Infrastruktur steht, bereit für den Runner

docs: add guide comparing Pangolin and Cloudflare Tunnel with deployment steps
Introduced `Pangolin-vs-Cloudflare-Tunnel.md` to compare features between Pangolin and Cloudflare Tunnel. Included step-by-step deployment instructions for Hetzner VPS and MS-R1, highlighting privacy, performance, and configuration benefits.
2026-03-03 18:18:42 +01:00 · 2026-02-14 13:00:18 +01:00 · 2026-02-13 22:40:47 +01:00 · 2026-02-13 22:25:34 +01:00 · 2026-02-13 21:59:38 +01:00 · 2026-02-13 21:53:58 +01:00
12 changed files with 118 additions and 33 deletions
--- a/.gitea/workflows/docker-publish.yaml
+++ b/.gitea/workflows/docker-publish.yaml
@ -23,6 +23,8 @@ env:
  # Build Arguments für Zora (ARM64 Power)
  JAVA_VERSION: "25"
  GRADLE_VERSION: "9.3.1"
  # OPTIMIERUNG: Gradle Parameter für mehr Speed
  GRADLE_OPTS: "-Dorg.gradle.parallel=true -Dorg.gradle.workers.max=8"
  # Deine neuen JVM Power-Flags für ARM64 (Cortex-A720)
  JVM_OPTS_ARM64: "-XX:ActiveProcessorCount=12 -XX:+UseG1GC -XX:+UseTransparentHugePages -XX:+UseSVE=1"
@ -33,24 +35,27 @@ jobs:
      fail-fast: false
      matrix:
        include:
          - service: api-gateway
            context: .
            dockerfile: backend/infrastructure/gateway/Dockerfile
            image: gateway
          - service: ping-service
            context: .
            dockerfile: backend/services/ping/Dockerfile
            image: ping-service
          - service: web-app
            context: .
            dockerfile: config/docker/caddy/web-app/Dockerfile
            image: web-app
          # NEU: Keycloak wird jetzt auch automatisch gebaut und gepusht
          - service: keycloak
            context: .
            dockerfile: config/docker/keycloak/Dockerfile
            image: keycloak
          - service: api-gateway
            context: .
            dockerfile: backend/infrastructure/gateway/Dockerfile
            image: gateway
          - service: ping-service
            context: .
            dockerfile: backend/services/ping/Dockerfile
            image: ping-service
          - service: web-app
            context: .
            dockerfile: config/docker/caddy/web-app/Dockerfile
            image: web-app
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
@ -61,6 +66,7 @@ jobs:
        with:
          java-version: '25'
          distribution: 'temurin'
          cache: gradle
      # Cache für Gradle (Beschleunigt Folgebauvorgänge massiv)
      - name: Setup Gradle Cache
@ -78,12 +84,17 @@ jobs:
        if: matrix.service == 'web-app'
        run: |
          chmod +x gradlew
-          ./gradlew :frontend:shells:meldestelle-portal:jsBrowserDistribution -Pproduction=true --no-daemon
+          ./gradlew :frontend:shells:meldestelle-portal:jsBrowserDistribution \
            -Pproduction=true \
            --max-workers=8 \
            -Dkotlin.daemon.jvm.options="-Xmx4g"
      # OPTIMIERUNG: QEMU entfernt, da der Runner nativ auf ARM64 (Zora) läuft.
      # Docker Buildx für effizienten Build-Support
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
 #        with:
 #          # Wir erzwingen die Nutzung des Host-Drivers,
 #          # um gRPC-Abstürze im Container-Builder zu vermeiden
 #          driver: docker
      # Login bei deiner Gitea Registry
      - name: Log in to the Container registry
@ -105,7 +116,7 @@ jobs:
      # Build und Push (Nativ ARM64 für maximale Geschwindigkeit)
      - name: Build and push Docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: ${{ matrix.context }}
          file: ${{ matrix.dockerfile }}
@ -121,7 +132,7 @@ jobs:
            JAVA_VERSION=${{ env.JAVA_VERSION }}
            KEYCLOAK_IMAGE_TAG=26.4
            JVM_OPTS_APPEND=${{ env.JVM_OPTS_ARM64 }}
-          # KORREKTUR: 'inline' Cache statt 'gha' für Gitea-Kompatibilität
+#          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-from: type=inline
+#          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-          cache-to: type=inline,mode=max
+#          cache-from: type=gha
-
+#          cache-to: type=gha,mode=max
--- a/backend/infrastructure/gateway/Dockerfile
+++ b/backend/infrastructure/gateway/Dockerfile
@ -1,5 +1,3 @@
 # syntax=docker/dockerfile:1.8
 # ===================================================================
 # Multi-stage Dockerfile for Meldestelle API Gateway
 # Features: Security hardening, monitoring support, optimal caching, BuildKit cache mounts
--- a/backend/services/entries/Dockerfile
+++ b/backend/services/entries/Dockerfile
@ -1,5 +1,3 @@
 # syntax=docker/dockerfile:1.8
 # ===================================================================
 # Multi-stage Dockerfile for Meldestelle Entries Service
 # ===================================================================
--- a/backend/services/ping/Dockerfile
+++ b/backend/services/ping/Dockerfile
@ -1,5 +1,3 @@
 # syntax=docker/dockerfile:1.8
 # ===================================================================
 # Multi-stage Dockerfile for Meldestelle Ping Service
 # Features: Security hardening, monitoring support, optimal caching, BuildKit cache mounts
--- a/backend/services/results/results-service/Dockerfile
+++ b/backend/services/results/results-service/Dockerfile
@ -1,4 +1,3 @@
 # syntax=docker/dockerfile:1.8
 ARG GRADLE_VERSION
 ARG JAVA_VERSION
 ARG BUILD_DATE
--- a/backend/services/scheduling/scheduling-service/Dockerfile
+++ b/backend/services/scheduling/scheduling-service/Dockerfile
@ -1,4 +1,3 @@
 # syntax=docker/dockerfile:1.8
 ARG GRADLE_VERSION
 ARG JAVA_VERSION
 ARG BUILD_DATE
--- a/config/docker/caddy/web-app/Dockerfile
+++ b/config/docker/caddy/web-app/Dockerfile
@ -1,5 +1,3 @@
 # syntax=docker/dockerfile:1.8
 # ===================================================================
 # Dockerfile for Meldestelle Web-App (Hybrid Build)
 # Version: 3.2.0 - Optimized & Cleaned
--- a/config/docker/keycloak/Dockerfile
+++ b/config/docker/keycloak/Dockerfile
@ -1,4 +1,3 @@
 # syntax=docker/dockerfile:1.8
 # ===================================================================
 # Production-Ready Keycloak Dockerfile
 # ===================================================================
--- a/config/docker/nginx/web-app/Dockerfile
+++ b/config/docker/nginx/web-app/Dockerfile
@ -1,4 +1,3 @@
 # syntax=docker/dockerfile:1.8
 # ===================================================================
 # Multi-Stage Dockerfile for Meldestelle Web-App (Kotlin/JS)
 # Version: 2.3.1 - Optimized for Production Build (No Source Maps)
--- a/docs/01_Architecture/Minisforum-MS-R1/MS-R1_Konfiguration&Bedienung.md
+++ b/docs/01_Architecture/Minisforum-MS-R1/MS-R1_Konfiguration&Bedienung.md
@ -2,7 +2,7 @@
 ## 1. System-Übersicht & Architektur
-Das System "MS-R1" (interner Codename "Das Biest") ist ein High-End ARM64-Server auf Basis des CIX P1 SoC. 
+Das System "MS-R1" (interner Codename "Zora") ist ein High-End ARM64-Server auf Basis des CIX P1 SoC. 
 ### Hardware-Spezifikationen
--- a/docs/01_Architecture/Minisforum-MS-R1/Biest_Roadmap.md
+++ b/docs/01_Architecture/Minisforum-MS-R1/Biest_Roadmap.md
--- a/docs/Pangolin-vs-Cloudflare-Tunnel.md
+++ b/docs/Pangolin-vs-Cloudflare-Tunnel.md
@ -0,0 +1,86 @@
 ---
 Pangolin vs. Cloudflare Tunnel
 ---
 ## 🛡️ Pangolin vs. Cloudflare Tunnel
 | Merkmal          | Cloudflare Tunnel (`cloudflared`)           | Pangolin (Self-Hosted)                          |
 |------------------|---------------------------------------------|-------------------------------------------------|
 | **Kontrolle**    | Zentralisiert (Cloudflare sieht Traffic).   | **Dezentral** (Du besitzt den VPS & Schlüssel). |
 | **Datenschutz**  | SSL terminiert bei Cloudflare.              | **End-to-End** (SSL terminiert auf DEINEM VPS). |
 | **AGB / Limits** | Verbot von Video-Streaming (Plex/Jellyfin). | **Keine Limits** (Du bestimmst den Traffic).    |
 | **Protokolle**   | Primär TCP/HTTP.                            | **TCP & UDP** (Dank WireGuard-Basis).           |
 | **Kosten**       | Kostenlos (Free Tier).                      | VPS-Miete (ca. 4€ bei Hetzner).                 |
 | **Features**     | WAF, DDoS-Schutz (proprietär).              | SSO, CrowdSec, Geoblocking (Open Source).       |
 ---
 ## 🚀 Deployment-Bauplan (Hetzner + MS-R1)
 ### Teil 1: VPS Setup (Hetzner Cloud)
 1. Erstelle einen **CX21** VPS (Location: Frankfurt für geringste Latenz).
 2. Installiere Docker und erstelle das Pangolin-Verzeichnis.
 **Docker Compose für den VPS (`compose.yaml`):**
 ```yaml
 services:
  pangolin:
    image: ghcr.io/m-pennat/pangolin:latest
    container_name: pangolin
    restart: unless-stopped
    ports:
      - "80:80"      # HTTP (Let's Encrypt)
      - "443:443"    # HTTPS
      - "51820:51820/udp" # WireGuard Tunnel
    volumes:
      - ./data:/var/lib/pangolin
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - PANGOLIN_DOMAIN=dashboard.deinedomain.de
 ```
 *Nach dem Start (`docker compose up -d`) unter der Domain einloggen und einen neuen **Site-Client** anlegen, um den **Enrollment Token** zu erhalten.*
 ---
 ### Teil 2: Home-Server Setup (MS-R1 / Debian 12 arm64)
 Auf deinem MS-R1 installierst du den Gegenpart **Newt**. Da du Debian 12 auf arm64 nutzt, ist das Setup extrem ressourcensparend.
 **Docker Compose für den MS-R1 (`compose.yaml`):**
 ```yaml
 services:
  # Der Tunnel-Client
  newt:
    image: ghcr.io/m-pennat/newt:latest
    container_name: newt
    restart: unless-stopped
    environment:
      - NEWT_ENROLL_TOKEN=DEIN_TOKEN_VON_HETZNER_VPS
    depends_on:
      - gitea
  # Dein Service (Beispiel: Gitea)
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    restart: unless-stopped
    volumes:
      - ./gitea_data:/data
    # Hinweis: Kein "ports"-Mapping nötig! Zugriff erfolgt über den Tunnel.
 ```
 ---
 ## 💡 Warum das für dich ein "Erfolg" ist
 * **Kein Port-Forwarding:** Dein Router zu Hause bleibt komplett dicht.
 * **Arm64-Optimiert:** Debian 12 und die Container nutzen kaum CPU-Zyklen deines MS-R1.
 * **Identity-Aware Proxy:** Du kannst im Pangolin-Dashboard (Hetzner) mit drei Klicks einstellen, dass man sich erst per **Google** oder **GitHub** anmelden muss, um dein Gitea überhaupt zu sehen.
 ---
Author	SHA1	Message	Date
StefanMoCoAt	1d7d6c81bf	Infrastruktur steht, bereit für den Runner	2026-03-03 18:18:42 +01:00
Stefan Mogeritsch	61f4190f48	docs: add guide comparing Pangolin and Cloudflare Tunnel with deployment steps Introduced `Pangolin-vs-Cloudflare-Tunnel.md` to compare features between Pangolin and Cloudflare Tunnel. Included step-by-step deployment instructions for Hetzner VPS and MS-R1, highlighting privacy, performance, and configuration benefits.	2026-02-14 13:00:18 +01:00
StefanMoCoAt	eee5fbacc9	chore(ci): comment out GHA caching configuration in Docker workflow	2026-02-13 22:40:47 +01:00
StefanMoCoAt	85b11cb033	chore(ci): update Docker workflow to v6, enable GHA caching, and clean up comments	2026-02-13 22:25:34 +01:00
StefanMoCoAt	d250fd758c	chore(ci): revert Docker workflow caching to local directory settings	2026-02-13 21:59:38 +01:00
StefanMoCoAt	17c3295607	chore(ci): overhaul Docker workflow with multi-service builds, ARM64 optimizations, and improved Gradle caching strategies	2026-02-13 21:53:58 +01:00
StefanMoCoAt	5f1ffb0d04	chore(ci): streamline Docker workflow with ARM64 optimization and updated caching strategies	2026-02-13 20:51:41 +01:00
StefanMoCoAt	413a2d1daa	chore(ci): remove comment about Keycloak build in Docker pipeline	2026-02-13 20:33:02 +01:00
StefanMoCoAt	49c53aa912	chore(infra): optimize Gradle builds, add Keycloak to CI, and improve Docker caching	2026-02-13 20:10:22 +01:00
Stefan Mogeritsch	0a0f5af3bd	refactor: remove Dockerfile syntax directives to simplify and standardize definitions Removed `# syntax=docker/dockerfile:1.8` from various Dockerfiles as it is no longer needed. Updated `.gitea/workflows/docker-publish.yaml` to enhance ARM64 build reliability with host driver enforcement and commented out unused caching configurations for clarity.	2026-02-13 16:59:02 +01:00