Config-Backup 2026-03-28 17:01:42

Geänderte Dateien:
 - root/.ssh/config
 - root/backup-config/backup-config.sh
 - root/backup-config/run-backup-and-push.sh
 - root/backup-config/sources.txt
 - root/dokuwiki_backup/backup_rsit.sh
 - root/dokuwiki_backup/backup_wiki.sh

etc/systemd/system/system/chronyd.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/chrony.service

etc/systemd/system/system/cloud-config.target.wants/cloud-init-hotplugd.socket

@@ -0,0 +1 @@
+/usr/lib/systemd/system/cloud-init-hotplugd.socket

etc/systemd/system/system/cloud-init.target.wants/cloud-config.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/cloud-config.service

etc/systemd/system/system/cloud-init.target.wants/cloud-final.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/cloud-final.service

etc/systemd/system/system/cloud-init.target.wants/cloud-init-local.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/cloud-init-local.service

etc/systemd/system/system/cloud-init.target.wants/cloud-init-main.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/cloud-init-main.service

etc/systemd/system/system/cloud-init.target.wants/cloud-init-network.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/cloud-init-network.service

etc/systemd/system/system/dbus-org.freedesktop.timesync1.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-timesyncd.service

etc/systemd/system/system/default.target.wants/wtmpdb-update-boot.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/wtmpdb-update-boot.service

etc/systemd/system/system/getty.target.wants/getty@tty1.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/getty@.service

etc/systemd/system/system/hibernate.target.wants/grub-common.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/grub-common.service

etc/systemd/system/system/hybrid-sleep.target.wants/grub-common.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/grub-common.service

etc/systemd/system/system/multi-user.target.wants/chrony.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/chrony.service

etc/systemd/system/system/multi-user.target.wants/console-setup.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/console-setup.service

etc/systemd/system/system/multi-user.target.wants/containerd.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/containerd.service

etc/systemd/system/system/multi-user.target.wants/cron.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/cron.service

etc/systemd/system/system/multi-user.target.wants/docker.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/docker.service

etc/systemd/system/system/multi-user.target.wants/e2scrub_reap.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/e2scrub_reap.service

etc/systemd/system/system/multi-user.target.wants/fail2ban.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/fail2ban.service

etc/systemd/system/system/multi-user.target.wants/grub-common.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/grub-common.service

etc/systemd/system/system/multi-user.target.wants/networking.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/networking.service

etc/systemd/system/system/multi-user.target.wants/nmbd.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/nmbd.service

etc/systemd/system/system/multi-user.target.wants/remote-fs.target

@@ -0,0 +1 @@
+/usr/lib/systemd/system/remote-fs.target

etc/systemd/system/system/multi-user.target.wants/rsyslog.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/rsyslog.service

etc/systemd/system/system/multi-user.target.wants/samba-ad-dc.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/samba-ad-dc.service

etc/systemd/system/system/multi-user.target.wants/smbd.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/smbd.service

etc/systemd/system/system/multi-user.target.wants/ssh.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/ssh.service

etc/systemd/system/system/multi-user.target.wants/start-containers.service

@@ -0,0 +1 @@
+/etc/systemd/system/start-containers.service

etc/systemd/system/system/multi-user.target.wants/unattended-upgrades.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/unattended-upgrades.service

etc/systemd/system/system/multi-user.target.wants/winbind.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/winbind.service

etc/systemd/system/system/multi-user.target.wants/zfs.target

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs.target

etc/systemd/system/system/network-online.target.wants/networking.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/networking.service

etc/systemd/system/system/nmb.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/nmbd.service

etc/systemd/system/system/samba.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/samba-ad-dc.service

etc/systemd/system/system/smb.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/smbd.service

etc/systemd/system/system/sockets.target.wants/docker.socket

@@ -0,0 +1 @@
+/usr/lib/systemd/system/docker.socket

etc/systemd/system/system/ssh.service.wants/sshd-keygen.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/sshd-keygen.service

etc/systemd/system/system/ssh.socket.wants/sshd-keygen.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/sshd-keygen.service

etc/systemd/system/system/sshd.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/ssh.service

etc/systemd/system/system/sshd.service.wants/sshd-keygen.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/sshd-keygen.service

etc/systemd/system/system/sshd@.service.wants/sshd-keygen.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/sshd-keygen.service

etc/systemd/system/system/start-containers.service

@@ -0,0 +1,14 @@
+#/etc/systemd/system/start-containers.service
+
+[Unit]
+Description=Update and start containers after Docker starts
+Wants=network-online.target
+After=docker.service network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/root/docker/start.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/system/suspend-then-hibernate.target.wants/grub-common.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/grub-common.service

etc/systemd/system/system/suspend.target.wants/grub-common.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/grub-common.service

etc/systemd/system/system/sysinit.target.wants/apparmor.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/apparmor.service

etc/systemd/system/system/sysinit.target.wants/keyboard-setup.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/keyboard-setup.service

etc/systemd/system/system/sysinit.target.wants/resolvconf.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/resolvconf.service

etc/systemd/system/system/sysinit.target.wants/systemd-pstore.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-pstore.service

etc/systemd/system/system/sysinit.target.wants/systemd-timesyncd.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-timesyncd.service

etc/systemd/system/system/syslog.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/rsyslog.service

etc/systemd/system/system/systemd-resolved.service.wants/resolvconf-pull-resolved.path

@@ -0,0 +1 @@
+/usr/lib/systemd/system/resolvconf-pull-resolved.path

etc/systemd/system/system/systemd-resolved.service.wants/resolvconf-pull-resolved.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/resolvconf-pull-resolved.service

etc/systemd/system/system/timers.target.wants/apt-daily-upgrade.timer

@@ -0,0 +1 @@
+/lib/systemd/system/apt-daily-upgrade.timer

etc/systemd/system/system/timers.target.wants/apt-daily.timer

@@ -0,0 +1 @@
+/lib/systemd/system/apt-daily.timer

etc/systemd/system/system/timers.target.wants/dpkg-db-backup.timer

@@ -0,0 +1 @@
+/lib/systemd/system/dpkg-db-backup.timer

etc/systemd/system/system/timers.target.wants/e2scrub_all.timer

@@ -0,0 +1 @@
+/usr/lib/systemd/system/e2scrub_all.timer

etc/systemd/system/system/timers.target.wants/fstrim.timer

@@ -0,0 +1 @@
+/lib/systemd/system/fstrim.timer

etc/systemd/system/system/timers.target.wants/logrotate.timer

@@ -0,0 +1 @@
+/usr/lib/systemd/system/logrotate.timer

etc/systemd/system/system/timers.target.wants/man-db.timer

@@ -0,0 +1 @@
+/usr/lib/systemd/system/man-db.timer

etc/systemd/system/system/zed.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-zed.service

etc/systemd/system/system/zfs-import.target.wants/zfs-import-cache.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-import-cache.service

etc/systemd/system/system/zfs-mount.service.wants/zfs-load-module.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-load-module.service

etc/systemd/system/system/zfs-volumes.target.wants/zfs-volume-wait.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-volume-wait.service

etc/systemd/system/system/zfs.target.wants/zfs-import.target

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-import.target

etc/systemd/system/system/zfs.target.wants/zfs-load-module.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-load-module.service

etc/systemd/system/system/zfs.target.wants/zfs-mount.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-mount.service

etc/systemd/system/system/zfs.target.wants/zfs-share.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-share.service

etc/systemd/system/system/zfs.target.wants/zfs-volumes.target

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-volumes.target

etc/systemd/system/system/zfs.target.wants/zfs-zed.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/zfs-zed.service

root/.ssh/config

@@ -0,0 +1,5 @@
+Host gitea-internal
+    HostName 127.0.0.1
+    User git
+    Port 2222
+    IdentityFile /root/.ssh/id_ed25519

