initial COM1 gateway system blueprint

2026-03-06 14:37:04 +00:00
commit 48cd0f8d3c
395 changed files with 29966 additions and 0 deletions
--- a/tools/caddy_fix.sh
+++ b/tools/caddy_fix.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+systemctl list-unit-files | grep -i caddy || true
+systemctl list-units --type=service | grep -i caddy || true
+which caddy || true
+caddy version || true
--- a/tools/hx_server_analyse_v1.sh
+++ b/tools/hx_server_analyse_v1.sh
@@ -0,0 +1,227 @@
+#!/usr/bin/env bash
+# =========================================
+# HX-KI · SERVER-ANALYSE v1 (READ-ONLY)
+# - Generalisierbar für alle HX-KI-Server
+# - Architektur + Runtime
+# - KEINE Löschungen, KEINE Änderungen
+# - Output: /opt/hx-ki/inventory/hxki_server_analyse_<HOST>_<TS>.txt
+# =========================================
+
+set -euo pipefail
+
+HOST="$(hostname -f 2>/dev/null || hostname)"
+NOW="$(date +%Y%m%d-%H%M%S)"
+REPORT_DIR="/opt/hx-ki/inventory"
+REPORT="${REPORT_DIR}/hxki_server_analyse_${HOST}_${NOW}.txt"
+
+mkdir -p "${REPORT_DIR}"
+
+log() {
+  echo "$@" | tee -a "${REPORT}"
+}
+
+sep() {
+  log
+  log "-----------------------------------------"
+}
+
+log "========================================="
+log " HX-KI · SERVER-ANALYSE v1"
+log " Host:   ${HOST}"
+log " Datum:  ${NOW}"
+log "========================================="
+log
+
+# 1) SYSTEM / OS / KERNEL
+log "[1] SYSTEM · OS · KERNEL"
+log "-----------------------------------------"
+log "uname -a:"
+uname -a 2>&1 | tee -a "${REPORT}"
+log
+log "/etc/os-release (relevant):"
+if [ -f /etc/os-release ]; then
+  grep -E '^(PRETTY_NAME|NAME|VERSION)=' /etc/os-release 2>/dev/null | tee -a "${REPORT}" || cat /etc/os-release | tee -a "${REPORT}"
+else
+  log "  /etc/os-release nicht gefunden."
+fi
+log
+log "uptime:"
+uptime 2>&1 | tee -a "${REPORT}"
+sep
+
+# 2) CPU / RAM / STORAGE
+log "[2] HARDWARE · SPEICHER · PLATZ"
+log "-----------------------------------------"
+log "CPU:"
+lscpu 2>/dev/null | sed -n '1,10p' | tee -a "${REPORT}" || log "  lscpu nicht verfügbar."
+log
+log "RAM (free -h):"
+free -h 2>/dev/null | tee -a "${REPORT}" || log "  free nicht verfügbar."
+log
+log "Storage (df -h / und /opt /data, falls vorhanden):"
+df -h / 2>/dev/null | tee -a "${REPORT}" || log "  df / fehlgeschlagen."
+[ -d /opt ] && df -h /opt 2>/dev/null | tee -a "${REPORT}" || true
+[ -d /data ] && df -h /data 2>/dev/null | tee -a "${REPORT}" || true
+sep
+
+# 3) NETZWERK / OFFENE PORTS (Architektur-Sicht)
+log "[3] NETZWERK · INTERFACES · PORTS"
+log "-----------------------------------------"
+log "IP / Interfaces (ip -brief addr):"
+ip -brief addr 2>/dev/null | tee -a "${REPORT}" || log "  ip nicht verfügbar."
+log
+log "Routen (ip route):"
+ip route 2>/dev/null | tee -a "${REPORT}" || log "  ip route nicht verfügbar."
+log
+log "Offene TCP/UDP-Ports (ss -tulpen, Kurzform):"
+ss -tulpen 2>/dev/null | tee -a "${REPORT}" || log "  ss nicht verfügbar."
+sep
+
+# 4) DOCKER · ARCHITEKTUR + RUNTIME
+log "[4] DOCKER · ARCHITEKTUR + RUNTIME"
+log "-----------------------------------------"
+if command -v docker >/dev/null 2>&1; then
+  log "docker version (Kurzinfo):"
+  docker version --format 'Client: {{.Client.Version}} · Server: {{.Server.Version}}' 2>/dev/null | tee -a "${REPORT}" || log "  docker version fehlgeschlagen."
