LemonSec/GIT-REPO-SETUP.md

# Git Repository Setup for Portainer

This guide shows how to push LemonSec to your Git server for Portainer deployment.

## Files to Commit

These files should be in your Git repository:

```
LemonSec/
├── docker-compose.yml          ✅ Main stack configuration
├── stack.env                   ✅ Environment variable template
├── .gitignore                  ✅ Git ignore rules
├── README.md                   ✅ Main documentation
├── SUMMARY.md                  ✅ Quick reference
├── PORTAINER-DEPLOY.md         ✅ Portainer deployment guide
├── SETUP-TRUENAS-NEXTCLOUD.md  ✅ TrueNAS specific guide
├── MIGRATE-FROM-NPM.md         ✅ NPM migration guide
├── SETUP.md                    ✅ General setup guide
│
├── traefik/                    ✅ Traefik configuration
│   ├── traefik.yml
│   └── dynamic/
│       ├── middlewares.yml
│       └── tls.yml
│
├── authelia/                   ✅ Authelia configuration
│   ├── configuration.yml
│   └── users_database.yml     ✅ (Add family users here)
│
├── crowdsec/                   ✅ CrowdSec configuration
│   └── acquis.yaml
│
├── docs/                       ✅ Documentation
│   ├── CLOUDFLARE.md
│   ├── TAILSCALE.md
│   └── SECURITY.md
│
├── examples/                   ✅ Service examples
│   ├── nextcloud-compose.yml
│   ├── vaultwarden-compose.yml
│   └── internal-service-compose.yml
│
└── monitoring/                 ✅ Monitoring configs
    ├── prometheus.yml
    ├── loki-config.yml
    └── promtail-config.yml
```

## Files NOT to Commit

These are in `.gitignore`:

- `.env` - Contains your actual secrets
- `secrets/` directory - Secret files
- `*.log` - Log files
- `traefik/logs/` - Traefik logs
- `*.tar.gz` - Backup files

## Step-by-Step Git Setup

### 1. Initialize Repository

```bash
cd LemonSec

git init
```

### 2. Add Your Git Server

```bash
git remote add origin https://git.lemonlink.eu/impulsivefps/LemonSec.git
```

### 3. Configure Git (if needed)

```bash
git config user.name "Your Name"
git config user.email "your.email@example.com"
```

### 4. Add and Commit Files

```bash
# Add all files
git add .

# Commit
git commit -m "Initial LemonSec deployment

- Traefik reverse proxy with Cloudflare SSL
- Authelia SSO and 2FA
- CrowdSec intrusion detection
- AdGuard Home DNS
- TrueNAS Nextcloud routing
"
```

### 5. Push to Server

```bash
# For main branch
git push -u origin main

# Or if your default is master
git push -u origin master
```

### 6. Verify

```bash
# Check remote
git remote -v

# Should show:
# origin  https://git.lemonlink.eu/impulsivefps/LemonSec.git (fetch)
# origin  https://git.lemonlink.eu/impulsivefps/LemonSec.git (push)

# Check status
git status
# Should show: "nothing to commit, working tree clean"
```

## Updating the Repository

After making changes:

```bash
# Make changes to files
nano authelia/users_database.yml  # Add family member

# Commit
git add authelia/users_database.yml
git commit -m "Add family member to Authelia"

# Push
git push

# In Portainer: Pull and redeploy stack
```

## Repository URL for Portainer

Use this URL in Portainer:

```
https://git.lemonlink.eu/impulsivefps/LemonSec
```

### If Repository is Private

If your Git server requires authentication:

1. **Option A: Deploy Key** (Recommended)
   - Generate SSH key pair
   - Add public key to Git repo as deploy key
   - Use SSH URL: `git@git.lemonlink.eu:impulsivefps/LemonSec.git`

2. **Option B: Personal Access Token**
   - Create token in Git settings
   - Use HTTPS with token: `https://token@git.lemonlink.eu/impulsivefps/LemonSec`

3. **Option C: Portainer Git Credentials**
   - In Portainer stack settings
   - Enable authentication
   - Enter username/password

## Testing Git Access

From your Proxmox VM:

```bash
# Test HTTPS access
git ls-remote https://git.lemonlink.eu/impulsivefps/LemonSec

# Should show refs without errors
```

## Troubleshooting

### "repository not found"
- Verify URL is correct
- Check repository exists on Git server
- Confirm permissions

### "Authentication failed"
- Check credentials
- Verify deploy key is added (if using SSH)
- Try accessing in browser first

### "Updates were rejected"
```bash
# Pull first
git pull origin main

# Then push
git push
```

### Large files / Binary files
If you accidentally committed secrets:
```bash
# Remove from history (be careful!)
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch .env' HEAD

# Force push
git push --force
```

## Branch Strategy

For simple deployments, use `main` or `master`:

```bash
# Check current branch
git branch

# Create and switch to main if needed
git checkout -b main
git push -u origin main
```

For advanced setups, you might want:
- `main` - Production
- `develop` - Testing
- `feature/*` - New services

## Automated Updates

Set up webhook (if your Git server supports it):
1. Go to Git repo settings
2. Add webhook URL: `http://portainer:9000/api/stacks/{stack_id}/git/redeploy`
3. On push, Portainer auto-redeploys

Or use Portainer's polling:
- Stacks → lemonsec → Git settings
- Enable automatic updates
- Set interval (e.g., 5 minutes)