docs: clean up README formatting and structure
This commit is contained in:
Automation Admin
parent
4f5355070f
commit
baa19015fd
119
README.md
119
README.md
|
|
@ -13,24 +13,21 @@ Stand: 2025-08-14T17:19:07+00:00
|
|||
- Cargo: cargo not installed
|
||||
|
||||
## Netzwerk/Ports (Auszug)
|
||||
|
||||
|
||||
```text
|
||||
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
|
||||
tcp LISTEN 0 0 0.0.0.0:3002 0.0.0.0:* users:(("grafana",pid=1234,fd=8))
|
||||
tcp LISTEN 0 0 0.0.0.0:8081 0.0.0.0:* users:(("cadvisor",pid=5678,fd=6))
|
||||
tcp LISTEN 0 0 0.0.0.0:9090 0.0.0.0:* users:(("prometheus",pid=9012,fd=7))
|
||||
tcp LISTEN 0 0 0.0.0.0:9093 0.0.0.0:* users:(("alertmanager",pid=3456,fd=5))
|
||||
tcp LISTEN 0 0 0.0.0.0:9100 0.0.0.0:* users:(("node_exporter",pid=7890,fd=4))
|
||||
tcp LISTEN 0 0 127.0.0.1:3010 0.0.0.0:* users:(("rust-server",pid=1111,fd=3))
|
||||
tcp LISTEN 0 0 0.0.0.0:28015 0.0.0.0:* users:(("rust-game",pid=2222,fd=2))
|
||||
tcp LISTEN 0 0 0.0.0.0:28016 0.0.0.0:* users:(("rust-game",pid=2222,fd=1))
|
||||
```
|
||||
|
||||
## Container-Stack (Podman, Host-Networking)
|
||||
|
||||
|
||||
|
||||
### Reverse Proxy (Caddy)
|
||||
Caddyfile unter `/root/Caddyfile`:
|
||||
|
||||
|
||||
## Netzwerk/Ports (Auszug)
|
||||
|
||||
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
|
||||
|
||||
## Container-Stack (Podman, Host-Networking)
|
||||
|
||||
NAMES IMAGE STATUS PORTS
|
||||
```text
|
||||
NAMES IMAGE STATUS PORTS
|
||||
f42c882bb639-infra localhost/podman-pause:4.9.5-1748865600 Up 5 days 0.0.0.0:3002->3000/tcp, 0.0.0.0:8081->8080/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9093->9093/tcp, 0.0.0.0:9100->9100/tcp
|
||||
snake-test localhost/snake-game:test Up 5 days 0.0.0.0:3006->3003/tcp
|
||||
gitea docker.io/gitea/gitea:1.21 Up 5 days 22/tcp, 3000/tcp
|
||||
|
|
@ -39,11 +36,12 @@ woodpecker-agent docker.io/woodpeckerci/woodpecker-agent:latest Up 4 days
|
|||
woodpecker-server docker.io/woodpeckerci/woodpecker-server:latest Up 4 days 80/tcp, 443/tcp, 8000/tcp, 9000/tcp
|
||||
rust-server localhost/rust-server:latest Up 19 hours 127.0.0.1:3010->8080/tcp
|
||||
rust-game docker.io/didstopia/rust-server:latest Up 4 hours 0.0.0.0:28015-28016->28015-28016/tcp, 0.0.0.0:28015->28015/udp, 8080/tcp, 28082/tcp
|
||||
```
|
||||
|
||||
### Reverse Proxy (Caddy)
|
||||
Caddyfile unter `/root/Caddyfile`:
|
||||
|
||||
git.pp1l.de {
|
||||
```caddy
|
||||
git.pp1l.de {
|
||||
reverse_proxy localhost:3000
|
||||
}
|
||||
|
||||
|
|
@ -60,58 +58,75 @@ rust.pp1l.de {
|
|||
localhost:80 {
|
||||
redir / /3000
|
||||
}
|
||||
```
|
||||
|
||||
- Domains:
|
||||
- git.pp1l.de → Gitea (localhost:3000)
|
||||
- ci.pp1l.de → Woodpecker Web (localhost:8000)
|
||||
- rust.pp1l.de → Rust Service (localhost:3010)
|
||||
|
||||
## Applikationen
|
||||
|
||||
- Snake Game (`/root/snake-game`)
|
||||
- Node.js App, Pipeline via `.woodpecker.yml`
|
||||
- Remote:
|
||||
|
||||
origin http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (fetch)
|
||||
origin http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (push)
|
||||
|
||||
- OS Upgrade Automation (`/root/os-upgrade-automation`)
|
||||
- Ansible Projekt, CI konfiguriert
|
||||
- Remote:
|
||||
|
||||
origin http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (fetch)
|
||||
origin http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (push)
|
||||
|
||||
- Rust Service (`/root/rust-server`)
|
||||
- Containerfile, exposed über Caddy `rust.pp1l.de`
|
||||
- Inhalte (Top-Level):
|
||||
- Cargo.toml
|
||||
- Containerfile
|
||||
- src
|
||||
|
||||
## CI/CD
|
||||
- Gitea: Host-Networking, Volume `gitea-data`
|
||||
- Woodpecker Server/Agent: Host-Networking, Volume `woodpecker-server-data`
|
||||
- Gitea: Container mit Host-Networking, persistentes Volume `gitea-data`
|
||||
- Woodpecker Server/Agent: Host-Networking, Daten in `woodpecker-server-data`
|
||||
- Konfiguration:
|
||||
- Server Env: `/etc/woodpecker/server.env` (OAuth-Client/Secret nicht veröffentlichen)
|
||||
- Server Env: `/etc/woodpecker/server.env` (enthält OAuth Client/Secret – nicht im Repo)
|
||||
- Agent Env: `/etc/woodpecker/agent.env`
|
||||
- Wrapper-Skript: `/root/cicd-wrapper.sh`
|
||||
- Befehle: start|stop|restart|status|logs|enable|disable|monitoring {start|stop|status|logs|urls}
|
||||
- Befehle: `start|stop|restart|status|logs|enable|disable|monitoring {start|stop|status|logs|urls}`
|
||||
|
||||
## Monitoring
|
||||
- Verzeichnis: `/root/monitoring`
|
||||
- Startskript: `start-monitoring-podman.sh`
|
||||
- Standard-Ports: Prometheus 9090, Grafana 3002, cAdvisor 8081, Node Exporter 9100, Alertmanager 9093
|
||||
- Standard-Ports:
|
||||
- Prometheus: 9090
|
||||
- Grafana: 3002 (admin/admin123 – bitte ändern)
|
||||
- cAdvisor: 8081
|
||||
- Node Exporter: 9100
|
||||
- Alertmanager: 9093
|
||||
|
||||
## Applikationen
|
||||
- Snake Game (`/root/snake-game`)
|
||||
- Node.js App, Pipeline via `.woodpecker.yml`
|
||||
- Remote:
|
||||
```text
|
||||
origin http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (fetch)
|
||||
origin http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (push)
|
||||
```
|
||||
|
||||
- OS Upgrade Automation (`/root/os-upgrade-automation`)
|
||||
- Ansible Projekt, CI konfiguriert
|
||||
- Remote:
|
||||
```text
|
||||
origin http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (fetch)
|
||||
origin http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (push)
|
||||
```
|
||||
|
||||
- Rust Service (`/root/rust-server`)
|
||||
- Containerfile, exposed über Caddy `rust.pp1l.de`
|
||||
- Inhalte (Top-Level):
|
||||
- Cargo.toml
|
||||
- Containerfile
|
||||
- src
|
||||
|
||||
## Sicherheit & Secrets
|
||||
- Secrets: `/root/secrets`, Woodpecker Envs in `/etc/woodpecker` (restriktive Rechte)
|
||||
- Git-Creds lokal in `~/.git-credentials`
|
||||
- Secrets liegen unter `/root/secrets` und in Env-Dateien unter `/etc/woodpecker/` (Dateirechte restriktiv)
|
||||
- Git-Creds für lokalen Automationsnutzer in `~/.git-credentials` (nur lokale Nutzung)
|
||||
- OAuth für Woodpecker in Gitea konfiguriert (Details nicht offengelegt)
|
||||
|
||||
## Betrieb
|
||||
- CI/CD: `/root/cicd-wrapper.sh status`, `/root/cicd-wrapper.sh restart`
|
||||
- Monitoring: `/root/cicd-wrapper.sh monitoring start`, `/root/cicd-wrapper.sh monitoring status`
|
||||
- CI/CD Stack steuern:
|
||||
```bash
|
||||
/root/cicd-wrapper.sh status
|
||||
/root/cicd-wrapper.sh restart
|
||||
```
|
||||
- Monitoring steuern:
|
||||
```bash
|
||||
/root/cicd-wrapper.sh monitoring start
|
||||
/root/cicd-wrapper.sh monitoring status
|
||||
```
|
||||
|
||||
## Hinweise
|
||||
- Host-Networking bewusst genutzt; persistente Volumes: gitea-data, woodpecker-server-data
|
||||
- Standard-Passwörter ändern; Secrets mit sops/age oder Vault verwalten
|
||||
- Host-Networking wird bewusst genutzt, um Reverse-Proxy/Port-Zugriff zu vereinfachen
|
||||
- Persistente Volumes: `gitea-data`, `woodpecker-server-data`
|
||||
- Bitte Standard-Passwörter zeitnah ändern und Secrets über sops/age oder Vault verwalten
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue