From 272af441a616583ce24d2456bf3b2b2c2dbc51e8 Mon Sep 17 00:00:00 2001
From: johannesstahlhut <stahlhut@consider-it.de>
Date: Fri, 28 Nov 2025 11:04:35 +0100
Subject: [PATCH] add transcript-api + transcript-frontend

---
 .../reverse-proxy/Caddyfile                   |  4 ++--
 .../transcript-anonymizer-api/.env.example    | 21 +++++++++++++++++++
 .../transcript-anonymizer-api/compose.yml     | 11 ++++++++++
 .../.env.example                              |  6 ++++++
 .../compose.yml                               | 13 ++++++++++++
 .../group_vars/Docker_Compose_Hosts/ghcr.yaml |  3 +++
 .../hetzner/host_vars/cit-docker-host.yaml    |  4 ++++
 playbooks/docker-compose.yml                  | 10 +++++++++
 playbooks/everything.yaml                     | 10 +++++++++
 requirements.yml                              | 11 +++++++---
 10 files changed, 88 insertions(+), 5 deletions(-)
 create mode 100644 docker_compose_applications/transcript-anonymizer-api/.env.example
 create mode 100644 docker_compose_applications/transcript-anonymizer-api/compose.yml
 create mode 100644 docker_compose_applications/transcript-anonymizer-frontend/.env.example
 create mode 100644 docker_compose_applications/transcript-anonymizer-frontend/compose.yml
 create mode 100644 inventories/hetzner/group_vars/Docker_Compose_Hosts/ghcr.yaml

diff --git a/docker_compose_applications/reverse-proxy/Caddyfile b/docker_compose_applications/reverse-proxy/Caddyfile
index 6b08a84..366d245 100644
--- a/docker_compose_applications/reverse-proxy/Caddyfile
+++ b/docker_compose_applications/reverse-proxy/Caddyfile
@@ -19,7 +19,7 @@
 }
 
 pseudo.cortex.consider-funding.de {
-	import oauth2_protect pseudo.cortex.consider-funding.de http://10.20.0.2:5000
+	import oauth2_protect pseudo.cortex.consider-funding.de http://transcript-anonymizer-frontend:5000
 }
 
 # transcript-prompter
@@ -34,7 +34,7 @@ p-8002.cortex.consider-funding.de {
 
 # pseudomizer
 p-8003.cortex.consider-funding.de {
-	reverse_proxy http://10.20.0.2:8003
+	reverse_proxy http://transcript-anonymizer:8003
 }
 
 pdf.consider-it.de {
diff --git a/docker_compose_applications/transcript-anonymizer-api/.env.example b/docker_compose_applications/transcript-anonymizer-api/.env.example
new file mode 100644
index 0000000..335eff8
--- /dev/null
+++ b/docker_compose_applications/transcript-anonymizer-api/.env.example
@@ -0,0 +1,21 @@
+# API-Metadaten
+APP_NAME=Transcript Anonymizer API
+APP_VERSION=1.0.0
+
+# Uploads und Limits
+UPLOAD_FOLDER=uploads
+MAX_FILE_SIZE=16777216
+ALLOWED_EXTENSIONS=["docx","txt"]
+
+# Pfad zur Konfigurationsdatei (für cf_persons/labels/excluded_words)
+CONFIG_JSON_PATH=app/config/config.json
+
+# Ausgabe-Verzeichnis für Reports/Tests
+API_OUTPUT_DIR=output
+
+# Logging
+LOG_LEVEL=INFO
+ACCESS_LOG_LEVEL=INFO
+
+LOG_LEVEL=INFO          # oder DEBUG/WARNING/ERROR
+ACCESS_LOG_LEVEL=INFO   # Level nur für Uvicorn-Access-Logs
\ No newline at end of file
diff --git a/docker_compose_applications/transcript-anonymizer-api/compose.yml b/docker_compose_applications/transcript-anonymizer-api/compose.yml
new file mode 100644
index 0000000..a752311
--- /dev/null
+++ b/docker_compose_applications/transcript-anonymizer-api/compose.yml
@@ -0,0 +1,11 @@
+services:
+  transcript-anonymizer:
+    image: ghcr.io/consider-it/transcript-anonymizer-api:latest
+    restart: unless-stopped
+    env_file: .env
+    volumes:
+      - /ansible_docker_compose/project_data/transcript-anonymizer-api/uploads:/app/uploads
+    networks: [caddy_net]
+networks:
+  caddy_net:
+    external: true
diff --git a/docker_compose_applications/transcript-anonymizer-frontend/.env.example b/docker_compose_applications/transcript-anonymizer-frontend/.env.example
new file mode 100644
index 0000000..9d4a7d3
--- /dev/null
+++ b/docker_compose_applications/transcript-anonymizer-frontend/.env.example
@@ -0,0 +1,6 @@
+# Example configuration for the transcript anonymizer frontend
+FLASK_ENV=production
+ANONYMIZER_API_URL=http://transcript-anonymizer:8003/api/v1/anonymize
+ANONYMIZER_HEALTH_URL=http://transcript-anonymizer:8003/api/v1/health
+# Optional: override if the frontend expects a different port
+# PORT=5000
diff --git a/docker_compose_applications/transcript-anonymizer-frontend/compose.yml b/docker_compose_applications/transcript-anonymizer-frontend/compose.yml
new file mode 100644
index 0000000..0143292
--- /dev/null
+++ b/docker_compose_applications/transcript-anonymizer-frontend/compose.yml
@@ -0,0 +1,13 @@
+services:
+  transcript-anonymizer-frontend:
+    image: ghcr.io/consider-it/transcript-anonymizer-frontend:latest
+    restart: unless-stopped
+    env_file: .env
+    environment:
+      ANONYMIZER_API_URL: http://transcript-anonymizer:8003/api/v1/anonymize
+      ANONYMIZER_HEALTH_URL: http://transcript-anonymizer:8003/api/v1/health
+    networks: [caddy_net]
+
+networks:
+  caddy_net:
+    external: true
diff --git a/inventories/hetzner/group_vars/Docker_Compose_Hosts/ghcr.yaml b/inventories/hetzner/group_vars/Docker_Compose_Hosts/ghcr.yaml
new file mode 100644
index 0000000..2cddc20
--- /dev/null
+++ b/inventories/hetzner/group_vars/Docker_Compose_Hosts/ghcr.yaml
@@ -0,0 +1,3 @@
+# GHCR registry credentials (set ghcr_pat via Ansible Vault)
+ghcr_username: ""            # e.g. your GitHub username or org bot user
+ghcr_pat: "{{ vault_ghcr_pat | default('') }}"
diff --git a/inventories/hetzner/host_vars/cit-docker-host.yaml b/inventories/hetzner/host_vars/cit-docker-host.yaml
index be25080..6776a6b 100644
--- a/inventories/hetzner/host_vars/cit-docker-host.yaml
+++ b/inventories/hetzner/host_vars/cit-docker-host.yaml
@@ -9,3 +9,7 @@ docker_compose__projects:
     files_directory: ../docker_compose_applications/oauth2-proxy
   - name: metabase
     files_directory: ../docker_compose_applications/metabase
+  - name: transcript-anonymizer-api
+    files_directory: ../docker_compose_applications/transcript-anonymizer-api
+  - name: transcript-anonymizer-frontend
+    files_directory: ../docker_compose_applications/transcript-anonymizer-frontend
diff --git a/playbooks/docker-compose.yml b/playbooks/docker-compose.yml
index fbf62f9..c814733 100644
--- a/playbooks/docker-compose.yml
+++ b/playbooks/docker-compose.yml
@@ -1,4 +1,14 @@
 - name: Ensure deployment of Docker Compose applications
   hosts: Docker_Compose_Hosts
+  pre_tasks:
+    - name: Login to GHCR (if credentials provided)
+      community.docker.docker_login:
+        registry_url: ghcr.io
+        username: "{{ ghcr_username }}"
+        password: "{{ ghcr_pat }}"
+      when:
+        - ghcr_username | default('') | length > 0
+        - ghcr_pat | default('') | length > 0
+      become: true
   roles:
     - docker_compose
diff --git a/playbooks/everything.yaml b/playbooks/everything.yaml
index 99f4ef1..b76789b 100644
--- a/playbooks/everything.yaml
+++ b/playbooks/everything.yaml
@@ -8,5 +8,15 @@
 
 - name: Ensure deployment of Docker Compose applications
   hosts: Docker_Compose_Hosts
+  pre_tasks:
+    - name: Login to GHCR (if credentials provided)
+      community.docker.docker_login:
+        registry_url: ghcr.io
+        username: "{{ ghcr_username }}"
+        password: "{{ ghcr_pat }}"
+      when:
+        - ghcr_username | default('') | length > 0
+        - ghcr_pat | default('') | length > 0
+      become: true
   roles:
     - docker_compose
diff --git a/requirements.yml b/requirements.yml
index eee1ab9..8b551b0 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,3 +1,8 @@
-- name: docker_compose
-  src: https://github.com/consider-it/ansible-role-docker_compose
-  version: main
+---
+roles:
+  - name: docker_compose
+    src: https://github.com/consider-it/ansible-role-docker_compose
+    version: main
+
+collections:
+  - name: community.docker