Local changes before sync

v2/.env

@@ -0,0 +1,70 @@
+# PostgreSQL-Datenbank
+POSTGRES_DB=meinedatenbank
+POSTGRES_USER=adminuser
+POSTGRES_PASSWORD=supergeheimespasswort
+
+# Admin-Panel Zugangsdaten
+ADMIN1_USERNAME=rac00n
+ADMIN1_PASSWORD=1248163264
+ADMIN2_USERNAME=w@rh@mm3r
+ADMIN2_PASSWORD=Warhammer123!
+
+# Lizenzserver API Key für Authentifizierung
+
+
+# Domains (können von der App ausgewertet werden, z. B. für Links oder CORS)
+API_DOMAIN=api-software-undso.intelsight.de
+ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de
+
+# ===================== OPTIONALE VARIABLEN =====================
+
+# JWT für API-Auth (WICHTIG: Für sichere Token-Verschlüsselung!)
+JWT_SECRET=xY9ZmK2pL7nQ4wF6jH8vB3tG5aZ1dE7fR9hT2kM4nP6qS8uW0xC3yA5bD7eF9gH2jK4
+
+# E-Mail Konfiguration (z. B. bei Ablaufwarnungen)
+# MAIL_SERVER=smtp.meinedomain.de
+# MAIL_PORT=587
+# MAIL_USERNAME=deinemail
+# MAIL_PASSWORD=geheim
+# MAIL_FROM=no-reply@meinedomain.de
+
+# Logging
+# LOG_LEVEL=info
+
+# Erlaubte CORS-Domains (für Web-Frontend)
+# ALLOWED_ORIGINS=https://admin.meinedomain.de
+
+# ===================== VERSION =====================
+
+# Serverseitig gepflegte aktuelle Software-Version
+# Diese wird vom Lizenzserver genutzt, um die Kundenversion zu vergleichen
+LATEST_CLIENT_VERSION=1.0.0
+
+# ===================== BACKUP KONFIGURATION =====================
+
+# E-Mail für Backup-Benachrichtigungen
+EMAIL_ENABLED=false
+
+# Backup-Verschlüsselung (optional, wird automatisch generiert wenn leer)
+# BACKUP_ENCRYPTION_KEY=
+
+# ===================== CAPTCHA KONFIGURATION =====================
+
+# Google reCAPTCHA v2 Keys (https://www.google.com/recaptcha/admin)
+# Für PoC-Phase auskommentiert - CAPTCHA wird übersprungen wenn Keys fehlen
+# RECAPTCHA_SITE_KEY=your-site-key-here
+# RECAPTCHA_SECRET_KEY=your-secret-key-here
+
+# ===================== MONITORING KONFIGURATION =====================
+
+# Grafana Admin Credentials
+GRAFANA_USER=admin
+GRAFANA_PASSWORD=admin
+
+# SMTP Settings for Alertmanager (optional)
+# SMTP_USERNAME=your-email@gmail.com
+# SMTP_PASSWORD=your-app-password
+
+# Webhook URLs for critical alerts (optional)
+# WEBHOOK_CRITICAL=https://your-webhook-url/critical
+# WEBHOOK_SECURITY=https://your-webhook-url/security

v2/.env.production.template

@@ -0,0 +1,56 @@
+# PostgreSQL-Datenbank
+POSTGRES_DB=meinedatenbank
+POSTGRES_USER=adminuser
+# IMPORTANT: Generate a strong password using generate-secrets.py
+POSTGRES_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
+
+# Admin-Panel Zugangsdaten
+ADMIN1_USERNAME=rac00n
+ADMIN1_PASSWORD=1248163264
+ADMIN2_USERNAME=w@rh@mm3r
+ADMIN2_PASSWORD=Warhammer123!
+
+# Domains
+API_DOMAIN=api-software-undso.intelsight.de
+ADMIN_PANEL_DOMAIN=admin-panel-undso.intelsight.de
+
+# JWT für API-Auth (WICHTIG: Für sichere Token-Verschlüsselung!)
+# IMPORTANT: Generate using generate-secrets.py
+JWT_SECRET=CHANGE_THIS_GENERATE_SECURE_SECRET
+
+# E-Mail Konfiguration (optional)
+# MAIL_SERVER=smtp.meinedomain.de
+# MAIL_PORT=587
+# MAIL_USERNAME=deinemail
+# MAIL_PASSWORD=geheim
+# MAIL_FROM=no-reply@intelsight.de
+
+# Logging
+LOG_LEVEL=info
+
+# Erlaubte CORS-Domains (für Web-Frontend)
+ALLOWED_ORIGINS=https://admin-panel-undso.intelsight.de
+
+# VERSION
+LATEST_CLIENT_VERSION=1.0.0
+
+# BACKUP KONFIGURATION
+EMAIL_ENABLED=false
+
+# CAPTCHA KONFIGURATION (optional für PoC)
+# RECAPTCHA_SITE_KEY=your-site-key-here
+# RECAPTCHA_SECRET_KEY=your-secret-key-here
+
+# MONITORING KONFIGURATION
+GRAFANA_USER=admin
+# IMPORTANT: Generate a strong password using generate-secrets.py
+GRAFANA_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
+
+# SMTP Settings for Alertmanager (optional)
+# SMTP_USERNAME=your-email@gmail.com
+# SMTP_PASSWORD=your-app-password
+
+# Webhook URLs for critical alerts (optional)
+# WEBHOOK_CRITICAL=https://your-webhook-url/critical
+# WEBHOOK_SECURITY=https://your-webhook-url/security
+

