....

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -1,14 +1,13 @@
 name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
 on:
   push:
-    branches-ignore:
+    branches:
-      - main
+      - '**'
     paths:
-      - '**.yaml'
+      - 'docker-compose.yml'
-      - '**.yml'
-      - '**.j2'
 jobs:
   check-and-create-pr:
+    if: github.ref != 'refs/heads/main'
     name: Check and Create PR
     runs-on: ubuntu-latest
     steps:
@@ -41,7 +40,7 @@ jobs:
           tea login default gitea-rinoa
           pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
           pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }}
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
   docker-compose-ansible-lints:
     name: Docker Compose & Ansible Lints
     needs: [check-and-create-pr]
@@ -255,7 +254,7 @@ jobs:
           notification_title: 'GITEA: PR Merge Successful'
           notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
   ansible-config-docker-compose-deploy:
-    name: Deploy via Ansible & Docker Compose
+    name: Ansible Configs & Docker Compose Deployment
     runs-on: ubuntu-latest
     needs: [pr-merge]
     env:

README.md

@@ -17,6 +17,11 @@
 | bitwarden | vaultwarden/server:latest |
 | bluesky-pds | ghcr.io/bluesky-social/pds:latest |
 | browserless | ghcr.io/browserless/chromium:latest |
+| bunkerweb | bunkerity/bunkerweb:1.6.0 |
+| bunkerweb-scheduler | bunkerity/bunkerweb-scheduler:1.6.0 |
+| bunkerweb-autoconf | bunkerity/bunkerweb-autoconf:1.6.0 |
+| bunkerweb-ui | bunkerity/bunkerweb-ui:1.6.0 |
+| bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
@@ -24,6 +29,7 @@
 | cronicle | elestio/cronicle:latest |
 | crowdsec | crowdsecurity/crowdsec:latest |
 | crowdsec-dashboard | metabase/metabase |
+| cyber-chef | mpepping/cyberchef:latest |
 | czkawka | jlesage/czkawka |
 | dawarich-app | freikin/dawarich:latest |
 | dawarich-pg-db | postgis/postgis:17-3.5-alpine |
@@ -38,7 +44,6 @@
 | ghost | ghost:latest |
 | gitea | gitea/gitea:1.23.1 |
 | gitea-db | postgres:14 |
-| gitea-opengist | ghcr.io/thomiceli/opengist:latest |
 | gitea-runner | gitea/act_runner:latest |
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
 | gluetun | qmcgaw/gluetun:latest |
@@ -69,14 +74,19 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
+| librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
+| librechat-vectordb | ankane/pgvector:latest |
+| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
 | libretranslate | libretranslate/libretranslate |
 | lidarr | lscr.io/linuxserver/lidarr:latest |
 | lidify | thewicklowwolf/lidify:latest |
 | lldap | lldap/lldap:stable |
 | maloja | krateng/maloja:latest |
+| manyfold | lscr.io/linuxserver/manyfold:latest |
 | mariadb | linuxserver/mariadb |
 | mastodon | lscr.io/linuxserver/mastodon:latest |
 | mastodon-pg-db | postgres:17-alpine |
+| meilisearch | getmeili/meilisearch:v1.12.3 |
 | minio | minio/minio |
 | mongodb | bitnami/mongodb:7.0 |
 | multi-scrobbler | foxxmd/multi-scrobbler |
@@ -91,7 +101,6 @@
 | nextcloud | nextcloud/all-in-one:latest |
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
-| open-webui | ghcr.io/open-webui/open-webui:main |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | parseable | containers.parseable.com/parseable/parseable:latest |
 | peppermint | pepperlabs/peppermint:latest |
@@ -102,7 +111,7 @@
 | plausible | ghcr.io/plausible/community-edition:v2.1.0 |
 | plausible_db | postgres:16-alpine |
 | plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
-| portainer | portainer/portainer-ce:alpine-sts |
+| portainer | portainer/portainer-ce:2.27.0-alpine |
 | portall | need4swede/portall:latest |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
@@ -121,11 +130,13 @@
 | scraperr-api | jpyles0524/scraperr_api:latest |
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
+| semaphore | semaphoreui/semaphore:v2.12.14 |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
 | sonashow | thewicklowwolf/sonashow:latest |
 | soularr | mrusse08/soularr:latest |
+| soularr-dashboard | git.trez.wtf/trez.one/soularr-dashboard:v0.1 |
 | soulseek | slskd/slskd |
 | sourcebot | ghcr.io/sourcebot-dev/sourcebot:latest |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
@@ -143,6 +154,4 @@
 | web-check | lissy93/web-check |
 | your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |
-| zitadel | ghcr.io/zitadel/zitadel:latest |
-| zitadel-pg-db | postgres:16-alpine |
 

ansible/app-configs/crowdsec_local-api-credentials.yaml.j2

@@ -0,0 +1,6 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+url: http://0.0.0.0:8080
+login: localhost
+password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_LOCAL_API_KEY'] }}

ansible/app-configs/homepage_settings.yaml.j2

@@ -23,32 +23,31 @@ provider: duckduckgo
 layout:
   System Administration:
     style: row
-    columns: 4
+    columns: 5
-    # fiveColumns: true
   Infrastructure/App Performance Monitoring:
     style: row
-    columns: 3
+    columns: 4
   Code/DevOps:
     style: row
-    columns: 3
+    columns: 4
   Social:
     style: row
     columns: 3
   Lifestyle:
     style: row
-    columns: 3
+    columns: 5
   Automation:
-    style: columns
+    style: row
-    row: 2
+    columns: 5
   Privacy/Security:
-    style: columns
+    style: row
-    row: 5
+    columns: 3
   Personal Services:
     style: row
-    columns: 4
+    columns: 3
   Professional Services:
     style: row
-    columns: 3
+    columns: 5
   Servarr Stack:
     style: row
     columns: 3

ansible/app-configs/librechat_librechat.env.j2

@@ -0,0 +1,550 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+#=====================================================================#
+#                       LibreChat Configuration                       #
+#=====================================================================#
+# Please refer to the reference documentation for assistance          #
+# with configuring your LibreChat environment.                        #
+#                                                                     #
+# https://www.librechat.ai/docs/configuration/dotenv                  #
+#=====================================================================#
+
+#==================================================#
+#               Server Configuration               #
+#==================================================#
+
+HOST=localhost
+PORT=3080
+
+MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
+
+DOMAIN_CLIENT=https://ai.trez.wtf
+DOMAIN_SERVER=https://ai.trez.wtf
+
+NO_INDEX=true
+# Use the address that is at most n number of hops away from the Express application.
+# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left.
+# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.
+# Defaulted to 1.
+TRUST_PROXY=1
+
+#===============#
+# JSON Logging  #
+#===============#
+
+# Use when process console logs in cloud deployment like GCP/AWS
+CONSOLE_JSON=true
+
+#===============#
+# Debug Logging #
+#===============#
+
+DEBUG_LOGGING=true
+DEBUG_CONSOLE=false
+
+#=============#
+# Permissions #
+#=============#
+
+# UID=1000
+# GID=1000
+
+#===============#
+# Configuration #
+#===============#
+# Use an absolute path, a relative path, or a URL
+
+# CONFIG_PATH="/alternative/path/to/librechat.yaml"
+
+#===================================================#
+#                     Endpoints                     #
+#===================================================#
+
+# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic
+
+PROXY=
+
+#===================================#
+# Known Endpoints - librechat.yaml  #
+#===================================#
+# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints
+
+# ANYSCALE_API_KEY=
+# APIPIE_API_KEY=
+# COHERE_API_KEY=
+DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }}
+# DATABRICKS_API_KEY=
+# FIREWORKS_API_KEY=
+# GROQ_API_KEY=
+# HUGGINGFACE_TOKEN=
+MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }}
+# OPENROUTER_KEY=
+# PERPLEXITY_API_KEY=
+# SHUTTLEAI_API_KEY=
+# TOGETHERAI_API_KEY=
+# UNIFY_API_KEY=
+# XAI_API_KEY=
+
+#============#
+# Anthropic  #
+#============#
+
+ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }}
+ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
+# ANTHROPIC_REVERSE_PROXY=
+
+#============#
+# Azure      #
+#============#
+
+# Note: these variables are DEPRECATED
+# Use the `librechat.yaml` configuration for `azureOpenAI` instead
+# You may also continue to use them if you opt out of using the `librechat.yaml` configuration
+
+# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated
+# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated
+# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated
+# AZURE_API_KEY= # Deprecated
+# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated
+# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated
+# AZURE_OPENAI_API_VERSION= # Deprecated
+# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated
+# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated
+# PLUGINS_USE_AZURE="true" # Deprecated
+
+#=================#
+#   AWS Bedrock   #
+#=================#
+
+# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
+# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
+# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
+# BEDROCK_AWS_SESSION_TOKEN=someSessionToken
+
+# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you.
+# BEDROCK_AWS_MODELS=anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0
+
+# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns
+
+# Notes on specific models:
+# The following models are not support due to not supporting streaming:
+# ai21.j2-mid-v1
+
+# The following models are not support due to not supporting conversation history:
+# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14
+
+#============#
+# Google     #
+#============#
+
+{# GOOGLE_KEY=user_provided #}
+
+# GOOGLE_REVERSE_PROXY=
+# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead.
+# GOOGLE_AUTH_HEADER=true
+
+# Gemini API (AI Studio)
+# GOOGLE_MODELS=gemini-2.0-flash-exp,gemini-2.0-flash-thinking-exp-1219,gemini-exp-1121,gemini-exp-1114,gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
+
+# Vertex AI
+# GOOGLE_MODELS=gemini-1.5-flash-preview-0514,gemini-1.5-pro-preview-0514,gemini-1.0-pro-vision-001,gemini-1.0-pro-002,gemini-1.0-pro-001,gemini-pro-vision,gemini-1.0-pro
+
+# GOOGLE_TITLE_MODEL=gemini-pro
+
+# GOOGLE_LOC=us-central1
+
+# Google Safety Settings
+# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
+#
+# For Vertex AI:
+# To use the BLOCK_NONE setting, you need either:
+# (a) Access through an allowlist via your Google account team, or
+# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
+#
+# For Gemini API (AI Studio):
+# BLOCK_NONE is available by default, no special account requirements.
+#
+# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
+#
+# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
+# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
+# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
+# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
+# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH
+
+#============#
+# OpenAI     #
+#============#
+
+OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }}
+OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
+
+DEBUG_OPENAI=false
+
+# TITLE_CONVO=false
+# OPENAI_TITLE_MODEL=gpt-4o-mini
+
+# OPENAI_SUMMARIZE=true
+# OPENAI_SUMMARY_MODEL=gpt-4o-mini
+
+# OPENAI_FORCE_PROMPT=true
+
+# OPENAI_REVERSE_PROXY=
+
+# OPENAI_ORGANIZATION=
+
+#====================#
+#   Assistants API   #
+#====================#
+
+# ASSISTANTS_API_KEY=user_provided
+# ASSISTANTS_BASE_URL=
+# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
+
+#==========================#
+#   Azure Assistants API   #
+#==========================#
+
+# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration
+# The models for Azure Assistants are also determined by your Azure OpenAI configuration.
+
+# More info, including how to enable use of Assistants with Azure here:
+# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure
+
+#============#
+# OpenRouter #
+#============#
+# !!!Warning: Use the variable above instead of this one. Using this one will override the OpenAI endpoint
+# OPENROUTER_API_KEY=
+
+#============#
+# Plugins    #
+#============#
+
+# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
+
+# DEBUG_PLUGINS=
+
+# CREDS_KEY=
+# CREDS_IV=
+
+# Azure AI Search
+#-----------------
+# AZURE_AI_SEARCH_SERVICE_ENDPOINT=
+# AZURE_AI_SEARCH_INDEX_NAME=
+# AZURE_AI_SEARCH_API_KEY=
+
+# AZURE_AI_SEARCH_API_VERSION=
+# AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
+# AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
+# AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
+
+# DALL·E
+#----------------
+# DALLE_API_KEY=
+# DALLE3_API_KEY=
+# DALLE2_API_KEY=
+# DALLE3_SYSTEM_PROMPT=
+# DALLE2_SYSTEM_PROMPT=
+# DALLE_REVERSE_PROXY=
+# DALLE3_BASEURL=
+# DALLE2_BASEURL=
+
+# DALL·E (via Azure OpenAI)
+# Note: requires some of the variables above to be set
+#----------------
+# DALLE3_AZURE_API_VERSION=
+# DALLE2_AZURE_API_VERSION=
+
+
+# Google
+#-----------------
+GOOGLE_SEARCH_API_KEY=
+GOOGLE_CSE_ID=
+
+# YOUTUBE
+#-----------------
+YOUTUBE_API_KEY=
+
+# SerpAPI
+#-----------------
+SERPAPI_API_KEY=
+
+# Stable Diffusion
+#-----------------
+# SD_WEBUI_URL=http://host.docker.internal:7860
+
+# Tavily
+#-----------------
+TAVILY_API_KEY=
+
+# Traversaal
+#-----------------
+TRAVERSAAL_API_KEY=
+
+# WolframAlpha
+#-----------------
+WOLFRAM_APP_ID=
+
+# Zapier
+#-----------------
+ZAPIER_NLA_API_KEY=
+
+#==================================================#
+#                      Search                      #
+#==================================================#
+
+SEARCH=true
+MEILI_NO_ANALYTICS=true
+MEILI_HOST=http://meilisearch:7700
+MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }}
+
+# Optional: Disable indexing, useful in a multi-node setup
+# where only one instance should perform an index sync.
+# MEILI_NO_SYNC=true
+
+#==================================================#
+#          Speech to Text & Text to Speech         #
+#==================================================#
+
+STT_API_KEY=
+TTS_API_KEY=
+
+#==================================================#
+#                        RAG                       #
+#==================================================#
+# More info: https://www.librechat.ai/docs/configuration/rag_api
+
+# RAG_OPENAI_BASEURL=
+# RAG_OPENAI_API_KEY=
+# RAG_USE_FULL_CONTEXT=
+# EMBEDDINGS_PROVIDER=openai
+# EMBEDDINGS_MODEL=text-embedding-3-small
+
+#===================================================#
+#                    User System                    #
+#===================================================#
+
+#========================#
+# Moderation             #
+#========================#
+
+OPENAI_MODERATION=false
+OPENAI_MODERATION_API_KEY=
+# OPENAI_MODERATION_REVERSE_PROXY=
+
+BAN_VIOLATIONS=true
+BAN_DURATION=1000 * 60 * 60 * 2
+BAN_INTERVAL=20
+
+LOGIN_VIOLATION_SCORE=1
+REGISTRATION_VIOLATION_SCORE=1
+CONCURRENT_VIOLATION_SCORE=1
+MESSAGE_VIOLATION_SCORE=1
+NON_BROWSER_VIOLATION_SCORE=20
+
+LOGIN_MAX=7
+LOGIN_WINDOW=5
+REGISTER_MAX=5
+REGISTER_WINDOW=60
+
+LIMIT_CONCURRENT_MESSAGES=true
+CONCURRENT_MESSAGE_MAX=2
+
+LIMIT_MESSAGE_IP=true
+MESSAGE_IP_MAX=40
+MESSAGE_IP_WINDOW=1
+
+LIMIT_MESSAGE_USER=false
+MESSAGE_USER_MAX=40
+MESSAGE_USER_WINDOW=1
+
+ILLEGAL_MODEL_REQ_SCORE=5
+
+#========================#
+# Balance                #
+#========================#
+
+CHECK_BALANCE=false
+# START_BALANCE=20000 # note: the number of tokens that will be credited after registration.
+
+#========================#
+# Registration and Login #
+#========================#
+
+ALLOW_EMAIL_LOGIN=true
+ALLOW_REGISTRATION=true
+ALLOW_SOCIAL_LOGIN=false
+ALLOW_SOCIAL_REGISTRATION=false
+ALLOW_PASSWORD_RESET=false
+# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out
+ALLOW_UNVERIFIED_EMAIL_LOGIN=true
+
+SESSION_EXPIRY=1000 * 60 * 15
+REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
+
+JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }}
+JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }}
+
+
+# Discord
+DISCORD_CLIENT_ID=
+DISCORD_CLIENT_SECRET=
+DISCORD_CALLBACK_URL=/oauth/discord/callback
+
+# Facebook
+FACEBOOK_CLIENT_ID=
+FACEBOOK_CLIENT_SECRET=
+FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
+
+# GitHub
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+GITHUB_CALLBACK_URL=/oauth/github/callback
+# GitHub Enterprise
+# GITHUB_ENTERPRISE_BASE_URL=
+# GITHUB_ENTERPRISE_USER_AGENT=
+
+# Google
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+GOOGLE_CALLBACK_URL=/oauth/google/callback
+
+# Apple
+APPLE_CLIENT_ID=
+APPLE_TEAM_ID=
+APPLE_KEY_ID=
+APPLE_PRIVATE_KEY_PATH=
+APPLE_CALLBACK_URL=/oauth/apple/callback
+
+# OpenID
+OPENID_CLIENT_ID=
+OPENID_CLIENT_SECRET=
+OPENID_ISSUER=
+OPENID_SESSION_SECRET=
+OPENID_SCOPE="openid profile email"
+OPENID_CALLBACK_URL=/oauth/openid/callback
+OPENID_REQUIRED_ROLE=
+OPENID_REQUIRED_ROLE_TOKEN_KIND=
+OPENID_REQUIRED_ROLE_PARAMETER_PATH=
+# Set to determine which user info property returned from OpenID Provider to store as the User's username
+OPENID_USERNAME_CLAIM=
+# Set to determine which user info property returned from OpenID Provider to store as the User's name
+OPENID_NAME_CLAIM=
+
+OPENID_BUTTON_LABEL=
+OPENID_IMAGE_URL=
+
+# LDAP
+# LDAP_URL=
+# LDAP_BIND_DN=
+# LDAP_BIND_CREDENTIALS=
+# LDAP_USER_SEARCH_BASE=
+# LDAP_SEARCH_FILTER=mail=
+# LDAP_CA_CERT_PATH=
+# LDAP_TLS_REJECT_UNAUTHORIZED=
+# LDAP_LOGIN_USES_USERNAME=true
+# LDAP_ID=
+# LDAP_USERNAME=
+# LDAP_EMAIL=
+# LDAP_FULL_NAME=
+
+#========================#
+# Email Password Reset   #
+#========================#
+
+EMAIL_SERVICE=
+EMAIL_HOST=postal-smtp
+EMAIL_PORT=25
+EMAIL_ENCRYPTION=
+EMAIL_ENCRYPTION_HOSTNAME=
+EMAIL_ALLOW_SELFSIGNED=
+EMAIL_USERNAME=
+EMAIL_PASSWORD=
+EMAIL_FROM_NAME=
+EMAIL_FROM=noreply@librechat.ai
+
+#========================#
+# Firebase CDN           #
+#========================#
+
+# FIREBASE_API_KEY=
+# FIREBASE_AUTH_DOMAIN=
+# FIREBASE_PROJECT_ID=
+# FIREBASE_STORAGE_BUCKET=
+# FIREBASE_MESSAGING_SENDER_ID=
+# FIREBASE_APP_ID=
+
+#========================#
+# Shared Links           #
+#========================#
+
+ALLOW_SHARED_LINKS=true
+ALLOW_SHARED_LINKS_PUBLIC=true
+
+#==============================#
+# Static File Cache Control    #
+#==============================#
+
+# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
+# NODE_ENV must be set to production for these to take effect
+# STATIC_CACHE_MAX_AGE=172800
+# STATIC_CACHE_S_MAX_AGE=86400
+
+# If you have another service in front of your LibreChat doing compression, disable express based compression here
+# DISABLE_COMPRESSION=true
+
+#===================================================#
+#                        UI                         #
+#===================================================#
+
+APP_TITLE=LibreChat
+# CUSTOM_FOOTER="My custom footer"
+HELP_AND_FAQ_URL=https://librechat.ai
+
+# SHOW_BIRTHDAY_ICON=true
+
+# Google tag manager id
+#ANALYTICS_GTM_ID=user provided google tag manager id
+
+#===============#
+# REDIS Options #
+#===============#
+
+REDIS_URI=redis:6379
+USE_REDIS=true
+
+# USE_REDIS_CLUSTER=true
+# REDIS_CA=/path/to/ca.crt
+
+#==================================================#
+#                      Others                      #
+#==================================================#
+#   You should leave the following commented out   #
+
+# NODE_ENV=
+
+# E2E_USER_EMAIL=
+# E2E_USER_PASSWORD=
+
+#=====================================================#
+#                  Cache Headers                      #
+#=====================================================#
+#   Headers that control caching of the index.html    #
+#   Default configuration prevents caching to ensure  #
+#   users always get the latest version. Customize    #
+#   only if you understand caching implications.      #
+
+# INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate
+# INDEX_HTML_PRAGMA=no-cache
+# INDEX_HTML_EXPIRES=0
+
+# no-cache: Forces validation with server before using cached version
+# no-store: Prevents storing the response entirely
+# must-revalidate: Prevents using stale content when offline
+
+#=====================================================#
+#                  OpenWeather                        #
+#=====================================================#
+OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}

ansible/app-configs/librechat_librechat.yaml.j2

@@ -0,0 +1,32 @@
+endpoints:
+  custom:
+    - name: "Ollama"
+      apiKey: "ollama"
+      baseURL: "http://ollama:11434/v1/chat/completions"
+      models:
+        default: [
+          "deepseek-r1"
+          "deepseek-coder-v2",
+          "deepseek-v3",
+          "llama3.3",
+          "phi4",
+          "qwen2.5",
+          "llama2",
+          "mistral",
+          "codellama",
+          "tinyllama",
+          "starcoder2",
+          "dolphin-mixtral",
+          "smollm2",
+          "orca-mini",
+          "mistral-openorca"
+        ]
+# fetching list of models is supported but the `name` field must start
+# with `ollama` (case-insensitive), as it does in this example.
+        fetch: true
+      titleConvo: true
+      titleModel: "current_model"
+      summarize: false
+      summaryModel: "current_model"
+      forcePrompt: false
+      modelDisplayLabel: "Ollama"

ansible/app-configs/sabnzbdvpn_sabnzbd.ini.j2

@@ -342,7 +342,7 @@ host = news.newshosting.com
 port = 563
 timeout = 60
 username = thetrezuredone
-password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_PASSWORD'] }}
+password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
 connections = 8
 ssl = 1
 ssl_verify = 3

ansible/app-configs/soularr_config.ini.j2

@@ -0,0 +1,76 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+[Lidarr]
+api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
+host_url = http://lidarr:8686
+#This should be the path mounted in lidarr that points to your slskd download directory.
+#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
+download_dir = /storage
+
+[Slskd]
+#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
+api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
+host_url = http://gluetun:5030
+#Slskd download directory. Should have set it up when installing Slskd.
+download_dir = /app/downloads
+#Removes searches from Slskd after the search finishes.
+delete_searches = False
+#Maximum time (in seconds) that the script will wait for downloads to complete.
+#This is used to prevent the script from running forever due to a stalled download. Defaults to 1 hour.
+stalled_timeout = 3600
+
+[Release Settings]
+#Selects the release with the most common amount of tracks out of all the releases.
+use_most_common_tracknum = True
+allow_multi_disc = True
+#See full list of countries below.
+accepted_countries = Europe,Japan,United Kingdom,United States,[Worldwide],Australia,Canada
+#See full list of formats below.
+accepted_formats = CD,Digital Media,Vinyl
+
+[Search Settings]
+search_timeout = 5000
+maximum_peer_queue = 50
+#Min upload speed in bit/s
+minimum_peer_upload_speed = 0
+#Min match ratio accepted when comparing lidarr track names to soulseek filenames.
+minimum_filename_match_ratio = 0.5
+#Specify the file types you prefer from most to least. As well as their attributes such as bitrate / samplerate / bitdepth.
+#For flacs you can choose the bitdepth/samplerate. And for mp3s the bitrate.
+#If you do not care about the specific quality you can still just put "flac" or "mp3".
+#Soularr will then just look at the filetype and ignore file attributes.
+allowed_filetypes = flac 24/192,flac 16/44.1,flac,mp3 320,mp3
+ignored_users = User1,User2,Fred,Bob
+#Set to False if you only want to search for complete albums
+search_for_tracks = True
+#Set to True if you want to add the artist's name to the beginning of the search for albums
+album_prepend_artist = False
+track_prepend_artist = True
+#Valid search types: all || incrementing_page || first_page
+  #"all" will search for every wanted record everytime soularr is run.
+  #"incrementing_page" will start with the first page and increment to the next on each run.
+  #"first_page" will repeatedly search the first page.
+#If using the search type "first_page" remove_wanted_on_failure should be enabled.
+search_type = incrementing_page
+#How mancy records to grab each run, must be a number between 1 - 2,147,483,647
+number_of_albums_to_grab = 10
+#Unmonitors the album if Soularr can't find it and places it in "failure_list.txt".
+#Failed albums can be re monitored by filtering "Unmonitored" in the Lidarr wanted list.
+remove_wanted_on_failure = False
+#Comma separated list of words that can't be in the title of albums or tracks. Case insensitive.
+title_blacklist = BlacklistWord1,blacklistword2
+#Lidarr source to use for searching. Accepted values are "all", "missing", or "cutoff_unmet". If "all" is selected
+# then both missing and cutoff_unme will be searched. The default value is "missing".
+search_source = missing
+
+[Logging]
+#These options are passed into the logger's basicConfig() method as-is.
+#This means, if you're familiar with Python's logging module, you can configure
+#the logger with options beyond what's listed here by default.
+#For more information on available options  --  https://docs.python.org/3/library/logging.html#logging.basicConfig
+level = INFO
+# Format of log message  --  https://docs.python.org/3/library/logging.html#logrecord-attributes
+format = [%(levelname)s|%(module)s|L%(lineno)d] %(asctime)s: %(message)s
+# Format of datetimes  --  https://docs.python.org/3/library/time.html#time.strftime
+datefmt = %Y-%m-%dT%H:%M:%S%z

