feat: CI/CD pipeline + Learning/Medicine/Travel services

- Add Gitea Actions workflow for automated build & deploy
- Add K8s manifests: webui, travel-svc, medicine-svc, sandbox-svc
- Update kustomization for localhost:5000 registry
- Add ingress for gooseek.ru and api.gooseek.ru
- Learning cabinet with onboarding, courses, sandbox integration
- Medicine service with symptom analysis and doctor matching
- Travel service with itinerary planning
- Server setup scripts (NVIDIA/CUDA, K3s, Gitea runner)

Made-with: Cursor

backend/deploy/scripts/install-gitea-manifest.sh

@@ -0,0 +1,248 @@
+#!/bin/bash
+set -e
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+
+echo "=== Installing Gitea via manifests ==="
+
+cat <<'EOF' | kubectl apply -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-data
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-config
+  namespace: gitea
+data:
+  app.ini: |
+    APP_NAME = GooSeek Git
+    RUN_MODE = prod
+    
+    [server]
+    DOMAIN = git.gooseek.ru
+    ROOT_URL = https://git.gooseek.ru/
+    HTTP_PORT = 3000
+    SSH_PORT = 22
+    SSH_DOMAIN = git.gooseek.ru
+    
+    [database]
+    DB_TYPE = sqlite3
+    PATH = /data/gitea/gitea.db
+    
+    [security]
+    INSTALL_LOCK = true
+    SECRET_KEY = $(openssl rand -hex 32)
+    
+    [service]
+    DISABLE_REGISTRATION = false
+    REQUIRE_SIGNIN_VIEW = false
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      containers:
+      - name: gitea
+        image: gitea/gitea:1.22
+        ports:
+        - containerPort: 3000
+          name: http
+        - containerPort: 22
+          name: ssh
+        volumeMounts:
+        - name: data
+          mountPath: /data
+        - name: config
+          mountPath: /data/gitea/conf
+        env:
+        - name: GITEA__database__DB_TYPE
+          value: sqlite3
+        - name: GITEA__database__PATH
+          value: /data/gitea/gitea.db
+        - name: GITEA__server__DOMAIN
+          value: git.gooseek.ru
+        - name: GITEA__server__ROOT_URL
+          value: https://git.gooseek.ru/
+        - name: GITEA__security__INSTALL_LOCK
+          value: "false"
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: gitea-data
+      - name: config
+        configMap:
+          name: gitea-config
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  selector:
+    app: gitea
+  ports:
+  - port: 3000
+    targetPort: 3000
+    name: http
+  - port: 22
+    targetPort: 22
+    name: ssh
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-ingress
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - git.gooseek.ru
+    secretName: gitea-tls
+  rules:
+  - host: git.gooseek.ru
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea
+            port:
+              number: 3000
+EOF
+
+echo "=== Installing Docker Registry ==="
+cat <<'EOF' | kubectl apply -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: registry-pvc
+  namespace: gooseek
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry
+  namespace: gooseek
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry
+  template:
+    metadata:
+      labels:
+        app: registry
+    spec:
+      containers:
+      - name: registry
+        image: registry:2
+        ports:
+        - containerPort: 5000
+        volumeMounts:
+        - name: registry-data
+          mountPath: /var/lib/registry
+        env:
+        - name: REGISTRY_STORAGE_DELETE_ENABLED
+          value: "true"
+        resources:
+          requests:
+            memory: "64Mi"
+            cpu: "50m"
+          limits:
+            memory: "256Mi"
+            cpu: "200m"
+      volumes:
+      - name: registry-data
+        persistentVolumeClaim:
+          claimName: registry-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry
+  namespace: gooseek
+spec:
+  selector:
+    app: registry
+  ports:
+  - port: 5000
+    targetPort: 5000
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: registry-ingress
+  namespace: gooseek
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - registry.gooseek.ru
+    secretName: registry-tls
+  rules:
+  - host: registry.gooseek.ru
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: registry
+            port:
+              number: 5000
+EOF
+
+echo "=== Waiting for deployments ==="
+kubectl -n gitea rollout status deployment/gitea --timeout=180s || true
+kubectl -n gooseek rollout status deployment/registry --timeout=120s || true
+
+echo "=== Status ==="
+kubectl get pods -A
+kubectl get ingress -A
+kubectl get certificates -A
+
+echo ""
+echo "=== DONE ==="
+echo "Gitea: https://git.gooseek.ru (first user to register will be admin)"
+echo "Registry: https://registry.gooseek.ru"