v2/docker-compose.yaml

@@ -0,0 +1,164 @@
+services:
+  postgres:
+    build:
+      context: ../v2_postgres
+    container_name: db
+    restart: always
+    env_file: .env
+    environment:
+      POSTGRES_HOST: postgres
+      POSTGRES_INITDB_ARGS: '--encoding=UTF8 --locale=de_DE.UTF-8'
+      POSTGRES_COLLATE: 'de_DE.UTF-8'
+      POSTGRES_CTYPE: 'de_DE.UTF-8'
+      TZ: Europe/Berlin
+      PGTZ: Europe/Berlin
+    volumes:
+      # Persistente Speicherung der Datenbank auf dem Windows-Host
+      - postgres_data:/var/lib/postgresql/data
+      # Init-Skript für Tabellen
+      - ../v2_adminpanel/init.sql:/docker-entrypoint-initdb.d/init.sql
+    networks:
+      - internal_net
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4g
+
+  license-server:
+    build:
+      context: ../v2_lizenzserver
+    container_name: license-server
+    restart: always
+    # Port-Mapping entfernt - nur noch über Nginx erreichbar
+    env_file: .env
+    environment:
+      TZ: Europe/Berlin
+    depends_on:
+      - postgres
+    networks:
+      - internal_net
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4g
+
+  # auth-service:
+  #   build:
+  #     context: ../lizenzserver/services/auth
+  #   container_name: auth-service
+  #   restart: always
+  #   # Port 5001 - nur intern erreichbar
+  #   env_file: .env
+  #   environment:
+  #     TZ: Europe/Berlin
+  #     DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/v2_adminpanel
+  #     REDIS_URL: redis://redis:6379/1
+  #     JWT_SECRET: ${JWT_SECRET}
+  #     FLASK_ENV: production
+  #   depends_on:
+  #     - postgres
+  #     - redis
+  #   networks:
+  #     - internal_net
+  #   deploy:
+  #     resources:
+  #       limits:
+  #         cpus: '1'
+  #         memory: 1g
+
+  # analytics-service:
+  #   build:
+  #     context: ../lizenzserver/services/analytics
+  #   container_name: analytics-service
+  #   restart: always
+  #   # Port 5003 - nur intern erreichbar
+  #   env_file: .env
+  #   environment:
+  #     TZ: Europe/Berlin
+  #     DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/v2_adminpanel
+  #     REDIS_URL: redis://redis:6379/2
+  #     JWT_SECRET: ${JWT_SECRET}
+  #     FLASK_ENV: production
+  #   depends_on:
+  #     - postgres
+  #     - redis
+  #     - rabbitmq
+  #   networks:
+  #     - internal_net
+  #   deploy:
+  #     resources:
+  #       limits:
+  #         cpus: '1'
+  #         memory: 2g
+
+  # admin-api-service:
+  #   build:
+  #     context: ../lizenzserver/services/admin_api
+  #   container_name: admin-api-service
+  #   restart: always
+  #   # Port 5004 - nur intern erreichbar
+  #   env_file: .env
+  #   environment:
+  #     TZ: Europe/Berlin
+  #     DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/v2_adminpanel
+  #     REDIS_URL: redis://redis:6379/3
+  #     JWT_SECRET: ${JWT_SECRET}
+  #     FLASK_ENV: production
+  #   depends_on:
+  #     - postgres
+  #     - redis
+  #     - rabbitmq
+  #   networks:
+  #     - internal_net
+  #   deploy:
+  #     resources:
+  #       limits:
+  #         cpus: '1'
+  #         memory: 2g
+
+  admin-panel:
+    build:
+      context: ../v2_adminpanel
+    container_name: admin-panel
+    restart: always
+    # Port-Mapping entfernt - nur über nginx erreichbar
+    env_file: .env
+    environment:
+      TZ: Europe/Berlin
+    depends_on:
+      - postgres
+    networks:
+      - internal_net
+    volumes:
+      # Backup-Verzeichnis
+      - ../backups:/app/backups
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4g
+
+  nginx:
+    build:
+      context: ../v2_nginx
+    container_name: nginx-proxy
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      TZ: Europe/Berlin
+    depends_on:
+      - admin-panel
+      - license-server
+    networks:
+      - internal_net
+
+networks:
+  internal_net:
+    driver: bridge
+
+volumes:
+  postgres_data: