Initial upload

recipes/system/base-system/install.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+echo "---------------------------------------------"
+echo "🔧  Starte Base-System Vorbereitung"
+echo "---------------------------------------------"
+sleep 1
+
+ensure_root
+detect_pkg_manager
+
+log "📦 Aktualisiere Paketlisten und installiere Basis-Werkzeuge..."
+pkg_install curl wget git htop zip unzip nano vim ca-certificates gnupg lsb-release apt-transport-https software-properties-common ufw screen mc rsync
+
+echo "⏱ Richte Zeit-Synchronisation ein..."
+timedatectl set-timezone Europe/Berlin
+timedatectl set-ntp true
+
+echo "🗣 Stelle Locale ein..."
+sed -i 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen
+locale-gen
+update-locale LANG=de_DE.UTF-8
+
+echo "✅ Basis-System eingerichtet!"
+echo ""
+
+if [ -f /var/run/reboot-required ]; then
+  echo "⚠️  Es wird ein Neustart empfohlen."
+  read -rp "Jetzt neu starten? (j/n) " answer
+  if [[ "$answer" =~ ^[JjYy]$ ]]; then
+      reboot
+  else
+      echo "👉 Bitte später neu starten."
+  fi
+fi
+
+echo "🎉 Base-System Setup abgeschlossen."
+echo "---------------------------------------------"

recipes/system/base-system/playbook.yml

@@ -0,0 +1,64 @@
+---
+- name: Base System Setup
+  hosts: localhost
+  become: true
+  gather_facts: true
+
+  vars:
+    base_packages:
+      - screen
+      - mc
+      - rsync
+      - curl
+      - wget
+      - htop
+      - ca-certificates
+      - gnupg
+      - lsb-release
+
+  tasks:
+
+    - name: Ensure apt index is up to date
+      ansible.builtin.apt:
+        update_cache: yes
+        cache_valid_time: 3600
+
+    - name: Upgrade system packages
+      ansible.builtin.apt:
+        upgrade: safe
+
+    - name: Install base utility packages
+      ansible.builtin.apt:
+        name: "{{ base_packages }}"
+        state: present
+
+    - name: Ensure /srv exists
+      ansible.builtin.file:
+        path: /srv
+        state: directory
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Ensure /srv/docker exists
+      ansible.builtin.file:
+        path: /srv/docker
+        state: directory
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Set timezone to Europe/Berlin
+      ansible.builtin.timezone:
+        name: Europe/Berlin
+
+    - name: Ensure system locale is de_DE.UTF-8
+      ansible.builtin.locale_gen:
+        name: de_DE.UTF-8
+        state: present
+
+    - name: Apply locale permanently
+      ansible.builtin.lineinfile:
+        path: /etc/default/locale
+        regexp: '^LANG='
+        line: 'LANG=de_DE.UTF-8'

recipes/system/docker/playbook.yml

@@ -0,0 +1,107 @@
+# Save this file as: recipes/system/docker/playbook.yml
+---
+- name: Install and configure Docker
+  hosts: localhost
+  become: true
+  gather_facts: true
+
+  vars:
+    docker_packages:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-buildx-plugin
+      - docker-compose-plugin
+
+  tasks:
+    - name: Ensure docker runtime user exists
+      ansible.builtin.user:
+        name: dockeruser
+        shell: /usr/sbin/nologin
+        create_home: yes
+        state: present
+
+    - name: Add current user to docker group
+      ansible.builtin.user:
+        name: "{{ ansible_env.USER }}"
+        groups: docker
+        append: yes
+
+    - name: Ensure /srv/docker owned by dockeruser
+      ansible.builtin.file:
+        path: /srv/docker
+        state: directory
+        owner: dockeruser
+        group: docker
+        mode: '0755'
+
+    # Existing tasks continue below
+    - name: Ensure required packages are installed
+      ansible.builtin.apt:
+        name: ["ca-certificates", "curl", "gnupg", "lsb-release"]
+        state: present
+        update_cache: yes
+
+    - name: Add Docker GPG key
+      ansible.builtin.shell: |
+        install -m 0755 -d /etc/apt/keyrings
+        curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+        chmod a+r /etc/apt/keyrings/docker.gpg
+      args:
+        creates: /etc/apt/keyrings/docker.gpg
+
+    - name: Add Docker APT repository
+      ansible.builtin.copy:
+        dest: /etc/apt/sources.list.d/docker.list
+        content: |
+          deb [arch={{ ansible_architecture }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable
+
+    - name: Update apt cache
+      ansible.builtin.apt:
+        update_cache: yes
+
+    - name: Install Docker packages
+      ansible.builtin.apt:
+        name: "{{ docker_packages }}"
+        state: present
+
+    - name: Ensure systemd is refreshed after Docker install
+      ansible.builtin.systemd:
+        daemon_reload: yes
+
+    - name: Start and enable Docker
+      ansible.builtin.service:
+        name: docker
+        state: started
+        enabled: yes
+
+    - name: Add current user to docker group
+      ansible.builtin.user:
+        name: "{{ ansible_user_id }}"
+        groups: docker
+        append: yes
+
+    - name: Create /srv/docker base directory
+      ansible.builtin.file:
+        path: /srv/docker
+        state: directory
+        owner: dockeruser
+        group: docker
+        mode: '0755'
+
+    - name: Create /srv/docker/services directory
+      ansible.builtin.file:
+        path: /srv/docker/services
+        state: directory
+        owner: dockeruser
+        group: docker
+        mode: '0755'
+
+    - name: Create /srv/docker/stacks directory
+      ansible.builtin.file:
+        path: /srv/docker/stacks
+        state: directory
+        owner: dockeruser
+        group: docker
+        mode: '0755'
+

recipes/system/nginx-php/docker-compose.yml

@@ -0,0 +1,17 @@
+services:
+  php:
+    image: php:8.2-fpm
+    container_name: nginx-php_php
+    volumes:
+      - ./www:/var/www/html
+
+  nginx:
+    image: nginx:latest
+    container_name: nginx-php_nginx
+    ports:
+      - "80:80"
+    volumes:
+      - ./www:/var/www/html
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+    depends_on:
+      - php

recipes/system/nginx-php/install.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ensure_root
+detect_pkg_manager
+
+pkg_install curl
+
+$SUDO mkdir -p /srv/docker/nginx-php/www
+cd /srv/docker/nginx-php
+
+if [ ! -f /srv/docker/nginx-php/www/index.php ]; then
+  $SUDO tee /srv/docker/nginx-php/www/index.php >/dev/null <<EOF
+<?php
+phpinfo();
+EOF
+fi
+
+$SUDO tee docker-compose.yml >/dev/null <<'EOF'
+services:
+  php:
+    image: php:8.2-fpm
+    container_name: nginx-php_php
+    volumes:
+      - ./www:/var/www/html
+
+  nginx:
+    image: nginx:latest
+    container_name: nginx-php_nginx
+    ports:
+      - "80:80"
+    volumes:
+      - ./www:/var/www/html
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+    depends_on:
+      - php
+EOF
+
+if [ ! -f nginx.conf ]; then
+  $SUDO tee nginx.conf >/dev/null <<'EOF'
+server {
+    listen 80;
+    server_name _;
+    root /var/www/html;
+
+    index index.php index.html;
+
+    location / {
+        try_files $uri /index.php?$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}
+EOF
+fi
+
+$SUDO docker compose up -d
+
+log "NGINX + PHP erfolgreich installiert. Öffne http://<server-ip>/"

recipes/system/nginx-php/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+    server_name _;
+    root /var/www/html;
+
+    index index.php index.html;
+
+    location / {
+        try_files $uri /index.php?$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}

recipes/system/nginx-php/www/index.php

@@ -0,0 +1 @@
+<?php phpinfo();

recipes/system/nginx-proxy-path/install.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ensure_root
+
+NGINX_PATH="/srv/docker/nginx-php/nginx.conf"
+
+if [ ! -f "$NGINX_PATH" ]; then
+  log "Fehler: nginx-php scheint nicht installiert zu sein. Datei fehlt:"
+  log "$NGINX_PATH"
+  exit 1
+fi
+
+echo ""
+read -p "Welcher Pfad soll erstellt werden? (Beispiel: /homeassistant): " LOCATION_PATH_RAW
+
+# Normalize path
+LOCATION_PATH="${LOCATION_PATH_RAW#/}"   # führenden "/" entfernen
+LOCATION_PATH="/${LOCATION_PATH}/"       # sauber neu setzen /xyz/
+
+echo ""
+read -p "Backend Zielserver (z.B. 192.168.3.21:8123): " PROXY_TARGET
+
+echo ""
+echo "Konfiguration:"
+echo "  NGINX-Pfad:        $LOCATION_PATH"
+echo "  Proxy Zielserver:  $PROXY_TARGET"
+echo ""
+
+# Konfliktprüfung
+if grep -q "location $LOCATION_PATH" "$NGINX_PATH"; then
+  echo "WARNUNG: Ein Eintrag für diesen Pfad existiert bereits!"
+  read -p "Überschreiben? (y/n): " OVERWRITE
+  if [[ "$OVERWRITE" != "y" && "$OVERWRITE" != "Y" ]]; then
+    log "Abgebrochen."
+    exit 0
+  fi
+  # entferne bestehenden block
+  $SUDO sed -i "\|location $LOCATION_PATH|,/}|d" "$NGINX_PATH"
+fi
+
+read -p "Fortfahren und anwenden? (y/n): " CONFIRM
+if [[ "$CONFIRM" != "y" && "$CONFIRM" != "Y" ]]; then
+  log "Abgebrochen."
+  exit 0
+fi
+
+# Robust Proxy Block
+$SUDO tee -a "$NGINX_PATH" >/dev/null <<EOF
+
+# Automatisch hinzugefügt: Reverse Proxy für $LOCATION_PATH
+location $LOCATION_PATH {
+    proxy_pass http://$PROXY_TARGET/;
+
+    # Standard Header
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+
+    # WebSocket Support
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+
+    # Buffer & Timeout Tuning für Streams & Video
+    proxy_read_timeout 3600;
+    proxy_send_timeout 3600;
+    proxy_buffering off;
+    proxy_request_buffering off;
+    client_max_body_size 0;
+
+    # Optional: Fließender Videoverkehr
+    chunked_transfer_encoding on;
+}
+EOF
+
+log "NGINX-Konfiguration erweitert."
+
+(
+  cd /srv/docker/nginx-php
+  $SUDO docker compose restart nginx
+)
+
+log "NGINX neu geladen."
+log "Aufruf nun möglich unter: http://<server-ip>$LOCATION_PATH"