Add Gitea CI/CD pipeline and shared infra setup

- docker-compose.yml: remove bundled postgres, connect to shared
  postgres via host-gateway:5433, add uploads volume, configurable port
- .gitea/workflows/deploy.yml: Gitea Actions workflow for automated
  deploy on push to main
- infra/README.md: step-by-step setup guide for NAS deployment
  (shared postgres, pgAdmin, act_runner, Gitea secrets)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitea/workflows/deploy.yml

@@ -0,0 +1,26 @@
+name: Deploy to NAS
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  deploy:
+    runs-on: self-hosted
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Write .env
+        run: printf 'DB_PASSWORD=%s\n' '${{ secrets.DB_PASSWORD }}' > ${{ secrets.DEPLOY_DIR }}/.env
+
+      - name: Build & Deploy
+        run: |
+          cp -r ${{ github.workspace }}/. ${{ secrets.DEPLOY_DIR }}/
+          docker compose -f ${{ secrets.DEPLOY_DIR }}/docker-compose.yml up --build -d
+
+      - name: Health check
+        run: |
+          sleep 15
+          curl -sf http://localhost:9050/healthz || exit 1

docker-compose.yml

@@ -1,31 +1,16 @@
 services:
-  postgres:
-    image: postgres:16-alpine
-    environment:
-      POSTGRES_USER: ${DB_USER:-pamietnik}
-      POSTGRES_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD is required}
-      POSTGRES_DB: ${DB_NAME:-pamietnik}
-    volumes:
-      - pgdata:/var/lib/postgresql/data
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-pamietnik}"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
-
   api:
     build:
       context: .
       dockerfile: Dockerfile
     ports:
-      - "9050:8080"
+      - "${APP_PORT:-9050}:8080"
+    extra_hosts:
+      - "host-gateway:host-gateway"
     environment:
-      DATABASE_URL: postgres://${DB_USER:-pamietnik}:${DB_PASSWORD:?DB_PASSWORD is required}@postgres:5432/${DB_NAME:-pamietnik}?sslmode=disable
+      DATABASE_URL: postgres://${DB_USER:-pamietnik}:${DB_PASSWORD:?DB_PASSWORD is required}@host-gateway:5433/${DB_NAME:-pamietnik}?sslmode=disable
       LISTEN_ADDR: :8080
-    depends_on:
+      UPLOAD_DIR: /uploads
-      postgres:
+    volumes:
-        condition: service_healthy
+      - /volume2/docker/pamietnik/uploads:/uploads
     restart: unless-stopped
-
-volumes:
-  pgdata:

infra/README.md

@@ -0,0 +1,199 @@
+# Infrastruktur & Deployment
+
+## Übersicht
+
+```
+Synology NAS
+├── /volume2/docker/shared/          ← Geteilte Infrastruktur (PostgreSQL + pgAdmin)
+│   ├── docker-compose.yml
+│   ├── .env
+│   ├── pgdata/                      ← PostgreSQL-Daten (persistent)
+│   └── pgadmin/                     ← pgAdmin-Daten (persistent)
+│
+└── /volume2/docker/pamietnik/       ← Pamietnik-Deployment
+    ├── docker-compose.yml           ← Kopie aus dem Repo (via CI/CD)
+    ├── .env
+    └── uploads/                     ← Hochgeladene Bilder (persistent)
+```
+
+---
+
+## 1. Geteilte Infrastruktur einrichten (einmalig)
+
+### Verzeichnisse anlegen
+
+```bash
+sudo mkdir -p /volume2/docker/shared/pgdata
+sudo mkdir -p /volume2/docker/shared/pgadmin
+sudo chown -R 5050:5050 /volume2/docker/shared/pgadmin
+```
+
+### docker-compose.yml anlegen
+
+Datei `/volume2/docker/shared/docker-compose.yml`:
+
+```yaml
+services:
+  postgres:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    ports:
+      - "5433:5432"
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}
+    volumes:
+      - /volume2/docker/shared/pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  pgadmin:
+    image: dpage/pgadmin4:latest
+    restart: unless-stopped
+    ports:
+      - "5050:8080"
+    environment:
+      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_EMAIL}
+      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_PASSWORD}
+      PGADMIN_LISTEN_PORT: 8080
+    volumes:
+      - /volume2/docker/shared/pgadmin:/var/lib/pgadmin
+```
+
+### .env anlegen
+
+Datei `/volume2/docker/shared/.env`:
+
+```env
+POSTGRES_PASSWORD=<sicheres-passwort>
+PGADMIN_EMAIL=deine@email.de
+PGADMIN_PASSWORD=<pgadmin-passwort>
+```
+
+### Starten
+
+```bash
+cd /volume2/docker/shared
+sudo docker compose up -d
+```
+
+### Datenbank & User anlegen
+
+```bash
+sudo docker exec -it shared-postgres-1 psql -U postgres
+```
+
+```sql
+CREATE DATABASE pamietnik;
+CREATE USER pamietnik WITH PASSWORD 'deinPasswort';
+GRANT ALL PRIVILEGES ON DATABASE pamietnik TO pamietnik;
+\q
+```
+
+---
+
+## 2. Pamietnik-Deployment einrichten (einmalig)
+
+```bash
+sudo mkdir -p /volume2/docker/pamietnik/uploads
+```
+
+Datei `/volume2/docker/pamietnik/.env`:
+
+```env
+DB_PASSWORD=<passwort-von-oben>
+APP_PORT=9050
+```
+
+---
+
+## 3. Gitea CI/CD einrichten (einmalig)
+
+### act_runner starten
+
+Token holen: **Gitea → Site-Administration → Actions → Runner → Runner erstellen**
+
+```bash
+sudo docker run -d \
+  --name gitea-runner \
+  --restart unless-stopped \
+  --network host \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v /volume2/docker/gitea-runner:/data \
+  -e GITEA_INSTANCE_URL=http://localhost:3000 \
+  -e GITEA_RUNNER_REGISTRATION_TOKEN=<token-aus-gitea> \
+  -e GITEA_RUNNER_NAME=nas-runner \
+  -e GITEA_RUNNER_LABELS=self-hosted,linux,amd64 \
+  gitea/act_runner:latest
+```
+
+### Gitea Secrets & Variables setzen
+
+**Repository → Einstellungen → Actions → Secrets:**
+
+| Secret | Wert |
+|--------|------|
+| `DB_PASSWORD` | Passwort des `pamietnik` DB-Users |
+| `DEPLOY_DIR` | `/volume2/docker/pamietnik` |
+
+**Repository → Einstellungen → Actions → Variables:**
+
+| Variable | Wert |
+|----------|------|
+| `DB_USER` | `pamietnik` |
+| `DB_NAME` | `pamietnik` |
+| `APP_PORT` | `9050` |
+
+---
+
+## 4. Dienste & URLs
+
+| Dienst | URL |
+|--------|-----|
+| Pamietnik App | `http://<NAS-IP>:9050` |
+| pgAdmin | `http://<NAS-IP>:5050` |
+| PostgreSQL | `psql -h <NAS-IP> -p 5433 -U pamietnik -d pamietnik` |
+
+---
+
+## 5. Neues Projekt hinzufügen
+
+```bash
+sudo docker exec -it shared-postgres-1 psql -U postgres
+```
+
+```sql
+CREATE DATABASE neuprojekt;
+CREATE USER neuprojekt WITH PASSWORD 'passwort';
+GRANT ALL PRIVILEGES ON DATABASE neuprojekt TO neuprojekt;
+\q
+```
+
+In `docker-compose.yml` des neuen Projekts:
+```yaml
+extra_hosts:
+  - "host-gateway:host-gateway"
+environment:
+  DATABASE_URL: postgres://neuprojekt:passwort@host-gateway:5433/neuprojekt
+```
+
+---
+
+## 6. Wartung
+
+```bash
+# Logs
+sudo docker compose -f /volume2/docker/shared/docker-compose.yml logs -f
+sudo docker compose -f /volume2/docker/pamietnik/docker-compose.yml logs -f api
+
+# Backup
+sudo docker exec shared-postgres-1 pg_dump -U postgres pamietnik \
+  > /volume2/docker/shared/backup_$(date +%Y%m%d).sql
+
+# Stoppen
+sudo docker compose -f /volume2/docker/shared/docker-compose.yml down
+sudo docker compose -f /volume2/docker/pamietnik/docker-compose.yml down
+```