diff --git a/README.md b/README.md new file mode 100644 index 0000000..0671934 --- /dev/null +++ b/README.md @@ -0,0 +1,39 @@ +# BreakPilot PWA (ARCHIVED) + +> **Dieses Repository ist archiviert.** Alle Services wurden in die folgenden Projekte migriert. + +## Migration (2026-02-14) + +| Service | Neues Projekt | Container | +|---------|---------------|-----------| +| Studio v2 | breakpilot-lehrer | bp-lehrer-studio-v2 | +| Admin | breakpilot-lehrer | bp-lehrer-admin | +| Website | breakpilot-lehrer | bp-lehrer-website | +| Backend (Lehrer) | breakpilot-lehrer | bp-lehrer-backend | +| Klausur Service | breakpilot-lehrer | bp-lehrer-klausur-service | +| School Service | breakpilot-lehrer | bp-lehrer-school-service | +| Voice Service | breakpilot-lehrer | bp-lehrer-voice-service | +| Geo Service | breakpilot-lehrer | bp-lehrer-geo-service | +| Backend (Core) | breakpilot-core | bp-core-backend | +| Postgres | breakpilot-core | bp-core-postgres | +| Valkey | breakpilot-core | bp-core-valkey | +| Nginx | breakpilot-core | bp-core-nginx | +| Vault | breakpilot-core | bp-core-vault | +| Qdrant | breakpilot-core | bp-core-qdrant | +| MinIO | breakpilot-core | bp-core-minio | +| Embedding Service | breakpilot-core | bp-core-embedding-service | +| Night Scheduler | breakpilot-core | bp-core-night-scheduler | +| Pitch Deck | breakpilot-core | bp-core-pitch-deck | +| Gitea | breakpilot-core | bp-core-gitea | +| Woodpecker CI | breakpilot-core | bp-core-woodpecker-server | +| Jitsi | breakpilot-core | bp-core-jitsi-* | +| AI Compliance SDK | breakpilot-compliance | bp-compliance-ai-sdk | +| Developer Portal | breakpilot-compliance | bp-compliance-developer-portal | +| DSMS | breakpilot-compliance | bp-compliance-dsms-* | +| Backend (Compliance) | breakpilot-compliance | bp-compliance-backend | + +## Neue Repos + +- **breakpilot-core**: Shared Infrastructure (Postgres, Nginx, Vault, Qdrant, MinIO, etc.) +- **breakpilot-lehrer**: Bildungs-Stack (Studio, Admin, Backend, Klausur, Voice, etc.) +- **breakpilot-compliance**: DSGVO/Compliance-Stack (Admin, SDK, DSMS, Developer Portal) diff --git a/docker-compose.yml b/docker-compose.yml index 6b9e1d0..9d3c809 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,9 +16,7 @@ services: - "8000:8000" # HTTPS Backend API - "8086:8086" # HTTPS Klausur Service - "8089:8089" # HTTPS Edu-Search proxy (edu-search runs on 8088) - - "8093:8093" # HTTPS AI Compliance SDK - "8443:8443" # HTTPS Jitsi Meet (https://macmini:8443/) - - "3006:3006" # HTTPS Developer Portal (https://macmini:3006/) volumes: - ./nginx/conf.d:/etc/nginx/conf.d:ro - vault_certs:/etc/nginx/certs:ro @@ -35,14 +33,10 @@ services: condition: service_started website: condition: service_started - ai-compliance-sdk: - condition: service_started admin-v2: condition: service_started jitsi-web: condition: service_started - developer-portal: - condition: service_started extra_hosts: - "breakpilot-edu-search:host-gateway" networks: @@ -744,7 +738,6 @@ services: - BACKEND_URL=http://backend:8000 - CONSENT_SERVICE_URL=http://consent-service:8081 - KLAUSUR_SERVICE_URL=http://klausur-service:8086 - - SDK_URL=http://ai-compliance-sdk:8090 # Woodpecker CI Status - WOODPECKER_URL=${WOODPECKER_URL:-http://woodpecker-server:8000} - WOODPECKER_TOKEN=${WOODPECKER_TOKEN:-} @@ -759,25 +752,6 @@ services: depends_on: - backend - consent-service - - ai-compliance-sdk - networks: - - breakpilot-pwa-network - restart: unless-stopped - - # ============================================ - # Developer Portal - Oeffentliches SDK-Dokumentationsportal - # Access: https://macmini:3006/ - # ============================================ - developer-portal: - build: - context: ./developer-portal - dockerfile: Dockerfile - platform: linux/arm64 - container_name: breakpilot-pwa-developer-portal - expose: - - "3000" - environment: - - NODE_ENV=production networks: - breakpilot-pwa-network restart: unless-stopped @@ -798,106 +772,13 @@ services: - NODE_ENV=production - DATABASE_URL=postgres://breakpilot:breakpilot123@host.docker.internal:5432/breakpilot_db - OLLAMA_URL=http://host.docker.internal:11434 - - OLLAMA_MODEL=qwen2.5:32b + - OLLAMA_MODEL=qwen3:30b-a3b extra_hosts: - "host.docker.internal:host-gateway" networks: - breakpilot-pwa-network restart: unless-stopped - # ============================================ - # AI Compliance SDK - Multi-Tenant RBAC & LLM Gateway - # Go auf Port 8090 (intern), 8093 (extern) - # CFO Use-Case: Namespace-isolierte KI-Nutzung - # ============================================ - ai-compliance-sdk: - build: - context: ./ai-compliance-sdk - dockerfile: Dockerfile - platform: linux/arm64 # Mac Mini Apple Silicon - container_name: breakpilot-pwa-ai-compliance-sdk - # Port 8093 wird über nginx proxied (ai-compliance-sdk:8090 intern) - environment: - - PORT=8090 - - ENVIRONMENT=${ENVIRONMENT:-development} - # PostgreSQL for RBAC, Policies, Audit - - DATABASE_URL=postgres://breakpilot:breakpilot123@postgres:5432/breakpilot_db?sslmode=disable - - JWT_SECRET=${JWT_SECRET:-your-super-secret-jwt-key-change-in-production} - # LLM Provider Configuration - - LLM_PROVIDER=${SDK_LLM_PROVIDER:-ollama} - - LLM_FALLBACK_PROVIDER=${SDK_LLM_FALLBACK_PROVIDER:-anthropic} - # Ollama (Mac Mini lokal - DSGVO-konform) - - OLLAMA_URL=${OLLAMA_BASE_URL:-http://host.docker.internal:11434} - - OLLAMA_DEFAULT_MODEL=${OLLAMA_DEFAULT_MODEL:-qwen2.5:14b} - # Anthropic (Cloud-Fallback via Syseleven BSI-Cloud) - - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-} - - ANTHROPIC_DEFAULT_MODEL=${ANTHROPIC_DEFAULT_MODEL:-claude-sonnet-4-20250514} - # PII Detection & Redaction - - PII_REDACTION_ENABLED=${PII_REDACTION_ENABLED:-true} - - PII_REDACTION_LEVEL=${PII_REDACTION_LEVEL:-strict} - # Audit Trail - - AUDIT_RETENTION_DAYS=${AUDIT_RETENTION_DAYS:-365} - - AUDIT_LOG_PROMPTS=${AUDIT_LOG_PROMPTS:-false} - # CORS - - ALLOWED_ORIGINS=http://localhost:3002,https://macmini:3002,http://admin-v2:3000 - extra_hosts: - - "host.docker.internal:host-gateway" - depends_on: - postgres: - condition: service_healthy - networks: - - breakpilot-pwa-network - healthcheck: - test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8090/health"] - interval: 30s - timeout: 3s - start_period: 10s - retries: 3 - restart: unless-stopped - - # DSMS Node - Dezentrales Speichersystem (Private IPFS) - dsms-node: - build: - context: ./dsms-node - dockerfile: Dockerfile - container_name: breakpilot-pwa-dsms-node - ports: - - "4001:4001" # Swarm P2P - - "5001:5001" # IPFS API - - "8085:8080" # IPFS Gateway (8085 um Konflikt mit Backend zu vermeiden) - volumes: - - dsms_data:/data/ipfs - environment: - - IPFS_PROFILE=server - networks: - - breakpilot-pwa-network - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "ipfs id > /dev/null 2>&1 || exit 1"] - interval: 30s - timeout: 10s - start_period: 30s - retries: 3 - - # DSMS Gateway - REST API für DSMS - dsms-gateway: - build: - context: ./dsms-gateway - dockerfile: Dockerfile - container_name: breakpilot-pwa-dsms-gateway - ports: - - "8082:8082" - environment: - - IPFS_API_URL=http://dsms-node:5001 - - IPFS_GATEWAY_URL=http://dsms-node:8080 - - JWT_SECRET=${JWT_SECRET:-your-super-secret-jwt-key-change-in-production} - depends_on: - dsms-node: - condition: service_healthy - networks: - - breakpilot-pwa-network - restart: unless-stopped - # ============================================ # Jitsi Meet - Videokonferenzen für Schulungen # Web UI: http://localhost:8443 @@ -1697,32 +1578,6 @@ services: - breakpilot-pwa-network restart: unless-stopped - # ============================================ - # Night Scheduler - Nachtabschaltung - # Stoppt Services nachts, startet sie morgens - # API: http://localhost:8096 - # ============================================ - night-scheduler: - build: ./night-scheduler - container_name: breakpilot-pwa-night-scheduler - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./night-scheduler/config:/config - - ./docker-compose.yml:/app/docker-compose.yml:ro - environment: - - COMPOSE_PROJECT_NAME=breakpilot-pwa - ports: - - "8096:8096" - networks: - - breakpilot-pwa-network - restart: unless-stopped - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8096/health"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 10s - # ============================================ # Woodpecker CI - Agent # Executes pipeline steps in containers @@ -1774,8 +1629,6 @@ volumes: # Valkey Session Cache valkey_data: driver: local - dsms_data: - driver: local klausur_uploads: driver: local eh_uploads: diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf index 642f390..1162c74 100644 --- a/nginx/conf.d/default.conf +++ b/nginx/conf.d/default.conf @@ -276,22 +276,6 @@ server { proxy_read_timeout 300s; } - # Proxy SDK API requests to AI Compliance SDK (same origin = no CORS issues) - # Only /sdk/v1/ is forwarded to the SDK backend, /sdk/einwilligungen/* etc are frontend pages - location /sdk/v1/ { - set $upstream_sdk ai-compliance-sdk:8090; - proxy_pass http://$upstream_sdk; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - # Longer timeout for LLM requests - proxy_read_timeout 300s; - proxy_connect_timeout 60s; - proxy_send_timeout 300s; - } - # Proxy Documentation (MkDocs) - same origin = no mixed content issues location /docs/ { set $upstream_docs docs:80; @@ -317,65 +301,6 @@ server { } } -# HTTPS - Developer Portal on port 3006 -# Oeffentliches SDK-Dokumentationsportal (kein Auth) -server { - listen 3006 ssl; - http2 on; - server_name macmini localhost; - - ssl_certificate /etc/nginx/certs/macmini.crt; - ssl_certificate_key /etc/nginx/certs/macmini.key; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; - ssl_prefer_server_ciphers off; - - location / { - set $upstream_devportal developer-portal:3000; - proxy_pass http://$upstream_devportal; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - } -} - -# HTTPS - AI Compliance SDK on port 8093 -# Multi-Tenant RBAC, LLM Gateway, Audit Trail -server { - listen 8093 ssl; - http2 on; - server_name macmini localhost; - - ssl_certificate /etc/nginx/certs/macmini.crt; - ssl_certificate_key /etc/nginx/certs/macmini.key; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; - ssl_prefer_server_ciphers off; - - # SDK endpoints - allow larger payloads for LLM requests - client_max_body_size 10M; - - location / { - set $upstream_sdk ai-compliance-sdk:8090; - proxy_pass http://$upstream_sdk; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - # Longer timeout for LLM requests - proxy_read_timeout 300s; - proxy_connect_timeout 60s; - proxy_send_timeout 300s; - } -} - # HTTPS - Edu-Search Service on port 8089 # Proxies to edu-search container running on port 8088 server {