add Jenkinsfile

.gitignore

@@ -2,4 +2,5 @@ volumes
 apps/proxy
 .DS_Store
 apps/administration/*
-apps/tools/app/*
+apps/tools/app/*
+env/secrets.env

.gitmodules

@@ -3,4 +3,4 @@
 	url = https://gitea.mindboost.team/Mindboost/mindboost-backend.git
 [submodule "apps/frontend/src"]
 	path = apps/frontend/src
-	url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git
+	url = https://gitea.mindboost.team/Mindboost/mindboost-webapp.git

Jenkinsfile

@@ -0,0 +1,26 @@
+
+
+pipeline {
+    agent any
+
+    stages {
+        stage('Checkout Code & Submodules') {
+            steps {
+                git branch: 'main', url: 'git@github.com:your-org/my-main-repo.git', credentialsId: 'git-credentials'
+                sh 'git submodule update --init --recursive'
+            }
+        }
+
+        stage('Run Backend Pipeline') {
+            steps {
+                build job: 'backend-pipeline', wait: true
+            }
+        }
+
+        stage('Run Frontend Pipeline') {
+            steps {
+                build job: 'frontend-pipeline', wait: true
+            }
+        }
+    }
+}

README.md

@@ -111,7 +111,7 @@ Each service's `docker-compose.yml` file references the appropriate `.env` file
 services:
   backend:
     env_file:
-      - ../../env/${ENVIRONMENT}/backend.env
+      - ../../env/${ENVIRONMENT:-development}/backend.env
 ```
 
 ## Networking
@@ -128,12 +128,6 @@ Our infrastructure uses a two-tier network model to enhance security and isolate
    - These networks are not directly accessible from the internet and provide secure communication between public and internal services.
    - Examples: backend_network, database_network, etc.
 
-Service Network Configuration:
-- Frontend: Connected to proxy_network and backend_network
-- Backend API: Connected to backend_network and database_network
-- Database: Connected only to database_network
-- Traefik: Connected only to proxy_network
-
 This structure ensures that:
 - The proxy (Traefik) can route traffic to public-facing services.
 - Internal services (like databases) are not directly accessible from the proxy network.
@@ -163,7 +157,7 @@ The `volumes/` folder contains subdirectories for different volumes used by vari
 
 Each subdirectory corresponds to a specific service or group of services, containing the persistent data that needs to be preserved across container restarts or redeployments. 
 
-When configuring Docker Compose files, reference these volume paths to ensure data persistence. For example:
+When configuring Docker Compose files, reference these volume paths to ensure data persistence.
 
 ```yaml
 volumes:

apps/backend/database/docker-compose.yml

@@ -0,0 +1,36 @@
+### Database (./apps/database/docker-compose.yml)
+# - [ ] Create a MariaDB service
+# - [ ] Configure volumes for persistent storage of database data
+secrets:
+  mariadb_root:
+    file: ${ROOT_DIR:-../../..}/env/secrets.env
+services:
+    database:
+        secrets:
+          - mariadb_root
+        profiles: ["all", "database", "backend", "app"]
+        image: mariadb:latest
+        container_name: ${INFRASTRUCTURE_LABEL:-default}-mariadb-${ENVIRONMENT:-development}
+        command: --bind-address=0.0.0.0
+        env_file: 
+            - ${ROOT_DIR:-../../..}/env/${ENVIRONMENT:-development}/.env.database
+        volumes:
+            - backend_mariadb_data:/var/lib/mysql
+            - ./healthcheck.sh:/usr/local/bin/healthcheck.sh 
+        networks:
+            - backend
+            - database
+        healthcheck:
+          test: ["CMD", "bash", "/usr/local/bin/healthcheck.sh"]
+          interval: 1s
+          retries: 3
+        # TODO: ADMINER IS NOT PREPARED FOR TRAEFIK 
+networks:
+    backend:
+        name: ${INFRASTRUCTURE_LABEL:-default}-backend-${ENVIRONMENT:-development}
+    database:
+        name: ${INFRASTRUCTURE_LABEL:-default}-database-${ENVIRONMENT:-development}
+volumes:
+    backend_mariadb_data:
+        driver: local
+        name: ${INFRASTRUCTURE_LABEL:-default}_mariadb_${ENVIRONMENT:-development}

apps/backend/database/healthcheck.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Credentials from environment variables
+MYSQL_USER="${MARIADB_USER:-default}"
+MYSQL_PASSWORD="${MARIADB_PASSWORD:-default}"
+MYSQL_HOST="127.0.0.1"
+
+ROOT_PASSWORD=$(cat /run/secrets/mariadb_root)
+
+echo "🔑 READ ROOT PASSWORD FROM SECRETS"  
+
+# Check if MariaDB is running
+if ! mariadb -h "$MYSQL_HOST" -u root -p"$ROOT_PASSWORD" -e "SELECT 1;" &>/dev/null; then
+    echo "❌ MariaDB is not responding" 
+    exit 1
+fi
+
+# Check if a specific user exists
+USER_EXISTS=$(mariadb -h "$MYSQL_HOST" -u root -p"$ROOT_PASSWORD" -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${MYSQL_USER}');" | tail -n 1)
+
+if [ "$USER_EXISTS" -ne 1 ]; then
+    echo "❌ User '${MYSQL_USER}' does not exist"
+    exit 1
+fi
+
+# Check if the user can log in with the provided password
+if ! mariadb -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" -e "SELECT 1;" &>/dev/null; then
+    echo "❌ User '${MYSQL_USER}' exists, but authentication failed with the provided password."
+    exit 1
+fi
+
+echo "✅ MariaDB is healthy"
+exit 0

apps/backend/database/init-user.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+echo "🔄 Running MariaDB initialization script..."
+
+# Wait until MariaDB is ready
+until mysqladmin ping -h localhost --silent; do
+    sleep 2
+done
+
+echo "✅ MariaDB is ready. Checking root credentials..."
+
+# Try logging in with the root password
+if ! mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SELECT 1;" &>/dev/null; then
+    echo "❌ ERROR: Root password in .env does not match the database!"
+    echo "🔄 Attempting to reset the root password..."
+
+    # Stop MariaDB safely
+    echo "⚠️ Stopping MariaDB..."
+    service mysql stop || pkill mysqld
+    sleep 5
+
+    # Start MariaDB in recovery mode
+    echo "🚀 Starting MariaDB in recovery mode..."
+    mysqld_safe --skip-grant-tables --skip-networking &
+    sleep 5
+
+    # Reset root password
+    echo "🔐 Resetting root password..."
+    mysql -u root <<EOSQL
+ALTER USER 'root'@'localhost' IDENTIFIED BY '${MARIADB_ROOT_PASSWORD}';
+ALTER USER 'root'@'%' IDENTIFIED BY '${MARIADB_ROOT_PASSWORD}';
+FLUSH PRIVILEGES;
+EOSQL
+
+    echo "✅ Root password reset successfully!"
+
+    # Restart MariaDB in normal mode
+    echo "🔄 Restarting MariaDB in production mode..."
+    service mysql stop || pkill mysqld
+    sleep 3
+    mysqld_safe &
+    sleep 5
+else
+    echo "✅ Root password is correct."
+fi
+
+# Check if the database exists
+DB_EXISTS=$(mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SHOW DATABASES LIKE '${MARIADB_DATABASE}';" | grep "${MARIADB_DATABASE}" > /dev/null; echo "$?")
+
+if [ "$DB_EXISTS" -ne 0 ]; then
+    echo "⚠️ Database '${MARIADB_DATABASE}' does not exist. Creating it now..."
+    mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "CREATE DATABASE ${MARIADB_DATABASE};"
+    echo "✅ Database '${MARIADB_DATABASE}' created!"
+else
+    echo "✅ Database '${MARIADB_DATABASE}' already exists."
+fi
+
+# Ensure the database user exists and has the correct password
+USER_EXISTS=$(mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${MARIADB_USER}');" | tail -n 1)
+
+if [ "$USER_EXISTS" -eq 0 ]; then
+    echo "⚠️ User '${MARIADB_USER}' does not exist. Creating it now..."
+    mysql -u root -p"$MARIADB_ROOT_PASSWORD" <<EOSQL
+CREATE USER '${MARIADB_USER}'@'%' IDENTIFIED BY '${MARIADB_PASSWORD}';
+GRANT ALL PRIVILEGES ON ${MARIADB_DATABASE}.* TO '${MARIADB_USER}'@'%';
+FLUSH PRIVILEGES;
+EOSQL
+    echo "✅ User '${MARIADB_USER}' created and granted access to '${MARIADB_DATABASE}'!"
+else
+    echo "✅ User '${MARIADB_USER}' already exists. Ensuring correct password."
+    mysql -u root -p"$MARIADB_ROOT_PASSWORD" -e "ALTER USER '${MARIADB_USER}'@'%' IDENTIFIED BY '${MARIADB_PASSWORD}'; FLUSH PRIVILEGES;"
+    echo "✅ Password for '${MARIADB_USER}' updated!"
+fi
+
+echo "🎉 MariaDB initialization complete!"

