expertfab-infra/docs/access.md

# ExpertFab – Zugangsdaten & Verbindungen

> **SSH-Key:** `~/.ssh/hetzner_key` (für alle Server)

---

## Cloudflare

| Parameter   | Wert                                                 |
|-------------|------------------------------------------------------|
| API Token   | `euknQxray528vidJ2beVxYZ4auN4gbQxHvxpJ5iz`          |
| Zone ID     | `c587e1538c5121b4985938551b96dc9c` (expertfab.de)    |
| Berechtigungen | DNS:Edit für Zone expertfab.de                    |

---

## Proxmox

| Zugang         | Wert                                      |
|----------------|-------------------------------------------|
| Web-UI         | https://95.156.232.42:8006                |
| SSH (Node 1)   | `ssh -i ~/.ssh/hetzner_key root@10.42.70.1` |
| SSH (Node 2)   | `ssh -i ~/.ssh/hetzner_key root@10.42.70.2` |
| Benutzer       | `root`                                    |

---

## K3s Cluster

| Zugang              | Wert                                                   |
|---------------------|--------------------------------------------------------|
| SSH Control Plane   | `ssh -i ~/.ssh/hetzner_key sd@10.42.71.50`             |
| kubectl (am Node)   | `sudo KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl …`  |
| kubectl via Proxmox | `ssh root@10.42.70.1 "qm guest exec 119 -- bash -c 'KUBECONFIG=/etc/rancher/k3s/k3s.yaml kubectl …'"` |

**K3s Version:** v1.34.6+k3s1  
**Container Runtime:** containerd 2.2.2  
**OS:** Ubuntu 24.04.4 LTS

### Nodes

| Node          | IP           | Rolle          |
|---------------|--------------|----------------|
| efsckubadm    | 10.42.71.50  | control-plane  |
| efsckubnode1  | 10.42.71.51  | worker         |
| efsckubnode2  | 10.42.71.52  | worker         |

> Proxmox-VM `efsckubctl` = K3s-Node `efsckubadm`

---

## Paperless-NGX

| Zugang      | Wert                                         |
|-------------|----------------------------------------------|
| URL         | https://docs.expertfab.de                   |
| API Token   | `3960b56c7c56d21af06af7d32e49613d8e7f78c8`  |
| API Header  | `Authorization: Token <token>`               |

---

## Documenso (Document Signing)

| Zugang             | Wert                                  |
|--------------------|---------------------------------------|
| URL                | https://signing.expertfab.de          |
| Namespace          | `documenso`                           |
| Image              | docker.io/documenso/documenso:latest  |
| Database           | Eigene Postgres im Namespace          |
| StorageClass       | `longhorn-documenso` (Retain)         |
| Signing-Zertifikat | Self-signed P12, passphrase `documenso`, gültig 10 Jahre |
| SMTP               | smtprelay.expertfab.de:587 / it-admin@expertfab.de |
| Auth               | Documenso-eigene Auth (kein Zitadel SSO) |

---

## Joplin (Notes Server)

| Zugang        | Wert                                  |
|---------------|---------------------------------------|
| URL           | https://note.expertfab.de             |
| Namespace     | `joplin`                              |
| Image         | docker.io/joplin/server:latest        |
| Database      | Eigene Postgres im Namespace          |
| StorageClass  | `longhorn-joplin` (Retain)            |
| SMTP          | smtprelay.expertfab.de:587 / it-admin@expertfab.de |
| Auth          | Joplin-eigene Auth (kein Zitadel SSO) |

---

## ERPNext

| Zugang       | Wert                                                              |
|--------------|-------------------------------------------------------------------|
| URL          | https://expertfab.de / https://www.expertfab.de                  |
| Helm Chart   | frappe/erpnext 8.0.14 (ERPNext v15)                               |
| Namespace    | `erpnext`                                                         |
| Auth Token   | Airflow Variable: `ErpnextAuthToken`                              |
| Base URL     | Airflow Variable: `ErpnextBaseurl`                                |
| Docker Image | git.expertfab.de/expertfab/customdocker:1.0.2                     |
| Image Pull   | Secret `gitea-registry` im Namespace `erpnext`                   |

---

## Gitea

| Zugang | Wert                        |
|--------|-----------------------------|
| URL    | https://git.expertfab.de    |
| VM     | efgit01 (Proxmox n01 / 110) |

---

## SMTP (Accounting)

| Parameter | Airflow Variable          |
|-----------|---------------------------|
| Server    | `smtpAccountingServer`    |
| Port      | `smtpAccountingPort`      |
| User      | `smtpAccountingUser`      |
| Password  | `smtpAccountingPassword`  |
| Sender    | `smtpAccountingSenderName`|

---

## Öffentlich erreichbare Dienste

| Dienst       | URL                          | Namespace    |
|--------------|------------------------------|--------------|
| ERPNext      | https://expertfab.de         | erpnext      |
| ERPNext      | https://www.expertfab.de     | erpnext      |
| Paperless    | https://docs.expertfab.de    | paperless    |
| Zitadel SSO  | https://auth.expertfab.de    | zitadel      |
| Documenso    | https://signing.expertfab.de | documenso    |
| Joplin       | https://note.expertfab.de    | joplin       |
| FastAPI      | https://api.expertfab.de     | rabbitmq     |
| Coworkbase   | https://coworkbase.de        | coworkbase   |
| Qubicticker  | https://qubicticker.qchief.io| qubicticker  |
| Gitea        | https://git.expertfab.de     | –            |