initial COM2 system snapshot

COM2_REPAIR_CANONICAL_ONE_SHOT.sh

@@ -0,0 +1,145 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+DIR="/opt/hx-ki/com2-stack"
+F="$DIR/docker-compose.yml"
+ENVF="$DIR/.env"
+NET="hxki-internal"
+TS="$(date +%Y%m%d-%H%M%S)"
+BK="/opt/hx-ki/backups/com2-repair-$TS"
+
+mkdir -p "$BK"
+echo "=== COM2 REPAIR · CANONICAL ONE-SHOT (no guessing) ==="
+echo "Compose: $F"
+echo "Env:     $ENVF"
+echo "Backup:  $BK"
+echo
+
+[ -f "$F" ] || { echo "FAIL: FEHLT $F"; exit 1; }
+
+cp -a "$F" "$BK/docker-compose.yml.pre"
+
+# 0) Netzwerk sicherstellen (external)
+docker network inspect "$NET" >/dev/null 2>&1 || docker network create "$NET" >/dev/null
+
+# 1) Alte Secrets/DB-Namen aus vorhandenen Dateien RECOVERn (keine Fantasie)
+#    Priorität: Inventory/Backups -> dann bestehende .env
+echo "[1] Recover old state (secrets/dbnames) from /opt/hx-ki …"
+
+# helper: first match from file list
+first_match() { local re="$1"; shift; for f in "$@"; do [ -f "$f" ] || continue; local v; v="$(grep -Eo "$re" "$f" | head -n1 || true)"; [ -n "$v" ] && { echo "$v"; return 0; }; done; return 1; }
+
+# Kandidatenquellen (du hast sie bereits im System)
+SRC_FILES=(
+  "/opt/hx-ki/inventory/"*.txt
+  "/opt/hx-ki/com2-stack/"*.bak.*
+  "/opt/hx-ki/com-stack/docker-compose.yml"
+  "/opt/hx-ki/com-stack/"*.bak.*
+  "/opt/hx-ki/docker/"docker-compose.yml*
+  "$ENVF"
+)
+
+# Postgres: Passwort + DB
+PG_PASS_LINE="$(first_match 'POSTGRES_PASSWORD=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+PG_DB_LINE="$(first_match 'POSTGRES_DB=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+PG_USER_LINE="$(first_match 'POSTGRES_USER=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+
+# Mautic/MariaDB: root oder mautic creds
+MY_ROOT_LINE="$(first_match '(MARIADB_ROOT_PASSWORD|MYSQL_ROOT_PASSWORD)=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+MAUTIC_USER_LINE="$(first_match 'MAUTIC_DB_USER=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+MAUTIC_PASS_LINE="$(first_match 'MAUTIC_DB_PASSWORD=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+MAUTIC_NAME_LINE="$(first_match 'MAUTIC_DB_NAME=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+MAUTIC_ROOT_LINE="$(first_match 'MAUTIC_DB_ROOT_PASSWORD=[^[:space:]]+' "${SRC_FILES[@]}" || true)"
+
+# Minimalanforderungen
+if [ -z "${PG_PASS_LINE:-}" ] || [ -z "${PG_DB_LINE:-}" ] || [ -z "${PG_USER_LINE:-}" ]; then
+  echo "FAIL: Postgres Altzustand nicht eindeutig (POSTGRES_USER/PASSWORD/DB)."
+  echo "      Liefere eine Quelle mit diesen Keys (inventory txt oder altes .env)."
+  exit 1
+fi
+
+# MariaDB/Mautic: entweder ROOT oder MAUTIC_* muss vorhanden sein
+if [ -z "${MY_ROOT_LINE:-}" ] && [ -z "${MAUTIC_ROOT_LINE:-}" ] && ( [ -z "${MAUTIC_USER_LINE:-}" ] || [ -z "${MAUTIC_PASS_LINE:-}" ] ); then
+  echo "FAIL: MariaDB/Mautic Altzustand nicht eindeutig (root oder mautic creds fehlen)."
+  exit 1
+fi
+
+echo "  OK Postgres: $PG_USER_LINE  $PG_DB_LINE  (PW recovered)"
+echo "  OK MariaDB:  $( [ -n "${MY_ROOT_LINE:-}" ] && echo "$MY_ROOT_LINE" || echo "$MAUTIC_ROOT_LINE" ) (root PW recovered)"
+echo
+
+# 2) Schreibe .env KANONISCH (nur Werte, die wir wirklich kennen)
+echo "[2] Write canonical .env (aligned to old DB state)"
+cp -a "${ENVF:-/dev/null}" "$BK/.env.pre" 2>/dev/null || true
+
+PG_USER="${PG_USER_LINE#POSTGRES_USER=}"
+PG_PASSWORD="${PG_PASS_LINE#POSTGRES_PASSWORD=}"
+PG_DB="${PG_DB_LINE#POSTGRES_DB=}"
+
+# Mautic Defaults (wenn nicht vorhanden, bleiben leer -> Compose muss dann nicht drauf referenzieren)
+MAUTIC_DB_USER="${MAUTIC_USER_LINE#MAUTIC_DB_USER=}"
+MAUTIC_DB_PASSWORD="${MAUTIC_PASS_LINE#MAUTIC_DB_PASSWORD=}"
+MAUTIC_DB_NAME="${MAUTIC_NAME_LINE#MAUTIC_DB_NAME=}"
+MAUTIC_DB_ROOT_PASSWORD="${MAUTIC_ROOT_LINE#MAUTIC_DB_ROOT_PASSWORD=}"
+
+# root pw aus MARIADB_ROOT_PASSWORD falls vorhanden
+if [ -n "${MY_ROOT_LINE:-}" ]; then
+  ROOTPW="${MY_ROOT_LINE#*=}"
+else
+  ROOTPW="${MAUTIC_DB_ROOT_PASSWORD:-}"
+fi
+
+cat > "$ENVF" <<ENV
+# === CANONICAL COM2 ENV (recovered from old state) ===
+PG_USER=$PG_USER
+PG_PASSWORD=$PG_PASSWORD
+PG_DB=$PG_DB
+
+# MariaDB/Mautic
+MARIADB_ROOT_PASSWORD=$ROOTPW
+MAUTIC_DB_ROOT_PASSWORD=$ROOTPW
+MAUTIC_DB_USER=${MAUTIC_DB_USER:-root}
+MAUTIC_DB_PASSWORD=${MAUTIC_DB_PASSWORD:-$ROOTPW}
+MAUTIC_DB_NAME=${MAUTIC_DB_NAME:-mautic}
+
+# n8n public host/proto (falls du es nutzt; ansonsten bleibt's neutral)
+N8N_HOST=${N8N_HOST:-localhost}
+N8N_PROTOCOL=${N8N_PROTOCOL:-http}
+ENV
+
+echo "  OK: .env written"
+
+# 3) Validate Compose
+echo "[3] Validate compose"
+docker compose -f "$F" --env-file "$ENVF" config >/dev/null
+echo "  OK: compose valid"
+
+# 4) Orchester hoch
+echo "[4] Up"
+cd "$DIR"
+docker compose --env-file "$ENVF" down --remove-orphans || true
+docker compose --env-file "$ENVF" up -d --remove-orphans
+
+# 5) Hard checks: DB login, then services listen, then caddy->upstreams
+echo
+echo "[5] HARD CHECKS"
+
+echo "--- Postgres auth check (inside container) ---"
+docker exec -e PGPASSWORD="$PG_PASSWORD" -it hxki-postgres psql -U "$PG_USER" -d "$PG_DB" -c "SELECT 1;" >/dev/null && echo "OK_PG_AUTH" || echo "FAIL_PG_AUTH"
+
+echo "--- MariaDB auth check (inside container) ---"
+docker exec -it hxki-mariadb sh -lc "mysql -uroot -p'$ROOTPW' -e 'SELECT 1;' >/dev/null 2>&1 && echo OK_MY_AUTH || echo FAIL_MY_AUTH"
+
+echo "--- n8n logs (tail) ---"
+docker logs --tail=20 hxki-n8n || true
+
+echo "--- mautic logs (tail) ---"
+docker logs --tail=40 hxki-mautic || true
+
+echo "--- caddy -> upstreams ---"
+docker exec -it hx-caddy sh -lc "wget -qO- http://hxki-n8n:5678/ >/dev/null && echo OK_CADDY_TO_N8N || echo FAIL_CADDY_TO_N8N" || true
+docker exec -it hx-caddy sh -lc "wget -qO- http://hxki-mautic/ >/dev/null && echo OK_CADDY_TO_MAUTIC || echo FAIL_CADDY_TO_MAUTIC" || true
+
+echo
+echo "=== DONE ==="
+echo "Backup: $BK"