fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...

deployment/infrastructure/postgresql/README.md

@@ -0,0 +1,114 @@
+# PostgreSQL Stack
+
+Shared PostgreSQL-Datenbank für Application-Stacks (Staging und Production).
+
+## Features
+
+- PostgreSQL 16 für Application-Datenbank
+- Automatische Backups (täglich um 2 Uhr)
+- Backup-Retention (7 Tage)
+- Health Checks
+- Optimierte Performance-Konfiguration
+
+## Voraussetzungen
+
+- Infrastructure Network muss existieren
+- App-Internal Network wird von diesem Stack erstellt
+
+## Setup
+
+### 1. Infrastructure Network erstellen
+
+```bash
+docker network create infrastructure
+```
+
+### 2. Secrets erstellen
+
+```bash
+# PostgreSQL Passwort
+openssl rand -base64 32 > secrets/postgres_password.txt
+chmod 600 secrets/postgres_password.txt
+```
+
+### 3. Stack deployen
+
+```bash
+docker compose up -d
+```
+
+### 4. Datenbanken erstellen
+
+```bash
+# Staging-Datenbank erstellen
+docker compose exec postgres psql -U postgres -c "CREATE DATABASE michaelschiemer_staging;"
+
+# Production-Datenbank existiert bereits (michaelschiemer)
+```
+
+## Networks
+
+**infrastructure:**
+- Externes Network (muss vorher erstellt werden)
+- Für interne Infrastruktur-Kommunikation
+
+**app-internal:**
+- Wird von diesem Stack erstellt
+- Wird von Application-Stacks genutzt
+- Für Application ↔ PostgreSQL Kommunikation
+
+## Volumes
+
+- `postgres-data` - PostgreSQL-Daten (persistent)
+- `postgres-backups` - Automatische Backups
+
+## Datenbanken
+
+- `michaelschiemer` - Production-Datenbank
+- `michaelschiemer_staging` - Staging-Datenbank (muss manuell erstellt werden)
+
+## Backups
+
+Backups werden automatisch täglich um 2 Uhr erstellt und in `/backups` gespeichert.
+
+**Manuelles Backup:**
+```bash
+docker compose exec postgres-backup sh -c "PGPASSWORD=\$(cat /run/secrets/postgres_password) pg_dump -h postgres -U postgres -d michaelschiemer -F c -f /backups/manual_backup_$(date +%Y%m%d_%H%M%S).dump"
+```
+
+**Backup wiederherstellen:**
+```bash
+docker compose exec -T postgres psql -U postgres -d michaelschiemer < backup_file.sql
+```
+
+## Troubleshooting
+
+### PostgreSQL startet nicht
+
+```bash
+# Logs prüfen
+docker compose logs -f postgres
+
+# Volume-Berechtigungen prüfen
+docker compose exec postgres ls -la /var/lib/postgresql/data
+```
+
+### Verbindungsprobleme von Application
+
+1. Prüfe, ob Application im `app-internal` Network ist
+2. Prüfe PostgreSQL-Logs
+3. Prüfe Network-Verbindung:
+   ```bash
+   docker network inspect app-internal
+   ```
+
+### Backup-Probleme
+
+```bash
+# Backup-Logs prüfen
+docker compose logs -f postgres-backup
+
+# Backup-Verzeichnis prüfen
+docker compose exec postgres-backup ls -la /backups
+```
+

deployment/infrastructure/postgresql/docker-compose.yml

@@ -0,0 +1,105 @@
+services:
+  postgres:
+    image: postgres:16-alpine
+    container_name: postgres
+    restart: unless-stopped
+    networks:
+      - infrastructure
+      - app-internal
+    environment:
+      - TZ=Europe/Berlin
+      - POSTGRES_DB=michaelschiemer
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+      - PGDATA=/var/lib/postgresql/data/pgdata
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    secrets:
+      - postgres_password
+    command: >
+      postgres
+      -c max_connections=200
+      -c shared_buffers=256MB
+      -c effective_cache_size=1GB
+      -c maintenance_work_mem=64MB
+      -c checkpoint_completion_target=0.9
+      -c wal_buffers=16MB
+      -c default_statistics_target=100
+      -c random_page_cost=1.1
+      -c effective_io_concurrency=200
+      -c work_mem=4MB
+      -c min_wal_size=1GB
+      -c max_wal_size=4GB
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres -d michaelschiemer"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    shm_size: 256mb
+    deploy:
+      resources:
+        limits:
+          memory: 2G
+        reservations:
+          memory: 512M
+
+  # Automated Backup Service
+  postgres-backup:
+    image: postgres:16-alpine
+    container_name: postgres-backup
+    restart: unless-stopped
+    networks:
+      - app-internal
+    environment:
+      - TZ=Europe/Berlin
+      - POSTGRES_HOST=postgres
+      - POSTGRES_DB=michaelschiemer
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+      - BACKUP_RETENTION_DAYS=7
+      - BACKUP_SCHEDULE=0 2 * * *
+    volumes:
+      - postgres-backups:/backups
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    entrypoint: >
+      sh -c "
+      echo 'Starting PostgreSQL backup service...'
+      while true; do
+        echo \"\$(date): Running backup...\"
+        PGPASSWORD=\$$(cat /run/secrets/postgres_password) pg_dump -h \$$POSTGRES_HOST -U \$$POSTGRES_USER -d \$$POSTGRES_DB -F c -f /backups/backup_\$$(date +%Y%m%d_%H%M%S).dump
+        echo \"\$(date): Backup completed\"
+        # Cleanup old backups
+        find /backups -name 'backup_*.dump' -mtime +\$$BACKUP_RETENTION_DAYS -delete
+        echo \"\$(date): Cleanup completed\"
+        # Wait until next scheduled time
+        sleep 86400
+      done
+      "
+    secrets:
+      - postgres_password
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+networks:
+  infrastructure:
+    external: true
+    name: infrastructure
+  app-internal:
+    external: true
+    name: app-internal
+
+volumes:
+  postgres-data:
+    name: postgres-data
+  postgres-backups:
+    name: postgres-backups
+
+secrets:
+  postgres_password:
+    file: ./secrets/postgres_password.txt
+