StefanMoCoAt
92cb45f4f1
All checks were successful
Build and Publish Docker Images / build-and-push (., backend/infrastructure/gateway/Dockerfile, api-gateway, api-gateway) (push) Successful in 7m42s
Build and Publish Docker Images / build-and-push (., backend/services/ping/Dockerfile, ping-service, ping-service) (push) Successful in 7m1s
Build and Publish Docker Images / build-and-push (., config/docker/caddy/web-app/Dockerfile, web-app, web-app) (push) Successful in 2m58s
Build and Publish Docker Images / build-and-push (., config/docker/keycloak/Dockerfile, keycloak, keycloak) (push) Successful in 1m34s
9.3 KiB
9.3 KiB
| type | status | owner |
|---|---|---|
| Reference | ACTIVE | DevOps Engineer |
SSoT Konfigurations-Masterplan für Zora (ARM64)
1. System-Umgebung (Infrastruktur)
| Parameter | Wert | Erklärung |
|---|---|---|
| Architektur | linux/arm64 |
Native Architektur von Zora (CIX P1 / CP8180). |
| Hypervisor | Proxmox VE 8.4.10 | pve.mo-code.at — Web-UI: https://pve.mo-code.at:8006 |
| Proxmox-Node-IP | 10.0.0.20 |
SSH: ssh root@10.0.0.20 |
| Netz-Bridge | vmbr0 |
Alle VMs und Container im Subnetz 10.0.0.0/24 |
| Gateway (Router) | 10.0.0.138 |
Standard-Gateway für alle VMs/Container |
VM & Container Übersicht
| ID | Name | Typ | IP | Start-Reihenfolge | Zweck |
|---|---|---|---|---|---|
| 100 | pangolin-client | LXC | 10.0.0.21 |
order=1, up=30 | Pangolin Tunnel Client |
| 101 | gitea | LXC | 10.0.0.22 |
order=2, up=30 | Gitea Server |
| 102 | gitea-runner | VM | 10.0.0.23 |
— | Gitea CI/CD Runner (aarch64) |
| 103 | immich | LXC | 10.0.0.24 |
order=3, up=30 | Immich Foto-Server |
| 110 | meldestelle-host | VM | 10.0.0.50 |
— | Docker App-Stack |
| 120 | ai-stack | LXC | 10.0.0.60 |
— | Ollama + Open WebUI |
Detaillierte Ressourcen-Konfiguration
CT 100 — pangolin-client (LXC)
| Parameter | Wert |
|---|---|
| OS | Ubuntu, arm64 |
| CPU | 4 Cores (cpulimit=4) |
| RAM | 512 MiB + 512 MiB Swap |
| Disk | 8 GB (local:100/vm-100-disk-0.raw) |
| Netzwerk | eth0 → vmbr0, IP 10.0.0.21/24, GW 10.0.0.138, Firewall: Yes |
| Typ | Unprivileged, nesting=1 |
| Autostart | Ja — order=1, up=30 |
CT 101 — gitea (LXC)
| Parameter | Wert |
|---|---|
| OS | Ubuntu, arm64 |
| CPU | 4 Cores |
| RAM | 1.00 GiB + 512 MiB Swap |
| Disk | 20 GB (local:101/vm-101-disk-0.raw) |
| Netzwerk | eth0 → vmbr0, IP 10.0.0.22/24, GW 10.0.0.138, Firewall: Yes |
| Typ | Unprivileged, nesting=1 |
| Autostart | Ja — order=2, up=30 |
CT 103 — immich (LXC)
| Parameter | Wert |
|---|---|
| OS | Ubuntu, arm64 |
| CPU | 8 Cores |
| RAM | 10.00 GiB + 512 MiB Swap |
| Root Disk | 200 GB (local:103/vm-103-disk-0.raw) |
| Mount Point | mp0: /mnt/immich_gross → /mnt/fotos (Foto-Bibliothek) |
| Netzwerk | eth0 → vmbr0, IP 10.0.0.24/24, GW 10.0.0.138, Firewall: Yes |
| Typ | Unprivileged, nesting=1, keyctl=1, fuse=1 |
| Autostart | Ja — order=3, up=30 |
CT 120 — ai-stack (LXC)
| Parameter | Wert |
|---|---|
| OS | Ubuntu 24.04, arm64 |
| CPU | 10 Cores (cpulimit=10, cpuunits=1024) |
| RAM | 48.00 GiB + 4.00 GiB Swap |
| Disk | 200 GB (local:120/vm-120-disk-0.raw) |
| Netzwerk | eth0 → vmbr0, IP 10.0.0.60/24, GW 10.0.0.138, Firewall: Yes |
| Typ | Unprivileged, nesting=1, keyctl=1 |
| Autostart | Nein |
| Dienste | Ollama :11434, Open WebUI :3001 |
VM 110 — meldestelle-host (QEMU/KVM)
| Parameter | Wert |
|---|---|
| BIOS | OVMF (UEFI) |
| Machine | virt (ARM64, aarch64) |
| CPU | 8 Cores (1 Socket, host-type, numa=1) |
| RAM | 16.00 GiB (balloon=0, kein Dynamic Memory) |
| Disk | 150 GB SSD (local:110/vm-110-disk-1.qcow2, aio=io_uring, iothread=1, ssd=1) |
| EFI Disk | local:110/vm-110-disk-0.qcow2, efitype=4m, 64 MB |
| Netzwerk | virtio, bridge=vmbr0, Firewall: Yes |
| SCSI | VirtIO SCSI single |
| Autostart | Nein (order=any) |
| QEMU Agent | Enabled |
| Dienste | Docker App-Stack (API :8081, Keycloak :8180, Prometheus :9090, Grafana :3000) |
VM 102 — gitea-runner (QEMU/KVM)
| Parameter | Wert |
|---|---|
| BIOS | OVMF (UEFI) |
| Machine | virt (ARM64) |
| CPU | 8 Cores (1 Socket, host-type, numa=1) |
| RAM | 16.00 GiB (balloon=0, kein Dynamic Memory) |
| Disk | 50 GB SSD (local:102/vm-102-disk-1.qcow2, aio=io_uring, iothread=1) |
| EFI Disk | local:102/vm-102-disk-0.qcow2, efitype=4m, 64 MB |
| Netzwerk | virtio, bridge=vmbr0, Firewall: Yes |
| SCSI | VirtIO SCSI single |
2. Mail-Relay (SSoT Identity)
Diese Daten müssen in der Spring Boot application.yml oder .env abgeglichen werden.
- SMTP-Host:
10.0.0.20(Zora Proxmox-Node als Mail-Relay) - SMTP-Port:
25(Passwortloser interner Zugriff viamynetworks) - Absender:
zora@mo-code.at(Verifizierte World4You Identität)
3. Docker-Image Checkliste (ARM64 Kompatibilität)
| Dienst | Empfohlenes Image | Status |
|---|---|---|
| Datenbank | postgres:16-alpine |
ARM64 Support: Ja |
| Cache | valkey/valkey:9-alpine |
ARM64 Support: Ja |
| Identity | quay.io/keycloak/keycloak:26.5.5 |
ARM64 Support: Ja (Offiziell) |
| Monitoring | prom/prometheus:v3.7.3 |
ARM64 Support: Ja |
| Dashboards | grafana/grafana:12.3 |
ARM64 Support: Ja |
4. Backend & Gateway (Spring Boot)
- Base Image:
eclipse-temurin:25-jre-alpine(ARM64-native, via Gitea-Pipeline gebaut) - Build-Prozess: Gitea-Runner (VM 102,
10.0.0.23) baut nativ fürlinux/arm64
5. Keycloak SSoT Integration
- External Issuer:
http://10.0.0.50:8180/realms/meldestelle - Internal Issuer:
http://keycloak:8080/realms/meldestelle(Docker-intern) - Client-IDs:
api-gateway,web-app
6. Pangolin Tunnel Routing
Pangolin läuft auf CT 100 (pangolin-client,
10.0.0.21) als Tunnel-Client zupangolin.mo-code.at.
| Route | Ziel (intern) | Port | Sichtbarkeit |
|---|---|---|---|
api.mo-code.at |
10.0.0.50 |
8081 |
Öffentlich |
auth.mo-code.at |
10.0.0.50 |
8180 |
Öffentlich |
git.mo-code.at |
10.0.0.22 |
3000 |
Öffentlich |
photos.mo-code.at |
10.0.0.24 |
2283 |
Nur intern / VPN |
ai.mo-code.at |
10.0.0.60 |
3001 |
Nur intern / VPN |