apps/backend/docker-compose.overwrite.yml

@@ -0,0 +1,48 @@
+### Backend (./apps/backend/docker-compose.yml)
+include:
+    - ./database/docker-compose.yml
+services:
+  backend:
+        container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-laravel-${ENVIRONMENT:-development}
+        profiles: ["laravel", "backend", "all", "app"]
+        ports:
+        - "${LARAVEL_PORT:-8000}:8000"
+        - "${LARAVEL_VITE_PORT:-5173}:5173"
+        env_file:
+            - ../../env/${ENVIRONMENT:-development}/.env.backend
+        volumes:
+          - ./src/entrypoint.sh:/usr/local/bin/entrypoint.sh
+        depends_on:  
+            - database
+        build:
+            context: ./src
+            dockerfile: Dockerfile
+        networks:
+            - backend
+        labels:
+            - "traefik.enable=${TRAEFIK_ENABLE:-false}"
+            - "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}"
+            - "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)"
+            - "traefik.http.routers.backend.tls=true"
+            - "traefik.http.routers.backend.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
+            - "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`"
+            - "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}"
+            - "traefik.docker.network=${TRAEFIK_NETWORK}"
+  backend-redis:
+        image: redis:alpine
+        container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-redis-${ENVIRONMENT:-development}
+        profiles: ["redis", "backend", "all"]
+        env_file:
+            - ../../env/${ENVIRONMENT:-development}/.env.backend
+        restart: unless-stopped
+        command: redis-server  --appendonly yes --requirepass ${REDIS_PASSWORD:-laravel-redis-passwort} # Redis Passwort eingeben
+        volumes:
+            - backend_redis_data:/data
+        networks:
+         - backend
+volumes:
+  backend_redis_data:
+    driver: local
+    name: "${INFRASTRUCTURE_LABEL}_backend_redis_data"
+
+

apps/backend/docker-compose.yml

@@ -1,21 +1,23 @@
 ### Backend (./apps/backend/docker-compose.yml)
-
+include:
+    - ./database/docker-compose.yml
 services:
   backend:
-        container_name: ${INFRASTRUCTURE_LABEL}-laravel-${ENVIRONMENT}
+        container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-laravel-${ENVIRONMENT:-development}
         profiles: ["laravel", "backend", "all", "app"]
         env_file:
-            - ../../env/.env.all
+            - ../../env/${ENVIRONMENT:-development}/.env.backend
-            - ../../env/${ENVIRONMENT}/.env.proxy
+        volumes:
-            - ../../env/${ENVIRONMENT}/.env.database
+          - ./src/entrypoint.sh:/usr/local/bin/entrypoint.sh
-            - ../../env/${ENVIRONMENT}/.env.backend
         depends_on:  
             - database
         build:
             context: ./src
             dockerfile: Dockerfile
+        networks:
+            - backend
         labels:
-            - "traefik.enable=${TRAEFIK_ENABLE}"
+            - "traefik.enable=${TRAEFIK_ENABLE:-false}"
             - "traefik.http.routers.backend.entrypoints=${TRAEFIK_ENTRYPOINT}"
             - "traefik.http.routers.backend.rule=Host(`${BACKEND_DOMAIN}`)"
             - "traefik.http.routers.backend.tls=true"
@@ -23,14 +25,21 @@ services:
             - "traefik.http.routers.backend.tls.domains[0].main=`${BACKEND_DOMAIN}`"
             - "traefik.http.services.backend.loadbalancer.server.port=${BACKEND_PORT:-8000}"
             - "traefik.docker.network=${TRAEFIK_NETWORK}"
-        # Traefik-Crowdsec Stack
   backend-redis:
         image: redis:alpine
-        container_name: ${INFRASTRUCTURE_LABEL}-laravelredis-${ENVIRONMENT}
+        container_name: ${INFRASTRUCTURE_LABEL:-default}-backend-redis-${ENVIRONMENT:-development}
         profiles: ["redis", "backend", "all"]
+        env_file:
+            - ../../env/${ENVIRONMENT:-development}/.env.backend
         restart: unless-stopped
-        command: redis-server  --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben
+        command: redis-server  --appendonly yes --requirepass ${REDIS_PASSWORD:-laravel-redis-passwort} # Redis Passwort eingeben
         volumes:
-            - ../../volumes/backend/redis:/data
+            - backend_redis_data:/data
-networks:
+        networks:
-  backend:
+         - backend
+volumes:
+  backend_redis_data:
+    driver: local
+    name: "${INFRASTRUCTURE_LABEL}_backend_redis_data"
+
+

apps/database/docker-compose.yml

@@ -1,40 +0,0 @@
-### Database (./apps/database/docker-compose.yml)
-# - [ ] Create a MariaDB service
-# - [ ] Configure volumes for persistent storage of database data
-# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/database.env)
-# - [ ] Configure networking to allow connections from the backend service
-# - [ ] Set up regular backup jobs for the database
-# - [ ] Configure appropriate resource limits and restart policies
-services:
-    database:
-        profiles: ["all", "mariadb", "backend", "app"]
-        image: mariadb:latest
-        container_name: ${INFRASTRUCTURE_LABEL}-mariadb-${ENVIRONMENT}
-        command: --bind-address=0.0.0.0
-        hostname: ${MARIADB_HOST}
-        env_file: 
-                 - ../../env/.env.all
-                 - ../../env/${ENVIRONMENT:-development}/.env.database
-                 - ../../env/${ENVIRONMENT:-development}/.env.proxy
-        environment:
-            - MARIADB_USER=${MARIADB_USER}
-            - MARIADB_DATABASE=${MARIADB_DATABASE}
-            - MARIADB_PASSWORD=${MARIADB_PASSWORD}
-            - MARIADB_ROOT_PASSWORD=root-mindboost
-        volumes:
-            - ../../volumes/database/mariadb:/var/lib/mysql
-        networks:
-            - backend
-        healthcheck:
-          test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
-          interval: 10s
-          retries: 3
-    adminer:
-        profiles: ["all", "mariadb", "backend", "app"]
-        image: adminer
-        container_name: local_adminer
-        restart: always
-        ports:
-            - 8082:8080
-        networks:
-            - backend

apps/develop/docker-compose.yml

@@ -1,9 +0,0 @@
-### Develop (./apps/develop/docker-compose.yml)
-# - [ ] Create services for Gitea, Jenkins, and Adminer
-# - [ ] Configure volumes for persistent storage of Git repositories, Jenkins data, and Adminer settings
-# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/develop.env)
-# - [ ] Configure networking to allow these services to communicate with each other and the necessary application services
-# - [ ] Set up access controls and security measures for development tools
-
-include:
-  - ./gitea/docker-compose.yml

apps/develop/gitea/docker-compose.yml

@@ -1,44 +0,0 @@
-services:
-  gitea:
-    image: gitea/gitea:latest
-    container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea
-    profiles: ["all", "gitea","develop"]
-    restart: always
-    volumes:
-      - ${GITEA_VOLUME_PATH}:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    depends_on:
-      - gitea_db
-    labels:
-      - "traefik.enable=${TRAEFIK_ENABLE}"
-      - "traefik.http.routers.gitea.entrypoints=${TRAEFIK_ENTRYPOINT}"
-      - "traefik.http.routers.gitea.rule=(Host(`${GITEA_DOMAIN})`)"
-      - "traefik.http.routers.gitea.tls=true"
-      - "traefik.http.routers.gitea.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
-      - "traefik.http.routers.gitea.service=gitea"
-      - 'traefik.http.services.gitea.loadbalancer.gitea.port=3000'
-      - "traefik.http.routers.gitea.tls.domains[0].main=`${GITEA_TLS_DOMAIN_MAIN}`"
-
-      # SSH routing, can't route based on host so anything to port 222 will come to this container
-      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
-      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
-      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
-      - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.gitea.port=22"
-
-  gitea_db:
-    image: mysql:latest
-    container_name: ${INFRASTRUCTURE_LABEL:-mindboost}-gitea_db
-    profiles: ["all", "gitea","develop"]
-    restart: always
-    environment:
-      - MYSQL_ROOT_PASSWORD=${GITEA_MYSQL_ROOT_PASSWORD}
-      - MYSQL_DATABASE=${GITEA_MYSQL_DATABASE}
-      - MYSQL_USER=${GITEA_MYSQL_USER}
-      - MYSQL_PASSWORD=${GITEA_MYSQL_PASSWORD}
-    volumes:
-      - ${GITEA_DATABASE_VOLUME_PATH}:/var/lib/mysql
-
-networks: 
-  gitea:
-    

apps/develop/jenkins/docker-compose.yml

@@ -1,30 +0,0 @@
-version: '3.8'
-
-services:
-  jenkins:
-    image: jenkins/jenkins:lts
-    container_name: jenkins
-    ports:
-      - "50000:50000" # Jenkins Agent Port
-    volumes:
-      - jenkins_home:/var/jenkins_home
-    environment:
-      - JAVA_OPTS=-Djenkins.install.runSetupWizard=false
-    networks:
-      - proxy
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.jenkins.rule=Host(`j.haslach2025.de`)"
-      - "traefik.http.routers.jenkins.entrypoints=websecure"
-      - "traefik.http.routers.jenkins.tls=true"
-      - "traefik.http.routers.jenkins.tls.certresolver=http_resolver"
-      - "traefik.http.services.jenkins.loadbalancer.server.port=8080" # interner Port von Jenkins
-      - "traefik.docker.network=proxy"
-
-volumes:
-  jenkins_home:
-    driver: local
-
-networks:
-  proxy:
-    external: true

apps/docker-compose.all.yml

@@ -1,48 +0,0 @@
-##
-##      ONE SCRIPT TO RULE THEM ALL
-##
-##      Dieses Compose-File startet alle verfügbaren Services, abhängig von dem angegebenen ENVIRONMENT.
-
-##      Um diese Konfiguration zu verwenden, kannst du folgende Befehle nutzen:
-##      Um alle Services zu starten:
-##      docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile all up -d
-
-##      Um nur bestimmte Services zu starten (z.B. frontend und backend):
-##      docker compose -f docker-compose.all.yml --env-file ../env/.env.all --profile frontend --profile backend up -d
-
-##      
-##      Stellen Sie sicher, dass die .env.all Datei im angegebenen Verzeichnis existiert und den ENVIRONMENT Wert enthält.
-## 
-
-include:
-  - path: ./proxy/docker-compose.yml
-    env_file: 
-      - ../env/.env.all
-      - ../env/${ENVIRONMENT:-development}/.env.proxy
-  - path: ./frontend/docker-compose.yml
-    env_file: 
-      - ../env/.env.all
-      - ../env/${ENVIRONMENT:-development}/.env.frontend
-      - ../env/${ENVIRONMENT:-development}/.env.proxy
-  - path: ./backend/docker-compose.yml
-  - path: ./database/docker-compose.yml
-  - path: ./website/docker-compose.yml
-    env_file: 
-      - ../env/.env.all
-      - ../env/${ENVIRONMENT:-development}/.env.website
-      - ../env/${ENVIRONMENT:-development}/.env.proxy
-  - path: ./administration/docker-compose.yml
-    env_file: 
-      - ../env/.env.all
-      - ../env/${ENVIRONMENT:-development}/.env.administration
-      - ../env/${ENVIRONMENT:-development}/.env.proxy
-  - path: ./develop/docker-compose.yml
-    env_file: 
-      - ../env/.env.all
-      - ../env/${ENVIRONMENT:-development}/.env.develop
-      - ../env/${ENVIRONMENT:-development}/.env.proxy
-  - path: ./tools/docker-compose.yml
-    env_file: 
-      - ../env/.env.all
-      - ../env/${ENVIRONMENT:-development}/.env.tools
-      - ../env/${ENVIRONMENT:-development}/.env.proxy

apps/docker-compose.overwrite.yml

@@ -1,65 +0,0 @@
-##
-##      DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER
-##
-##      Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass 
-##      bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src
-##      Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik.
-##      
-##      Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik)
-##      Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt
-## 
-services:
-    mariadb:
-        image: mariadb:latest
-        container_name: local_mariadb
-        command: --bind-address=0.0.0.0
-        environment:
-            - ALLOW_EMPTY_PASSWORD
-            - MARIADB_USER=mindboost
-            - MARIADB_DATABASE=mindboost
-            - MARIADB_PASSWORD=mindboost
-            - MARIADB_ROOT_PASSWORD=root-mindboost
-        volumes:
-            - ../volumes/daten/mariadb:/var/lib/mysql
-        networks:
-            - backend
-    frontend:
-        build:
-            context: ./frontend/src
-            dockerfile: Dockerfile.dev
-        container_name: local_frontend
-        volumes:
-            - ./frontend/src:/app
-            - /app/node_modules
-        ports:
-            - "3000:3000"
-        networks:
-            - backend
-        environment:
-            NODE_ENV: development
-
-    backend:
-        build:
-            context: ./backend/src
-            dockerfile: Dockerfile.dev
-        container_name: local_backend
-        ports:
-            - "8000:8000"
-            - "5173:5173"
-        volumes:
-            - ./backend/src:/var/www
-        networks:
-            - backend
-        depends_on: 
-            - mariadb
-    adminer:
-        image: adminer
-        container_name: local_adminer
-        restart: always
-        ports:
-            - 8080:8080
-        networks:
-            - backend
-networks:
-    backend:
-        external: false

apps/docker-compose.prod.yml

@@ -1,107 +0,0 @@
-##
-##      DIESES COMPOSE FILE IST FÜR DIE LOKALE ENTWICKLUNG MITTELS DOCKER
-##
-##      Der Inhalt von frontend und von backend wird über ein volume eingebunden, dass 
-##      bedeutet Änderungen innerhalb der Projektordner ./frontend/src und ./backend/src
-##      Ändern direkt die Werte innerhalb des Containers wie z.B. das Austauschen einer Grafik.
-##      
-##      Datenbank ebenfalls lokal und KEIN reverse-Proxy (traefik)
-##      Image der DB ist auf ARM Archtektur (Apple Silicon) ausgelegt
-## 
-
-services:
-    prod-mariadb:
-        image: mariadb:latest
-        container_name: prod-mariadb
-        hostname: mariadb
-        command: --bind-address=0.0.0.0
-        env_file:
-            - ../config/.env.db
-        networks:
-            - ${BACKEND_NETWORK}
-        volumes:
-            - ../volumes/daten/mariadb:/var/lib/mysql
-    prod-redis:
-        image: redis:alpine
-        container_name: prod-redis
-        hostname: redis
-        networks:
-            - ${BACKEND_NETWORK}
-        restart: unless-stopped
-        command: redis-server  --appendonly yes --requirepass laravel-redis-passwort # Redis Passwort eingeben
-        volumes:
-            - ../volumes/daten/redis:/data
-    prod-frontend:
-        build:
-            context: ./frontend/src
-            dockerfile: Dockerfile
-        container_name: prod-frontend
-        networks:
-            - ${BACKEND_NETWORK}
-            - ${TRAEFIK_NETWORK}
-        env_file:
-          - ../config/.env.frontend    
-          - ../config/.env.traefik
-        labels:
-            - "traefik.enable=${TRAEFIK_ENABLE}"
-            - "traefik.http.routers.prod-frontend.entrypoints=${TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT}"
-            - "traefik.http.routers.prod-frontend.rule=${TRAEFIK_ROUTER_FRONTEND_RULE}"
-            - "traefik.http.routers.prod-frontend.tls=${TRAEFIK_ROUTER_FRONTEND_TLS}"
-            - "traefik.http.routers.prod-frontend.tls.certresolver=${TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER}"
-            - "traefik.http.routers.prod-frontend.tls.domains[0].main=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN}"
-            - "traefik.http.routers.prod-frontend.tls.domains[0].sans=${TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS}"
-            - "traefik.http.services.prod-frontend.loadbalancer.server.port=${TRAEFIK_SERVICE_FRONTEND_PORT}"
-            - "traefik.docker.network=${TRAEFIK_NETWORK}"
-    prod-backend:
-        build:
-            context: ./backend/src
-            dockerfile: Dockerfile
-        env_file:
-            - ../config/.env.backend
-            - ../config/.env.traefik
-        labels:
-            - "traefik.enable=${TRAEFIK_ENABLE}"
-            - "traefik.http.routers.prod-backend.entrypoints=${TRAEFIK_ROUTER_BACKEND_ENTRYPOINT}"
-            - "traefik.http.routers.prod-backend.rule=${TRAEFIK_ROUTER_BACKEND_RULE}"
-            - "traefik.http.routers.prod-backend.tls=${TRAEFIK_ROUTER_BACKEND_TLS}"
-            - "traefik.http.routers.prod-backend.tls.certresolver=${TRAEFIK_ROUTER_BACKEND_CERTRESOLVER}"
-            - "traefik.http.routers.prod-backend.tls.domains[0].main=${TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN}"
-            - "traefik.http.services.prod-backend.loadbalancer.server.port=${TRAEFIK_SERVICE_BACKEND_PORT}"
-            - "traefik.docker.network=${TRAEFIK_NETWORK}"
-        networks:
-            - ${BACKEND_NETWORK}
-            - ${TRAEFIK_NETWORK}
-        depends_on:
-            - prod-mariadb
-        # Traefik-Crowdsec Stack
-    crowdsec:
-        extends:
-            file: ./proxy/docker-compose.yml
-            service: crowdsec
-        networks:
-            - ${TRAEFIK_NETWORK}
-
-    traefik:
-        extends:
-            file: ./proxy/docker-compose.yml
-            service: traefik
-        networks:
-            - ${TRAEFIK_NETWORK}
-        depends_on:
-            - crowdsec
-
-    traefik_crowdsec_bouncer:
-        extends:
-            file: ./proxy/docker-compose.yml
-            service: traefik_crowdsec_bouncer
-        networks:
-            - ${TRAEFIK_NETWORK}
-        depends_on:
-            - crowdsec
-            - traefik
-
-networks:
-    prod-backend:
-        external: false
-    proxy:
-        external: true

apps/frontend/docker-compose.overwrite.yml

@@ -0,0 +1,19 @@
+services:
+  webapp:
+        build:
+            context: ./src
+            dockerfile: Dockerfile
+            args: 
+               BACKEND_URL: ${BACKEND_URL:-http://localhost:8000} # this argument is important on build to set the server url!
+        container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development}
+        profiles: ["webapp", "frontend", "all", "app"]
+        ports:
+            - 3000:3000
+        labels:
+            - "traefik.enable=${TRAEFIK_ENABLE:-false}"
+            - "traefik.http.routers.webapp.service=webapp"
+            - "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}"
+            - 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)'
+            - "traefik.http.services.webapp.loadbalancer.server.port=3000"
+            - "traefik.docker.network=${TRAEFIK_NETWORK}"
+       

apps/frontend/docker-compose.yml

@@ -1,27 +1,17 @@
-### Frontend (./apps/frontend/docker-compose.yml)
-# - [ ] Create a Vue.js frontend service
-# - [ ] Set up a Node.js environment for the frontend
-# - [ ] Configure volumes for persistent storage of frontend assets
-# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/frontend.env)
-# - [ ] Configure networking to communicate with the backend service
-# - [ ] Set up healthchecks for the frontend service
 services:
   webapp:
         build:
             context: ./src
             dockerfile: Dockerfile
-        container_name: ${INFRASTRUCTURE_LABEL}-frontend-${ENVIRONMENT}
+            args: 
+               BACKEND_URL: ${BACKEND_URL:-http://localhost:8000} # this argument is important on build to set the backend server url!
+        container_name: ${INFRASTRUCTURE_LABEL:-default}-frontend-${ENVIRONMENT:-development}
         profiles: ["webapp", "frontend", "all", "app"]
-        depends_on: 
-         - database
-         - backend
         labels:
-            - "traefik.enable=${TRAEFIK_ENABLE}"
+            - "traefik.enable=${TRAEFIK_ENABLE:-false}" 
+            - "traefik.http.routers.webapp.service=webapp"
             - "traefik.http.routers.webapp.entrypoints=${TRAEFIK_ENTRYPOINT}"
             - 'traefik.http.routers.webapp.rule=Host(`${FRONTEND_DOMAIN}`) || Host(`${FRONTEND_DOMAIN_2}`)'
-            - "traefik.http.routers.webapp.tls=true"
-            - "traefik.http.routers.webapp.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
-            - "traefik.http.routers.webapp.tls.domains[0].main=${FRONTEND_DOMAIN}"
-            - "traefik.http.routers.webapp.tls.domains[0].sans=${FRONTEND_DOMAIN_2}"
             - "traefik.http.services.webapp.loadbalancer.server.port=3000"
-            - "traefik.docker.network=${TRAEFIK_NETWORK}"
+            - "traefik.docker.network=${TRAEFIK_NETWORK}"
+       

apps/security/docker-compose.linuxserver.yml

@@ -1,30 +0,0 @@
-services:
-  wireguard:
-    image: linuxserver/wireguard
-    container_name: wireguard
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/Berlin
-      - SERVERURL=${SERVER_IP:?"❌ ERROR = SERVERURL is not set. Run set-server-ip.sh first."}
-      - SERVERPORT=51820
-      - PEERS=3 # Number of VPN clients to generate
-      - PEERDNS=auto
-      - INTERNAL_SUBNET=22.22.22.0
-    volumes:
-      - ../../volumes/security/wireguard/config:/config
-      - /lib/modules:/lib/modules
-    ports:
-      - "51820:51820/udp"
-    sysctls:
-      - net.ipv4.conf.all.src_valid_mark=1
-    restart: unless-stopped
-    networks:
-      - wireguard_network
-
-networks:
-  wireguard_network:
-    driver: bridge

apps/security/docker-compose.yml

@@ -1,50 +0,0 @@
-volumes:
-  etc_wireguard:
-
-services:
-  wg-easy:
-    environment:
-      # Change Language:
-      # (Supports: en, ua, ru, tr, no, pl, fr, de, ca, es, ko, vi, nl, is, pt, chs, cht, it, th, hi, ja, si)
-      - LANG=de
-      # ⚠️ Required:
-      # Change this to your host's public address
-      - WG_HOST=${SERVER_IP}
-
-      # Optional:
-      # - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
-      # - PORT=51821
-      # - WG_PORT=51820
-      # - WG_CONFIG_PORT=92820
-      - WG_DEFAULT_ADDRESS=22.22.22.0
-      # - WG_DEFAULT_DNS=1.1.1.1
-      # - WG_MTU=1420
-      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
-      # - WG_PERSISTENT_KEEPALIVE=25
-      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
-      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
-      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
-      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
-      # - UI_TRAFFIC_STATS=true
-      # - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
-      # - WG_ENABLE_ONE_TIME_LINKS=true
-      # - UI_ENABLE_SORT_CLIENTS=true
-      # - WG_ENABLE_EXPIRES_TIME=true
-      # - ENABLE_PROMETHEUS_METRICS=false
-      # - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$vkvKpeEAHD78gasyawIod.1leBMKg8sBwKW.pQyNsq78bXV3INf2G # (needs double $$, hash of 'prometheus_password'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
-
-    image: ghcr.io/wg-easy/wg-easy
-    container_name: wg-easy
-    volumes:
-      - ../../volumes/wireguardeasy/:/etc/wireguard
-    ports:
-      - "51820:51820/udp"
-      - "51821:51821/tcp"
-    restart: unless-stopped
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-      # - NET_RAW # ⚠️ Uncomment if using Podman
-    sysctls:
-      - net.ipv4.ip_forward=1
-      - net.ipv4.conf.all.src_valid_mark=1

apps/security/set-server-ip.sh

@@ -1,2 +0,0 @@
-#!/bin/bash
-export SERVER_IP=$(curl -s https://api.ipify.org)

apps/tools/docker-compose.yml

@@ -1,67 +0,0 @@
-### Tools (./apps/tools/docker-compose.yml)
-# - [ ] Create services for Nextcloud, LimeSurvey, and LinkStack
-# - [ ] Configure volumes for persistent storage of files, survey data, and link management data
-# - [ ] Set up environment variables using the new structure (../../env/${ENVIRONMENT}/tools.env)
-# - [ ] Configure networking to expose these services to the internet via the proxy
-# - [ ] Set up regular backup jobs for critical data in these services
-
-services:
-  nextcloud-db:
-    image: mariadb:10.6
-    container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-db-${ENVIRONMENT}
-    profiles: ["all", "tools", "nextcloud"]
-    command: --transaction-isolation=READ-COMMITTED --innodb_read_only_compressed=OFF
-    restart: unless-stopped
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
-      - ../../volumes/tools/${INFRASTRUCTURE_LABEL}_cloud/database:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=headpiece-constant1-denim-mindboost #SQL root Passwort eingeben
-      - MYSQL_PASSWORD=idealist9-frayed-murkiness-mindboost #SQL Benutzer Passwort eingeben
-      - MYSQL_DATABASE=nextcloud-mindboost #Datenbank Name
-      - MYSQL_USER=mindboostcloud #SQL Nutzername
-      - MYSQL_INITDB_SKIP_TZINFO=1
-      - MARIADB_AUTO_UPGRADE=1
-  nextcloud-redis:
-    image: redis:alpine
-    container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-redis-${ENVIRONMENT} 
-    profiles: ["all", "tools", "nextcloud"]
-    hostname: nextcloud-redis
-    restart: unless-stopped
-    command: redis-server --requirepass redis-mindboost-passwort # Redis Passwort eingeben
-  cloud:
-    image: nextcloud
-    container_name: ${INFRASTRUCTURE_LABEL}-nextcloud-app-${ENVIRONMENT} 
-    profiles: ["all", "tools", "nextcloud"]
-    restart: unless-stopped
-    depends_on:
-      - nextcloud-db
-      - nextcloud-redis
-    environment:
-        TRUSTED_PROXIES: 172.16.255.254/16
-        OVERWRITEPROTOCOL: https
-        OVERWRITECLIURL: https://${CLOUD_DOMAIN}
-        OVERWRITEHOST: ${CLOUD_DOMAIN}
-        REDIS_HOST: nextcloud-redis
-        REDIS_HOST_PASSWORD: redis-mindboost-passwort # Redis Passwort von oben wieder eingeben
-    volumes:
-      - ./app:/var/www/html
-      - ../../volumes/tools/${INFRASTRUCTURE_LABEL}_cloudapp/:/var/www/html/data
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.entrypoints=websecure"
-      - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.rule=Host(`${CLOUD_DOMAIN}`)"
-      - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.tls=true"
-      - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.tls.certresolver=http_resolver"
-      - 'traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.service=cloud'
-      - "traefik.http.services.cloud.loadbalancer.server.port=80"
-      - "traefik.docker.network=${TRAEFIK_NETWORK}"
-      - "traefik.http.routers.${INFRASTRUCTURE_LABEL}_cloud.middlewares=nextcloud-dav,default@file"
-      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
-      - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
-    networks:
-      - ${TRAEFIK_NETWORK}
-networks:
-  nextcloud:
-    name: ${INFRASTRUCTURE_LABEL}_nextcloud

apps/website/docker-compose.yml

@@ -1,23 +0,0 @@
-services:
-  kirbycms:
-    build:
-      context: ./kirby
-      dockerfile: Dockerfile
-    image: kirbycms
-    container_name: ${INFRASTRUCTURE_LABEL}-kirbycms-${ENVIRONMENT}
-    profiles: ["website","kirbycms","all"]
-    volumes:
-      - ../../volumes/website/kirbycms:/var/www/html:rw # Persistente Daten
-    restart: unless-stopped
-    networks:
-      - ${TRAEFIK_NETWORK}
-    labels:
-      - "traefik.enable=${TRAEFIK_ENABLE}"
-      - "traefik.docker.network=${TRAEFIK_NETWORK}"
-      - "traefik.http.routers.kirbycms.service=kirbycms"
-      - "traefik.http.routers.kirbycms.tls.certresolver=${TRAEFIK_CERT_RESOLVER}"
-      - "traefik.http.routers.kirbycms.tls.domains[0].main=`${WEBSITE_DOMAIN}`"
-      - "traefik.http.routers.kirbycms.rule=Host(`${WEBSITE_DOMAIN}`)"
-      - "traefik.http.routers.kirbycms.entrypoints=${TRAEFIK_ENTRYPOINT}"
-      - "traefik.http.routers.kirbycms.tls=true"
-      - "traefik.http.services.kirbycms.loadbalancer.server.port=80"

apps/website/kirby/Dockerfile

@@ -1,49 +0,0 @@
-# Use latest offical ubuntu image
-FROM ubuntu:latest
-
-# Set timezone
-ENV TZ=Europe/Berlin
-
-# Set geographic area using above variable
-# This is necessary, otherwise building the image doesn't work
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-
-# Remove annoying messages during package installation
-ARG DEBIAN_FRONTEND=noninteractive
-
-# Install packages: web server & PHP plus extensions
-RUN apt-get update && apt-get install -y \
-  apache2 \
-  apache2-utils \
-  ca-certificates \
-  php \
-  libapache2-mod-php \
-  php-curl \
-  php-dom \
-  php-gd \
-  php-intl \
-  php-json \
-  php-mbstring \
-  php-xml \
-  php-zip && \
-  apt-get clean && rm -rf /var/lib/apt/lists/*
-
-# Copy virtual host configuration from current path onto existing 000-default.conf
-COPY default.conf /etc/apache2/sites-available/000-default.conf
-
-# Remove default content (existing index.html)
-RUN rm /var/www/html/*
-
-# Activate Apache modules headers & rewrite
-RUN a2enmod headers rewrite
-
-# Ensure Group Ownership for www-data every member of kirbygroup should edit files
-RUN groupadd -g 1003 kirbygroup && usermod -aG kirbygroup www-data
-RUN chown -R www-data:kirbygroup /var/www/html
-RUN chmod -R g+rw /var/www/html && find /var/www/html -type d -exec chmod g+xs {} \;
-
-# Tell container to listen to port 80 at runtime
-EXPOSE 80
-
-# Start Apache web server
-CMD [ "/usr/sbin/apache2ctl", "-DFOREGROUND" ]

apps/website/kirby/default.conf

@@ -1,9 +0,0 @@
-<VirtualHost *:80>
-    ServerName localhost
-    # Set the document root
-    DocumentRoot "/var/www/html"
-  <Directory "/var/www/html">
-    # Allow overriding the default configuration via `.htaccess`
-    AllowOverride All
-  </Directory>
-</VirtualHost>

apps/website/kirby/entrypoint.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -e -u
-
-[[ $USERID ]] && usermod --uid "${USERID}" www-data
-
-exec "$@"

apps/website/kirby/id.env

@@ -1 +0,0 @@
-USERID=0

env/.env.all

@@ -1,10 +0,0 @@
-##
-##  Einstellung die für das gesamte Projekt gelten. Also der Name und der Admin
-##  Das Environment muss "production","staging" oder "development" heißen
-
-INFRASTRUCTURE_LABEL=mindboost_dev
-ENVIRONMENT=development
-
-ADMIN_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT}
-ADMIN_PASSWORD_HASH='$2y$05$U7noO29Ru/4VB5x8TpZo3.b4VjH6AAnhufJJUG2Vs7qHCM2Cd8yIK' # for development = admin
-

env/.env.backend

@@ -1,49 +0,0 @@
-# ----------------------------------
-# Datenbank (MariaDB)
-# ----------------------------------
-MARIADB_USER=mindboost
-MARIADB_DATABASE=mindboost
-MARIADB_PASSWORD=1stronges-mindboostdb-passwort
-MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb
-
-# ----------------------------------
-# Redis
-# ----------------------------------
-REDIS_PASSWORD=laravel-redis-passwort
-REDIS_PORT=6379
-
-# ----------------------------------
-# Vue Frontend (Nuxt.js)
-# ----------------------------------
-VUE_APP_BACKEND_HOST_ADDRESS=https://dev.b.mindboost.team
-VUE_FRONTEND_PORT=3001
-VUE_INTERNAL_PORT=3000
-VUE_FRONTEND_DOMAIN_1=app.mindboost.team
-VUE_FRONTEND_DOMAIN_2=mindboost.app
-
-# ----------------------------------
-# Laravel Backend
-# ----------------------------------
-BACKEND_NETWORK=backend
-APP_NAME="mindboost backend - Compose Deployment"
-APP_URL=https://b.mindboost.team
-LARAVEL_PORT=8000
-LARAVEL_VITE_PORT=5173
-DB_HOST=mariadb
-DB_PORT=3306
-DB_PASSWORD=1stronges-mindboostdb-passwort
-DB_USERNAME=mindboost
-DB_DATABASE=mindboost
-LARAVEL_DOMAIN=b.mindboost.team
-JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F
-# ----------------------------------
-# Traefik
-# ----------------------------------
-TRAEFIK_CERT_RESOLVER=http_resolver
-TRAEFIK_ENTRYPOINT=websecure
-TRAEFIK_NETWORK=proxy
-
-# ----------------------------------
-# Adminer
-# ----------------------------------
-ADMINER_PORT=8080

env/.env.db

@@ -1,8 +0,0 @@
-# ----------------------------------
-# Datenbank (MariaDB)
-# ----------------------------------
-MARIADB_USER=mindboost
-MARIADB_DATABASE=mindboost
-MARIADB_PASSWORD=1stronges-mindboostdb-passwort
-MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb
-ADMINER_PORT=8000

env/.env.frontend

@@ -1 +0,0 @@
-DB_HOST= BLALBLAB

env/.env.shared

@@ -1 +0,0 @@
-DB_HOST= BLALBLAB

env/.env.traefik

@@ -1,24 +0,0 @@
-# ----------------------------------
-# Traefik
-# ----------------------------------
-
-# Allgemein
-TRAEFIK_ENABLE=true
-TRAEFIK_NETWORK=proxy
-
-# Backend
-TRAEFIK_ROUTER_BACKEND_ENTRYPOINT=websecure
-TRAEFIK_ROUTER_BACKEND_RULE=Host(`b.mindboost.team`)
-TRAEFIK_ROUTER_BACKEND_TLS=true
-TRAEFIK_ROUTER_BACKEND_CERTRESOLVER=http_resolver
-TRAEFIK_ROUTER_BACKEND_TLS_DOMAIN_MAIN=b.mindboost.team
-TRAEFIK_SERVICE_BACKEND_PORT=8000
-
-# Frontend
-TRAEFIK_ROUTER_FRONTEND_ENTRYPOINT=websecure
-TRAEFIK_ROUTER_FRONTEND_RULE=Host(`app.mindboost.team`)
-TRAEFIK_ROUTER_FRONTEND_TLS=true
-TRAEFIK_ROUTER_FRONTEND_CERTRESOLVER=http_resolver
-TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_MAIN=app.mindboost.team
-TRAEFIK_ROUTER_FRONTEND_TLS_DOMAIN_SANS=mindboost.app
-TRAEFIK_SERVICE_FRONTEND_PORT=3000

env/development/.env.administration

@@ -1,2 +0,0 @@
-PORTAINER_IMAGE=portainer/portainer-ce:latest
-PORTAINER_DATA_PATH=../../../volumes/administration/portainer/data

env/development/.env.backend

@@ -1,28 +0,0 @@
-
-
-# ----------------------------------
-# Redis
-# ----------------------------------
-REDIS_PASSWORD=laravel-redis-passwort
-REDIS_PORT=6379
-
-# ----------------------------------
-# Laravel Backend
-# ----------------------------------
-BACKEND_NETWORK=backend
-APP_NAME="mindboost backend - Compose Deployment"
-APP_URL=https://backend.local
-LARAVEL_PORT=8000
-LARAVEL_VITE_PORT=5173
-DB_HOST=${MARIADB_HOST}
-DB_PORT=${MARIADB_PORT}
-DB_PASSWORD=${MARIADB_PASSWORD}
-DB_USERNAME=${MARIADB_USER}
-DB_DATABASE=${MARIADB_DATABASE}
-
-JWT_SECRET=zMtO8sgsnc4UixWSsYWE1pK9EdpNLzxNSoIPlUpTe6dDlarM3bu4cwM80tH3jA0F
-
-# ----------------------------------
-# Adminer
-# ----------------------------------
-ADMINER_PORT=8080

env/development/.env.database

@@ -1,10 +0,0 @@
-# ----------------------------------
-# Datenbank (MariaDB)
-# ----------------------------------
-MARIADB_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT}
-MARIADB_DATABASE=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT}
-MARIADB_PASSWORD=1stronges-mindboostdb-passwort
-MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb
-
-MARIADB_PORT=3306
-MARIADB_HOST=${INFRASTRUCTURE_LABEL}_database_${ENVIRONMENT}

env/development/.env.develop

@@ -1,18 +0,0 @@
-USER_UID=1000
-USER_GID=1000
-
-GITEA_VOLUME_PATH=../../../volumes/develop/gitea/gitea
-GITEA_DATABASE_VOLUME_PATH=../../../volumes/develop/gitea/gitea_db
-
-GITEA_MYSQL_ROOT_PASSWORD=very-difficult-passwort-gitea
-GITEA_MYSQL_USER=gitea
-GITEA_MYSQL_PASSWORD=very-difficult-gitea
-GITEA_MYSQL_DATABASE=gitea
-GITEA_MYSQL_ALLOW_EMPTY_PASSWORD=true
-
-
-DB_HOST=gitea_db:3306
-DB_NAME=gitea
-DB_PASSWD=very-difficult-gitea
-DB_TYPE=mysql
-DB_USER=gitea

env/development/.env.frontend

@@ -1 +0,0 @@
-# Frontend

env/development/.env.proxy

@@ -1,48 +0,0 @@
-##
-##                      GENERAL
-##                     
-TRAEFIK_ENABLE=true
-TRAEFIK_NETWORK=proxy
-TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH}
-TRAEFIK_CERT_RESOLVER=
-
-##
-##              Domains when TRAEFIK is ENABLED
-## 
-PORTAINER_DOMAIN=portainer.local
-FRONTEND_DOMAIN=frontend.local
-FRONTEND_DOMAIN_2=app.frontend.local
-BACKEND_DOMAIN=backend.local
-WEBSITE_DOMAIN=web.local
-GITEA_DOMAIN=gitea.local
-LIMESURVEY_DOMAIN=survey.local
-LINKSTACK_DOMAIN=linkstack.local
-TRAEFIK_DOMAIN=traefik.local
-CLOUD_DOMAIN=cloud.local
-
-###                         TLS for Domains
-PORTAINER_TLS_DOMAIN_MAIN=${PORTAINER_DOMAIN}
-FRONTEND_TLS_DOMAIN_MAIN=${FRONTEND_DOMAIN}
-FRONTEND_TLS_DOMAIN_SANS=${FRONTEND_DOMAIN_2}
-BACKEND_TLS_DOMAIN_MAIN=${BACKEND_DOMAIN}
-WEBSITE_TLS_DOMAIN_MAIN=${WEBSITE_DOMAIN}
-GITEA_TLS_DOMAIN_MAIN=${GITEA_DOMAIN}
-LIMESURVEY_TLS_DOMAIN_MAIN=${LIMESURVEY_DOMAIN}
-LINKSTACK_TLS_DOMAIN_MAIN=${LINKSTACK_DOMAIN}
-TRAEFIK_TLS_DOMAIN_MAIN=${TRAEFIK_DOMAIN}
-CLOUD_TLS_DOMAIN_MAIN=${CLOUD_DOMAIN}
-
-##
-##                      MIDDLEWARES
-##
-TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-https-redirect
-TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-basic-auth
-
-##
-##                      ENTRYPOINTS
-##
-
-TRAEFIK_ENTRYPOINT=websecure
-TRAEFIK_ENTRYPOINT_HTTP=web
-
-

