feat: CI/CD pipeline + Learning/Medicine/Travel services

- Add Gitea Actions workflow for automated build & deploy
- Add K8s manifests: webui, travel-svc, medicine-svc, sandbox-svc
- Update kustomization for localhost:5000 registry
- Add ingress for gooseek.ru and api.gooseek.ru
- Learning cabinet with onboarding, courses, sandbox integration
- Medicine service with symptom analysis and doctor matching
- Travel service with itinerary planning
- Server setup scripts (NVIDIA/CUDA, K3s, Gitea runner)

Made-with: Cursor

backend/deploy/scripts/install-gitea-registry.sh

@@ -0,0 +1,130 @@
+#!/bin/bash
+set -e
+export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
+
+echo "=== Adding Gitea Helm repo ==="
+helm repo add gitea-charts https://dl.gitea.com/charts/
+helm repo update
+
+echo "=== Installing Gitea ==="
+helm upgrade --install gitea gitea-charts/gitea \
+  --namespace gitea \
+  --set gitea.admin.username=admin \
+  --set gitea.admin.password=GooSeek2026! \
+  --set gitea.admin.email=admin@gooseek.ru \
+  --set persistence.enabled=true \
+  --set persistence.size=10Gi \
+  --set postgresql-ha.enabled=false \
+  --set postgresql.enabled=false \
+  --set redis-cluster.enabled=false \
+  --set redis.enabled=false \
+  --set gitea.config.database.DB_TYPE=sqlite3 \
+  --set gitea.config.server.ROOT_URL=https://git.gooseek.ru \
+  --set gitea.config.server.DOMAIN=git.gooseek.ru \
+  --set ingress.enabled=true \
+  --set ingress.className=nginx \
+  --set ingress.hosts[0].host=git.gooseek.ru \
+  --set ingress.hosts[0].paths[0].path=/ \
+  --set ingress.hosts[0].paths[0].pathType=Prefix \
+  --set ingress.tls[0].secretName=gitea-tls \
+  --set ingress.tls[0].hosts[0]=git.gooseek.ru \
+  --set ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-prod \
+  --wait --timeout 300s
+
+echo "=== Installing Docker Registry ==="
+cat <<'EOF' | kubectl apply -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: registry-pvc
+  namespace: gooseek
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: registry
+  namespace: gooseek
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: registry
+  template:
+    metadata:
+      labels:
+        app: registry
+    spec:
+      containers:
+      - name: registry
+        image: registry:2
+        ports:
+        - containerPort: 5000
+        volumeMounts:
+        - name: registry-data
+          mountPath: /var/lib/registry
+        env:
+        - name: REGISTRY_STORAGE_DELETE_ENABLED
+          value: "true"
+      volumes:
+      - name: registry-data
+        persistentVolumeClaim:
+          claimName: registry-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry
+  namespace: gooseek
+spec:
+  selector:
+    app: registry
+  ports:
+  - port: 5000
+    targetPort: 5000
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: registry-ingress
+  namespace: gooseek
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - registry.gooseek.ru
+    secretName: registry-tls
+  rules:
+  - host: registry.gooseek.ru
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: registry
+            port:
+              number: 5000
+EOF
+
+echo "=== Waiting for pods ==="
+kubectl -n gitea wait --for=condition=Ready pod -l app.kubernetes.io/name=gitea --timeout=300s || true
+kubectl -n gooseek wait --for=condition=Ready pod -l app=registry --timeout=120s || true
+
+echo "=== Final status ==="
+kubectl get pods -A
+kubectl get ingress -A
+kubectl get certificates -A
+
+echo ""
+echo "=== DONE ==="
+echo "Gitea: https://git.gooseek.ru (admin / GooSeek2026!)"
+echo "Registry: https://registry.gooseek.ru"