initial COM2 system snapshot

2026-03-06 15:22:40 +00:00
commit 9c0fa49baf
4377 changed files with 273033 additions and 0 deletions
--- a/COM2_DB_ALIGN_TO_ENV_ONE_SHOT.sh
+++ b/COM2_DB_ALIGN_TO_ENV_ONE_SHOT.sh
@@ -0,0 +1,152 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+DIR="/opt/hx-ki/com2-stack"
+ENVF="$DIR/.env"
+NET="hxki-internal"
+BK="/opt/hx-ki/backups/com2-db-align-$(date +%Y%m%d-%H%M%S)"
+mkdir -p "$BK"
+
+echo "=== COM2 · DB ALIGN TO ENV (ONE-SHOT, NO DATA LOSS) ==="
+echo "Env:    $ENVF"
+echo "Backup: $BK"
+echo
+
+[ -f "$ENVF" ] || { echo "FAIL: FEHLT $ENVF"; exit 1; }
+if grep -qE 'CHANGE_ME|CHANGEME|changeme' "$ENVF"; then
+  echo "FAIL: In $ENVF sind noch Platzhalter (CHANGE_ME...)."; exit 1
+fi
+
+# .env laden (nur simple KEY=VALUE Zeilen)
+set -a
+. "$ENVF"
+set +a
+
+# Pflicht-Keys Postgres
+: "${PG_USER:?fehlend in .env}"
+: "${PG_PASSWORD:?fehlend in .env}"
+: "${PG_DB:?fehlend in .env}"
+
+# Pflicht-Keys MariaDB/Mautic (passen zu deinem Compose – ggf. in .env ergänzen)
+: "${MYSQL_ROOT_PASSWORD:?fehlend in .env}"
+: "${MAUTIC_DB_NAME:?fehlend in .env}"
+: "${MAUTIC_DB_USER:?fehlend in .env}"
+: "${MAUTIC_DB_PASSWORD:?fehlend in .env}"
+
+docker network inspect "$NET" >/dev/null 2>&1 || docker network create "$NET" >/dev/null
+
+cd "$DIR"
+
+echo "[1] DB-Container sauber runter (nur DBs)"
+docker compose rm -sf hxki-postgres hxki-mariadb >/dev/null 2>&1 || true
+
+echo "[2] Postgres hoch (nur DB)"
+docker compose up -d hxki-postgres
+
+echo "[3] Wait: Postgres ready (pg_isready)"
+for i in $(seq 1 60); do
+  if docker exec -u postgres hxki-postgres pg_isready -q >/dev/null 2>&1; then
+    echo "OK: Postgres ready."
+    break
+  fi
+  sleep 1
+  if [ "$i" = "60" ]; then
+    echo "FAIL: Postgres wird nicht ready."; exit 1
+  fi
+done
+
+echo "[4] Postgres: Role/DB auf .env angleichen (ohne pg_hba-Hacks)"
+# WICHTIG: als OS-User 'postgres' im Container -> lokaler Socket -> kein Passwort nötig
+docker exec -u postgres hxki-postgres psql -v ON_ERROR_STOP=1 -d postgres <<SQL
+DO \$\$
+BEGIN
+  IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = '${PG_USER}') THEN
+    CREATE ROLE "${PG_USER}" LOGIN;
+  END IF;
+END \$\$;
+
+ALTER ROLE "${PG_USER}" WITH PASSWORD '${PG_PASSWORD}';
+
+DO \$\$
+BEGIN
+  IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = '${PG_DB}') THEN
+    CREATE DATABASE "${PG_DB}" OWNER "${PG_USER}";
+  END IF;
+END \$\$;
+
+ALTER DATABASE "${PG_DB}" OWNER TO "${PG_USER}";
+SQL
+echo "OK: Postgres aligned."
+
+echo "[5] MariaDB: Reset-Container im 'skip-grant-tables' Modus (NO DATA LOSS)"
+# Image von vorhandener Definition nehmen (falls schon bekannt), sonst mariadb:10.11
+IMG="$(docker inspect hxki-mariadb --format '{{.Config.Image}}' 2>/dev/null || true)"
+[ -n "$IMG" ] || IMG="mariadb:10.11"
+
+# Sicherheit: falls noch ein Reset-Container existiert
+docker rm -f hxki-mariadb-reset >/dev/null 2>&1 || true
+
+# Reset-Container starten (gleicher Bind-Mount wie dein echtes Setup!)
+docker run -d --name hxki-mariadb-reset \
+  --network "$NET" \
+  -v /opt/hx-ki/mautic/db:/var/lib/mysql \
+  "$IMG" \
+  --skip-networking --skip-grant-tables >/dev/null
+
+echo "[6] Wait: MariaDB Reset ready"
+for i in $(seq 1 60); do
+  if docker exec hxki-mariadb-reset sh -lc "mariadb -uroot -e 'SELECT 1' >/dev/null 2>&1"; then
+    echo "OK: MariaDB reset ready."
+    break
+  fi
+  sleep 1
+  if [ "$i" = "60" ]; then
+    echo "FAIL: MariaDB reset wird nicht ready."; docker logs --tail=80 hxki-mariadb-reset || true; exit 1
+  fi
+done
+
+echo "[7] MariaDB: root-PW setzen + Mautic DB/User sicherstellen"
+docker exec hxki-mariadb-reset sh -lc "mariadb -uroot <<'SQL'
+FLUSH PRIVILEGES;
+
+-- Root Passwort (für localhost und %)
+ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}';
+CREATE USER IF NOT EXISTS 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}';
+GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
+
+-- Mautic DB + User
+CREATE DATABASE IF NOT EXISTS \`${MAUTIC_DB_NAME}\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+CREATE USER IF NOT EXISTS '${MAUTIC_DB_USER}'@'%' IDENTIFIED BY '${MAUTIC_DB_PASSWORD}';
+GRANT ALL PRIVILEGES ON \`${MAUTIC_DB_NAME}\`.* TO '${MAUTIC_DB_USER}'@'%';
+
+FLUSH PRIVILEGES;
+SQL"
+echo "OK: MariaDB aligned."
+
+echo "[8] Reset-Container stoppen"
+docker rm -f hxki-mariadb-reset >/dev/null
+
+echo "[9] Echtes Orchester hoch (DBs + Apps)"
+docker compose up -d --remove-orphans
+
+echo
+echo "[A] Quick checks"
+echo "- Postgres Auth (mit .env User/PW):"
+docker exec -e PGPASSWORD="${PG_PASSWORD}" hxki-postgres sh -lc "psql -U '${PG_USER}' -d '${PG_DB}' -c 'select 1' >/dev/null" \
+  && echo "OK_PG_AUTH" || echo "FAIL_PG_AUTH"
+
+echo "- MariaDB Auth (Mautic User):"
+docker exec hxki-mariadb sh -lc "mariadb -u'${MAUTIC_DB_USER}' -p'${MAUTIC_DB_PASSWORD}' -e 'SELECT 1' '${MAUTIC_DB_NAME}' >/dev/null" \
+  && echo "OK_MY_AUTH" || echo "FAIL_MY_AUTH"
+
+echo "- n8n -> localhost:5678 im Container:"
+docker exec hxki-n8n sh -lc "wget -qO- http://127.0.0.1:5678/ >/dev/null && echo OK_N8N_LISTEN || echo FAIL_N8N_LISTEN" || true
+
+echo "- Caddy -> n8n/mautic/web intern:"
+docker exec hx-caddy sh -lc "wget -qO- http://hxki-n8n:5678/ >/dev/null && echo OK_CADDY_TO_N8N || echo FAIL_CADDY_TO_N8N" || true
+docker exec hx-caddy sh -lc "wget -qO- http://hxki-mautic/ >/dev/null && echo OK_CADDY_TO_MAUTIC || echo FAIL_CADDY_TO_MAUTIC" || true
+docker exec hx-caddy sh -lc "wget -qO- http://hxki-web/ >/dev/null && echo OK_CADDY_TO_WEB || echo FAIL_CADDY_TO_WEB" || true
+
+echo
+echo "=== DONE ==="
+echo "Backup dir: $BK"