env/production/.env.backend

@@ -1 +0,0 @@
-${REDIS_PASSWORD}

env/production/.env.database

@@ -1,7 +0,0 @@
-# ----------------------------------
-# Datenbank (MariaDB)
-# ----------------------------------
-MARIADB_USER=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT}
-MARIADB_DATABASE=${INFRASTRUCTURE_LABEL}_${ENVIRONMENT}
-MARIADB_PASSWORD=1stronges-mindboostdb-passwort
-MARIADB_ROOT_PASSWORD=1stronges-passwort-fuer-diedb

env/production/.env.develop

@@ -1 +0,0 @@
-ADMINER_PORT=8000

env/production/.env.portainer

@@ -1,3 +0,0 @@
-PORTAINER_IMAGE=portainer/portainer-ce:latest
-PORTAINER_DATA_PATH=/opt/containers/portainer/data
-PORTAINER_DOMAIN=portainer.yourdomain.com

env/production/.env.proxy

@@ -1,32 +0,0 @@
-TRAEFIK_HTTPS_REDIRECT_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-https-redirect
-TRAEFIK_BASIC_AUTH_MIDDLEWARE=${INFRASTRUCTURE_LABEL}-basic-auth
-TRAEFIK_BASIC_AUTH_USERS=${ADMIN_USER}:${ADMIN_PASSWORD_HASH}
-
-# Service Crowdsec
-SERVICES_CROWDSEC_CONTAINER_NAME=crowdsec
-SERVICES_CROWDSEC_HOSTNAME=crowdsec
-SERVICES_CROWDSEC_IMAGE=crowdsecurity/crowdsec
-SERVICES_CROWDSEC_IMAGE_VERSION=latest
-SERVICES_CROWDSEC_NETWORKS_CROWDSEC_IPV4=172.31.254.254
-
-# Service Traefik
-SERVICES_TRAEFIK_CONTAINER_NAME=${INFRASTRUCTURE_LABEL}-traefik
-SERVICES_TRAEFIK_HOSTNAME=${INFRASTRUCTURE_LABEL}-traefik
-SERVICES_TRAEFIK_IMAGE=traefik
-SERVICES_TRAEFIK_IMAGE_VERSION=2.11
-SERVICES_TRAEFIK_LABELS_TRAEFIK_HOST=`traefik.haslach2025.de`
-SERVICES_TRAEFIK_NETWORKS_CROWDSEC_IPV4=172.31.254.253
-SERVICES_TRAEFIK_NETWORKS_PROXY_IPV4=172.30.255.254
-
-# Service Traefik Crowdsec Bouncer
-SERVICES_TRAEFIK_CROWDSEC_BOUNCER_CONTAINER_NAME=traefik_crowdsec_bouncer
-SERVICES_TRAEFIK_CROWDSEC_BOUNCER_HOSTNAME=traefik-crowdsec-bouncer
-SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE=fbonalair/traefik-crowdsec-bouncer
-SERVICES_TRAEFIK_CROWDSEC_BOUNCER_IMAGE_VERSION=latest
-SERVICES_TRAEFIK_CROWDSEC_BOUNCER_NETWORKS_CROWDSEC_IPV4=172.31.254.252
-
-# Netzwerkeinstellungen
-NETWORKS_PROXY_NAME=proxy
-NETWORKS_PROXY_SUBNET_IPV4=172.30.0.0/16
-NETWORKS_CROWDSEC_NAME=crowdsec
-NETWORKS_CROWDSEC_SUBNET_IPV4=172.31.0.0/16

scripts/debug/deploy-backend.sh

@@ -0,0 +1,3 @@
+source ./../setup/set-global-env.sh
+chmod +x ./../../apps/backend/src/entrypoint.sh
+docker compose -f ./../../apps/backend/docker-compose.overwrite.yml --env-file ./../../env/${ENVIRONMENT}/.env.database --env-file ./../../env/${ENVIRONMENT}/.env.backend --profile backend up

scripts/debug/deploy-frontend.sh

@@ -0,0 +1,3 @@
+source ./../setup/set-global-env.sh
+source ./../setup/set-frontend-env.sh
+docker compose -f ./../../apps/frontend/docker-compose.overwrite.yml --env-file ./../../env/${ENVIRONMENT}/.env.frontend --profile frontend up

scripts/setup/generate-secrets.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+
+# 🚀 Script to Generate Secure Secrets for Deployment
+
+# Define root directory relative to the script location
+
+# Stelle sicher, dass ROOT_DIR gesetzt ist
+if [ -z "$ROOT_DIR" ]; then
+    echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
+    source ./set-project-root.sh
+fi
+
+SECRET_FILE="$ROOT_DIR/env/secrets.env"
+GITIGNORE_FILE="$ROOT_DIR/.gitignore"
+
+# ✅ Function to check if a command is installed
+check_dependency() {
+    command -v "$1" >/dev/null 2>&1
+}
+
+# 🔍 Check for OpenSSL, and prompt user to install if missing
+if ! check_dependency "openssl"; then
+    echo "⚠️  OpenSSL is not installed. It is required to generate secure secrets."
+    echo "Would you like to install OpenSSL now? (yes/no)"
+    read -r install_choice
+    if [[ "$install_choice" == "yes" ]]; then
+        if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+            sudo apt update && sudo apt install -y openssl
+        elif [[ "$OSTYPE" == "darwin"* ]]; then
+            brew install openssl
+        else
+            echo "❌ Unsupported OS. Please install OpenSSL manually."
+            exit 1
+        fi
+    else
+        echo "❌ OpenSSL is required but was not installed. Exiting."
+        exit 1
+    fi
+fi
+
+# ✅ Securely generate random values
+generate_secret() {
+    openssl rand -base64 32
+}
+
+# 🔄 Check if the secret file already exists
+if [ -f "$SECRET_FILE" ]; then
+    echo "⚠️  $SECRET_FILE already exists. Overwrite? (yes/no)"
+    read -r response
+    if [[ "$response" != "yes" ]]; then
+        echo "❌ Secret file creation canceled."
+        exit 1
+    fi
+fi
+
+# ✏️ Write secrets to file
+echo "🔐 Generating $SECRET_FILE ..."
+mkdir -p "$(dirname "$SECRET_FILE")"  # Ensure the env directory exists
+> "$SECRET_FILE"  # Clear file if it exists
+
+# 🔑 Define and write secrets
+echo "ADMIN_PASSWORD_HASH=$(openssl passwd -6 admin)" >> "$SECRET_FILE"
+echo "JWT_SECRET=$(generate_secret)" >> "$SECRET_FILE"
+echo "MARIADB_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
+echo "MARIADB_ROOT_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
+echo "REDIS_HOST_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
+echo "TRAEFIK_BASIC_AUTH_USERS=admin:$(openssl passwd -6 traefikpass)" >> "$SECRET_FILE"
+echo "GITEA_MYSQL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
+echo "NEXTCLOUD_ADMIN_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
+echo "MAIL_PASSWORD=$(generate_secret)" >> "$SECRET_FILE"
+
+# 🛑 Ensure secrets.env is ignored by Git **without overwriting last line**
+if [ -f "$SECRET_FILE" ]; then
+    # Check if the last line is missing a newline and fix it
+    if [ -s "$GITIGNORE_FILE" ] && [ "$(tail -c1 "$GITIGNORE_FILE")" != "" ]; then
+        echo "" >> "$GITIGNORE_FILE"
+    fi
+
+    # Append 'env/secrets.env' only if it's not already in .gitignore
+    if ! grep -q "^env/secrets.env$" "$GITIGNORE_FILE"; then
+        echo "env/secrets.env" >> "$GITIGNORE_FILE"
+        echo "✅ Added 'env/secrets.env' to .gitignore"
+    fi
+fi
+
+echo "✅ Secrets have been generated and stored in $SECRET_FILE."
+echo "⚠️  Keep this file secure and do NOT commit it to Git!"

scripts/setup/set-frontend-env.sh

@@ -0,0 +1,59 @@
+
+#!/bin/bash
+
+# Stelle sicher, dass ROOT_DIR gesetzt ist
+if [ -z "$ROOT_DIR" ]; then
+    echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
+    # Bestimme das Root-Verzeichnis des Git-Repos
+    ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
+
+    # Falls das Repository nicht gefunden wurde, abbrechen
+    if [ -z "$ROOT_DIR" ]; then
+        echo "❌ Fehler: Kein Git-Repository gefunden!"
+        exit 1
+    fi
+
+    # Setze die Variable für die aktuelle Shell-Sitzung
+    export ROOT_DIR
+    echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"
+fi
+
+# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root
+ENV_FILE="$ROOT_DIR/env/development/.env.frontend"
+
+# Prüfen, ob die Datei existiert
+if [ ! -f "$ENV_FILE" ]; then
+    echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!"
+    exit 1
+fi
+
+echo "✅ ENV-Datei vorhanden: $ENV_FILE"
+
+# Funktion: Alle Variablen exportieren
+export_env_vars() {
+    while IFS='=' read -r key value; do
+        # Entferne führende und nachfolgende Leerzeichen
+        key=$(echo "$key" | xargs)
+        value=$(echo "$value" | xargs)
+        
+        # Falls die Zeile ein Kommentar oder leer ist, überspringen
+        if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then
+            continue
+        fi
+        # Exportiere die Variable
+        export "$key=$value"
+    done < "$ENV_FILE"
+}
+
+# Alle Variablen exportieren
+export_env_vars
+
+echo "🔹 Geladene Variablen:"
+grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do
+    echo "$var=${!var}"  # Gibt die gesetzten Variablen mit ihrem Wert aus
+done
+
+
+
+
+

scripts/setup/set-global-env.sh

@@ -0,0 +1,65 @@
+
+#!/bin/bash
+
+# Stelle sicher, dass ROOT_DIR gesetzt ist
+if [ -z "$ROOT_DIR" ]; then
+    echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
+    # Bestimme das Root-Verzeichnis des Git-Repos
+    ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
+
+    # Falls das Repository nicht gefunden wurde, abbrechen
+    if [ -z "$ROOT_DIR" ]; then
+        echo "❌ Fehler: Kein Git-Repository gefunden!"
+        exit 1
+    fi
+
+    # Setze die Variable für die aktuelle Shell-Sitzung
+    export ROOT_DIR
+    echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"
+fi
+
+# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root
+ENV_FILE="$ROOT_DIR/env/.env.all"
+
+# Prüfen, ob die Datei existiert
+if [ ! -f "$ENV_FILE" ]; then
+    echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!"
+    exit 1
+fi
+
+echo "✅ ENV-Datei vorhanden: $ENV_FILE"
+
+# Funktion: Alle Variablen exportieren
+export_env_vars() {
+    while IFS='=' read -r key value; do
+        # Entferne führende und nachfolgende Leerzeichen
+        key=$(echo "$key" | xargs)
+        value=$(echo "$value" | xargs)
+
+        # Falls die Zeile ein Kommentar oder leer ist, überspringen
+        if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then
+            continue
+        fi
+
+        # Entferne umschließende Anführungszeichen, falls vorhanden
+        value=$(echo "$value" | sed -E 's/^"(.*)"$/\1/')
+
+        # Exportiere die Variable
+        export "$key=$value"
+    done < "$ENV_FILE"
+}
+
+# Alle Variablen exportieren
+export_env_vars
+
+export SERVER_IP=$(curl -s https://api.ipify.org)
+
+echo "🔹 Geladene Variablen:"
+grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do
+    echo "$var=${!var}"  # Gibt die gesetzten Variablen mit ihrem Wert aus
+done
+
+
+
+
+

scripts/setup/set-project-root.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Bestimme das Root-Verzeichnis des Git-Repos
+ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
+
+# Falls das Repository nicht gefunden wurde, abbrechen
+if [ -z "$ROOT_DIR" ]; then
+    echo "❌ Fehler: Kein Git-Repository gefunden!"
+    exit 1
+fi
+
+# Setze die Variable für die aktuelle Shell-Sitzung
+export ROOT_DIR
+echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"

scripts/setup/set-proxy-env.sh

@@ -0,0 +1,60 @@
+
+#!/bin/bash
+
+# Stelle sicher, dass ROOT_DIR gesetzt ist
+if [ -z "$ROOT_DIR" ]; then
+    echo "❌ WARN: ROOT_DIR ist nicht gesetzt! Setze ROOT_DIR..."
+    source ./set-project-root.sh
+fi
+
+# Stelle sicher, dass ENVIRONMENT gesetzt ist
+if [ -z "$ENVIRONMENT" ]; then
+    echo "❌ WARN: ENVIRONMENT ist nicht gesetzt! Setze ENVIRONMENT..."
+    source ./set-global-env.sh
+fi
+
+# Setze den Pfad zur .env.all Datei relativ zum Projekt-Root
+ENV_FILE="$ROOT_DIR/env/${ENVIRONMENT}/.env.proxy"
+
+# Prüfen, ob die Datei existiert
+if [ ! -f "$ENV_FILE" ]; then
+    echo "❌ Fehler: Die Datei $ENV_FILE existiert nicht!"
+    exit 1
+fi
+
+echo "✅ ENV-Datei vorhanden: $ENV_FILE"
+
+# Funktion: Alle Variablen exportieren
+export_env_vars() {
+    while IFS='=' read -r key value; do
+        # Entferne führende und nachfolgende Leerzeichen
+        key=$(echo "$key" | xargs)
+        value=$(echo "$value" | xargs)
+
+        # Falls die Zeile ein Kommentar oder leer ist, überspringen
+        if [[ -z "$key" || "$key" =~ ^# || -z "$value" ]]; then
+            continue
+        fi
+
+        # Entferne umschließende Anführungszeichen, falls vorhanden
+        value=$(echo "$value" | sed -E 's/^"(.*)"$/\1/')
+
+        # Exportiere die Variable
+        export "$key=$value"
+    done < "$ENV_FILE"
+}
+
+# Alle Variablen exportieren
+export_env_vars
+
+export SERVER_IP=$(curl -s https://api.ipify.org)
+
+echo "🔹 Geladene Variablen:"
+grep -o '^[^#]*' "$ENV_FILE" | cut -d '=' -f1 | while read -r var; do
+    echo "$var=${!var}"  # Gibt die gesetzten Variablen mit ihrem Wert aus
+done
+
+
+
+
+

scripts/start/deploy-administration.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Pfad zur .env.all Datei
-ENV_FILE="../env/.env.all"
+ENV_FILE="../../env/.env.all"
 
 # Funktion zum Überprüfen der Existenz einer Datei
 check_file_exists() {
@@ -12,7 +12,7 @@ check_file_exists() {
 }
 
 # Überprüfe die Existenz von .env.all
-check_file_exists "../env/.env.all"
+check_file_exists "../../env/.env.all"
 
 # Funktion zum Auslesen von Variablen aus der .env.all Datei
 get_env_var() {
@@ -25,8 +25,8 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT")
 
 # Load environment variables from the .env files
 set -o allexport
-source ../env/.env.all
+source ../../env/.env.all
-source ../env/${ENVIRONMENT}/.env.administration
+source ../../env/${ENVIRONMENT:-development}/.env.administration
 set +o allexport
 
 # Liste Stacks 
@@ -39,14 +39,14 @@ ENVIRONMENTS=("development" "staging" "production")
 # Überprüfe die Existenz aller Stack-spezifischen .env Dateien
 missing_files=0
 for stack in "${STACKS[@]}"; do
-    env_file="../env/${ENVIRONMENT}/.env.${stack}"
+    env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
     if ! check_file_exists "$env_file"; then
         missing_files=$((missing_files + 1))
     fi
 done
 
 if [ $missing_files -eq 0 ]; then
-    echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT}-Environment sind vorhanden."
+    echo "Alle erforderlichen .env Dateien für das ${ENVIRONMENT:-development}-Environment sind vorhanden."
 else
     echo "Warnung: $missing_files .env Datei(en) fehlen. Einige Stacks könnten nicht korrekt funktionieren."
 fi
@@ -55,7 +55,7 @@ fi
 for env in "${ENVIRONMENTS[@]}"; do
     if [ "$env" != "$ENVIRONMENT" ]; then
         for stack in "${STACKS[@]}"; do
-            env_file="../env/${env}/.env.${stack}"
+            env_file="../../env/${env}/.env.${stack}"
             if ! check_file_exists "$env_file"; then
                 echo "Warnung: Die Datei $env_file fehlt für das Environment $env."
             fi
@@ -72,4 +72,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
 echo "-----------------------------------"
 
 # Ausführen des Docker Compose Befehls
-docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile administration up --remove-orphans
+docker compose -f ../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile administration up --remove-orphans

scripts/start/deploy-all.sh

@@ -1,7 +1,12 @@
 #!/bin/bash
+source ../setup/set-project-root.sh
+source ../setup/set-global-env.sh
+source ../setup/set-proxy-env.sh
+source ../setup/generate-secrets.sh
+
 
 # Pfad zur .env.all Datei
-ENV_FILE="../env/.env.all"
+ENV_FILE="../../env/.env.all"
 # Funktion zum Auslesen von Variablen aus der .env.all Datei
 get_env_var() {
     grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
@@ -25,7 +30,6 @@ check_file_exists() {
         return 1
     fi
 }
-#!/bin/bash
 
 # Prüfe, ob das Skript nur in der Entwicklungsumgebung ausgeführt wird
 if [ "$ENVIRONMENT" == "development" ]; then
@@ -43,7 +47,7 @@ if [ "$ENVIRONMENT" == "development" ]; then
   echo "🔹 ENVIRONMENT ist 'development' – Hosts aus .env.proxy werden hinzugefügt und Container gestartet."
 
   # Pfad zur Proxy-Env-Datei
-  ENV_PROXY_FILE="../env/development/.env.proxy"
+  ENV_PROXY_FILE="../../env/development/.env.proxy"
 
   # Hosts-Datei Pfad (Linux/macOS)
   HOSTS_FILE="/etc/hosts"
@@ -72,12 +76,12 @@ else
 fi
 
 # Überprüfe die Existenz von .env.all
-check_file_exists "../env/.env.all"
+check_file_exists "../../env/.env.all"
 
 # Überprüfe die Existenz aller Stack-spezifischen .env Dateien
 missing_files=0
 for stack in "${STACKS[@]}"; do
-    env_file="../env/${ENVIRONMENT}/.env.${stack}"
+    env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
     if ! check_file_exists "$env_file"; then
         missing_files=$((missing_files + 1))
     fi
@@ -102,4 +106,4 @@ if [[ "$1" == "--build" ]]; then
 fi
 
 # Ausführen des Docker Compose Befehls
-docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION
+docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile backend up --remove-orphans $BUILD_OPTION

scripts/start/deploy-app.sh

@@ -1,7 +1,11 @@
 #!/bin/bash
+source ../setup/set-project-root.sh
+source ../setup/set-global-env.sh
+source ../setup/set-proxy-env.sh
+source ../setup/generate-secrets.sh
 
 # Pfad zur .env.all Datei
-ENV_FILE="../env/.env.all"
+ENV_FILE="../../env/.env.all"
 # Funktion zum Auslesen von Variablen aus der .env.all Datei
 get_env_var() {
     grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
@@ -13,7 +17,7 @@ ENVIRONMENT=$(get_env_var "ENVIRONMENT")
 SERVER_IP=$(curl -s https://api.ipify.org)
 
 # Liste aller Stacks
-STACKS=("administration" "frontend" "develop" "database" "proxy" "tools" "website" "backend")
+STACKS=("proxy" "frontend" "database" "backend")
 
 # Liste aller Environments
 ENVIRONMENTS=("development" "staging" "production")
@@ -26,12 +30,12 @@ check_file_exists() {
     fi
 }
 # Überprüfe die Existenz von .env.all
-check_file_exists "../env/.env.all"
+check_file_exists "../../env/.env.all"
 
 # Überprüfe die Existenz aller Stack-spezifischen .env Dateien
 missing_files=0
 for stack in "${STACKS[@]}"; do
-    env_file="../env/${ENVIRONMENT}/.env.${stack}"
+    env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
     if ! check_file_exists "$env_file"; then
         missing_files=$((missing_files + 1))
     fi
@@ -44,7 +48,7 @@ else
 fi
 
 # Ausgabe der Variablen
-echo "Deploying to:"
+echo "Deploying to"
 echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}"
 echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
 echo "-----------------------------------"
@@ -55,5 +59,7 @@ if [[ "$1" == "--build" ]]; then
     BUILD_OPTION="--build"
 fi
 
+
 # Ausführen des Docker Compose Befehls
-docker compose -f ../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile app up --remove-orphans $BUILD_OPTION
+docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --profile app up --remove-orphans $BUILD_OPTION
+

scripts/start/deploy-backend.sh

@@ -0,0 +1,3 @@
+source ./../setup/set-global-env.sh
+chmod +x ./../../apps/backend/src/entrypoint.sh
+docker compose -f ./../../apps/backend/docker-compose.yml --env-file ./../../env/${ENVIRONMENT}/.env.database --env-file ./../../env/${ENVIRONMENT}/.env.backend --profile backend up

scripts/start/deploy-proxy.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Pfad zur .env.all Datei
-ENV_FILE="../env/.env.all"
+ENV_FILE="../../env/.env.all"
 
 # Funktion zum Auslesen von Variablen aus der .env.all Datei
 get_env_var() {
@@ -27,12 +27,12 @@ check_file_exists() {
 }
 
 # Überprüfe die Existenz von .env.all
-check_file_exists "../env/.env.all"
+check_file_exists "../../env/.env.all"
 
 # Überprüfe die Existenz aller Stack-spezifischen .env Dateien
 missing_files=0
 for stack in "${STACKS[@]}"; do
-    env_file="../env/${ENVIRONMENT}/.env.${stack}"
+    env_file="../../env/${ENVIRONMENT:-development}/.env.${stack}"
     if ! check_file_exists "$env_file"; then
         missing_files=$((missing_files + 1))
     fi
@@ -51,4 +51,4 @@ echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
 echo "-----------------------------------"
 
 # Ausführen des Docker Compose Befehls
-docker compose -f ../apps/docker-compose.all.yml --env-file ../env/.env.all --env-file ../env/${ENVIRONMENT}/.env.proxy --profile proxy up --remove-orphans
+docker compose -f ../../apps/docker-compose.all.yml --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans

scripts/start/deploy-traefik.sh

@@ -3,7 +3,7 @@ set -e
 
 # Funktion zur Überprüfung der Produktivumgebung
 is_production() {
-    local prod_ip="85.215.56.185"  # IP-Adresse deines Produktivservers
+    local prod_ip=${SERVER_IP:-127.0.0.1} # IP-Adresse deines Produktivservers
     local current_ip
 
     # Überprüfe das Betriebssystem
@@ -69,30 +69,27 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then
         echo "Wir befinden uns in der Produktivumgebung."
         echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.prod.yml..."
         env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-        docker compose -f ../apps/proxy/docker-compose.traefik.prod.yml up -d
+        docker compose -f ../../apps/proxy/docker-compose.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
     else
         echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
         echo "Starte Traefik und CrowdSec Bouncer mit docker-compose.traefik.local.yml..."
         env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-        docker compose -f ../apps/docker-compose.traefik.local.yml up -d
+        docker compose -f ../../apps/proxy/docker-compose.overwrite.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
     fi
 else
     echo "Traefik läuft bereits. Aktualisiere die Konfiguration..."
     
     if is_production; then
         echo "Aktualisiere Traefik und CrowdSec Bouncer in der Produktivumgebung..."
-        docker compose -f ../apps/docker-compose.traefik.prod.yml up -d
+        docker compose -f ../../apps/proxy/docker-compose.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
     else
         echo "Aktualisiere Traefik und CrowdSec Bouncer in der lokalen Umgebung..."
-        docker compose -f ../apps/docker-compose.traefik.local.yml up -d
+        docker compose -f ../../apps/proxy/docker-compose.overwrite.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
     fi
 fi
 
 echo "Traefik und CrowdSec Bouncer Deployment abgeschlossen."
 
-=================
-
-
 echo "Prüfe, ob Traefik läuft..."
 
 set_environment_variables
@@ -106,14 +103,14 @@ fi
 
 if is_production; then
     echo "Wir befinden uns in der Produktivumgebung."
-    echo "Starte/Aktualisiere Deployment mit docker-compose.prod.yml..."
+    echo "Starte/Aktualisiere Deployment mit docker-compose.yml..."
     env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-    docker compose -f ../apps/docker-compose.prod.yml up -d
+    docker compose -f ../../apps/proxy/docker-compose.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
 else
     echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
     echo "Starte/Aktualisiere lokale Version mit docker-compose.overwrite.yml..."
     env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-    docker compose -f ../apps/docker-compose.overwrite.yml up -d
+    docker compose -f ../../apps/proxy/docker-compose.overwrite.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
 fi
 
 
@@ -123,9 +120,9 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then
     if is_production; then
         echo "Wir befinden uns in der Produktivumgebung."
         set_environment_variables
-        echo "Starte Deployment mit docker-compose.prod.yml..."
+        echo "Starte Deployment mit docker-compose.yml..."
         env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-        docker compose -f ../apps/docker-compose.prod.yml up -d
+        docker compose -f ../../apps/proxy/docker-compose.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
     else
         echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
         read -p "Möchtest du die lokale Version zum Debuggen (docker-compose.overwrite.yml) starten? (y/n): " answer
@@ -133,7 +130,7 @@ if ! docker ps --format '{{.Names}}' | grep -q 'traefik'; then
             echo "Starte lokale Version..."
             set_environment_variables
             env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-            docker compose -f ../apps/docker-compose.overwrite.yml up -d
+            docker compose -f ../../apps/proxy/docker-compose.overwrite.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
         else
             echo "Deployment abgebrochen."
             exit 1
@@ -145,15 +142,15 @@ else
     if is_production; then
         echo "Wir befinden uns in der Produktivumgebung."
         set_environment_variables
-        echo "Aktualisiere Deployment mit docker-compose.prod.yml..."
+        echo "Aktualisiere Deployment mit docker-compose.yml..."
         env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-        docker compose -f ../apps/docker-compose.prod.yml up -d
+        docker compose -f ../../apps/proxy/docker-compose.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
     else
         echo "Wir befinden uns in der lokalen Entwicklungsumgebung."
         set_environment_variables
         echo "Aktualisiere lokale Version mit docker-compose.overwrite.yml..."
         env | grep DOMAIN  # Debug: Zeige die gesetzten Umgebungsvariablen an
-        docker compose -f ../apps/docker-compose.overwrite.yml up -d
+        docker compose -f ../../apps/proxy/docker-compose.overwrite.yml  --env-file ../../env/.env.all --env-file ../../env/${ENVIRONMENT:-development}/.env.proxy --profile proxy up --remove-orphans -d
     fi
 fi
 

scripts/start/deploy.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+#!/bin/bash
+
+# Bestimme das Root-Verzeichnis des Git-Repos
+ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null)
+
+# Falls das Repository nicht gefunden wurde, abbrechen
+if [ -z "$ROOT_DIR" ]; then
+    echo "❌ Fehler: Kein Git-Repository gefunden!"
+    exit 1
+fi
+
+# Setze die Variable für die aktuelle Shell-Sitzung
+echo "✅ ROOT_DIR gesetzt auf: $ROOT_DIR"
+
+# Pfad zur .env.all Datei
+ENV_FILE="${ROOT_DIR}/env/.env.all"
+echo $ENV_FILE
+# Funktion zum Auslesen von Variablen aus der .env.all Datei
+get_env_var() {
+    grep "^$1=" "$ENV_FILE" | cut -d '=' -f2
+}
+
+# Auslesen der INFRASTRUCTURE und ENVIRONMENT Variablen
+INFRASTRUCTURE=$(get_env_var "INFRASTRUCTURE_LABEL")
+ENVIRONMENT=$(get_env_var "ENVIRONMENT")
+SERVER_IP=$(curl -s https://api.ipify.org)
+
+
+# Ausgabe der Variablen
+echo "Deploying to:"
+echo "INFRASTRUCTURE: ${INFRASTRUCTURE:-Not set}"
+echo "ENVIRONMENT: ${ENVIRONMENT:-Not set}"
+echo "-----------------------------------"
+
+# Ausführen des Docker Compose Befehls
+docker compose -f ../../apps/docker-compose.all.yml -p ${INFRASTRUCTURE:-my} --env-file ${ENV_FILE} --env-file ${ROOT_DIR}/env/${ENVIRONMENT:-development}/.env.proxy --profile app up --remove-orphans