From b3fd512d2583ee56ba5af661adacb5ddc1270dae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jesko=20Ansch=C3=BCtz?= <jesko@linuxmuster.net>
Date: Tue, 24 Mar 2026 17:36:39 +0100
Subject: [PATCH] =?UTF-8?q?feat(deploy):=20manuelles=20Deploy-Verzeichnis?=
 =?UTF-8?q?=20f=C3=BCr=20dockerbox.morz.de?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- deploy/docker-compose.yml: Produktions-Stack (Backend, Postgres, Mosquitto)
  Backend bindet nur auf 127.0.0.1:8080 (HTTPS via Reverse Proxy)
- deploy/.env.example: Vorlage für Produktions-Umgebungsvariablen
- deploy/mosquitto/config/mosquitto.conf: Mosquitto mit Passwort-Auth
- ansible/group_vars: morz_server_base_url auf https://dockerbox.morz.de
- ansible/inventory.yml: debi entfernt, dev-Hosts info11/info12 ergänzt
- .gitignore: !.env.example als Ausnahme ergänzt

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitignore                                  |  1 +
 ansible/group_vars/signage_players/vars.yml |  2 +-
 ansible/host_vars/info11-dev/vars.yml       |  6 ++
 ansible/host_vars/info12-dev/vars.yml       |  6 ++
 ansible/inventory.yml                       |  1 -
 compose/.env.example                        | 11 ++++
 deploy/.env.example                         | 14 +++++
 deploy/docker-compose.yml                   | 70 +++++++++++++++++++++
 deploy/mosquitto/config/mosquitto.conf      | 11 ++++
 9 files changed, 120 insertions(+), 2 deletions(-)
 create mode 100644 ansible/host_vars/info11-dev/vars.yml
 create mode 100644 ansible/host_vars/info12-dev/vars.yml
 create mode 100644 compose/.env.example
 create mode 100644 deploy/.env.example
 create mode 100644 deploy/docker-compose.yml
 create mode 100644 deploy/mosquitto/config/mosquitto.conf

diff --git a/.gitignore b/.gitignore
index 4075b97..839c239 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ dist/
 # Local environment files
 .env
 .env.*
+!.env.example
 
 # Compose override files
 compose.override.yml
diff --git a/ansible/group_vars/signage_players/vars.yml b/ansible/group_vars/signage_players/vars.yml
index 57551e7..5ba9f6f 100644
--- a/ansible/group_vars/signage_players/vars.yml
+++ b/ansible/group_vars/signage_players/vars.yml
@@ -1,5 +1,5 @@
 ---
-morz_server_base_url: "http://192.168.64.1:8080"
+morz_server_base_url: "https://dockerbox.morz.de"
 morz_mqtt_broker: "tcp://dockerbox.morz.de:1883"
 morz_heartbeat_every_seconds: 30
 morz_status_report_every_seconds: 60
diff --git a/ansible/host_vars/info11-dev/vars.yml b/ansible/host_vars/info11-dev/vars.yml
new file mode 100644
index 0000000..bb14bb7
--- /dev/null
+++ b/ansible/host_vars/info11-dev/vars.yml
@@ -0,0 +1,6 @@
+---
+ansible_host: 192.168.64.12
+ansible_user: admin
+screen_id: info11-dev
+screen_name: "11 - Macbook"
+screen_orientation: landscape
diff --git a/ansible/host_vars/info12-dev/vars.yml b/ansible/host_vars/info12-dev/vars.yml
new file mode 100644
index 0000000..67afa5f
--- /dev/null
+++ b/ansible/host_vars/info12-dev/vars.yml
@@ -0,0 +1,6 @@
+---
+ansible_host: 192.168.64.13
+ansible_user: admin
+screen_id: info12-dev
+screen_name: "12 - Macbook"
+screen_orientation: landscape
diff --git a/ansible/inventory.yml b/ansible/inventory.yml
index bc68a7f..a82ff04 100644
--- a/ansible/inventory.yml
+++ b/ansible/inventory.yml
@@ -7,7 +7,6 @@ all:
         info01-dev:
         info11-dev:
         info12-dev:
-        debi:
     signage_servers:
       hosts:
         dockerbox:
diff --git a/compose/.env.example b/compose/.env.example
new file mode 100644
index 0000000..3d8a46f
--- /dev/null
+++ b/compose/.env.example
@@ -0,0 +1,11 @@
+# Passwort für den initialen Admin-User (Tenant: MORZ_INFOBOARD_DEFAULT_TENANT).
+# Wird beim ersten Start gesetzt, sofern noch kein Admin-User existiert.
+# Leer lassen = zufälliges Passwort wird generiert und ins Log geschrieben.
+MORZ_INFOBOARD_ADMIN_PASSWORD=
+
+# Aktiviert den Dev-Modus (z. B. entspannte CORS-Regeln, ausführliches Logging).
+# In Produktion auf false belassen.
+MORZ_INFOBOARD_DEV_MODE=false
+
+# Slug des Standard-Tenants, unter dem der Admin-User angelegt wird.
+MORZ_INFOBOARD_DEFAULT_TENANT=morz
diff --git a/deploy/.env.example b/deploy/.env.example
new file mode 100644
index 0000000..cd17ffb
--- /dev/null
+++ b/deploy/.env.example
@@ -0,0 +1,14 @@
+# Datenbank-Passwort (wird auch intern vom Backend genutzt)
+MORZ_DB_PASSWORD=sicheres-passwort-hier
+
+# Initialer Admin-Benutzer (Tenant: MORZ_DEFAULT_TENANT)
+# Leer lassen = zufälliges Passwort wird generiert und ins Log geschrieben
+MORZ_ADMIN_PASSWORD=
+
+# Standard-Tenant-Slug
+MORZ_DEFAULT_TENANT=morz
+
+# MQTT-Broker – intern erreichbar über den mqtt-Service
+MORZ_MQTT_BROKER=tcp://mqtt:1883
+MORZ_MQTT_USERNAME=
+MORZ_MQTT_PASSWORD=
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
new file mode 100644
index 0000000..8064df1
--- /dev/null
+++ b/deploy/docker-compose.yml
@@ -0,0 +1,70 @@
+services:
+  backend:
+    image: git.az-it.net/az/morz-infoboard/backend:latest
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:8080:8080"
+    environment:
+      MORZ_INFOBOARD_HTTP_ADDR: ":8080"
+      MORZ_INFOBOARD_DATABASE_URL: "postgres://morz_infoboard:${MORZ_DB_PASSWORD}@db:5432/morz_infoboard?sslmode=disable"
+      MORZ_INFOBOARD_UPLOAD_DIR: /app/uploads
+      MORZ_INFOBOARD_STATUS_STORE_PATH: /app/data/status
+      MORZ_INFOBOARD_MQTT_BROKER: "${MORZ_MQTT_BROKER}"
+      MORZ_INFOBOARD_MQTT_USERNAME: "${MORZ_MQTT_USERNAME}"
+      MORZ_INFOBOARD_MQTT_PASSWORD: "${MORZ_MQTT_PASSWORD}"
+      MORZ_INFOBOARD_ADMIN_PASSWORD: "${MORZ_ADMIN_PASSWORD}"
+      MORZ_INFOBOARD_DEFAULT_TENANT: "${MORZ_DEFAULT_TENANT:-morz}"
+      MORZ_INFOBOARD_DEV_MODE: "false"
+      TZ: "Europe/Berlin"
+    volumes:
+      - ./uploads:/app/uploads
+      - ./data:/app/data
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      - internal
+      - proxy
+
+  db:
+    image: postgres:17-alpine
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: morz_infoboard
+      POSTGRES_PASSWORD: "${MORZ_DB_PASSWORD}"
+      POSTGRES_DB: morz_infoboard
+    volumes:
+      - db_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U morz_infoboard"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - internal
+
+  mqtt:
+    image: eclipse-mosquitto:2
+    restart: unless-stopped
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./mosquitto/config:/mosquitto/config:ro
+      - mosquitto_data:/mosquitto/data
+      - mosquitto_log:/mosquitto/log
+    networks:
+      - internal
+
+volumes:
+  db_data:
+  mosquitto_data:
+  mosquitto_log:
+
+networks:
+  internal:
+  proxy:
+    # Gemeinsames Netz mit dem Reverse Proxy (z. B. Traefik/Nginx Proxy Manager).
+    # Falls der Proxy ein eigenes externes Netz verwaltet, hier name: und external: true setzen.
+    # Beispiel:
+    #   name: proxy
+    #   external: true
diff --git a/deploy/mosquitto/config/mosquitto.conf b/deploy/mosquitto/config/mosquitto.conf
new file mode 100644
index 0000000..f21209b
--- /dev/null
+++ b/deploy/mosquitto/config/mosquitto.conf
@@ -0,0 +1,11 @@
+listener 1883
+allow_anonymous false
+password_file /mosquitto/config/passwd
+
+persistence true
+persistence_location /mosquitto/data/
+
+log_dest file /mosquitto/log/mosquitto.log
+log_type error
+log_type warning
+log_type notice