root/backup-config/backup-config.sh

@@ -0,0 +1,267 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+########################################
+# Einstellungen
+########################################
+
+SOURCE_LIST="/root/backup-config/sources.txt"
+BACKUP_ROOT="/root/backup-config/backup"
+LOGFILE="/var/log/backup-config.log"
+
+# Git
+USE_GIT="yes"
+GIT_BRANCH="DockerDMZ_Configfiles"
+
+# Verzeichnisse, die automatisch nach Config-Dateien durchsucht werden
+AUTO_SCAN_DIRS=(
+  "/root/docker"
+)
+
+# Dateitypen, die automatisch erkannt werden
+AUTO_FILE_TYPES=(
+  "*.sh"
+  "*.yml"
+  "*.yaml"
+  "*.env"
+  "*.conf"
+  "*.cnf"
+  "*.ini"
+  "*.json"
+  "*.toml"
+  "*.service"
+  "Dockerfile"
+  "docker-compose.yml"
+  "compose.yml"
+)
+
+# Pfade, die beim automatischen Scan ausgeschlossen werden
+EXCLUDES=(
+  "*/data/pages/*"
+  "*/data/media/*"
+  "*/data/cache/*"
+  "*/data/tmp/*"
+  "*/logs/*"
+  "*/log/*"
+  "*/db/*"
+  "*/database/*"
+  "*/mysql/*"
+  "*/mariadb/*"
+  "*/postgres/*"
+  "*/redis/*"
+  "*/.git/*"
+)
+
+########################################
+# Logging
+########################################
+
+log() {
+  printf '%s %s\n' "$(date '+%F %T')" "$1" | tee -a "$LOGFILE"
+}
+
+########################################
+# Hilfsfunktionen
+########################################
+
+is_excluded() {
+  local path="$1"
+  local ex
+
+  for ex in "${EXCLUDES[@]}"; do
+    if [[ "$path" == $ex ]]; then
+      return 0
+    fi
+  done
+
+  return 1
+}
+
+copy_path() {
+  local src="$1"
+  local rel
+  local dst
+
+  if is_excluded "$src"; then
+    log "SKIP (exclude): $src"
+    return 0
+  fi
+
+  if [[ -f "$src" ]]; then
+    rel="${src#/}"
+    dst="$BACKUP_ROOT/$rel"
+
+    mkdir -p "$(dirname "$dst")"
+    cp -a "$src" "$dst"
+    log "OK (FILE): $src -> $dst"
+    return 0
+  fi
+
+  if [[ -d "$src" ]]; then
+    rel="${src#/}"
+    dst="$BACKUP_ROOT/$rel"
+
+    mkdir -p "$(dirname "$dst")"
+    cp -a "$src" "$dst"
+    log "OK (DIR): $src -> $dst"
+    return 0
+  fi
+
+  log "WARN: Pfad nicht gefunden: $src"
+  return 1
+}
+
+########################################
+# Automatischer Scan
+########################################
+
+auto_scan() {
+  local dir
+  local file
+  local find_expr=()
+
+  log "INFO: Starte automatischen Scan"
+
+  # find-Ausdruck für Dateitypen bauen
+  for pattern in "${AUTO_FILE_TYPES[@]}"; do
+    find_expr+=( -name "$pattern" -o )
+  done
+  unset 'find_expr[${#find_expr[@]}-1]'
+
+  for dir in "${AUTO_SCAN_DIRS[@]}"; do
+    if [[ ! -d "$dir" ]]; then
+      log "WARN: Auto-Scan-Verzeichnis fehlt: $dir"
+      continue
+    fi
+
+    while IFS= read -r file; do
+      if is_excluded "$file"; then
+        log "SKIP (exclude): $file"
+        continue
+      fi
+      copy_path "$file" || true
+    done < <(
+      find "$dir" -type f \( "${find_expr[@]}" \) 2>/dev/null | sort -u
+    )
+  done
+}
+
+########################################
+# Git
+########################################
+
+git_prepare_repo() {
+  if [[ "$USE_GIT" != "yes" ]]; then
+    return 0
+  fi
+
+  if ! command -v git >/dev/null 2>&1; then
+    log "ERROR: Git ist nicht installiert"
+    return 1
+  fi
+
+  mkdir -p "$BACKUP_ROOT"
+
+  if [[ ! -d "$BACKUP_ROOT/.git" ]]; then
+    log "INFO: Git-Repository wird initialisiert"
+    git -C "$BACKUP_ROOT" init
+  fi
+
+  # Benutzerinfo prüfen
+  if ! git -C "$BACKUP_ROOT" config user.name >/dev/null; then
+    log "WARN: Git user.name ist im Repository nicht gesetzt"
+  fi
+
+  if ! git -C "$BACKUP_ROOT" config user.email >/dev/null; then
+    log "WARN: Git user.email ist im Repository nicht gesetzt"
+  fi
+}
+
+git_checkout_branch() {
+  local branch="$1"
+
+  if [[ "$USE_GIT" != "yes" ]]; then
+    return 0
+  fi
+
+  if [[ -z "$branch" ]]; then
+    return 0
+  fi
+
+  if git -C "$BACKUP_ROOT" show-ref --verify --quiet "refs/heads/$branch"; then
+    git -C "$BACKUP_ROOT" checkout "$branch" >/dev/null 2>&1
+    log "INFO: Git-Branch aktiviert: $branch"
+    return 0
+  fi
+
+  # Wenn noch gar kein Commit existiert, zuerst initialen Commit anlegen
+  if ! git -C "$BACKUP_ROOT" rev-parse --verify HEAD >/dev/null 2>&1; then
+    git -C "$BACKUP_ROOT" add -A
+    if ! git -C "$BACKUP_ROOT" diff --cached --quiet; then
+      git -C "$BACKUP_ROOT" commit -m "Initial backup import"
+      log "INFO: Initialer Commit erstellt"
+    fi
+  fi
+
+  git -C "$BACKUP_ROOT" checkout -b "$branch" >/dev/null 2>&1
+  log "INFO: Git-Branch erstellt und aktiviert: $branch"
+}
+
+git_commit_changes() {
+  local changed_files
+  local commit_msg
+
+  if [[ "$USE_GIT" != "yes" ]]; then
+    return 0
+  fi
+
+  git -C "$BACKUP_ROOT" add -A
+
+  if git -C "$BACKUP_ROOT" diff --cached --quiet; then
+    log "INFO: Keine Änderungen für Git"
+    return 0
+  fi
+
+  changed_files="$(git -C "$BACKUP_ROOT" diff --cached --name-only | sed 's#^# - #' || true)"
+
+  commit_msg=$(
+    cat <<EOF
+Config-Backup $(date '+%F %T')
+
+Geänderte Dateien:
+$changed_files
+EOF
+  )
+
+  git -C "$BACKUP_ROOT" commit -m "$commit_msg"
+  log "OK: Git-Commit erstellt"
+}
+
+########################################
+# Hauptlogik
+########################################
+
+main() {
+  mkdir -p "$BACKUP_ROOT"
+
+  if [[ -f "$SOURCE_LIST" ]]; then
+    log "INFO: Lese Source-Liste: $SOURCE_LIST"
+    while IFS= read -r line || [[ -n "$line" ]]; do
+      [[ -z "${line// }" ]] && continue
+      [[ "$line" =~ ^[[:space:]]*# ]] && continue
+      copy_path "$line" || true
+    done < "$SOURCE_LIST"
+  else
+    log "WARN: Source-Liste fehlt: $SOURCE_LIST"
+  fi
+
+  auto_scan
+
+  git_prepare_repo
+  git_checkout_branch "$GIT_BRANCH"
+  git_commit_changes
+
+  log "INFO: Lauf abgeschlossen"
+}
+
+main

root/backup-config/run-backup-and-push.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+BASE_DIR="/root/backup-config"
+BACKUP_DIR="$BASE_DIR/backup"
+BACKUP_SCRIPT="$BASE_DIR/backup-config.sh"
+LOGFILE="/var/log/backup-config-run.log"
+BRANCH="DockerDMZ_Configfiles"
+
+log() {
+  printf '%s %s\n' "$(date '+%F %T')" "$1" | tee -a "$LOGFILE"
+}
+
+main() {
+  if [[ ! -x "$BACKUP_SCRIPT" ]]; then
+    echo "Backup-Skript nicht gefunden oder nicht ausführbar: $BACKUP_SCRIPT" >&2
+    exit 1
+  fi
+
+  mkdir -p "$BACKUP_DIR"
+
+  log "INFO: Starte Backup"
+  "$BACKUP_SCRIPT"
+  log "INFO: Backup beendet"
+
+  cd "$BACKUP_DIR"
+
+  if ! command -v git >/dev/null 2>&1; then
+    log "ERROR: Git ist nicht installiert"
+    exit 1
+  fi
+
+  if [[ ! -d .git ]]; then
+    log "INFO: Git-Repository wird initialisiert"
+    git init
+  fi
+
+  # Branch aktivieren oder anlegen
+  if git show-ref --verify --quiet "refs/heads/$BRANCH"; then
+    git checkout "$BRANCH" >/dev/null 2>&1
+    log "INFO: Git-Branch aktiviert: $BRANCH"
+  else
+    if git rev-parse --verify HEAD >/dev/null 2>&1; then
+      git checkout -b "$BRANCH" >/dev/null 2>&1
+    else
+      git checkout --orphan "$BRANCH" >/dev/null 2>&1
+    fi
+    log "INFO: Git-Branch erstellt: $BRANCH"
+  fi
+
+  git add -A
+
+  if git diff --cached --quiet; then
+    log "INFO: Keine neuen Dateiinhalte für Commit"
+  else
+    git commit -m "Config-Backup $(hostname) $(date '+%F %T')"
+    log "INFO: Commit erstellt"
+  fi
+
+  if ! git remote get-url origin >/dev/null 2>&1; then
+    log "WARN: Kein Remote 'origin' konfiguriert, Push übersprungen"
+    exit 0
+  fi
+
+  # Remote-Infos aktualisieren
+  git fetch origin "$BRANCH" >/dev/null 2>&1 || true
+
+  # Falls der Remote-Branch noch nicht existiert
+  if ! git ls-remote --exit-code --heads origin "$BRANCH" >/dev/null 2>&1; then
+    git push -u origin "$BRANCH"
+    log "INFO: Initialer Push des Branches erfolgreich"
+    exit 0
+  fi
+
+  # Prüfen, ob lokale Commits noch nicht gepusht wurden
+  AHEAD_COUNT="$(git rev-list --count "origin/$BRANCH..$BRANCH" 2>/dev/null || echo 0)"
+
+  if [[ "$AHEAD_COUNT" -gt 0 ]]; then
+    git push origin "$BRANCH"
+    log "INFO: Push erfolgreich ($AHEAD_COUNT lokale Commits übertragen)"
+  else
+    log "INFO: Kein Push nötig, Remote ist aktuell"
+  fi
+}
+
+main

root/backup-config/sources.txt

@@ -0,0 +1,44 @@
+#systembasis
+/etc/network/interfaces
+/etc/hosts
+/etc/fstab
+/etc/samba/smb.conf
+/etc/systemd/system
+/root/backup-config/backup-config.sh
+/root/backup-config/run-backup-and-push.sh
+/root/backup-config/sources.txt
+/root/.ssh/config
+/root/dokuwiki_backup/backup_rsit.sh
+/root/dokuwiki_backup/backup_wiki.sh
+
+
+#traefik
+/root/docker/traefik/data/traefik.yml
+/root/docker/traefik/start.sh
+/root/docker/traefik/data/dynamic/middlewares.yml
+/root/docker/traefik/data/traefik.yml
+/root/docker/traefik/data/dynamic
+
+#dokuwiki
+/root/docker/dokuwiki/docker-compose.yml
+/root/docker/dokuwiki/start.sh
+/root/docker/dokuwiki/data/conf
+
+#Webroxy
+/root/docker/Webproxy/start.sh
+/root/docker/Webproxy/docker-compose.yml
+/root/docker/Webproxy/certbot.sh
+/root/docker/Webproxy/Data/nginx/
+
+#nextcloud
+/root/docker/nextcloud/start.sh
+/root/docker/nextcloud/docker-compose.yml
+/root/docker/nextcloud/Dockerfile
+/root/docker/nextcloud/data/nginx/nginx.conf
+/root/docker/nextcloud/.env
+/srv/nextcloud-data-local/nextcloud/config/config.php
+
+#Gitea
+/root/docker/gitea/data/gitea/conf/app.ini
+/root/docker/gitea/docker-compose.yml
+/root/docker/gitea/start.sh

root/docker/Webproxy/Data/nginx/nginx/auth/.htpasswd

@@ -0,0 +1,2 @@
+drawioUser:$2y$05$Ckt.CPSBzFPWkkRhCe3M7eYePnkPVfhfjDcjpw.1Knn7Amh0N.gxq
+

root/docker/Webproxy/Data/nginx/nginx/service.conf

@@ -0,0 +1,171 @@
+
+#/root/docker/Webproxy/Data/nginx/service.conf
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+server {
+  listen 80;
+  server_name service.focus-on-it.net;
+
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name service.focus-on-it.net;
+
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  location / {
+    return 200 "service endpoint\n";
+  }
+}
+
+server {
+  listen 80;
+  server_name dokuwiki.focus-on-it.net;
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name dokuwiki.focus-on-it.net;
+  resolver 127.0.0.11 valid=30s ipv6=off;
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  location / {
+    set $dokuwiki_upstream dokuwiki:8080;
+    proxy_pass http://$dokuwiki_upstream;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port 443;
+  }
+}
+server {
+  listen 80;
+  server_name guacamole.focus-on-it.net;
+
+  location /.well-known/acme-challenge/ { root /var/www/certbot; }
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl;
+  server_name guacamole.focus-on-it.net;
+
+  ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+  # optional sinnvoll
+  client_max_body_size 50m;
+
+  # Guacamole läuft standardmäßig unter /guacamole/
+  location / {
+    return 302 /guacamole/;
+  }
+
+  location /guacamole/ {
+    proxy_pass http://guacamole:8080/guacamole/;
+    proxy_http_version 1.1;
+
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port  443;
+
+    # WebSocket für Guacamole Tunnel
+    proxy_set_header Upgrade           $http_upgrade;
+    proxy_set_header Connection        $connection_upgrade;
+
+    proxy_buffering off;
+  }
+}
+server {
+    listen 80;
+    server_name drawio.focus-on-it.net;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name drawio.focus-on-it.net;
+
+    ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+    client_max_body_size 50m;
+
+    location / {
+	auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/auth/.htpasswd;    
+        proxy_pass http://drawio:8080;
+
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 443;
+
+        proxy_read_timeout 300;
+        proxy_send_timeout 300;
+    }
+}
+server {
+    listen 80;
+    server_name nextcloud.focus-on-it.net;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name nextcloud.focus-on-it.net;
+
+    resolver 127.0.0.11 valid=30s ipv6=off;
+
+    ssl_certificate     /etc/letsencrypt/live/service.focus-on-it.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/service.focus-on-it.net/privkey.pem;
+
+    client_max_body_size 10G;
+    proxy_read_timeout 3600;
+    proxy_send_timeout 3600;
+
+    location / {
+        set $nextcloud_upstream nextcloud-nginx:80;
+        proxy_pass http://$nextcloud_upstream;
+
+        proxy_http_version 1.1;
+        proxy_request_buffering off;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port 443;
+    }
+}

root/docker/dokuwiki/data/conf/conf/acl.auth.php

@@ -0,0 +1,17 @@
+# acl.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Access Control Lists
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+*	@ALL	0
+*	micha	16
+it-doku:*	@foit	1
+it-doku:*	@it	16
+knowledgebase:*	@it	16
+rsit:*	@rsit	16
+start	@user	1
+user:username:*	@ALL	1
+user:username:*	@user	1

root/docker/dokuwiki/data/conf/conf/license.php

@@ -0,0 +1 @@
+/var/www/html/conf.core/license.php

root/docker/dokuwiki/data/conf/conf/local.php

@@ -0,0 +1,25 @@
+<?php
+/*
+ * Dokuwiki's Main Configuration File - Local Settings
+ * Auto-generated by config plugin
+ * Run for user: admin
+ * Date: Sun, 08 Mar 2026 06:10:58 +0000
+ */
+
+$conf['title'] = 'Wiki';
+$conf['license'] = '0';
+$conf['basedir'] = '/';
+$conf['baseurl'] = 'https://dokuwiki.focus-on-it.net/';
+$conf['useacl'] = 1;
+$conf['superuser'] = '@admin';
+$conf['disableactions'] = 'register';
+$conf['auth_security_timeout'] = 3600;
+$conf['mailfrom'] = 'Dokuwiki@focus-on-it.net';
+$conf['canonical'] = 1;
+$conf['securecookie'] = 1;
+$conf['plugin']['diagrams']['service_url'] = 'https://embed.diagrams.net/';
+$conf['plugin']['diagrams']['mode'] = '2';
+$conf['plugin']['smtp']['smtp_host'] = 'mail.focus-on-it.net';
+$conf['plugin']['smtp']['smtp_port'] = 587;
+$conf['plugin']['smtp']['smtp_ssl'] = 'tls';
+$conf['plugin']['smtp']['localdomain'] = 'service.focus-on-it.net';

root/docker/dokuwiki/data/conf/conf/local.php.bak.php

@@ -0,0 +1,24 @@
+<?php
+/*
+ * Dokuwiki's Main Configuration File - Local Settings
+ * Auto-generated by config plugin
+ * Run for user: admin
+ * Date: Sun, 08 Mar 2026 06:09:16 +0000
+ */
+
+$conf['title'] = 'Wiki';
+$conf['license'] = '0';
+$conf['basedir'] = '/';
+$conf['baseurl'] = 'https://dokuwiki.focus-on-it.net';
+$conf['useacl'] = 1;
+$conf['superuser'] = '@admin';
+$conf['disableactions'] = 'register';
+$conf['auth_security_timeout'] = 3600;
+$conf['mailfrom'] = 'Dokuwiki@focus-on-it.net';
+$conf['canonical'] = 1;
+$conf['plugin']['diagrams']['service_url'] = 'https://app.diagrams.net';
+$conf['plugin']['diagrams']['mode'] = '2';
+$conf['plugin']['smtp']['smtp_host'] = 'mail.focus-on-it.net';
+$conf['plugin']['smtp']['smtp_port'] = 587;
+$conf['plugin']['smtp']['smtp_ssl'] = 'tls';
+$conf['plugin']['smtp']['localdomain'] = 'service.focus-on-it.net';

root/docker/dokuwiki/data/conf/conf/plugins.local.php

@@ -0,0 +1,12 @@
+<?php
+/*
+ * Local plugin enable/disable settings
+ *
+ * Auto-generated by install script
+ * Date: Sat, 14 Feb 2026 13:16:27 +0000
+ */
+
+$plugins['authad']    = 0;
+$plugins['authldap']  = 0;
+$plugins['authmysql'] = 0;
+$plugins['authpgsql'] = 0;

root/docker/dokuwiki/data/conf/conf/users.auth.php

@@ -0,0 +1,18 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+#
+# Format:
+# login:passwordhash:Real Name:email:groups,comma,separated
+
+admin:$2y$10$jJlC0eW/qKfyZsXxwYlOTuNOpjKzdL32wIFArVbiknOWrjxfwho8e:Admin:Michael.Seidel@focus-on-it.de:admin,user
+dany:$2y$10$id0jpOSPPzQU2Obx5ZMX8eCcqMH1PFQc7dW8XswjbjXzcGkFD/iBi:Daniela Seidel:Daniela.Seidel@focus-on-it.de:user,dany,foit
+micha:$2y$10$8wh6APl35INN752EY3NTM.yy04SZWUzQhrkk040wMX8IFwMiMMrV6:Michael Seidel:Michael.Seidel@focus-on-it.de:user,it,rsit,foit
+matthias:$2y$10$aSQqSxmUKm97IZPqUdEMzug9C1XlZGKcAhFytCO0vveJ9SMxoQahy:Matthias Ruckwied:matthias@ruckwied-it.de:rsit,user
+testuser:$2y$10$RFWOkg5sm5W51pLpgOXLOO.h0PszrYOhFcTxrLkVMtvncCX2nQWWa:Testo:test@focus-on-it.de:user
+testrsit:$2y$10$LmgM9kTY11ynNdNOH6g2qeADFO8GrNiRbFo8lK.lSreiQRi8P9SBy:RSITler:RSIt@focus-on-it.de:rsit,user

root/docker/dokuwiki/data/conf/conf/users.auth.php.bak

@@ -0,0 +1,14 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Auto-generated by install script
+# Date: Sat, 14 Feb 2026 13:16:27 +0000
+#
+# Format:
+# login:passwordhash:Real Name:email:groups,comma,separated
+
+admin:$2y$10$zGnIfotQJ7QVVrsQtBzRy.vbbR3dOPJjNHpPqUjAUrh3nZ/E1SBRG:Admin:Michael.Seidel@focus-on-it.de:admin,user
+micha:$2y$10$vfJ2kebl9bNf9kzfkxzgB.HuMQkyDMBPSOOXcItO6.MLg9wt4rXMO:Michael Seidel:Michael.Seidel@focus-on-it.de:user

root/docker/gitea/docker-compose.yml

@@ -0,0 +1,86 @@
+services:
+  gitea:
+    image: gitea/gitea:1.24.7
+    container_name: gitea
+    restart: unless-stopped
+    depends_on:
+      gitea-db:
+        condition: service_healthy
+
+    environment:
+      - USER_UID=2000
+      - USER_GID=2000
+
+      # Server
+      - GITEA__server__DOMAIN=git.focus-on-it.net
+      - GITEA__server__ROOT_URL=https://git.focus-on-it.net/
+      - GITEA__server__SSH_DOMAIN=git.focus-on-it.net
+      - GITEA__server__SSH_PORT=2222
+      - GITEA__server__SSH_LISTEN_PORT=22
+      - GITEA__server__START_SSH_SERVER=false
+
+      # Datenbank
+      - GITEA__database__DB_TYPE=mysql
+      - GITEA__database__HOST=gitea-db:3306
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=STRONG_DB_PASSWORD
+
+    volumes:
+      - gitea:/data
+
+    networks:
+      - webproxy-net
+      - gitea-internal
+
+    ports:
+      - "2222:22"
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=webproxy-net"
+      - "traefik.http.routers.gitea.rule=Host(`git.focus-on-it.net`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=le"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+
+  gitea-db:
+    image: mariadb:11.8
+    container_name: gitea-db
+    restart: unless-stopped
+
+    environment:
+      - MARIADB_ROOT_PASSWORD=STRONG_ROOT_PASSWORD
+      - MARIADB_DATABASE=gitea
+      - MARIADB_USER=gitea
+      - MARIADB_PASSWORD=STRONG_DB_PASSWORD
+
+    command:
+      - --character-set-server=utf8mb4
+      - --collation-server=utf8mb4_unicode_ci
+
+    volumes:
+      - mysql:/var/lib/mysql
+
+    networks:
+      - gitea-internal
+
+    healthcheck:
+      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 20s
+
+volumes:
+  gitea:
+    driver: local
+  mysql:
+    driver: local
+
+networks:
+  webproxy-net:
+    external: true
+  gitea-internal:
+    driver: bridge

root/docker/gitea/start.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+#/root/docker/gitea/start.sh
+# Einheits Start.sh
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# 1) Name freimachen – egal ob Container von docker run oder compose stammt
+docker rm -f dokuwiki >/dev/null 2>&1 || true
+
+# 2) Falls Compose-Reste existieren, wegräumen (optional, aber sauber)
+docker compose down >/dev/null 2>&1 || true
+
+# 3) Update + Recreate
+docker compose pull
+docker compose up -d --force-recreate --remove-orphans
+
+# 4) Cleanup
+docker image prune -f

root/dokuwiki_backup/backup_rsit.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -euo pipefail
+
+# ===== Konfiguration =====
+SOURCE="/root/docker/dokuwiki/data"          # Root von DokuWiki (enthält data/)
+BACKUPDIR="/root/dokuwiki_backup"
+REMOTE_USER="backupuser"
+REMOTE_HOST="backupserver"
+REMOTE_PATH="/remote/backup/path"
+RETENTION_DAYS=14
+
+DATE=$(date +%F)
+ARCHIVE="dokuwiki-rsit-$DATE.tar.gz"
+HASHFILE="$ARCHIVE.sha256"
+
+# Nur diese Teilpfade sichern (relativ zu $SOURCE)
+INCLUDE_PATHS=(
+  "data/meta/rsit"
+  "data/media/rsit"
+  "data/pages/rsit"
+)
+
+# ===== Vorbereitung =====
+mkdir -p "$BACKUPDIR"
+
+# ===== Prüfen, ob alle Pfade existieren (sonst hart abbrechen) =====
+for p in "${INCLUDE_PATHS[@]}"; do
+  if [[ ! -d "$SOURCE/$p" ]]; then
+    echo "FEHLER: Verzeichnis fehlt: $SOURCE/$p" >&2
+    exit 1
+  fi
+done
+
+# ===== Archiv erstellen (Struktur bleibt erhalten) =====
+tar -czf "$BACKUPDIR/$ARCHIVE" -C "$SOURCE" "${INCLUDE_PATHS[@]}"
+
+# ===== Hash erzeugen =====
+cd "$BACKUPDIR"
+sha256sum "$ARCHIVE" > "$HASHFILE"
+
+# ===== Upload =====
+#rsync -avz "$ARCHIVE" "$HASHFILE" \
+#  "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/"
+
+# ===== Alte Backups lokal löschen =====
+find "$BACKUPDIR" -type f -mtime +"$RETENTION_DAYS" -name "dokuwiki-rsit-*.tar.gz" -delete
+find "$BACKUPDIR" -type f -mtime +"$RETENTION_DAYS" -name "dokuwiki-rsit-*.sha256" -delete

root/dokuwiki_backup/backup_wiki.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+set -euo pipefail
+
+# ===== Konfiguration =====
+SOURCE="/root/docker/dokuwiki"
+BACKUPDIR="/root/dokuwiki_backup"
+REMOTE_USER="backupuser"
+REMOTE_HOST="backupserver"
+REMOTE_PATH="/remote/backup/path"
+RETENTION_DAYS=14
+
+DATE=$(date +%F)
+ARCHIVE="dokuwiki-$DATE.tar.gz"
+HASHFILE="$ARCHIVE.sha256"
+
+# ===== Vorbereitung =====
+mkdir -p "$BACKUPDIR"
+
+# ===== Archiv erstellen =====
+tar -czf "$BACKUPDIR/$ARCHIVE" \
+    -C "$SOURCE" data 
+
+# ===== Hash erzeugen =====
+cd "$BACKUPDIR"
+sha256sum "$ARCHIVE" > "$HASHFILE"
+
+# ===== Upload =====
+# rsync -avz "$ARCHIVE" "$HASHFILE" \
+#    "${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/"
+
+# ===== Alte Backups lokal löschen =====
+find "$BACKUPDIR" -type f -mtime +"$RETENTION_DAYS" -name "dokuwiki-*.tar.gz" -delete
+find "$BACKUPDIR" -type f -mtime +"$RETENTION_DAYS" -name "dokuwiki-*.sha256" -delete