clemo/valtrix-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: clemo:105600ed9ba206d16d9c542b48369ab5d5426b80
Branches Tags
clemo:develop
...
compare: clemo:develop
Branches Tags
clemo:develop

11 Commits
105600ed9b ... develop

Author SHA1 Message Date
Clemens Hering
a0d1e10c78 Added pipeline image scan
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 35s
Details
Scan Image for CVEs / scan_image (push) Successful in 20s
Details
2025-11-15 08:31:55 +01:00
Clemens Hering
88892ac425 Added pipeline image scan
Some checks failed
Build and Deploy Container / build_and_deploy (push) Successful in 35s
Details
Scan Image for CVEs / scan_image (push) Failing after 16s
Details
2025-11-15 08:28:09 +01:00
Clemens Hering
b7d091c84a Added pipeline image scan
Some checks failed
Build and Deploy Container / build_and_deploy (push) Successful in 36s
Details
Scan Image for CVEs / build_and_deploy (push) Failing after 15s
Details
2025-11-15 08:24:31 +01:00
Clemens Hering
93ba03f619 Added pipeline image scan
Some checks failed
Build and Deploy Container / build_and_deploy (push) Successful in 36s
Details
Scan Image for CVEs / build_and_deploy (push) Failing after 15s
Details
2025-11-15 08:22:15 +01:00
Clemens Hering
92d7e04154 Added package-lock.json
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 50s
Details
2025-11-14 17:40:16 +01:00
Clemens Hering
51834e732e Removed package-lock,json
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 1m24s
Details
2025-11-14 17:36:14 +01:00
Clemens Hering
3498a23ee1 Fixed enum. Chanded DevOps to DevSecOps
Some checks failed
Build and Deploy Container / build_and_deploy (push) Failing after 1s
Details
2025-11-14 17:34:21 +01:00
Clemens Hering
c5b66c4298 back to alpine image
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 1m23s
Details
2025-11-11 06:33:37 +01:00
Clemens Hering
f3984f8b57 fixup
Some checks failed
Build and Deploy Container / build_and_deploy (push) Failing after 1m28s
Details
2025-11-11 06:29:14 +01:00
Clemens Hering
d0292ac192 base is now wolfios
Some checks failed
Build and Deploy Container / build_and_deploy (push) Failing after 23s
Details
2025-11-11 06:27:09 +01:00
Clemens Hering
ef15dc1dfe traefik labels now consistant 2025-11-11 06:24:04 +01:00
6 changed files with 6378 additions and 18 deletions
Expand all files Collapse all files

41
.gitea/workflows/image-scan.yaml Normal file
View File

@@ -0,0 +1,41 @@
name: Scan Image for CVEs
on:
push:
branches:
- main
- develop
env: # global: unkritische, strukturgebende Variablen
TARGET_HOST: host.containers.internal
TARGET_USER: traefik
CONTAINER_NAME: localhost/valtrix-website
jobs:
scan_image:
runs-on: ubuntu-latest
env: # Job-spezifisch: Secrets und sensible Werte
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
steps:
- name: Setup SSH for git/scp
shell: bash
run: |
install -m 700 -d ~/.ssh
printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
printf "%s\n" "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts || true
chmod 644 ~/.ssh/known_hosts
# Ensure host keys exist
(ssh-keygen -F "$TARGET_HOST" >/dev/null || ssh-keyscan -H "$TARGET_HOST" >> ~/.ssh/known_hosts) || true
(ssh-keygen -F gitea.smb-corp.de >/dev/null || ssh-keyscan -H gitea.smb-corp.de >> ~/.ssh/known_hosts) || true
- name: Scan container image with Trivy
shell: bash
run: |
ssh -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "
set -euo pipefail
export CONTAINER_NAME='$CONTAINER_NAME'
trivy image localhost/valtrix-website:latest
"

1
.gitignore vendored
View File

@@ -1,5 +1,4 @@
node_modules node_modules
package-lock.json
dist dist
.env .env
.DS_Store .DS_Store

26
deploy/valtrix-website.container
View File

@@ -9,22 +9,22 @@ AutoUpdate=registry
Environment=TZ=Europe/Berlin Environment=TZ=Europe/Berlin
#Traefik Labels #Traefik Labels
Label=traefik.enable=true Label="traefik.enable=true"
Label=traefik.http.routers.wtw.rule=Host(`www.valtrix.systems`) Label="traefik.http.routers.wtw.rule=Host(`www.valtrix.systems`)"
Label=traefik.http.services.wtw.loadbalancer.server.port=3000 Label="traefik.http.services.wtw.loadbalancer.server.port=3000"
Label=traefik.http.routers.wtw.entrypoints=websecure Label="traefik.http.routers.wtw.entrypoints=websecure"
Label=traefik.http.routers.wtw.tls=true Label="traefik.http.routers.wtw.tls=true"
Label=traefik.http.routers.wtw.tls.certresolver=le Label="traefik.http.routers.wtw.tls.certresolver=le"
Label=traefik.http.routers.wtw-http.rule=Host(`www.valtrix.systems`) Label="traefik.http.routers.wtw-http.rule=Host(`www.valtrix.systems`)"
Label=traefik.http.routers.wtw-http.entrypoints=web Label="traefik.http.routers.wtw-http.entrypoints=web"
Label=traefik.http.routers.wtw-http.middlewares=wtw-redirect Label="traefik.http.routers.wtw-http.middlewares=wtw-redirect"
Label=traefik.http.middlewares.wtw-redirect.redirectscheme.scheme=https Label="traefik.http.middlewares.wtw-redirect.redirectscheme.scheme=https"
Label=traefik.http.middlewares.wtw-redirect.redirectscheme.permanent=true Label="traefik.http.middlewares.wtw-redirect.redirectscheme.permanent=true"
Label=traefik.http.routers.wtw.middlewares=secure-headers@file Label="traefik.http.routers.wtw.middlewares=secure-headers@file"
Label="traefik.http.middlewares.wtw-sec.headers.customResponseHeaders.Content-Security-Policy=default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; script-src-elem 'self' 'unsafe-inline'; connect-src 'self' wss: https:; font-src 'self' data:; worker-src 'self' blob:;" Label="traefik.http.middlewares.wtw-sec.headers.customResponseHeaders.Content-Security-Policy=default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; script-src-elem 'self' 'unsafe-inline'; connect-src 'self' wss: https:; font-src 'self' data:; worker-src 'self' blob:;"
Label=traefik.http.routers.wtw.middlewares=wtw-sec@docker Label="traefik.http.routers.wtw.middlewares=wtw-sec@docker"
Label="traefik.http.routers.wtw.middlewares=auth" Label="traefik.http.routers.wtw.middlewares=auth"
Label="traefik.http.middlewares.auth.basicauth.users=smb:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" Label="traefik.http.middlewares.auth.basicauth.users=smb:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"

6320
package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

4
src/pages/de/index.astro
View File

@@ -3,7 +3,7 @@ import Base from "../../layouts/Base.astro";
const benefits = [ const benefits = [
{ title: "Zero-Trust & Härtung", text: "Security-by-Design, CIS/BSI-Richtlinien, automatisierte Policies." }, { title: "Zero-Trust & Härtung", text: "Security-by-Design, CIS/BSI-Richtlinien, automatisierte Policies." },
{ title: "Cloud Foundations", text: "Landing Zones, Identity, Observability sauber & skalierbar." }, { title: "Cloud Foundations", text: "Landing Zones, Identity, Observability sauber & skalierbar." },
{ title: "Automatisierung", text: "IaC/CI/CD, GitOps, wiederholbar & auditfähig." } { title: "Automatisierung", text: "IaC, CI/CD, GitOps, wiederholbar & auditfähig." }
]; ];
const approach = [ const approach = [
{ title: 'Assess', text: 'Risiko- und Reifegradanalyse: schneller Quick-Scan, klare Prioritäten.' }, { title: 'Assess', text: 'Risiko- und Reifegradanalyse: schneller Quick-Scan, klare Prioritäten.' },
@@ -46,7 +46,7 @@ const approach = [
<h2 class="text-2xl font-bold mb-6">Leistungen</h2> <h2 class="text-2xl font-bold mb-6">Leistungen</h2>
<div class="grid md:grid-cols-3 gap-6"> <div class="grid md:grid-cols-3 gap-6">
<div class="p-6 border rounded-brand card"> <div class="p-6 border rounded-brand card">
<h3 class="font-semibold text-lg">Cloud & DevOps</h3> <h3 class="font-semibold text-lg">Cloud & DevSecOps</h3>
<p class="mt-2 text-textMuted">Plan, Build & Run effizient, sicher, skalierbar.</p> <p class="mt-2 text-textMuted">Plan, Build & Run effizient, sicher, skalierbar.</p>
<a href="/de/leistungen" class="mt-3 inline-block text-primary underline">Mehr erfahren</a> <a href="/de/leistungen" class="mt-3 inline-block text-primary underline">Mehr erfahren</a>
</div> </div>

4
src/pages/en/index.astro
View File

@@ -3,10 +3,10 @@ import Base from "../../layouts/Base.astro";
const benefits = [ const benefits = [
{ title: "Zero-Trust & Hardening", text: "Security-by-Design, CIS/BSI guidelines, automated policies." }, { title: "Zero-Trust & Hardening", text: "Security-by-Design, CIS/BSI guidelines, automated policies." },
{ title: "Cloud Foundations", text: "Landing zones, identity, observability clean & scalable." }, { title: "Cloud Foundations", text: "Landing zones, identity, observability clean & scalable." },
{ title: "Automation", text: "IaC/CI/CD, GitOps, reproducible & auditable." } { title: "Automation", text: "IaC, CI/CD, GitOps, reproducible & auditable." }
]; ];
const features = [ const features = [
{ title: "Cloud & DevOps", text: "Plan, Build & Run efficient, secure, scalable." }, { title: "Cloud & SecOps", text: "Plan, Build & Run efficient, secure, scalable." },
{ title: "Security & Compliance", text: "BSI/ISO-aligned, Zero-Trust, audits, policies-as-code." }, { title: "Security & Compliance", text: "BSI/ISO-aligned, Zero-Trust, audits, policies-as-code." },
{ title: "AI & Automation", text: "RAG, agents & process automation with measurable outcome." } { title: "AI & Automation", text: "RAG, agents & process automation with measurable outcome." }
]; ];