fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...

deployment/infrastructure/gitea/README.md

@@ -0,0 +1,105 @@
+# Gitea Stack
+
+Self-hosted Git Server mit PostgreSQL Backend und Redis Cache.
+
+## Features
+
+- Gitea Git Server
+- PostgreSQL 16 als Datenbank-Backend
+- Redis 7 für Cache und Sessions
+- Traefik Integration für SSL
+- Persistent Volumes für Daten
+
+## Voraussetzungen
+
+- Traefik Stack muss laufen (für SSL)
+- Infrastructure Network muss existieren
+- DNS-Eintrag für `git.michaelschiemer.de`
+
+## Setup
+
+### 1. Infrastructure Network erstellen
+
+```bash
+docker network create infrastructure
+```
+
+### 2. Secrets erstellen
+
+```bash
+# PostgreSQL Passwort für Gitea
+openssl rand -base64 32 > secrets/postgres_password.txt
+chmod 600 secrets/postgres_password.txt
+
+# Redis Passwort
+openssl rand -base64 32 > secrets/redis_password.txt
+chmod 600 secrets/redis_password.txt
+```
+
+### 3. Stack deployen
+
+```bash
+docker compose up -d
+```
+
+### 4. Initial Setup
+
+Nach dem ersten Start:
+1. Öffne https://git.michaelschiemer.de
+2. Führe das Initial Setup durch
+3. Erstelle Admin-User
+
+## Networks
+
+**traefik-public:**
+- Externes Network (von Traefik erstellt)
+- Für externe Zugriffe via Traefik
+
+**infrastructure:**
+- Externes Network (muss vorher erstellt werden)
+- Für interne Kommunikation zwischen Gitea, PostgreSQL und Redis
+
+## Volumes
+
+- `gitea-data` - Gitea-Daten (Repositories, Konfiguration)
+- `gitea-postgres-data` - PostgreSQL-Daten für Gitea
+- `gitea-redis-data` - Redis-Daten für Gitea
+
+## Konfiguration
+
+Gitea-Konfiguration wird in `/data/gitea/conf/app.ini` gespeichert.
+
+Für Änderungen:
+```bash
+docker compose exec gitea vi /data/gitea/conf/app.ini
+docker compose restart gitea
+```
+
+## Troubleshooting
+
+### Gitea startet nicht
+
+```bash
+# Logs prüfen
+docker compose logs -f gitea
+
+# PostgreSQL-Verbindung prüfen
+docker compose exec postgres pg_isready -U gitea
+```
+
+### SSL-Zertifikat wird nicht erstellt
+
+1. Prüfe Traefik-Logs
+2. Prüfe DNS-Eintrag für `git.michaelschiemer.de`
+3. Prüfe Traefik Labels
+
+### Redis-Verbindungsprobleme
+
+```bash
+# Redis-Logs prüfen
+docker compose logs redis
+
+# Redis-Verbindung testen
+docker compose exec redis redis-cli -a $(cat secrets/redis_password.txt) ping
+```
+

deployment/infrastructure/gitea/docker-compose.yml

@@ -0,0 +1,120 @@
+services:
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    networks:
+      - traefik-public
+      - infrastructure
+    environment:
+      - TZ=Europe/Berlin
+      - USER_UID=1000
+      - USER_GID=1000
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+    volumes:
+      - gitea-data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    secrets:
+      - postgres_password
+    labels:
+      - "traefik.enable=true"
+      
+      # HTTP Router configuration
+      - "traefik.http.routers.gitea.rule=Host(`git.michaelschiemer.de`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.gitea.priority=100"
+      
+      # Service configuration
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      
+      # X-Forwarded-Proto header
+      - "traefik.http.middlewares.gitea-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.gitea.middlewares=gitea-headers@docker"
+      - "traefik.http.routers.gitea.service=gitea"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  postgres:
+    image: postgres:16-alpine
+    container_name: gitea-postgres
+    restart: unless-stopped
+    networks:
+      - infrastructure
+    environment:
+      - TZ=Europe/Berlin
+      - POSTGRES_DB=gitea
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+    command: >
+      postgres
+      -c max_connections=300
+      -c authentication_timeout=180
+      -c statement_timeout=30000
+      -c idle_in_transaction_session_timeout=30000
+    volumes:
+      - gitea-postgres-data:/var/lib/postgresql/data
+    secrets:
+      - postgres_password
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U gitea -d gitea"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  redis:
+    image: redis:7-alpine
+    container_name: gitea-redis
+    restart: unless-stopped
+    networks:
+      - infrastructure
+    environment:
+      - TZ=Europe/Berlin
+    command: >
+      redis-server
+      --appendonly yes
+      --maxmemory 512mb
+      --maxmemory-policy allkeys-lru
+    volumes:
+      - gitea-redis-data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+networks:
+  traefik-public:
+    external: true
+    name: traefik-public
+  infrastructure:
+    external: true
+    name: infrastructure
+
+volumes:
+  gitea-data:
+    name: gitea-data
+  gitea-postgres-data:
+    name: gitea-postgres-data
+  gitea-redis-data:
+    name: gitea-redis-data
+
+secrets:
+  postgres_password:
+    file: ./secrets/postgres_password.txt
+  redis_password:
+    file: ./secrets/redis_password.txt
+