commit 4f5355070f089bb4fdc5eed22c879cbbeff68c83 Author: Automation Admin Date: Thu Aug 14 17:21:55 2025 +0000 docs: initial VM documentation diff --git a/README.md b/README.md new file mode 100644 index 0000000..ea2acab --- /dev/null +++ b/README.md @@ -0,0 +1,117 @@ +# VM Dokumentation – opensuse-4gb-nbg1-4 + +Stand: 2025-08-14T17:19:07+00:00 + +## System +- Hostname: opensuse-4gb-nbg1-4 +- OS: openSUSE Leap 15.6 +- Kernel: 6.4.0-150600.23.53-default +- Podman: podman version 5.5.2 +- Node: v20.19.2 +- npm: 10.8.2 +- Rust: rustc not installed +- Cargo: cargo not installed + +## Netzwerk/Ports (Auszug) + + + +## Container-Stack (Podman, Host-Networking) + + + +### Reverse Proxy (Caddy) +Caddyfile unter `/root/Caddyfile`: + + +## Netzwerk/Ports (Auszug) + + Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess + +## Container-Stack (Podman, Host-Networking) + + NAMES IMAGE STATUS PORTS +f42c882bb639-infra localhost/podman-pause:4.9.5-1748865600 Up 5 days 0.0.0.0:3002->3000/tcp, 0.0.0.0:8081->8080/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9093->9093/tcp, 0.0.0.0:9100->9100/tcp +snake-test localhost/snake-game:test Up 5 days 0.0.0.0:3006->3003/tcp +gitea docker.io/gitea/gitea:1.21 Up 5 days 22/tcp, 3000/tcp +caddy docker.io/library/caddy:2-alpine Up 5 days 80/tcp, 443/tcp, 2019/tcp, 443/udp +woodpecker-agent docker.io/woodpeckerci/woodpecker-agent:latest Up 4 days 3000/tcp +woodpecker-server docker.io/woodpeckerci/woodpecker-server:latest Up 4 days 80/tcp, 443/tcp, 8000/tcp, 9000/tcp +rust-server localhost/rust-server:latest Up 19 hours 127.0.0.1:3010->8080/tcp +rust-game docker.io/didstopia/rust-server:latest Up 4 hours 0.0.0.0:28015-28016->28015-28016/tcp, 0.0.0.0:28015->28015/udp, 8080/tcp, 28082/tcp + +### Reverse Proxy (Caddy) +Caddyfile unter `/root/Caddyfile`: + + git.pp1l.de { + reverse_proxy localhost:3000 +} + +ci.pp1l.de { + reverse_proxy localhost:8000 +} + +# Rust Service +rust.pp1l.de { + reverse_proxy localhost:3010 +} + +# Fallback für localhost-Zugriff +localhost:80 { + redir / /3000 +} + +- Domains: + - git.pp1l.de → Gitea (localhost:3000) + - ci.pp1l.de → Woodpecker Web (localhost:8000) + - rust.pp1l.de → Rust Service (localhost:3010) + +## Applikationen + +- Snake Game (`/root/snake-game`) + - Node.js App, Pipeline via `.woodpecker.yml` + - Remote: + + origin http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (fetch) +origin http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (push) + +- OS Upgrade Automation (`/root/os-upgrade-automation`) + - Ansible Projekt, CI konfiguriert + - Remote: + + origin http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (fetch) +origin http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (push) + +- Rust Service (`/root/rust-server`) + - Containerfile, exposed über Caddy `rust.pp1l.de` + - Inhalte (Top-Level): + - Cargo.toml + - Containerfile + - src + +## CI/CD +- Gitea: Host-Networking, Volume `gitea-data` +- Woodpecker Server/Agent: Host-Networking, Volume `woodpecker-server-data` +- Konfiguration: + - Server Env: `/etc/woodpecker/server.env` (OAuth-Client/Secret nicht veröffentlichen) + - Agent Env: `/etc/woodpecker/agent.env` +- Wrapper-Skript: `/root/cicd-wrapper.sh` + - Befehle: start|stop|restart|status|logs|enable|disable|monitoring {start|stop|status|logs|urls} + +## Monitoring +- Verzeichnis: `/root/monitoring` +- Startskript: `start-monitoring-podman.sh` +- Standard-Ports: Prometheus 9090, Grafana 3002, cAdvisor 8081, Node Exporter 9100, Alertmanager 9093 + +## Sicherheit & Secrets +- Secrets: `/root/secrets`, Woodpecker Envs in `/etc/woodpecker` (restriktive Rechte) +- Git-Creds lokal in `~/.git-credentials` + +## Betrieb +- CI/CD: `/root/cicd-wrapper.sh status`, `/root/cicd-wrapper.sh restart` +- Monitoring: `/root/cicd-wrapper.sh monitoring start`, `/root/cicd-wrapper.sh monitoring status` + +## Hinweise +- Host-Networking bewusst genutzt; persistente Volumes: gitea-data, woodpecker-server-data +- Standard-Passwörter ändern; Secrets mit sops/age oder Vault verwalten +