chore: Update README

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -58,26 +58,25 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: PR Check'
           notification_message: 'PR Created 🎟️'
-  docker-compose-dry-run:
-    name: Docker Compose Dry Run
-    needs: [check-and-create-pr]
+  generate-service-list:
+    name: Generate list of added/modified/deleted services
     runs-on: ubuntu-latest
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_NAMESPACE: ""
-      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
+    needs: [check-and-create-pr]
     outputs:
-      svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
+      svc_deploy_list: ${{ steps.detected_services.outputs.docker_svc_list }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Fetch base branch
         run: |
           git fetch origin ${{ github.event.pull_request.base.ref }}
-      - name: Login to Gitea Container Registry
-        run: |
-          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Services TBD'
+          notification_message: 'Generating list of services to deploy...'
       - name: Save both versions of docker-compose.yml
         run: |
           git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
@@ -107,8 +106,27 @@ jobs:
           echo "Detected service changes:"
           cat service_changes.txt
 
-          svc_list=$(paste -sd '|' service_changes.txt)
-          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
+          temp_svc_list=$(paste -sd '|' service_changes.txt)
+          mod_svcs=$(echo "${temp_svc_list}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
+          echo "docker_svc_list=$mod_svcs" >> "$GITHUB_OUTPUT"
+      - name: Testing service list output
+        run: |
+          echo ${{ steps.detected_services.outputs.docker_svc_list }}
+  docker-compose-dry-run:
+    name: Docker Compose Dry Run
+    needs: [generate-service-list]
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
+      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to Gitea Container Registry
+        run: |
+          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
       - name: Install Vault
         uses: cpanato/vault-installer@main
       - name: Gotify Notification
@@ -118,37 +136,18 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
           notification_message: 'Starting Docker Compose dry run...'
-      - name: Cache .env Files
-        uses: actions/cache@v4
-        with:
-          path: .env
-          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
-      - name: Generate modified services list & .env file for Docker Compose Dry Run
-        id: modded_svcs
+      - name: Generate .env file for Docker Compose
         run: |
-          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
-          echo ${mod_svcs}
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
-      - name: Testing service list output
-        run: |
-          echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
       - name: Docker Compose Dry Run
-        timeout-minutes: 360
-        continue-on-error: true
-        uses: chaplyk/docker-compose-remote-action@v1.1
-        with:
-          ssh_host: 192.168.1.254
-          ssh_port: 22
-          ssh_user: gitea-deploy
-          ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
-          service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
-          compose_file: docker-compose.yml
-          pull: false
-          build: false
-          options: -d --remove-orphans
+        uses: hoverkraft-tech/compose-action@v2.2.0
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
+        with:
+          services: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+          up-flags: -d --remove-orphans --dry-run
+          down-flags: --dry-run
+          compose-flags: --dry-run
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -158,7 +157,7 @@ jobs:
           notification_message: 'Docker Compose dry run completed successfully.'
   cloudflare-dns-setup:
     name: Cloudflare DNS Setup
-    needs: [docker-compose-ansible-lints]
+    needs: [docker-compose-dry-run]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -299,7 +298,7 @@ jobs:
   docker-compose-deploy:
     name: Docker Compose Deployment
     runs-on: ubuntu-latest
-    needs: [docker-compose-dry-run, pr-merge]
+    needs: [generate-service-list, docker-compose-dry-run, pr-merge]
     env:
       VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
@@ -333,21 +332,13 @@ jobs:
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
-        timeout-minutes: 360
-        continue-on-error: true
-        uses: chaplyk/docker-compose-remote-action@v1.1
+        uses: hoverkraft-tech/compose-action@v2.2.0
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
         with:
-          ssh_host: 192.168.1.254
-          ssh_port: 22
-          ssh_user: gitea-deploy
-          ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
-          service: ${DOCKER_SVC_LIST}
-          compose_file: docker-compose.yml
-          pull: false
-          build: false
-          options: -d --remove-orphans
+          services: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+          up-flags: -d --remove-orphans
+          down-flags: --dry-run
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:

README.md

@@ -106,6 +106,8 @@
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
+| planka | ghcr.io/plankanban/planka:2.0.0-rc.3 |
+| planka-pg-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
 | portainer | portainer/portainer-ce:alpine |
 | portnote-web | haedlessdev/portnote:latest |
@@ -130,13 +132,14 @@
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
 | semaphore | semaphoreui/semaphore:v2.12.14 |
-| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
-| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
-| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
 | signoz-app | signoz/signoz:v0.86.2 |
+| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
+| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
+| signoz-logspout | pavanputhra/logspout-signoz |
 | signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
-| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
 | signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
+| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
+| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |

ansible/app-configs/loggifly/config.yaml.j2

@@ -13,6 +13,10 @@ containers:
   invidious:
     keywords:
       - regex: 'Error reading.*Connection reset by peer trying to reconnect...'
+  scrutiny:
+    action_keywords:
+      - restart:
+          regex: s6.*fatal
 global_keywords:
   keywords:
     - panic

ansible/app-configs/signoz/otel/otel-collector-config.yaml.j2

@@ -1,4 +1,7 @@
 receivers:
+  httplogreceiver/json:
+    endpoint: 0.0.0.0:8082
+    source: json
   otlp:
     protocols:
       grpc:
@@ -98,6 +101,6 @@ service:
       processors: [batch]
       exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
     logs:
-      receivers: [otlp]
+      receivers: [otlp, tcplog/docker, httplogreceiver/json]
       processors: [batch]
       exporters: [clickhouselogsexporter]

ansible/app-configs/signoz/otel/otel-collector-opamp-config.yaml.j2

@@ -1 +1 @@
-server_endpoint: ws://signoz:4320/v1/opamp
+server_endpoint: ws://signoz-app:4320/v1/opamp

docker-compose.yml

@@ -33,9 +33,9 @@ x-maxun: &maxun-env
     REDIS_PORT: 6379
     BACKEND_PORT: 8080
     FRONTEND_PORT: 5173
-    BACKEND_URL: http://maxun-backend:8080
+    BACKEND_URL: https://scrape.trez.wtf/api
     PUBLIC_URL: https://scrape.trez.wtf
-    VITE_BACKEND_URL: http://maxun-backend:8080
+    VITE_BACKEND_URL: https://scrape.trez.wtf/api
     VITE_PUBLIC_URL: https://scrape.trez.wtf
     MAXUN_TELEMETRY: true
     PLAYWRIGHT_BROWSERS_PATH: /ms-playwright
@@ -179,6 +179,11 @@ services:
       APPRISE_STATEFUL_MODE: simple
     image: lscr.io/linuxserver/apprise-api:latest
     labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: apprise.trez.wtf
+      cloudflare.tunnel.service: http://apprise:8000
+      cloudflare.tunnel.zonename: trez.wtf
+      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: Apprise
       homepage.icon: apprise.png
@@ -448,8 +453,8 @@ services:
     image: vaultwarden/server:latest
     labels:
       homepage.group: Privacy/Security
-      homepage.name: Bitwarden
-      homepage.icon: bitwarden.png
+      homepage.name: Vaultwarden
+      homepage.icon: vaultwarden.svg
       homepage.href: https://bitwarden.${MY_TLD}
       homepage.description: Credential/Information Vault
       swag: enable
@@ -708,10 +713,12 @@ services:
         - ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app
   crowdsec:
     container_name: crowdsec
+    depends_on:
+      - swag
     environment:
       DOCKER_HOST: tcp://dockerproxy:2375
       GID: 1000
-      BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
+      BOUNCER_KEY_SWAG: ${CROWDSEC_SWAG_API_KEY}
       COLLECTIONS: >-
         corvese/apache-guacamole
         crowdsecurity/home-assistant
@@ -744,15 +751,13 @@ services:
     security_opt:
       - no-new-privileges=true
     volumes:
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
+      # - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
       - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG
       - ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB
       - ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata/logs:/var/log/audiobookself:ro # Audiobookshelf
       - crowdsec-config:/etc/crowdsec
       - crowdsec-db:/var/lib/crowdsec/data
-      - /var/log/journal:/var/log/host:ro
+      - /var/log/journal:/var/log/host/journal:ro
       - /var/log/auth.log:/var/log/host/auth.log:ro
   crowdsec-dashboard:
     container_name: crowdsec-dashboard
@@ -788,11 +793,7 @@ services:
       - 8908:3000
     restart: always
     volumes:
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
-      - source: crowdsec-db
-        target: /data/
-        type: volume
-        volume: {}
+      - crowdsec-db:/data/
   cyber-chef:
     container_name: cyber-chef
     image: mpepping/cyberchef:latest
@@ -870,7 +871,7 @@ services:
     entrypoint: web-entrypoint.sh
     environment:
       RAILS_ENV: development
-      REDIS_URL: redis://redis:6379/
+      REDIS_URL: redis://redis:6379
       DATABASE_HOST: dawarich-pg-db
       DATABASE_USERNAME: dawarich
       DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -922,7 +923,7 @@ services:
       POSTGRES_USER: dawarich
       POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD}
     healthcheck:
-      test: [ "CMD-SHELL", "pg_isready -U postgres -d dawarich_development" ]
+      test: [ "CMD-SHELL", "pg_isready -U dawarich -d dawarich" ]
       interval: 10s
       retries: 5
       start_period: 30s
@@ -954,7 +955,7 @@ services:
     entrypoint: sidekiq-entrypoint.sh
     environment:
       RAILS_ENV: development
-      REDIS_URL: redis://redis:6379/
+      REDIS_URL: redis://redis:6379
       DATABASE_HOST: dawarich-pg-db
       DATABASE_USERNAME: dawarich
       DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -1375,7 +1376,6 @@ services:
       cloudflare.tunnel.enable: true
       cloudflare.tunnel.hostname: git-ssh.trez.wtf
       cloudflare.tunnel.service: http://gitea:22
-      cloudflare.tunnel.zonename: trez.wtf