+  log
+  log "Laufende Container (Names, Image, Command, Status, Ports):"
+  docker ps --format "table {{.Names}}\t{{.Image}}\t{{.Command}}\t{{.Status}}\t{{.Ports}}" 2>/dev/null | tee -a "${REPORT}" || log "  docker ps fehlgeschlagen."
+  log
+  log "Alle Container (inkl. exited):"
+  docker ps -a --format "table {{.Names}}\t{{.Image}}\t{{.Status}}" 2>/dev/null | tee -a "${REPORT}" || log "  docker ps -a fehlgeschlagen."
+  log
+
+  log "Docker-Networks:"
+  docker network ls 2>/dev/null | tee -a "${REPORT}" || log "  docker network ls fehlgeschlagen."
+  log
+
+  log "Docker-Volumes:"
+  docker volume ls 2>/dev/null | tee -a "${REPORT}" || log "  docker volume ls fehlgeschlagen."
+  log
+
+  log "Docker Images (Kurzliste):"
+  docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" 2>/dev/null | tee -a "${REPORT}" || log "  docker images fehlgeschlagen."
+  log
+
+  # 4a) ARCHITEKTUR-METADATEN JE CONTAINER
+  log "Container-Architektur-Details (Compose-Labels, Volumes, Networks):"
+  for cname in $(docker ps --format '{{.Names}}' 2>/dev/null); do
+    log
+    log "  >>> Container: ${cname}"
+    docker inspect "${cname}" \
+      --format '    Labels: {{json .Config.Labels}}' 2>/dev/null | tee -a "${REPORT}" || log "    Labels konnten nicht gelesen werden."
+    docker inspect "${cname}" \
+      --format '    Mounts: {{json .Mounts}}' 2>/dev/null | tee -a "${REPORT}" || log "    Mounts konnten nicht gelesen werden."
+    docker inspect "${cname}" \
+      --format '    Networks: {{json .NetworkSettings.Networks}}' 2>/dev/null | tee -a "${REPORT}" || log "    Networks konnten nicht gelesen werden."
+  done
+
+else
+  log "Docker ist nicht installiert oder nicht im PATH."
+fi
+sep
+
+# 5) /opt · ARCHITEKTURBAUM (HX-KI)
+log "[5] /opt · ARCHITEKTURBAUM"
+log "-----------------------------------------"
+if [ -d /opt ]; then
+  log "ls -al /opt:"
+  ls -al /opt 2>&1 | tee -a "${REPORT}"
+  log
+
+  if [ -d /opt/hx-ki ]; then
+    log "ls -al /opt/hx-ki (Top-Level):"
+    ls -al /opt/hx-ki 2>&1 | tee -a "${REPORT}"
+    log
+
+    log "/opt/hx-ki Unterstruktur (maxdepth 3):"
+    find /opt/hx-ki -maxdepth 3 -type d 2>/dev/null | tee -a "${REPORT}"
+  else
+    log "/opt/hx-ki existiert nicht."
+  fi
+else
+  log "/opt existiert nicht."
+fi
+sep
+
+# 6) /data · WORKSPACE-EBENE
+log "[6] /data · WORKSPACE"
+log "-----------------------------------------"
+if [ -d /data ]; then
+  log "ls -al /data:"
+  ls -al /data 2>&1 | tee -a "${REPORT}"
+  log
+  # nur eine Ebene tiefer auflisten, um nicht zu fluten
+  for d in /data/*; do
+    [ -d "$d" ] || continue
+    log "Inhalt von $(basename "$d") (maxdepth 2):"
+    find "$d" -maxdepth 2 -type d -o -maxdepth 1 -type f 2>/dev/null | tee -a "${REPORT}"
+    log
+  done
+else
+  log "/data existiert nicht."
+fi
+sep
+
+# 7) DOCKER-COMPOSE / BAUPLÄNE
+log "[7] DOCKER-COMPOSE · BAUPLÄNE"
+log "-----------------------------------------"
+if [ -d /opt ]; then
+  log "Gefundene docker-compose.yml / compose.yml unter /opt (maxdepth 6):"
+  find /opt -maxdepth 6 -type f \( -name "docker-compose.yml" -o -name "compose.yml" \) 2>/dev/null | tee -a "${REPORT}" || log "  keine Compose-Dateien gefunden."
+  log
+
+  # Optional: ersten Zeilen jeder Compose-Datei (Architekturüberblick)
+  while IFS= read -r f; do
+    [ -f "$f" ] || continue
+    log ">>> Auszug aus: $f"
+    sed -n '1,40p' "$f" 2>/dev/null | tee -a "${REPORT}"
+    log
+  done < <(find /opt -maxdepth 4 -type f \( -name "docker-compose.yml" -o -name "compose.yml" \) 2>/dev/null || true)
+else
+  log "kein /opt → keine Compose-Suche."
+fi
+sep
+
+# 8) ENV-FILES / KONFIG (ohne Inhalte zu leaken, nur Pfade)
+log "[8] ENV-FILES / KONFIG-PFADE"
+log "-----------------------------------------"
+if [ -d /opt/hx-ki ]; then
+  log "ENV-ähnliche Dateien unter /opt/hx-ki (nur Pfade, kein Inhalt):"
+  find /opt/hx-ki -maxdepth 4 -type f \( -name ".env" -o -name "*.env" -o -name "*.env.local" \) 2>/dev/null | tee -a "${REPORT}" || log "  keine ENV-Dateien gefunden."
+else
+  log "/opt/hx-ki existiert nicht → keine ENV-Suche."
+fi
+sep
+
+# 9) POSTGRES / DATENBANK-ÜBERSICHT (wenn Container vorhanden)
+log "[9] POSTGRES · DATENBANK-ÜBERSICHT"
+log "-----------------------------------------"
+if command -v docker >/dev/null 2>&1; then
+  # versuche, einen Postgres-Container zu finden (heuristisch)
+  PG_CONT="$(docker ps --format '{{.Names}} {{.Image}}' 2>/dev/null | grep -Ei 'postgres' | head -n1 | awk '{print $1}')"
+  if [ -n "${PG_CONT}" ]; then
+    log "Gefundener Postgres-Container: ${PG_CONT}"
+    # env dumpen (aber ohne Passwort-Werte im Klartext, nur Keys sichtbar machen)
+    log "Postgres-Env (nur Keys):"
+    docker inspect "${PG_CONT}" --format '{{range .Config.Env}}{{println .}}{{end}}' 2>/dev/null \
+      | sed 's/=.*/=***MASKIERT***/' | tee -a "${REPORT}" || log "  Env nicht lesbar."
+
+    # versuche, DB-Liste zu holen (generisch)
+    log
+    log "Datenbanken in dieser Instanz (psql -l, falls möglich):"
+    docker exec -it "${PG_CONT}" psql -U postgres -c "\l" 2>/dev/null | tee -a "${REPORT}" || \
+    docker exec -it "${PG_CONT}" psql -U hxki -c "\l" 2>/dev/null | tee -a "${REPORT}" || \
+    log "  psql -l konnte nicht generisch ausgeführt werden (User/Pass unbekannt)."
+  else
+    log "Kein laufender Postgres-Container gefunden."
+  fi
+else
+  log "Docker nicht verfügbar → keine Postgres-Analyse."
+fi
+sep
+
+log "========================================="
+log " ENDE · SERVER-ANALYSE v1"
+log " Report: ${REPORT}"
+log "========================================="
--- a/tools/hxki_caddy_systemd_hetzner_edge.sh
+++ b/tools/hxki_caddy_systemd_hetzner_edge.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# ====== KONFIG: HIER FEST EINTRAGEN ======
+DOMAIN="n8n.hx-ki.com"
+UPSTREAM="127.0.0.1:5678"
+HETZNER_DNS_API_TOKEN="PASTE_DNS_TOKEN_HERE"
+# =========================================
+
+# --- Vorbedingungen ---
+command -v caddy >/dev/null || { echo "ERROR: caddy fehlt"; exit 1; }
+systemctl list-unit-files | grep -q '^caddy\.service' || { echo "ERROR: caddy.service fehlt"; exit 1; }
+
+# --- Token in systemd-Service ---
+install -d -m 0755 /etc/systemd/system/caddy.service.d
+cat >/etc/systemd/system/caddy.service.d/env.conf <<EOF
+[Service]
+Environment=HETZNER_DNS_API_TOKEN=${HETZNER_DNS_API_TOKEN}
+EOF
+chmod 0640 /etc/systemd/system/caddy.service.d/env.conf
+
+# --- Caddyfile ---
+install -d -m 0755 /etc/caddy
+cat >/etc/caddy/Caddyfile <<EOF
+${DOMAIN} {
+  tls {
+    dns hetzner
+  }
+  reverse_proxy ${UPSTREAM}
+}
+EOF
+
+# --- Hetzner DNS Plugin sicherstellen ---
+if ! caddy list-modules 2>/dev/null | grep -q 'dns.providers.hetzner'; then
+  tmp="/tmp/xcaddy.$$"
+  rm -rf "$tmp"; mkdir -p "$tmp"; cd "$tmp"
+  apt-get update -y >/dev/null
+  apt-get install -y curl tar >/dev/null
+  curl -fsSL https://github.com/caddyserver/xcaddy/releases/latest/download/xcaddy_linux_amd64.tar.gz | tar xz
+  ./xcaddy build --with github.com/caddy-dns/hetzner
+  install -m 0755 caddy /usr/bin/caddy
+  rm -rf "$tmp"
+fi
+
+systemctl daemon-reload
+systemctl restart caddy
+
+# --- Beweis ---
+systemctl show caddy -p Environment | grep -q HETZNER_DNS_API_TOKEN || { echo "ERROR: Token nicht im Service-Kontext"; exit 2; }
+
+echo "OK: Caddy läuft. Letzte Logs:"
+journalctl -u caddy -n 80 --no-pager
--- a/tools/hxki_inventory_universal_v1.sh
+++ b/tools/hxki_inventory_universal_v1.sh
@@ -0,0 +1,196 @@
+#!/bin/bash
+# ==========================================
+# HX-KI INVENTORY SCANNER – UNIVERSAL V1
+# Läuft auf jedem HX-KI Server (Helsinki / Nürnberg / Falkenstein)
+# ==========================================
+
+set -euo pipefail
+
+TIMESTAMP_UTC="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+HOSTNAME="$(hostname)"
+OUT_DIR="/opt/hx-ki/inventory"
+RUN_ID="$(date +"%Y%m%d-%H%M%S")"
+OUT_FILE="${OUT_DIR}/hxki_inventory_${HOSTNAME}_${RUN_ID}.log"
+
+mkdir -p "${OUT_DIR}"
+
+# Alles in Datei + Konsole schreiben
+exec > >(tee "${OUT_FILE}") 2>&1
+
+echo "HX-KI INVENTAR – ${HOSTNAME}"
+echo "========================================================"
+echo "Timestamp (UTC): ${TIMESTAMP_UTC}"
+echo
+
+section() {
+  echo
+  echo "---- $1 ----"
+}
+
+# -------------------------------
+# SERVER INFORMATION
+# -------------------------------
+section "SERVER INFORMATION"
+
+if command -v hostnamectl >/dev/null 2>&1; then
+  hostnamectl
+else
+  echo "Hostname: ${HOSTNAME}"
+  echo "Kernel: $(uname -srmo)"
+  if [ -f /etc/os-release ]; then
+    echo
+    echo "/etc/os-release:"
+    cat /etc/os-release
+  fi
+fi
+
+# -------------------------------
+# CPU / RAM
+# -------------------------------
+section "CPU"
+
+if command -v lscpu >/dev/null 2>&1; then
+  lscpu | egrep 'Model name|CPU\(s\)|Thread|Core|Socket|MHz' || lscpu
+else
+  echo "lscpu nicht gefunden."
+  echo "uname -m: $(uname -m)"
+fi
+
+section "RAM"
+
+if command -v free >/dev/null 2>&1; then
+  free -h
+else
+  echo "free nicht gefunden."
+fi
+
+# -------------------------------
+# STORAGE
+# -------------------------------
+section "STORAGE"
+
+df -h /
+
+# -------------------------------
+# DOCKER – GENERAL STATUS
+# -------------------------------
+section "DOCKER – GENERAL STATUS"
+
+if command -v docker >/dev/null 2>&1; then
+  echo "Docker Version:"
+  docker version || echo "Docker Version konnte nicht abgefragt werden."
