timemaster/setup_server.sh

#!/bin/bash
# ============================================================
# TimeMaster – Nativer Server-Setup (Ubuntu 22.04 / 24.04)
# Führe dieses Script als root oder mit sudo aus
# ============================================================
set -e

echo "==> [1/6] System-Pakete aktualisieren"
apt-get update && apt-get upgrade -y

echo "==> [2/6] Abhängigkeiten installieren"
apt-get install -y \
  python3 python3-venv python3-dev python3-pip \
  postgresql postgresql-contrib \
  redis-server \
  nginx \
  git curl build-essential libpq-dev

echo "==> [3/6] PostgreSQL einrichten"
systemctl enable postgresql && systemctl start postgresql

# Datenbank + User anlegen (Produktiv-DB + Test-DB)
sudo -u postgres psql <<SQL
DO \$\$
BEGIN
  IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'timemaster') THEN
    CREATE ROLE timemaster LOGIN PASSWORD 'timemaster_secret_change_me';
  END IF;
END
\$\$;
SELECT 'CREATE DATABASE timemaster_db OWNER timemaster'
  WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'timemaster_db')\gexec
SELECT 'CREATE DATABASE timemaster_test OWNER timemaster'
  WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'timemaster_test')\gexec
GRANT ALL PRIVILEGES ON DATABASE timemaster_db TO timemaster;
GRANT ALL PRIVILEGES ON DATABASE timemaster_test TO timemaster;
SQL

echo "==> [4/6] Redis einrichten"
systemctl enable redis-server && systemctl start redis-server

echo "==> [5/7] Python venv + Abhängigkeiten"
cd /opt/timemaster/backend
python3 -m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt

echo "==> [6/7] Alembic Migrations ausführen"
alembic upgrade head

echo "==> [7/7] nginx für Frontend konfigurieren"
mkdir -p /opt/timemaster/frontend/dist
cat > /etc/nginx/sites-available/timemaster << 'NGINX'
server {
    listen 80;
    server_name _;

    root /opt/timemaster/frontend/dist;
    index index.html;

    # SPA fallback
    location / {
        try_files $uri $uri/ /index.html;
    }

    # API proxy
    location /api/ {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # FastAPI docs (dev)
    location /docs {
        proxy_pass http://127.0.0.1:8000/docs;
        proxy_set_header Host $host;
    }
    location /openapi.json {
        proxy_pass http://127.0.0.1:8000/openapi.json;
    }
}
NGINX
ln -sf /etc/nginx/sites-available/timemaster /etc/nginx/sites-enabled/timemaster
rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl enable nginx && systemctl reload nginx

echo ""
echo "==> [Optional] Tests ausführen"
echo "  python -m pytest tests/ -q"
echo ""
echo "✓ Setup abgeschlossen!"
echo "  Backend:  sudo systemctl start timemaster"
echo "  Frontend: http://$(hostname -I | awk '{print $1}')/"
echo "  API-Docs: http://$(hostname -I | awk '{print $1}')/docs"
echo ""
echo ""
echo "Frontend deployen (nach lokalem Build):"
echo "  npm run build  (im frontend/ Verzeichnis)"
echo "  rsync -avz dist/ root@SERVER:/opt/timemaster/frontend/dist/"
echo ""
echo "Hinweise:"
echo "  - passlib wurde durch direktes bcrypt ersetzt (kompatibel mit bcrypt >= 4.0)"
echo "  - pytest nutzt PostgreSQL test-DB (timemaster_test) – kein SQLite"
echo "  - pytest.ini: asyncio_mode=auto, loop_scope=session für alle Fixtures"
echo "  - openpyxl >= 3.1 für XLSX-Export (Dashboard/Reports)"
echo ""
echo "Verfügbare API-Endpunkte:"
echo "  GET /api/v1/dashboard/me          – Mitarbeiter-Dashboard"
echo "  GET /api/v1/dashboard/team        – Team-Dashboard (Manager+)"
echo "  GET /api/v1/dashboard/company     – Unternehmens-Dashboard (Admin)"
echo "  GET /api/v1/reports/time          – Zeiterfassungsbericht"
echo "  GET /api/v1/reports/absences      – Abwesenheitsbericht"
echo "  GET /api/v1/reports/overtime      – Überstundenbericht"
echo "  GET /api/v1/reports/time/export?format=csv|xlsx"
echo "  GET /api/v1/reports/absences/export?format=csv|xlsx"
echo "  GET /api/v1/reports/overtime/export?format=csv|xlsx"