       cloudflare.tunnel.no_tls_verify: true
       homepage.group: Code/DevOps
       homepage.name: Gitea
@@ -1451,6 +1451,7 @@ services:
     image: gitea/act_runner:latest
     ports:
       - 63604:63604
+    profiles: ["ci-exclude"]
     restart: always
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml
@@ -3192,10 +3193,12 @@ services:
       - 8080
     image: getmaxun/maxun-backend:latest
     mem_limit: 2g   # Set a 2GB memory limit
+    ports:
+      - 8369:8080
+    restart: unless-stopped
     security_opt:
       - seccomp=unconfined  # This might help with browser sandbox issues
     shm_size: '2gb' # Increase shared memory size for Chromium
-    restart: unless-stopped
     volumes:
       - /var/run/dbus:/var/run/dbus
   maxun-frontend:
@@ -3206,6 +3209,10 @@ services:
     image: getmaxun/maxun-frontend:latest
     labels:
       swag: enable
+      swag_server_custom_directive:
+        location /api {
+              proxy_pass http://maxun-backend:8080;
+        }
       swag_proto: http
       swag_port: 5173
       swag_url: scrape.${MY_TLD}
@@ -3472,6 +3479,11 @@ services:
       PORT: 20211
     image: jokobsk/netalertx:latest
     labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: net.trez.wtf
+      cloudflare.tunnel.service: http://192.168.1.254:20211
+      cloudflare.tunnel.zonename: trez.wtf
+      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: NetAlertX
       homepage.href: http://192.168.1.254:20211
@@ -3723,6 +3735,76 @@ services:
     restart: unless-stopped
     volumes:
       - pgbackweb-data:/var/lib/postgresql/data
+  planka:
+    container_name: planka
+    depends_on:
+      planka-pg-db:
+        condition: service_healthy
+    environment:
+      BASE_URL: http://localhost:3000
+      DATABASE_URL: postgresql://planka:${PLANKA_PG_PASSWORD}@planka-pg-db/planka
+      SECRET_KEY: ${PLANKA_SECRET_KEY}
+      LOG_LEVEL: warn
+      TRUST_PROXY: true
+      TOKEN_EXPIRES_IN: 365 # In days
+      KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE: false
+      DEFAULT_LANGUAGE: en-US
+      DEFAULT_ADMIN_EMAIL: noreply@${MY_TLD}
+      DEFAULT_ADMIN_PASSWORD: ${PLANKA_ADMIN_PASSWORD}
+      DEFAULT_ADMIN_NAME: Planka Rinoa
+      DEFAULT_ADMIN_USERNAME: admin
+      S3_ENDPOINT: http://minio:9000
+      S3_REGION: us-east-fh-pln
+      S3_ACCESS_KEY_ID: ${PLANKA_MINIO_ACCESS_KEY}
+      S3_SECRET_ACCESS_KEY: ${PLANKA_MINIO_SECRET_KEY}
+      S3_BUCKET: planka
+      S3_FORCE_PATH_STYLE: true
+      SMTP_HOST: postal-smtp
+      SMTP_PORT: 25
+      SMTP_NAME: noreply@${MY_TLD}
+      SMTP_SECURE: true
+      SMTP_USER: ${POSTAL_SMTP_AUTH_USER}
+      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      SMTP_FROM: '"Planka @ Rinoa" <noreply@${MY_TLD}>'
+      SMTP_TLS_REJECT_UNAUTHORIZED: false
+    image: ghcr.io/plankanban/planka:2.0.0-rc.3
+    labels:
+      homepage.group: Personal/Professional Services
+      homepage.name: Planka
+      homepage.href: https://kanban.${MY_TLD}
+      homepage.icon: planka.svg
+      homepage.description: Kanban board
+      swag: enable
+      swag_url: kanban.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://kanban.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 54476:1337
+    restart: on-failure
+    volumes:
+      - planka-favicons:/app/public/favicons
+      - planka-user-avatars:/app/public/user-avatars
+      - planka-background-images:/app/public/background-images
+      - planka-attachments:/app/private/attachments
+  planka-pg-db:
+    container_name: planka-pg-db
+    environment:
+      POSTGRES_DB: planka
+      POSTGRES_USER: planka
+      POSTGRES_PASSWORD: ${PLANKA_PG_PASSWORD}
+      POSTGRES_HOST_AUTH_METHOD: trust
+    expose:
+      - 5432
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    image: postgres:16-alpine
+    restart: on-failure
+    volumes:
+      - planka-db-data:/var/lib/postgresql/data
   plantuml-server:
     container_name: plantuml-server
     expose:
@@ -3948,12 +4030,12 @@ services:
