Fix MariaDB Docker volume permissions and improve startup reliability

- Updated permissions for the MariaDB data volume to ensure proper write access during container startup.
- Adjusted health check settings to provide more time for MariaDB initialization, avoiding premature failures.
- Added instructions for reinitializing Docker volumes to avoid corrupted state issues.
- Tested volume mounts to confirm MariaDB startup completes without extended delays.

README.md

@@ -1,11 +1,10 @@
 # AutoMate Project
 
 ## Overview
-AutoMate is a one-person IT automation project designed to streamline and automate administrative tasks.
-This project aims to minimize manual work for tasks such as document processing, task management, billing, 
-and reporting through open-source, on-premise tools.
+AutoMate is a one-person IT automation project designed to streamline and automate administrative tasks. This project aims to minimize manual work for tasks such as document processing, task management, billing, and reporting through open-source, on-premise tools.
 
 ## Project Structure
+
 - **docs/**: Documentation for setup, usage, and maintenance.
 - **src/**: Main codebase, including Docker configuration and automation scripts.
   - **configs/**: Configuration files for different services.
@@ -16,7 +15,6 @@ and reporting through open-source, on-premise tools.
 - **logs/**: Application logs.
 
 ## Environment Variables
-
 Create a `.env` file in the project root with the following placeholders (to be replaced with actual values):
 
 ```bash
@@ -57,27 +55,68 @@ KEYCLOAK_DB_PASSWORD=randomGeneratedPassword
 N8N_USER=n8n_user
 N8N_PASSWORD=randomGeneratedPassword
 ```
+
 ## Installation
 
-### Step 1: Install Docker
+### Start Docker Script
+To start all Docker services after a reset, you can use the `start_docker.sh` script located in the `src/scripts` directory. Use the following command to run the script:
+
+```bash
+cd ~/AutoMate/src/scripts
+./start_docker.sh
+```
+
+This script will ensure that all necessary data directories are created before starting Docker Compose.
+
 
+### Docker Reset Script
+
+To reset all Docker data, including containers, images, volumes, and networks, you can use the `reset_docker.sh` script located in the `src/scripts` directory. Use the following command to run the script:
+
+```bash
+cd ~/AutoMate/src/scripts
+./reset_docker.sh [-d]
+```
+
+- Use the `-d` option to also delete persistent data directories.
+To reset all Docker data, including containers, images, volumes, and networks, you can use the `reset_docker.sh` script located in the `src/scripts` directory. Use the following command to run the script:
+
+```bash
+cd ~/AutoMate/src/scripts
+./reset_docker.sh [-d]
+```
+
+**Note**: This will delete all Docker data and return Docker to a clean state. Use with caution.
+
+- Use the `-d` option to also delete persistent data directories.
+
+### Step 1: Install Docker
 To install Docker on a new system, you can use the provided installation script. Run the following commands in the `src/scripts` directory:
 
 ```bash
 cd ~/AutoMate/src/scripts
 ./install_docker.sh
 ```
+
 This script will install Docker and add the current user to the Docker group. **Note:** You will need to log out and log back in for the group permissions to take effect.
 
 ### Step 2: Docker Compose Setup
-
 1. **Navigate to the Docker Config Directory**:
 
    ```bash
    cd ~/AutoMate/src/docker
    ```
 
-2. **Start Docker Compose**:
+2. **Create Necessary Data Directories**:
+
+   Before starting Docker Compose, ensure the data directories exist. You can create them using the following commands:
+
+   ```bash
+   mkdir -p ~/AutoMate/data/keycloak
+   mkdir -p ~/AutoMate/data/keycloak_db
+   ```
+
+3. **Start Docker Compose**:
 
    Use Docker Compose to start all configured services.
 
@@ -85,7 +124,7 @@ This script will install Docker and add the current user to the Docker group. **
    docker-compose up -d
    ```
 
-3. **Check Status**:
+4. **Check Status**:
 
    To confirm that all services are running, use:
 
@@ -94,8 +133,7 @@ This script will install Docker and add the current user to the Docker group. **
    ```
 
 ## SSL Certificate Setup
-
-The project includes a script to generate self-signed SSL certificates for local development. 
+The project includes a script to generate self-signed SSL certificates for local development.
 
 1. **Run the SSL Generation Script**:
 
@@ -109,7 +147,6 @@ The project includes a script to generate self-signed SSL certificates for local
    - `.pfx` file for importing into Windows to prevent SSL errors.
 
 ## NGINX Reverse Proxy
-
 NGINX is used as a reverse proxy to route traffic to different services via subdomains (e.g., `auth.mrx8086.com` for Keycloak).
 
 ### Configuration
@@ -123,7 +160,6 @@ The NGINX configuration is stored in `src/configs/nginx/nginx.conf`. It is set u
 Make sure to add these subdomains to your hosts file for local testing.
 
 ## Creating an Admin User for Paperless-ngx
-
 After starting the Paperless-ngx service for the first time, you need to create a superuser (admin) account to access the interface. Follow these steps:
 
 1. **Run the following command in your project directory to enter the Paperless-ngx container**:
@@ -142,13 +178,11 @@ After starting the Paperless-ngx service for the first time, you need to create
    - Use the username and password you just created to log in as the admin.
 
 ## Setting Up Kimai (Time Tracking)
-
 1. **Access Kimai**:
    - Open your web browser and go to `http://time.mrx8086.com`.
    - Log in with the `KIMAI_ADMIN_USER` and `KIMAI_ADMIN_PASSWORD` values you set in `.env`.
 
 ## Keycloak Setup
-
 1. **Run Keycloak**:
    - Start Keycloak by running `docker-compose up -d keycloak`.
    - Access the Keycloak admin console at [http://auth.mrx8086.com](http://auth.mrx8086.com) with the credentials set in `.env`.
@@ -162,7 +196,6 @@ After starting the Paperless-ngx service for the first time, you need to create
    - Follow Keycloak documentation for setting up clients with OpenID Connect.
 
 ## Accessing Services
-
 Each service can be accessed using the following URLs:
 - **Paperless-ngx**: [http://docs.mrx8086.com](http://docs.mrx8086.com)
 - **Nextcloud**: [http://cloud.mrx8086.com](http://cloud.mrx8086.com)
@@ -171,7 +204,4 @@ Each service can be accessed using the following URLs:
 - **Keycloak**: [http://auth.mrx8086.com](http://auth.mrx8086.com)
 
 ## Contributing
-
-Please ensure any modifications are tested locally before pushing changes to the repository. 
-All environment variables should be stored in `.env` and sensitive information should not be committed to the repository.
-```
+Please ensure any modifications are tested locally before pushing changes to the repository. All environment variables should be stored in `.env` and sensitive information should not be committed to the repository.

src/configs/nextcloud/config.php

@@ -1,57 +1,67 @@
-<?php
-$CONFIG = array (
-    // Vorhandene Konfigurationen
-    'htaccess.RewriteBase' => '/',
-    'memcache.local' => '\\OC\\Memcache\\APCu',
-    'apps_paths' => 
-    array (
-        0 => 
-        array (
-            'path' => '/var/www/html/apps',
-            'url' => '/apps',
-            'writable' => false,
-        ),
-        1 => 
-        array (
-            'path' => '/var/www/html/custom_apps',
-            'url' => '/custom_apps',
-            'writable' => true,
-        ),
-    ),
-    'upgrade.disable-web' => true,
-    'instanceid' => 'ocjo4cs4dcis',
-    'passwordsalt' => 'ylWtmswXFQJgVHCYeumxhR5uzUCIYN',
-    'secret' => 'd8qzGMcBrLAHjjFWb7PsmIlvyhHUqyDFjqVC4nfiOzvpSipx',
-    'trusted_domains' => 
-      array (
-        0 => 'cloud.mrx8086.com', // Das ist deine Nextcloud-Domain
-        1 => 'auth.mrx8086.com',   // Füge hier die Keycloak-Domain hinzu
-      ),
-    'datadirectory' => '/var/www/html/data',
-    'dbtype' => 'mysql',
-    'version' => '30.0.2.2',
-    'overwrite.cli.url' => 'https://cloud.mrx8086.com',
-    'dbname' => 'nextcloud_db',
-    'dbhost' => 'nextcloud-db',
-    'dbport' => '',
-    'dbtableprefix' => 'oc_',
-    'mysql.utf8mb4' => true,
-    'dbuser' => 'nextcloud_user',
-    'dbpassword' => 'nextcloudpass',
-    'installed' => true,
-    'overwriteprotocol' => 'https',
-    'trusted_proxies' => ['172.18.0.5', 'nginx-proxy-manager', '172.18.0.1'],
-    'maintenance_window_start' => '02:00',
-    'config_is_read_only' => true,
-  
-    // OpenID Connect Konfiguration hinzufügen
-    'oidc_login' => [
-        'auto_redirect' => true,
-        'client_id' => 'nextcloud', // Setze deine Client ID hier ein
-        'client_secret' => '7YVLBrKkMYbLGgiBouS5blq6A48swMYb', // Setze dein Client Secret hier ein
-        'issuer' => 'https://auth.mrx8086.com:8443/realms/mrx8086.com', // Setze hier die URL deines Keycloak Realm ein
-        'redirect_uri' => 'https://cloud.mrx8086.com/apps/oidc_login/oidc',
-        'end_session_redirect' => 'https://cloud.mrx8086.com',
-        'login_button_text' => 'Login with Keycloak', // Optionaler Text für den Button
-    ],
-);
+<?php
+$CONFIG = array (
+
+    'htaccess.RewriteBase' => '/',
+    'memcache.local' => '\\OC\\Memcache\\APCu',
+    'apps_paths' => 
+    array (
+        0 => 
+        array (
+            'path' => '/var/www/html/apps',
+            'url' => '/apps',
+            'writable' => false,
+        ),
+        1 => 
+        array (
+            'path' => '/var/www/html/custom_apps',
+            'url' => '/custom_apps',
+            'writable' => true,
+        ),
+    ),
+    'upgrade.disable-web' => true,
+    'instanceid' => 'ocjo4cs4dcis',
+    'passwordsalt' => 'ylWtmswXFQJgVHCYeumxhR5uzUCIYN',
+    'secret' => 'd8qzGMcBrLAHjjFWb7PsmIlvyhHUqyDFjqVC4nfiOzvpSipx',
+    'trusted_domains' => 
+      array (
+        0 => 'cloud.mrx8086.com', // Das ist deine Nextcloud-Domain
+        1 => 'auth.mrx8086.com',   // Füge hier die Keycloak-Domain hinzu
+      ),
+    'datadirectory' => '/var/www/html/data',
+    'dbtype' => 'mysql',
+    'version' => '30.0.2.2',
+    'overwrite.cli.url' => 'https://cloud.mrx8086.com',
+    'dbname' => 'nextcloud_db',
+    'dbhost' => 'nextcloud-db',
+    'dbport' => '',
+    'dbtableprefix' => 'oc_',
+    'mysql.utf8mb4' => true,
+    'dbuser' => 'nextcloud_user',
+    'dbpassword' => 'nextcloudpass',
+    'installed' => true,
+    'overwriteprotocol' => 'https',
+    'trusted_proxies' => ['172.18.0.0/16', 'nginx-proxy-manager'],
+    'bruteforce.protection.whitelist' => ['172.18.0.1'],
+    'maintenance_window_start' => '02:00',
+    // 'config_is_read_only' => true,
+    'forwarded_for_headers' => ['HTTP_X_FORWARDED_FOR'],
+    
+    // OpenID Connect Konfiguration hinzufügen
+    'oidc_login' => [
+        'auto_redirect' => false,
+        'client_id' => 'nextcloud', // Setze deine Client ID hier ein
+        'client_secret' => '7YVLBrKkMYbLGgiBouS5blq6A48swMYb', // Setze dein Client Secret hier ein
+        'issuer' => 'https://auth.mrx8086.com:8443/realms/mrx8086.com', // Setze hier die URL deines Keycloak Realm ein
+        'redirect_uri' => 'https://cloud.mrx8086.com/apps/oidc_login/oidc',
+        'end_session_redirect' => 'https://cloud.mrx8086.com',
+        'login_button_text' => 'Login with Keycloak', // Optionaler Text für den Button
+    ],
+
+    // DEBUG LOGS
+    'loglevel' => 0,  // Loglevel auf Debug setzen (0 = Debug, 1 = Info, 2 = Warnung, 3 = Fehler, 4 = Fatal)
+    'log_type' => 'file',  // Art des Logs (standardmäßig Datei-basiert)
+    'logfile' => '/var/www/html/data/nextcloud.log',  // Pfad zur Logdatei
+    'log_rotate_size' => 104857600,  // Maximale Größe der Logdatei in Bytes (z.B. 100 MB)
+    'logdateformat' => 'F d, Y H:i:s',  // Format für das Datum in Logs
+    'logtimezone' => 'Europe/Berlin',  // Setze die Zeitzone für die Logs
+);

src/configs/nextcloud/hsts.conf

@@ -1,4 +1,4 @@
-# hsts.conf
-<IfModule mod_headers.c>
-    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
-</IfModule>
+# hsts.conf
+<IfModule mod_headers.c>
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+</IfModule>

src/configs/nextcloud/nextcloud-ssl.conf

@@ -1,27 +1,27 @@
-<VirtualHost *:443>
-    ServerAdmin webmaster@localhost
-    DocumentRoot /var/www/html
-    ServerName cloud.mrx8086.com
-
-    SSLEngine on
-    SSLCertificateFile /etc/ssl/certs/mrx8086.com/fullchain.pem
-    SSLCertificateKeyFile /etc/ssl/certs/mrx8086.com/privkey.pem
-    SSLCertificateChainFile /etc/ssl/certs/mrx8086.com/chain.pem
-
-    <Directory /var/www/html>
-        Options +FollowSymlinks
-        AllowOverride All
-        Require all granted
-        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
-        Header always set Referrer-Policy "no-referrer"
-        Header always set X-Content-Type-Options "nosniff"
-        Header always set X-Frame-Options "SAMEORIGIN"
-        Header always set X-XSS-Protection "1; mode=block"
-        SetEnv HOME /var/www/html
-        SetEnv HTTP_HOME /var/www/html
-    </Directory>
-
-    ErrorLog ${APACHE_LOG_DIR}/error.log
-    CustomLog ${APACHE_LOG_DIR}/access.log combined
-</VirtualHost>
-
+<VirtualHost *:443>
+    ServerAdmin webmaster@localhost
+    DocumentRoot /var/www/html
+    ServerName cloud.mrx8086.com
+
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/mrx8086.com/fullchain.pem
+    SSLCertificateKeyFile /etc/ssl/certs/mrx8086.com/privkey.pem
+    SSLCertificateChainFile /etc/ssl/certs/mrx8086.com/chain.pem
+
+    <Directory /var/www/html>
+        Options +FollowSymlinks
+        AllowOverride All
+        Require all granted
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        Header always set Referrer-Policy "no-referrer"
+        Header always set X-Content-Type-Options "nosniff"
+        Header always set X-Frame-Options "SAMEORIGIN"
+        Header always set X-XSS-Protection "1; mode=block"
+        SetEnv HOME /var/www/html
+        SetEnv HTTP_HOME /var/www/html
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+

src/docker/.env

@@ -1,40 +1,15 @@
-# .env Datei für Paperless-ngx
-PAPERLESS_DB_HOST=paperless-db
-PAPERLESS_DB_NAME=paperless_db
-PAPERLESS_DB_USER=paperless_user
-PAPERLESS_DB_PASSWORD=geheimespasswort
-
-# Nextcloud Konfiguration
-NEXTCLOUD_DB_HOST=nextcloud-db
-NEXTCLOUD_DB_NAME=nextcloud_db
-NEXTCLOUD_DB_USER=nextcloud_user
-NEXTCLOUD_DB_PASSWORD=nextcloudpass
-NEXTCLOUD_DB_ROOT_PASSWORD=rootpasswort
-
-# Kimai Konfiguration
-KIMAI_DB_HOST=kimai-db
-KIMAI_DB_NAME=kimai_db
-KIMAI_DB_USER=kimai_user
-KIMAI_DB_PASSWORD=kimai_pass
-KIMAI_DB_ROOT_PASSWORD=kimai_rootpass
-
-# Kimai Administrator-Konfiguration
-KIMAI_ADMIN_EMAIL=admin@example.com  # Passe diese an, um eine gültige Admin-E-Mail zu verwenden
-KIMAI_ADMIN_PASSWORD=change_me_admin_password  # Verwende ein starkes Passwort
-
-# Kimai App Secret
-KIMAI_APP_SECRET=replace_with_secure_random_value  # Verwende einen sicheren, zufällig generierten Schlüssel
-
-# n8n Konfiguration
-N8N_USER=admin
-N8N_PASSWORD=adminpass
-N8N_DB_NAME=n8n_db
-N8N_DB_USER=n8n_user
-N8N_DB_PASSWORD=n8n_db_pass
-
 # Keycloak Konfiguration
 KEYCLOAK_DB_NAME=keycloakdb
 KEYCLOAK_DB_USER=keycloak_user
 KEYCLOAK_DB_PASSWORD=keycloak_password
 KEYCLOAK_ADMIN_USER=admin
-KEYCLOAK_ADMIN_PASSWORD=change_me
+KEYCLOAK_ADMIN_PASSWORD=change_me
+KEYCLOAK_DB_ROOT_PASSWORD=root_password
+KEYCLOAK_DB=keycloakdb
+KEYCLOAK_DB_USERNAME=keycloak_user
+
+# Keycloak HTTPS Konfiguration
+KEYCLOAK_HOSTNAME=mrx8086.com
+KEYCLOAK_HOSTNAME_STRICT=false
+KEYCLOAK_KEY_STORE_FILE=/opt/keycloak/certs/keystore.p12
+KEYCLOAK_KEY_STORE_PASSWORD=changeit

src/docker/Dockerfile.keycloak

@@ -0,0 +1,38 @@
+# Basisbild von Keycloak verwenden
+FROM quay.io/keycloak/keycloak:latest
+
+# Übergebe Build-Argumente an Dockerfile
+ARG KEYCLOAK_ADMIN_USER
+ARG KEYCLOAK_ADMIN_PASSWORD
+ARG KEYCLOAK_DB
+ARG KEYCLOAK_DB_USERNAME
+ARG KEYCLOAK_DB_PASSWORD
+ARG KEYCLOAK_HOSTNAME
+
+# Setzen der ENV-Variablen
+ENV KC_DB=mysql
+ENV KC_DB_URL=jdbc:mysql://keycloak_db:3306/${KEYCLOAK_DB}
+ENV KC_DB_USERNAME=${KEYCLOAK_DB_USERNAME}
+ENV KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+ENV KC_HOSTNAME=${KEYCLOAK_HOSTNAME}
+ENV KC_HTTPS_KEY_STORE_FILE=/opt/keycloak/certs/keystore.jks
+ENV KC_HTTPS_KEY_STORE_PASSWORD=changeit
+
+# Kopiere den Keystore in den Container
+COPY src/configs/certs/mrx8086.com/keystore.jks /opt/keycloak/certs/keystore.jks
+
+# Führe den Build-Befehl aus, um eine optimierte Version zu erzeugen
+RUN /opt/keycloak/bin/kc.sh build
+
+# Setze den Startbefehl für den Container
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start",                 \
+    "--db=mysql",                                               \
+    "--db-url=jdbc:mysql://keycloak_db:3306/${KEYCLOAK_DB}",    \
+    "--db-username=${KEYCLOAK_DB_USERNAME}",                    \
+    "--db-password=${KEYCLOAK_DB_PASSWORD}",                    \
+    "--https-key-store-file=/opt/keycloak/certs/keystore.jks",  \
+    "--https-key-store-password=changeit",                      \
+    "--hostname=${KEYCLOAK_HOSTNAME}",                          \
+    "--hostname-strict=false",                                  \
+    "--verbose"                                                 \
+]

src/docker/docker-compose.yml

@@ -1,263 +1,75 @@
 version: '3.8'
 
 services:
-  npm:
-    image: 'jc21/nginx-proxy-manager:latest'
-    container_name: 'nginx-proxy-manager'
-    restart: unless-stopped
-    ports:
-      - "80:80"
-      - "81:81"
-      - "443:443"
-    volumes:
-      - ../data/npm:/data
-      - ../data/npm_letsencrypt:/etc/letsencrypt
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.5
-
-  paperless:
-    image: 'ghcr.io/paperless-ngx/paperless-ngx:latest'
-    container_name: 'paperless'
-    restart: unless-stopped
-    environment:
-      - PAPERLESS_DB_HOST=${PAPERLESS_DB_HOST}
-      - PAPERLESS_DB_NAME=${PAPERLESS_DB_NAME}
-      - PAPERLESS_DB_USER=${PAPERLESS_DB_USER}
-      - PAPERLESS_DB_PASSWORD=${PAPERLESS_DB_PASSWORD}
-      - PAPERLESS_REDIS=redis://paperless-redis:6379
-    ports:
-      - "8000:8000"
-    volumes:
-      - ../data/paperless:/usr/src/paperless/data
-    depends_on:
-      - paperless-db
-      - paperless-redis
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.7
-
-  paperless-db:
-    image: 'postgres:13'
-    container_name: 'paperless-db'
-    restart: unless-stopped
-    environment:
-      - POSTGRES_DB=${PAPERLESS_DB_NAME}
-      - POSTGRES_USER=${PAPERLESS_DB_USER}
-      - POSTGRES_PASSWORD=${PAPERLESS_DB_PASSWORD}
-    ports:
-      - "5432:5432"  # Expose PostgreSQL on host port 5432
-    volumes:
-      - ../data/paperless_db:/var/lib/postgresql/data
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.8
-
-  paperless-redis:
-    image: 'redis:alpine'
-    container_name: 'paperless-redis'
-    ports:
-      - "6379:6379"
-    restart: unless-stopped
-    volumes:
-      - ../data/paperless_redis:/data
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.9
-
-  nextcloud:
-    image: 'nextcloud:latest'
-    container_name: 'nextcloud'
-    restart: unless-stopped
-    environment:
-      - MYSQL_HOST=${NEXTCLOUD_DB_HOST}
-      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
-      - MYSQL_USER=${NEXTCLOUD_DB_USER}
-      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
-      - OVERWRITEPROTOCOL=https   # Setze das Protokoll auf HTTPS
-      - TRUSTED_PROXIES=172.18.0.5  # Setze die trusted_proxies
-      - OVERWRITE_CLI_URL=https://cloud.mrx8086.com  # Setze die CLI-URL auf HTTPS      
-    ports:
-      - "9080:80"    # HTTP Port für Nextcloud
-      - "9443:443"   # HTTPS Port für Nextcloud
-    volumes:
-      - ../data/nextcloud:/var/www/html
-      - ../configs/certs/mrx8086.com:/etc/ssl/certs/mrx8086.com
-      - ../configs/nextcloud/nextcloud-ssl.conf:/etc/apache2/sites-available/nextcloud-ssl.conf
-      - ../configs/nextcloud/hsts.conf:/etc/apache2/conf-available/hsts.conf  # HSTS Konfiguration hinzufügen
-      - ../configs/nextcloud/config.php:/var/www/html/config/config.php  # Überschreibe config.php
-    depends_on:
-      - nextcloud-db
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.11
-    extra_hosts:
-      - "auth.mrx8086.com:172.18.0.6"
-      - "cloud.mrx8086.com:172.18.0.11"
-    command:  >
-      bash -c "
-      a2enmod ssl &&
-      a2ensite nextcloud-ssl &&
-      a2enconf hsts &&
-      apache2-foreground"
-
-  nextcloud-db:
-    image: 'mariadb:latest'
-    container_name: 'nextcloud-db'
-    restart: unless-stopped
-    environment:
-      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
-      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
-      - MYSQL_USER=${NEXTCLOUD_DB_USER}
-      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
-    ports:
-      - "3306:3306"
-    volumes:
-      - ../data/nextcloud_db:/var/lib/mysql
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.12
-
-  kimai:
-    image: 'kimai/kimai2:apache'
-    container_name: 'kimai'
-    restart: unless-stopped
-    environment:
-      - APP_ENV=prod
-      - DATABASE_URL=mysql://${KIMAI_DB_USER}:${KIMAI_DB_PASSWORD}@${KIMAI_DB_HOST}/${KIMAI_DB_NAME}
-      - TRUSTED_PROXIES=nginx,localhost,127.0.0.1  # Vertrauenswürdige Proxies für Reverse Proxy Setup
-      - ADMINMAIL=${KIMAI_ADMIN_EMAIL}            # E-Mail für den Admin
-      - ADMINPASS=${KIMAI_ADMIN_PASSWORD}         # Passwort für den Admin
-      - TIMEZONE=Europe/Berlin                    # Zeitzone für Kimai
-      - APP_SECRET=${KIMAI_APP_SECRET}            # Sicherer Secret Key für die Anwendung
-    ports:
-      - "8001:8001"
-    volumes:
-      - data:/opt/kimai/var/data
-      - plugins:/opt/kimai/var/plugins
-    depends_on:
-      - kimai-db
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.13
-
-  kimai-db:
-    image: 'mariadb:10.5'
-    container_name: 'kimai-db'
-    restart: unless-stopped
-    environment:
-      - MYSQL_ROOT_PASSWORD=${KIMAI_DB_ROOT_PASSWORD}
-      - MYSQL_DATABASE=${KIMAI_DB_NAME}
-      - MYSQL_USER=${KIMAI_DB_USER}
-      - MYSQL_PASSWORD=${KIMAI_DB_PASSWORD}
-    ports:
-      - "3307:3306"
-    volumes:
-      - ../data/kimai_db:/var/lib/mysql
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.14
-
-  n8n:
-    image: 'n8nio/n8n:latest'
-    container_name: 'n8n'
-    restart: unless-stopped
-    environment:
-      - N8N_BASIC_AUTH_ACTIVE=true
-      - N8N_BASIC_AUTH_USER=${N8N_USER}
-      - N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD}
-      - N8N_PORT=5678
-      - DB_TYPE=postgresdb
-      - DB_POSTGRESDB_HOST=n8n-db
-      - DB_POSTGRESDB_DATABASE=${N8N_DB_NAME}
-      - DB_POSTGRESDB_USER=${N8N_DB_USER}
-      - DB_POSTGRESDB_PASSWORD=${N8N_DB_PASSWORD}
-    ports:
-      - "5678:5678"
-    volumes:
-      - ../data/n8n:/home/node/.n8n
-    depends_on:
-      - n8n-db
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.15
-
-  n8n-db:
-    image: 'postgres:13'
-    container_name: 'n8n-db'
-    restart: unless-stopped
-    environment:
-      - POSTGRES_DB=${N8N_DB_NAME}
-      - POSTGRES_USER=${N8N_DB_USER}
-      - POSTGRES_PASSWORD=${N8N_DB_PASSWORD}
-    volumes:
-      - ../data/n8n_db:/var/lib/postgresql/data
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.16
-
   keycloak:
-    image: 'quay.io/keycloak/keycloak:latest'
-    container_name: 'keycloak'
-    restart: unless-stopped
+    build:
+      context: ../../
+      dockerfile: src/docker/Dockerfile.keycloak
+      args:
+        KEYCLOAK_ADMIN_USER: ${KEYCLOAK_ADMIN_USER}
+        KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+        KEYCLOAK_DB: ${KEYCLOAK_DB}
+        KEYCLOAK_DB_USERNAME: ${KEYCLOAK_DB_USERNAME}
+        KEYCLOAK_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+        KEYCLOAK_HOSTNAME: ${KEYCLOAK_HOSTNAME}
+    container_name: keycloak
     environment:
-      - KC_DB=postgres
-      - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/${KEYCLOAK_DB_NAME}
-      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
-      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
-      - KC_HOSTNAME=auth.mrx8086.com
-      - KC_PROXY=edge
-      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/fullchain.pem
-      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/privkey.pem
       - KC_BOOTSTRAP_ADMIN_USERNAME=${KEYCLOAK_ADMIN_USER}
       - KC_BOOTSTRAP_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
+      - KC_HOSTNAME=${KEYCLOAK_HOSTNAME}
+      - KC_HOSTNAME_STRICT=${KEYCLOAK_HOSTNAME_STRICT}
+      - KC_HTTPS_KEY_STORE_FILE=${KEYCLOAK_KEY_STORE_FILE}
+      - KC_HTTPS_KEY_STORE_PASSWORD=${KEYCLOAK_KEY_STORE_PASSWORD}
     ports:
+      - "8080:8080"
       - "8443:8443"
     volumes:
-      - ../configs/certs/mrx8086.com:/etc/x509/https
-      - ../data/keycloak_data:/opt/keycloak/data
-      - ../data/keycloak_transaction_logs:/opt/keycloak/data/transaction-logs
-      - ../data/keycloak_conf:/opt/keycloak/conf
-      - ../data/keycloak_logs:/opt/keycloak/log
-      - ../data/keycloak_tmp:/opt/keycloak/data/tmp   # <--- Neu hinzugefügt
-    command:
-      - start-dev
-    depends_on:
-      - keycloak-db
+      - keycloak_data:/opt/keycloak/data
+      - ${PWD}/../configs/certs/mrx8086.com/keystore.jks:/opt/keycloak/certs/keystore.jks:ro
     networks:
-      automate-network:
-        ipv4_address: 172.18.0.6
-    extra_hosts:
-      - "auth.mrx8086.com:172.18.0.6"
-      - "cloud.mrx8086.com:172.18.0.11"
+      - automate_net
+    depends_on:
+      keycloak_db:
+        condition: service_healthy
 
-  keycloak-db:
-    image: 'postgres:13'
-    container_name: 'keycloak-db'
-    restart: unless-stopped
+  keycloak_db:
+    image: mariadb:latest
+    container_name: keycloak_db
     environment:
-      - POSTGRES_DB=${KEYCLOAK_DB_NAME}
-      - POSTGRES_USER=${KEYCLOAK_DB_USER}
-      - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+      - MYSQL_ROOT_PASSWORD=${KEYCLOAK_DB_ROOT_PASSWORD}
+      - MYSQL_DATABASE=${KEYCLOAK_DB}
+      - MYSQL_USER=${KEYCLOAK_DB_USERNAME}
+      - MYSQL_PASSWORD=${KEYCLOAK_DB_PASSWORD}
     ports:
-      - "5433:5432" # Port für PostgreSQL erreichbar machen
+      - "3306:3306"      
     volumes:
-      - ../data/keycloak_db:/var/lib/postgresql/data
+      - keycloak_db_data:/var/lib/mysql
     networks:
-      automate-network:
-        ipv4_address: 172.18.0.17
-
-networks:
-  automate-network:
-    ipam:
-      config:
-        - subnet: 172.18.0.0/16
+      - automate_net
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 512M      
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      interval: 30s       # Prüfungen alle 30 Sekunden (statt 10s)
+      timeout: 10s        # Timeout 10 Sekunden (statt 5s)
+      retries: 10         # Anzahl der Wiederholungen (statt 5)
 
 volumes:
-  data:
-  plugins:
+  keycloak_data:
+    driver: local
+    driver_opts:
+      type: 'none'
+      device: '${PWD}/../../data/keycloak'
+      o: 'bind'
+  keycloak_db_data:
+    driver: local
+    driver_opts:
+      type: 'none'
+      device: '${PWD}/../../data/keycloak_db'
+      o: 'bind'
+
+networks:
+  automate_net:

src/scripts/reset_docker.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Script to completely reset Docker by removing all containers, images, volumes, and networks.
+# WARNING: This will delete ALL Docker data, use with caution.
+
+# Parse arguments
+DELETE_DATA_DIRECTORIES=false
+while getopts "d" opt; do
+  case $opt in
+    d)
+      DELETE_DATA_DIRECTORIES=true
+      ;;
+    *)
+      echo "Usage: $0 [-d]"
+      echo "  -d: Also delete data directories"
+      exit 1
+      ;;
+  esac
+done
+
+# Stop all running containers
+echo "Stopping all running Docker containers..."
+docker stop $(docker ps -aq)
+
+# Remove all containers
+echo "Removing all Docker containers..."
+docker rm $(docker ps -aq)
+
+# Remove all Docker images
+echo "Removing all Docker images..."
+docker rmi $(docker images -q) --force
+
+# Remove all Docker volumes if there are any
+if [ "$(docker volume ls -q)" ]; then
+    echo "Removing all Docker volumes..."
+    docker volume rm $(docker volume ls -q)
+else
+    echo "No Docker volumes to remove."
+fi
+
+# Remove all Docker networks (except the default ones)
+echo "Removing all Docker networks..."
+docker network prune -f
+
+# Remove any dangling resources
+echo "Removing dangling resources..."
+docker system prune -a -f --volumes
+
+# Optionally delete data directories if -d flag is set
+if [ "$DELETE_DATA_DIRECTORIES" = true ]; then
+  echo "Deleting data directories..."
+  rm -rf "$(dirname "$0")/../../data/keycloak"
+  rm -rf "$(dirname "$0")/../../data/keycloak_db"
+fi
+
+# Final message
+echo "Docker has been completely reset to a clean state."
+
+exit 0

src/scripts/restart_docker.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Script to restart Docker services using docker-compose
+# This script stops, removes, and then restarts all services defined in the docker-compose.yml file
+
+# Define the path to the docker-compose file
+docker_compose_path="$(dirname "$0")/../docker/docker-compose.yml"
+
+# Check if docker-compose file exists
+if [ ! -f "$docker_compose_path" ]; then
+  echo "Error: docker-compose.yml not found at $docker_compose_path"
+  exit 1
+fi
+
+# Navigate to the directory containing the docker-compose.yml file
+cd "$(dirname "$docker_compose_path")" || exit
+
+# Restart Docker containers
+echo "Stopping Docker services..."
+docker-compose down
+
+echo "Starting Docker services..."
+docker-compose up -d --build
+
+# Confirm that the services are running
+echo "Checking status of Docker services..."
+docker-compose ps
+
+# Final message
+echo "Docker services have been successfully restarted and reloaded."
+
+exit 0

src/scripts/start_docker.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Script to start Docker services using docker-compose
+# This script should be run after executing reset_docker.sh
+
+# Define the path to the docker-compose file
+docker_compose_path="$(dirname "$0")/../docker/docker-compose.yml"
+
+# Check if docker-compose file exists
+if [ ! -f "$docker_compose_path" ]; then
+  echo "Error: docker-compose.yml not found at $docker_compose_path"
+  exit 1
+fi
+
+# Create necessary directories for persistent data
+echo "Creating necessary directories for Docker volumes..."
+mkdir -p "$(dirname "$docker_compose_path")/../../data/keycloak"
+mkdir -p "$(dirname "$docker_compose_path")/../../data/keycloak_db"
+
+# Navigate to the directory containing the docker-compose.yml file
+cd "$(dirname "$docker_compose_path")" || exit
+
+# Start the Docker containers
+echo "Starting Docker services..."
+docker-compose up -d
+
+# Confirm that the services are running
+echo "Checking status of Docker services..."
+docker-compose ps
+
+# Final message
+echo "Docker services have been successfully started."
+
+exit 0

tmp.yml

@@ -1,253 +0,0 @@
-version: '3.8'
-
-services:
-  npm:
-    image: 'jc21/nginx-proxy-manager:latest'
-    container_name: 'nginx-proxy-manager'
-    restart: unless-stopped
-    ports:
-      - "80:80"
-      - "81:81"
-      - "443:443"
-    volumes:
-      - ../data/npm:/data
-      - ../data/npm_letsencrypt:/etc/letsencrypt
-    networks:
-      - automate-network
-
-  paperless:
-    image: 'ghcr.io/paperless-ngx/paperless-ngx:latest'
-    container_name: 'paperless'
-    restart: unless-stopped
-    environment:
-      - PAPERLESS_DB_HOST=${PAPERLESS_DB_HOST}
-      - PAPERLESS_DB_NAME=${PAPERLESS_DB_NAME}
-      - PAPERLESS_DB_USER=${PAPERLESS_DB_USER}
-      - PAPERLESS_DB_PASSWORD=${PAPERLESS_DB_PASSWORD}
-      - PAPERLESS_REDIS=redis://paperless-redis:6379
-    ports:
-      - "8000:8000"
-    volumes:
-      - ../data/paperless:/usr/src/paperless/data
-    depends_on:
-      - paperless-db
-      - paperless-redis
-    networks:
-      - automate-network
-
-  paperless-db:
-    image: 'postgres:13'
-    container_name: 'paperless-db'
-    restart: unless-stopped
-    environment:
-      - POSTGRES_DB=${PAPERLESS_DB_NAME}
-      - POSTGRES_USER=${PAPERLESS_DB_USER}
-      - POSTGRES_PASSWORD=${PAPERLESS_DB_PASSWORD}
-    ports:
-      - "5432:5432"  # Expose PostgreSQL on host port 5432
-    volumes:
-      - ../data/paperless_db:/var/lib/postgresql/data
-    networks:
-      - automate-network
-
-  paperless-redis:
-    image: 'redis:alpine'
-    container_name: 'paperless-redis'
-    ports:
-      - "6379:6379"
-    restart: unless-stopped
-    volumes:
-      - ../data/paperless_redis:/data
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    networks:
-      - automate-network
-
-  nextcloud:
-    image: 'nextcloud:latest'
-    container_name: 'nextcloud'
-    restart: unless-stopped
-    environment:
-      - MYSQL_HOST=${NEXTCLOUD_DB_HOST}
-      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
-      - MYSQL_USER=${NEXTCLOUD_DB_USER}
-      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
-      - OVERWRITEPROTOCOL=https   # Setze das Protokoll auf HTTPS
-      - TRUSTED_PROXIES=172.18.0.5  # Setze die trusted_proxies
-      - OVERWRITE_CLI_URL=https://cloud.mrx8086.com  # Setze die CLI-URL auf HTTPS      
-    ports:
-      - "9080:80"    # HTTP Port für Nextcloud
-      - "9443:443"   # HTTPS Port für Nextcloud
-    volumes:
-      - ../data/nextcloud:/var/www/html
-      - ../configs/certs/mrx8086.com:/etc/ssl/certs/mrx8086.com
-      - ../configs/nextcloud/nextcloud-ssl.conf:/etc/apache2/sites-available/nextcloud-ssl.conf
-      - ../configs/nextcloud/hsts.conf:/etc/apache2/conf-available/hsts.conf  # HSTS Konfiguration hinzufügen
-      - ../configs/nextcloud/config.php:/var/www/html/config/config.php  # Überschreibe config.php
-    depends_on:
-      - nextcloud-db
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.11
-    extra_hosts:
-      - "auth.mrx8086.com:172.18.0.6"
-      - "cloud.mrx8086.com:172.18.0.11"
-    command:  >
-      bash -c "
-      a2enmod ssl &&
-      a2ensite nextcloud-ssl &&
-      a2enconf hsts &&
-      apache2-foreground"
-  
-  nextcloud-db:
-    image: 'mariadb:latest'
-    container_name: 'nextcloud-db'
-    restart: unless-stopped
-    environment:
-      - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
-      - MYSQL_DATABASE=${NEXTCLOUD_DB_NAME}
-      - MYSQL_USER=${NEXTCLOUD_DB_USER}
-      - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
-    ports:
-      - "3306:3306"
-    volumes:
-      - ../data/nextcloud_db:/var/lib/mysql
-    networks:
-      - automate-network
-
-  kimai:
-    image: 'kimai/kimai2:apache'
-    container_name: 'kimai'
-    restart: unless-stopped
-    environment:
-      - APP_ENV=prod
-      - DATABASE_URL=mysql://${KIMAI_DB_USER}:${KIMAI_DB_PASSWORD}@${KIMAI_DB_HOST}/${KIMAI_DB_NAME}
-      - TRUSTED_PROXIES=nginx,localhost,127.0.0.1  # Vertrauenswürdige Proxies für Reverse Proxy Setup
-      - ADMINMAIL=${KIMAI_ADMIN_EMAIL}            # E-Mail für den Admin
-      - ADMINPASS=${KIMAI_ADMIN_PASSWORD}         # Passwort für den Admin
-      - TIMEZONE=Europe/Berlin                    # Zeitzone für Kimai
-      - APP_SECRET=${KIMAI_APP_SECRET}            # Sicherer Secret Key für die Anwendung
-    ports:
-      - "8001:8001"
-    volumes:
-      - data:/opt/kimai/var/data
-      - plugins:/opt/kimai/var/plugins
-    depends_on:
-      - kimai-db
-    networks:
-      - automate-network
-
-  kimai-db:
-    image: 'mariadb:10.5'
-    container_name: 'kimai-db'
-    restart: unless-stopped
-    environment:
-      - MYSQL_ROOT_PASSWORD=${KIMAI_DB_ROOT_PASSWORD}
-      - MYSQL_DATABASE=${KIMAI_DB_NAME}
-      - MYSQL_USER=${KIMAI_DB_USER}
-      - MYSQL_PASSWORD=${KIMAI_DB_PASSWORD}
-    ports:
-      - "3307:3306"
-    volumes:
-      - ../data/kimai_db:/var/lib/mysql
-    networks:
-      - automate-network
-
-  n8n:
-    image: 'n8nio/n8n:latest'
-    container_name: 'n8n'
-    restart: unless-stopped
-    environment:
-      - N8N_BASIC_AUTH_ACTIVE=true
-      - N8N_BASIC_AUTH_USER=${N8N_USER}
-      - N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD}
-      - N8N_PORT=5678
-      - DB_TYPE=postgresdb
-      - DB_POSTGRESDB_HOST=n8n-db
-      - DB_POSTGRESDB_DATABASE=${N8N_DB_NAME}
-      - DB_POSTGRESDB_USER=${N8N_DB_USER}
-      - DB_POSTGRESDB_PASSWORD=${N8N_DB_PASSWORD}
-    ports:
-      - "5678:5678"
-    volumes:
-      - ../data/n8n:/home/node/.n8n
-    depends_on:
-      - n8n-db
-    networks:
-      - automate-network
-
-  n8n-db:
-    image: 'postgres:13'
-    container_name: 'n8n-db'
-    restart: unless-stopped
-    environment:
-      - POSTGRES_DB=${N8N_DB_NAME}
-      - POSTGRES_USER=${N8N_DB_USER}
-      - POSTGRES_PASSWORD=${N8N_DB_PASSWORD}
-    volumes:
-      - ../data/n8n_db:/var/lib/postgresql/data
-    networks:
-      - automate-network
-
-  keycloak:
-    image: 'quay.io/keycloak/keycloak:latest'
-    container_name: 'keycloak'
-    restart: unless-stopped
-    environment:
-      - KC_DB=postgres
-      - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/${KEYCLOAK_DB_NAME}
-      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
-      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
-      - KC_HOSTNAME=auth.mrx8086.com
-      - KC_HTTPS_CERTIFICATE_FILE=/etc/x509/https/fullchain.pem
-      - KC_HTTPS_CERTIFICATE_KEY_FILE=/etc/x509/https/privkey.pem
-      - KC_BOOTSTRAP_ADMIN_USERNAME=${KEYCLOAK_ADMIN_USER}
-      - KC_BOOTSTRAP_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
-    ports:
-      - "8443:8443"
-    volumes:
-      - ../configs/certs/mrx8086.com:/etc/x509/https
-      - ../data/keycloak_data:/opt/keycloak/data
-      - ../data/keycloak_transaction_logs:/opt/keycloak/data/transaction-logs
-      - ../data/keycloak_conf:/opt/keycloak/conf
-      - ../data/keycloak_logs:/opt/keycloak/log
-      - ../data/keycloak_tmp:/opt/keycloak/data/tmp   # <--- Neu hinzugefügt
-    command:
-      - start-dev
-    depends_on:
-      - keycloak-db
-    networks:
-      automate-network:
-        ipv4_address: 172.18.0.6
-    extra_hosts:
-      - "auth.mrx8086.com:172.18.0.6"
-      - "cloud.mrx8086.com:172.18.0.11"
-
-  keycloak-db:
-    image: 'postgres:13'
-    container_name: 'keycloak-db'
-    restart: unless-stopped
-    environment:
-      - POSTGRES_DB=${KEYCLOAK_DB_NAME}
-      - POSTGRES_USER=${KEYCLOAK_DB_USER}
-      - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}
-    ports:
-      - "5433:5432" # Port für PostgreSQL erreichbar machen
-    volumes:
-      - ../data/keycloak_db:/var/lib/postgresql/data
-    networks:
-      - automate-network
-
-networks:
-  automate-network:
-    ipam:
-      config:
-        - subnet: 172.18.0.0/16
-
-volumes:
-  data:
-  plugins:
-