the appropriate `.env` file based on the current environment. For example: + +```yaml +services: + backend: + env_file: + - ../../env/${ENVIRONMENT}/backend.env +``` + +## Networking + +Our infrastructure uses a two-tier network model to enhance security and isolate services: + +1. Proxy Network (proxy_network): + - Exposed to the internet and contains the Traefik reverse proxy. + - Only services that need to be publicly accessible should be connected to this network. + - Example services: Traefik, frontend application. + +2. Internal Networks: + - Separate internal networks are created for each public service that needs to communicate with internal services. + - These networks are not directly accessible from the internet and provide secure communication between public and internal services. + - Examples: backend_network, database_network, etc. + +Service Network Configuration: +- Frontend: Connected to proxy_network and backend_network +- Backend API: Connected to backend_network and database_network +- Database: Connected only to database_network +- Traefik: Connected only to proxy_network + +This structure ensures that: +- The proxy (Traefik) can route traffic to public-facing services. +- Internal services (like databases) are not directly accessible from the proxy network. +- Each connection between a public and an internal service has its own isolated network. + +This configuration minimizes the attack surface by isolating networks and ensuring that services only have access to the networks they absolutely need. Each connection between a public and an internal service is protected by a dedicated internal network, further enhancing security. + +## Volumes + +Persistent data should be managed using named volumes or bind mounts, depending on the requirements of each service. This ensures data persistence across container restarts and updates. + +The `volumes/` folder contains subdirectories for different volumes used by various applications in the infrastructure. This centralized structure allows for easier management and backup of persistent data. + +./volumes/ +│ +├── backend/ # Volume for backend-specific data +├── database/ # Volume for MariaDB data +├── website/ # Volume for KirbyCMS data +├── administration/ # Volume for Portainer data +├── develop/ +│ ├── gitea/ # Volume for Gitea repositories and data +│ └── jenkins/ # Volume for Jenkins data and job configurations +└── tools/ + ├── nextcloud/ # Volume for Nextcloud files and data + ├── limesurvey/ # Volume for LimeSurvey data + └── linkstack/ # Volume for LinkStack data + +Each subdirectory corresponds to a specific service or group of services, containing the persistent data that needs to be preserved across container restarts or redeployments. + +When configuring Docker Compose files, reference these volume paths to ensure data persistence. For example: + +```yaml +volumes: + - ./volumes/database:/var/lib/mysql +``` + +## Scripts + +The `scripts/` folder contains a collection of utility scripts for deployment, backup, and maintenance tasks. These scripts are designed to automate common operations and ensure consistency across different environments. + +./scripts/ +│ +├── deployment/ +│ ├── deploy-app.sh # Script for deploying the main application +│ └── deploy-traefik.sh # Script for deploying Traefik +│ +├── backup/ +│ ├── backup-database.sh # Script for backing up the database +│ └── backup-files.sh # Script for backing up file storage +│ +└── maintenance/ + ├── update-services.sh # Script for updating all services + └── health-check.sh # Script for performing health checks on services + +These scripts can be run from the command line to perform various tasks related to the infrastructure. Always review and test scripts in a safe environment before using them in production. + +To use a script, navigate to the scripts directory and run: + +```bash +./script-name.sh \ No newline at end of file From b886adf877de2a8a186739f7a97c4906a1f68a94 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 17:35:19 +0100 Subject: [PATCH 15/39] add minor improvement and fallback values --- apps/database/docker-compose.yml | 9 ++++----- apps/develop/docker-compose.yml | 2 +- apps/frontend/docker-compose.yml | 4 ++-- apps/security/docker-compose.yml | 6 +++--- apps/tools/docker-compose.yml | 32 ++++++++++++++++---------------- apps/website/docker-compose.yml | 2 +- 6 files changed, 27 insertions(+), 28 deletions(-) diff --git a/apps/database/docker-compose.yml b/apps/database/docker-compose.yml index f4f3687..87d0bdc 100644 --- a/apps/database/docker-compose.yml +++ b/apps/database/docker-compose.yml @@ -1,7 +1,7 @@ ### Database (./apps/database/docker-compose.yml) # - [ ] Create a MariaDB service # - [ ] Configure volumes for persistent storage of database data -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/database.env) +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/database.env) # - [ ] Configure networking to allow connections from the backend service # - [ ] Set up regular backup jobs for the database # - [ ] Configure appropriate resource limits and restart policies @@ -9,12 +9,11 @@ services: database: profiles: ["all", "mariadb", "backend", "app"] image: mariadb:latest - container_name: ${INFRASTRUCTURE_LABEL}-mariadb-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-mariadb-${ENVIRONMENT:-development} command: --bind-address=0.0.0.0 - hostname: ${MARIADB_HOST} env_file: - ../../env/.env.all - - ../../env/${ENVIRONMENT:-development}/.env.database + - ../../env/${ENVIRONMENT:-development}/.env.backend - ../../env/${ENVIRONMENT:-development}/.env.proxy environment: - MARIADB_USER=${MARIADB_USER} @@ -32,7 +31,7 @@ services: adminer: profiles: ["all", "mariadb", "backend", "app"] image: adminer - container_name: local_adminer + container_name: ${INFRASTRUCTURE_LABEL:-default}-adminer-${ENVIRONMENT:-development} restart: always ports: - 8082:8080 diff --git a/apps/develop/docker-compose.yml b/apps/develop/docker-compose.yml index 343142b..7b57820 100644 --- a/apps/develop/docker-compose.yml +++ b/apps/develop/docker-compose.yml @@ -1,7 +1,7 @@ ### Develop (./apps/develop/docker-compose.yml) # - [ ] Create services for Gitea, Jenkins, and Adminer # - [ ] Configure volumes for persistent storage of Git repositories, Jenkins data, and Adminer settings -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/develop.env) +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/develop.env) # - [ ] Configure networking to allow these services to communicate with each other and the necessary application services # - [ ] Set up access controls and security measures for development tools diff --git a/apps/frontend/docker-compose.yml b/apps/frontend/docker-compose.yml index 1660091..549cac9 100644 --- a/apps/frontend/docker-compose.yml +++ b/apps/frontend/docker-compose.yml @@ -2,7 +2,7 @@ # - [ ] Create a Vue.js frontend service # - [ ] Set up a Node.js environment for the frontend # - [ ] Configure volumes for persistent storage of frontend assets -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/frontend.env) +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/frontend.env) # - [ ] Configure networking to communicate with the backend service # - [ ] Set up healthchecks for the frontend service services: @@ -10,7 +10,7 @@ services: build: context: ./src dockerfile: Dockerfile - container_name: ${INFRASTRUCTURE_LABEL}-frontend-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development} profiles: ["webapp", "frontend", "all", "app"] depends_on: - database diff --git a/apps/security/docker-compose.yml b/apps/security/docker-compose.yml index 5547c09..abeee23 100644 --- a/apps/security/docker-compose.yml +++ b/apps/security/docker-compose.yml @@ -6,17 +6,17 @@ services: environment: # Change Language: # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi, ja, si) - - LANG=de + - LANG=${WG_LANG:-de} # ⚠️ Required: # Change this to your host's public address - - WG_HOST=${SERVER_IP} + - WG_HOST=${SERVER_IP:-localhost} # Optional: # - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash) # - PORT=51821 # - WG_PORT=51820 # - WG_CONFIG_PORT=92820 - - WG_DEFAULT_ADDRESS=22.22.22.0 + - WG_DEFAULT_ADDRESS=${WG_DEFAULT_ADDRESS:-22.22.22.0} # - WG_DEFAULT_DNS=1.1.1.1 # - WG_MTU=1420 # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 diff --git a/apps/tools/docker-compose.yml b/apps/tools/docker-compose.yml index 15224f7..4aa9966 100644 --- a/apps/tools/docker-compose.yml +++ b/apps/tools/docker-compose.yml @@ -1,21 +1,21 @@ ### Tools (./apps/tools/docker-compose.yml) # - [ ] Create services for Nextcloud, LimeSurvey, and LinkStack # - [ ] Configure volumes for persistent storage of files, survey data, and link management data -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/tools.env) +# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/tools.env) # - [ ] Configure networking to expose these services to the internet via the proxy # - [ ] Set up regular backup jobs for critical data in these services services: nextcloud-db: image: mariadb:10.6 - container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-db-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-db-${ENVIRONMENT:-development} profiles: ["all", "tools", "nextcloud"] command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - - ../../volumes/tools/${INFRASTRUCTURE_LABEL}_cloud/database:/var/lib/mysql + - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloud/database:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben - MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben @@ -25,14 +25,14 @@ services: - MARIADB_AUTO_UPGRADE=1 nextcloud-redis: image: redis:alpine - container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-redis-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-redis-${ENVIRONMENT:-development} profiles: ["all", "tools", "nextcloud"] hostname: nextcloud-redis restart: unless-stopped command: redis-server --requirepass redis-mindboost-passwort # Redis Passwort eingeben cloud: image: nextcloud - container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-app-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-app-${ENVIRONMENT:-development} profiles: ["all", "tools", "nextcloud"] restart: unless-stopped depends_on: @@ -41,27 +41,27 @@ services: environment: TRUSTED_PROXIES: 172.16.255.254/16 OVERWRITEPROTOCOL: https - OVERWRITECLIURL: https://${CLOUD_DOMAIN} - OVERWRITEHOST: ${CLOUD_DOMAIN} + OVERWRITECLIURL: https://${CLOUD_DOMAIN:-cloud} + OVERWRITEHOST: ${CLOUD_DOMAIN:-cloud} REDIS_HOST: nextcloud-redis REDIS_HOST_PASSWORD: redis-mindboost-passwort # Redis Passwort von oben wieder eingeben volumes: - ./app:/var/www/html - - ../../volumes/tools/${INFRASTRUCTURE_LABEL}_cloudapp/:/var/www/html/data + - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloudapp/:/var/www/html/data labels: - "traefik.enable=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.entrypoints=websecure" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.rule=Host(`${CLOUD_DOMAIN}`)" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.tls=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.tls.certresolver=http_resolver" - - 'traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.service=cloud' + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.entrypoints=websecure" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.rule=Host(`${CLOUD_DOMAIN}`)" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls.certresolver=http_resolver" + - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.service=cloud' - "traefik.http.services.cloud.loadbalancer.server.port=80" - - "traefik.docker.network=${TRAEFIK_NETWORK}" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.middlewares=nextcloud-dav,default@file" + - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.middlewares=nextcloud-dav,default@file" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" networks: - ${TRAEFIK_NETWORK} networks: nextcloud: - name: ${INFRASTRUCTURE_LABEL}_nextcloud + name: ${INFRASTRUCTURE_LABEL:-default}_nextcloud diff --git a/apps/website/docker-compose.yml b/apps/website/docker-compose.yml index c90bfcb..06a1ade 100644 --- a/apps/website/docker-compose.yml +++ b/apps/website/docker-compose.yml @@ -4,7 +4,7 @@ services: context: ./kirby dockerfile: Dockerfile image: kirbycms - container_name: ${INFRASTRUCTURE_LABEL}-kirbycms-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-kirbycms-${ENVIRONMENT:-development} profiles: ["website","kirbycms","all"] volumes: - ../../volumes/website/kirbycms:/var/www/html:rw # Persistente Daten From 97b28e9540146307fde38178c8366138843d1951 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 17:35:44 +0100 Subject: [PATCH 16/39] updated formattings of env files --- env/development/.env.administration | 5 +++++ env/development/.env.backend | 12 ++++++------ env/development/.env.database | 6 +++--- env/development/.env.develop | 7 +++++++ env/development/.env.frontend | 6 +++++- env/development/.env.proxy | 28 ++++++++++++++-------------- env/development/.env.tools | 21 +++++++++++++++++++++ env/development/.env.website | 5 +++++ 8 files changed, 66 insertions(+), 24 deletions(-) diff --git a/env/development/.env.administration b/env/development/.env.administration index f404684..431f787 100644 --- a/env/development/.env.administration +++ b/env/development/.env.administration @@ -1,2 +1,7 @@ +# ---------------------------------- +# Portainer +# ---------------------------------- + PORTAINER_IMAGE=portainer/portainer-ce:latest PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data + diff --git a/env/development/.env.backend b/env/development/.env.backend index 5eee0e5..a22da33 100644 --- a/env/development/.env.backend +++ b/env/development/.env.backend @@ -5,7 +5,7 @@ # ---------------------------------- REDIS_PASSWORD=laravel-redis-passwort REDIS_PORT=6379 - +SERVER_IP=${SERVER_IP:-localhost} # ---------------------------------- # Laravel Backend # ---------------------------------- @@ -14,11 +14,11 @@ APP_NAME="mindboost backend - Compose Deployment" APP_URL=https://backend.local LARAVEL_PORT=8000 LARAVEL_VITE_PORT=5173 -DB_HOST=${MARIADB_HOST} -DB_PORT=${MARIADB_PORT} -DB_PASSWORD=${MARIADB_PASSWORD} -DB_USERNAME=${MARIADB_USER} -DB_DATABASE=${MARIADB_DATABASE} +DB_HOST=${MARIADB_HOST:-mariadb} +DB_PORT=${MARIADB_PORT:-3306} +DB_PASSWORD=${MARIADB_PASSWORD:-default} +DB_USERNAME=${MARIADB_USER:-default} +DB_DATABASE=${MARIADB_DATABASE:-default} JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F diff --git a/env/development/.env.database b/env/development/.env.database index 8604761..b141c9a 100644 --- a/env/development/.env.database +++ b/env/development/.env.database @@ -1,10 +1,10 @@ # ---------------------------------- # Datenbank (MariaDB) # ---------------------------------- -MARIADB_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} -MARIADB_DATABASE=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} +MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} MARIADB_PASSWORD=1stronges-mindboostdb-passwort MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb MARIADB_PORT=3306 -MARIADB_HOST=${INFRASTRUCTURE_LABEL}_database_${ENVIRONMENT} +MARIADB_HOST=${INFRASTRUCTURE_LABEL:-default}_database_${ENVIRONMENT:-development} diff --git a/env/development/.env.develop b/env/development/.env.develop index d0430b7..a37a4e7 100644 --- a/env/development/.env.develop +++ b/env/development/.env.develop @@ -1,3 +1,7 @@ +# ---------------------------------- +# GITEA +# ---------------------------------- + USER_UID=1000 USER_GID=1000 @@ -10,6 +14,9 @@ GITEA_MYSQL_PASSWORD=very-difficult-gitea GITEA_MYSQL_DATABASE=gitea GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true +# ---------------------------------- +# GITEA DB +# ---------------------------------- DB_HOST=gitea_db:3306 DB_NAME=gitea diff --git a/env/development/.env.frontend b/env/development/.env.frontend index 986524d..dc87f64 100644 --- a/env/development/.env.frontend +++ b/env/development/.env.frontend @@ -1 +1,5 @@ -# Frontend +# ---------------------------------- +# VUE APP +# ---------------------------------- + +BACKEND_URL="backend.local" \ No newline at end of file diff --git a/env/development/.env.proxy b/env/development/.env.proxy index 07afbba..7e6c32c 100644 --- a/env/development/.env.proxy +++ b/env/development/.env.proxy @@ -1,14 +1,14 @@ -## -## GENERAL -## -TRAEFIK_ENABLE=true +# ---------------------------------- +# TRAEFIK +# ---------------------------------- + +TRAEFIK_ENABLE=false TRAEFIK_NETWORK=proxy TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} TRAEFIK_CERT_RESOLVER= -## ## Domains when TRAEFIK is ENABLED -## + PORTAINER_DOMAIN=portainer.local FRONTEND_DOMAIN=frontend.local FRONTEND_DOMAIN_2=app.frontend.local @@ -20,7 +20,8 @@ LINKSTACK_DOMAIN=linkstack.local TRAEFIK_DOMAIN=traefik.local CLOUD_DOMAIN=cloud.local -### TLS for Domains +### TLS for Domains + PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN} FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN} FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2} @@ -32,15 +33,14 @@ LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN} TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN} CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN} -## -## MIDDLEWARES -## -TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-https-redirect -TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-basic-auth -## +## MIDDLEWARES + +TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect +TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth + + ## ENTRYPOINTS -## TRAEFIK_ENTRYPOINT=websecure TRAEFIK_ENTRYPOINT_HTTP=web diff --git a/env/development/.env.tools b/env/development/.env.tools index e69de29..cb0a5b7 100644 --- a/env/development/.env.tools +++ b/env/development/.env.tools @@ -0,0 +1,21 @@ +# ---------------------------------- +# NEXTCLOUD DB +# ---------------------------------- + +MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben +MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben +MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name +MYSQL_USER=mindboostcloud #SQL Nutzername +MYSQL_INITDB_SKIP_TZINFO=1 +MARIADB_AUTO_UPGRADE=1 + +# ---------------------------------- +# NEXTCLOUD CLOUD +# ---------------------------------- + +TRUSTED_PROXIES=172.16.255.254/16 +OVERWRITEPROTOCOL=https +OVERWRITECLIURL=https://${CLOUD_DOMAIN:-cloud} +OVERWRITEHOST=${CLOUD_DOMAIN:-cloud} +REDIS_HOST=nextcloud-redis +REDIS_HOST_PASSWORD=redis-mindboost-passwort diff --git a/env/development/.env.website b/env/development/.env.website index e69de29..ae2e104 100644 --- a/env/development/.env.website +++ b/env/development/.env.website @@ -0,0 +1,5 @@ +# ---------------------------------- +# KIRBY CMS +# ---------------------------------- + +USER_ID=0 \ No newline at end of file From 76e3b3938f8d78f8b5ffe3b00af0ef06f6b00743 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 17:36:15 +0100 Subject: [PATCH 17/39] add an .env.all file that contains all default values --- env/.env.all | 224 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 222 insertions(+), 2 deletions(-) diff --git a/env/.env.all b/env/.env.all index 667e208..4bf35e0 100644 --- a/env/.env.all +++ b/env/.env.all @@ -2,9 +2,229 @@ ## Einstellung die für das gesamte Projekt gelten. Also der Name und der Admin ## Das Environment muss "production","staging" oder "development" heißen -INFRASTRUCTURE_LABEL=mindboost_dev +INFRASTRUCTURE_LABEL=mindboost ENVIRONMENT=development -ADMIN_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +ADMIN_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} ADMIN_PASSWORD_HASH='$2y$05$U7noO29Ru/4VB5x8TpZo3.b4VjH6AAnhufJJUG2Vs7qHCM2Cd8yIK' # for development = admin +SERVER_IP=127.0.0.1 + + +################################################################################################# +# 🔧 ENVIRONMENT VARIABLES 🔧 # +################################################################################################# +# +# This file contains **default (fallback) values** for environment variables. +# These values ensure that services run with sane defaults if no other configuration is provided. +# +# 📌 **ENVIRONMENT VARIABLE PRIORITY ORDER (Lowest to Highest)** +# 1️⃣ **Fallback Values in the File** (Used only if no other source provides a value) +# 2️⃣ **Global Defaults in `.env.all`** (Shared settings across all services) +# 3️⃣ **Service-Specific `.env` Files** (Overrides per service group, e.g., `.env.backend`, `.env.proxy`) +# 4️⃣ **Preloaded Shell Environment** (`export VAR=value` before running `docker compose`) +# 5️⃣ **CLI Overrides** (`docker compose --env-file` or `-e VAR=value` → Highest Priority) +# +# 🔄 **Overwriting Behavior** +# - Variables defined in **`.env.all`** override values in this file. +# - Variables defined in **`.env.`** (e.g., `.env.backend`) override `.env.all`. +# - Variables explicitly **exported in the shell** take priority over all `.env` files. +# - Variables passed via **CLI (`--env-file` or `-e VAR=value`)** have the **highest priority**. +# +# 🚀 **Key Takeaways** +# ✅ Use `.env.all` for common values across environments. +# ✅ Use `.env.` for service-specific configurations. +# ✅ If needed, manually override variables in the shell or CLI. +# +################################################################################################# + +## ______________________________________________________________________________________________ +## SEVICE GROUP ADMINISTRATION +## ______________________________________________________________________________________________ + +# ---------------------------------- +# Portainer +# ---------------------------------- + +PORTAINER_IMAGE=portainer/portainer-ce:latest +PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data + +## ______________________________________________________________________________________________ +## SEVICE GROUP DATABASE +## ______________________________________________________________________________________________ + +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- +MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} +MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} +MARIADB_PASSWORD=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} +MARIADB_ROOT_PASSWORD=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}-root + +MARIADB_PORT=3306 +MARIADB_HOST=${INFRASTRUCTURE_LABEL:-default}_database_${ENVIRONMENT:-development} + + +## ______________________________________________________________________________________________ +## SEVICE GROUP BACKEND +## ______________________________________________________________________________________________ + +# ---------------------------------- +# Redis +# ---------------------------------- +REDIS_PASSWORD=laravel-redis-passwort +REDIS_PORT=6379 + +# ---------------------------------- +# Laravel Backend +# ---------------------------------- +BACKEND_NETWORK=backend +APP_NAME="mindboost backend - Compose Deployment" +APP_URL=https://backend.local +LARAVEL_PORT=8000 +LARAVEL_VITE_PORT=5173 +DB_HOST=${MARIADB_HOST:-mariadb} +DB_PORT=${MARIADB_PORT:-3306} +DB_PASSWORD=${MARIADB_PASSWORD:-default} +DB_USERNAME=${MARIADB_USER:-default} +DB_DATABASE=${MARIADB_DATABASE:-default} + +JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F + +# ---------------------------------- +# Adminer +# ---------------------------------- +ADMINER_PORT=8080 + + +## ______________________________________________________________________________________________ +## SEVICE GROUP DEVELOP +## ______________________________________________________________________________________________ + +# ---------------------------------- +# GITEA AND GITEA DB +# ---------------------------------- + +USER_UID=1000 +USER_GID=1000 + +GITEA_VOLUME_PATH=../../../volumes/develop/gitea/gitea +GITEA_DATABASE_VOLUME_PATH=../../../volumes/develop/gitea/gitea_db + +GITEA_MYSQL_ROOT_PASSWORD=very-difficult-passwort-gitea +GITEA_MYSQL_USER=gitea +GITEA_MYSQL_PASSWORD=very-difficult-gitea +GITEA_MYSQL_DATABASE=gitea +GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true + + +## ______________________________________________________________________________________________ +## SEVICE GROUP FRONTEND +## ______________________________________________________________________________________________ + +# ---------------------------------- +# VUE APP +# ---------------------------------- + +BACKEND_URL="backend.local" + +## ______________________________________________________________________________________________ +## SEVICE GROUP PROXY +## ______________________________________________________________________________________________ + + +# ---------------------------------- +# TRAEFIK +# ---------------------------------- + +TRAEFIK_ENABLE=true +TRAEFIK_NETWORK=proxy +TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER:-admin}:${ADMIN_PASSWORD_HASH} +TRAEFIK_CERT_RESOLVER= + +## Domains when TRAEFIK is ENABLED + +PORTAINER_DOMAIN=portainer.local +FRONTEND_DOMAIN=frontend.local +FRONTEND_DOMAIN_2=app.frontend.local +BACKEND_DOMAIN=backend.local +WEBSITE_DOMAIN=web.local +GITEA_DOMAIN=gitea.local +LIMESURVEY_DOMAIN=survey.local +LINKSTACK_DOMAIN=linkstack.local +TRAEFIK_DOMAIN=traefik.local +CLOUD_DOMAIN=cloud.local + +### TLS for Domains + +PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN} +FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN} +FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2} +BACKEND_TLS_DOMAIN_MAIN=${BACKEND_DOMAIN} +WEBSITE_TLS_DOMAIN_MAIN=${WEBSITE_DOMAIN} +GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN} +LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN} +LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN} +TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN} +CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN} + + +## MIDDLEWARES + +TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect +TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth + + +## ENTRYPOINTS + +TRAEFIK_ENTRYPOINT=websecure +TRAEFIK_ENTRYPOINT_HTTP=web + + +## ______________________________________________________________________________________________ +## SEVICE GROUP SECURITY +## ______________________________________________________________________________________________ + +# ---------------------------------- +# WIREGUARD +# ---------------------------------- +WG_DEFAULT_ADDRESS=22.22.22.0 +WG_HOST=${SERVER_IP:-127.0.0.1} +WG_LANG=de + +## ______________________________________________________________________________________________ +## SEVICE GROUP TOOLS +## ______________________________________________________________________________________________ + +# ---------------------------------- +# NEXTCLOUD DB +# ---------------------------------- + +MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben +MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben +MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name +MYSQL_USER=mindboostcloud #SQL Nutzername +MYSQL_INITDB_SKIP_TZINFO=1 +MARIADB_AUTO_UPGRADE=1 + +# ---------------------------------- +# NEXTCLOUD CLOUD +# ---------------------------------- + +TRUSTED_PROXIES=172.16.255.254/16 +OVERWRITEPROTOCOL=https +OVERWRITECLIURL=https://${CLOUD_DOMAIN:-cloud} +OVERWRITEHOST=${CLOUD_DOMAIN:-cloud} +REDIS_HOST=nextcloud-redis +REDIS_HOST_PASSWORD=redis-mindboost-passwort + + +## ______________________________________________________________________________________________ +## SEVICE GROUP WEBSITE +## ______________________________________________________________________________________________ + +# ---------------------------------- +# KIRBY CMS +# ---------------------------------- + +KIRBY_USER_ID=0 \ No newline at end of file From 69323be9657c748bb23fe3267847736aa5ff6798 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 18 Feb 2025 17:36:43 +0100 Subject: [PATCH 18/39] create all .env.files but without content so far --- env/production/.env.database | 4 ++-- env/production/.env.proxy | 8 ++++---- env/staging/.env.administration | 6 ++++++ env/staging/.env.backend | 15 +++++++++++++++ env/staging/.env.database | 3 +++ env/staging/.env.develop | 9 +++++++++ env/staging/.env.frontend | 3 +++ env/staging/.env.proxy | 4 ++++ env/staging/.env.tools | 9 +++++++++ env/staging/.env.website | 4 ++++ 10 files changed, 59 insertions(+), 6 deletions(-) create mode 100644 env/staging/.env.administration create mode 100644 env/staging/.env.backend create mode 100644 env/staging/.env.database create mode 100644 env/staging/.env.develop create mode 100644 env/staging/.env.frontend create mode 100644 env/staging/.env.proxy create mode 100644 env/staging/.env.tools create mode 100644 env/staging/.env.website diff --git a/env/production/.env.database b/env/production/.env.database index 2544ad9..0369eb2 100644 --- a/env/production/.env.database +++ b/env/production/.env.database @@ -1,7 +1,7 @@ # ---------------------------------- # Datenbank (MariaDB) # ---------------------------------- -MARIADB_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} -MARIADB_DATABASE=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT} +MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} +MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} MARIADB_PASSWORD=1stronges-mindboostdb-passwort MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb diff --git a/env/production/.env.proxy b/env/production/.env.proxy index 829151c..76d9948 100644 --- a/env/production/.env.proxy +++ b/env/production/.env.proxy @@ -1,5 +1,5 @@ -TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-https-redirect -TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-basic-auth +TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect +TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} # Service Crowdsec @@ -10,8 +10,8 @@ SERVICES_CROWDSEC_IMAGE_VERSION=latest SERVICES_CROWDSEC_NETWORKS_CROWDSEC_IPV4=172.31.254.254 # Service Traefik -SERVICES_TRAEFIK_CONTAINER_NAME=${INFRASTRUCTURE_LABEL}-traefik -SERVICES_TRAEFIK_HOSTNAME=${INFRASTRUCTURE_LABEL}-traefik +SERVICES_TRAEFIK_CONTAINER_NAME=${INFRASTRUCTURE_LABEL:-default}-traefik +SERVICES_TRAEFIK_HOSTNAME=${INFRASTRUCTURE_LABEL:-default}-traefik SERVICES_TRAEFIK_IMAGE=traefik SERVICES_TRAEFIK_IMAGE_VERSION=2.11 SERVICES_TRAEFIK_LABELS_TRAEFIK_HOST=`traefik.haslach2025.de` diff --git a/env/staging/.env.administration b/env/staging/.env.administration new file mode 100644 index 0000000..4d87782 --- /dev/null +++ b/env/staging/.env.administration @@ -0,0 +1,6 @@ + + +# ---------------------------------- +# Portainer +# ---------------------------------- + diff --git a/env/staging/.env.backend b/env/staging/.env.backend new file mode 100644 index 0000000..7ed4829 --- /dev/null +++ b/env/staging/.env.backend @@ -0,0 +1,15 @@ + + +# ---------------------------------- +# Redis +# ---------------------------------- + + +# ---------------------------------- +# Laravel Backend +# ---------------------------------- + + +# ---------------------------------- +# Adminer +# ---------------------------------- diff --git a/env/staging/.env.database b/env/staging/.env.database new file mode 100644 index 0000000..f1071c7 --- /dev/null +++ b/env/staging/.env.database @@ -0,0 +1,3 @@ +# ---------------------------------- +# Datenbank (MariaDB) +# ---------------------------------- diff --git a/env/staging/.env.develop b/env/staging/.env.develop new file mode 100644 index 0000000..0cb6f7d --- /dev/null +++ b/env/staging/.env.develop @@ -0,0 +1,9 @@ +# ---------------------------------- +# GITEA +# ---------------------------------- + + + +# ---------------------------------- +# GITEA DB +# ---------------------------------- diff --git a/env/staging/.env.frontend b/env/staging/.env.frontend new file mode 100644 index 0000000..d2f2d98 --- /dev/null +++ b/env/staging/.env.frontend @@ -0,0 +1,3 @@ +# ---------------------------------- +# VUE APP +# ---------------------------------- diff --git a/env/staging/.env.proxy b/env/staging/.env.proxy new file mode 100644 index 0000000..e130688 --- /dev/null +++ b/env/staging/.env.proxy @@ -0,0 +1,4 @@ +# ---------------------------------- +# TRAEFIK +# ---------------------------------- + diff --git a/env/staging/.env.tools b/env/staging/.env.tools new file mode 100644 index 0000000..9f86194 --- /dev/null +++ b/env/staging/.env.tools @@ -0,0 +1,9 @@ +# ---------------------------------- +# NEXTCLOUD DB +# ---------------------------------- + + + +# ---------------------------------- +# NEXTCLOUD CLOUD +# ---------------------------------- diff --git a/env/staging/.env.website b/env/staging/.env.website new file mode 100644 index 0000000..992d8e7 --- /dev/null +++ b/env/staging/.env.website @@ -0,0 +1,4 @@ +# ---------------------------------- +# KIRBY CMS +# ---------------------------------- + From 9afa8808db857da684a6b8acba71cbe087c779fa Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 24 Feb 2025 14:07:22 +0100 Subject: [PATCH 19/39] add raw state of with jenkins --- .gitignore | 3 ++- Jenkinsfile | 34 +++++++++++++++++++++++++ apps/develop/jenkins/docker-compose.yml | 16 +++++++++--- apps/develop/jenkins/plugins.yml | 0 4 files changed, 49 insertions(+), 4 deletions(-) create mode 100644 Jenkinsfile create mode 100644 apps/develop/jenkins/plugins.yml diff --git a/.gitignore b/.gitignore index 826710d..d3b94ce 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ volumes apps/proxy .DS_Store apps/administration/* -apps/tools/app/* \ No newline at end of file +apps/tools/app/* +env/secrets.env diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..7d4a474 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,34 @@ + + +pipeline { + agent any + + stages { + stage('Checkout Code & Submodules') { + steps { + git branch: 'main', url: 'git@github.com:your-org/my-main-repo.git', credentialsId: 'git-credentials' + sh 'git submodule update --init --recursive' + } + } + + stage('Run Backend Pipeline') { + steps { + build job: 'backend-pipeline', wait: true + } + } + + stage('Run Frontend Pipeline') { + steps { + build job: 'frontend-pipeline', wait: true + } + } + + stage('Deploy Infrastructure') { + steps { + sshagent(['jenkins-ssh-key']) { + sh "ssh user@server 'cd /opt/myapp && git pull origin main && docker compose up -d'" + } + } + } + } +} diff --git a/apps/develop/jenkins/docker-compose.yml b/apps/develop/jenkins/docker-compose.yml index f71dc7e..4452b95 100644 --- a/apps/develop/jenkins/docker-compose.yml +++ b/apps/develop/jenkins/docker-compose.yml @@ -1,5 +1,4 @@ -version: '3.8' - +### Jenkins (./apps/frontend/docker-compose.yml) services: jenkins: image: jenkins/jenkins:lts @@ -7,7 +6,10 @@ services: ports: - "50000:50000" # Jenkins Agent Port volumes: - - jenkins_home:/var/jenkins_home + - ../../../volumes/develop/jenkins:/var/jenkins_home + - ./plugins.yml:/usr/share/jenkins/ref/plugins.yml + depends_on: + - jenkins-plugins environment: - JAVA_OPTS=-Djenkins.install.runSetupWizard=false networks: @@ -21,6 +23,14 @@ services: - "traefik.http.services.jenkins.loadbalancer.server.port=8080" # interner Port von Jenkins - "traefik.docker.network=proxy" + jenkins-plugins: + image: jenkins/jenkins:lts-jdk17 + command: > + jenkins-plugin-cli -f /usr/share/jenkins/ref/plugins.yml --available-updates --output txt > /usr/share/jenkins/ref/plugins.yml + volumes: + - ./plugins.yml:/usr/share/jenkins/ref/plugins.yml + restart: "no" + volumes: jenkins_home: driver: local diff --git a/apps/develop/jenkins/plugins.yml b/apps/develop/jenkins/plugins.yml new file mode 100644 index 0000000..e69de29 From f14186decaba184697a83e55d36821219959300e Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 24 Feb 2025 14:08:16 +0100 Subject: [PATCH 20/39] update env Variables --- env/development/.env.backend | 8 +++----- env/development/.env.database | 10 +++++++--- env/development/.env.proxy | 2 ++ env/development/.env.tools | 8 ++++++++ 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/env/development/.env.backend b/env/development/.env.backend index a22da33..8f1d6cb 100644 --- a/env/development/.env.backend +++ b/env/development/.env.backend @@ -6,6 +6,7 @@ REDIS_PASSWORD=laravel-redis-passwort REDIS_PORT=6379 SERVER_IP=${SERVER_IP:-localhost} + # ---------------------------------- # Laravel Backend # ---------------------------------- @@ -14,7 +15,7 @@ APP_NAME="mindboost backend - Compose Deployment" APP_URL=https://backend.local LARAVEL_PORT=8000 LARAVEL_VITE_PORT=5173 -DB_HOST=${MARIADB_HOST:-mariadb} +DB_HOST=${MARIADB_HOST:-database} DB_PORT=${MARIADB_PORT:-3306} DB_PASSWORD=${MARIADB_PASSWORD:-default} DB_USERNAME=${MARIADB_USER:-default} @@ -22,7 +23,4 @@ DB_DATABASE=${MARIADB_DATABASE:-default} JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F -# ---------------------------------- -# Adminer -# ---------------------------------- -ADMINER_PORT=8080 + diff --git a/env/development/.env.database b/env/development/.env.database index b141c9a..ca4d94b 100644 --- a/env/development/.env.database +++ b/env/development/.env.database @@ -4,7 +4,11 @@ MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb - +MARIADB_RANDOM_ROOT_PASSWORD=1 MARIADB_PORT=3306 -MARIADB_HOST=${INFRASTRUCTURE_LABEL:-default}_database_${ENVIRONMENT:-development} +MARIADB_HOST=database + +# ---------------------------------- +# Adminer +# ---------------------------------- +ADMINER_PORT=8082 diff --git a/env/development/.env.proxy b/env/development/.env.proxy index 7e6c32c..3b1fdb6 100644 --- a/env/development/.env.proxy +++ b/env/development/.env.proxy @@ -19,6 +19,7 @@ LIMESURVEY_DOMAIN=survey.local LINKSTACK_DOMAIN=linkstack.local TRAEFIK_DOMAIN=traefik.local CLOUD_DOMAIN=cloud.local +KILLBILL_DOMAIN=killbill.local ### TLS for Domains @@ -32,6 +33,7 @@ LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN} LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN} TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN} CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN} +KILLBILL_TLS_DOMAIN_MAIN=${KILLBILL_DOMAIN} ## MIDDLEWARES diff --git a/env/development/.env.tools b/env/development/.env.tools index cb0a5b7..f260d4d 100644 --- a/env/development/.env.tools +++ b/env/development/.env.tools @@ -19,3 +19,11 @@ OVERWRITECLIURL=https://${CLOUD_DOMAIN:-cloud} OVERWRITEHOST=${CLOUD_DOMAIN:-cloud} REDIS_HOST=nextcloud-redis REDIS_HOST_PASSWORD=redis-mindboost-passwort + +# ---------------------------------- +# KILLBILL PAYMENT +# ---------------------------------- + +KILLBILL_DAO_URL=jdbc:mysql://db:3306/killbill +KILLBILL_DAO_USER=${ADMIN_USER:-root} +KILLBILL_DAO_PASSWORD=${ADMIN_PASSWORD_HASH} From dff86e048695f24fda69ee4a8d9defb21ad2c66a Mon Sep 17 00:00:00 2001 From: rorapp Date: Mon, 24 Feb 2025 14:08:48 +0100 Subject: [PATCH 21/39] move deploy scripts to start folder --- scripts/{ => maintain}/backup.sh | 0 scripts/maintain/generate_secrets.sh | 81 ++++++++++++++++++++ scripts/{ => start}/deploy-administration.sh | 16 ++-- scripts/{ => start}/deploy-all.sh | 11 ++- scripts/{ => start}/deploy-app.sh | 12 +-- scripts/{ => start}/deploy-overwrite.sh | 0 scripts/{ => start}/deploy-proxy.sh | 8 +- scripts/{ => start}/deploy-traefik.sh | 0 8 files changed, 105 insertions(+), 23 deletions(-) rename scripts/{ => maintain}/backup.sh (100%) create mode 100755 scripts/maintain/generate_secrets.sh rename scripts/{ => start}/deploy-administration.sh (77%) rename scripts/{ => start}/deploy-all.sh (87%) rename scripts/{ => start}/deploy-app.sh (78%) rename scripts/{ => start}/deploy-overwrite.sh (100%) rename scripts/{ => start}/deploy-proxy.sh (80%) rename scripts/{ => start}/deploy-traefik.sh (100%) diff --git a/scripts/backup.sh b/scripts/maintain/backup.sh similarity index 100% rename from scripts/backup.sh rename to scripts/maintain/backup.sh diff --git a/scripts/maintain/generate_secrets.sh b/scripts/maintain/generate_secrets.sh new file mode 100755 index 0000000..2464fc3 --- /dev/null +++ b/scripts/maintain/generate_secrets.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# 🚀 Script to Generate Secure Secrets for Deployment + +# Define root directory relative to the script location +ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)" +SECRET_FILE="$ROOT_DIR/env/secrets.env" +GITIGNORE_FILE="$ROOT_DIR/.gitignore" + +# ✅ Function to check if a command is installed +check_dependency() { + command -v "$1" >/dev/null 2>&1 +} + +# 🔍 Check for OpenSSL, and prompt user to install if missing +if ! check_dependency "openssl"; then + echo "⚠️ OpenSSL is not installed. It is required to generate secure secrets." + echo "Would you like to install OpenSSL now? (yes/no)" + read -r install_choice + if [[ "$install_choice" == "yes" ]]; then + if [[ "$OSTYPE" == "linux-gnu"* ]]; then + sudo apt update && sudo apt install -y openssl + elif [[ "$OSTYPE" == "darwin"* ]]; then + brew install openssl + else + echo "❌ Unsupported OS. Please install OpenSSL manually." + exit 1 + fi + else + echo "❌ OpenSSL is required but was not installed. Exiting." + exit 1 + fi +fi + +# ✅ Securely generate random values +generate_secret() { + openssl rand -base64 32 +} + +# 🔄 Check if the secret file already exists +if [ -f "$SECRET_FILE" ]; then + echo "⚠️ $SECRET_FILE already exists. Overwrite? (yes/no)" + read -r response + if [[ "$response" != "yes" ]]; then + echo "❌ Secret file creation canceled." + exit 1 + fi +fi + +# ✏️ Write secrets to file +echo "🔐 Generating $SECRET_FILE ..." +mkdir -p "$(dirname "$SECRET_FILE")" # Ensure the env directory exists +> "$SECRET_FILE" # Clear file if it exists + +# 🔑 Define and write secrets +echo "ADMIN_PASSWORD_HASH=$(openssl passwd -6 admin)" >> "$SECRET_FILE" +echo "JWT_SECRET=$(generate_secret)" >> "$SECRET_FILE" +echo "MARIADB_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "MARIADB_ROOT_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "REDIS_HOST_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "TRAEFIK_BASIC_AUTH_USERS=admin:$(openssl passwd -6 traefikpass)" >> "$SECRET_FILE" +echo "GITEA_MYSQL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "NEXTCLOUD_ADMIN_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" +echo "MAIL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE" + +# 🛑 Ensure secrets.env is ignored by Git **without overwriting last line** +if [ -f "$SECRET_FILE" ]; then + # Check if the last line is missing a newline and fix it + if [ -s "$GITIGNORE_FILE" ] && [ "$(tail -c1 "$GITIGNORE_FILE")" != "" ]; then + echo "" >> "$GITIGNORE_FILE" + fi + + # Append 'env/secrets.env' only if it's not already in .gitignore + if ! grep -q "^env/secrets.env$" "$GITIGNORE_FILE"; then + echo "env/secrets.env" >> "$GITIGNORE_FILE" + echo "✅ Added 'env/secrets.env' to .gitignore" + fi +fi + +echo "✅ Secrets have been generated and stored in $SECRET_FILE." +echo "⚠️ Keep this file secure and do NOT commit it to Git!" diff --git a/scripts/deploy-administration.sh b/scripts/start/deploy-administration.sh similarity index 77% rename from scripts/deploy-administration.sh rename to scripts/start/deploy-administration.sh index 112f438..d953c9f 100755 --- a/scripts/deploy-administration.sh +++ b/scripts/start/deploy-administration.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Überprüfen der Existenz einer Datei check_file_exists() { @@ -12,7 +12,7 @@ check_file_exists() { } # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { @@ -25,8 +25,8 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT") # Load environment variables from the .env files set -o allexport -source ../env/.env.all -source ../env/${ENVIRONMENT}/.env.administration +source ../../env/.env.all +source ../../env/${ENVIRONMENT:-development}/.env.administration set +o allexport # Liste Stacks @@ -39,14 +39,14 @@ ENVIRONMENTS=("development" "staging" "production") # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi done if [ $missing_files -eq 0 ]; then - echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT}-Environment sind vorhanden." + echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT:-development}-Environment sind vorhanden." else echo "Warnung: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren." fi @@ -55,7 +55,7 @@ fi for env in "${ENVIRONMENTS[@]}"; do if [ "$env" != "$ENVIRONMENT" ]; then for stack in "${STACKS[@]}"; do - env_file="../env/${env}/.env.${stack}" + env_file="../../env/${env}/.env.${stack}" if ! check_file_exists "$env_file"; then echo "Warnung: Die Datei $env_file fehlt für das Environment $env." fi @@ -72,4 +72,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" echo "-----------------------------------" # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile administration up --remove-orphans +docker compose -f ../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile administration up --remove-orphans diff --git a/scripts/deploy-all.sh b/scripts/start/deploy-all.sh similarity index 87% rename from scripts/deploy-all.sh rename to scripts/start/deploy-all.sh index 16c1505..7a57056 100755 --- a/scripts/deploy-all.sh +++ b/scripts/start/deploy-all.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 @@ -25,7 +25,6 @@ check_file_exists() { return 1 fi } -#!/bin/bash # Prüfe, ob das Skript nur in der Entwicklungsumgebung ausgeführt wird if [ "$ENVIRONMENT" == "development" ]; then @@ -43,7 +42,7 @@ if [ "$ENVIRONMENT" == "development" ]; then echo "🔹 ENVIRONMENT ist 'development' – Hosts aus .env.proxy werden hinzugefügt und Container gestartet." # Pfad zur Proxy-Env-Datei - ENV_PROXY_FILE="../env/development/.env.proxy" + ENV_PROXY_FILE="../../env/development/.env.proxy" # Hosts-Datei Pfad (Linux/macOS) HOSTS_FILE="/etc/hosts" @@ -72,12 +71,12 @@ else fi # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi @@ -102,4 +101,4 @@ if [[ "$1" == "--build" ]]; then fi # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION +docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION diff --git a/scripts/deploy-app.sh b/scripts/start/deploy-app.sh similarity index 78% rename from scripts/deploy-app.sh rename to scripts/start/deploy-app.sh index f57bd09..25a26df 100755 --- a/scripts/deploy-app.sh +++ b/scripts/start/deploy-app.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 @@ -13,7 +13,7 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT") SERVER_IP=$(curl -s https://api.ipify.org) # Liste aller Stacks -STACKS=("administration" "frontend" "develop" "database" "proxy" "tools" "website" "backend") +STACKS=("frontend" "database" "backend") # Liste aller Environments ENVIRONMENTS=("development" "staging" "production") @@ -26,12 +26,12 @@ check_file_exists() { fi } # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi @@ -55,5 +55,7 @@ if [[ "$1" == "--build" ]]; then BUILD_OPTION="--build" fi + # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile app up --remove-orphans $BUILD_OPTION +docker compose -f ../../apps/docker-compose.all.yml --env-file ../../env/.env.all -p ${INFRASTRUCTURE:-my} --profile app up --remove-orphans $BUILD_OPTION + diff --git a/scripts/deploy-overwrite.sh b/scripts/start/deploy-overwrite.sh similarity index 100% rename from scripts/deploy-overwrite.sh rename to scripts/start/deploy-overwrite.sh diff --git a/scripts/deploy-proxy.sh b/scripts/start/deploy-proxy.sh similarity index 80% rename from scripts/deploy-proxy.sh rename to scripts/start/deploy-proxy.sh index 8560a47..012e318 100755 --- a/scripts/deploy-proxy.sh +++ b/scripts/start/deploy-proxy.sh @@ -1,7 +1,7 @@ #!/bin/bash # Pfad zur .env.all Datei -ENV_FILE="../env/.env.all" +ENV_FILE="../../env/.env.all" # Funktion zum Auslesen von Variablen aus der .env.all Datei get_env_var() { @@ -27,12 +27,12 @@ check_file_exists() { } # Überprüfe die Existenz von .env.all -check_file_exists "../env/.env.all" +check_file_exists "../../env/.env.all" # Überprüfe die Existenz aller Stack-spezifischen .env Dateien missing_files=0 for stack in "${STACKS[@]}"; do - env_file="../env/${ENVIRONMENT}/.env.${stack}" + env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}" if ! check_file_exists "$env_file"; then missing_files=$((missing_files + 1)) fi @@ -51,4 +51,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" echo "-----------------------------------" # Ausführen des Docker Compose Befehls -docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile proxy up --remove-orphans +docker compose -f ../../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans diff --git a/scripts/deploy-traefik.sh b/scripts/start/deploy-traefik.sh similarity index 100% rename from scripts/deploy-traefik.sh rename to scripts/start/deploy-traefik.sh From a9143ae8f84025ab0fc925cb07f9404debae030e Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 26 Feb 2025 12:46:24 +0100 Subject: [PATCH 22/39] delete the docker compose files with where not neccesary for the code to run --- apps/docker-compose.overwrite.yml | 65 ------------------ apps/docker-compose.prod.yml | 107 ------------------------------ 2 files changed, 172 deletions(-) delete mode 100644 apps/docker-compose.overwrite.yml delete mode 100644 apps/docker-compose.prod.yml diff --git a/apps/docker-compose.overwrite.yml b/apps/docker-compose.overwrite.yml deleted file mode 100644 index 8d07011..0000000 --- a/apps/docker-compose.overwrite.yml +++ /dev/null @@ -1,65 +0,0 @@ -## -## DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER -## -## Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass -## bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src -## Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik. -## -## Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik) -## Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt -## -services: - mariadb: - image: mariadb:latest - container_name: local_mariadb - command: --bind-address=0.0.0.0 - environment: - - ALLOW_EMPTY_PASSWORD - - MARIADB_USER=mindboost - - MARIADB_DATABASE=mindboost - - MARIADB_PASSWORD=mindboost - - MARIADB_ROOT_PASSWORD=root-mindboost - volumes: - - ../volumes/daten/mariadb:/var/lib/mysql - networks: - - backend - frontend: - build: - context: ./frontend/src - dockerfile: Dockerfile.dev - container_name: local_frontend - volumes: - - ./frontend/src:/app - - /app/node_modules - ports: - - "3000:3000" - networks: - - backend - environment: - NODE_ENV: development - - backend: - build: - context: ./backend/src - dockerfile: Dockerfile.dev - container_name: local_backend - ports: - - "8000:8000" - - "5173:5173" - volumes: - - ./backend/src:/var/www - networks: - - backend - depends_on: - - mariadb - adminer: - image: adminer - container_name: local_adminer - restart: always - ports: - - 8080:8080 - networks: - - backend -networks: - backend: - external: false \ No newline at end of file diff --git a/apps/docker-compose.prod.yml b/apps/docker-compose.prod.yml deleted file mode 100644 index e33a4ee..0000000 --- a/apps/docker-compose.prod.yml +++ /dev/null @@ -1,107 +0,0 @@ -## -## DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER -## -## Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass -## bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src -## Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik. -## -## Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik) -## Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt -## - -services: - prod-mariadb: - image: mariadb:latest - container_name: prod-mariadb - hostname: mariadb - command: --bind-address=0.0.0.0 - env_file: - - ../config/.env.db - networks: - - ${BACKEND_NETWORK} - volumes: - - ../volumes/daten/mariadb:/var/lib/mysql - prod-redis: - image: redis:alpine - container_name: prod-redis - hostname: redis - networks: - - ${BACKEND_NETWORK} - restart: unless-stopped - command: redis-server --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben - volumes: - - ../volumes/daten/redis:/data - prod-frontend: - build: - context: ./frontend/src - dockerfile: Dockerfile - container_name: prod-frontend - networks: - - ${BACKEND_NETWORK} - - ${TRAEFIK_NETWORK} - env_file: - - ../config/.env.frontend - - ../config/.env.traefik - labels: - - "traefik.enable=${TRAEFIK_ENABLE}" - - "traefik.http.routers.prod-frontend.entrypoints=${TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT}" - - "traefik.http.routers.prod-frontend.rule=${TRAEFIK_ROUTER_FRONTEND_RULE}" - - "traefik.http.routers.prod-frontend.tls=${TRAEFIK_ROUTER_FRONTEND_TLS}" - - "traefik.http.routers.prod-frontend.tls.certresolver=${TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER}" - - "traefik.http.routers.prod-frontend.tls.domains[0].main=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN}" - - "traefik.http.routers.prod-frontend.tls.domains[0].sans=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS}" - - "traefik.http.services.prod-frontend.loadbalancer.server.port=${TRAEFIK_SERVICE_FRONTEND_PORT}" - - "traefik.docker.network=${TRAEFIK_NETWORK}" - prod-backend: - build: - context: ./backend/src - dockerfile: Dockerfile - env_file: - - ../config/.env.backend - - ../config/.env.traefik - labels: - - "traefik.enable=${TRAEFIK_ENABLE}" - - "traefik.http.routers.prod-backend.entrypoints=${TRAEFIK_ROUTER_BACKEND_ENTRYPOINT}" - - "traefik.http.routers.prod-backend.rule=${TRAEFIK_ROUTER_BACKEND_RULE}" - - "traefik.http.routers.prod-backend.tls=${TRAEFIK_ROUTER_BACKEND_TLS}" - - "traefik.http.routers.prod-backend.tls.certresolver=${TRAEFIK_ROUTER_BACKEND_CERTRESOLVER}" - - "traefik.http.routers.prod-backend.tls.domains[0].main=${TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN}" - - "traefik.http.services.prod-backend.loadbalancer.server.port=${TRAEFIK_SERVICE_BACKEND_PORT}" - - "traefik.docker.network=${TRAEFIK_NETWORK}" - networks: - - ${BACKEND_NETWORK} - - ${TRAEFIK_NETWORK} - depends_on: - - prod-mariadb - # Traefik-Crowdsec Stack - crowdsec: - extends: - file: ./proxy/docker-compose.yml - service: crowdsec - networks: - - ${TRAEFIK_NETWORK} - - traefik: - extends: - file: ./proxy/docker-compose.yml - service: traefik - networks: - - ${TRAEFIK_NETWORK} - depends_on: - - crowdsec - - traefik_crowdsec_bouncer: - extends: - file: ./proxy/docker-compose.yml - service: traefik_crowdsec_bouncer - networks: - - ${TRAEFIK_NETWORK} - depends_on: - - crowdsec - - traefik - -networks: - prod-backend: - external: false - proxy: - external: true From 42b71394df8e1f2e4f14d5d2696edc2ee1779caf Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 26 Feb 2025 12:46:46 +0100 Subject: [PATCH 23/39] updating the readme file environment explaination --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 926b763..176b99d 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ Each service's `docker-compose.yml` file references the appropriate `.env` file services: backend: env_file: - - ../../env/${ENVIRONMENT}/backend.env + - ../../env/${ENVIRONMENT:-development}/backend.env ``` ## Networking From e981a365cc4fa96921266bcd87426c95331078d5 Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 26 Feb 2025 12:48:56 +0100 Subject: [PATCH 24/39] =?UTF-8?q?fall=20back=20f=C3=BCr=20ROOT=5FDIR=20bas?= =?UTF-8?q?ed=20on=20the=20current=20directory=20in=20file=20system?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../generate_secrets.sh => setup/generate-secrets.sh} | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) rename scripts/{maintain/generate_secrets.sh => setup/generate-secrets.sh} (94%) diff --git a/scripts/maintain/generate_secrets.sh b/scripts/setup/generate-secrets.sh similarity index 94% rename from scripts/maintain/generate_secrets.sh rename to scripts/setup/generate-secrets.sh index 2464fc3..007e5dc 100755 --- a/scripts/maintain/generate_secrets.sh +++ b/scripts/setup/generate-secrets.sh @@ -3,7 +3,13 @@ # 🚀 Script to Generate Secure Secrets for Deployment # Define root directory relative to the script location -ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)" + +# Stelle sicher, dass ROOT_DIR gesetzt ist +if [ -z "$ROOT_DIR" ]; then + echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..." + source ./set-project-root.sh +fi + SECRET_FILE="$ROOT_DIR/env/secrets.env" GITIGNORE_FILE="$ROOT_DIR/.gitignore" From c976fea1c3e56b1de9c06e83c022d9d94d9b0750 Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 28 Feb 2025 10:12:13 +0100 Subject: [PATCH 25/39] clean up --- env/.env.backend | 49 ----------------------------------------------- env/.env.db | 8 -------- env/.env.frontend | 1 - env/.env.shared | 1 - env/.env.traefik | 24 ----------------------- 5 files changed, 83 deletions(-) delete mode 100644 env/.env.backend delete mode 100644 env/.env.db delete mode 100644 env/.env.frontend delete mode 100644 env/.env.shared delete mode 100644 env/.env.traefik diff --git a/env/.env.backend b/env/.env.backend deleted file mode 100644 index 8330154..0000000 --- a/env/.env.backend +++ /dev/null @@ -1,49 +0,0 @@ -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- -MARIADB_USER=mindboost -MARIADB_DATABASE=mindboost -MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb - -# ---------------------------------- -# Redis -# ---------------------------------- -REDIS_PASSWORD=laravel-redis-passwort -REDIS_PORT=6379 - -# ---------------------------------- -# Vue Frontend (Nuxt.js) -# ---------------------------------- -VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team -VUE_FRONTEND_PORT=3001 -VUE_INTERNAL_PORT=3000 -VUE_FRONTEND_DOMAIN_1=app.mindboost.team -VUE_FRONTEND_DOMAIN_2=mindboost.app - -# ---------------------------------- -# Laravel Backend -# ---------------------------------- -BACKEND_NETWORK=backend -APP_NAME="mindboost backend - Compose Deployment" -APP_URL=https://b.mindboost.team -LARAVEL_PORT=8000 -LARAVEL_VITE_PORT=5173 -DB_HOST=mariadb -DB_PORT=3306 -DB_PASSWORD=1stronges-mindboostdb-passwort -DB_USERNAME=mindboost -DB_DATABASE=mindboost -LARAVEL_DOMAIN=b.mindboost.team -JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F -# ---------------------------------- -# Traefik -# ---------------------------------- -TRAEFIK_CERT_RESOLVER=http_resolver -TRAEFIK_ENTRYPOINT=websecure -TRAEFIK_NETWORK=proxy - -# ---------------------------------- -# Adminer -# ---------------------------------- -ADMINER_PORT=8080 diff --git a/env/.env.db b/env/.env.db deleted file mode 100644 index e736b27..0000000 --- a/env/.env.db +++ /dev/null @@ -1,8 +0,0 @@ -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- -MARIADB_USER=mindboost -MARIADB_DATABASE=mindboost -MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb -ADMINER_PORT=8000 \ No newline at end of file diff --git a/env/.env.frontend b/env/.env.frontend deleted file mode 100644 index abe3bd8..0000000 --- a/env/.env.frontend +++ /dev/null @@ -1 +0,0 @@ -DB_HOST= BLALBLAB diff --git a/env/.env.shared b/env/.env.shared deleted file mode 100644 index abe3bd8..0000000 --- a/env/.env.shared +++ /dev/null @@ -1 +0,0 @@ -DB_HOST= BLALBLAB diff --git a/env/.env.traefik b/env/.env.traefik deleted file mode 100644 index 07794dc..0000000 --- a/env/.env.traefik +++ /dev/null @@ -1,24 +0,0 @@ -# ---------------------------------- -# Traefik -# ---------------------------------- - -# Allgemein -TRAEFIK_ENABLE=true -TRAEFIK_NETWORK=proxy - -# Backend -TRAEFIK_ROUTER_BACKEND_ENTRYPOINT=websecure -TRAEFIK_ROUTER_BACKEND_RULE=Host(`b.mindboost.team`) -TRAEFIK_ROUTER_BACKEND_TLS=true -TRAEFIK_ROUTER_BACKEND_CERTRESOLVER=http_resolver -TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN=b.mindboost.team -TRAEFIK_SERVICE_BACKEND_PORT=8000 - -# Frontend -TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT=websecure -TRAEFIK_ROUTER_FRONTEND_RULE=Host(`app.mindboost.team`) -TRAEFIK_ROUTER_FRONTEND_TLS=true -TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER=http_resolver -TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN=app.mindboost.team -TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS=mindboost.app -TRAEFIK_SERVICE_FRONTEND_PORT=3000 From 0f081689477e2f119b2bb6d3f5efac2f5281bfcb Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 28 Feb 2025 18:06:47 +0100 Subject: [PATCH 26/39] update the docker files for almost all apps --- apps/backend/docker-compose.yml | 29 ++++++----- apps/database/docker-compose.yml | 54 +++++++++++++------- apps/docker-compose.all.yml | 4 +- apps/frontend/docker-compose.yml | 20 ++------ apps/tools/docker-compose.yml | 64 ++---------------------- apps/tools/limesurvey/docker-compose.yml | 0 apps/tools/nextcloud/docker-compose.yml | 59 ++++++++++++++++++++++ apps/website/docker-compose.yml | 25 ++++++--- 8 files changed, 140 insertions(+), 115 deletions(-) create mode 100644 apps/tools/limesurvey/docker-compose.yml create mode 100644 apps/tools/nextcloud/docker-compose.yml diff --git a/apps/backend/docker-compose.yml b/apps/backend/docker-compose.yml index 22ac631..5f53f80 100644 --- a/apps/backend/docker-compose.yml +++ b/apps/backend/docker-compose.yml @@ -1,19 +1,17 @@ ### Backend (./apps/backend/docker-compose.yml) - services: backend: - container_name: ${INFRASTRUCTURE_LABEL}-laravel-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-laravel-${ENVIRONMENT:-development} profiles: ["laravel", "backend", "all", "app"] env_file: - - ../../env/.env.all - - ../../env/${ENVIRONMENT}/.env.proxy - - ../../env/${ENVIRONMENT}/.env.database - - ../../env/${ENVIRONMENT}/.env.backend + - ../../env/${ENVIRONMENT:-development}/.env.backend depends_on: - database build: context: ./src dockerfile: Dockerfile + networks: + - backend labels: - "traefik.enable=${TRAEFIK_ENABLE}" - "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}" @@ -23,14 +21,21 @@ services: - "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`" - "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}" - "traefik.docker.network=${TRAEFIK_NETWORK}" - # Traefik-Crowdsec Stack backend-redis: image: redis:alpine - container_name: ${INFRASTRUCTURE_LABEL}-laravelredis-${ENVIRONMENT} + container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-redis-${ENVIRONMENT:-development} profiles: ["redis", "backend", "all"] + env_file: + - ../../env/${ENVIRONMENT:-development}/.env.backend restart: unless-stopped - command: redis-server --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben + command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-laravel-redis-passwort} # Redis Passwort eingeben volumes: - - ../../volumes/backend/redis:/data -networks: - backend: + - backend_redis_data:/data + networks: + - backend +volumes: + backend_redis_data: + driver: local + name: "${INFRASTRUCTURE_LABEL}_backend_redis_data" + + diff --git a/apps/database/docker-compose.yml b/apps/database/docker-compose.yml index 87d0bdc..d85a294 100644 --- a/apps/database/docker-compose.yml +++ b/apps/database/docker-compose.yml @@ -1,39 +1,55 @@ ### Database (./apps/database/docker-compose.yml) # - [ ] Create a MariaDB service # - [ ] Configure volumes for persistent storage of database data -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/database.env) -# - [ ] Configure networking to allow connections from the backend service -# - [ ] Set up regular backup jobs for the database -# - [ ] Configure appropriate resource limits and restart policies +secrets: + mariadb_root: + file: ${ROOT_DIR:-../..}/env/secrets.env services: database: - profiles: ["all", "mariadb", "backend", "app"] + secrets: + - mariadb_root + profiles: ["all", "database", "backend", "app"] image: mariadb:latest container_name: ${INFRASTRUCTURE_LABEL:-default}-mariadb-${ENVIRONMENT:-development} command: --bind-address=0.0.0.0 env_file: - - ../../env/.env.all - - ../../env/${ENVIRONMENT:-development}/.env.backend - - ../../env/${ENVIRONMENT:-development}/.env.proxy - environment: - - MARIADB_USER=${MARIADB_USER} - - MARIADB_DATABASE=${MARIADB_DATABASE} - - MARIADB_PASSWORD=${MARIADB_PASSWORD} - - MARIADB_ROOT_PASSWORD=root-mindboost + - ../../env/${ENVIRONMENT:-development}/.env.database volumes: - - ../../volumes/database/mariadb:/var/lib/mysql + - backend_mariadb_data:/var/lib/mysql + - ./healthcheck.sh:/usr/local/bin/healthcheck.sh networks: - backend + - database healthcheck: - test: ["CMD", "mysqladmin", "ping", "-h", "localhost"] - interval: 10s + test: ["CMD", "bash", "/usr/local/bin/healthcheck.sh"] + interval: 1s retries: 3 adminer: - profiles: ["all", "mariadb", "backend", "app"] + profiles: ["all", "database", "backend", "adminer", "app"] image: adminer container_name: ${INFRASTRUCTURE_LABEL:-default}-adminer-${ENVIRONMENT:-development} restart: always ports: - - 8082:8080 + - ${ADMINER_PORT:-0}:8080 networks: - - backend \ No newline at end of file + - database + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.entrypoints=websecure" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.rule=Host(`${ADMINER_DOMAIN}`)" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls.certresolver=http_resolver" + - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.service=adminer' + - "traefik.http.adminer.cloud.loadbalancer.server.port=8080" + - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" + # TODO: ADMINER IS NOT PREPARED FOR TRAEFIK +networks: + backend: + name: ${INFRASTRUCTURE_LABEL:-default}-backend-${ENVIRONMENT:-development} + database: + name: ${INFRASTRUCTURE_LABEL:-default}-database-${ENVIRONMENT:-development} +volumes: + backend_mariadb_data: + driver: local + name: ${INFRASTRUCTURE_LABEL:-default}_mariadb_${ENVIRONMENT:-development} diff --git a/apps/docker-compose.all.yml b/apps/docker-compose.all.yml index 61435db..4226b1a 100644 --- a/apps/docker-compose.all.yml +++ b/apps/docker-compose.all.yml @@ -14,6 +14,9 @@ ## Stellen Sie sicher, dass die .env.all Datei im angegebenen Verzeichnis existiert und den ENVIRONMENT Wert enthält. ## +configs: + all: + file: ../env/.env.all include: - path: ./proxy/docker-compose.yml env_file: @@ -23,7 +26,6 @@ include: env_file: - ../env/.env.all - ../env/${ENVIRONMENT:-development}/.env.frontend - - ../env/${ENVIRONMENT:-development}/.env.proxy - path: ./backend/docker-compose.yml - path: ./database/docker-compose.yml - path: ./website/docker-compose.yml diff --git a/apps/frontend/docker-compose.yml b/apps/frontend/docker-compose.yml index 549cac9..9247f01 100644 --- a/apps/frontend/docker-compose.yml +++ b/apps/frontend/docker-compose.yml @@ -1,10 +1,3 @@ -### Frontend (./apps/frontend/docker-compose.yml) -# - [ ] Create a Vue.js frontend service -# - [ ] Set up a Node.js environment for the frontend -# - [ ] Configure volumes for persistent storage of frontend assets -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/frontend.env) -# - [ ] Configure networking to communicate with the backend service -# - [ ] Set up healthchecks for the frontend service services: webapp: build: @@ -12,16 +5,13 @@ services: dockerfile: Dockerfile container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development} profiles: ["webapp", "frontend", "all", "app"] - depends_on: - - database - - backend + ports: + - 3000:3000 labels: - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.http.routers.webapp.service=webapp" - "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}" - 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)' - - "traefik.http.routers.webapp.tls=true" - - "traefik.http.routers.webapp.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" - - "traefik.http.routers.webapp.tls.domains[0].main=${FRONTEND_DOMAIN}" - - "traefik.http.routers.webapp.tls.domains[0].sans=${FRONTEND_DOMAIN_2}" - "traefik.http.services.webapp.loadbalancer.server.port=3000" - - "traefik.docker.network=${TRAEFIK_NETWORK}" \ No newline at end of file + - "traefik.docker.network=${TRAEFIK_NETWORK}" + \ No newline at end of file diff --git a/apps/tools/docker-compose.yml b/apps/tools/docker-compose.yml index 4aa9966..3c6ebce 100644 --- a/apps/tools/docker-compose.yml +++ b/apps/tools/docker-compose.yml @@ -5,63 +5,7 @@ # - [ ] Configure networking to expose these services to the internet via the proxy # - [ ] Set up regular backup jobs for critical data in these services -services: - nextcloud-db: - image: mariadb:10.6 - container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-db-${ENVIRONMENT:-development} - profiles: ["all", "tools", "nextcloud"] - command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF - restart: unless-stopped - volumes: - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloud/database:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben - - MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben - - MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name - - MYSQL_USER=mindboostcloud #SQL Nutzername - - MYSQL_INITDB_SKIP_TZINFO=1 - - MARIADB_AUTO_UPGRADE=1 - nextcloud-redis: - image: redis:alpine - container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-redis-${ENVIRONMENT:-development} - profiles: ["all", "tools", "nextcloud"] - hostname: nextcloud-redis - restart: unless-stopped - command: redis-server --requirepass redis-mindboost-passwort # Redis Passwort eingeben - cloud: - image: nextcloud - container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-app-${ENVIRONMENT:-development} - profiles: ["all", "tools", "nextcloud"] - restart: unless-stopped - depends_on: - - nextcloud-db - - nextcloud-redis - environment: - TRUSTED_PROXIES: 172.16.255.254/16 - OVERWRITEPROTOCOL: https - OVERWRITECLIURL: https://${CLOUD_DOMAIN:-cloud} - OVERWRITEHOST: ${CLOUD_DOMAIN:-cloud} - REDIS_HOST: nextcloud-redis - REDIS_HOST_PASSWORD: redis-mindboost-passwort # Redis Passwort von oben wieder eingeben - volumes: - - ./app:/var/www/html - - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloudapp/:/var/www/html/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.entrypoints=websecure" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.rule=Host(`${CLOUD_DOMAIN}`)" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls.certresolver=http_resolver" - - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.service=cloud' - - "traefik.http.services.cloud.loadbalancer.server.port=80" - - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.middlewares=nextcloud-dav,default@file" - - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" - networks: - - ${TRAEFIK_NETWORK} -networks: - nextcloud: - name: ${INFRASTRUCTURE_LABEL:-default}_nextcloud +include: + - path: ./nextcloud/docker-compose.yml + - path: ./limesurvey/docker-compose.yml + - path: ./invoiceninja/dockerfiles/debian/docker-compose.yml diff --git a/apps/tools/limesurvey/docker-compose.yml b/apps/tools/limesurvey/docker-compose.yml new file mode 100644 index 0000000..e69de29 diff --git a/apps/tools/nextcloud/docker-compose.yml b/apps/tools/nextcloud/docker-compose.yml new file mode 100644 index 0000000..2a3acf6 --- /dev/null +++ b/apps/tools/nextcloud/docker-compose.yml @@ -0,0 +1,59 @@ +services: + nextcloud-db: + image: mariadb:10.6 + container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-db-${ENVIRONMENT:-development} + profiles: ["all", "tools", "nextcloud"] + command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloud/database:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben + - MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben + - MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name + - MYSQL_USER=mindboostcloud #SQL Nutzername + - MYSQL_INITDB_SKIP_TZINFO=1 + - MARIADB_AUTO_UPGRADE=1 + nextcloud-redis: + image: redis:alpine + container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-redis-${ENVIRONMENT:-development} + profiles: ["all", "tools", "nextcloud"] + hostname: nextcloud-redis + restart: unless-stopped + command: redis-server --requirepass redis-mindboost-passwort # Redis Passwort eingeben + cloud: + image: nextcloud + container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-app-${ENVIRONMENT:-development} + profiles: ["all", "tools", "nextcloud"] + restart: unless-stopped + depends_on: + - nextcloud-db + - nextcloud-redis + environment: + TRUSTED_PROXIES: 172.16.255.254/16 + OVERWRITEPROTOCOL: https + OVERWRITECLIURL: https://${CLOUD_DOMAIN:-cloud} + OVERWRITEHOST: ${CLOUD_DOMAIN:-cloud} + REDIS_HOST: nextcloud-redis + REDIS_HOST_PASSWORD: redis-mindboost-passwort # Redis Passwort von oben wieder eingeben + volumes: + - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloudapp/:/var/www/html/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.entrypoints=websecure" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.rule=Host(`${CLOUD_DOMAIN}`)" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls.certresolver=http_resolver" + - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.service=cloud' + - "traefik.http.services.cloud.loadbalancer.server.port=80" + - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.middlewares=nextcloud-dav,default@file" + - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" + - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" + networks: + - ${TRAEFIK_NETWORK} +networks: + nextcloud: + name: ${INFRASTRUCTURE_LABEL:-default}_nextcloud diff --git a/apps/website/docker-compose.yml b/apps/website/docker-compose.yml index 06a1ade..2d5d4fb 100644 --- a/apps/website/docker-compose.yml +++ b/apps/website/docker-compose.yml @@ -7,17 +7,26 @@ services: container_name: ${INFRASTRUCTURE_LABEL:-default}-kirbycms-${ENVIRONMENT:-development} profiles: ["website","kirbycms","all"] volumes: - - ../../volumes/website/kirbycms:/var/www/html:rw # Persistente Daten + - kirbycms_data:/var/www/html:rw # Persistente Daten restart: unless-stopped + ports: + - 0:80 networks: - - ${TRAEFIK_NETWORK} + - ${TRAEFIK_NETWORK:-default} labels: - - "traefik.enable=${TRAEFIK_ENABLE}" - - "traefik.docker.network=${TRAEFIK_NETWORK}" + - "traefik.enable=${TRAEFIK_ENABLE:-false}" + - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" - "traefik.http.routers.kirbycms.service=kirbycms" - - "traefik.http.routers.kirbycms.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" - - "traefik.http.routers.kirbycms.tls.domains[0].main=`${WEBSITE_DOMAIN}`" - - "traefik.http.routers.kirbycms.rule=Host(`${WEBSITE_DOMAIN}`)" - - "traefik.http.routers.kirbycms.entrypoints=${TRAEFIK_ENTRYPOINT}" + - "traefik.http.routers.kirbycms.tls.certresolver=${TRAEFIK_CERT_RESOLVER:-default}" + - "traefik.http.routers.kirbycms.tls.domains[0].main=`${WEBSITE_DOMAIN:-kirby.local}`" + - "traefik.http.routers.kirbycms.rule=Host(`${WEBSITE_DOMAIN:-kirby.local}`)" + - "traefik.http.routers.kirbycms.entrypoints=${TRAEFIK_ENTRYPOINT:-default}" - "traefik.http.routers.kirbycms.tls=true" - "traefik.http.services.kirbycms.loadbalancer.server.port=80" +volumes: + kirbycms_data: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/docker-volumes/website/kirbycms # Neuer fester Speicherort From 02f20a277cc5762b1b62b6f2c6bc5becc1cdbcb2 Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 28 Feb 2025 18:07:07 +0100 Subject: [PATCH 27/39] add invoiceninja as git module --- .gitmodules | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitmodules b/.gitmodules index d543125..2ce3a07 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "apps/frontend/src"] path = apps/frontend/src url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git +[submodule "apps/tools/invoiceninja/dockerfiles"] + path = apps/tools/invoiceninja/dockerfiles + url = https://github.com/invoiceninja/dockerfiles.git From 1d04638be8eaecab963b6d1be9b49e2259570be1 Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 28 Feb 2025 18:08:23 +0100 Subject: [PATCH 28/39] add healthcheck and init user script for database --- apps/database/healthcheck.sh | 33 ++++++++++++++++ apps/database/init-user.sh | 74 ++++++++++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100755 apps/database/healthcheck.sh create mode 100644 apps/database/init-user.sh diff --git a/apps/database/healthcheck.sh b/apps/database/healthcheck.sh new file mode 100755 index 0000000..b46c856 --- /dev/null +++ b/apps/database/healthcheck.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Credentials from environment variables +MYSQL_USER="${MARIADB_USER:-default}" +MYSQL_PASSWORD="${MARIADB_PASSWORD:-default}" +MYSQL_HOST="127.0.0.1" + +ROOT_PASSWORD=$(cat /run/secrets/mariadb_root) + +echo "🔑 READ ROOT PASSWORD FROM SECRETS" + +# Check if MariaDB is running +if ! mariadb -h "$MYSQL_HOST" -u root -p"$ROOT_PASSWORD" -e "SELECT 1;" &>/dev/null; then + echo "❌ MariaDB is not responding" + exit 1 +fi + +# Check if a specific user exists +USER_EXISTS=$(mariadb -h "$MYSQL_HOST" -u root -p"$ROOT_PASSWORD" -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${MYSQL_USER}');" | tail -n 1) + +if [ "$USER_EXISTS" -ne 1 ]; then + echo "❌ User '${MYSQL_USER}' does not exist" + exit 1 +fi + +# Check if the user can log in with the provided password +if ! mariadb -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" -e "SELECT 1;" &>/dev/null; then + echo "❌ User '${MYSQL_USER}' exists, but authentication failed with the provided password." + exit 1 +fi + +echo "✅ MariaDB is healthy" +exit 0 diff --git a/apps/database/init-user.sh b/apps/database/init-user.sh new file mode 100644 index 0000000..14777b1 --- /dev/null +++ b/apps/database/init-user.sh @@ -0,0 +1,74 @@ +#!/bin/bash +echo "🔄 Running MariaDB initialization script..." + +# Wait until MariaDB is ready +until mysqladmin ping -h localhost --silent; do + sleep 2 +done + +echo "✅ MariaDB is ready. Checking root credentials..." + +# Try logging in with the root password +if ! mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SELECT 1;" &>/dev/null; then + echo "❌ ERROR: Root password in .env does not match the database!" + echo "🔄 Attempting to reset the root password..." + + # Stop MariaDB safely + echo "⚠️ Stopping MariaDB..." + service mysql stop || pkill mysqld + sleep 5 + + # Start MariaDB in recovery mode + echo "🚀 Starting MariaDB in recovery mode..." + mysqld_safe --skip-grant-tables --skip-networking & + sleep 5 + + # Reset root password + echo "🔐 Resetting root password..." + mysql -u root < /dev/null; echo "$?") + +if [ "$DB_EXISTS" -ne 0 ]; then + echo "⚠️ Database '${MARIADB_DATABASE}' does not exist. Creating it now..." + mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "CREATE DATABASE ${MARIADB_DATABASE};" + echo "✅ Database '${MARIADB_DATABASE}' created!" +else + echo "✅ Database '${MARIADB_DATABASE}' already exists." +fi + +# Ensure the database user exists and has the correct password +USER_EXISTS=$(mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${MARIADB_USER}');" | tail -n 1) + +if [ "$USER_EXISTS" -eq 0 ]; then + echo "⚠️ User '${MARIADB_USER}' does not exist. Creating it now..." + mysql -u root -p"$MARIADB_ROOT_PASSWORD" < Date: Fri, 28 Feb 2025 18:08:52 +0100 Subject: [PATCH 29/39] changes in development environtments --- env/development/.env.backend | 17 +++++++++++------ env/development/.env.database | 7 +------ env/development/.env.proxy | 5 +++-- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/env/development/.env.backend b/env/development/.env.backend index 8f1d6cb..a0fcfaf 100644 --- a/env/development/.env.backend +++ b/env/development/.env.backend @@ -11,16 +11,21 @@ SERVER_IP=${SERVER_IP:-localhost} # Laravel Backend # ---------------------------------- BACKEND_NETWORK=backend +APP_ENV=${ENVIRONMENT-local} APP_NAME="mindboost backend - Compose Deployment" APP_URL=https://backend.local LARAVEL_PORT=8000 LARAVEL_VITE_PORT=5173 -DB_HOST=${MARIADB_HOST:-database} -DB_PORT=${MARIADB_PORT:-3306} -DB_PASSWORD=${MARIADB_PASSWORD:-default} -DB_USERNAME=${MARIADB_USER:-default} -DB_DATABASE=${MARIADB_DATABASE:-default} - JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F +# ---------------------------------- +# Datenbank Zugriff - ! MUSS MIT .env.database übereinstimmen +# ---------------------------------- +DB_HOST=database +DB_PORT=3306 +DB_PASSWORD=1stronges-mindboostdb-passwort +DB_USERNAME=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} +DB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} + + diff --git a/env/development/.env.database b/env/development/.env.database index ca4d94b..ddaad30 100644 --- a/env/development/.env.database +++ b/env/development/.env.database @@ -3,12 +3,7 @@ # ---------------------------------- MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} +MARIADB_ROOT_PASSWORD_FILE=/run/secrets/mariadb_root MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_RANDOM_ROOT_PASSWORD=1 MARIADB_PORT=3306 MARIADB_HOST=database - -# ---------------------------------- -# Adminer -# ---------------------------------- -ADMINER_PORT=8082 diff --git a/env/development/.env.proxy b/env/development/.env.proxy index 3b1fdb6..9aaf065 100644 --- a/env/development/.env.proxy +++ b/env/development/.env.proxy @@ -1,8 +1,8 @@ # ---------------------------------- # TRAEFIK # ---------------------------------- - -TRAEFIK_ENABLE=false + +TRAEFIK_ENABLE=true TRAEFIK_NETWORK=proxy TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} TRAEFIK_CERT_RESOLVER= @@ -14,6 +14,7 @@ FRONTEND_DOMAIN=frontend.local FRONTEND_DOMAIN_2=app.frontend.local BACKEND_DOMAIN=backend.local WEBSITE_DOMAIN=web.local +ADMINER_DOMAIN=adminer.local GITEA_DOMAIN=gitea.local LIMESURVEY_DOMAIN=survey.local LINKSTACK_DOMAIN=linkstack.local From 29308548149c3f8e0f9ac362d7c572053500cca5 Mon Sep 17 00:00:00 2001 From: rorapp Date: Fri, 28 Feb 2025 18:09:25 +0100 Subject: [PATCH 30/39] setup scripts for global env, project root and proxy env --- scripts/setup/set-global-env.sh | 54 ++++++++++++++++++++++++++++ scripts/setup/set-project-root.sh | 14 ++++++++ scripts/setup/set-proxy-env.sh | 60 +++++++++++++++++++++++++++++++ 3 files changed, 128 insertions(+) create mode 100644 scripts/setup/set-global-env.sh create mode 100644 scripts/setup/set-project-root.sh create mode 100644 scripts/setup/set-proxy-env.sh diff --git a/scripts/setup/set-global-env.sh b/scripts/setup/set-global-env.sh new file mode 100644 index 0000000..8fe74f9 --- /dev/null +++ b/scripts/setup/set-global-env.sh @@ -0,0 +1,54 @@ + +#!/bin/bash + +# Stelle sicher, dass ROOT_DIR gesetzt ist +if [ -z "$ROOT_DIR" ]; then + echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..." + source ./set-project-root.sh +fi + +# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root +ENV_FILE="$ROOT_DIR/env/.env.all" + +# Prüfen, ob die Datei existiert +if [ ! -f "$ENV_FILE" ]; then + echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!" + exit 1 +fi + +echo "✅ ENV-Datei vorhanden: $ENV_FILE" + +# Funktion: Alle Variablen exportieren +export_env_vars() { + while IFS='=' read -r key value; do + # Entferne führende und nachfolgende Leerzeichen + key=$(echo "$key" | xargs) + value=$(echo "$value" | xargs) + + # Falls die Zeile ein Kommentar oder leer ist, überspringen + if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then + continue + fi + + # Entferne umschließende Anführungszeichen, falls vorhanden + value=$(echo "$value" | sed -E 's/^"(.*)"$/\1/') + + # Exportiere die Variable + export "$key=$value" + done < "$ENV_FILE" +} + +# Alle Variablen exportieren +export_env_vars + +export SERVER_IP=$(curl -s https://api.ipify.org) + +echo "🔹 Geladene Variablen:" +grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do + echo "$var=${!var}" # Gibt die gesetzten Variablen mit ihrem Wert aus +done + + + + + diff --git a/scripts/setup/set-project-root.sh b/scripts/setup/set-project-root.sh new file mode 100644 index 0000000..060a5b8 --- /dev/null +++ b/scripts/setup/set-project-root.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Bestimme das Root-Verzeichnis des Git-Repos +ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null) + +# Falls das Repository nicht gefunden wurde, abbrechen +if [ -z "$ROOT_DIR" ]; then + echo "❌ Fehler: Kein Git-Repository gefunden!" + exit 1 +fi + +# Setze die Variable für die aktuelle Shell-Sitzung +export ROOT_DIR +echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR" diff --git a/scripts/setup/set-proxy-env.sh b/scripts/setup/set-proxy-env.sh new file mode 100644 index 0000000..a44579d --- /dev/null +++ b/scripts/setup/set-proxy-env.sh @@ -0,0 +1,60 @@ + +#!/bin/bash + +# Stelle sicher, dass ROOT_DIR gesetzt ist +if [ -z "$ROOT_DIR" ]; then + echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..." + source ./set-project-root.sh +fi + +# Stelle sicher, dass ENVIRONMENT gesetzt ist +if [ -z "$ENVIRONMENT" ]; then + echo "❌ WARN: ENVIRONMENT ist nicht gesetzt! Setze ENVIRONMENT..." + source ./set-global-env.sh +fi + +# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root +ENV_FILE="$ROOT_DIR/env/${ENVIRONMENT}/.env.proxy" + +# Prüfen, ob die Datei existiert +if [ ! -f "$ENV_FILE" ]; then + echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!" + exit 1 +fi + +echo "✅ ENV-Datei vorhanden: $ENV_FILE" + +# Funktion: Alle Variablen exportieren +export_env_vars() { + while IFS='=' read -r key value; do + # Entferne führende und nachfolgende Leerzeichen + key=$(echo "$key" | xargs) + value=$(echo "$value" | xargs) + + # Falls die Zeile ein Kommentar oder leer ist, überspringen + if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then + continue + fi + + # Entferne umschließende Anführungszeichen, falls vorhanden + value=$(echo "$value" | sed -E 's/^"(.*)"$/\1/') + + # Exportiere die Variable + export "$key=$value" + done < "$ENV_FILE" +} + +# Alle Variablen exportieren +export_env_vars + +export SERVER_IP=$(curl -s https://api.ipify.org) + +echo "🔹 Geladene Variablen:" +grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do + echo "$var=${!var}" # Gibt die gesetzten Variablen mit ihrem Wert aus +done + + + + + From b8a6abe1000a853768317d1f2941e528fbe3749d Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 4 Mar 2025 18:18:21 +0100 Subject: [PATCH 31/39] update env stucture for frontend deployment --- apps/frontend/src | 2 +- env/development/.env.frontend | 3 +- scripts/debug/deploy-frontend.sh | 3 ++ scripts/setup/set-frontend-env.sh | 59 +++++++++++++++++++++++++++++++ 4 files changed, 64 insertions(+), 3 deletions(-) create mode 100755 scripts/debug/deploy-frontend.sh create mode 100644 scripts/setup/set-frontend-env.sh diff --git a/apps/frontend/src b/apps/frontend/src index 2d8bcb6..bea91fe 160000 --- a/apps/frontend/src +++ b/apps/frontend/src @@ -1 +1 @@ -Subproject commit 2d8bcb6067b626ef0d83a364d070db3659bedcf3 +Subproject commit bea91fef76057fea0d7f0b68931df22fea44e5e6 diff --git a/env/development/.env.frontend b/env/development/.env.frontend index dc87f64..7df9bbc 100644 --- a/env/development/.env.frontend +++ b/env/development/.env.frontend @@ -1,5 +1,4 @@ # ---------------------------------- # VUE APP # ---------------------------------- - -BACKEND_URL="backend.local" \ No newline at end of file +BACKEND_URL="backend.local" diff --git a/scripts/debug/deploy-frontend.sh b/scripts/debug/deploy-frontend.sh new file mode 100755 index 0000000..fe5ede8 --- /dev/null +++ b/scripts/debug/deploy-frontend.sh @@ -0,0 +1,3 @@ +source ./../setup/set-global-env.sh +source ./../setup/set-frontend-env.sh +docker compose -f ./../../apps/frontend/docker-compose.overwrite.yml --env-file ./../../env/${ENVIRONMENT}/.env.frontend --profile frontend up \ No newline at end of file diff --git a/scripts/setup/set-frontend-env.sh b/scripts/setup/set-frontend-env.sh new file mode 100644 index 0000000..8082c26 --- /dev/null +++ b/scripts/setup/set-frontend-env.sh @@ -0,0 +1,59 @@ + +#!/bin/bash + +# Stelle sicher, dass ROOT_DIR gesetzt ist +if [ -z "$ROOT_DIR" ]; then + echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..." + # Bestimme das Root-Verzeichnis des Git-Repos + ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null) + + # Falls das Repository nicht gefunden wurde, abbrechen + if [ -z "$ROOT_DIR" ]; then + echo "❌ Fehler: Kein Git-Repository gefunden!" + exit 1 + fi + + # Setze die Variable für die aktuelle Shell-Sitzung + export ROOT_DIR + echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR" +fi + +# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root +ENV_FILE="$ROOT_DIR/env/development/.env.frontend" + +# Prüfen, ob die Datei existiert +if [ ! -f "$ENV_FILE" ]; then + echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!" + exit 1 +fi + +echo "✅ ENV-Datei vorhanden: $ENV_FILE" + +# Funktion: Alle Variablen exportieren +export_env_vars() { + while IFS='=' read -r key value; do + # Entferne führende und nachfolgende Leerzeichen + key=$(echo "$key" | xargs) + value=$(echo "$value" | xargs) + + # Falls die Zeile ein Kommentar oder leer ist, überspringen + if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then + continue + fi + # Exportiere die Variable + export "$key=$value" + done < "$ENV_FILE" +} + +# Alle Variablen exportieren +export_env_vars + +echo "🔹 Geladene Variablen:" +grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do + echo "$var=${!var}" # Gibt die gesetzten Variablen mit ihrem Wert aus +done + + + + + From c9b55aa0edf78f8c0fbfba4d4725d888ea1603d0 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 4 Mar 2025 18:22:02 +0100 Subject: [PATCH 32/39] restructure backend folder and database --- .../{ => backend}/database/docker-compose.yml | 23 +-------- apps/{ => backend}/database/healthcheck.sh | 0 apps/{ => backend}/database/init-user.sh | 0 apps/backend/docker-compose.overwrite.yml | 48 +++++++++++++++++++ apps/backend/docker-compose.yml | 6 ++- apps/backend/src | 2 +- apps/frontend/docker-compose.overwrite.yml | 19 ++++++++ apps/frontend/docker-compose.yml | 6 +-- apps/frontend/src | 2 +- 9 files changed, 79 insertions(+), 27 deletions(-) rename apps/{ => backend}/database/docker-compose.yml (51%) rename apps/{ => backend}/database/healthcheck.sh (100%) rename apps/{ => backend}/database/init-user.sh (100%) create mode 100644 apps/backend/docker-compose.overwrite.yml create mode 100644 apps/frontend/docker-compose.overwrite.yml diff --git a/apps/database/docker-compose.yml b/apps/backend/database/docker-compose.yml similarity index 51% rename from apps/database/docker-compose.yml rename to apps/backend/database/docker-compose.yml index d85a294..24bd1cb 100644 --- a/apps/database/docker-compose.yml +++ b/apps/backend/database/docker-compose.yml @@ -3,7 +3,7 @@ # - [ ] Configure volumes for persistent storage of database data secrets: mariadb_root: - file: ${ROOT_DIR:-../..}/env/secrets.env + file: ${ROOT_DIR:-../../..}/env/secrets.env services: database: secrets: @@ -13,7 +13,7 @@ services: container_name: ${INFRASTRUCTURE_LABEL:-default}-mariadb-${ENVIRONMENT:-development} command: --bind-address=0.0.0.0 env_file: - - ../../env/${ENVIRONMENT:-development}/.env.database + - ${ROOT_DIR:-../../..}/env/${ENVIRONMENT:-development}/.env.database volumes: - backend_mariadb_data:/var/lib/mysql - ./healthcheck.sh:/usr/local/bin/healthcheck.sh @@ -24,25 +24,6 @@ services: test: ["CMD", "bash", "/usr/local/bin/healthcheck.sh"] interval: 1s retries: 3 - adminer: - profiles: ["all", "database", "backend", "adminer", "app"] - image: adminer - container_name: ${INFRASTRUCTURE_LABEL:-default}-adminer-${ENVIRONMENT:-development} - restart: always - ports: - - ${ADMINER_PORT:-0}:8080 - networks: - - database - - proxy - labels: - - "traefik.enable=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.entrypoints=websecure" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.rule=Host(`${ADMINER_DOMAIN}`)" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls.certresolver=http_resolver" - - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.service=adminer' - - "traefik.http.adminer.cloud.loadbalancer.server.port=8080" - - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" # TODO: ADMINER IS NOT PREPARED FOR TRAEFIK networks: backend: diff --git a/apps/database/healthcheck.sh b/apps/backend/database/healthcheck.sh similarity index 100% rename from apps/database/healthcheck.sh rename to apps/backend/database/healthcheck.sh diff --git a/apps/database/init-user.sh b/apps/backend/database/init-user.sh similarity index 100% rename from apps/database/init-user.sh rename to apps/backend/database/init-user.sh diff --git a/apps/backend/docker-compose.overwrite.yml b/apps/backend/docker-compose.overwrite.yml new file mode 100644 index 0000000..14203b2 --- /dev/null +++ b/apps/backend/docker-compose.overwrite.yml @@ -0,0 +1,48 @@ +### Backend (./apps/backend/docker-compose.yml) +include: + - ./database/docker-compose.yml +services: + backend: + container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-laravel-${ENVIRONMENT:-development} + profiles: ["laravel", "backend", "all", "app"] + ports: + - "${LARAVEL_PORT:-8000}:8000" + - "${LARAVEL_VITE_PORT:-5173}:5173" + env_file: + - ../../env/${ENVIRONMENT:-development}/.env.backend + volumes: + - ./src/entrypoint.sh:/usr/local/bin/entrypoint.sh + depends_on: + - database + build: + context: ./src + dockerfile: Dockerfile + networks: + - backend + labels: + - "traefik.enable=${TRAEFIK_ENABLE:-false}" + - "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}" + - "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)" + - "traefik.http.routers.backend.tls=true" + - "traefik.http.routers.backend.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" + - "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`" + - "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + backend-redis: + image: redis:alpine + container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-redis-${ENVIRONMENT:-development} + profiles: ["redis", "backend", "all"] + env_file: + - ../../env/${ENVIRONMENT:-development}/.env.backend + restart: unless-stopped + command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-laravel-redis-passwort} # Redis Passwort eingeben + volumes: + - backend_redis_data:/data + networks: + - backend +volumes: + backend_redis_data: + driver: local + name: "${INFRASTRUCTURE_LABEL}_backend_redis_data" + + diff --git a/apps/backend/docker-compose.yml b/apps/backend/docker-compose.yml index 5f53f80..ed4df67 100644 --- a/apps/backend/docker-compose.yml +++ b/apps/backend/docker-compose.yml @@ -1,10 +1,14 @@ ### Backend (./apps/backend/docker-compose.yml) +include: + - ./database/docker-compose.yml services: backend: container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-laravel-${ENVIRONMENT:-development} profiles: ["laravel", "backend", "all", "app"] env_file: - ../../env/${ENVIRONMENT:-development}/.env.backend + volumes: + - ./src/entrypoint.sh:/usr/local/bin/entrypoint.sh depends_on: - database build: @@ -13,7 +17,7 @@ services: networks: - backend labels: - - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.enable=${TRAEFIK_ENABLE:-false}" - "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}" - "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)" - "traefik.http.routers.backend.tls=true" diff --git a/apps/backend/src b/apps/backend/src index 0e3ecbb..623a270 160000 --- a/apps/backend/src +++ b/apps/backend/src @@ -1 +1 @@ -Subproject commit 0e3ecbb0a788f2afa5699185ef65901781d11c79 +Subproject commit 623a2709481206350acc350a3abc245efe0cad23 diff --git a/apps/frontend/docker-compose.overwrite.yml b/apps/frontend/docker-compose.overwrite.yml new file mode 100644 index 0000000..8d4b073 --- /dev/null +++ b/apps/frontend/docker-compose.overwrite.yml @@ -0,0 +1,19 @@ +services: + webapp: + build: + context: ./src + dockerfile: Dockerfile + args: + BACKEND_URL: ${BACKEND_URL:-http://localhost:8000} # this argument is important on build to set the server url! + container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development} + profiles: ["webapp", "frontend", "all", "app"] + ports: + - 3000:3000 + labels: + - "traefik.enable=${TRAEFIK_ENABLE:-false}" + - "traefik.http.routers.webapp.service=webapp" + - "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}" + - 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)' + - "traefik.http.services.webapp.loadbalancer.server.port=3000" + - "traefik.docker.network=${TRAEFIK_NETWORK}" + \ No newline at end of file diff --git a/apps/frontend/docker-compose.yml b/apps/frontend/docker-compose.yml index 9247f01..76dbe6a 100644 --- a/apps/frontend/docker-compose.yml +++ b/apps/frontend/docker-compose.yml @@ -3,12 +3,12 @@ services: build: context: ./src dockerfile: Dockerfile + args: + BACKEND_URL: ${BACKEND_URL:-http://localhost:8000} # this argument is important on build to set the backend server url! container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development} profiles: ["webapp", "frontend", "all", "app"] - ports: - - 3000:3000 labels: - - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.enable=${TRAEFIK_ENABLE:-false}" - "traefik.http.routers.webapp.service=webapp" - "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}" - 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)' diff --git a/apps/frontend/src b/apps/frontend/src index bea91fe..b5ed737 160000 --- a/apps/frontend/src +++ b/apps/frontend/src @@ -1 +1 @@ -Subproject commit bea91fef76057fea0d7f0b68931df22fea44e5e6 +Subproject commit b5ed737d10ad899d46b7c53533654280b59ef35e From f6e37931930d15a7dd115e3f9a495b0cb72e63c7 Mon Sep 17 00:00:00 2001 From: rorapp Date: Tue, 4 Mar 2025 18:23:37 +0100 Subject: [PATCH 33/39] added scripts for deploy backend --- scripts/debug/deploy-backend.sh | 3 +++ scripts/setup/set-global-env.sh | 13 ++++++++++++- scripts/start/deploy-all.sh | 5 +++++ scripts/start/deploy-backend.sh | 3 +++ 4 files changed, 23 insertions(+), 1 deletion(-) create mode 100755 scripts/debug/deploy-backend.sh create mode 100755 scripts/start/deploy-backend.sh diff --git a/scripts/debug/deploy-backend.sh b/scripts/debug/deploy-backend.sh new file mode 100755 index 0000000..a4ebe03 --- /dev/null +++ b/scripts/debug/deploy-backend.sh @@ -0,0 +1,3 @@ +source ./../setup/set-global-env.sh +chmod +x ./../../apps/backend/src/entrypoint.sh +docker compose -f ./../../apps/backend/docker-compose.overwrite.yml --env-file ./../../env/${ENVIRONMENT}/.env.database --env-file ./../../env/${ENVIRONMENT}/.env.backend --profile backend up \ No newline at end of file diff --git a/scripts/setup/set-global-env.sh b/scripts/setup/set-global-env.sh index 8fe74f9..4494004 100644 --- a/scripts/setup/set-global-env.sh +++ b/scripts/setup/set-global-env.sh @@ -4,7 +4,18 @@ # Stelle sicher, dass ROOT_DIR gesetzt ist if [ -z "$ROOT_DIR" ]; then echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..." - source ./set-project-root.sh + # Bestimme das Root-Verzeichnis des Git-Repos + ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null) + + # Falls das Repository nicht gefunden wurde, abbrechen + if [ -z "$ROOT_DIR" ]; then + echo "❌ Fehler: Kein Git-Repository gefunden!" + exit 1 + fi + + # Setze die Variable für die aktuelle Shell-Sitzung + export ROOT_DIR + echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR" fi # Setze den Pfad zur .env.all Datei relativ zum Projekt-Root diff --git a/scripts/start/deploy-all.sh b/scripts/start/deploy-all.sh index 7a57056..0382a53 100755 --- a/scripts/start/deploy-all.sh +++ b/scripts/start/deploy-all.sh @@ -1,4 +1,9 @@ #!/bin/bash +source ../setup/set-project-root.sh +source ../setup/set-global-env.sh +source ../setup/set-proxy-env.sh +source ../setup/generate-secrets.sh + # Pfad zur .env.all Datei ENV_FILE="../../env/.env.all" diff --git a/scripts/start/deploy-backend.sh b/scripts/start/deploy-backend.sh new file mode 100755 index 0000000..2d7420f --- /dev/null +++ b/scripts/start/deploy-backend.sh @@ -0,0 +1,3 @@ +source ./../setup/set-global-env.sh +chmod +x ./../../apps/backend/src/entrypoint.sh +docker compose -f ./../../apps/backend/docker-compose.yml --env-file ./../../env/${ENVIRONMENT}/.env.database --env-file ./../../env/${ENVIRONMENT}/.env.backend --profile backend up \ No newline at end of file From 138525835d78d759c0e169bc1be45937b9578fb7 Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 5 Mar 2025 15:11:14 +0100 Subject: [PATCH 34/39] move adminer to develop --- README.md | 8 +------- apps/develop/adminer/docker-compose.yml | 20 ++++++++++++++++++++ apps/develop/gitea/docker-compose.yml | 2 +- 3 files changed, 22 insertions(+), 8 deletions(-) create mode 100644 apps/develop/adminer/docker-compose.yml diff --git a/README.md b/README.md index 176b99d..a76bb7c 100644 --- a/README.md +++ b/README.md @@ -128,12 +128,6 @@ Our infrastructure uses a two-tier network model to enhance security and isolate - These networks are not directly accessible from the internet and provide secure communication between public and internal services. - Examples: backend_network, database_network, etc. -Service Network Configuration: -- Frontend: Connected to proxy_network and backend_network -- Backend API: Connected to backend_network and database_network -- Database: Connected only to database_network -- Traefik: Connected only to proxy_network - This structure ensures that: - The proxy (Traefik) can route traffic to public-facing services. - Internal services (like databases) are not directly accessible from the proxy network. @@ -163,7 +157,7 @@ The `volumes/` folder contains subdirectories for different volumes used by vari Each subdirectory corresponds to a specific service or group of services, containing the persistent data that needs to be preserved across container restarts or redeployments. -When configuring Docker Compose files, reference these volume paths to ensure data persistence. For example: +When configuring Docker Compose files, reference these volume paths to ensure data persistence. ```yaml volumes: diff --git a/apps/develop/adminer/docker-compose.yml b/apps/develop/adminer/docker-compose.yml new file mode 100644 index 0000000..ac70ed9 --- /dev/null +++ b/apps/develop/adminer/docker-compose.yml @@ -0,0 +1,20 @@ +services: + adminer: + profiles: ["all", "database", "backend", "adminer", "app"] + image: adminer + container_name: ${INFRASTRUCTURE_LABEL:-default}-adminer-${ENVIRONMENT:-development} + restart: always + ports: + - ${ADMINER_PORT:-0}:8080 + networks: + - database + - proxy + labels: + - "traefik.enable=${TRAEFIK_ENABLE:-false}" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.entrypoints=${TRAEFIK_ENTRYPOINT:-websecure}" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.rule=Host(`${ADMINER_DOMAIN}`)" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls=true" + - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls.certresolver=${TRAEFIK_CERT_RESOLVER:-http_resolver}" + - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.service=adminer' + - "traefik.http.adminer.cloud.loadbalancer.server.port=8080" + - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" \ No newline at end of file diff --git a/apps/develop/gitea/docker-compose.yml b/apps/develop/gitea/docker-compose.yml index 344052b..5591389 100644 --- a/apps/develop/gitea/docker-compose.yml +++ b/apps/develop/gitea/docker-compose.yml @@ -11,7 +11,7 @@ services: depends_on: - gitea_db labels: - - "traefik.enable=${TRAEFIK_ENABLE}" + - "traefik.enable=${TRAEFIK_ENABLE:-false}" - "traefik.http.routers.gitea.entrypoints=${TRAEFIK_ENTRYPOINT}" - "traefik.http.routers.gitea.rule=(Host(`${GITEA_DOMAIN})`)" - "traefik.http.routers.gitea.tls=true" From 71d080a87e93f943c004a347955e8e483c215343 Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 5 Mar 2025 15:19:42 +0100 Subject: [PATCH 35/39] added some fallback values --- apps/website/kirby/id.env | 2 +- env/.env.all | 191 -------------------------------------- 2 files changed, 1 insertion(+), 192 deletions(-) diff --git a/apps/website/kirby/id.env b/apps/website/kirby/id.env index 05aac46..02922e6 100644 --- a/apps/website/kirby/id.env +++ b/apps/website/kirby/id.env @@ -1 +1 @@ -USERID=0 +USERID=${USERID:-0} diff --git a/env/.env.all b/env/.env.all index 4bf35e0..4620033 100644 --- a/env/.env.all +++ b/env/.env.all @@ -37,194 +37,3 @@ SERVER_IP=127.0.0.1 # ✅ If needed, manually override variables in the shell or CLI. # ################################################################################################# - -## ______________________________________________________________________________________________ -## SEVICE GROUP ADMINISTRATION -## ______________________________________________________________________________________________ - -# ---------------------------------- -# Portainer -# ---------------------------------- - -PORTAINER_IMAGE=portainer/portainer-ce:latest -PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data - -## ______________________________________________________________________________________________ -## SEVICE GROUP DATABASE -## ______________________________________________________________________________________________ - -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- -MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -MARIADB_PASSWORD=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -MARIADB_ROOT_PASSWORD=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}-root - -MARIADB_PORT=3306 -MARIADB_HOST=${INFRASTRUCTURE_LABEL:-default}_database_${ENVIRONMENT:-development} - - -## ______________________________________________________________________________________________ -## SEVICE GROUP BACKEND -## ______________________________________________________________________________________________ - -# ---------------------------------- -# Redis -# ---------------------------------- -REDIS_PASSWORD=laravel-redis-passwort -REDIS_PORT=6379 - -# ---------------------------------- -# Laravel Backend -# ---------------------------------- -BACKEND_NETWORK=backend -APP_NAME="mindboost backend - Compose Deployment" -APP_URL=https://backend.local -LARAVEL_PORT=8000 -LARAVEL_VITE_PORT=5173 -DB_HOST=${MARIADB_HOST:-mariadb} -DB_PORT=${MARIADB_PORT:-3306} -DB_PASSWORD=${MARIADB_PASSWORD:-default} -DB_USERNAME=${MARIADB_USER:-default} -DB_DATABASE=${MARIADB_DATABASE:-default} - -JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F - -# ---------------------------------- -# Adminer -# ---------------------------------- -ADMINER_PORT=8080 - - -## ______________________________________________________________________________________________ -## SEVICE GROUP DEVELOP -## ______________________________________________________________________________________________ - -# ---------------------------------- -# GITEA AND GITEA DB -# ---------------------------------- - -USER_UID=1000 -USER_GID=1000 - -GITEA_VOLUME_PATH=../../../volumes/develop/gitea/gitea -GITEA_DATABASE_VOLUME_PATH=../../../volumes/develop/gitea/gitea_db - -GITEA_MYSQL_ROOT_PASSWORD=very-difficult-passwort-gitea -GITEA_MYSQL_USER=gitea -GITEA_MYSQL_PASSWORD=very-difficult-gitea -GITEA_MYSQL_DATABASE=gitea -GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true - - -## ______________________________________________________________________________________________ -## SEVICE GROUP FRONTEND -## ______________________________________________________________________________________________ - -# ---------------------------------- -# VUE APP -# ---------------------------------- - -BACKEND_URL="backend.local" - -## ______________________________________________________________________________________________ -## SEVICE GROUP PROXY -## ______________________________________________________________________________________________ - - -# ---------------------------------- -# TRAEFIK -# ---------------------------------- - -TRAEFIK_ENABLE=true -TRAEFIK_NETWORK=proxy -TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER:-admin}:${ADMIN_PASSWORD_HASH} -TRAEFIK_CERT_RESOLVER= - -## Domains when TRAEFIK is ENABLED - -PORTAINER_DOMAIN=portainer.local -FRONTEND_DOMAIN=frontend.local -FRONTEND_DOMAIN_2=app.frontend.local -BACKEND_DOMAIN=backend.local -WEBSITE_DOMAIN=web.local -GITEA_DOMAIN=gitea.local -LIMESURVEY_DOMAIN=survey.local -LINKSTACK_DOMAIN=linkstack.local -TRAEFIK_DOMAIN=traefik.local -CLOUD_DOMAIN=cloud.local - -### TLS for Domains - -PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN} -FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN} -FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2} -BACKEND_TLS_DOMAIN_MAIN=${BACKEND_DOMAIN} -WEBSITE_TLS_DOMAIN_MAIN=${WEBSITE_DOMAIN} -GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN} -LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN} -LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN} -TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN} -CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN} - - -## MIDDLEWARES - -TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect -TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth - - -## ENTRYPOINTS - -TRAEFIK_ENTRYPOINT=websecure -TRAEFIK_ENTRYPOINT_HTTP=web - - -## ______________________________________________________________________________________________ -## SEVICE GROUP SECURITY -## ______________________________________________________________________________________________ - -# ---------------------------------- -# WIREGUARD -# ---------------------------------- -WG_DEFAULT_ADDRESS=22.22.22.0 -WG_HOST=${SERVER_IP:-127.0.0.1} -WG_LANG=de - -## ______________________________________________________________________________________________ -## SEVICE GROUP TOOLS -## ______________________________________________________________________________________________ - -# ---------------------------------- -# NEXTCLOUD DB -# ---------------------------------- - -MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben -MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben -MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name -MYSQL_USER=mindboostcloud #SQL Nutzername -MYSQL_INITDB_SKIP_TZINFO=1 -MARIADB_AUTO_UPGRADE=1 - -# ---------------------------------- -# NEXTCLOUD CLOUD -# ---------------------------------- - -TRUSTED_PROXIES=172.16.255.254/16 -OVERWRITEPROTOCOL=https -OVERWRITECLIURL=https://${CLOUD_DOMAIN:-cloud} -OVERWRITEHOST=${CLOUD_DOMAIN:-cloud} -REDIS_HOST=nextcloud-redis -REDIS_HOST_PASSWORD=redis-mindboost-passwort - - -## ______________________________________________________________________________________________ -## SEVICE GROUP WEBSITE -## ______________________________________________________________________________________________ - -# ---------------------------------- -# KIRBY CMS -# ---------------------------------- - -KIRBY_USER_ID=0 \ No newline at end of file From 49badb74a75ecbb12677dc3afc57990ee8d250da Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 5 Mar 2025 15:20:01 +0100 Subject: [PATCH 36/39] different script approaches to start the app --- scripts/start/deploy-app.sh | 10 ++++++--- scripts/start/deploy-traefik.sh | 31 +++++++++++++-------------- scripts/start/deploy.sh | 37 +++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 20 deletions(-) create mode 100755 scripts/start/deploy.sh diff --git a/scripts/start/deploy-app.sh b/scripts/start/deploy-app.sh index 25a26df..e82cc45 100755 --- a/scripts/start/deploy-app.sh +++ b/scripts/start/deploy-app.sh @@ -1,4 +1,8 @@ #!/bin/bash +source ../setup/set-project-root.sh +source ../setup/set-global-env.sh +source ../setup/set-proxy-env.sh +source ../setup/generate-secrets.sh # Pfad zur .env.all Datei ENV_FILE="../../env/.env.all" @@ -13,7 +17,7 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT") SERVER_IP=$(curl -s https://api.ipify.org) # Liste aller Stacks -STACKS=("frontend" "database" "backend") +STACKS=("proxy" "frontend" "database" "backend") # Liste aller Environments ENVIRONMENTS=("development" "staging" "production") @@ -44,7 +48,7 @@ else fi # Ausgabe der Variablen -echo "Deploying to:" +echo "Deploying to" echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}" echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" echo "-----------------------------------" @@ -57,5 +61,5 @@ fi # Ausführen des Docker Compose Befehls -docker compose -f ../../apps/docker-compose.all.yml --env-file ../../env/.env.all -p ${INFRASTRUCTURE:-my} --profile app up --remove-orphans $BUILD_OPTION +docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --profile app up --remove-orphans $BUILD_OPTION diff --git a/scripts/start/deploy-traefik.sh b/scripts/start/deploy-traefik.sh index d0061ef..3e45421 100755 --- a/scripts/start/deploy-traefik.sh +++ b/scripts/start/deploy-traefik.sh @@ -3,7 +3,7 @@ set -e # Funktion zur Überprüfung der Produktivumgebung is_production() { - local prod_ip="85.215.56.185" # IP-Adresse deines Produktivservers + local prod_ip=${SERVER_IP:-127.0.0.1} # IP-Adresse deines Produktivservers local current_ip # Überprüfe das Betriebssystem @@ -69,30 +69,27 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then echo "Wir befinden uns in der Produktivumgebung." echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.prod.yml..." env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/proxy/docker-compose.traefik.prod.yml up -d + docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d else echo "Wir befinden uns in der lokalen Entwicklungsumgebung." echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.local.yml..." env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/docker-compose.traefik.local.yml up -d + docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d fi else echo "Traefik läuft bereits. Aktualisiere die Konfiguration..." if is_production; then echo "Aktualisiere Traefik und CrowdSec Bouncer in der Produktivumgebung..." - docker compose -f ../apps/docker-compose.traefik.prod.yml up -d + docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d else echo "Aktualisiere Traefik und CrowdSec Bouncer in der lokalen Umgebung..." - docker compose -f ../apps/docker-compose.traefik.local.yml up -d + docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d fi fi echo "Traefik und CrowdSec Bouncer Deployment abgeschlossen." -================= - - echo "Prüfe, ob Traefik läuft..." set_environment_variables @@ -106,14 +103,14 @@ fi if is_production; then echo "Wir befinden uns in der Produktivumgebung." - echo "Starte/Aktualisiere Deployment mit docker-compose.prod.yml..." + echo "Starte/Aktualisiere Deployment mit docker-compose.yml..." env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/docker-compose.prod.yml up -d + docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d else echo "Wir befinden uns in der lokalen Entwicklungsumgebung." echo "Starte/Aktualisiere lokale Version mit docker-compose.overwrite.yml..." env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/docker-compose.overwrite.yml up -d + docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d fi @@ -123,9 +120,9 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then if is_production; then echo "Wir befinden uns in der Produktivumgebung." set_environment_variables - echo "Starte Deployment mit docker-compose.prod.yml..." + echo "Starte Deployment mit docker-compose.yml..." env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/docker-compose.prod.yml up -d + docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d else echo "Wir befinden uns in der lokalen Entwicklungsumgebung." read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer @@ -133,7 +130,7 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then echo "Starte lokale Version..." set_environment_variables env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/docker-compose.overwrite.yml up -d + docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d else echo "Deployment abgebrochen." exit 1 @@ -145,15 +142,15 @@ else if is_production; then echo "Wir befinden uns in der Produktivumgebung." set_environment_variables - echo "Aktualisiere Deployment mit docker-compose.prod.yml..." + echo "Aktualisiere Deployment mit docker-compose.yml..." env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/docker-compose.prod.yml up -d + docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d else echo "Wir befinden uns in der lokalen Entwicklungsumgebung." set_environment_variables echo "Aktualisiere lokale Version mit docker-compose.overwrite.yml..." env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an - docker compose -f ../apps/docker-compose.overwrite.yml up -d + docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d fi fi diff --git a/scripts/start/deploy.sh b/scripts/start/deploy.sh new file mode 100755 index 0000000..47ab7ff --- /dev/null +++ b/scripts/start/deploy.sh @@ -0,0 +1,37 @@ +#!/bin/bash +#!/bin/bash + +# Bestimme das Root-Verzeichnis des Git-Repos +ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null) + +# Falls das Repository nicht gefunden wurde, abbrechen +if [ -z "$ROOT_DIR" ]; then + echo "❌ Fehler: Kein Git-Repository gefunden!" + exit 1 +fi + +# Setze die Variable für die aktuelle Shell-Sitzung +echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR" + +# Pfad zur .env.all Datei +ENV_FILE="${ROOT_DIR}/env/.env.all" +echo $ENV_FILE +# Funktion zum Auslesen von Variablen aus der .env.all Datei +get_env_var() { + grep "^$1=" "$ENV_FILE" | cut -d '=' -f2 +} + +# Auslesen der INFRASTRUCTURE und ENVIRONMENT Variablen +INFRASTRUCTURE=$(get_env_var "INFRASTRUCTURE_LABEL") +ENVIRONMENT=$(get_env_var "ENVIRONMENT") +SERVER_IP=$(curl -s https://api.ipify.org) + + +# Ausgabe der Variablen +echo "Deploying to:" +echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}" +echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}" +echo "-----------------------------------" + +# Ausführen des Docker Compose Befehls +docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ${ENV_FILE} --env-file ${ROOT_DIR}/env/${ENVIRONMENT:-development}/.env.proxy --profile app up --remove-orphans From d4f202f204f23424b04b20a2cd59fad48e484de5 Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 5 Mar 2025 15:21:52 +0100 Subject: [PATCH 37/39] add readme to env folder --- apps/frontend/src | 2 +- env/README.md | 50 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 env/README.md diff --git a/apps/frontend/src b/apps/frontend/src index b5ed737..49027dc 160000 --- a/apps/frontend/src +++ b/apps/frontend/src @@ -1 +1 @@ -Subproject commit b5ed737d10ad899d46b7c53533654280b59ef35e +Subproject commit 49027dc8ea62b2895732089e0e0cf73f99668caf diff --git a/env/README.md b/env/README.md new file mode 100644 index 0000000..f5c5fad --- /dev/null +++ b/env/README.md @@ -0,0 +1,50 @@ +# 🔧 Environment Configuration Guide + +## 🌍 Overview +This project uses **environment variables** to manage configuration across different environments (development, staging, production, etc.). These variables are loaded from `.env` files and can be overridden at multiple levels. + +--- + +## 📌 **Environment Variable Priority (Lowest to Highest)** + +| 🔢 Priority | 📄 Source | 🔍 Description | +|------------|-----------------------------|------------------------------------------------| +| 1️⃣ **Fallback Values** | hardcoded defaults | Used only if no other configuration is provided | +| 2️⃣ **Global Defaults** | `.env.all` | Shared settings for all services | +| 3️⃣ **Service-Specific Overrides** | `.env.backend`, `.env.proxy`, etc. | Overrides `.env.all` with service-specific values | +| 4️⃣ **Shell Environment Variables** | `export VAR=value` before running | Takes precedence over `.env` files | +| 5️⃣ **CLI Overrides** | `docker compose --env-file` or `-e VAR=value` | **Highest priority** (for temporary overrides) | + +--- + +## 🔄 **Overwriting Behavior** +- 🏗 **Variables defined in `.env.all`** override fallback values. +- 🏗 **Variables defined in `.env.`** (e.g., `.env.backend`) override `.env.all`. +- 🔧 **Manually exported environment variables** in the shell take priority over `.env` files. +- 🚀 **Variables passed via CLI (`--env-file` or `-e VAR=value`)** override everything. + +--- + +## 🚀 **Best Practices** +✔️ **Use `.env.all` for global configurations** (e.g., `ENVIRONMENT=development`, `INFRASTRUCTURE_LABEL=myinfra`). +✔️ **Use `.env.` for service-specific configurations** (e.g., `.env.backend` for Laravel, `.env.database` for MariaDB). +✔️ **If needed, manually override variables in the shell** using `export VAR=value`. +✔️ **Use CLI `--env-file` for temporary overrides** in testing/debugging scenarios. + +--- + +## 🏗 **Example File Structure** +```sh +/env/ + ├── .env.all # Global default variables + ├── development/ + │ ├── .env.backend # Backend service config for development + │ ├── .env.database # Database config for development + │ ├── .env.proxy # Proxy config for development + ├── staging/ + │ ├── .env.backend # Backend service config for staging + │ ├── .env.database # Database config for staging + ├── production/ + │ ├── .env.backend # Backend service config for production + │ ├── .env.database # Database config for production + From da67cbd46edc151ee3e4dab9daa3ae3e9f7d6844 Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 5 Mar 2025 15:50:45 +0100 Subject: [PATCH 38/39] remove basically everything --- apps/develop/adminer/docker-compose.yml | 20 ------- apps/develop/docker-compose.yml | 9 --- apps/develop/gitea/docker-compose.yml | 44 --------------- apps/develop/jenkins/docker-compose.yml | 40 ------------- apps/develop/jenkins/plugins.yml | 0 apps/docker-compose.all.yml | 50 ----------------- apps/security/docker-compose.linuxserver.yml | 30 ---------- apps/security/docker-compose.yml | 50 ----------------- apps/security/set-server-ip.sh | 2 - apps/tools/docker-compose.yml | 11 ---- apps/tools/limesurvey/docker-compose.yml | 0 apps/tools/nextcloud/docker-compose.yml | 59 -------------------- apps/website/docker-compose.yml | 32 ----------- apps/website/kirby/Dockerfile | 49 ---------------- apps/website/kirby/default.conf | 9 --- apps/website/kirby/entrypoint.sh | 7 --- apps/website/kirby/id.env | 1 - env/.env.all | 39 ------------- env/README.md | 50 ----------------- env/development/.env.administration | 7 --- env/development/.env.backend | 31 ---------- env/development/.env.database | 9 --- env/development/.env.develop | 25 --------- env/development/.env.frontend | 4 -- env/development/.env.proxy | 51 ----------------- env/development/.env.tools | 29 ---------- env/development/.env.website | 5 -- env/production/.env.administration | 0 env/production/.env.backend | 1 - env/production/.env.database | 7 --- env/production/.env.develop | 1 - env/production/.env.frontend | 0 env/production/.env.portainer | 3 - env/production/.env.proxy | 32 ----------- env/production/.env.tools | 0 env/production/.env.website | 0 env/staging/.env.administration | 6 -- env/staging/.env.backend | 15 ----- env/staging/.env.database | 3 - env/staging/.env.develop | 9 --- env/staging/.env.frontend | 3 - env/staging/.env.proxy | 4 -- env/staging/.env.tools | 9 --- env/staging/.env.website | 4 -- 44 files changed, 760 deletions(-) delete mode 100644 apps/develop/adminer/docker-compose.yml delete mode 100644 apps/develop/docker-compose.yml delete mode 100644 apps/develop/gitea/docker-compose.yml delete mode 100644 apps/develop/jenkins/docker-compose.yml delete mode 100644 apps/develop/jenkins/plugins.yml delete mode 100644 apps/docker-compose.all.yml delete mode 100644 apps/security/docker-compose.linuxserver.yml delete mode 100644 apps/security/docker-compose.yml delete mode 100644 apps/security/set-server-ip.sh delete mode 100644 apps/tools/docker-compose.yml delete mode 100644 apps/tools/limesurvey/docker-compose.yml delete mode 100644 apps/tools/nextcloud/docker-compose.yml delete mode 100644 apps/website/docker-compose.yml delete mode 100644 apps/website/kirby/Dockerfile delete mode 100644 apps/website/kirby/default.conf delete mode 100644 apps/website/kirby/entrypoint.sh delete mode 100644 apps/website/kirby/id.env delete mode 100644 env/.env.all delete mode 100644 env/README.md delete mode 100644 env/development/.env.administration delete mode 100644 env/development/.env.backend delete mode 100644 env/development/.env.database delete mode 100644 env/development/.env.develop delete mode 100644 env/development/.env.frontend delete mode 100644 env/development/.env.proxy delete mode 100644 env/development/.env.tools delete mode 100644 env/development/.env.website delete mode 100644 env/production/.env.administration delete mode 100644 env/production/.env.backend delete mode 100644 env/production/.env.database delete mode 100644 env/production/.env.develop delete mode 100644 env/production/.env.frontend delete mode 100644 env/production/.env.portainer delete mode 100644 env/production/.env.proxy delete mode 100644 env/production/.env.tools delete mode 100644 env/production/.env.website delete mode 100644 env/staging/.env.administration delete mode 100644 env/staging/.env.backend delete mode 100644 env/staging/.env.database delete mode 100644 env/staging/.env.develop delete mode 100644 env/staging/.env.frontend delete mode 100644 env/staging/.env.proxy delete mode 100644 env/staging/.env.tools delete mode 100644 env/staging/.env.website diff --git a/apps/develop/adminer/docker-compose.yml b/apps/develop/adminer/docker-compose.yml deleted file mode 100644 index ac70ed9..0000000 --- a/apps/develop/adminer/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -services: - adminer: - profiles: ["all", "database", "backend", "adminer", "app"] - image: adminer - container_name: ${INFRASTRUCTURE_LABEL:-default}-adminer-${ENVIRONMENT:-development} - restart: always - ports: - - ${ADMINER_PORT:-0}:8080 - networks: - - database - - proxy - labels: - - "traefik.enable=${TRAEFIK_ENABLE:-false}" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.entrypoints=${TRAEFIK_ENTRYPOINT:-websecure}" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.rule=Host(`${ADMINER_DOMAIN}`)" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.tls.certresolver=${TRAEFIK_CERT_RESOLVER:-http_resolver}" - - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_adminer.service=adminer' - - "traefik.http.adminer.cloud.loadbalancer.server.port=8080" - - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" \ No newline at end of file diff --git a/apps/develop/docker-compose.yml b/apps/develop/docker-compose.yml deleted file mode 100644 index 7b57820..0000000 --- a/apps/develop/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ -### Develop (./apps/develop/docker-compose.yml) -# - [ ] Create services for Gitea, Jenkins, and Adminer -# - [ ] Configure volumes for persistent storage of Git repositories, Jenkins data, and Adminer settings -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/develop.env) -# - [ ] Configure networking to allow these services to communicate with each other and the necessary application services -# - [ ] Set up access controls and security measures for development tools - -include: - - ./gitea/docker-compose.yml diff --git a/apps/develop/gitea/docker-compose.yml b/apps/develop/gitea/docker-compose.yml deleted file mode 100644 index 5591389..0000000 --- a/apps/develop/gitea/docker-compose.yml +++ /dev/null @@ -1,44 +0,0 @@ -services: - gitea: - image: gitea/gitea:latest - container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea - profiles: ["all", "gitea","develop"] - restart: always - volumes: - - ${GITEA_VOLUME_PATH}:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - depends_on: - - gitea_db - labels: - - "traefik.enable=${TRAEFIK_ENABLE:-false}" - - "traefik.http.routers.gitea.entrypoints=${TRAEFIK_ENTRYPOINT}" - - "traefik.http.routers.gitea.rule=(Host(`${GITEA_DOMAIN})`)" - - "traefik.http.routers.gitea.tls=true" - - "traefik.http.routers.gitea.tls.certresolver=${TRAEFIK_CERT_RESOLVER}" - - "traefik.http.routers.gitea.service=gitea" - - 'traefik.http.services.gitea.loadbalancer.gitea.port=3000' - - "traefik.http.routers.gitea.tls.domains[0].main=`${GITEA_TLS_DOMAIN_MAIN}`" - - # SSH routing, can't route based on host so anything to port 222 will come to this container - - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" - - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh" - - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc" - - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.gitea.port=22" - - gitea_db: - image: mysql:latest - container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea_db - profiles: ["all", "gitea","develop"] - restart: always - environment: - - MYSQL_ROOT_PASSWORD=${GITEA_MYSQL_ROOT_PASSWORD} - - MYSQL_DATABASE=${GITEA_MYSQL_DATABASE} - - MYSQL_USER=${GITEA_MYSQL_USER} - - MYSQL_PASSWORD=${GITEA_MYSQL_PASSWORD} - volumes: - - ${GITEA_DATABASE_VOLUME_PATH}:/var/lib/mysql - -networks: - gitea: - diff --git a/apps/develop/jenkins/docker-compose.yml b/apps/develop/jenkins/docker-compose.yml deleted file mode 100644 index 4452b95..0000000 --- a/apps/develop/jenkins/docker-compose.yml +++ /dev/null @@ -1,40 +0,0 @@ -### Jenkins (./apps/frontend/docker-compose.yml) -services: - jenkins: - image: jenkins/jenkins:lts - container_name: jenkins - ports: - - "50000:50000" # Jenkins Agent Port - volumes: - - ../../../volumes/develop/jenkins:/var/jenkins_home - - ./plugins.yml:/usr/share/jenkins/ref/plugins.yml - depends_on: - - jenkins-plugins - environment: - - JAVA_OPTS=-Djenkins.install.runSetupWizard=false - networks: - - proxy - labels: - - "traefik.enable=true" - - "traefik.http.routers.jenkins.rule=Host(`j.haslach2025.de`)" - - "traefik.http.routers.jenkins.entrypoints=websecure" - - "traefik.http.routers.jenkins.tls=true" - - "traefik.http.routers.jenkins.tls.certresolver=http_resolver" - - "traefik.http.services.jenkins.loadbalancer.server.port=8080" # interner Port von Jenkins - - "traefik.docker.network=proxy" - - jenkins-plugins: - image: jenkins/jenkins:lts-jdk17 - command: > - jenkins-plugin-cli -f /usr/share/jenkins/ref/plugins.yml --available-updates --output txt > /usr/share/jenkins/ref/plugins.yml - volumes: - - ./plugins.yml:/usr/share/jenkins/ref/plugins.yml - restart: "no" - -volumes: - jenkins_home: - driver: local - -networks: - proxy: - external: true diff --git a/apps/develop/jenkins/plugins.yml b/apps/develop/jenkins/plugins.yml deleted file mode 100644 index e69de29..0000000 diff --git a/apps/docker-compose.all.yml b/apps/docker-compose.all.yml deleted file mode 100644 index 4226b1a..0000000 --- a/apps/docker-compose.all.yml +++ /dev/null @@ -1,50 +0,0 @@ -## -## ONE SCRIPT TO RULE THEM ALL -## -## Dieses Compose-File startet alle verfügbaren Services, abhängig von dem angegebenen ENVIRONMENT. - -## Um diese Konfiguration zu verwenden, kannst du folgende Befehle nutzen: -## Um alle Services zu starten: -## docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile all up -d - -## Um nur bestimmte Services zu starten (z.B. frontend und backend): -## docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile frontend --profile backend up -d - -## -## Stellen Sie sicher, dass die .env.all Datei im angegebenen Verzeichnis existiert und den ENVIRONMENT Wert enthält. -## - -configs: - all: - file: ../env/.env.all -include: - - path: ./proxy/docker-compose.yml - env_file: - - ../env/.env.all - - ../env/${ENVIRONMENT:-development}/.env.proxy - - path: ./frontend/docker-compose.yml - env_file: - - ../env/.env.all - - ../env/${ENVIRONMENT:-development}/.env.frontend - - path: ./backend/docker-compose.yml - - path: ./database/docker-compose.yml - - path: ./website/docker-compose.yml - env_file: - - ../env/.env.all - - ../env/${ENVIRONMENT:-development}/.env.website - - ../env/${ENVIRONMENT:-development}/.env.proxy - - path: ./administration/docker-compose.yml - env_file: - - ../env/.env.all - - ../env/${ENVIRONMENT:-development}/.env.administration - - ../env/${ENVIRONMENT:-development}/.env.proxy - - path: ./develop/docker-compose.yml - env_file: - - ../env/.env.all - - ../env/${ENVIRONMENT:-development}/.env.develop - - ../env/${ENVIRONMENT:-development}/.env.proxy - - path: ./tools/docker-compose.yml - env_file: - - ../env/.env.all - - ../env/${ENVIRONMENT:-development}/.env.tools - - ../env/${ENVIRONMENT:-development}/.env.proxy \ No newline at end of file diff --git a/apps/security/docker-compose.linuxserver.yml b/apps/security/docker-compose.linuxserver.yml deleted file mode 100644 index cf15d4c..0000000 --- a/apps/security/docker-compose.linuxserver.yml +++ /dev/null @@ -1,30 +0,0 @@ -services: - wireguard: - image: linuxserver/wireguard - container_name: wireguard - cap_add: - - NET_ADMIN - - SYS_MODULE - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Berlin - - SERVERURL=${SERVER_IP:?"❌ ERROR = SERVERURL is not set. Run set-server-ip.sh first."} - - SERVERPORT=51820 - - PEERS=3 # Number of VPN clients to generate - - PEERDNS=auto - - INTERNAL_SUBNET=22.22.22.0 - volumes: - - ../../volumes/security/wireguard/config:/config - - /lib/modules:/lib/modules - ports: - - "51820:51820/udp" - sysctls: - - net.ipv4.conf.all.src_valid_mark=1 - restart: unless-stopped - networks: - - wireguard_network - -networks: - wireguard_network: - driver: bridge diff --git a/apps/security/docker-compose.yml b/apps/security/docker-compose.yml deleted file mode 100644 index abeee23..0000000 --- a/apps/security/docker-compose.yml +++ /dev/null @@ -1,50 +0,0 @@ -volumes: - etc_wireguard: - -services: - wg-easy: - environment: - # Change Language: - # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi, ja, si) - - LANG=${WG_LANG:-de} - # ⚠️ Required: - # Change this to your host's public address - - WG_HOST=${SERVER_IP:-localhost} - - # Optional: - # - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash) - # - PORT=51821 - # - WG_PORT=51820 - # - WG_CONFIG_PORT=92820 - - WG_DEFAULT_ADDRESS=${WG_DEFAULT_ADDRESS:-22.22.22.0} - # - WG_DEFAULT_DNS=1.1.1.1 - # - WG_MTU=1420 - # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 - # - WG_PERSISTENT_KEEPALIVE=25 - # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt - # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt - # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt - # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt - # - UI_TRAFFIC_STATS=true - # - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart) - # - WG_ENABLE_ONE_TIME_LINKS=true - # - UI_ENABLE_SORT_CLIENTS=true - # - WG_ENABLE_EXPIRES_TIME=true - # - ENABLE_PROMETHEUS_METRICS=false - # - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$vkvKpeEAHD78gasyawIod.1leBMKg8sBwKW.pQyNsq78bXV3INf2G # (needs double $$, hash of 'prometheus_password'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash) - - image: ghcr.io/wg-easy/wg-easy - container_name: wg-easy - volumes: - - ../../volumes/wireguardeasy/:/etc/wireguard - ports: - - "51820:51820/udp" - - "51821:51821/tcp" - restart: unless-stopped - cap_add: - - NET_ADMIN - - SYS_MODULE - # - NET_RAW # ⚠️ Uncomment if using Podman - sysctls: - - net.ipv4.ip_forward=1 - - net.ipv4.conf.all.src_valid_mark=1 \ No newline at end of file diff --git a/apps/security/set-server-ip.sh b/apps/security/set-server-ip.sh deleted file mode 100644 index e1dcc19..0000000 --- a/apps/security/set-server-ip.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -export SERVER_IP=$(curl -s https://api.ipify.org) \ No newline at end of file diff --git a/apps/tools/docker-compose.yml b/apps/tools/docker-compose.yml deleted file mode 100644 index 3c6ebce..0000000 --- a/apps/tools/docker-compose.yml +++ /dev/null @@ -1,11 +0,0 @@ -### Tools (./apps/tools/docker-compose.yml) -# - [ ] Create services for Nextcloud, LimeSurvey, and LinkStack -# - [ ] Configure volumes for persistent storage of files, survey data, and link management data -# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/tools.env) -# - [ ] Configure networking to expose these services to the internet via the proxy -# - [ ] Set up regular backup jobs for critical data in these services - -include: - - path: ./nextcloud/docker-compose.yml - - path: ./limesurvey/docker-compose.yml - - path: ./invoiceninja/dockerfiles/debian/docker-compose.yml diff --git a/apps/tools/limesurvey/docker-compose.yml b/apps/tools/limesurvey/docker-compose.yml deleted file mode 100644 index e69de29..0000000 diff --git a/apps/tools/nextcloud/docker-compose.yml b/apps/tools/nextcloud/docker-compose.yml deleted file mode 100644 index 2a3acf6..0000000 --- a/apps/tools/nextcloud/docker-compose.yml +++ /dev/null @@ -1,59 +0,0 @@ -services: - nextcloud-db: - image: mariadb:10.6 - container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-db-${ENVIRONMENT:-development} - profiles: ["all", "tools", "nextcloud"] - command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF - restart: unless-stopped - volumes: - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloud/database:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben - - MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben - - MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name - - MYSQL_USER=mindboostcloud #SQL Nutzername - - MYSQL_INITDB_SKIP_TZINFO=1 - - MARIADB_AUTO_UPGRADE=1 - nextcloud-redis: - image: redis:alpine - container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-redis-${ENVIRONMENT:-development} - profiles: ["all", "tools", "nextcloud"] - hostname: nextcloud-redis - restart: unless-stopped - command: redis-server --requirepass redis-mindboost-passwort # Redis Passwort eingeben - cloud: - image: nextcloud - container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-app-${ENVIRONMENT:-development} - profiles: ["all", "tools", "nextcloud"] - restart: unless-stopped - depends_on: - - nextcloud-db - - nextcloud-redis - environment: - TRUSTED_PROXIES: 172.16.255.254/16 - OVERWRITEPROTOCOL: https - OVERWRITECLIURL: https://${CLOUD_DOMAIN:-cloud} - OVERWRITEHOST: ${CLOUD_DOMAIN:-cloud} - REDIS_HOST: nextcloud-redis - REDIS_HOST_PASSWORD: redis-mindboost-passwort # Redis Passwort von oben wieder eingeben - volumes: - - ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloudapp/:/var/www/html/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.entrypoints=websecure" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.rule=Host(`${CLOUD_DOMAIN}`)" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls=true" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls.certresolver=http_resolver" - - 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.service=cloud' - - "traefik.http.services.cloud.loadbalancer.server.port=80" - - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" - - "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.middlewares=nextcloud-dav,default@file" - - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" - - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" - networks: - - ${TRAEFIK_NETWORK} -networks: - nextcloud: - name: ${INFRASTRUCTURE_LABEL:-default}_nextcloud diff --git a/apps/website/docker-compose.yml b/apps/website/docker-compose.yml deleted file mode 100644 index 2d5d4fb..0000000 --- a/apps/website/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -services: - kirbycms: - build: - context: ./kirby - dockerfile: Dockerfile - image: kirbycms - container_name: ${INFRASTRUCTURE_LABEL:-default}-kirbycms-${ENVIRONMENT:-development} - profiles: ["website","kirbycms","all"] - volumes: - - kirbycms_data:/var/www/html:rw # Persistente Daten - restart: unless-stopped - ports: - - 0:80 - networks: - - ${TRAEFIK_NETWORK:-default} - labels: - - "traefik.enable=${TRAEFIK_ENABLE:-false}" - - "traefik.docker.network=${TRAEFIK_NETWORK:-default}" - - "traefik.http.routers.kirbycms.service=kirbycms" - - "traefik.http.routers.kirbycms.tls.certresolver=${TRAEFIK_CERT_RESOLVER:-default}" - - "traefik.http.routers.kirbycms.tls.domains[0].main=`${WEBSITE_DOMAIN:-kirby.local}`" - - "traefik.http.routers.kirbycms.rule=Host(`${WEBSITE_DOMAIN:-kirby.local}`)" - - "traefik.http.routers.kirbycms.entrypoints=${TRAEFIK_ENTRYPOINT:-default}" - - "traefik.http.routers.kirbycms.tls=true" - - "traefik.http.services.kirbycms.loadbalancer.server.port=80" -volumes: - kirbycms_data: - driver: local - driver_opts: - type: none - o: bind - device: /mnt/docker-volumes/website/kirbycms # Neuer fester Speicherort diff --git a/apps/website/kirby/Dockerfile b/apps/website/kirby/Dockerfile deleted file mode 100644 index be49a8a..0000000 --- a/apps/website/kirby/Dockerfile +++ /dev/null @@ -1,49 +0,0 @@ -# Use latest offical ubuntu image -FROM ubuntu:latest - -# Set timezone -ENV TZ=Europe/Berlin - -# Set geographic area using above variable -# This is necessary, otherwise building the image doesn't work -RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone - -# Remove annoying messages during package installation -ARG DEBIAN_FRONTEND=noninteractive - -# Install packages: web server & PHP plus extensions -RUN apt-get update && apt-get install -y \ - apache2 \ - apache2-utils \ - ca-certificates \ - php \ - libapache2-mod-php \ - php-curl \ - php-dom \ - php-gd \ - php-intl \ - php-json \ - php-mbstring \ - php-xml \ - php-zip && \ - apt-get clean && rm -rf /var/lib/apt/lists/* - -# Copy virtual host configuration from current path onto existing 000-default.conf -COPY default.conf /etc/apache2/sites-available/000-default.conf - -# Remove default content (existing index.html) -RUN rm /var/www/html/* - -# Activate Apache modules headers & rewrite -RUN a2enmod headers rewrite - -# Ensure Group Ownership for www-data every member of kirbygroup should edit files -RUN groupadd -g 1003 kirbygroup && usermod -aG kirbygroup www-data -RUN chown -R www-data:kirbygroup /var/www/html -RUN chmod -R g+rw /var/www/html && find /var/www/html -type d -exec chmod g+xs {} \; - -# Tell container to listen to port 80 at runtime -EXPOSE 80 - -# Start Apache web server -CMD [ "/usr/sbin/apache2ctl", "-DFOREGROUND" ] diff --git a/apps/website/kirby/default.conf b/apps/website/kirby/default.conf deleted file mode 100644 index 9c20cf5..0000000 --- a/apps/website/kirby/default.conf +++ /dev/null @@ -1,9 +0,0 @@ - - ServerName localhost - # Set the document root - DocumentRoot "/var/www/html" - - # Allow overriding the default configuration via `.htaccess` - AllowOverride All - - diff --git a/apps/website/kirby/entrypoint.sh b/apps/website/kirby/entrypoint.sh deleted file mode 100644 index cc7816e..0000000 --- a/apps/website/kirby/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -e -u - -[[ $USERID ]] && usermod --uid "${USERID}" www-data - -exec "$@" diff --git a/apps/website/kirby/id.env b/apps/website/kirby/id.env deleted file mode 100644 index 02922e6..0000000 --- a/apps/website/kirby/id.env +++ /dev/null @@ -1 +0,0 @@ -USERID=${USERID:-0} diff --git a/env/.env.all b/env/.env.all deleted file mode 100644 index 4620033..0000000 --- a/env/.env.all +++ /dev/null @@ -1,39 +0,0 @@ -## -## Einstellung die für das gesamte Projekt gelten. Also der Name und der Admin -## Das Environment muss "production","staging" oder "development" heißen - -INFRASTRUCTURE_LABEL=mindboost -ENVIRONMENT=development - -ADMIN_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -ADMIN_PASSWORD_HASH='$2y$05$U7noO29Ru/4VB5x8TpZo3.b4VjH6AAnhufJJUG2Vs7qHCM2Cd8yIK' # for development = admin - -SERVER_IP=127.0.0.1 - - -################################################################################################# -# 🔧 ENVIRONMENT VARIABLES 🔧 # -################################################################################################# -# -# This file contains **default (fallback) values** for environment variables. -# These values ensure that services run with sane defaults if no other configuration is provided. -# -# 📌 **ENVIRONMENT VARIABLE PRIORITY ORDER (Lowest to Highest)** -# 1️⃣ **Fallback Values in the File** (Used only if no other source provides a value) -# 2️⃣ **Global Defaults in `.env.all`** (Shared settings across all services) -# 3️⃣ **Service-Specific `.env` Files** (Overrides per service group, e.g., `.env.backend`, `.env.proxy`) -# 4️⃣ **Preloaded Shell Environment** (`export VAR=value` before running `docker compose`) -# 5️⃣ **CLI Overrides** (`docker compose --env-file` or `-e VAR=value` → Highest Priority) -# -# 🔄 **Overwriting Behavior** -# - Variables defined in **`.env.all`** override values in this file. -# - Variables defined in **`.env.`** (e.g., `.env.backend`) override `.env.all`. -# - Variables explicitly **exported in the shell** take priority over all `.env` files. -# - Variables passed via **CLI (`--env-file` or `-e VAR=value`)** have the **highest priority**. -# -# 🚀 **Key Takeaways** -# ✅ Use `.env.all` for common values across environments. -# ✅ Use `.env.` for service-specific configurations. -# ✅ If needed, manually override variables in the shell or CLI. -# -################################################################################################# diff --git a/env/README.md b/env/README.md deleted file mode 100644 index f5c5fad..0000000 --- a/env/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# 🔧 Environment Configuration Guide - -## 🌍 Overview -This project uses **environment variables** to manage configuration across different environments (development, staging, production, etc.). These variables are loaded from `.env` files and can be overridden at multiple levels. - ---- - -## 📌 **Environment Variable Priority (Lowest to Highest)** - -| 🔢 Priority | 📄 Source | 🔍 Description | -|------------|-----------------------------|------------------------------------------------| -| 1️⃣ **Fallback Values** | hardcoded defaults | Used only if no other configuration is provided | -| 2️⃣ **Global Defaults** | `.env.all` | Shared settings for all services | -| 3️⃣ **Service-Specific Overrides** | `.env.backend`, `.env.proxy`, etc. | Overrides `.env.all` with service-specific values | -| 4️⃣ **Shell Environment Variables** | `export VAR=value` before running | Takes precedence over `.env` files | -| 5️⃣ **CLI Overrides** | `docker compose --env-file` or `-e VAR=value` | **Highest priority** (for temporary overrides) | - ---- - -## 🔄 **Overwriting Behavior** -- 🏗 **Variables defined in `.env.all`** override fallback values. -- 🏗 **Variables defined in `.env.`** (e.g., `.env.backend`) override `.env.all`. -- 🔧 **Manually exported environment variables** in the shell take priority over `.env` files. -- 🚀 **Variables passed via CLI (`--env-file` or `-e VAR=value`)** override everything. - ---- - -## 🚀 **Best Practices** -✔️ **Use `.env.all` for global configurations** (e.g., `ENVIRONMENT=development`, `INFRASTRUCTURE_LABEL=myinfra`). -✔️ **Use `.env.` for service-specific configurations** (e.g., `.env.backend` for Laravel, `.env.database` for MariaDB). -✔️ **If needed, manually override variables in the shell** using `export VAR=value`. -✔️ **Use CLI `--env-file` for temporary overrides** in testing/debugging scenarios. - ---- - -## 🏗 **Example File Structure** -```sh -/env/ - ├── .env.all # Global default variables - ├── development/ - │ ├── .env.backend # Backend service config for development - │ ├── .env.database # Database config for development - │ ├── .env.proxy # Proxy config for development - ├── staging/ - │ ├── .env.backend # Backend service config for staging - │ ├── .env.database # Database config for staging - ├── production/ - │ ├── .env.backend # Backend service config for production - │ ├── .env.database # Database config for production - diff --git a/env/development/.env.administration b/env/development/.env.administration deleted file mode 100644 index 431f787..0000000 --- a/env/development/.env.administration +++ /dev/null @@ -1,7 +0,0 @@ -# ---------------------------------- -# Portainer -# ---------------------------------- - -PORTAINER_IMAGE=portainer/portainer-ce:latest -PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data - diff --git a/env/development/.env.backend b/env/development/.env.backend deleted file mode 100644 index a0fcfaf..0000000 --- a/env/development/.env.backend +++ /dev/null @@ -1,31 +0,0 @@ - - -# ---------------------------------- -# Redis -# ---------------------------------- -REDIS_PASSWORD=laravel-redis-passwort -REDIS_PORT=6379 -SERVER_IP=${SERVER_IP:-localhost} - -# ---------------------------------- -# Laravel Backend -# ---------------------------------- -BACKEND_NETWORK=backend -APP_ENV=${ENVIRONMENT-local} -APP_NAME="mindboost backend - Compose Deployment" -APP_URL=https://backend.local -LARAVEL_PORT=8000 -LARAVEL_VITE_PORT=5173 -JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F - -# ---------------------------------- -# Datenbank Zugriff - ! MUSS MIT .env.database übereinstimmen -# ---------------------------------- -DB_HOST=database -DB_PORT=3306 -DB_PASSWORD=1stronges-mindboostdb-passwort -DB_USERNAME=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -DB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} - - - diff --git a/env/development/.env.database b/env/development/.env.database deleted file mode 100644 index ddaad30..0000000 --- a/env/development/.env.database +++ /dev/null @@ -1,9 +0,0 @@ -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- -MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -MARIADB_ROOT_PASSWORD_FILE=/run/secrets/mariadb_root -MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_PORT=3306 -MARIADB_HOST=database diff --git a/env/development/.env.develop b/env/development/.env.develop deleted file mode 100644 index a37a4e7..0000000 --- a/env/development/.env.develop +++ /dev/null @@ -1,25 +0,0 @@ -# ---------------------------------- -# GITEA -# ---------------------------------- - -USER_UID=1000 -USER_GID=1000 - -GITEA_VOLUME_PATH=../../../volumes/develop/gitea/gitea -GITEA_DATABASE_VOLUME_PATH=../../../volumes/develop/gitea/gitea_db - -GITEA_MYSQL_ROOT_PASSWORD=very-difficult-passwort-gitea -GITEA_MYSQL_USER=gitea -GITEA_MYSQL_PASSWORD=very-difficult-gitea -GITEA_MYSQL_DATABASE=gitea -GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true - -# ---------------------------------- -# GITEA DB -# ---------------------------------- - -DB_HOST=gitea_db:3306 -DB_NAME=gitea -DB_PASSWD=very-difficult-gitea -DB_TYPE=mysql -DB_USER=gitea diff --git a/env/development/.env.frontend b/env/development/.env.frontend deleted file mode 100644 index 7df9bbc..0000000 --- a/env/development/.env.frontend +++ /dev/null @@ -1,4 +0,0 @@ -# ---------------------------------- -# VUE APP -# ---------------------------------- -BACKEND_URL="backend.local" diff --git a/env/development/.env.proxy b/env/development/.env.proxy deleted file mode 100644 index 9aaf065..0000000 --- a/env/development/.env.proxy +++ /dev/null @@ -1,51 +0,0 @@ -# ---------------------------------- -# TRAEFIK -# ---------------------------------- - -TRAEFIK_ENABLE=true -TRAEFIK_NETWORK=proxy -TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} -TRAEFIK_CERT_RESOLVER= - -## Domains when TRAEFIK is ENABLED - -PORTAINER_DOMAIN=portainer.local -FRONTEND_DOMAIN=frontend.local -FRONTEND_DOMAIN_2=app.frontend.local -BACKEND_DOMAIN=backend.local -WEBSITE_DOMAIN=web.local -ADMINER_DOMAIN=adminer.local -GITEA_DOMAIN=gitea.local -LIMESURVEY_DOMAIN=survey.local -LINKSTACK_DOMAIN=linkstack.local -TRAEFIK_DOMAIN=traefik.local -CLOUD_DOMAIN=cloud.local -KILLBILL_DOMAIN=killbill.local - -### TLS for Domains - -PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN} -FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN} -FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2} -BACKEND_TLS_DOMAIN_MAIN=${BACKEND_DOMAIN} -WEBSITE_TLS_DOMAIN_MAIN=${WEBSITE_DOMAIN} -GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN} -LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN} -LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN} -TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN} -CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN} -KILLBILL_TLS_DOMAIN_MAIN=${KILLBILL_DOMAIN} - - -## MIDDLEWARES - -TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect -TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth - - -## ENTRYPOINTS - -TRAEFIK_ENTRYPOINT=websecure -TRAEFIK_ENTRYPOINT_HTTP=web - - diff --git a/env/development/.env.tools b/env/development/.env.tools deleted file mode 100644 index f260d4d..0000000 --- a/env/development/.env.tools +++ /dev/null @@ -1,29 +0,0 @@ -# ---------------------------------- -# NEXTCLOUD DB -# ---------------------------------- - -MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben -MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben -MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name -MYSQL_USER=mindboostcloud #SQL Nutzername -MYSQL_INITDB_SKIP_TZINFO=1 -MARIADB_AUTO_UPGRADE=1 - -# ---------------------------------- -# NEXTCLOUD CLOUD -# ---------------------------------- - -TRUSTED_PROXIES=172.16.255.254/16 -OVERWRITEPROTOCOL=https -OVERWRITECLIURL=https://${CLOUD_DOMAIN:-cloud} -OVERWRITEHOST=${CLOUD_DOMAIN:-cloud} -REDIS_HOST=nextcloud-redis -REDIS_HOST_PASSWORD=redis-mindboost-passwort - -# ---------------------------------- -# KILLBILL PAYMENT -# ---------------------------------- - -KILLBILL_DAO_URL=jdbc:mysql://db:3306/killbill -KILLBILL_DAO_USER=${ADMIN_USER:-root} -KILLBILL_DAO_PASSWORD=${ADMIN_PASSWORD_HASH} diff --git a/env/development/.env.website b/env/development/.env.website deleted file mode 100644 index ae2e104..0000000 --- a/env/development/.env.website +++ /dev/null @@ -1,5 +0,0 @@ -# ---------------------------------- -# KIRBY CMS -# ---------------------------------- - -USER_ID=0 \ No newline at end of file diff --git a/env/production/.env.administration b/env/production/.env.administration deleted file mode 100644 index e69de29..0000000 diff --git a/env/production/.env.backend b/env/production/.env.backend deleted file mode 100644 index da3fa1c..0000000 --- a/env/production/.env.backend +++ /dev/null @@ -1 +0,0 @@ -${REDIS_PASSWORD} \ No newline at end of file diff --git a/env/production/.env.database b/env/production/.env.database deleted file mode 100644 index 0369eb2..0000000 --- a/env/production/.env.database +++ /dev/null @@ -1,7 +0,0 @@ -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- -MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development} -MARIADB_PASSWORD=1stronges-mindboostdb-passwort -MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb diff --git a/env/production/.env.develop b/env/production/.env.develop deleted file mode 100644 index d0483c8..0000000 --- a/env/production/.env.develop +++ /dev/null @@ -1 +0,0 @@ -ADMINER_PORT=8000 \ No newline at end of file diff --git a/env/production/.env.frontend b/env/production/.env.frontend deleted file mode 100644 index e69de29..0000000 diff --git a/env/production/.env.portainer b/env/production/.env.portainer deleted file mode 100644 index 82f3f7d..0000000 --- a/env/production/.env.portainer +++ /dev/null @@ -1,3 +0,0 @@ -PORTAINER_IMAGE=portainer/portainer-ce:latest -PORTAINER_DATA_PATH=/opt/containers/portainer/data -PORTAINER_DOMAIN=portainer.yourdomain.com \ No newline at end of file diff --git a/env/production/.env.proxy b/env/production/.env.proxy deleted file mode 100644 index 76d9948..0000000 --- a/env/production/.env.proxy +++ /dev/null @@ -1,32 +0,0 @@ -TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect -TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth -TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH} - -# Service Crowdsec -SERVICES_CROWDSEC_CONTAINER_NAME=crowdsec -SERVICES_CROWDSEC_HOSTNAME=crowdsec -SERVICES_CROWDSEC_IMAGE=crowdsecurity/crowdsec -SERVICES_CROWDSEC_IMAGE_VERSION=latest -SERVICES_CROWDSEC_NETWORKS_CROWDSEC_IPV4=172.31.254.254 - -# Service Traefik -SERVICES_TRAEFIK_CONTAINER_NAME=${INFRASTRUCTURE_LABEL:-default}-traefik -SERVICES_TRAEFIK_HOSTNAME=${INFRASTRUCTURE_LABEL:-default}-traefik -SERVICES_TRAEFIK_IMAGE=traefik -SERVICES_TRAEFIK_IMAGE_VERSION=2.11 -SERVICES_TRAEFIK_LABELS_TRAEFIK_HOST=`traefik.haslach2025.de` -SERVICES_TRAEFIK_NETWORKS_CROWDSEC_IPV4=172.31.254.253 -SERVICES_TRAEFIK_NETWORKS_PROXY_IPV4=172.30.255.254 - -# Service Traefik Crowdsec Bouncer -SERVICES_TRAEFIK_CROWDSEC_BOUNCER_CONTAINER_NAME=traefik_crowdsec_bouncer -SERVICES_TRAEFIK_CROWDSEC_BOUNCER_HOSTNAME=traefik-crowdsec-bouncer -SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE=fbonalair/traefik-crowdsec-bouncer -SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE_VERSION=latest -SERVICES_TRAEFIK_CROWDSEC_BOUNCER_NETWORKS_CROWDSEC_IPV4=172.31.254.252 - -# Netzwerkeinstellungen -NETWORKS_PROXY_NAME=proxy -NETWORKS_PROXY_SUBNET_IPV4=172.30.0.0/16 -NETWORKS_CROWDSEC_NAME=crowdsec -NETWORKS_CROWDSEC_SUBNET_IPV4=172.31.0.0/16 diff --git a/env/production/.env.tools b/env/production/.env.tools deleted file mode 100644 index e69de29..0000000 diff --git a/env/production/.env.website b/env/production/.env.website deleted file mode 100644 index e69de29..0000000 diff --git a/env/staging/.env.administration b/env/staging/.env.administration deleted file mode 100644 index 4d87782..0000000 --- a/env/staging/.env.administration +++ /dev/null @@ -1,6 +0,0 @@ - - -# ---------------------------------- -# Portainer -# ---------------------------------- - diff --git a/env/staging/.env.backend b/env/staging/.env.backend deleted file mode 100644 index 7ed4829..0000000 --- a/env/staging/.env.backend +++ /dev/null @@ -1,15 +0,0 @@ - - -# ---------------------------------- -# Redis -# ---------------------------------- - - -# ---------------------------------- -# Laravel Backend -# ---------------------------------- - - -# ---------------------------------- -# Adminer -# ---------------------------------- diff --git a/env/staging/.env.database b/env/staging/.env.database deleted file mode 100644 index f1071c7..0000000 --- a/env/staging/.env.database +++ /dev/null @@ -1,3 +0,0 @@ -# ---------------------------------- -# Datenbank (MariaDB) -# ---------------------------------- diff --git a/env/staging/.env.develop b/env/staging/.env.develop deleted file mode 100644 index 0cb6f7d..0000000 --- a/env/staging/.env.develop +++ /dev/null @@ -1,9 +0,0 @@ -# ---------------------------------- -# GITEA -# ---------------------------------- - - - -# ---------------------------------- -# GITEA DB -# ---------------------------------- diff --git a/env/staging/.env.frontend b/env/staging/.env.frontend deleted file mode 100644 index d2f2d98..0000000 --- a/env/staging/.env.frontend +++ /dev/null @@ -1,3 +0,0 @@ -# ---------------------------------- -# VUE APP -# ---------------------------------- diff --git a/env/staging/.env.proxy b/env/staging/.env.proxy deleted file mode 100644 index e130688..0000000 --- a/env/staging/.env.proxy +++ /dev/null @@ -1,4 +0,0 @@ -# ---------------------------------- -# TRAEFIK -# ---------------------------------- - diff --git a/env/staging/.env.tools b/env/staging/.env.tools deleted file mode 100644 index 9f86194..0000000 --- a/env/staging/.env.tools +++ /dev/null @@ -1,9 +0,0 @@ -# ---------------------------------- -# NEXTCLOUD DB -# ---------------------------------- - - - -# ---------------------------------- -# NEXTCLOUD CLOUD -# ---------------------------------- diff --git a/env/staging/.env.website b/env/staging/.env.website deleted file mode 100644 index 992d8e7..0000000 --- a/env/staging/.env.website +++ /dev/null @@ -1,4 +0,0 @@ -# ---------------------------------- -# KIRBY CMS -# ---------------------------------- - From f682150557d3e7e3e1e27cb44153c36776956b24 Mon Sep 17 00:00:00 2001 From: rorapp Date: Wed, 5 Mar 2025 15:52:54 +0100 Subject: [PATCH 39/39] add Jenkinsfile --- .gitmodules | 5 +---- Jenkinsfile | 8 -------- apps/backend/src | 2 +- apps/frontend/src | 2 +- 4 files changed, 3 insertions(+), 14 deletions(-) diff --git a/.gitmodules b/.gitmodules index 2ce3a07..08f458a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -3,7 +3,4 @@ url = https://gitea.mindboost.team/Mindboost/mindboost-backend.git [submodule "apps/frontend/src"] path = apps/frontend/src - url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git -[submodule "apps/tools/invoiceninja/dockerfiles"] - path = apps/tools/invoiceninja/dockerfiles - url = https://github.com/invoiceninja/dockerfiles.git + url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 7d4a474..be9ac53 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -22,13 +22,5 @@ pipeline { build job: 'frontend-pipeline', wait: true } } - - stage('Deploy Infrastructure') { - steps { - sshagent(['jenkins-ssh-key']) { - sh "ssh user@server 'cd /opt/myapp && git pull origin main && docker compose up -d'" - } - } - } } } diff --git a/apps/backend/src b/apps/backend/src index 623a270..9ec88bb 160000 --- a/apps/backend/src +++ b/apps/backend/src @@ -1 +1 @@ -Subproject commit 623a2709481206350acc350a3abc245efe0cad23 +Subproject commit 9ec88bb4faddc8474d660269bc80efcefa18e183 diff --git a/apps/frontend/src b/apps/frontend/src index 49027dc..03a625f 160000 --- a/apps/frontend/src +++ b/apps/frontend/src @@ -1 +1 @@ -Subproject commit 49027dc8ea62b2895732089e0e0cf73f99668caf +Subproject commit 03a625f7acc74adf10270ba1abe1cf6c33a5063b