       homepage.group: Downloaders
       homepage.name: qBittorrent
       homepage.href: https://qbit.${MY_TLD}
-      homepage.icon: qBittorrent.svg
-      homepage.description: qbittorrentvpn over VPN
+      homepage.icon: qbittorrent.svg
+      homepage.description: Fast and stable torrent client
       homepage.widget.type: qbittorrent
       homepage.widget.url: http://qbittorrentvpn:8080
       homepage.widget.user: admin
-      homepage.widget.password: "${DELUGEVPN_PASSWORD}"
+      homepage.widget.password: ${DELUGEVPN_PASSWORD}
       swag: enable
       swag_port: 8080
       swag_proto: http
@@ -4442,7 +4524,7 @@ services:
       cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: Scrutiny
-      homepage.href: http://192.168.1.254:8909
+      homepage.href: https://smartd.trez.wtf
       homepage.icon: scrutiny.png
       homepage.description: WebUI for smartd S.M.A.R.T monitoring
       homepage.widget.type: scrutiny
@@ -4549,57 +4631,6 @@ services:
       - semaphore_config:/etc/semaphore
       - semaphore_data:/var/lib/semaphore
       - semaphore_tmp:/tmp/semaphore
-  signoz-init-clickhouse:
-    <<: *signoz-common
-    container_name: signoz-init-clickhouse
-    command:
-      - bash
-      - -c
-      - |
-        version="v0.0.1"
-        node_os=$$(uname -s | tr '[:upper:]' '[:lower:]')
-        node_arch=$$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
-        echo "Fetching histogram-binary for $${node_os}/$${node_arch}"
-        cd /tmp
-        wget -O histogram-quantile.tar.gz "https://github.com/SigNoz/signoz/releases/download/histogram-quantile%2F$${version}/histogram-quantile_$${node_os}_$${node_arch}.tar.gz"
-        tar -xvzf histogram-quantile.tar.gz
-        mv histogram-quantile /var/lib/clickhouse/user_scripts/histogramQuantile
-    image: clickhouse/clickhouse-server:24.1.2-alpine
-    restart: on-failure
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
-  signoz-zookeeper-1:
-    <<: *signoz-zookeeper-defaults
-    container_name: signoz-zookeeper-1
-    environment:
-      ZOO_SERVER_ID: 1
-      ALLOW_ANONYMOUS_LOGIN: yes
-      ZOO_AUTOPURGE_INTERVAL: 1
-      ZOO_ENABLE_PROMETHEUS_METRICS: yes
-      ZOO_PROMETHEUS_METRICS_PORT_NUMBER: 9141
-    # ports:
-    #   - "2181:2181"
-    #   - "2888:2888"
-    #   - "3888:3888"
-    volumes:
-      - signoz-zookeeper-1:/bitnami/zookeeper
-  signoz-clickhouse:
-    <<: *signoz-clickhouse-defaults
-    container_name: signoz-clickhouse
-    expose:
-      - 9000
-    ports:
-    #   - "9000:9000"
-      - "8123:8123"
-      - "9181:9181"
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
-      - signoz-clickhouse:/var/lib/clickhouse/
-      # - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz-app:
     <<: *signoz-db-depend
     container_name: signoz-app
@@ -4645,6 +4676,56 @@ services:
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/prometheus.yml:/root/config/prometheus.yml
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/dashboards:/root/config/dashboards
       - signoz-sqlite:/var/lib/signoz/
+  signoz-clickhouse:
+    <<: *signoz-clickhouse-defaults
+    container_name: signoz-clickhouse
+    expose:
+      - 9000
+    ports:
+    #   - "9000:9000"
+      - "8123:8123"
+      - "9181:9181"
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
+      - signoz-clickhouse:/var/lib/clickhouse/
+      # - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
+  signoz-init-clickhouse:
+    <<: *signoz-common
+    container_name: signoz-init-clickhouse
+    command:
+      - bash
+      - -c
+      - |
+        version="v0.0.1"
+        node_os=$$(uname -s | tr '[:upper:]' '[:lower:]')
+        node_arch=$$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
+        echo "Fetching histogram-binary for $${node_os}/$${node_arch}"
+        cd /tmp
+        wget -O histogram-quantile.tar.gz "https://github.com/SigNoz/signoz/releases/download/histogram-quantile%2F$${version}/histogram-quantile_$${node_os}_$${node_arch}.tar.gz"
+        tar -xvzf histogram-quantile.tar.gz
+        mv histogram-quantile /var/lib/clickhouse/user_scripts/histogramQuantile
+    image: clickhouse/clickhouse-server:24.1.2-alpine
+    restart: on-failure
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
+  signoz-logspout:
+    command: signoz://signoz-otel-collector:8082
+    container_name: signoz-logspout
+    depends_on:
+      signoz-otel-collector:
+        required: true
+        condition: service_started
+    environment:
+      ENV: prod
+      SIGNOZ_LOG_ENDPOINT: http://signoz-otel-collector:8082
+    image: pavanputhra/logspout-signoz
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
   signoz-otel-collector:
     <<: *signoz-db-depend
     container_name: signoz-otel-collector
@@ -4664,9 +4745,19 @@ services:
       # - "1777:1777"     # pprof extension
       - "4317:4317" # OTLP gRPC receiver
       - "4318:4318" # OTLP HTTP receiver
+      - 8082:8082 # Logspout collection (https://signoz.io/blog/logspout-signoz-setup/)
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-config.yaml:/etc/otel-collector-config.yaml
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
+  signoz-schema-migrator-async:
+    <<: *signoz-db-depend
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
+    container_name: signoz-schema-migrator-async
+    command:
+      - async
+      - --dsn=tcp://signoz-clickhouse:9000
+      - --up=
+    restart: on-failure
   signoz-schema-migrator-sync:
     <<: *signoz-common
     image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
@@ -4679,15 +4770,21 @@ services:
       signoz-clickhouse:
         condition: service_healthy
     restart: on-failure
-  signoz-schema-migrator-async:
-    <<: *signoz-db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
-    container_name: signoz-schema-migrator-async
-    command:
-      - async
-      - --dsn=tcp://signoz-clickhouse:9000
-      - --up=
-    restart: on-failure
+  signoz-zookeeper-1:
+    <<: *signoz-zookeeper-defaults
+    container_name: signoz-zookeeper-1
+    environment:
+      ZOO_SERVER_ID: 1
+      ALLOW_ANONYMOUS_LOGIN: yes
+      ZOO_AUTOPURGE_INTERVAL: 1
+      ZOO_ENABLE_PROMETHEUS_METRICS: yes
+      ZOO_PROMETHEUS_METRICS_PORT_NUMBER: 9141
+    # ports:
+    #   - "2181:2181"
+    #   - "2888:2888"
+    #   - "3888:3888"
+    volumes:
+      - signoz-zookeeper-1:/bitnami/zookeeper
   sonarqube:
     container_name: sonarqube
     depends_on:
@@ -4940,9 +5037,9 @@ services:
       TZ: America/New_York
       URL: trez.wtf
       VALIDATION: dns
-      CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
+      CROWDSEC_API_KEY: ${CROWDSEC_SWAG_API_KEY}
       CROWDSEC_LAPI_URL: http://crowdsec:8080
-      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma
+      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec| #linuxserver/mods:swag-auto-uptime-kuma
       INSTALL_PACKAGES: nginx-mod-http-js
       PROPAGATION: 30
       UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
@@ -4978,6 +5075,9 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - ${DOCKER_VOLUME_CONFIG}/swag:/config
       - ${DOCKER_VOLUME_CONFIG}/sablier/sablier.js:/etc/nginx/conf.d/sablier.js
+      # - ${DOCKER_VOLUME_CONFIG}/swag/otel_ngx_module.so:/usr/lib/nginx/modules/otel_ngx_module.so
+      # - ${DOCKER_VOLUME_CONFIG}/swag/30_http_otel.conf:/etc/nginx/modules/30_http_otel.conf
+      # - ${DOCKER_VOLUME_CONFIG}/swag/opentelemetry_config.toml:/etc/nginx/opentelemetry_config.toml
       - /rinoa-storage:/storage
       - /var/run/docker.sock:/var/run/docker.sock:ro
   tandoor:
@@ -5555,6 +5655,16 @@ volumes:
     name: paperless-ngx-pg
   pgbackweb-data:
     name: pgbackweb-data
+  planka-favicons:
+    name: planka-favicons
+  planka-user-avatars:
+    name: planka-user-avatars
+  planka-background-images:
+    name: planka-background-images
+  planka-attachments:
+    name: planka-attachments
+  planka-db-data:
+    name: planka-db-data
   portainer-data:
     name: portainer-data
   portnote-db-data: