9289344379
feat(gitea): Migrate configuration from environment variables to app.ini
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 1m12s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
🧊 Warm Docker Build Cache / Refresh Buildx Caches (push) Has been cancelled
Security Vulnerability Scan / Check for Dependency Changes (push) Successful in 25s
System Maintenance / Run Ansible System Maintenance (push) Successful in 1m8s
📊 Monitor Workflow Performance / Monitor Workflow Performance (push) Failing after 35s
Security Vulnerability Scan / Composer Security Audit (push) Failing after 27s
- Move all Gitea configuration from docker-compose.yml environment variables to app.ini
- Enable Redis cache with proper connection string format (redis://)
- Fix Redis password to use Gitea Redis instance password (gitea_redis_password) instead of application Redis stack password
- Add database connection pool settings to prevent timeout errors
- Configure Redis for cache, session, and queue using app.ini
- Update Ansible task to use correct Redis password for Gitea Redis instance
Benefits:
- Cache now works correctly (environment variables had a bug in Gitea 1.25)
- All settings are versioned in Git
- Better maintainability and reliability
- Configuration follows Gitea documentation recommendations
2025-11-09 16:33:35 +01:00
36ef2a1e2c
fix: Gitea Traefik routing and connection pool optimization
...
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling
Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00
e8a26d7807
test: CI/CD pipeline staging test - Redis aktiviert, Bad Gateway dokumentiert
2025-11-07 20:54:44 +01:00
95147ff23e
refactor(deployment): Remove WireGuard VPN dependency and restore public service access
...
Remove WireGuard integration from production deployment to simplify infrastructure:
- Remove docker-compose-direct-access.yml (VPN-bound services)
- Remove VPN-only middlewares from Grafana, Prometheus, Portainer
- Remove WireGuard middleware definitions from Traefik
- Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers
All monitoring services now publicly accessible via subdomains:
- grafana.michaelschiemer.de (with Grafana native auth)
- prometheus.michaelschiemer.de (with Basic Auth)
- portainer.michaelschiemer.de (with Portainer native auth)
All services use Let's Encrypt SSL certificates via Traefik.
2025-11-05 12:48:25 +01:00
24cbbccf4c
feat: update deployment configuration and encrypted env loader
...
- Update Ansible playbooks and roles for application deployment
- Add new Gitea/Traefik troubleshooting playbooks
- Update Docker Compose configurations (base, local, staging, production)
- Enhance EncryptedEnvLoader with improved error handling
- Add deployment scripts (autossh setup, migration, secret testing)
- Update CI/CD workflows and documentation
- Add Semaphore stack configuration
2025-11-02 20:38:06 +01:00
edcf509a4f
feat: add PHP ini management system and update infrastructure configs
...
- Add PHP ini management classes (Access, IniDirective, IniKey, PhpIni)
- Update deployment configurations (Wireguard, Traefik, Monitoring)
- Add DNS stack and Ansible role
- Add deployment debugging playbooks
- Update framework components (FilePath, RedisConnectionPool)
- Update .gitignore and documentation
2025-11-02 15:29:41 +01:00
871c5b842b
fix: ensure redis secrets flow from vault
2025-11-02 04:27:12 +01:00
e598309c48
feat: improve WireGuard client management and framework initialization
...
- Improve WireGuard client IP calculation logic (find next available IP)
- Add local wireguard-clients directory for storing client configs
- Integrate Redis pool into CacheInitializer
- Improve ContainerBootstrapper with better imports and Redis pool
- Add monitoring role tags for better task organization
- Update WireGuard documentation
- Store generated WireGuard client configs locally
2025-11-02 03:29:23 +01:00
2d99a23286
feat: add system maintenance automation
2025-11-01 19:56:42 +01:00
16d586ecdf
chore: Update deployment configuration and documentation
...
- Update Gitea configuration (remove DEFAULT_ACTIONS_URL)
- Fix deployment documentation
- Update Ansible playbooks
- Clean up deprecated files
- Add new deployment scripts and templates
2025-10-31 21:11:11 +01:00
6deca7838e
chore: remove test trigger file
2025-10-31 04:14:18 +01:00
f2b375da27
Add automated .env file creation for monitoring stack via Ansible
...
- Add Jinja2 template for monitoring stack .env file
- Add Ansible tasks to generate passwords and create .env automatically
- Update vault example with monitoring credentials
- Remove manual deploy.sh script (using Ansible instead)
- Add app-internal network creation task
2025-10-31 01:59:40 +01:00
2a7b90312f
chore(deploy): add prod env template, improve ansible deploy, prune old workflows
...
- Add deployment/ansible/templates/.env.production.j2 used by secrets playbook
- Enhance deploy-update.yml to read registry creds from vault or CI
- Update production-deploy workflow to pass registry credentials to Ansible
- Remove obsolete GitHub-style workflows under .gitea (conflicted naming)
Why: make the production pipeline executable end-to-end with Ansible and
consistent secrets handling; avoid legacy CI configs interfering.
2025-10-30 21:38:28 +01:00
