feat: migrar a useAuthentik y configurar CI/CD con Gitea Actions

- Migrar de useAuth() a useAuthentik() para autenticación SSR
- Actualizar componentes UserMenu, AppSidebar y profile.vue
- Configurar docker-compose.yml con variables dinámicas
- Agregar Gitea Actions workflow para build y deploy automático
- Implementar hook de monitoreo de Gitea Actions
- Configurar secrets y variables para deploy seguro
- Actualizar configuración de Traefik con Authentik Forward Auth

docker-compose.yml

@@ -1,11 +1,55 @@
 version: '3.8'
 
 services:
+  postgres:
+    image: postgres:16-alpine
+    container_name: analiticanucleo-postgres
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB:-analitica}
+      - PGRST_DB_AUTHENTICATOR_PASSWORD=${PGRST_DB_AUTHENTICATOR_PASSWORD}
+    ports:
+      - "3000:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      - ./init-db:/docker-entrypoint-initdb.d
+    networks:
+      - principal
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  postgrest:
+    image: postgrest/postgrest:latest
+    container_name: analiticanucleo-postgrest
+    restart: unless-stopped
+    environment:
+      - PGRST_DB_URI=postgres://authenticator:${PGRST_DB_AUTHENTICATOR_PASSWORD}@postgres:5432/${POSTGRES_DB:-analitica}
+      - PGRST_DB_SCHEMA=${PGRST_DB_SCHEMA:-public}
+      - PGRST_DB_ANON_ROLE=${PGRST_DB_ANON_ROLE:-web_anon}
+      - PGRST_JWT_SECRET=${PGRST_JWT_SECRET}
+      - PGRST_OPENAPI_SERVER_PROXY_URI=${PGRST_OPENAPI_SERVER_PROXY_URI:-https://api.analitica.nucleoriofrio.com}
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - principal
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.analiticanucleo-api.rule=Host(`api.analitica.nucleoriofrio.com`)"
+      - "traefik.http.routers.analiticanucleo-api.entrypoints=websecure"
+      - "traefik.http.routers.analiticanucleo-api.tls=true"
+      - "traefik.http.routers.analiticanucleo-api.tls.certresolver=letsencrypt"
+      - "traefik.http.services.analiticanucleo-api.loadbalancer.server.port=3000"
+      - "traefik.docker.network=principal"
+
   nuxt-app:
-    build:
-      context: .
-      dockerfile: Dockerfile
-    container_name: analiticanucleo-nuxt-app
+    image: ${REG}/${REPO_OWNER}/${APP_NAME}:latest
+    container_name: ${APP_NAME}
     restart: unless-stopped
     environment:
       - NODE_ENV=production
@@ -18,19 +62,37 @@ services:
       - NEXT_PUBLIC_SUPABASE_URL=${SUPABASE_URL}
       - NEXT_PUBLIC_SUPABASE_ANON_KEY=${SUPABASE_ANON_KEY}
       # Authentik configuration
-      - NUXT_PUBLIC_AUTHENTIK_URL=${AUTHENTIK_URL}
-      - NUXT_PUBLIC_AUTHENTIK_APP_SLUG=${AUTHENTIK_APP_SLUG}
+      - NUXT_PUBLIC_AUTHENTIK_URL=${NUXT_PUBLIC_AUTHENTIK_URL:-https://authentik.nucleoriofrio.com}
+      # PostgREST API URL
+      - NUXT_PUBLIC_POSTGREST_URL=${NUXT_PUBLIC_POSTGREST_URL:-https://api.analitica.nucleoriofrio.com}
+    depends_on:
+      - postgrest
     networks:
       - principal
+      - traefik-network
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.analiticanucleo.rule=Host(`analitica.nucleoriofrio.com`)"
-      - "traefik.http.routers.analiticanucleo.entrypoints=websecure"
-      - "traefik.http.routers.analiticanucleo.tls=true"
-      - "traefik.http.routers.analiticanucleo.tls.certresolver=letsencrypt"
-      - "traefik.http.services.analiticanucleo.loadbalancer.server.port=3000"
       - "traefik.docker.network=principal"
 
+      # Service
+      - "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000"
+
+      # Router principal con Authentik Forward Auth
+      - "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)"
+      - "traefik.http.routers.${APP_NAME}.entrypoints=websecure"
+      - "traefik.http.routers.${APP_NAME}.tls=true"
+      - "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.${APP_NAME}.service=${APP_NAME}"
+      - "traefik.http.routers.${APP_NAME}.middlewares=authentik-forward-auth@file,${APP_NAME}-headers"
+
+      # Custom headers middleware
+      - "traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+
 networks:
   principal:
     external: true
+  traefik-network:
+    external: true
+
+volumes:
+  postgres_data: