Compare commits
21 Commits
69323be965
...
rapp/pick-
| Author | SHA1 | Date | |
|---|---|---|---|
| f682150557 | |||
| da67cbd46e | |||
| d4f202f204 | |||
| 49badb74a7 | |||
| 71d080a87e | |||
| 138525835d | |||
| f6e3793193 | |||
| c9b55aa0ed | |||
| b8a6abe100 | |||
| 2930854814 | |||
| d4abe64b0b | |||
| 1d04638be8 | |||
| 02f20a277c | |||
| 0f08168947 | |||
| c976fea1c3 | |||
| e981a365cc | |||
| 42b71394df | |||
| a9143ae8f8 | |||
| dff86e0486 | |||
| f14186deca | |||
| 9afa8808db |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -2,4 +2,5 @@ volumes
|
|||||||
apps/proxy
|
apps/proxy
|
||||||
.DS_Store
|
.DS_Store
|
||||||
apps/administration/*
|
apps/administration/*
|
||||||
apps/tools/app/*
|
apps/tools/app/*
|
||||||
|
env/secrets.env
|
||||||
|
|||||||
2
.gitmodules
vendored
2
.gitmodules
vendored
@@ -3,4 +3,4 @@
|
|||||||
url = https://gitea.mindboost.team/Mindboost/mindboost-backend.git
|
url = https://gitea.mindboost.team/Mindboost/mindboost-backend.git
|
||||||
[submodule "apps/frontend/src"]
|
[submodule "apps/frontend/src"]
|
||||||
path = apps/frontend/src
|
path = apps/frontend/src
|
||||||
url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git
|
url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git
|
||||||
26
Jenkinsfile
vendored
Normal file
26
Jenkinsfile
vendored
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
|
||||||
|
|
||||||
|
pipeline {
|
||||||
|
agent any
|
||||||
|
|
||||||
|
stages {
|
||||||
|
stage('Checkout Code & Submodules') {
|
||||||
|
steps {
|
||||||
|
git branch: 'main', url: 'git@github.com:your-org/my-main-repo.git', credentialsId: 'git-credentials'
|
||||||
|
sh 'git submodule update --init --recursive'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Run Backend Pipeline') {
|
||||||
|
steps {
|
||||||
|
build job: 'backend-pipeline', wait: true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Run Frontend Pipeline') {
|
||||||
|
steps {
|
||||||
|
build job: 'frontend-pipeline', wait: true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
10
README.md
10
README.md
@@ -111,7 +111,7 @@ Each service's `docker-compose.yml` file references the appropriate `.env` file
|
|||||||
services:
|
services:
|
||||||
backend:
|
backend:
|
||||||
env_file:
|
env_file:
|
||||||
- ../../env/${ENVIRONMENT}/backend.env
|
- ../../env/${ENVIRONMENT:-development}/backend.env
|
||||||
```
|
```
|
||||||
|
|
||||||
## Networking
|
## Networking
|
||||||
@@ -128,12 +128,6 @@ Our infrastructure uses a two-tier network model to enhance security and isolate
|
|||||||
- These networks are not directly accessible from the internet and provide secure communication between public and internal services.
|
- These networks are not directly accessible from the internet and provide secure communication between public and internal services.
|
||||||
- Examples: backend_network, database_network, etc.
|
- Examples: backend_network, database_network, etc.
|
||||||
|
|
||||||
Service Network Configuration:
|
|
||||||
- Frontend: Connected to proxy_network and backend_network
|
|
||||||
- Backend API: Connected to backend_network and database_network
|
|
||||||
- Database: Connected only to database_network
|
|
||||||
- Traefik: Connected only to proxy_network
|
|
||||||
|
|
||||||
This structure ensures that:
|
This structure ensures that:
|
||||||
- The proxy (Traefik) can route traffic to public-facing services.
|
- The proxy (Traefik) can route traffic to public-facing services.
|
||||||
- Internal services (like databases) are not directly accessible from the proxy network.
|
- Internal services (like databases) are not directly accessible from the proxy network.
|
||||||
@@ -163,7 +157,7 @@ The `volumes/` folder contains subdirectories for different volumes used by vari
|
|||||||
|
|
||||||
Each subdirectory corresponds to a specific service or group of services, containing the persistent data that needs to be preserved across container restarts or redeployments.
|
Each subdirectory corresponds to a specific service or group of services, containing the persistent data that needs to be preserved across container restarts or redeployments.
|
||||||
|
|
||||||
When configuring Docker Compose files, reference these volume paths to ensure data persistence. For example:
|
When configuring Docker Compose files, reference these volume paths to ensure data persistence.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
volumes:
|
volumes:
|
||||||
|
|||||||
36
apps/backend/database/docker-compose.yml
Normal file
36
apps/backend/database/docker-compose.yml
Normal file
@@ -0,0 +1,36 @@
|
|||||||
|
### Database (./apps/database/docker-compose.yml)
|
||||||
|
# - [ ] Create a MariaDB service
|
||||||
|
# - [ ] Configure volumes for persistent storage of database data
|
||||||
|
secrets:
|
||||||
|
mariadb_root:
|
||||||
|
file: ${ROOT_DIR:-../../..}/env/secrets.env
|
||||||
|
services:
|
||||||
|
database:
|
||||||
|
secrets:
|
||||||
|
- mariadb_root
|
||||||
|
profiles: ["all", "database", "backend", "app"]
|
||||||
|
image: mariadb:latest
|
||||||
|
container_name: ${INFRASTRUCTURE_LABEL:-default}-mariadb-${ENVIRONMENT:-development}
|
||||||
|
command: --bind-address=0.0.0.0
|
||||||
|
env_file:
|
||||||
|
- ${ROOT_DIR:-../../..}/env/${ENVIRONMENT:-development}/.env.database
|
||||||
|
volumes:
|
||||||
|
- backend_mariadb_data:/var/lib/mysql
|
||||||
|
- ./healthcheck.sh:/usr/local/bin/healthcheck.sh
|
||||||
|
networks:
|
||||||
|
- backend
|
||||||
|
- database
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "bash", "/usr/local/bin/healthcheck.sh"]
|
||||||
|
interval: 1s
|
||||||
|
retries: 3
|
||||||
|
# TODO: ADMINER IS NOT PREPARED FOR TRAEFIK
|
||||||
|
networks:
|
||||||
|
backend:
|
||||||
|
name: ${INFRASTRUCTURE_LABEL:-default}-backend-${ENVIRONMENT:-development}
|
||||||
|
database:
|
||||||
|
name: ${INFRASTRUCTURE_LABEL:-default}-database-${ENVIRONMENT:-development}
|
||||||
|
volumes:
|
||||||
|
backend_mariadb_data:
|
||||||
|
driver: local
|
||||||
|
name: ${INFRASTRUCTURE_LABEL:-default}_mariadb_${ENVIRONMENT:-development}
|
||||||
33
apps/backend/database/healthcheck.sh
Executable file
33
apps/backend/database/healthcheck.sh
Executable file
@@ -0,0 +1,33 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Credentials from environment variables
|
||||||
|
MYSQL_USER="${MARIADB_USER:-default}"
|
||||||
|
MYSQL_PASSWORD="${MARIADB_PASSWORD:-default}"
|
||||||
|
MYSQL_HOST="127.0.0.1"
|
||||||
|
|
||||||
|
ROOT_PASSWORD=$(cat /run/secrets/mariadb_root)
|
||||||
|
|
||||||
|
echo "🔑 READ ROOT PASSWORD FROM SECRETS"
|
||||||
|
|
||||||
|
# Check if MariaDB is running
|
||||||
|
if ! mariadb -h "$MYSQL_HOST" -u root -p"$ROOT_PASSWORD" -e "SELECT 1;" &>/dev/null; then
|
||||||
|
echo "❌ MariaDB is not responding"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if a specific user exists
|
||||||
|
USER_EXISTS=$(mariadb -h "$MYSQL_HOST" -u root -p"$ROOT_PASSWORD" -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${MYSQL_USER}');" | tail -n 1)
|
||||||
|
|
||||||
|
if [ "$USER_EXISTS" -ne 1 ]; then
|
||||||
|
echo "❌ User '${MYSQL_USER}' does not exist"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if the user can log in with the provided password
|
||||||
|
if ! mariadb -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" -e "SELECT 1;" &>/dev/null; then
|
||||||
|
echo "❌ User '${MYSQL_USER}' exists, but authentication failed with the provided password."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ MariaDB is healthy"
|
||||||
|
exit 0
|
||||||
74
apps/backend/database/init-user.sh
Normal file
74
apps/backend/database/init-user.sh
Normal file
@@ -0,0 +1,74 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
echo "🔄 Running MariaDB initialization script..."
|
||||||
|
|
||||||
|
# Wait until MariaDB is ready
|
||||||
|
until mysqladmin ping -h localhost --silent; do
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "✅ MariaDB is ready. Checking root credentials..."
|
||||||
|
|
||||||
|
# Try logging in with the root password
|
||||||
|
if ! mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SELECT 1;" &>/dev/null; then
|
||||||
|
echo "❌ ERROR: Root password in .env does not match the database!"
|
||||||
|
echo "🔄 Attempting to reset the root password..."
|
||||||
|
|
||||||
|
# Stop MariaDB safely
|
||||||
|
echo "⚠️ Stopping MariaDB..."
|
||||||
|
service mysql stop || pkill mysqld
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
# Start MariaDB in recovery mode
|
||||||
|
echo "🚀 Starting MariaDB in recovery mode..."
|
||||||
|
mysqld_safe --skip-grant-tables --skip-networking &
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
# Reset root password
|
||||||
|
echo "🔐 Resetting root password..."
|
||||||
|
mysql -u root <<EOSQL
|
||||||
|
ALTER USER 'root'@'localhost' IDENTIFIED BY '${MARIADB_ROOT_PASSWORD}';
|
||||||
|
ALTER USER 'root'@'%' IDENTIFIED BY '${MARIADB_ROOT_PASSWORD}';
|
||||||
|
FLUSH PRIVILEGES;
|
||||||
|
EOSQL
|
||||||
|
|
||||||
|
echo "✅ Root password reset successfully!"
|
||||||
|
|
||||||
|
# Restart MariaDB in normal mode
|
||||||
|
echo "🔄 Restarting MariaDB in production mode..."
|
||||||
|
service mysql stop || pkill mysqld
|
||||||
|
sleep 3
|
||||||
|
mysqld_safe &
|
||||||
|
sleep 5
|
||||||
|
else
|
||||||
|
echo "✅ Root password is correct."
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if the database exists
|
||||||
|
DB_EXISTS=$(mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SHOW DATABASES LIKE '${MARIADB_DATABASE}';" | grep "${MARIADB_DATABASE}" > /dev/null; echo "$?")
|
||||||
|
|
||||||
|
if [ "$DB_EXISTS" -ne 0 ]; then
|
||||||
|
echo "⚠️ Database '${MARIADB_DATABASE}' does not exist. Creating it now..."
|
||||||
|
mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "CREATE DATABASE ${MARIADB_DATABASE};"
|
||||||
|
echo "✅ Database '${MARIADB_DATABASE}' created!"
|
||||||
|
else
|
||||||
|
echo "✅ Database '${MARIADB_DATABASE}' already exists."
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure the database user exists and has the correct password
|
||||||
|
USER_EXISTS=$(mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${MARIADB_USER}');" | tail -n 1)
|
||||||
|
|
||||||
|
if [ "$USER_EXISTS" -eq 0 ]; then
|
||||||
|
echo "⚠️ User '${MARIADB_USER}' does not exist. Creating it now..."
|
||||||
|
mysql -u root -p"$MARIADB_ROOT_PASSWORD" <<EOSQL
|
||||||
|
CREATE USER '${MARIADB_USER}'@'%' IDENTIFIED BY '${MARIADB_PASSWORD}';
|
||||||
|
GRANT ALL PRIVILEGES ON ${MARIADB_DATABASE}.* TO '${MARIADB_USER}'@'%';
|
||||||
|
FLUSH PRIVILEGES;
|
||||||
|
EOSQL
|
||||||
|
echo "✅ User '${MARIADB_USER}' created and granted access to '${MARIADB_DATABASE}'!"
|
||||||
|
else
|
||||||
|
echo "✅ User '${MARIADB_USER}' already exists. Ensuring correct password."
|
||||||
|
mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "ALTER USER '${MARIADB_USER}'@'%' IDENTIFIED BY '${MARIADB_PASSWORD}'; FLUSH PRIVILEGES;"
|
||||||
|
echo "✅ Password for '${MARIADB_USER}' updated!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "🎉 MariaDB initialization complete!"
|
||||||
48
apps/backend/docker-compose.overwrite.yml
Normal file
48
apps/backend/docker-compose.overwrite.yml
Normal file
@@ -0,0 +1,48 @@
|
|||||||
|
### Backend (./apps/backend/docker-compose.yml)
|
||||||
|
include:
|
||||||
|
- ./database/docker-compose.yml
|
||||||
|
services:
|
||||||
|
backend:
|
||||||
|
container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-laravel-${ENVIRONMENT:-development}
|
||||||
|
profiles: ["laravel", "backend", "all", "app"]
|
||||||
|
ports:
|
||||||
|
- "${LARAVEL_PORT:-8000}:8000"
|
||||||
|
- "${LARAVEL_VITE_PORT:-5173}:5173"
|
||||||
|
env_file:
|
||||||
|
- ../../env/${ENVIRONMENT:-development}/.env.backend
|
||||||
|
volumes:
|
||||||
|
- ./src/entrypoint.sh:/usr/local/bin/entrypoint.sh
|
||||||
|
depends_on:
|
||||||
|
- database
|
||||||
|
build:
|
||||||
|
context: ./src
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
networks:
|
||||||
|
- backend
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=${TRAEFIK_ENABLE:-false}"
|
||||||
|
- "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
||||||
|
- "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.backend.tls=true"
|
||||||
|
- "traefik.http.routers.backend.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
|
||||||
|
- "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`"
|
||||||
|
- "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}"
|
||||||
|
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
||||||
|
backend-redis:
|
||||||
|
image: redis:alpine
|
||||||
|
container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-redis-${ENVIRONMENT:-development}
|
||||||
|
profiles: ["redis", "backend", "all"]
|
||||||
|
env_file:
|
||||||
|
- ../../env/${ENVIRONMENT:-development}/.env.backend
|
||||||
|
restart: unless-stopped
|
||||||
|
command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-laravel-redis-passwort} # Redis Passwort eingeben
|
||||||
|
volumes:
|
||||||
|
- backend_redis_data:/data
|
||||||
|
networks:
|
||||||
|
- backend
|
||||||
|
volumes:
|
||||||
|
backend_redis_data:
|
||||||
|
driver: local
|
||||||
|
name: "${INFRASTRUCTURE_LABEL}_backend_redis_data"
|
||||||
|
|
||||||
|
|
||||||
@@ -1,21 +1,23 @@
|
|||||||
### Backend (./apps/backend/docker-compose.yml)
|
### Backend (./apps/backend/docker-compose.yml)
|
||||||
|
include:
|
||||||
|
- ./database/docker-compose.yml
|
||||||
services:
|
services:
|
||||||
backend:
|
backend:
|
||||||
container_name: ${INFRASTRUCTURE_LABEL}-laravel-${ENVIRONMENT}
|
container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-laravel-${ENVIRONMENT:-development}
|
||||||
profiles: ["laravel", "backend", "all", "app"]
|
profiles: ["laravel", "backend", "all", "app"]
|
||||||
env_file:
|
env_file:
|
||||||
- ../../env/.env.all
|
- ../../env/${ENVIRONMENT:-development}/.env.backend
|
||||||
- ../../env/${ENVIRONMENT}/.env.proxy
|
volumes:
|
||||||
- ../../env/${ENVIRONMENT}/.env.database
|
- ./src/entrypoint.sh:/usr/local/bin/entrypoint.sh
|
||||||
- ../../env/${ENVIRONMENT}/.env.backend
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- database
|
- database
|
||||||
build:
|
build:
|
||||||
context: ./src
|
context: ./src
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
|
networks:
|
||||||
|
- backend
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=${TRAEFIK_ENABLE}"
|
- "traefik.enable=${TRAEFIK_ENABLE:-false}"
|
||||||
- "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
- "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
||||||
- "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)"
|
- "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)"
|
||||||
- "traefik.http.routers.backend.tls=true"
|
- "traefik.http.routers.backend.tls=true"
|
||||||
@@ -23,14 +25,21 @@ services:
|
|||||||
- "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`"
|
- "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`"
|
||||||
- "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}"
|
- "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}"
|
||||||
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
||||||
# Traefik-Crowdsec Stack
|
|
||||||
backend-redis:
|
backend-redis:
|
||||||
image: redis:alpine
|
image: redis:alpine
|
||||||
container_name: ${INFRASTRUCTURE_LABEL}-laravelredis-${ENVIRONMENT}
|
container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-redis-${ENVIRONMENT:-development}
|
||||||
profiles: ["redis", "backend", "all"]
|
profiles: ["redis", "backend", "all"]
|
||||||
|
env_file:
|
||||||
|
- ../../env/${ENVIRONMENT:-development}/.env.backend
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: redis-server --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben
|
command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-laravel-redis-passwort} # Redis Passwort eingeben
|
||||||
volumes:
|
volumes:
|
||||||
- ../../volumes/backend/redis:/data
|
- backend_redis_data:/data
|
||||||
networks:
|
networks:
|
||||||
backend:
|
- backend
|
||||||
|
volumes:
|
||||||
|
backend_redis_data:
|
||||||
|
driver: local
|
||||||
|
name: "${INFRASTRUCTURE_LABEL}_backend_redis_data"
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Submodule apps/backend/src updated: 0e3ecbb0a7...9ec88bb4fa
@@ -1,39 +0,0 @@
|
|||||||
### Database (./apps/database/docker-compose.yml)
|
|
||||||
# - [ ] Create a MariaDB service
|
|
||||||
# - [ ] Configure volumes for persistent storage of database data
|
|
||||||
# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/database.env)
|
|
||||||
# - [ ] Configure networking to allow connections from the backend service
|
|
||||||
# - [ ] Set up regular backup jobs for the database
|
|
||||||
# - [ ] Configure appropriate resource limits and restart policies
|
|
||||||
services:
|
|
||||||
database:
|
|
||||||
profiles: ["all", "mariadb", "backend", "app"]
|
|
||||||
image: mariadb:latest
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-default}-mariadb-${ENVIRONMENT:-development}
|
|
||||||
command: --bind-address=0.0.0.0
|
|
||||||
env_file:
|
|
||||||
- ../../env/.env.all
|
|
||||||
- ../../env/${ENVIRONMENT:-development}/.env.backend
|
|
||||||
- ../../env/${ENVIRONMENT:-development}/.env.proxy
|
|
||||||
environment:
|
|
||||||
- MARIADB_USER=${MARIADB_USER}
|
|
||||||
- MARIADB_DATABASE=${MARIADB_DATABASE}
|
|
||||||
- MARIADB_PASSWORD=${MARIADB_PASSWORD}
|
|
||||||
- MARIADB_ROOT_PASSWORD=root-mindboost
|
|
||||||
volumes:
|
|
||||||
- ../../volumes/database/mariadb:/var/lib/mysql
|
|
||||||
networks:
|
|
||||||
- backend
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
|
|
||||||
interval: 10s
|
|
||||||
retries: 3
|
|
||||||
adminer:
|
|
||||||
profiles: ["all", "mariadb", "backend", "app"]
|
|
||||||
image: adminer
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-default}-adminer-${ENVIRONMENT:-development}
|
|
||||||
restart: always
|
|
||||||
ports:
|
|
||||||
- 8082:8080
|
|
||||||
networks:
|
|
||||||
- backend
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
### Develop (./apps/develop/docker-compose.yml)
|
|
||||||
# - [ ] Create services for Gitea, Jenkins, and Adminer
|
|
||||||
# - [ ] Configure volumes for persistent storage of Git repositories, Jenkins data, and Adminer settings
|
|
||||||
# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/develop.env)
|
|
||||||
# - [ ] Configure networking to allow these services to communicate with each other and the necessary application services
|
|
||||||
# - [ ] Set up access controls and security measures for development tools
|
|
||||||
|
|
||||||
include:
|
|
||||||
- ./gitea/docker-compose.yml
|
|
||||||
@@ -1,44 +0,0 @@
|
|||||||
services:
|
|
||||||
gitea:
|
|
||||||
image: gitea/gitea:latest
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea
|
|
||||||
profiles: ["all", "gitea","develop"]
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- ${GITEA_VOLUME_PATH}:/data
|
|
||||||
- /etc/timezone:/etc/timezone:ro
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
depends_on:
|
|
||||||
- gitea_db
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=${TRAEFIK_ENABLE}"
|
|
||||||
- "traefik.http.routers.gitea.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
|
||||||
- "traefik.http.routers.gitea.rule=(Host(`${GITEA_DOMAIN})`)"
|
|
||||||
- "traefik.http.routers.gitea.tls=true"
|
|
||||||
- "traefik.http.routers.gitea.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
|
|
||||||
- "traefik.http.routers.gitea.service=gitea"
|
|
||||||
- 'traefik.http.services.gitea.loadbalancer.gitea.port=3000'
|
|
||||||
- "traefik.http.routers.gitea.tls.domains[0].main=`${GITEA_TLS_DOMAIN_MAIN}`"
|
|
||||||
|
|
||||||
# SSH routing, can't route based on host so anything to port 222 will come to this container
|
|
||||||
- "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
|
|
||||||
- "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
|
|
||||||
- "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
|
|
||||||
- "traefik.tcp.services.gitea-ssh-svc.loadbalancer.gitea.port=22"
|
|
||||||
|
|
||||||
gitea_db:
|
|
||||||
image: mysql:latest
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea_db
|
|
||||||
profiles: ["all", "gitea","develop"]
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- MYSQL_ROOT_PASSWORD=${GITEA_MYSQL_ROOT_PASSWORD}
|
|
||||||
- MYSQL_DATABASE=${GITEA_MYSQL_DATABASE}
|
|
||||||
- MYSQL_USER=${GITEA_MYSQL_USER}
|
|
||||||
- MYSQL_PASSWORD=${GITEA_MYSQL_PASSWORD}
|
|
||||||
volumes:
|
|
||||||
- ${GITEA_DATABASE_VOLUME_PATH}:/var/lib/mysql
|
|
||||||
|
|
||||||
networks:
|
|
||||||
gitea:
|
|
||||||
|
|
||||||
@@ -1,30 +0,0 @@
|
|||||||
version: '3.8'
|
|
||||||
|
|
||||||
services:
|
|
||||||
jenkins:
|
|
||||||
image: jenkins/jenkins:lts
|
|
||||||
container_name: jenkins
|
|
||||||
ports:
|
|
||||||
- "50000:50000" # Jenkins Agent Port
|
|
||||||
volumes:
|
|
||||||
- jenkins_home:/var/jenkins_home
|
|
||||||
environment:
|
|
||||||
- JAVA_OPTS=-Djenkins.install.runSetupWizard=false
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.jenkins.rule=Host(`j.haslach2025.de`)"
|
|
||||||
- "traefik.http.routers.jenkins.entrypoints=websecure"
|
|
||||||
- "traefik.http.routers.jenkins.tls=true"
|
|
||||||
- "traefik.http.routers.jenkins.tls.certresolver=http_resolver"
|
|
||||||
- "traefik.http.services.jenkins.loadbalancer.server.port=8080" # interner Port von Jenkins
|
|
||||||
- "traefik.docker.network=proxy"
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
jenkins_home:
|
|
||||||
driver: local
|
|
||||||
|
|
||||||
networks:
|
|
||||||
proxy:
|
|
||||||
external: true
|
|
||||||
@@ -1,48 +0,0 @@
|
|||||||
##
|
|
||||||
## ONE SCRIPT TO RULE THEM ALL
|
|
||||||
##
|
|
||||||
## Dieses Compose-File startet alle verfügbaren Services, abhängig von dem angegebenen ENVIRONMENT.
|
|
||||||
|
|
||||||
## Um diese Konfiguration zu verwenden, kannst du folgende Befehle nutzen:
|
|
||||||
## Um alle Services zu starten:
|
|
||||||
## docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile all up -d
|
|
||||||
|
|
||||||
## Um nur bestimmte Services zu starten (z.B. frontend und backend):
|
|
||||||
## docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile frontend --profile backend up -d
|
|
||||||
|
|
||||||
##
|
|
||||||
## Stellen Sie sicher, dass die .env.all Datei im angegebenen Verzeichnis existiert und den ENVIRONMENT Wert enthält.
|
|
||||||
##
|
|
||||||
|
|
||||||
include:
|
|
||||||
- path: ./proxy/docker-compose.yml
|
|
||||||
env_file:
|
|
||||||
- ../env/.env.all
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.proxy
|
|
||||||
- path: ./frontend/docker-compose.yml
|
|
||||||
env_file:
|
|
||||||
- ../env/.env.all
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.frontend
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.proxy
|
|
||||||
- path: ./backend/docker-compose.yml
|
|
||||||
- path: ./database/docker-compose.yml
|
|
||||||
- path: ./website/docker-compose.yml
|
|
||||||
env_file:
|
|
||||||
- ../env/.env.all
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.website
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.proxy
|
|
||||||
- path: ./administration/docker-compose.yml
|
|
||||||
env_file:
|
|
||||||
- ../env/.env.all
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.administration
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.proxy
|
|
||||||
- path: ./develop/docker-compose.yml
|
|
||||||
env_file:
|
|
||||||
- ../env/.env.all
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.develop
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.proxy
|
|
||||||
- path: ./tools/docker-compose.yml
|
|
||||||
env_file:
|
|
||||||
- ../env/.env.all
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.tools
|
|
||||||
- ../env/${ENVIRONMENT:-development}/.env.proxy
|
|
||||||
@@ -1,65 +0,0 @@
|
|||||||
##
|
|
||||||
## DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER
|
|
||||||
##
|
|
||||||
## Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass
|
|
||||||
## bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src
|
|
||||||
## Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik.
|
|
||||||
##
|
|
||||||
## Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik)
|
|
||||||
## Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt
|
|
||||||
##
|
|
||||||
services:
|
|
||||||
mariadb:
|
|
||||||
image: mariadb:latest
|
|
||||||
container_name: local_mariadb
|
|
||||||
command: --bind-address=0.0.0.0
|
|
||||||
environment:
|
|
||||||
- ALLOW_EMPTY_PASSWORD
|
|
||||||
- MARIADB_USER=mindboost
|
|
||||||
- MARIADB_DATABASE=mindboost
|
|
||||||
- MARIADB_PASSWORD=mindboost
|
|
||||||
- MARIADB_ROOT_PASSWORD=root-mindboost
|
|
||||||
volumes:
|
|
||||||
- ../volumes/daten/mariadb:/var/lib/mysql
|
|
||||||
networks:
|
|
||||||
- backend
|
|
||||||
frontend:
|
|
||||||
build:
|
|
||||||
context: ./frontend/src
|
|
||||||
dockerfile: Dockerfile.dev
|
|
||||||
container_name: local_frontend
|
|
||||||
volumes:
|
|
||||||
- ./frontend/src:/app
|
|
||||||
- /app/node_modules
|
|
||||||
ports:
|
|
||||||
- "3000:3000"
|
|
||||||
networks:
|
|
||||||
- backend
|
|
||||||
environment:
|
|
||||||
NODE_ENV: development
|
|
||||||
|
|
||||||
backend:
|
|
||||||
build:
|
|
||||||
context: ./backend/src
|
|
||||||
dockerfile: Dockerfile.dev
|
|
||||||
container_name: local_backend
|
|
||||||
ports:
|
|
||||||
- "8000:8000"
|
|
||||||
- "5173:5173"
|
|
||||||
volumes:
|
|
||||||
- ./backend/src:/var/www
|
|
||||||
networks:
|
|
||||||
- backend
|
|
||||||
depends_on:
|
|
||||||
- mariadb
|
|
||||||
adminer:
|
|
||||||
image: adminer
|
|
||||||
container_name: local_adminer
|
|
||||||
restart: always
|
|
||||||
ports:
|
|
||||||
- 8080:8080
|
|
||||||
networks:
|
|
||||||
- backend
|
|
||||||
networks:
|
|
||||||
backend:
|
|
||||||
external: false
|
|
||||||
@@ -1,107 +0,0 @@
|
|||||||
##
|
|
||||||
## DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER
|
|
||||||
##
|
|
||||||
## Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass
|
|
||||||
## bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src
|
|
||||||
## Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik.
|
|
||||||
##
|
|
||||||
## Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik)
|
|
||||||
## Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt
|
|
||||||
##
|
|
||||||
|
|
||||||
services:
|
|
||||||
prod-mariadb:
|
|
||||||
image: mariadb:latest
|
|
||||||
container_name: prod-mariadb
|
|
||||||
hostname: mariadb
|
|
||||||
command: --bind-address=0.0.0.0
|
|
||||||
env_file:
|
|
||||||
- ../config/.env.db
|
|
||||||
networks:
|
|
||||||
- ${BACKEND_NETWORK}
|
|
||||||
volumes:
|
|
||||||
- ../volumes/daten/mariadb:/var/lib/mysql
|
|
||||||
prod-redis:
|
|
||||||
image: redis:alpine
|
|
||||||
container_name: prod-redis
|
|
||||||
hostname: redis
|
|
||||||
networks:
|
|
||||||
- ${BACKEND_NETWORK}
|
|
||||||
restart: unless-stopped
|
|
||||||
command: redis-server --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben
|
|
||||||
volumes:
|
|
||||||
- ../volumes/daten/redis:/data
|
|
||||||
prod-frontend:
|
|
||||||
build:
|
|
||||||
context: ./frontend/src
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
container_name: prod-frontend
|
|
||||||
networks:
|
|
||||||
- ${BACKEND_NETWORK}
|
|
||||||
- ${TRAEFIK_NETWORK}
|
|
||||||
env_file:
|
|
||||||
- ../config/.env.frontend
|
|
||||||
- ../config/.env.traefik
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=${TRAEFIK_ENABLE}"
|
|
||||||
- "traefik.http.routers.prod-frontend.entrypoints=${TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT}"
|
|
||||||
- "traefik.http.routers.prod-frontend.rule=${TRAEFIK_ROUTER_FRONTEND_RULE}"
|
|
||||||
- "traefik.http.routers.prod-frontend.tls=${TRAEFIK_ROUTER_FRONTEND_TLS}"
|
|
||||||
- "traefik.http.routers.prod-frontend.tls.certresolver=${TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER}"
|
|
||||||
- "traefik.http.routers.prod-frontend.tls.domains[0].main=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN}"
|
|
||||||
- "traefik.http.routers.prod-frontend.tls.domains[0].sans=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS}"
|
|
||||||
- "traefik.http.services.prod-frontend.loadbalancer.server.port=${TRAEFIK_SERVICE_FRONTEND_PORT}"
|
|
||||||
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
|
||||||
prod-backend:
|
|
||||||
build:
|
|
||||||
context: ./backend/src
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
env_file:
|
|
||||||
- ../config/.env.backend
|
|
||||||
- ../config/.env.traefik
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=${TRAEFIK_ENABLE}"
|
|
||||||
- "traefik.http.routers.prod-backend.entrypoints=${TRAEFIK_ROUTER_BACKEND_ENTRYPOINT}"
|
|
||||||
- "traefik.http.routers.prod-backend.rule=${TRAEFIK_ROUTER_BACKEND_RULE}"
|
|
||||||
- "traefik.http.routers.prod-backend.tls=${TRAEFIK_ROUTER_BACKEND_TLS}"
|
|
||||||
- "traefik.http.routers.prod-backend.tls.certresolver=${TRAEFIK_ROUTER_BACKEND_CERTRESOLVER}"
|
|
||||||
- "traefik.http.routers.prod-backend.tls.domains[0].main=${TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN}"
|
|
||||||
- "traefik.http.services.prod-backend.loadbalancer.server.port=${TRAEFIK_SERVICE_BACKEND_PORT}"
|
|
||||||
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
|
||||||
networks:
|
|
||||||
- ${BACKEND_NETWORK}
|
|
||||||
- ${TRAEFIK_NETWORK}
|
|
||||||
depends_on:
|
|
||||||
- prod-mariadb
|
|
||||||
# Traefik-Crowdsec Stack
|
|
||||||
crowdsec:
|
|
||||||
extends:
|
|
||||||
file: ./proxy/docker-compose.yml
|
|
||||||
service: crowdsec
|
|
||||||
networks:
|
|
||||||
- ${TRAEFIK_NETWORK}
|
|
||||||
|
|
||||||
traefik:
|
|
||||||
extends:
|
|
||||||
file: ./proxy/docker-compose.yml
|
|
||||||
service: traefik
|
|
||||||
networks:
|
|
||||||
- ${TRAEFIK_NETWORK}
|
|
||||||
depends_on:
|
|
||||||
- crowdsec
|
|
||||||
|
|
||||||
traefik_crowdsec_bouncer:
|
|
||||||
extends:
|
|
||||||
file: ./proxy/docker-compose.yml
|
|
||||||
service: traefik_crowdsec_bouncer
|
|
||||||
networks:
|
|
||||||
- ${TRAEFIK_NETWORK}
|
|
||||||
depends_on:
|
|
||||||
- crowdsec
|
|
||||||
- traefik
|
|
||||||
|
|
||||||
networks:
|
|
||||||
prod-backend:
|
|
||||||
external: false
|
|
||||||
proxy:
|
|
||||||
external: true
|
|
||||||
19
apps/frontend/docker-compose.overwrite.yml
Normal file
19
apps/frontend/docker-compose.overwrite.yml
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
services:
|
||||||
|
webapp:
|
||||||
|
build:
|
||||||
|
context: ./src
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
args:
|
||||||
|
BACKEND_URL: ${BACKEND_URL:-http://localhost:8000} # this argument is important on build to set the server url!
|
||||||
|
container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development}
|
||||||
|
profiles: ["webapp", "frontend", "all", "app"]
|
||||||
|
ports:
|
||||||
|
- 3000:3000
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=${TRAEFIK_ENABLE:-false}"
|
||||||
|
- "traefik.http.routers.webapp.service=webapp"
|
||||||
|
- "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
||||||
|
- 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)'
|
||||||
|
- "traefik.http.services.webapp.loadbalancer.server.port=3000"
|
||||||
|
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
||||||
|
|
||||||
@@ -1,27 +1,17 @@
|
|||||||
### Frontend (./apps/frontend/docker-compose.yml)
|
|
||||||
# - [ ] Create a Vue.js frontend service
|
|
||||||
# - [ ] Set up a Node.js environment for the frontend
|
|
||||||
# - [ ] Configure volumes for persistent storage of frontend assets
|
|
||||||
# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/frontend.env)
|
|
||||||
# - [ ] Configure networking to communicate with the backend service
|
|
||||||
# - [ ] Set up healthchecks for the frontend service
|
|
||||||
services:
|
services:
|
||||||
webapp:
|
webapp:
|
||||||
build:
|
build:
|
||||||
context: ./src
|
context: ./src
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
|
args:
|
||||||
|
BACKEND_URL: ${BACKEND_URL:-http://localhost:8000} # this argument is important on build to set the backend server url!
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development}
|
container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development}
|
||||||
profiles: ["webapp", "frontend", "all", "app"]
|
profiles: ["webapp", "frontend", "all", "app"]
|
||||||
depends_on:
|
|
||||||
- database
|
|
||||||
- backend
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=${TRAEFIK_ENABLE}"
|
- "traefik.enable=${TRAEFIK_ENABLE:-false}"
|
||||||
|
- "traefik.http.routers.webapp.service=webapp"
|
||||||
- "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
- "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
||||||
- 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)'
|
- 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)'
|
||||||
- "traefik.http.routers.webapp.tls=true"
|
|
||||||
- "traefik.http.routers.webapp.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
|
|
||||||
- "traefik.http.routers.webapp.tls.domains[0].main=${FRONTEND_DOMAIN}"
|
|
||||||
- "traefik.http.routers.webapp.tls.domains[0].sans=${FRONTEND_DOMAIN_2}"
|
|
||||||
- "traefik.http.services.webapp.loadbalancer.server.port=3000"
|
- "traefik.http.services.webapp.loadbalancer.server.port=3000"
|
||||||
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
||||||
|
|
||||||
Submodule apps/frontend/src updated: 2d8bcb6067...03a625f7ac
@@ -1,30 +0,0 @@
|
|||||||
services:
|
|
||||||
wireguard:
|
|
||||||
image: linuxserver/wireguard
|
|
||||||
container_name: wireguard
|
|
||||||
cap_add:
|
|
||||||
- NET_ADMIN
|
|
||||||
- SYS_MODULE
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- TZ=Europe/Berlin
|
|
||||||
- SERVERURL=${SERVER_IP:?"❌ ERROR = SERVERURL is not set. Run set-server-ip.sh first."}
|
|
||||||
- SERVERPORT=51820
|
|
||||||
- PEERS=3 # Number of VPN clients to generate
|
|
||||||
- PEERDNS=auto
|
|
||||||
- INTERNAL_SUBNET=22.22.22.0
|
|
||||||
volumes:
|
|
||||||
- ../../volumes/security/wireguard/config:/config
|
|
||||||
- /lib/modules:/lib/modules
|
|
||||||
ports:
|
|
||||||
- "51820:51820/udp"
|
|
||||||
sysctls:
|
|
||||||
- net.ipv4.conf.all.src_valid_mark=1
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- wireguard_network
|
|
||||||
|
|
||||||
networks:
|
|
||||||
wireguard_network:
|
|
||||||
driver: bridge
|
|
||||||
@@ -1,50 +0,0 @@
|
|||||||
volumes:
|
|
||||||
etc_wireguard:
|
|
||||||
|
|
||||||
services:
|
|
||||||
wg-easy:
|
|
||||||
environment:
|
|
||||||
# Change Language:
|
|
||||||
# (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi, ja, si)
|
|
||||||
- LANG=${WG_LANG:-de}
|
|
||||||
# ⚠️ Required:
|
|
||||||
# Change this to your host's public address
|
|
||||||
- WG_HOST=${SERVER_IP:-localhost}
|
|
||||||
|
|
||||||
# Optional:
|
|
||||||
# - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
|
|
||||||
# - PORT=51821
|
|
||||||
# - WG_PORT=51820
|
|
||||||
# - WG_CONFIG_PORT=92820
|
|
||||||
- WG_DEFAULT_ADDRESS=${WG_DEFAULT_ADDRESS:-22.22.22.0}
|
|
||||||
# - WG_DEFAULT_DNS=1.1.1.1
|
|
||||||
# - WG_MTU=1420
|
|
||||||
# - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
|
|
||||||
# - WG_PERSISTENT_KEEPALIVE=25
|
|
||||||
# - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
|
|
||||||
# - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
|
|
||||||
# - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
|
|
||||||
# - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
|
|
||||||
# - UI_TRAFFIC_STATS=true
|
|
||||||
# - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
|
|
||||||
# - WG_ENABLE_ONE_TIME_LINKS=true
|
|
||||||
# - UI_ENABLE_SORT_CLIENTS=true
|
|
||||||
# - WG_ENABLE_EXPIRES_TIME=true
|
|
||||||
# - ENABLE_PROMETHEUS_METRICS=false
|
|
||||||
# - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$vkvKpeEAHD78gasyawIod.1leBMKg8sBwKW.pQyNsq78bXV3INf2G # (needs double $$, hash of 'prometheus_password'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
|
|
||||||
|
|
||||||
image: ghcr.io/wg-easy/wg-easy
|
|
||||||
container_name: wg-easy
|
|
||||||
volumes:
|
|
||||||
- ../../volumes/wireguardeasy/:/etc/wireguard
|
|
||||||
ports:
|
|
||||||
- "51820:51820/udp"
|
|
||||||
- "51821:51821/tcp"
|
|
||||||
restart: unless-stopped
|
|
||||||
cap_add:
|
|
||||||
- NET_ADMIN
|
|
||||||
- SYS_MODULE
|
|
||||||
# - NET_RAW # ⚠️ Uncomment if using Podman
|
|
||||||
sysctls:
|
|
||||||
- net.ipv4.ip_forward=1
|
|
||||||
- net.ipv4.conf.all.src_valid_mark=1
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
export SERVER_IP=$(curl -s https://api.ipify.org)
|
|
||||||
@@ -1,67 +0,0 @@
|
|||||||
### Tools (./apps/tools/docker-compose.yml)
|
|
||||||
# - [ ] Create services for Nextcloud, LimeSurvey, and LinkStack
|
|
||||||
# - [ ] Configure volumes for persistent storage of files, survey data, and link management data
|
|
||||||
# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT:-development}/tools.env)
|
|
||||||
# - [ ] Configure networking to expose these services to the internet via the proxy
|
|
||||||
# - [ ] Set up regular backup jobs for critical data in these services
|
|
||||||
|
|
||||||
services:
|
|
||||||
nextcloud-db:
|
|
||||||
image: mariadb:10.6
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-db-${ENVIRONMENT:-development}
|
|
||||||
profiles: ["all", "tools", "nextcloud"]
|
|
||||||
command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- /etc/timezone:/etc/timezone:ro
|
|
||||||
- ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloud/database:/var/lib/mysql
|
|
||||||
environment:
|
|
||||||
- MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben
|
|
||||||
- MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben
|
|
||||||
- MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name
|
|
||||||
- MYSQL_USER=mindboostcloud #SQL Nutzername
|
|
||||||
- MYSQL_INITDB_SKIP_TZINFO=1
|
|
||||||
- MARIADB_AUTO_UPGRADE=1
|
|
||||||
nextcloud-redis:
|
|
||||||
image: redis:alpine
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-redis-${ENVIRONMENT:-development}
|
|
||||||
profiles: ["all", "tools", "nextcloud"]
|
|
||||||
hostname: nextcloud-redis
|
|
||||||
restart: unless-stopped
|
|
||||||
command: redis-server --requirepass redis-mindboost-passwort # Redis Passwort eingeben
|
|
||||||
cloud:
|
|
||||||
image: nextcloud
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-default}-nextcloud-app-${ENVIRONMENT:-development}
|
|
||||||
profiles: ["all", "tools", "nextcloud"]
|
|
||||||
restart: unless-stopped
|
|
||||||
depends_on:
|
|
||||||
- nextcloud-db
|
|
||||||
- nextcloud-redis
|
|
||||||
environment:
|
|
||||||
TRUSTED_PROXIES: 172.16.255.254/16
|
|
||||||
OVERWRITEPROTOCOL: https
|
|
||||||
OVERWRITECLIURL: https://${CLOUD_DOMAIN:-cloud}
|
|
||||||
OVERWRITEHOST: ${CLOUD_DOMAIN:-cloud}
|
|
||||||
REDIS_HOST: nextcloud-redis
|
|
||||||
REDIS_HOST_PASSWORD: redis-mindboost-passwort # Redis Passwort von oben wieder eingeben
|
|
||||||
volumes:
|
|
||||||
- ./app:/var/www/html
|
|
||||||
- ../../volumes/tools/${INFRASTRUCTURE_LABEL:-default}_cloudapp/:/var/www/html/data
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.entrypoints=websecure"
|
|
||||||
- "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.rule=Host(`${CLOUD_DOMAIN}`)"
|
|
||||||
- "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls=true"
|
|
||||||
- "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.tls.certresolver=http_resolver"
|
|
||||||
- 'traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.service=cloud'
|
|
||||||
- "traefik.http.services.cloud.loadbalancer.server.port=80"
|
|
||||||
- "traefik.docker.network=${TRAEFIK_NETWORK:-default}"
|
|
||||||
- "traefik.http.routers.${INFRASTRUCTURE_LABEL:-default}_cloud.middlewares=nextcloud-dav,default@file"
|
|
||||||
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
|
|
||||||
- "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
|
|
||||||
networks:
|
|
||||||
- ${TRAEFIK_NETWORK}
|
|
||||||
networks:
|
|
||||||
nextcloud:
|
|
||||||
name: ${INFRASTRUCTURE_LABEL:-default}_nextcloud
|
|
||||||
@@ -1,23 +0,0 @@
|
|||||||
services:
|
|
||||||
kirbycms:
|
|
||||||
build:
|
|
||||||
context: ./kirby
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
image: kirbycms
|
|
||||||
container_name: ${INFRASTRUCTURE_LABEL:-default}-kirbycms-${ENVIRONMENT:-development}
|
|
||||||
profiles: ["website","kirbycms","all"]
|
|
||||||
volumes:
|
|
||||||
- ../../volumes/website/kirbycms:/var/www/html:rw # Persistente Daten
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
- ${TRAEFIK_NETWORK}
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=${TRAEFIK_ENABLE}"
|
|
||||||
- "traefik.docker.network=${TRAEFIK_NETWORK}"
|
|
||||||
- "traefik.http.routers.kirbycms.service=kirbycms"
|
|
||||||
- "traefik.http.routers.kirbycms.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
|
|
||||||
- "traefik.http.routers.kirbycms.tls.domains[0].main=`${WEBSITE_DOMAIN}`"
|
|
||||||
- "traefik.http.routers.kirbycms.rule=Host(`${WEBSITE_DOMAIN}`)"
|
|
||||||
- "traefik.http.routers.kirbycms.entrypoints=${TRAEFIK_ENTRYPOINT}"
|
|
||||||
- "traefik.http.routers.kirbycms.tls=true"
|
|
||||||
- "traefik.http.services.kirbycms.loadbalancer.server.port=80"
|
|
||||||
@@ -1,49 +0,0 @@
|
|||||||
# Use latest offical ubuntu image
|
|
||||||
FROM ubuntu:latest
|
|
||||||
|
|
||||||
# Set timezone
|
|
||||||
ENV TZ=Europe/Berlin
|
|
||||||
|
|
||||||
# Set geographic area using above variable
|
|
||||||
# This is necessary, otherwise building the image doesn't work
|
|
||||||
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
|
|
||||||
|
|
||||||
# Remove annoying messages during package installation
|
|
||||||
ARG DEBIAN_FRONTEND=noninteractive
|
|
||||||
|
|
||||||
# Install packages: web server & PHP plus extensions
|
|
||||||
RUN apt-get update && apt-get install -y \
|
|
||||||
apache2 \
|
|
||||||
apache2-utils \
|
|
||||||
ca-certificates \
|
|
||||||
php \
|
|
||||||
libapache2-mod-php \
|
|
||||||
php-curl \
|
|
||||||
php-dom \
|
|
||||||
php-gd \
|
|
||||||
php-intl \
|
|
||||||
php-json \
|
|
||||||
php-mbstring \
|
|
||||||
php-xml \
|
|
||||||
php-zip && \
|
|
||||||
apt-get clean && rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# Copy virtual host configuration from current path onto existing 000-default.conf
|
|
||||||
COPY default.conf /etc/apache2/sites-available/000-default.conf
|
|
||||||
|
|
||||||
# Remove default content (existing index.html)
|
|
||||||
RUN rm /var/www/html/*
|
|
||||||
|
|
||||||
# Activate Apache modules headers & rewrite
|
|
||||||
RUN a2enmod headers rewrite
|
|
||||||
|
|
||||||
# Ensure Group Ownership for www-data every member of kirbygroup should edit files
|
|
||||||
RUN groupadd -g 1003 kirbygroup && usermod -aG kirbygroup www-data
|
|
||||||
RUN chown -R www-data:kirbygroup /var/www/html
|
|
||||||
RUN chmod -R g+rw /var/www/html && find /var/www/html -type d -exec chmod g+xs {} \;
|
|
||||||
|
|
||||||
# Tell container to listen to port 80 at runtime
|
|
||||||
EXPOSE 80
|
|
||||||
|
|
||||||
# Start Apache web server
|
|
||||||
CMD [ "/usr/sbin/apache2ctl", "-DFOREGROUND" ]
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
<VirtualHost *:80>
|
|
||||||
ServerName localhost
|
|
||||||
# Set the document root
|
|
||||||
DocumentRoot "/var/www/html"
|
|
||||||
<Directory "/var/www/html">
|
|
||||||
# Allow overriding the default configuration via `.htaccess`
|
|
||||||
AllowOverride All
|
|
||||||
</Directory>
|
|
||||||
</VirtualHost>
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e -u
|
|
||||||
|
|
||||||
[[ $USERID ]] && usermod --uid "${USERID}" www-data
|
|
||||||
|
|
||||||
exec "$@"
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
USERID=0
|
|
||||||
230
env/.env.all
vendored
230
env/.env.all
vendored
@@ -1,230 +0,0 @@
|
|||||||
##
|
|
||||||
## Einstellung die für das gesamte Projekt gelten. Also der Name und der Admin
|
|
||||||
## Das Environment muss "production","staging" oder "development" heißen
|
|
||||||
|
|
||||||
INFRASTRUCTURE_LABEL=mindboost
|
|
||||||
ENVIRONMENT=development
|
|
||||||
|
|
||||||
ADMIN_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
ADMIN_PASSWORD_HASH='$2y$05$U7noO29Ru/4VB5x8TpZo3.b4VjH6AAnhufJJUG2Vs7qHCM2Cd8yIK' # for development = admin
|
|
||||||
|
|
||||||
SERVER_IP=127.0.0.1
|
|
||||||
|
|
||||||
|
|
||||||
#################################################################################################
|
|
||||||
# 🔧 ENVIRONMENT VARIABLES 🔧 #
|
|
||||||
#################################################################################################
|
|
||||||
#
|
|
||||||
# This file contains **default (fallback) values** for environment variables.
|
|
||||||
# These values ensure that services run with sane defaults if no other configuration is provided.
|
|
||||||
#
|
|
||||||
# 📌 **ENVIRONMENT VARIABLE PRIORITY ORDER (Lowest to Highest)**
|
|
||||||
# 1️⃣ **Fallback Values in the File** (Used only if no other source provides a value)
|
|
||||||
# 2️⃣ **Global Defaults in `.env.all`** (Shared settings across all services)
|
|
||||||
# 3️⃣ **Service-Specific `.env` Files** (Overrides per service group, e.g., `.env.backend`, `.env.proxy`)
|
|
||||||
# 4️⃣ **Preloaded Shell Environment** (`export VAR=value` before running `docker compose`)
|
|
||||||
# 5️⃣ **CLI Overrides** (`docker compose --env-file` or `-e VAR=value` → Highest Priority)
|
|
||||||
#
|
|
||||||
# 🔄 **Overwriting Behavior**
|
|
||||||
# - Variables defined in **`.env.all`** override values in this file.
|
|
||||||
# - Variables defined in **`.env.<service>`** (e.g., `.env.backend`) override `.env.all`.
|
|
||||||
# - Variables explicitly **exported in the shell** take priority over all `.env` files.
|
|
||||||
# - Variables passed via **CLI (`--env-file` or `-e VAR=value`)** have the **highest priority**.
|
|
||||||
#
|
|
||||||
# 🚀 **Key Takeaways**
|
|
||||||
# ✅ Use `.env.all` for common values across environments.
|
|
||||||
# ✅ Use `.env.<service>` for service-specific configurations.
|
|
||||||
# ✅ If needed, manually override variables in the shell or CLI.
|
|
||||||
#
|
|
||||||
#################################################################################################
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP ADMINISTRATION
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Portainer
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
PORTAINER_IMAGE=portainer/portainer-ce:latest
|
|
||||||
PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP DATABASE
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Datenbank (MariaDB)
|
|
||||||
# ----------------------------------
|
|
||||||
MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
MARIADB_PASSWORD=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
MARIADB_ROOT_PASSWORD=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}-root
|
|
||||||
|
|
||||||
MARIADB_PORT=3306
|
|
||||||
MARIADB_HOST=${INFRASTRUCTURE_LABEL:-default}_database_${ENVIRONMENT:-development}
|
|
||||||
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP BACKEND
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Redis
|
|
||||||
# ----------------------------------
|
|
||||||
REDIS_PASSWORD=laravel-redis-passwort
|
|
||||||
REDIS_PORT=6379
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Laravel Backend
|
|
||||||
# ----------------------------------
|
|
||||||
BACKEND_NETWORK=backend
|
|
||||||
APP_NAME="mindboost backend - Compose Deployment"
|
|
||||||
APP_URL=https://backend.local
|
|
||||||
LARAVEL_PORT=8000
|
|
||||||
LARAVEL_VITE_PORT=5173
|
|
||||||
DB_HOST=${MARIADB_HOST:-mariadb}
|
|
||||||
DB_PORT=${MARIADB_PORT:-3306}
|
|
||||||
DB_PASSWORD=${MARIADB_PASSWORD:-default}
|
|
||||||
DB_USERNAME=${MARIADB_USER:-default}
|
|
||||||
DB_DATABASE=${MARIADB_DATABASE:-default}
|
|
||||||
|
|
||||||
JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Adminer
|
|
||||||
# ----------------------------------
|
|
||||||
ADMINER_PORT=8080
|
|
||||||
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP DEVELOP
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# GITEA AND GITEA DB
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
USER_UID=1000
|
|
||||||
USER_GID=1000
|
|
||||||
|
|
||||||
GITEA_VOLUME_PATH=../../../volumes/develop/gitea/gitea
|
|
||||||
GITEA_DATABASE_VOLUME_PATH=../../../volumes/develop/gitea/gitea_db
|
|
||||||
|
|
||||||
GITEA_MYSQL_ROOT_PASSWORD=very-difficult-passwort-gitea
|
|
||||||
GITEA_MYSQL_USER=gitea
|
|
||||||
GITEA_MYSQL_PASSWORD=very-difficult-gitea
|
|
||||||
GITEA_MYSQL_DATABASE=gitea
|
|
||||||
GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true
|
|
||||||
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP FRONTEND
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# VUE APP
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
BACKEND_URL="backend.local"
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP PROXY
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# TRAEFIK
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
TRAEFIK_ENABLE=true
|
|
||||||
TRAEFIK_NETWORK=proxy
|
|
||||||
TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER:-admin}:${ADMIN_PASSWORD_HASH}
|
|
||||||
TRAEFIK_CERT_RESOLVER=
|
|
||||||
|
|
||||||
## Domains when TRAEFIK is ENABLED
|
|
||||||
|
|
||||||
PORTAINER_DOMAIN=portainer.local
|
|
||||||
FRONTEND_DOMAIN=frontend.local
|
|
||||||
FRONTEND_DOMAIN_2=app.frontend.local
|
|
||||||
BACKEND_DOMAIN=backend.local
|
|
||||||
WEBSITE_DOMAIN=web.local
|
|
||||||
GITEA_DOMAIN=gitea.local
|
|
||||||
LIMESURVEY_DOMAIN=survey.local
|
|
||||||
LINKSTACK_DOMAIN=linkstack.local
|
|
||||||
TRAEFIK_DOMAIN=traefik.local
|
|
||||||
CLOUD_DOMAIN=cloud.local
|
|
||||||
|
|
||||||
### TLS for Domains
|
|
||||||
|
|
||||||
PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN}
|
|
||||||
FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN}
|
|
||||||
FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2}
|
|
||||||
BACKEND_TLS_DOMAIN_MAIN=${BACKEND_DOMAIN}
|
|
||||||
WEBSITE_TLS_DOMAIN_MAIN=${WEBSITE_DOMAIN}
|
|
||||||
GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN}
|
|
||||||
LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN}
|
|
||||||
LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN}
|
|
||||||
TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN}
|
|
||||||
CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN}
|
|
||||||
|
|
||||||
|
|
||||||
## MIDDLEWARES
|
|
||||||
|
|
||||||
TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect
|
|
||||||
TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth
|
|
||||||
|
|
||||||
|
|
||||||
## ENTRYPOINTS
|
|
||||||
|
|
||||||
TRAEFIK_ENTRYPOINT=websecure
|
|
||||||
TRAEFIK_ENTRYPOINT_HTTP=web
|
|
||||||
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP SECURITY
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# WIREGUARD
|
|
||||||
# ----------------------------------
|
|
||||||
WG_DEFAULT_ADDRESS=22.22.22.0
|
|
||||||
WG_HOST=${SERVER_IP:-127.0.0.1}
|
|
||||||
WG_LANG=de
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP TOOLS
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# NEXTCLOUD DB
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben
|
|
||||||
MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben
|
|
||||||
MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name
|
|
||||||
MYSQL_USER=mindboostcloud #SQL Nutzername
|
|
||||||
MYSQL_INITDB_SKIP_TZINFO=1
|
|
||||||
MARIADB_AUTO_UPGRADE=1
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# NEXTCLOUD CLOUD
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
TRUSTED_PROXIES=172.16.255.254/16
|
|
||||||
OVERWRITEPROTOCOL=https
|
|
||||||
OVERWRITECLIURL=https://${CLOUD_DOMAIN:-cloud}
|
|
||||||
OVERWRITEHOST=${CLOUD_DOMAIN:-cloud}
|
|
||||||
REDIS_HOST=nextcloud-redis
|
|
||||||
REDIS_HOST_PASSWORD=redis-mindboost-passwort
|
|
||||||
|
|
||||||
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
## SEVICE GROUP WEBSITE
|
|
||||||
## ______________________________________________________________________________________________
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# KIRBY CMS
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
KIRBY_USER_ID=0
|
|
||||||
49
env/.env.backend
vendored
49
env/.env.backend
vendored
@@ -1,49 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# Datenbank (MariaDB)
|
|
||||||
# ----------------------------------
|
|
||||||
MARIADB_USER=mindboost
|
|
||||||
MARIADB_DATABASE=mindboost
|
|
||||||
MARIADB_PASSWORD=1stronges-mindboostdb-passwort
|
|
||||||
MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Redis
|
|
||||||
# ----------------------------------
|
|
||||||
REDIS_PASSWORD=laravel-redis-passwort
|
|
||||||
REDIS_PORT=6379
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Vue Frontend (Nuxt.js)
|
|
||||||
# ----------------------------------
|
|
||||||
VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team
|
|
||||||
VUE_FRONTEND_PORT=3001
|
|
||||||
VUE_INTERNAL_PORT=3000
|
|
||||||
VUE_FRONTEND_DOMAIN_1=app.mindboost.team
|
|
||||||
VUE_FRONTEND_DOMAIN_2=mindboost.app
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Laravel Backend
|
|
||||||
# ----------------------------------
|
|
||||||
BACKEND_NETWORK=backend
|
|
||||||
APP_NAME="mindboost backend - Compose Deployment"
|
|
||||||
APP_URL=https://b.mindboost.team
|
|
||||||
LARAVEL_PORT=8000
|
|
||||||
LARAVEL_VITE_PORT=5173
|
|
||||||
DB_HOST=mariadb
|
|
||||||
DB_PORT=3306
|
|
||||||
DB_PASSWORD=1stronges-mindboostdb-passwort
|
|
||||||
DB_USERNAME=mindboost
|
|
||||||
DB_DATABASE=mindboost
|
|
||||||
LARAVEL_DOMAIN=b.mindboost.team
|
|
||||||
JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F
|
|
||||||
# ----------------------------------
|
|
||||||
# Traefik
|
|
||||||
# ----------------------------------
|
|
||||||
TRAEFIK_CERT_RESOLVER=http_resolver
|
|
||||||
TRAEFIK_ENTRYPOINT=websecure
|
|
||||||
TRAEFIK_NETWORK=proxy
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Adminer
|
|
||||||
# ----------------------------------
|
|
||||||
ADMINER_PORT=8080
|
|
||||||
8
env/.env.db
vendored
8
env/.env.db
vendored
@@ -1,8 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# Datenbank (MariaDB)
|
|
||||||
# ----------------------------------
|
|
||||||
MARIADB_USER=mindboost
|
|
||||||
MARIADB_DATABASE=mindboost
|
|
||||||
MARIADB_PASSWORD=1stronges-mindboostdb-passwort
|
|
||||||
MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb
|
|
||||||
ADMINER_PORT=8000
|
|
||||||
1
env/.env.frontend
vendored
1
env/.env.frontend
vendored
@@ -1 +0,0 @@
|
|||||||
DB_HOST= BLALBLAB
|
|
||||||
1
env/.env.shared
vendored
1
env/.env.shared
vendored
@@ -1 +0,0 @@
|
|||||||
DB_HOST= BLALBLAB
|
|
||||||
24
env/.env.traefik
vendored
24
env/.env.traefik
vendored
@@ -1,24 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# Traefik
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
# Allgemein
|
|
||||||
TRAEFIK_ENABLE=true
|
|
||||||
TRAEFIK_NETWORK=proxy
|
|
||||||
|
|
||||||
# Backend
|
|
||||||
TRAEFIK_ROUTER_BACKEND_ENTRYPOINT=websecure
|
|
||||||
TRAEFIK_ROUTER_BACKEND_RULE=Host(`b.mindboost.team`)
|
|
||||||
TRAEFIK_ROUTER_BACKEND_TLS=true
|
|
||||||
TRAEFIK_ROUTER_BACKEND_CERTRESOLVER=http_resolver
|
|
||||||
TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN=b.mindboost.team
|
|
||||||
TRAEFIK_SERVICE_BACKEND_PORT=8000
|
|
||||||
|
|
||||||
# Frontend
|
|
||||||
TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT=websecure
|
|
||||||
TRAEFIK_ROUTER_FRONTEND_RULE=Host(`app.mindboost.team`)
|
|
||||||
TRAEFIK_ROUTER_FRONTEND_TLS=true
|
|
||||||
TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER=http_resolver
|
|
||||||
TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN=app.mindboost.team
|
|
||||||
TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS=mindboost.app
|
|
||||||
TRAEFIK_SERVICE_FRONTEND_PORT=3000
|
|
||||||
7
env/development/.env.administration
vendored
7
env/development/.env.administration
vendored
@@ -1,7 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# Portainer
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
PORTAINER_IMAGE=portainer/portainer-ce:latest
|
|
||||||
PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data
|
|
||||||
|
|
||||||
28
env/development/.env.backend
vendored
28
env/development/.env.backend
vendored
@@ -1,28 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Redis
|
|
||||||
# ----------------------------------
|
|
||||||
REDIS_PASSWORD=laravel-redis-passwort
|
|
||||||
REDIS_PORT=6379
|
|
||||||
SERVER_IP=${SERVER_IP:-localhost}
|
|
||||||
# ----------------------------------
|
|
||||||
# Laravel Backend
|
|
||||||
# ----------------------------------
|
|
||||||
BACKEND_NETWORK=backend
|
|
||||||
APP_NAME="mindboost backend - Compose Deployment"
|
|
||||||
APP_URL=https://backend.local
|
|
||||||
LARAVEL_PORT=8000
|
|
||||||
LARAVEL_VITE_PORT=5173
|
|
||||||
DB_HOST=${MARIADB_HOST:-mariadb}
|
|
||||||
DB_PORT=${MARIADB_PORT:-3306}
|
|
||||||
DB_PASSWORD=${MARIADB_PASSWORD:-default}
|
|
||||||
DB_USERNAME=${MARIADB_USER:-default}
|
|
||||||
DB_DATABASE=${MARIADB_DATABASE:-default}
|
|
||||||
|
|
||||||
JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Adminer
|
|
||||||
# ----------------------------------
|
|
||||||
ADMINER_PORT=8080
|
|
||||||
10
env/development/.env.database
vendored
10
env/development/.env.database
vendored
@@ -1,10 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# Datenbank (MariaDB)
|
|
||||||
# ----------------------------------
|
|
||||||
MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
MARIADB_PASSWORD=1stronges-mindboostdb-passwort
|
|
||||||
MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb
|
|
||||||
|
|
||||||
MARIADB_PORT=3306
|
|
||||||
MARIADB_HOST=${INFRASTRUCTURE_LABEL:-default}_database_${ENVIRONMENT:-development}
|
|
||||||
25
env/development/.env.develop
vendored
25
env/development/.env.develop
vendored
@@ -1,25 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# GITEA
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
USER_UID=1000
|
|
||||||
USER_GID=1000
|
|
||||||
|
|
||||||
GITEA_VOLUME_PATH=../../../volumes/develop/gitea/gitea
|
|
||||||
GITEA_DATABASE_VOLUME_PATH=../../../volumes/develop/gitea/gitea_db
|
|
||||||
|
|
||||||
GITEA_MYSQL_ROOT_PASSWORD=very-difficult-passwort-gitea
|
|
||||||
GITEA_MYSQL_USER=gitea
|
|
||||||
GITEA_MYSQL_PASSWORD=very-difficult-gitea
|
|
||||||
GITEA_MYSQL_DATABASE=gitea
|
|
||||||
GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# GITEA DB
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
DB_HOST=gitea_db:3306
|
|
||||||
DB_NAME=gitea
|
|
||||||
DB_PASSWD=very-difficult-gitea
|
|
||||||
DB_TYPE=mysql
|
|
||||||
DB_USER=gitea
|
|
||||||
5
env/development/.env.frontend
vendored
5
env/development/.env.frontend
vendored
@@ -1,5 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# VUE APP
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
BACKEND_URL="backend.local"
|
|
||||||
48
env/development/.env.proxy
vendored
48
env/development/.env.proxy
vendored
@@ -1,48 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# TRAEFIK
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
TRAEFIK_ENABLE=false
|
|
||||||
TRAEFIK_NETWORK=proxy
|
|
||||||
TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH}
|
|
||||||
TRAEFIK_CERT_RESOLVER=
|
|
||||||
|
|
||||||
## Domains when TRAEFIK is ENABLED
|
|
||||||
|
|
||||||
PORTAINER_DOMAIN=portainer.local
|
|
||||||
FRONTEND_DOMAIN=frontend.local
|
|
||||||
FRONTEND_DOMAIN_2=app.frontend.local
|
|
||||||
BACKEND_DOMAIN=backend.local
|
|
||||||
WEBSITE_DOMAIN=web.local
|
|
||||||
GITEA_DOMAIN=gitea.local
|
|
||||||
LIMESURVEY_DOMAIN=survey.local
|
|
||||||
LINKSTACK_DOMAIN=linkstack.local
|
|
||||||
TRAEFIK_DOMAIN=traefik.local
|
|
||||||
CLOUD_DOMAIN=cloud.local
|
|
||||||
|
|
||||||
### TLS for Domains
|
|
||||||
|
|
||||||
PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN}
|
|
||||||
FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN}
|
|
||||||
FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2}
|
|
||||||
BACKEND_TLS_DOMAIN_MAIN=${BACKEND_DOMAIN}
|
|
||||||
WEBSITE_TLS_DOMAIN_MAIN=${WEBSITE_DOMAIN}
|
|
||||||
GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN}
|
|
||||||
LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN}
|
|
||||||
LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN}
|
|
||||||
TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN}
|
|
||||||
CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN}
|
|
||||||
|
|
||||||
|
|
||||||
## MIDDLEWARES
|
|
||||||
|
|
||||||
TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect
|
|
||||||
TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth
|
|
||||||
|
|
||||||
|
|
||||||
## ENTRYPOINTS
|
|
||||||
|
|
||||||
TRAEFIK_ENTRYPOINT=websecure
|
|
||||||
TRAEFIK_ENTRYPOINT_HTTP=web
|
|
||||||
|
|
||||||
|
|
||||||
21
env/development/.env.tools
vendored
21
env/development/.env.tools
vendored
@@ -1,21 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# NEXTCLOUD DB
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben
|
|
||||||
MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben
|
|
||||||
MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name
|
|
||||||
MYSQL_USER=mindboostcloud #SQL Nutzername
|
|
||||||
MYSQL_INITDB_SKIP_TZINFO=1
|
|
||||||
MARIADB_AUTO_UPGRADE=1
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# NEXTCLOUD CLOUD
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
TRUSTED_PROXIES=172.16.255.254/16
|
|
||||||
OVERWRITEPROTOCOL=https
|
|
||||||
OVERWRITECLIURL=https://${CLOUD_DOMAIN:-cloud}
|
|
||||||
OVERWRITEHOST=${CLOUD_DOMAIN:-cloud}
|
|
||||||
REDIS_HOST=nextcloud-redis
|
|
||||||
REDIS_HOST_PASSWORD=redis-mindboost-passwort
|
|
||||||
5
env/development/.env.website
vendored
5
env/development/.env.website
vendored
@@ -1,5 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# KIRBY CMS
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
USER_ID=0
|
|
||||||
0
env/production/.env.administration
vendored
0
env/production/.env.administration
vendored
1
env/production/.env.backend
vendored
1
env/production/.env.backend
vendored
@@ -1 +0,0 @@
|
|||||||
${REDIS_PASSWORD}
|
|
||||||
7
env/production/.env.database
vendored
7
env/production/.env.database
vendored
@@ -1,7 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# Datenbank (MariaDB)
|
|
||||||
# ----------------------------------
|
|
||||||
MARIADB_USER=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
MARIADB_DATABASE=${INFRASTRUCTURE_LABEL:-default}_${ENVIRONMENT:-development}
|
|
||||||
MARIADB_PASSWORD=1stronges-mindboostdb-passwort
|
|
||||||
MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb
|
|
||||||
1
env/production/.env.develop
vendored
1
env/production/.env.develop
vendored
@@ -1 +0,0 @@
|
|||||||
ADMINER_PORT=8000
|
|
||||||
0
env/production/.env.frontend
vendored
0
env/production/.env.frontend
vendored
3
env/production/.env.portainer
vendored
3
env/production/.env.portainer
vendored
@@ -1,3 +0,0 @@
|
|||||||
PORTAINER_IMAGE=portainer/portainer-ce:latest
|
|
||||||
PORTAINER_DATA_PATH=/opt/containers/portainer/data
|
|
||||||
PORTAINER_DOMAIN=portainer.yourdomain.com
|
|
||||||
32
env/production/.env.proxy
vendored
32
env/production/.env.proxy
vendored
@@ -1,32 +0,0 @@
|
|||||||
TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-https-redirect
|
|
||||||
TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL:-default}-basic-auth
|
|
||||||
TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH}
|
|
||||||
|
|
||||||
# Service Crowdsec
|
|
||||||
SERVICES_CROWDSEC_CONTAINER_NAME=crowdsec
|
|
||||||
SERVICES_CROWDSEC_HOSTNAME=crowdsec
|
|
||||||
SERVICES_CROWDSEC_IMAGE=crowdsecurity/crowdsec
|
|
||||||
SERVICES_CROWDSEC_IMAGE_VERSION=latest
|
|
||||||
SERVICES_CROWDSEC_NETWORKS_CROWDSEC_IPV4=172.31.254.254
|
|
||||||
|
|
||||||
# Service Traefik
|
|
||||||
SERVICES_TRAEFIK_CONTAINER_NAME=${INFRASTRUCTURE_LABEL:-default}-traefik
|
|
||||||
SERVICES_TRAEFIK_HOSTNAME=${INFRASTRUCTURE_LABEL:-default}-traefik
|
|
||||||
SERVICES_TRAEFIK_IMAGE=traefik
|
|
||||||
SERVICES_TRAEFIK_IMAGE_VERSION=2.11
|
|
||||||
SERVICES_TRAEFIK_LABELS_TRAEFIK_HOST=`traefik.haslach2025.de`
|
|
||||||
SERVICES_TRAEFIK_NETWORKS_CROWDSEC_IPV4=172.31.254.253
|
|
||||||
SERVICES_TRAEFIK_NETWORKS_PROXY_IPV4=172.30.255.254
|
|
||||||
|
|
||||||
# Service Traefik Crowdsec Bouncer
|
|
||||||
SERVICES_TRAEFIK_CROWDSEC_BOUNCER_CONTAINER_NAME=traefik_crowdsec_bouncer
|
|
||||||
SERVICES_TRAEFIK_CROWDSEC_BOUNCER_HOSTNAME=traefik-crowdsec-bouncer
|
|
||||||
SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE=fbonalair/traefik-crowdsec-bouncer
|
|
||||||
SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE_VERSION=latest
|
|
||||||
SERVICES_TRAEFIK_CROWDSEC_BOUNCER_NETWORKS_CROWDSEC_IPV4=172.31.254.252
|
|
||||||
|
|
||||||
# Netzwerkeinstellungen
|
|
||||||
NETWORKS_PROXY_NAME=proxy
|
|
||||||
NETWORKS_PROXY_SUBNET_IPV4=172.30.0.0/16
|
|
||||||
NETWORKS_CROWDSEC_NAME=crowdsec
|
|
||||||
NETWORKS_CROWDSEC_SUBNET_IPV4=172.31.0.0/16
|
|
||||||
0
env/production/.env.tools
vendored
0
env/production/.env.tools
vendored
0
env/production/.env.website
vendored
0
env/production/.env.website
vendored
6
env/staging/.env.administration
vendored
6
env/staging/.env.administration
vendored
@@ -1,6 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Portainer
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
15
env/staging/.env.backend
vendored
15
env/staging/.env.backend
vendored
@@ -1,15 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Redis
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Laravel Backend
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# Adminer
|
|
||||||
# ----------------------------------
|
|
||||||
3
env/staging/.env.database
vendored
3
env/staging/.env.database
vendored
@@ -1,3 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# Datenbank (MariaDB)
|
|
||||||
# ----------------------------------
|
|
||||||
9
env/staging/.env.develop
vendored
9
env/staging/.env.develop
vendored
@@ -1,9 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# GITEA
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# GITEA DB
|
|
||||||
# ----------------------------------
|
|
||||||
3
env/staging/.env.frontend
vendored
3
env/staging/.env.frontend
vendored
@@ -1,3 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# VUE APP
|
|
||||||
# ----------------------------------
|
|
||||||
4
env/staging/.env.proxy
vendored
4
env/staging/.env.proxy
vendored
@@ -1,4 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# TRAEFIK
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
9
env/staging/.env.tools
vendored
9
env/staging/.env.tools
vendored
@@ -1,9 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# NEXTCLOUD DB
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# ----------------------------------
|
|
||||||
# NEXTCLOUD CLOUD
|
|
||||||
# ----------------------------------
|
|
||||||
4
env/staging/.env.website
vendored
4
env/staging/.env.website
vendored
@@ -1,4 +0,0 @@
|
|||||||
# ----------------------------------
|
|
||||||
# KIRBY CMS
|
|
||||||
# ----------------------------------
|
|
||||||
|
|
||||||
3
scripts/debug/deploy-backend.sh
Executable file
3
scripts/debug/deploy-backend.sh
Executable file
@@ -0,0 +1,3 @@
|
|||||||
|
source ./../setup/set-global-env.sh
|
||||||
|
chmod +x ./../../apps/backend/src/entrypoint.sh
|
||||||
|
docker compose -f ./../../apps/backend/docker-compose.overwrite.yml --env-file ./../../env/${ENVIRONMENT}/.env.database --env-file ./../../env/${ENVIRONMENT}/.env.backend --profile backend up
|
||||||
3
scripts/debug/deploy-frontend.sh
Executable file
3
scripts/debug/deploy-frontend.sh
Executable file
@@ -0,0 +1,3 @@
|
|||||||
|
source ./../setup/set-global-env.sh
|
||||||
|
source ./../setup/set-frontend-env.sh
|
||||||
|
docker compose -f ./../../apps/frontend/docker-compose.overwrite.yml --env-file ./../../env/${ENVIRONMENT}/.env.frontend --profile frontend up
|
||||||
87
scripts/setup/generate-secrets.sh
Executable file
87
scripts/setup/generate-secrets.sh
Executable file
@@ -0,0 +1,87 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# 🚀 Script to Generate Secure Secrets for Deployment
|
||||||
|
|
||||||
|
# Define root directory relative to the script location
|
||||||
|
|
||||||
|
# Stelle sicher, dass ROOT_DIR gesetzt ist
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
|
||||||
|
source ./set-project-root.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
SECRET_FILE="$ROOT_DIR/env/secrets.env"
|
||||||
|
GITIGNORE_FILE="$ROOT_DIR/.gitignore"
|
||||||
|
|
||||||
|
# ✅ Function to check if a command is installed
|
||||||
|
check_dependency() {
|
||||||
|
command -v "$1" >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
# 🔍 Check for OpenSSL, and prompt user to install if missing
|
||||||
|
if ! check_dependency "openssl"; then
|
||||||
|
echo "⚠️ OpenSSL is not installed. It is required to generate secure secrets."
|
||||||
|
echo "Would you like to install OpenSSL now? (yes/no)"
|
||||||
|
read -r install_choice
|
||||||
|
if [[ "$install_choice" == "yes" ]]; then
|
||||||
|
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
||||||
|
sudo apt update && sudo apt install -y openssl
|
||||||
|
elif [[ "$OSTYPE" == "darwin"* ]]; then
|
||||||
|
brew install openssl
|
||||||
|
else
|
||||||
|
echo "❌ Unsupported OS. Please install OpenSSL manually."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "❌ OpenSSL is required but was not installed. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ✅ Securely generate random values
|
||||||
|
generate_secret() {
|
||||||
|
openssl rand -base64 32
|
||||||
|
}
|
||||||
|
|
||||||
|
# 🔄 Check if the secret file already exists
|
||||||
|
if [ -f "$SECRET_FILE" ]; then
|
||||||
|
echo "⚠️ $SECRET_FILE already exists. Overwrite? (yes/no)"
|
||||||
|
read -r response
|
||||||
|
if [[ "$response" != "yes" ]]; then
|
||||||
|
echo "❌ Secret file creation canceled."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ✏️ Write secrets to file
|
||||||
|
echo "🔐 Generating $SECRET_FILE ..."
|
||||||
|
mkdir -p "$(dirname "$SECRET_FILE")" # Ensure the env directory exists
|
||||||
|
> "$SECRET_FILE" # Clear file if it exists
|
||||||
|
|
||||||
|
# 🔑 Define and write secrets
|
||||||
|
echo "ADMIN_PASSWORD_HASH=$(openssl passwd -6 admin)" >> "$SECRET_FILE"
|
||||||
|
echo "JWT_SECRET=$(generate_secret)" >> "$SECRET_FILE"
|
||||||
|
echo "MARIADB_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||||
|
echo "MARIADB_ROOT_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||||
|
echo "REDIS_HOST_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||||
|
echo "TRAEFIK_BASIC_AUTH_USERS=admin:$(openssl passwd -6 traefikpass)" >> "$SECRET_FILE"
|
||||||
|
echo "GITEA_MYSQL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||||
|
echo "NEXTCLOUD_ADMIN_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||||
|
echo "MAIL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
|
||||||
|
|
||||||
|
# 🛑 Ensure secrets.env is ignored by Git **without overwriting last line**
|
||||||
|
if [ -f "$SECRET_FILE" ]; then
|
||||||
|
# Check if the last line is missing a newline and fix it
|
||||||
|
if [ -s "$GITIGNORE_FILE" ] && [ "$(tail -c1 "$GITIGNORE_FILE")" != "" ]; then
|
||||||
|
echo "" >> "$GITIGNORE_FILE"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Append 'env/secrets.env' only if it's not already in .gitignore
|
||||||
|
if ! grep -q "^env/secrets.env$" "$GITIGNORE_FILE"; then
|
||||||
|
echo "env/secrets.env" >> "$GITIGNORE_FILE"
|
||||||
|
echo "✅ Added 'env/secrets.env' to .gitignore"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ Secrets have been generated and stored in $SECRET_FILE."
|
||||||
|
echo "⚠️ Keep this file secure and do NOT commit it to Git!"
|
||||||
59
scripts/setup/set-frontend-env.sh
Normal file
59
scripts/setup/set-frontend-env.sh
Normal file
@@ -0,0 +1,59 @@
|
|||||||
|
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Stelle sicher, dass ROOT_DIR gesetzt ist
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
|
||||||
|
# Bestimme das Root-Verzeichnis des Git-Repos
|
||||||
|
ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
|
||||||
|
|
||||||
|
# Falls das Repository nicht gefunden wurde, abbrechen
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ Fehler: Kein Git-Repository gefunden!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setze die Variable für die aktuelle Shell-Sitzung
|
||||||
|
export ROOT_DIR
|
||||||
|
echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root
|
||||||
|
ENV_FILE="$ROOT_DIR/env/development/.env.frontend"
|
||||||
|
|
||||||
|
# Prüfen, ob die Datei existiert
|
||||||
|
if [ ! -f "$ENV_FILE" ]; then
|
||||||
|
echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ ENV-Datei vorhanden: $ENV_FILE"
|
||||||
|
|
||||||
|
# Funktion: Alle Variablen exportieren
|
||||||
|
export_env_vars() {
|
||||||
|
while IFS='=' read -r key value; do
|
||||||
|
# Entferne führende und nachfolgende Leerzeichen
|
||||||
|
key=$(echo "$key" | xargs)
|
||||||
|
value=$(echo "$value" | xargs)
|
||||||
|
|
||||||
|
# Falls die Zeile ein Kommentar oder leer ist, überspringen
|
||||||
|
if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
# Exportiere die Variable
|
||||||
|
export "$key=$value"
|
||||||
|
done < "$ENV_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Alle Variablen exportieren
|
||||||
|
export_env_vars
|
||||||
|
|
||||||
|
echo "🔹 Geladene Variablen:"
|
||||||
|
grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do
|
||||||
|
echo "$var=${!var}" # Gibt die gesetzten Variablen mit ihrem Wert aus
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
65
scripts/setup/set-global-env.sh
Normal file
65
scripts/setup/set-global-env.sh
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Stelle sicher, dass ROOT_DIR gesetzt ist
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
|
||||||
|
# Bestimme das Root-Verzeichnis des Git-Repos
|
||||||
|
ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
|
||||||
|
|
||||||
|
# Falls das Repository nicht gefunden wurde, abbrechen
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ Fehler: Kein Git-Repository gefunden!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setze die Variable für die aktuelle Shell-Sitzung
|
||||||
|
export ROOT_DIR
|
||||||
|
echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root
|
||||||
|
ENV_FILE="$ROOT_DIR/env/.env.all"
|
||||||
|
|
||||||
|
# Prüfen, ob die Datei existiert
|
||||||
|
if [ ! -f "$ENV_FILE" ]; then
|
||||||
|
echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ ENV-Datei vorhanden: $ENV_FILE"
|
||||||
|
|
||||||
|
# Funktion: Alle Variablen exportieren
|
||||||
|
export_env_vars() {
|
||||||
|
while IFS='=' read -r key value; do
|
||||||
|
# Entferne führende und nachfolgende Leerzeichen
|
||||||
|
key=$(echo "$key" | xargs)
|
||||||
|
value=$(echo "$value" | xargs)
|
||||||
|
|
||||||
|
# Falls die Zeile ein Kommentar oder leer ist, überspringen
|
||||||
|
if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Entferne umschließende Anführungszeichen, falls vorhanden
|
||||||
|
value=$(echo "$value" | sed -E 's/^"(.*)"$/\1/')
|
||||||
|
|
||||||
|
# Exportiere die Variable
|
||||||
|
export "$key=$value"
|
||||||
|
done < "$ENV_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Alle Variablen exportieren
|
||||||
|
export_env_vars
|
||||||
|
|
||||||
|
export SERVER_IP=$(curl -s https://api.ipify.org)
|
||||||
|
|
||||||
|
echo "🔹 Geladene Variablen:"
|
||||||
|
grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do
|
||||||
|
echo "$var=${!var}" # Gibt die gesetzten Variablen mit ihrem Wert aus
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
14
scripts/setup/set-project-root.sh
Normal file
14
scripts/setup/set-project-root.sh
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Bestimme das Root-Verzeichnis des Git-Repos
|
||||||
|
ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
|
||||||
|
|
||||||
|
# Falls das Repository nicht gefunden wurde, abbrechen
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ Fehler: Kein Git-Repository gefunden!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setze die Variable für die aktuelle Shell-Sitzung
|
||||||
|
export ROOT_DIR
|
||||||
|
echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"
|
||||||
60
scripts/setup/set-proxy-env.sh
Normal file
60
scripts/setup/set-proxy-env.sh
Normal file
@@ -0,0 +1,60 @@
|
|||||||
|
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Stelle sicher, dass ROOT_DIR gesetzt ist
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
|
||||||
|
source ./set-project-root.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Stelle sicher, dass ENVIRONMENT gesetzt ist
|
||||||
|
if [ -z "$ENVIRONMENT" ]; then
|
||||||
|
echo "❌ WARN: ENVIRONMENT ist nicht gesetzt! Setze ENVIRONMENT..."
|
||||||
|
source ./set-global-env.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root
|
||||||
|
ENV_FILE="$ROOT_DIR/env/${ENVIRONMENT}/.env.proxy"
|
||||||
|
|
||||||
|
# Prüfen, ob die Datei existiert
|
||||||
|
if [ ! -f "$ENV_FILE" ]; then
|
||||||
|
echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "✅ ENV-Datei vorhanden: $ENV_FILE"
|
||||||
|
|
||||||
|
# Funktion: Alle Variablen exportieren
|
||||||
|
export_env_vars() {
|
||||||
|
while IFS='=' read -r key value; do
|
||||||
|
# Entferne führende und nachfolgende Leerzeichen
|
||||||
|
key=$(echo "$key" | xargs)
|
||||||
|
value=$(echo "$value" | xargs)
|
||||||
|
|
||||||
|
# Falls die Zeile ein Kommentar oder leer ist, überspringen
|
||||||
|
if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Entferne umschließende Anführungszeichen, falls vorhanden
|
||||||
|
value=$(echo "$value" | sed -E 's/^"(.*)"$/\1/')
|
||||||
|
|
||||||
|
# Exportiere die Variable
|
||||||
|
export "$key=$value"
|
||||||
|
done < "$ENV_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Alle Variablen exportieren
|
||||||
|
export_env_vars
|
||||||
|
|
||||||
|
export SERVER_IP=$(curl -s https://api.ipify.org)
|
||||||
|
|
||||||
|
echo "🔹 Geladene Variablen:"
|
||||||
|
grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do
|
||||||
|
echo "$var=${!var}" # Gibt die gesetzten Variablen mit ihrem Wert aus
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Pfad zur .env.all Datei
|
# Pfad zur .env.all Datei
|
||||||
ENV_FILE="../env/.env.all"
|
ENV_FILE="../../env/.env.all"
|
||||||
|
|
||||||
# Funktion zum Überprüfen der Existenz einer Datei
|
# Funktion zum Überprüfen der Existenz einer Datei
|
||||||
check_file_exists() {
|
check_file_exists() {
|
||||||
@@ -12,7 +12,7 @@ check_file_exists() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Überprüfe die Existenz von .env.all
|
# Überprüfe die Existenz von .env.all
|
||||||
check_file_exists "../env/.env.all"
|
check_file_exists "../../env/.env.all"
|
||||||
|
|
||||||
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
||||||
get_env_var() {
|
get_env_var() {
|
||||||
@@ -25,8 +25,8 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT")
|
|||||||
|
|
||||||
# Load environment variables from the .env files
|
# Load environment variables from the .env files
|
||||||
set -o allexport
|
set -o allexport
|
||||||
source ../env/.env.all
|
source ../../env/.env.all
|
||||||
source ../env/${ENVIRONMENT}/.env.administration
|
source ../../env/${ENVIRONMENT:-development}/.env.administration
|
||||||
set +o allexport
|
set +o allexport
|
||||||
|
|
||||||
# Liste Stacks
|
# Liste Stacks
|
||||||
@@ -39,14 +39,14 @@ ENVIRONMENTS=("development" "staging" "production")
|
|||||||
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
||||||
missing_files=0
|
missing_files=0
|
||||||
for stack in "${STACKS[@]}"; do
|
for stack in "${STACKS[@]}"; do
|
||||||
env_file="../env/${ENVIRONMENT}/.env.${stack}"
|
env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
|
||||||
if ! check_file_exists "$env_file"; then
|
if ! check_file_exists "$env_file"; then
|
||||||
missing_files=$((missing_files + 1))
|
missing_files=$((missing_files + 1))
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ $missing_files -eq 0 ]; then
|
if [ $missing_files -eq 0 ]; then
|
||||||
echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT}-Environment sind vorhanden."
|
echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT:-development}-Environment sind vorhanden."
|
||||||
else
|
else
|
||||||
echo "Warnung: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren."
|
echo "Warnung: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren."
|
||||||
fi
|
fi
|
||||||
@@ -55,7 +55,7 @@ fi
|
|||||||
for env in "${ENVIRONMENTS[@]}"; do
|
for env in "${ENVIRONMENTS[@]}"; do
|
||||||
if [ "$env" != "$ENVIRONMENT" ]; then
|
if [ "$env" != "$ENVIRONMENT" ]; then
|
||||||
for stack in "${STACKS[@]}"; do
|
for stack in "${STACKS[@]}"; do
|
||||||
env_file="../env/${env}/.env.${stack}"
|
env_file="../../env/${env}/.env.${stack}"
|
||||||
if ! check_file_exists "$env_file"; then
|
if ! check_file_exists "$env_file"; then
|
||||||
echo "Warnung: Die Datei $env_file fehlt für das Environment $env."
|
echo "Warnung: Die Datei $env_file fehlt für das Environment $env."
|
||||||
fi
|
fi
|
||||||
@@ -72,4 +72,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
|
|||||||
echo "-----------------------------------"
|
echo "-----------------------------------"
|
||||||
|
|
||||||
# Ausführen des Docker Compose Befehls
|
# Ausführen des Docker Compose Befehls
|
||||||
docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile administration up --remove-orphans
|
docker compose -f ../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile administration up --remove-orphans
|
||||||
@@ -1,7 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
source ../setup/set-project-root.sh
|
||||||
|
source ../setup/set-global-env.sh
|
||||||
|
source ../setup/set-proxy-env.sh
|
||||||
|
source ../setup/generate-secrets.sh
|
||||||
|
|
||||||
|
|
||||||
# Pfad zur .env.all Datei
|
# Pfad zur .env.all Datei
|
||||||
ENV_FILE="../env/.env.all"
|
ENV_FILE="../../env/.env.all"
|
||||||
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
||||||
get_env_var() {
|
get_env_var() {
|
||||||
grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
|
grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
|
||||||
@@ -25,7 +30,6 @@ check_file_exists() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Prüfe, ob das Skript nur in der Entwicklungsumgebung ausgeführt wird
|
# Prüfe, ob das Skript nur in der Entwicklungsumgebung ausgeführt wird
|
||||||
if [ "$ENVIRONMENT" == "development" ]; then
|
if [ "$ENVIRONMENT" == "development" ]; then
|
||||||
@@ -43,7 +47,7 @@ if [ "$ENVIRONMENT" == "development" ]; then
|
|||||||
echo "🔹 ENVIRONMENT ist 'development' – Hosts aus .env.proxy werden hinzugefügt und Container gestartet."
|
echo "🔹 ENVIRONMENT ist 'development' – Hosts aus .env.proxy werden hinzugefügt und Container gestartet."
|
||||||
|
|
||||||
# Pfad zur Proxy-Env-Datei
|
# Pfad zur Proxy-Env-Datei
|
||||||
ENV_PROXY_FILE="../env/development/.env.proxy"
|
ENV_PROXY_FILE="../../env/development/.env.proxy"
|
||||||
|
|
||||||
# Hosts-Datei Pfad (Linux/macOS)
|
# Hosts-Datei Pfad (Linux/macOS)
|
||||||
HOSTS_FILE="/etc/hosts"
|
HOSTS_FILE="/etc/hosts"
|
||||||
@@ -72,12 +76,12 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Überprüfe die Existenz von .env.all
|
# Überprüfe die Existenz von .env.all
|
||||||
check_file_exists "../env/.env.all"
|
check_file_exists "../../env/.env.all"
|
||||||
|
|
||||||
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
||||||
missing_files=0
|
missing_files=0
|
||||||
for stack in "${STACKS[@]}"; do
|
for stack in "${STACKS[@]}"; do
|
||||||
env_file="../env/${ENVIRONMENT}/.env.${stack}"
|
env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
|
||||||
if ! check_file_exists "$env_file"; then
|
if ! check_file_exists "$env_file"; then
|
||||||
missing_files=$((missing_files + 1))
|
missing_files=$((missing_files + 1))
|
||||||
fi
|
fi
|
||||||
@@ -102,4 +106,4 @@ if [[ "$1" == "--build" ]]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Ausführen des Docker Compose Befehls
|
# Ausführen des Docker Compose Befehls
|
||||||
docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION
|
docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION
|
||||||
@@ -1,7 +1,11 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
source ../setup/set-project-root.sh
|
||||||
|
source ../setup/set-global-env.sh
|
||||||
|
source ../setup/set-proxy-env.sh
|
||||||
|
source ../setup/generate-secrets.sh
|
||||||
|
|
||||||
# Pfad zur .env.all Datei
|
# Pfad zur .env.all Datei
|
||||||
ENV_FILE="../env/.env.all"
|
ENV_FILE="../../env/.env.all"
|
||||||
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
||||||
get_env_var() {
|
get_env_var() {
|
||||||
grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
|
grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
|
||||||
@@ -13,7 +17,7 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT")
|
|||||||
SERVER_IP=$(curl -s https://api.ipify.org)
|
SERVER_IP=$(curl -s https://api.ipify.org)
|
||||||
|
|
||||||
# Liste aller Stacks
|
# Liste aller Stacks
|
||||||
STACKS=("administration" "frontend" "develop" "database" "proxy" "tools" "website" "backend")
|
STACKS=("proxy" "frontend" "database" "backend")
|
||||||
|
|
||||||
# Liste aller Environments
|
# Liste aller Environments
|
||||||
ENVIRONMENTS=("development" "staging" "production")
|
ENVIRONMENTS=("development" "staging" "production")
|
||||||
@@ -26,12 +30,12 @@ check_file_exists() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
# Überprüfe die Existenz von .env.all
|
# Überprüfe die Existenz von .env.all
|
||||||
check_file_exists "../env/.env.all"
|
check_file_exists "../../env/.env.all"
|
||||||
|
|
||||||
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
||||||
missing_files=0
|
missing_files=0
|
||||||
for stack in "${STACKS[@]}"; do
|
for stack in "${STACKS[@]}"; do
|
||||||
env_file="../env/${ENVIRONMENT}/.env.${stack}"
|
env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
|
||||||
if ! check_file_exists "$env_file"; then
|
if ! check_file_exists "$env_file"; then
|
||||||
missing_files=$((missing_files + 1))
|
missing_files=$((missing_files + 1))
|
||||||
fi
|
fi
|
||||||
@@ -44,7 +48,7 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Ausgabe der Variablen
|
# Ausgabe der Variablen
|
||||||
echo "Deploying to:"
|
echo "Deploying to"
|
||||||
echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}"
|
echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}"
|
||||||
echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
|
echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
|
||||||
echo "-----------------------------------"
|
echo "-----------------------------------"
|
||||||
@@ -55,5 +59,7 @@ if [[ "$1" == "--build" ]]; then
|
|||||||
BUILD_OPTION="--build"
|
BUILD_OPTION="--build"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Ausführen des Docker Compose Befehls
|
# Ausführen des Docker Compose Befehls
|
||||||
docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile app up --remove-orphans $BUILD_OPTION
|
docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --profile app up --remove-orphans $BUILD_OPTION
|
||||||
|
|
||||||
3
scripts/start/deploy-backend.sh
Executable file
3
scripts/start/deploy-backend.sh
Executable file
@@ -0,0 +1,3 @@
|
|||||||
|
source ./../setup/set-global-env.sh
|
||||||
|
chmod +x ./../../apps/backend/src/entrypoint.sh
|
||||||
|
docker compose -f ./../../apps/backend/docker-compose.yml --env-file ./../../env/${ENVIRONMENT}/.env.database --env-file ./../../env/${ENVIRONMENT}/.env.backend --profile backend up
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Pfad zur .env.all Datei
|
# Pfad zur .env.all Datei
|
||||||
ENV_FILE="../env/.env.all"
|
ENV_FILE="../../env/.env.all"
|
||||||
|
|
||||||
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
||||||
get_env_var() {
|
get_env_var() {
|
||||||
@@ -27,12 +27,12 @@ check_file_exists() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Überprüfe die Existenz von .env.all
|
# Überprüfe die Existenz von .env.all
|
||||||
check_file_exists "../env/.env.all"
|
check_file_exists "../../env/.env.all"
|
||||||
|
|
||||||
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
# Überprüfe die Existenz aller Stack-spezifischen .env Dateien
|
||||||
missing_files=0
|
missing_files=0
|
||||||
for stack in "${STACKS[@]}"; do
|
for stack in "${STACKS[@]}"; do
|
||||||
env_file="../env/${ENVIRONMENT}/.env.${stack}"
|
env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
|
||||||
if ! check_file_exists "$env_file"; then
|
if ! check_file_exists "$env_file"; then
|
||||||
missing_files=$((missing_files + 1))
|
missing_files=$((missing_files + 1))
|
||||||
fi
|
fi
|
||||||
@@ -51,4 +51,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
|
|||||||
echo "-----------------------------------"
|
echo "-----------------------------------"
|
||||||
|
|
||||||
# Ausführen des Docker Compose Befehls
|
# Ausführen des Docker Compose Befehls
|
||||||
docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile proxy up --remove-orphans
|
docker compose -f ../../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans
|
||||||
@@ -3,7 +3,7 @@ set -e
|
|||||||
|
|
||||||
# Funktion zur Überprüfung der Produktivumgebung
|
# Funktion zur Überprüfung der Produktivumgebung
|
||||||
is_production() {
|
is_production() {
|
||||||
local prod_ip="85.215.56.185" # IP-Adresse deines Produktivservers
|
local prod_ip=${SERVER_IP:-127.0.0.1} # IP-Adresse deines Produktivservers
|
||||||
local current_ip
|
local current_ip
|
||||||
|
|
||||||
# Überprüfe das Betriebssystem
|
# Überprüfe das Betriebssystem
|
||||||
@@ -69,30 +69,27 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then
|
|||||||
echo "Wir befinden uns in der Produktivumgebung."
|
echo "Wir befinden uns in der Produktivumgebung."
|
||||||
echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.prod.yml..."
|
echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.prod.yml..."
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/proxy/docker-compose.traefik.prod.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
else
|
else
|
||||||
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
||||||
echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.local.yml..."
|
echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.local.yml..."
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/docker-compose.traefik.local.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "Traefik läuft bereits. Aktualisiere die Konfiguration..."
|
echo "Traefik läuft bereits. Aktualisiere die Konfiguration..."
|
||||||
|
|
||||||
if is_production; then
|
if is_production; then
|
||||||
echo "Aktualisiere Traefik und CrowdSec Bouncer in der Produktivumgebung..."
|
echo "Aktualisiere Traefik und CrowdSec Bouncer in der Produktivumgebung..."
|
||||||
docker compose -f ../apps/docker-compose.traefik.prod.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
else
|
else
|
||||||
echo "Aktualisiere Traefik und CrowdSec Bouncer in der lokalen Umgebung..."
|
echo "Aktualisiere Traefik und CrowdSec Bouncer in der lokalen Umgebung..."
|
||||||
docker compose -f ../apps/docker-compose.traefik.local.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Traefik und CrowdSec Bouncer Deployment abgeschlossen."
|
echo "Traefik und CrowdSec Bouncer Deployment abgeschlossen."
|
||||||
|
|
||||||
=================
|
|
||||||
|
|
||||||
|
|
||||||
echo "Prüfe, ob Traefik läuft..."
|
echo "Prüfe, ob Traefik läuft..."
|
||||||
|
|
||||||
set_environment_variables
|
set_environment_variables
|
||||||
@@ -106,14 +103,14 @@ fi
|
|||||||
|
|
||||||
if is_production; then
|
if is_production; then
|
||||||
echo "Wir befinden uns in der Produktivumgebung."
|
echo "Wir befinden uns in der Produktivumgebung."
|
||||||
echo "Starte/Aktualisiere Deployment mit docker-compose.prod.yml..."
|
echo "Starte/Aktualisiere Deployment mit docker-compose.yml..."
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/docker-compose.prod.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
else
|
else
|
||||||
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
||||||
echo "Starte/Aktualisiere lokale Version mit docker-compose.overwrite.yml..."
|
echo "Starte/Aktualisiere lokale Version mit docker-compose.overwrite.yml..."
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/docker-compose.overwrite.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
@@ -123,9 +120,9 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then
|
|||||||
if is_production; then
|
if is_production; then
|
||||||
echo "Wir befinden uns in der Produktivumgebung."
|
echo "Wir befinden uns in der Produktivumgebung."
|
||||||
set_environment_variables
|
set_environment_variables
|
||||||
echo "Starte Deployment mit docker-compose.prod.yml..."
|
echo "Starte Deployment mit docker-compose.yml..."
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/docker-compose.prod.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
else
|
else
|
||||||
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
||||||
read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer
|
read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer
|
||||||
@@ -133,7 +130,7 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then
|
|||||||
echo "Starte lokale Version..."
|
echo "Starte lokale Version..."
|
||||||
set_environment_variables
|
set_environment_variables
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/docker-compose.overwrite.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
else
|
else
|
||||||
echo "Deployment abgebrochen."
|
echo "Deployment abgebrochen."
|
||||||
exit 1
|
exit 1
|
||||||
@@ -145,15 +142,15 @@ else
|
|||||||
if is_production; then
|
if is_production; then
|
||||||
echo "Wir befinden uns in der Produktivumgebung."
|
echo "Wir befinden uns in der Produktivumgebung."
|
||||||
set_environment_variables
|
set_environment_variables
|
||||||
echo "Aktualisiere Deployment mit docker-compose.prod.yml..."
|
echo "Aktualisiere Deployment mit docker-compose.yml..."
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/docker-compose.prod.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
else
|
else
|
||||||
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
|
||||||
set_environment_variables
|
set_environment_variables
|
||||||
echo "Aktualisiere lokale Version mit docker-compose.overwrite.yml..."
|
echo "Aktualisiere lokale Version mit docker-compose.overwrite.yml..."
|
||||||
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
env | grep DOMAIN # Debug: Zeige die gesetzten Umgebungsvariablen an
|
||||||
docker compose -f ../apps/docker-compose.overwrite.yml up -d
|
docker compose -f ../../apps/proxy/docker-compose.overwrite.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
37
scripts/start/deploy.sh
Executable file
37
scripts/start/deploy.sh
Executable file
@@ -0,0 +1,37 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Bestimme das Root-Verzeichnis des Git-Repos
|
||||||
|
ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
|
||||||
|
|
||||||
|
# Falls das Repository nicht gefunden wurde, abbrechen
|
||||||
|
if [ -z "$ROOT_DIR" ]; then
|
||||||
|
echo "❌ Fehler: Kein Git-Repository gefunden!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setze die Variable für die aktuelle Shell-Sitzung
|
||||||
|
echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"
|
||||||
|
|
||||||
|
# Pfad zur .env.all Datei
|
||||||
|
ENV_FILE="${ROOT_DIR}/env/.env.all"
|
||||||
|
echo $ENV_FILE
|
||||||
|
# Funktion zum Auslesen von Variablen aus der .env.all Datei
|
||||||
|
get_env_var() {
|
||||||
|
grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
|
||||||
|
}
|
||||||
|
|
||||||
|
# Auslesen der INFRASTRUCTURE und ENVIRONMENT Variablen
|
||||||
|
INFRASTRUCTURE=$(get_env_var "INFRASTRUCTURE_LABEL")
|
||||||
|
ENVIRONMENT=$(get_env_var "ENVIRONMENT")
|
||||||
|
SERVER_IP=$(curl -s https://api.ipify.org)
|
||||||
|
|
||||||
|
|
||||||
|
# Ausgabe der Variablen
|
||||||
|
echo "Deploying to:"
|
||||||
|
echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}"
|
||||||
|
echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
|
||||||
|
echo "-----------------------------------"
|
||||||
|
|
||||||
|
# Ausführen des Docker Compose Befehls
|
||||||
|
docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ${ENV_FILE} --env-file ${ROOT_DIR}/env/${ENVIRONMENT:-development}/.env.proxy --profile app up --remove-orphans
|
||||||
Reference in New Issue
Block a user