+
+  echo
+  echo "Docker Compose Version:"
+  if command -v docker compose >/dev/null 2>&1; then
+    docker compose version || echo "docker compose version fehlgeschlagen."
+  elif command -v docker-compose >/dev/null 2>&1; then
+    docker-compose version || echo "docker-compose version fehlgeschlagen."
+  else
+    echo "Keine docker compose / docker-compose Binary gefunden."
+  fi
+
+  echo
+  echo "Docker Container (running):"
+  docker ps --format "table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}" || echo "docker ps fehlgeschlagen."
+
+  echo
+  echo "Docker Container (all):"
+  docker ps -a --format "table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}" || echo "docker ps -a fehlgeschlagen."
+
+  echo
+  echo "Docker Networks:"
+  docker network ls || echo "docker network ls fehlgeschlagen."
+
+  echo
+  echo "Docker Volumes:"
+  docker volume ls || echo "docker volume ls fehlgeschlagen."
+
+else
+  echo "Docker ist nicht installiert oder nicht im PATH."
+fi
+
+# -------------------------------
+# DOCKER COMPOSE STACKS /opt/hx-ki/docker
+# -------------------------------
+section "DOCKER COMPOSE STACKS (/opt/hx-ki/docker)"
+
+if [ -d /opt/hx-ki/docker ]; then
+  for STACK_DIR in /opt/hx-ki/docker/*; do
+    if [ -d "${STACK_DIR}" ] && [ -f "${STACK_DIR}/docker-compose.yml" ]; then
+      STACK_NAME="$(basename "${STACK_DIR}")"
+      echo
+      echo "== Stack: ${STACK_NAME} =="
+      echo "Pfad: ${STACK_DIR}"
+
+      # Versuche docker compose, fallback auf docker-compose
+      if command -v docker >/dev/null 2>&1 && docker compose version >/dev/null 2>&1; then
+        (
+          cd "${STACK_DIR}"
+          echo "Services (docker compose config --services):"
+          docker compose config --services 2>/dev/null || echo "docker compose config fehlgeschlagen."
+        )
+      elif command -v docker-compose >/dev/null 2>&1; then
+        (
+          cd "${STACK_DIR}"
+          echo "Services (docker-compose config --services):"
+          docker-compose config --services 2>/dev/null || echo "docker-compose config fehlgeschlagen."
+        )
+      else
+        echo "Keine docker compose / docker-compose Binary verfügbar."
+      fi
+    fi
+  done
+else
+  echo "/opt/hx-ki/docker existiert nicht auf diesem Server."
+fi
+
+# -------------------------------
+# /opt/hx-ki – DIRECTORY STRUCTURE
+# -------------------------------
+section "/opt/hx-ki – DIRECTORY STRUCTURE (max depth 2)"
+
+if [ -d /opt/hx-ki ]; then
+  if command -v tree >/dev/null 2>&1; then
+    tree -L 2 /opt/hx-ki
+  else
+    echo "tree nicht installiert – verwende find:"
+    find /opt/hx-ki -maxdepth 2 -mindepth 1 -type d | sort
+  fi
+else
+  echo "/opt/hx-ki existiert nicht auf diesem Server."
+fi
+
+# -------------------------------
+# PYTHON ENVS UNTER /opt/hx-ki
+# -------------------------------
+section "PYTHON ENVS UNTER /opt/hx-ki"
+
+for VENV in /opt/hx-ki/env /opt/hx-ki/venv; do
+  if [ -d "${VENV}" ]; then
+    echo
+    echo "Virtualenv: ${VENV}"
+    if [ -x "${VENV}/bin/python" ]; then
+      "${VENV}/bin/python" --version 2>&1 || true
+    fi
+    if [ -x "${VENV}/bin/pip" ]; then
+      echo "Installierte Pakete (Top 40):"
+      "${VENV}/bin/pip" list 2>/dev/null | head -n 40 || true
+    fi
+  fi
+done
+
+# -------------------------------
+# SYSTEM PYTHON
+# -------------------------------
+section "SYSTEM PYTHON"
+
+if command -v python3 >/dev/null 2>&1; then
+  echo "python3 Version:"
+  python3 --version 2>&1 || true
+else
+  echo "python3 nicht gefunden."
+fi
+
+section "FERTIG"
+echo "Inventar-Datei: ${OUT_FILE}"