Config-Backup 2026-03-28 15:30:26

Geänderte Dateien: - etc/systemd/system/system/chronyd.service - etc/systemd/system/system/cloud-config.target.wants/cloud-init-hotplugd.socket - etc/systemd/system/system/cloud-init.target.wants/cloud-config.service - etc/systemd/system/system/cloud-init.target.wants/cloud-final.service - etc/systemd/system/system/cloud-init.target.wants/cloud-init-local.service - etc/systemd/system/system/cloud-init.target.wants/cloud-init-main.service - etc/systemd/system/system/cloud-init.target.wants/cloud-init-network.service - etc/systemd/system/system/dbus-org.freedesktop.timesync1.service - etc/systemd/system/system/default.target.wants/wtmpdb-update-boot.service - etc/systemd/system/system/getty.target.wants/getty@tty1.service - etc/systemd/system/system/hibernate.target.wants/grub-common.service - etc/systemd/system/system/hybrid-sleep.target.wants/grub-common.service - etc/systemd/system/system/multi-user.target.wants/chrony.service - etc/systemd/system/system/multi-user.target.wants/console-setup.service - etc/systemd/system/system/multi-user.target.wants/containerd.service - etc/systemd/system/system/multi-user.target.wants/cron.service - etc/systemd/system/system/multi-user.target.wants/docker.service - etc/systemd/system/system/multi-user.target.wants/e2scrub_reap.service - etc/systemd/system/system/multi-user.target.wants/fail2ban.service - etc/systemd/system/system/multi-user.target.wants/grub-common.service - etc/systemd/system/system/multi-user.target.wants/networking.service - etc/systemd/system/system/multi-user.target.wants/nmbd.service - etc/systemd/system/system/multi-user.target.wants/remote-fs.target - etc/systemd/system/system/multi-user.target.wants/rsyslog.service - etc/systemd/system/system/multi-user.target.wants/samba-ad-dc.service - etc/systemd/system/system/multi-user.target.wants/smbd.service - etc/systemd/system/system/multi-user.target.wants/ssh.service - etc/systemd/system/system/multi-user.target.wants/start-containers.service - etc/systemd/system/system/multi-user.target.wants/unattended-upgrades.service - etc/systemd/system/system/multi-user.target.wants/winbind.service - etc/systemd/system/system/multi-user.target.wants/zfs.target - etc/systemd/system/system/network-online.target.wants/networking.service - etc/systemd/system/system/nmb.service - etc/systemd/system/system/samba.service - etc/systemd/system/system/smb.service - etc/systemd/system/system/sockets.target.wants/docker.socket - etc/systemd/system/system/ssh.service.wants/sshd-keygen.service - etc/systemd/system/system/ssh.socket.wants/sshd-keygen.service - etc/systemd/system/system/sshd.service - etc/systemd/system/system/sshd.service.wants/sshd-keygen.service - etc/systemd/system/system/sshd@.service.wants/sshd-keygen.service - etc/systemd/system/system/start-containers.service - etc/systemd/system/system/suspend-then-hibernate.target.wants/grub-common.service - etc/systemd/system/system/suspend.target.wants/grub-common.service - etc/systemd/system/system/sysinit.target.wants/apparmor.service - etc/systemd/system/system/sysinit.target.wants/keyboard-setup.service - etc/systemd/system/system/sysinit.target.wants/resolvconf.service - etc/systemd/system/system/sysinit.target.wants/systemd-pstore.service - etc/systemd/system/system/sysinit.target.wants/systemd-timesyncd.service - etc/systemd/system/system/syslog.service - etc/systemd/system/system/systemd-resolved.service.wants/resolvconf-pull-resolved.path - etc/systemd/system/system/systemd-resolved.service.wants/resolvconf-pull-resolved.service - etc/systemd/system/system/timers.target.wants/apt-daily-upgrade.timer - etc/systemd/system/system/timers.target.wants/apt-daily.timer - etc/systemd/system/system/timers.target.wants/dpkg-db-backup.timer - etc/systemd/system/system/timers.target.wants/e2scrub_all.timer - etc/systemd/system/system/timers.target.wants/fstrim.timer - etc/systemd/system/system/timers.target.wants/logrotate.timer - etc/systemd/system/system/timers.target.wants/man-db.timer - etc/systemd/system/system/zed.service - etc/systemd/system/system/zfs-import.target.wants/zfs-import-cache.service - etc/systemd/system/system/zfs-mount.service.wants/zfs-load-module.service - etc/systemd/system/system/zfs-volumes.target.wants/zfs-volume-wait.service - etc/systemd/system/system/zfs.target.wants/zfs-import.target - etc/systemd/system/system/zfs.target.wants/zfs-load-module.service - etc/systemd/system/system/zfs.target.wants/zfs-mount.service - etc/systemd/system/system/zfs.target.wants/zfs-share.service - etc/systemd/system/system/zfs.target.wants/zfs-volumes.target - etc/systemd/system/system/zfs.target.wants/zfs-zed.service - root/docker/Webproxy/Data/nginx/nginx/auth/.htpasswd - root/docker/Webproxy/Data/nginx/nginx/service.conf - root/docker/dokuwiki/data/conf/conf/acl.auth.php - root/docker/dokuwiki/data/conf/conf/license.php - root/docker/dokuwiki/data/conf/conf/local.php - root/docker/dokuwiki/data/conf/conf/local.php.bak.php - root/docker/dokuwiki/data/conf/conf/plugins.local.php - root/docker/dokuwiki/data/conf/conf/users.auth.php - root/docker/dokuwiki/data/conf/conf/users.auth.php.bak - root/docker/gitea/docker-compose.yml - root/docker/gitea/start.sh - root/docker/traefik/data/letsencrypt/acme.json
2026-03-28 15:30:26 +01:00
parent de4ae83476
commit afeb06a80e
81 changed files with 477 additions and 0 deletions
--- a/root/docker/Webproxy/Data/nginx/nginx/auth/.htpasswd
+++ b/root/docker/Webproxy/Data/nginx/nginx/auth/.htpasswd
@@ -0,0 +1,2 @@
+drawioUser:$2y$05$Ckt.CPSBzFPWkkRhCe3M7eYePnkPVfhfjDcjpw.1Knn7Amh0N.gxq
+
--- a/root/docker/Webproxy/Data/nginx/nginx/service.conf
+++ b/root/docker/Webproxy/Data/nginx/nginx/service.conf
@@ -0,0 +1,171 @@
+
+#/root/docker/Webproxy/Data/nginx/service.conf
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+server {
+  listen 80;
+  server_name service.focus-on-it.net;
+
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name service.focus-on-it.net;
+
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  location / {
+    return 200 "service endpoint\n";
+  }
+}
+
+server {
+  listen 80;
+  server_name dokuwiki.focus-on-it.net;
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name dokuwiki.focus-on-it.net;
+  resolver 127.0.0.11 valid=30s ipv6=off;
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  location / {
+    set $dokuwiki_upstream dokuwiki:8080;
+    proxy_pass http://$dokuwiki_upstream;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port 443;
+  }
+}
+server {
+  listen 80;
+  server_name guacamole.focus-on-it.net;
+
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name guacamole.focus-on-it.net;
+
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  # optional sinnvoll
+  client_max_body_size 50m;
+
+  # Guacamole läuft standardmäßig unter /guacamole/
+  location / {
+    return 302 /guacamole/;
+  }
+
+  location /guacamole/ {
+    proxy_pass http://guacamole:8080/guacamole/;
+    proxy_http_version 1.1;
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port  443;
+
+    # WebSocket für Guacamole Tunnel
+    proxy_set_header Upgrade           $http_upgrade;
+    proxy_set_header Connection        $connection_upgrade;
+
+    proxy_buffering off;
+  }
+}
+server {
+    listen 80;
+    server_name drawio.focus-on-it.net;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name drawio.focus-on-it.net;
+
+    ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+    client_max_body_size 50m;
+
+    location / {
+	auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/auth/.htpasswd;    
+        proxy_pass http://drawio:8080;
+
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 443;
+
+        proxy_read_timeout 300;
+        proxy_send_timeout 300;
+    }
+}
+server {
+    listen 80;
+    server_name nextcloud.focus-on-it.net;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name nextcloud.focus-on-it.net;
+
+    resolver 127.0.0.11 valid=30s ipv6=off;
+
+    ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+    client_max_body_size 10G;
+    proxy_read_timeout 3600;
+    proxy_send_timeout 3600;
+
+    location / {
+        set $nextcloud_upstream nextcloud-nginx:80;
+        proxy_pass http://$nextcloud_upstream;
+
+        proxy_http_version 1.1;
+        proxy_request_buffering off;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}
--- a/root/docker/dokuwiki/data/conf/conf/acl.auth.php
+++ b/root/docker/dokuwiki/data/conf/conf/acl.auth.php
@@ -0,0 +1,17 @@
+# acl.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Access Control Lists
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+*	@ALL	0
+*	micha	16
+it-doku:*	@foit	1
+it-doku:*	@it	16
+knowledgebase:*	@it	16
+rsit:*	@rsit	16
+start	@user	1
+user:username:*	@ALL	1
+user:username:*	@user	1
--- a/root/docker/dokuwiki/data/conf/conf/license.php
+++ b/root/docker/dokuwiki/data/conf/conf/license.php
@@ -0,0 +1 @@
+/var/www/html/conf.core/license.php
--- a/root/docker/dokuwiki/data/conf/conf/local.php
+++ b/root/docker/dokuwiki/data/conf/conf/local.php
@@ -0,0 +1,25 @@
+<?php
+/*
+ * Dokuwiki's Main Configuration File - Local Settings
+ * Auto-generated by config plugin
+ * Run for user: admin
+ * Date: Sun, 08 Mar 2026 06:10:58 +0000
+ */
+
+$conf['title'] = 'Wiki';
+$conf['license'] = '0';
+$conf['basedir'] = '/';
+$conf['baseurl'] = 'https://dokuwiki.focus-on-it.net/';
+$conf['useacl'] = 1;
+$conf['superuser'] = '@admin';
+$conf['disableactions'] = 'register';
+$conf['auth_security_timeout'] = 3600;
+$conf['mailfrom'] = 'Dokuwiki@focus-on-it.net';
+$conf['canonical'] = 1;
+$conf['securecookie'] = 1;
+$conf['plugin']['diagrams']['service_url'] = 'https://embed.diagrams.net/';
+$conf['plugin']['diagrams']['mode'] = '2';
+$conf['plugin']['smtp']['smtp_host'] = 'mail.focus-on-it.net';
+$conf['plugin']['smtp']['smtp_port'] = 587;
+$conf['plugin']['smtp']['smtp_ssl'] = 'tls';
+$conf['plugin']['smtp']['localdomain'] = 'service.focus-on-it.net';
--- a/root/docker/dokuwiki/data/conf/conf/local.php.bak.php
+++ b/root/docker/dokuwiki/data/conf/conf/local.php.bak.php
@@ -0,0 +1,24 @@
+<?php
+/*
+ * Dokuwiki's Main Configuration File - Local Settings
+ * Auto-generated by config plugin
+ * Run for user: admin
+ * Date: Sun, 08 Mar 2026 06:09:16 +0000
+ */
+
+$conf['title'] = 'Wiki';
+$conf['license'] = '0';
+$conf['basedir'] = '/';
+$conf['baseurl'] = 'https://dokuwiki.focus-on-it.net';
+$conf['useacl'] = 1;
+$conf['superuser'] = '@admin';
+$conf['disableactions'] = 'register';
+$conf['auth_security_timeout'] = 3600;
+$conf['mailfrom'] = 'Dokuwiki@focus-on-it.net';
+$conf['canonical'] = 1;
+$conf['plugin']['diagrams']['service_url'] = 'https://app.diagrams.net';
+$conf['plugin']['diagrams']['mode'] = '2';
+$conf['plugin']['smtp']['smtp_host'] = 'mail.focus-on-it.net';
+$conf['plugin']['smtp']['smtp_port'] = 587;
+$conf['plugin']['smtp']['smtp_ssl'] = 'tls';
+$conf['plugin']['smtp']['localdomain'] = 'service.focus-on-it.net';
--- a/root/docker/dokuwiki/data/conf/conf/plugins.local.php
+++ b/root/docker/dokuwiki/data/conf/conf/plugins.local.php
@@ -0,0 +1,12 @@
+<?php
+/*
+ * Local plugin enable/disable settings
+ *
+ * Auto-generated by install script
+ * Date: Sat, 14 Feb 2026 13:16:27 +0000
+ */
+
+$plugins['authad']    = 0;
+$plugins['authldap']  = 0;
+$plugins['authmysql'] = 0;
+$plugins['authpgsql'] = 0;
--- a/root/docker/dokuwiki/data/conf/conf/users.auth.php
+++ b/root/docker/dokuwiki/data/conf/conf/users.auth.php
@@ -0,0 +1,18 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+#
+# Format:
+# login:passwordhash:Real Name:email:groups,comma,separated
+
+admin:$2y$10$jJlC0eW/qKfyZsXxwYlOTuNOpjKzdL32wIFArVbiknOWrjxfwho8e:Admin:Michael.Seidel@focus-on-it.de:admin,user
+dany:$2y$10$id0jpOSPPzQU2Obx5ZMX8eCcqMH1PFQc7dW8XswjbjXzcGkFD/iBi:Daniela Seidel:Daniela.Seidel@focus-on-it.de:user,dany,foit
+micha:$2y$10$8wh6APl35INN752EY3NTM.yy04SZWUzQhrkk040wMX8IFwMiMMrV6:Michael Seidel:Michael.Seidel@focus-on-it.de:user,it,rsit,foit
+matthias:$2y$10$aSQqSxmUKm97IZPqUdEMzug9C1XlZGKcAhFytCO0vveJ9SMxoQahy:Matthias Ruckwied:matthias@ruckwied-it.de:rsit,user
+testuser:$2y$10$RFWOkg5sm5W51pLpgOXLOO.h0PszrYOhFcTxrLkVMtvncCX2nQWWa:Testo:test@focus-on-it.de:user
+testrsit:$2y$10$LmgM9kTY11ynNdNOH6g2qeADFO8GrNiRbFo8lK.lSreiQRi8P9SBy:RSITler:RSIt@focus-on-it.de:rsit,user
--- a/root/docker/dokuwiki/data/conf/conf/users.auth.php.bak
+++ b/root/docker/dokuwiki/data/conf/conf/users.auth.php.bak
@@ -0,0 +1,14 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+#
+# Format:
+# login:passwordhash:Real Name:email:groups,comma,separated
+
+admin:$2y$10$zGnIfotQJ7QVVrsQtBzRy.vbbR3dOPJjNHpPqUjAUrh3nZ/E1SBRG:Admin:Michael.Seidel@focus-on-it.de:admin,user
+micha:$2y$10$vfJ2kebl9bNf9kzfkxzgB.HuMQkyDMBPSOOXcItO6.MLg9wt4rXMO:Michael Seidel:Michael.Seidel@focus-on-it.de:user
--- a/root/docker/gitea/docker-compose.yml
+++ b/root/docker/gitea/docker-compose.yml
@@ -0,0 +1,86 @@
+services:
+  gitea:
+    image: gitea/gitea:1.24.7
+    container_name: gitea
+    restart: unless-stopped
+    depends_on:
+      gitea-db:
+        condition: service_healthy
+
+    environment:
+      - USER_UID=2000
+      - USER_GID=2000
+
+      # Server
+      - GITEA__server__DOMAIN=git.focus-on-it.net
+      - GITEA__server__ROOT_URL=https://git.focus-on-it.net/
+      - GITEA__server__SSH_DOMAIN=git.focus-on-it.net
+      - GITEA__server__SSH_PORT=2222
+      - GITEA__server__SSH_LISTEN_PORT=22
+      - GITEA__server__START_SSH_SERVER=false
+
+      # Datenbank
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=gitea-db:3306
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=STRONG_DB_PASSWORD
+
+    volumes:
+      - gitea:/data
+
+    networks:
+      - webproxy-net
+      - gitea-internal
+
+    ports:
+      - "2222:22"
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=webproxy-net"
+      - "traefik.http.routers.gitea.rule=Host(`git.focus-on-it.net`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=le"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+
+  gitea-db:
+    image: mariadb:11.8
+    container_name: gitea-db
+    restart: unless-stopped
+
+    environment:
+      - MARIADB_ROOT_PASSWORD=STRONG_ROOT_PASSWORD
+      - MARIADB_DATABASE=gitea
+      - MARIADB_USER=gitea
+      - MARIADB_PASSWORD=STRONG_DB_PASSWORD
+
+    command:
+      - --character-set-server=utf8mb4
+      - --collation-server=utf8mb4_unicode_ci
+
+    volumes:
+      - mysql:/var/lib/mysql
+
+    networks:
+      - gitea-internal
+
+    healthcheck:
+      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 20s
+
+volumes:
+  gitea:
+    driver: local
+  mysql:
+    driver: local
+
+networks:
+  webproxy-net:
+    external: true
+  gitea-internal:
+    driver: bridge
--- a/root/docker/gitea/start.sh
+++ b/root/docker/gitea/start.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/gitea/start.sh
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# 1) Name freimachen – egal ob Container von docker run oder compose stammt
+docker rm -f dokuwiki >/dev/null 2>&1 || true
+
+# 2) Falls Compose-Reste existieren, wegräumen (optional, aber sauber)
+docker compose down >/dev/null 2>&1 || true
+
+# 3) Update + Recreate
+docker compose pull
+docker compose up -d --force-recreate --remove-orphans
+
+# 4) Cleanup
+docker image prune -f
--- a/root/docker/traefik/data/letsencrypt/acme.json
+++ b/root/docker/traefik/data/letsencrypt/acme.json
				`@@ -0,0 +1,2 @@`
				`drawioUser:$2y$05$Ckt.CPSBzFPWkkRhCe3M7eYePnkPVfhfjDcjpw.1Knn7Amh0N.gxq`