mirror of http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git synced 2026-06-24 22:46:39 +02:00

No description

Find a file

Thomas Reitz b3516c5fdd docs: add Forgejo CI/CD setup guide for Git server configuration Step-by-step instructions for: - Enabling Forgejo Actions and Container Registry - Installing and registering a Forgejo Runner - Configuring repository secrets for deployment - Setting up branch protection rules - Testing the Container Registry Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-03-08 10:36:22 +01:00
.forgejo/workflows	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
.keys	chore: add CI/CD SSH key and update ACCESS.md with both keys	2026-03-08 10:34:01 +01:00
config	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
docs	docs: add Forgejo CI/CD setup guide for Git server configuration	2026-03-08 10:36:22 +01:00
packages	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
templates/cv/default	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
.env.example	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
.gitignore	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
CLAUDE_BRIEFING.docx	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
INSIGHT_Konzept_v1.0.docx	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
README.md	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00
Summarize.md	chore: project initialization with infrastructure definition and structure	2026-03-08 10:22:55 +01:00

README.md

INSIGHT MVP

Erweiterbare, mandantenfaehige SaaS-Business-Plattform der Xinion IT GmbH.

Projektuebersicht

INSIGHT ist eine Infrastruktur-Shell, auf die fachliche Module (erstes Modul: CRM) als isolierte Docker-Container aufgesetzt werden. Das System ist Cloud-Native und Kubernetes-ready.

Kernprinzipien:

Zero-Trust (mTLS intern)
Stateless Backend-Services
Separate Datenbank pro Mandant (Tenant-Isolation)
Provider-Modell fuer Authentifizierung (lokal + MS SSO)

Voraussetzungen

Fuer lokale Entwicklung (MacBook)

Git mit SSH-Zugang zu git.xinion.lan
Docker Desktop oder Docker Engine
Node.js >= 20 LTS
npm oder yarn

Fuer den Server (ProxmoxVE VM)

Ubuntu 24.04 LTS
Docker Engine + Compose Plugin (kein Docker Desktop)
SSH-Key aus .keys/deploy_ed25519.pub im authorized_keys des deploy-Users

Setup (Entwicklungsumgebung)

1. Repository klonen

git clone ssh://git@git.xinion.lan/gitadmin/INSIGHT-MVP.git
cd INSIGHT-MVP

2. Environment konfigurieren

cp .env.example .env
# .env oeffnen und alle Werte befuellen (Passwoerter, Keys, etc.)

3. JWT-Schluessel generieren

# RS256 Schluessel fuer JWT-Signierung
mkdir -p packages/core-service/keys
openssl genpkey -algorithm RSA -out packages/core-service/keys/jwt-private.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in packages/core-service/keys/jwt-private.pem -out packages/core-service/keys/jwt-public.pem

4. Services starten

# Basis-Services
docker compose up -d

# Mit Observability-Stack
docker compose -f docker-compose.yml -f docker-compose.observability.yml up -d

5. Datenbank-Migration

# Core-Schema
docker compose exec core npx prisma migrate deploy --schema=./prisma/core.schema.prisma

# Tenant-Schema (wird beim Onboarding automatisch ausgefuehrt)

6. Health-Checks pruefen

curl http://localhost:3000/health     # Core-Service
curl http://localhost:8080            # Frontend

URL: https://insight-dev.xinion.lan (oder http://localhost)
Initialer Admin-Account wird beim ersten Start via Seed-Script angelegt

Services & Ports

Service	Port (intern)	URL (extern via Traefik)	Beschreibung
Traefik	80/443	https://insight-dev.xinion.lan	API Gateway
Core-Service	3000	/api/v1/*	NestJS Backend
Frontend	8080	/*	React App
PostgreSQL	5432	-	Datenbank
PgBouncer	6432	-	Connection Pooler
Redis	6379	-	Cache & Event Bus
step-ca	9000	-	Interne CA (mTLS)
Grafana	3001	SSH-Tunnel	Monitoring Dashboards

Projektstruktur

INSIGHT-MVP/
  docker-compose.yml                 # Basis-Services
  docker-compose.observability.yml   # Monitoring-Stack
  .env.example                       # Alle Umgebungsvariablen (keine Werte!)
  .gitignore
  README.md                          # <- Du bist hier

  .keys/                             # SSH Deployment Keys
    deploy_ed25519
    deploy_ed25519.pub

  docs/                              # Projektdokumentation
    INFRASTRUCTURE.md                # Server & VM Konfiguration
    ACCESS.md                        # Zugangsdaten & SSH-Infos

  packages/
    core-service/                    # NestJS Backend
      src/
        core/
          auth/                      # Auth-Service (Provider-Modell)
          users/                     # User-Verwaltung
          tenants/                   # Tenant-Verwaltung
          modules/                   # Module-Registry
        common/
          guards/                    # JwtGuard, RolesGuard, ScopeGuard
          decorators/                # @Public(), @Roles(), @RequireScope()
          filters/                   # GlobalExceptionFilter
          interceptors/              # Logging, Response-Transformation
        config/                      # Env-Validierung (class-validator)
        prisma/                      # PrismaService + TenantPrismaService
      prisma/
        core.schema.prisma           # platform_core Tabellen
        tenant.schema.prisma         # Tenant-DB Tabellen

    frontend/                        # React + Vite
      src/
        shell/                       # App-Shell (Layout, Routing)
        auth/                        # Login, 2FA, Token-Management
        admin/                       # Admin-Bereich
        components/                  # Shared UI-Komponenten

  config/                            # Service-Konfigurationen
    traefik/
    prometheus/
    step-ca/

  .forgejo/
    workflows/                       # CI/CD Pipelines
      ci.yml
      develop.yml
      release.yml

Branching & Commits

Branching-Strategie: GitFlow

Branch	Zweck
`main`	Produktion (nur via Merge, geschuetzt)
`develop`	Integration (nur via Merge, geschuetzt)
`feature/*`	Neue Features
`fix/*`	Bugfixes
`hotfix/*`	Kritische Fixes auf main

Commit-Format: Conventional Commits

feat: Neues Feature
fix: Bugfix
chore: Tooling, Dependencies
docs: Dokumentation
refactor: Refactoring ohne Funktionsaenderung

Dokumentation

Dokument	Beschreibung
`README.md`	Dieses Dokument (Onboarding)
`docs/INFRASTRUCTURE.md`	Server-Infrastruktur & VM-Setup
`docs/ACCESS.md`	Zugangsdaten & SSH-Verbindungen
`INSIGHT_Konzept_v1.0.docx`	Vollstaendiges Konzeptdokument (23 Kap.)
`CLAUDE_BRIEFING.docx`	Entwickler-Briefing (Kurzreferenz)
`Summarize.md`	Aenderungsprotokoll (aktueller Stand)
`RUNBOOK.md`	Disaster Recovery Anleitung (folgt)