Initial commit – TimeMaster Zeiterfassung & HR-Tool

Stand: agent-06 (Audit-Log), agent-05 (Krankmeldung), agent-07 Phase 1 (Personalnummer),
Busylight-Pull-Integration, TOTP/2FA, Abwesenheiten, Zeiterfassung, Kiosk-Grundgerüst.
Migrations 0001–0023 deployed auf 192.168.1.137 + .164.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

deploy.sh

@@ -0,0 +1,107 @@
+#!/bin/bash
+# ============================================================
+# deploy.sh – Lokal ausführen, deployt auf 192.168.1.137
+# Usage:
+#   ./deploy.sh           → nur sync + restart
+#   ./deploy.sh --migrate → sync + alembic upgrade + restart
+#   ./deploy.sh --setup   → erstes Setup auf dem Server
+# ============================================================
+set -e
+
+SERVER="root@192.168.1.137"
+REMOTE="/opt/timemaster"
+LOCAL="$(cd "$(dirname "$0")" && pwd)"
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+log() { echo -e "${GREEN}==>${NC} $1"; }
+warn() { echo -e "${YELLOW}[!]${NC} $1"; }
+
+# ── Erstes Setup ──────────────────────────────────────────────────────────────
+if [[ "$1" == "--setup" ]]; then
+  log "Erstes Server-Setup wird ausgeführt..."
+
+  ssh "$SERVER" "apt-get update -q && apt-get install -y \
+    python3.12 python3.12-venv python3.12-dev \
+    postgresql postgresql-contrib \
+    redis-server nginx \
+    git build-essential libpq-dev curl"
+
+  ssh "$SERVER" "mkdir -p $REMOTE/backend $REMOTE/frontend/dist"
+
+  log "Dateien übertragen..."
+  rsync -avz --exclude='__pycache__' --exclude='*.pyc' --exclude='.env' \
+    --exclude='venv/' --exclude='.git/' \
+    "$LOCAL/" "$SERVER:$REMOTE/"
+
+  ssh "$SERVER" bash << 'REMOTE_SETUP'
+    set -e
+    cd /opt/timemaster/backend
+
+    # venv
+    python3.12 -m venv venv
+    source venv/bin/activate
+    pip install --upgrade pip -q
+    pip install -r requirements.txt -q
+
+    # PostgreSQL
+    systemctl enable --now postgresql
+    sudo -u postgres psql -tc "SELECT 1 FROM pg_roles WHERE rolname='timemaster'" | grep -q 1 || \
+      sudo -u postgres psql -c "CREATE ROLE timemaster LOGIN PASSWORD 'timemaster_secret_CHANGE_ME';"
+    sudo -u postgres psql -tc "SELECT 1 FROM pg_database WHERE datname='timemaster_db'" | grep -q 1 || \
+      sudo -u postgres psql -c "CREATE DATABASE timemaster_db OWNER timemaster;"
+
+    # Redis
+    systemctl enable --now redis-server
+
+    # .env
+    if [ ! -f .env ]; then
+      cp .env.example .env
+      echo ""
+      echo "⚠️  WICHTIG: .env auf dem Server anpassen!"
+      echo "   ssh root@192.168.1.137 'nano /opt/timemaster/backend/.env'"
+    fi
+
+    # systemd service
+    cp /opt/timemaster/timemaster.service /etc/systemd/system/
+    systemctl daemon-reload
+
+    echo "✓ Setup abgeschlossen"
+    echo "Nächster Schritt: .env befüllen, dann: ./deploy.sh --migrate"
+REMOTE_SETUP
+  exit 0
+fi
+
+# ── Normaler Deploy ───────────────────────────────────────────────────────────
+log "Sync → $SERVER:$REMOTE/backend"
+rsync -avz --progress \
+  --exclude='__pycache__' \
+  --exclude='*.pyc' \
+  --exclude='.env' \
+  --exclude='venv/' \
+  --exclude='.git/' \
+  --exclude='tests/' \
+  "$LOCAL/backend/" "$SERVER:$REMOTE/backend/"
+
+# Frontend build + sync (falls vorhanden)
+if [ -d "$LOCAL/frontend/dist" ]; then
+  log "Frontend sync..."
+  rsync -avz "$LOCAL/frontend/dist/" "$SERVER:$REMOTE/frontend/dist/"
+fi
+
+# ── Migration (optional) ──────────────────────────────────────────────────────
+if [[ "$1" == "--migrate" ]]; then
+  log "Alembic upgrade head..."
+  ssh "$SERVER" "cd $REMOTE/backend && source venv/bin/activate && alembic upgrade head"
+fi
+
+# ── Service neu starten ───────────────────────────────────────────────────────
+log "Service restart..."
+ssh "$SERVER" "systemctl restart timemaster && sleep 2 && systemctl is-active timemaster"
+
+log "Logs (letzte 20 Zeilen):"
+ssh "$SERVER" "journalctl -u timemaster -n 20 --no-pager"
+
+log "✓ Deploy abgeschlossen → http://192.168.1.137:8000/health"