pp1l
/
vm-doc-opensuse-4gb-nbg1-4
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vm-doc-opensuse-4gb-nbg1-4/README.md

4.1 KiB
Raw Blame History

VM Dokumentation opensuse-4gb-nbg1-4

Stand: 2025-08-14T17:19:07+00:00

System

  • Hostname: opensuse-4gb-nbg1-4
  • OS: openSUSE Leap 15.6
  • Kernel: 6.4.0-150600.23.53-default
  • Podman: podman version 5.5.2
  • Node: v20.19.2
  • npm: 10.8.2
  • Rust: rustc not installed
  • Cargo: cargo not installed

Netzwerk/Ports (Auszug)

Container-Stack (Podman, Host-Networking)

Reverse Proxy (Caddy)

Caddyfile unter /root/Caddyfile:

Netzwerk/Ports (Auszug)

Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess

Container-Stack (Podman, Host-Networking)

NAMES               IMAGE                                            STATUS       PORTS

f42c882bb639-infra localhost/podman-pause:4.9.5-1748865600 Up 5 days 0.0.0.0:3002->3000/tcp, 0.0.0.0:8081->8080/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9093->9093/tcp, 0.0.0.0:9100->9100/tcp snake-test localhost/snake-game:test Up 5 days 0.0.0.0:3006->3003/tcp gitea docker.io/gitea/gitea:1.21 Up 5 days 22/tcp, 3000/tcp caddy docker.io/library/caddy:2-alpine Up 5 days 80/tcp, 443/tcp, 2019/tcp, 443/udp woodpecker-agent docker.io/woodpeckerci/woodpecker-agent:latest Up 4 days 3000/tcp woodpecker-server docker.io/woodpeckerci/woodpecker-server:latest Up 4 days 80/tcp, 443/tcp, 8000/tcp, 9000/tcp rust-server localhost/rust-server:latest Up 19 hours 127.0.0.1:3010->8080/tcp rust-game docker.io/didstopia/rust-server:latest Up 4 hours 0.0.0.0:28015-28016->28015-28016/tcp, 0.0.0.0:28015->28015/udp, 8080/tcp, 28082/tcp

Reverse Proxy (Caddy)

Caddyfile unter /root/Caddyfile:

git.pp1l.de {
reverse_proxy localhost:3000

}

ci.pp1l.de { reverse_proxy localhost:8000 }

Rust Service

rust.pp1l.de { reverse_proxy localhost:3010 }

Fallback für localhost-Zugriff

localhost:80 { redir / /3000 }

  • Domains:
    • git.pp1l.de → Gitea (localhost:3000)
    • ci.pp1l.de → Woodpecker Web (localhost:8000)
    • rust.pp1l.de → Rust Service (localhost:3010)

Applikationen

  • Snake Game (/root/snake-game)

    • Node.js App, Pipeline via .woodpecker.yml

    • Remote:

      origin	http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (fetch)

origin http://automation:changeme@localhost:3000/pp1l/snake-game-cicd.git (push)

  • OS Upgrade Automation (/root/os-upgrade-automation)

    • Ansible Projekt, CI konfiguriert

    • Remote:

      origin	http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (fetch)

origin http://automation:changeme@localhost:3000/pp1l/os-upgrade-automation.git (push)

  • Rust Service (/root/rust-server)
    • Containerfile, exposed über Caddy rust.pp1l.de
    • Inhalte (Top-Level):
  • Cargo.toml
  • Containerfile
  • src

CI/CD

  • Gitea: Host-Networking, Volume gitea-data
  • Woodpecker Server/Agent: Host-Networking, Volume woodpecker-server-data
  • Konfiguration:
    • Server Env: /etc/woodpecker/server.env (OAuth-Client/Secret nicht veröffentlichen)
    • Agent Env: /etc/woodpecker/agent.env
  • Wrapper-Skript: /root/cicd-wrapper.sh
    • Befehle: start|stop|restart|status|logs|enable|disable|monitoring {start|stop|status|logs|urls}

Monitoring

  • Verzeichnis: /root/monitoring
  • Startskript: start-monitoring-podman.sh
  • Standard-Ports: Prometheus 9090, Grafana 3002, cAdvisor 8081, Node Exporter 9100, Alertmanager 9093

Sicherheit & Secrets

  • Secrets: /root/secrets, Woodpecker Envs in /etc/woodpecker (restriktive Rechte)
  • Git-Creds lokal in ~/.git-credentials

Betrieb

  • CI/CD: /root/cicd-wrapper.sh status, /root/cicd-wrapper.sh restart
  • Monitoring: /root/cicd-wrapper.sh monitoring start, /root/cicd-wrapper.sh monitoring status

Hinweise

  • Host-Networking bewusst genutzt; persistente Volumes: gitea-data, woodpecker-server-data
  • Standard-Passwörter ändern; Secrets mit sops/age oder Vault verwalten