Refactor golden image handling in backup upload process</message>

<message>Update the _set_golden_from_path function to improve the handling of existing golden image files. Replace the existing unlink logic with a more robust method that safely removes files or broken symlinks using the missing_ok parameter. This change enhances the reliability of the backup upload process by ensuring that stale references are properly cleared before setting a new golden image path.
2026-02-24 00:19:40 +02:00
parent df180120aa
commit 808fbf5c7c
136 changed files with 407837 additions and 2 deletions
--- a/backup-from-device/gnss-guard/tm-gnss-guard/server/docker-compose.yml
+++ b/backup-from-device/gnss-guard/tm-gnss-guard/server/docker-compose.yml
@@ -0,0 +1,76 @@
+# GNSS Guard Server - Docker Compose with Nginx + SSL
+#
+# Usage:
+#   1. cp env.example .env.prod
+#   2. Edit .env.prod with your configuration
+#   3. docker compose up -d
+#   4. Run SSL setup: docker compose exec certbot certbot certonly ...
+#
+# For development (no SSL): use docker-compose.dev.yml
+
+services:
+  # ==========================================================================
+  # GNSS Guard Server (FastAPI/Uvicorn)
+  # ==========================================================================
+  gnss-server:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: gnss-guard-server
+    restart: unless-stopped
+    env_file:
+      - .env.prod
+    expose:
+      - "8000"
+    networks:
+      - gnss-network
+    healthcheck:
+      test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:8000/auth/check', timeout=5)"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+  # ==========================================================================
+  # Nginx Reverse Proxy
+  # ==========================================================================
+  nginx:
+    image: nginx:alpine
+    container_name: gnss-nginx
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+      - certbot-etc:/etc/letsencrypt:ro
+      - certbot-var:/var/lib/letsencrypt
+      - certbot-webroot:/var/www/certbot
+      # Mount nginx logs to host for fail2ban monitoring
+      - /var/log/nginx:/var/log/nginx
+    depends_on:
+      - gnss-server
+    networks:
+      - gnss-network
+
+  # ==========================================================================
+  # Certbot (SSL Certificate Management)
+  # ==========================================================================
+  certbot:
+    image: certbot/certbot
+    container_name: gnss-certbot
+    volumes:
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+      - certbot-webroot:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+
+networks:
+  gnss-network:
+    driver: bridge
+
+volumes:
+  certbot-etc:
+  certbot-var:
+  certbot-webroot: