refactor: standardize environment variable naming and add PING_SERVICE_URL configuration

Aligned environment variable naming across backend and infrastructure files for improved consistency (e.g., `SPRING_CLOUD_CONSUL` and `SPRING_SECURITY_OAUTH2_RESOURCESERVER`). Introduced `PING_SERVICE_URL` to support dynamic Ping-Service routing. Updated Docker Compose health checks, profiles, and memory settings for scalability and stability.
2026-02-13 15:00:12 +01:00
parent cafb3935cb
commit 6c50f22773
9 changed files with 124 additions and 84 deletions
@@ -10,7 +10,7 @@ PROJECT_NAME=meldestelle
 # Docker build versions (optional overrides)
 DOCKER_VERSION=1.0.0-SNAPSHOT
-DOCKER_REGISTRY=git.mo-code.at/Mocode-Software
+DOCKER_REGISTRY=git.mo-code.at/mocode-software
 DOCKER_BUILD_DATE=2026-02-02T15:00:00Z
 DOCKER_GRADLE_VERSION=9.3.1
 # Check if 25 is intended (Early Access) or if LTS 21 was meant
@@ -18,8 +18,13 @@ DOCKER_JAVA_VERSION=25
 DOCKER_NODE_VERSION=24.12.0
 DOCKER_NGINX_VERSION=1.28.0-alpine
 # JVM Power Flags (Lokal leer lassen, da Intel/AMD Architektur)
 JVM_OPTS_ARM64=
 # Postgres
 POSTGRES_IMAGE=postgres:16-alpine
 POSTGRES_SHARED_BUFFERS=256MB
 POSTGRES_EFFECTIVE_CACHE_SIZE=768MB
 POSTGRES_USER=pg-user
 POSTGRES_PASSWORD=pg-password
 POSTGRES_DB=pg-meldestelle-db
@@ -34,14 +39,15 @@ VALKEY_SERVER_HOSTNAME=valkey
 VALKEY_SERVER_PORT=6379
 VALKEY_SERVER_CONNECT_TIMEOUT=5s
 VALKEY_POLICY=allkeys-lru
-VALKEY_MAXMEMORY=256mb
+VALKEY_MAX_MEMORY=256MB
 SPRING_DATA_VALKEY_HOST=localhost
 SPRING_DATA_VALKEY_PORT=6379
 SPRING_DATA_VALKEY_PASSWORD=valkey-password
 # --- KEYCLOAK ---
 KEYCLOAK_IMAGE_TAG=26.4
-KC_HEAP_MAX=1024m
+KC_HEAP_MIN=512M
 KC_HEAP_MAX=1024M
 KC_COMMAND=start-dev --import-realm
 KC_ADMIN_USERNAME=kc-admin
 KC_ADMIN_PASSWORD=kc-password
@@ -54,22 +60,24 @@ KC_DEBUG_PORT=9000:9000
 # --- KEYCLOAK TOKEN VALIDATION ---
 # Public Issuer URI (must match the token issuer from browser/postman)
-KC_ISSUER_URI=http://localhost:8180/realms/meldestelle
+SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:8180/realms/meldestelle
 # Internal JWK Set URI (for service-to-service communication within Docker)
-KC_JWK_SET_URI=http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs
+SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs
 # --- CONSUL ---
 CONSUL_IMAGE=hashicorp/consul:1.22.1
 CONSUL_PORT=8500:8500
 CONSUL_UDP_PORT=8600:8600/udp
 CONSUL_HOST=consul
-CONSUL_HTTP_PORT=8500
+SPRING_CLOUD_CONSUL_HOST=consul
-SCLOUD_CONSUL_HOSTNAME=consul
+SPRING_CLOUD_CONSUL_PORT=8500
-SCLOUD_CONSUL_PORT=8500
+SPRING_CLOUD_CONSUL_DISCOVERY_SERVICE_NAME=api-gateway
 SPRING_CLOUD_CONSUL_DISCOVERY_PREFER_IP_ADDRESS=true
 # --- Zipkin ---
 ZIPKIN_IMAGE=openzipkin/zipkin:3
-ZIPKIN_HEAP=256m
+ZIPKIN_MIN_HEAP=256M
 ZIPKIN_MAX_HEAP=512M
 ZIPKIN_PORT=9411:9411
 ZIPKIN_ENDPOINT=http://zipkin:9411/api/v2/spans
 ZIPKIN_SAMPLING_PROBABILITY=1.0
@@ -110,7 +118,6 @@ GATEWAY_SPRING_PROFILES_ACTIVE=docker
 GATEWAY_DEBUG=true
 GATEWAY_SERVICE_NAME=api-gateway
 GATEWAY_CONSUL_HOSTNAME=api-gateway
 GATEWAY_CONSUL_PREFER_IP=true
 # --- PING-SERVICE ---
 PING_SPRING_PROFILES_ACTIVE=docker
@@ -1,5 +1,6 @@
 package at.mocode.infrastructure.gateway.config
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.cloud.gateway.route.RouteLocator
 import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder
 import org.springframework.cloud.gateway.route.builder.filters
@@ -8,7 +9,9 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@Configuration
-class GatewayConfig {
+class GatewayConfig(
    @Value("\${ping.service.url:http://localhost:8082}") private val pingServiceUrl: String
 ) {
    @Bean
    fun customRouteLocator(builder: RouteLocatorBuilder): RouteLocator {
@@ -22,7 +25,7 @@ class GatewayConfig {
                        it.fallbackUri = java.net.URI.create("forward:/fallback/ping")
                    }
                }
-                uri("http://ping-service:8082")
+                uri(pingServiceUrl)
            }
        }
    }
@@ -1,5 +1,5 @@
 server:
-  port: 8081
+  port: ${GATEWAY_SERVER_PORT:8081}
 spring:
  application:
@@ -7,7 +7,6 @@ spring:
  autoconfigure:
    exclude:
      - "org.springframework.cloud.client.loadbalancer.LoadBalancerAutoConfiguration"
  # --- VALKEY (für Rate Limiting) ---
  data:
    valkey:
@@ -18,8 +17,8 @@ spring:
  # --- CONSUL (Service Discovery) ---
  cloud:
    consul:
-      host: ${CONSUL_HOST:localhost}
+      host: ${SPRING_CLOUD_CONSUL_HOST:localhost}
-      port: ${CONSUL_PORT:8500}
+      port: ${SPRING_CLOUD_CONSUL_PORT:8500}
      discovery:
        register: true
        service-name: ${spring.application.name}
@@ -38,8 +37,8 @@ spring:
          # Keycloak URL. Lokal: localhost:8080 (oder 8180 je nach Mapping).
          # Im Docker: keycloak:8080.
          # Wir nutzen hier localhost:8180 als Default (siehe docker-compose Port Mapping).
-          issuer-uri: ${KEYCLOAK_ISSUER_URI:http://localhost:8180/realms/meldestelle}
+          issuer-uri: ${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI:http://localhost:8180/realms/meldestelle}
-          jwk-set-uri: ${KEYCLOAK_JWK_SET_URI:http://localhost:8180/realms/meldestelle/protocol/openid-connect/certs}
+          jwk-set-uri: ${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI:http://localhost:8180/realms/meldestelle/protocol/openid-connect/certs}
 management:
  endpoints:
@@ -56,3 +55,10 @@ management:
      probability: 1.0
    propagation:
      type: "w3c"
 # --- Custom Service URLs ---
 # Default: Localhost (für Entwicklung ohne Docker)
 # Im Docker-Compose überschreiben wir das mit dem Service-Namen
 ping:
  service:
    url: ${PING_SERVICE_URL:http://localhost:8082}
@@ -1,6 +1,6 @@
 # Port, auf dem das Ping-Service läuft
 server:
-  port: ${PING_SERVICE_PORT:8082}
+  port: ${PING_SERVER_PORT:8082}
 spring:
  application:
@@ -24,7 +24,7 @@ spring:
  flyway:
    enabled: true
-    # Erlaubt Migration auch wenn DB nicht leer ist (wichtig für Dev)
+    # Erlaubt die Migration, auch wenn DB nicht leer ist (wichtig für Dev)
    baseline-on-migrate: true
    # Sucht standardmäßig in classpath:db/migration
@@ -33,13 +33,13 @@ spring:
      resourceserver:
        jwt:
          # Keycloak URL (lokal via Port Forwarding)
-          issuer-uri: ${KEYCLOAK_ISSUER_URI:http://localhost:8180/realms/meldestelle}
+          issuer-uri: ${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI:http://localhost:8180/realms/meldestelle}
-          jwk-set-uri: ${KEYCLOAK_JWK_SET_URI:http://localhost:8180/realms/meldestelle/protocol/openid-connect/certs}
+          jwk-set-uri: ${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI:http://localhost:8180/realms/meldestelle/protocol/openid-connect/certs}
  cloud:
    consul:
-      host: ${CONSUL_HOST:localhost}
+      host: ${SPRING_CLOUD_CONSUL_HOST:localhost}
-      port: ${CONSUL_PORT:8500}
+      port: ${SPRING_CLOUD_CONSUL_PORT:8500}
      enabled: ${CONSUL_ENABLED:true}
      discovery:
        enabled: ${CONSUL_ENABLED:true}
@@ -29,14 +29,14 @@ services:
      DEBUG: "${GATEWAY_DEBUG:-true}"
      # --- KEYCLOAK ---
-      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: "${KC_ISSUER_URI}"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: "${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI}"
-      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: "${KC_JWK_SET_URI}"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: "${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI}"
      # --- CONSUL ---
-      SPRING_CLOUD_CONSUL_HOST: "${CONSUL_HOST:-consul}"
+      SPRING_CLOUD_CONSUL_HOST: "${SPRING_CLOUD_CONSUL_HOST:-consul}"
-      SPRING_CLOUD_CONSUL_PORT: "${CONSUL_HTTP_PORT:-8500}"
+      SPRING_CLOUD_CONSUL_PORT: "${SPRING_CLOUD_CONSUL_PORT:-8500}"
-      SPRING_CLOUD_CONSUL_DISCOVERY_SERVICE_NAME: "${GATEWAY_SERVICE_NAME:-api-gateway}"
+      SPRING_CLOUD_CONSUL_DISCOVERY_SERVICE_NAME: "${SPRING_CLOUD_CONSUL_DISCOVERY_SERVICE_NAME:-api-gateway}"
-      SPRING_CLOUD_CONSUL_DISCOVERY_PREFER_IP_ADDRESS: "${GATEWAY_CONSUL_PREFER_IP:-true}"
+      SPRING_CLOUD_CONSUL_DISCOVERY_PREFER_IP_ADDRESS: "${SPRING_CLOUD_CONSUL_DISCOVERY_PREFER_IP_ADDRESS:-true}"
      # --- POSTGRES ---
      SPRING_DATASOURCE_URL: "${POSTGRES_DB_URL:-jdbc:postgresql://postgres:5432/pg-meldestelle-db}"
@@ -57,6 +57,9 @@ services:
      MANAGEMENT_ZIPKIN_TRACING_ENDPOINT: "${ZIPKIN_ENDPOINT:-http://zipkin:9411/api/v2/spans}"
      MANAGEMENT_TRACING_SAMPLING_PROBABILITY: "${ZIPKIN_SAMPLING_PROBABILITY:-1.0}"
      # --- SERVICE URLs ---
      PING_SERVICE_URL: "http://ping-service:8082"
    depends_on:
      postgres:
        condition: "service_healthy"
@@ -64,7 +67,7 @@ services:
        condition: "service_started"
      consul:
        condition: "service_healthy"
-      redis:
+      valkey:
        condition: "service_healthy"
      zipkin:
        condition: "service_started"
@@ -101,8 +104,8 @@ services:
      SERVER_PORT: "${PING_SERVER_PORT:-8082}"
      # --- KEYCLOAK ---
-      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: "${KC_ISSUER_URI}"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: "${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI}"
-      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: "${KC_JWK_SET_URI}"
+      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: "${SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI}"
      # --- CONSUL ---
      SPRING_CLOUD_CONSUL_HOST: "${CONSUL_HOST:-consul}"
@@ -132,7 +135,7 @@ services:
        condition: "service_started"
      consul:
        condition: "service_healthy"
-      redis:
+      valkey:
        condition: "service_healthy"
      zipkin:
        condition: "service_started"
@@ -9,8 +9,8 @@ services:
  postgres:
    image: "${POSTGRES_IMAGE:-postgres:16-alpine}"
    container_name: "${PROJECT_NAME:-meldestelle}-postgres"
    # OPTIMIERUNG: Automatischer Neustart bei System-Reboot
    restart: unless-stopped
    profiles: [ "infra", "all" ]
    ports:
      - "${POSTGRES_PORT:-5432:5432}"
    environment:
@@ -21,8 +21,6 @@ services:
      - "postgres-data:/var/lib/postgresql/data"
      - "./config/docker/postgres:/docker-entrypoint-initdb.d:Z"
      - "./config/docker/postgres/postgresql.conf:/etc/postgresql/postgresql.conf:Z"
    profiles: [ "infra", "all" ]
    # OPTIMIERUNG: Dynamische Speicherzuweisung via .env Overrides
    command:
      - "postgres"
      - "-c"
@@ -33,43 +31,38 @@ services:
      - "effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-768MB}"
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ]
      # OPTIMIERUNG: Höheres Intervall (10s), um Zora im Normalbetrieb zu entlasten
      interval: "10s"
      timeout: "5s"
      retries: "5"
-      start_period: "5s"
+      start_period: "10s"
    networks:
      meldestelle-network:
        aliases:
          - "postgres"
-  # --- CACHE: Valkey (formerly Redis) ---
+  # --- CACHE: Valkey ---
  valkey:
    # Valkey 9.0 (User Request)
    image: "${VALKEY_IMAGE:-valkey/valkey:9-alpine}"
    container_name: "${PROJECT_NAME:-meldestelle}-valkey"
    restart: unless-stopped
    profiles: [ "infra", "all" ]
    ports:
      - "${VALKEY_PORT:-6379:6379}"
    volumes:
      - "valkey-data:/data"
      # Wir nutzen weiterhin die valkey.conf, da Valkey kompatibel ist
      - "./config/docker/valkey/valkey.conf:/etc/valkey/valkey.conf:Z"
    profiles: [ "infra", "all" ]
    # Anpassung der Binaries auf valkey-server und valkey-cli
    # command: [ "sh", "-lc", "exec valkey-server /etc/valkey/valkey.conf --protected-mode no ${VALKEY_PASSWORD:+--requirepass $VALKEY_PASSWORD}" ]
    command:
      - "sh"
      - "-lc"
      - |
        exec valkey-server /etc/valkey/valkey.conf \
        --protected-mode no \
-        --maxmemory ${VALKEY_MAXMEMORY:-256mb} \
+        --maxmemory ${VALKEY_MAX_MEMORY:-256MB} \
        --maxmemory-policy ${VALKEY_POLICY:-allkeys-lru} \
        ${VALKEY_PASSWORD:+--requirepass $VALKEY_PASSWORD}
    healthcheck:
      test: [ "CMD-SHELL", "[ -z \"$VALKEY_PASSWORD\" ] && valkey-cli ping | grep PONG || valkey-cli -a \"$VALKEY_PASSWORD\" ping | grep PONG" ]
-      interval: "5s"
+      interval: "10s"
      timeout: "5s"
      retries: "3"
    networks:
@@ -77,53 +70,51 @@ services:
        aliases:
          - "valkey"
-  # --- IAM: Keycloak (DEBUG MODE) ---
+  # --- IAM: Keycloak (Zora-Optimiert) ---
  keycloak:
    # Wir nutzen jetzt dein optimiertes Image statt des Standard-Images
    build:
      context: .
      dockerfile: config/docker/keycloak/Dockerfile
      args:
        KEYCLOAK_IMAGE_TAG: "${KEYCLOAK_IMAGE_TAG:-26.4}"
-    image: "${DOCKER_REGISTRY:-git.mo-code.at/Mocode-Software}/keycloak:${KEYCLOAK_IMAGE_TAG:-26.4}"
+    image: "${DOCKER_REGISTRY:-git.mo-code.at/grandmo}/keycloak:${KEYCLOAK_IMAGE_TAG:-26.4}"
    container_name: "${PROJECT_NAME:-meldestelle}-keycloak"
-    restart: unless-stopped # Wichtig für Zora!
+    restart: unless-stopped
    profiles: [ "infra", "all" ]
    environment:
      KC_BOOTSTRAP_ADMIN_USERNAME: "${KC_ADMIN_USERNAME:-kc-admin}"
      KC_BOOTSTRAP_ADMIN_PASSWORD: "${KC_ADMIN_PASSWORD:-kc-password}"
      KC_DB: "${KC_DB:-postgres}"
      KC_DB_SCHEMA: "${KC_DB_SCHEMA:-keycloak}"
-      # SSoT: DB-URL dynamisch halten
+      KC_DB_URL: "jdbc:postgresql://postgres:5432/${POSTGRES_DB:-pg-meldestelle-db}"
-      KC_DB_URL: "jdbc:postgresql://postgres:5432/${POSTGRES_DB:-meldestelle}"
+      KC_DB_USERNAME: "${POSTGRES_USER:-pg-user}"
-      KC_DB_USERNAME: "${POSTGRES_USER:-meldestelle}"
+      KC_DB_PASSWORD: "${POSTGRES_PASSWORD:-pg-password}"
      KC_DB_PASSWORD: "${POSTGRES_PASSWORD:-meldestelle}"
      KC_HOSTNAME: "${KC_HOSTNAME:-localhost}"
      KC_HTTP_ENABLED: "true"
      KC_PROXY_HEADERS: "xforwarded"
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
-      # OPTIMIERUNG: Java Heap Einstellungen
+      # Integration der Power-Flags
-      JAVA_OPTS_APPEND: "-Xms${KC_HEAP_MIN:-512m} -Xmx${KC_HEAP_MAX:-1024m}"
+      JAVA_OPTS_APPEND: "-Xms${KC_HEAP_MIN:-512M} -Xmx${KC_HEAP_MAX:-1024M} ${JVM_OPTS_ARM64}"
    ports:
      - "${KC_PORT:-8180:8080}"
      - "${KC_DEBUG_PORT:-9000:9000}"
    depends_on:
      postgres:
        condition: "service_healthy"
    volumes:
      - "./config/docker/keycloak:/opt/keycloak/data/import:Z"
    # DYNAMISCH: start-dev für Dev, start für Zora
    command: "${KC_COMMAND:-start-dev --import-realm}"
    networks:
      meldestelle-network:
        aliases:
          - "keycloak"
    profiles: [ "infra", "all" ]
  # --- SERVICE DISCOVERY: Consul ---
  consul:
    image: "${CONSUL_IMAGE:-hashicorp/consul:1.22.1}"
    container_name: "${PROJECT_NAME:-meldestelle}-consul"
    restart: unless-stopped
    profiles: [ "infra", "all" ]
    ports:
      - "${CONSUL_PORT:-8500:8500}"
      - "${CONSUL_UDP_PORT:-8600:8600/udp}"
@@ -135,31 +126,17 @@ services:
      meldestelle-network:
        aliases:
          - "consul"
    profiles: [ "infra", "all" ]
  # --- TRACING: Zipkin ---
  zipkin:
    image: "${ZIPKIN_IMAGE:-openzipkin/zipkin:3}"
    container_name: "${PROJECT_NAME:-meldestelle}-zipkin"
-    restart: unless-stopped # Geändert für Zora
+    restart: unless-stopped
    profiles: [ "infra", "all" ]
    environment:
-      # OPTIMIERUNG: Speicherbegrenzung für Zora (Zipkin ist Java)
+      JAVA_OPTS: "-Xms${ZIPKIN_MIN_HEAP:-256M} -Xmx${ZIPKIN_MAX_HEAP:-512M} ${JVM_OPTS_ARM64}"
      JAVA_OPTS: "-Xms${ZIPKIN_HEAP:-256m} -Xmx${ZIPKIN_HEAP:-512m}"
    ports:
      - "${ZIPKIN_PORT:-9411:9411}"
    profiles: [ "infra", "all" ] # Geändert auf 'ops', um es optionaler zu machen
    networks:
      meldestelle-network:
  # --- EMAIL TESTING: Mailpit ---
  mailpit:
    image: "${MAILPIT_IMAGE:-axllent/mailpit:v1.29}"
    container_name: "${PROJECT_NAME:-meldestelle}-mailpit"
    restart: unless-stopped # Geändert für Zora
    ports:
      - "${MAILPIT_WEB_PORT:-8025:8025}" # Web UI
      - "${MAILPIT_SMTP_PORT:-1025:1025}" # SMTP Port
    profiles: [ "dev-tools", "all" ] # Auf 'dev-tools' verschoben
    networks:
      meldestelle-network:
@@ -5,11 +5,24 @@ services:
  # 4. OPS & TOOLS (Monitoring & Admin)
  # ==========================================
  # --- EMAIL TESTING: Mailpit ---
  mailpit:
    image: "${MAILPIT_IMAGE:-axllent/mailpit:v1.29}"
    container_name: "${PROJECT_NAME:-meldestelle}-mailpit"
    restart: unless-stopped
    profiles: [ "dev-tools", "all" ]
    ports:
      - "${MAILPIT_WEB_PORT:-8025:8025}" # Web UI
      - "${MAILPIT_SMTP_PORT:-1025:1025}" # SMTP Port
    networks:
      meldestelle-network:
  # --- DATENBANK-MANAGEMENT-TOOL: pgAdmin4 ---
  pgadmin:
    image: "${PGADMIN_IMAGE:-dpage/pgadmin4:8}"
    container_name: "${PROJECT_NAME:-meldestelle}-pgadmin"
-    restart: no
+    restart: unless-stopped
    profiles: [ "tools", "all" ]
    ports:
      - "${PGADMIN_PORT:-8888:80}"
    environment:
@@ -17,7 +30,6 @@ services:
      PGADMIN_DEFAULT_PASSWORD: "${PGADMIN_PASSWORD:-pgadmin}"
    volumes:
      - "pgadmin-data:/var/lib/pgadmin"
    profiles: [ "tools", "all" ]
    networks:
      meldestelle-network:
        aliases:
@@ -27,7 +39,8 @@ services:
  postgres-exporter:
    image: "${POSTGRES_EXPORTER_IMAGE:-prometheuscommunity/postgres-exporter:v0.18.0}"
    container_name: "${PROJECT_NAME:-meldestelle}-postgres-exporter"
-    restart: no
+    restart: unless-stopped
    profiles: [ "ops", "all" ]
    environment:
      DATA_SOURCE_NAME: "postgresql://${POSTGRES_USER:-pg-user}:${POSTGRES_PASSWORD:-pg-password}@postgres:5432/${POSTGRES_DB:-pg-meldestelle-db}?sslmode=disable"
    depends_on:
@@ -37,7 +50,6 @@ services:
      meldestelle-network:
        aliases:
          - "postgres-exporter"
    profiles: [ "ops", "all" ]
  # --- MONITORING: Alertmanager ---
  alertmanager:
@@ -0,0 +1,29 @@
 # Journal - 2026-02-13
 ## 📝 Zusammenfassung
 Heute wurden Inkonsistenzen in der Konfiguration der Backend-Services behoben, die zu Verbindungsproblemen führten. Zudem wurde der Build-Prozess für das Frontend optimiert.
 ## 🛠️ Änderungen
 ### 1. Backend Konfiguration (Fix 503 Service Unavailable)
 *   **Problem:** Der `ping-service` war über das Gateway nicht erreichbar (503), da die Route im Gateway hart auf `http://ping-service:8082` kodiert war. Dies funktionierte im Docker-Netzwerk, aber nicht beim lokalen Start (Localhost).
 *   **Lösung:**
    *   `GatewayConfig.kt`: Die URI für den Ping-Service wurde dynamisch gemacht (`${ping.service.url}`).
    *   `application.yaml` (Gateway): Default-Wert für `ping.service.url` auf `http://localhost:8082` gesetzt (für lokale Entwicklung).
    *   `dc-backend.yaml`: Environment-Variable `PING_SERVICE_URL` auf `http://ping-service:8082` gesetzt (für Docker).
    *   Zusätzlich wurden Inkonsistenzen bei Port-Variablennamen (`PING_SERVER_PORT` vs `PING_SERVICE_PORT`) zwischen `.env` und `application.yaml` bereinigt.
 ### 2. Frontend Build Optimierung
 *   **Problem:** Der Build `jsBrowserDistribution -Pproduction=true` dauerte extrem lange (>15 min) und hing.
 *   **Ursache:** Generierung von Source Maps im Production-Mode bei großen Kotlin/JS Projekten.
 *   **Lösung:**
    *   `build.gradle.kts` (meldestelle-portal): Logik angepasst, sodass Source Maps im Production-Mode standardmäßig deaktiviert sind (`sourceMaps = false`), es sei denn, sie werden explizit angefordert.
    *   Ergebnis: Build-Zeit auf ~9 Sekunden reduziert.
 ## 📚 Gelerntes
 *   **Source Maps:** Sind essenziell für Debugging, aber extrem teuer im Build. Für Production-Builds (Docker Images) sollten sie deaktiviert werden, um Build-Zeiten und Image-Größe zu optimieren.
 *   **Hybrid-Betrieb:** Services sollten so konfiguriert sein, dass sie sowohl "fully dockerized" als auch "lokal + Docker-Infra" laufen können, ohne Code-Änderungen (Nutzung von Properties/Env-Vars für Hostnames).
 ## 🔜 Nächste Schritte
 *   Lokalen Test des gesamten Stacks (Frontend im Docker Container + Backend lokal/Docker) abschließen.
 *   Verifizierung der Keycloak-Integration im Frontend.
@@ -37,9 +37,12 @@ kotlin {
        else
          KotlinWebpackConfig.Mode.DEVELOPMENT
-        // Source Maps Optimierung für Docker Builds
+        // Source Maps Optimierung: Im Production Mode standardmäßig AUS, außer explizit gewünscht.
-        if (project.hasProperty("noSourceMaps")) {
+        // Das beschleunigt den Build massiv.
-          sourceMaps = false
+        if (mode == KotlinWebpackConfig.Mode.PRODUCTION && !project.hasProperty("enableSourceMaps")) {
            sourceMaps = false
        } else if (project.hasProperty("noSourceMaps")) {
            sourceMaps = false
        }
      }