ansible/app-configs/soulseek_slskd.yml.j2

@@ -1,238 +1,212 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 
-# debug: false
+directories:
-# remote_configuration: false
+  incomplete: /app/incomplete
-# remote_file_management: false
+  downloads: /app/downloads
-# instance_name: default
+shares:
-# flags:
+  directories:
-#   no_logo: false
+    - /music
-#   no_start: false
+rooms:
-#   no_config_watch: false
+  - '! meow chat :3'
-#   no_connect: false
+  - '#ANUS'
-#   no_share_scan: false
+  - '#CORONAVIRUS'
-#   force_share_scan: false
+  - '#Horrorcore'
-#   no_version_check: false
+  - '#La France'
-#   log_sql: false
+  - '#icilombre-hardcore'
-#   experimental: false
+  - '#polska'
-#   volatile: false
+  - '#vegan'
-#   case_sensitive_reg_ex: false
+  - $$RARE RAP MUSIC$$
-#   legacy_windows_tcp_keepalive: false
+  - ([6)]
-# relay:
+  - +Autism+
-#   enabled: false
+  - +BlackMetal+
-#   mode: controller # controller (default), agent, or debug (for local development)
+  - +HIP_HOP_SCENE_RELEASES+
-#   # controller config is required when running in 'agent' mode
+  - /mu/
-#   # this specifies the relay controller that will be controlling this agent
+  - 60lover
-#   controller:
+  - 60lover v2
-#     address: https://some.site.com:5000
+  - 70 Rare groove Soul Jazz
-#     ignore_certificate_errors: false
+  - 80's 12 Inches & More
-#     api_key: <a 16-255 character string corresponding to one of the controller's 'readwrite' or 'administrator' API keys>
+  - 90's Rare Riddim !!
-#     secret: <a 16-255 character shared secret matching the controller's config for this agent>
+  - 90's emo
-#     downloads: false
+  - <>Electronics Labels<>
-#   # agent config is optional when running in 'controller' mode
+  - ACID
-#   # this specifies all of the agents capable of connecting
+  - ARGENTINA
-#   agents:
+  - "ATLLUMINATI\u201Cawareness"
-#     my_agent:
+  - AUSTRALIA
-#       instance_name: my_agent # make sure the top-level instance_name of the agent matches!
+  - Alcohol
-#       secret: <a 16-255 character string unique to this agent>
+  - Ambient
-#       cidr: 0.0.0.0/0,::/0
+  - Anime
-# permissions:
+  - Audiobooks
-#   file:
+  - Avantgarde
-#     mode: ~ # not for Windows, chmod syntax, e.g. 644, 777. can't escalate beyond umask
+  - BDSM
-# directories:
+  - BLUES BUNKER MUSIC
-#   incomplete: ~
+  - BOB DYLAN ROOM
-#   downloads: ~
+  - BigEdsClassicRock
-# shares:
+  - BigedsSixties
-#   directories:
+  - Blues&Soul
-#     - ~
+  - Bootlegged concerts
-#   filters:
+  - Brasil
-#     - \.ini$
+  - Breakcore
-#     - Thumbs.db$
+  - CHILE
-#     - \.DS_Store$
+  - Canada
-#   cache:
+  - China Room
-#     storage_mode: memory
+  - Chiptunes
-#     workers: 16
+  - Christians
-#     retention: ~ # retain indefinitely (do not automatically re-scan)
+  - Classical
-# rooms:
+  - Come To The Sabbath !
-#   - ~
+  - Communism
-# global:
+  - DEATH METAL CLUB
-#   upload:
+  - Dark Ambient
-#     slots: 20
+  - De Koffie Shop
-#     speed_limit: 1000 # in kibibytes
+  - De Kroeg
-#   limits:
+  - Deathrock
-#     queued:
+  - DieMilitarmusik
-#       files: 500
+  - Disco Classics
-#       megabytes: 5000
+  - Doom Metal
-#     daily:
+  - Doujin Music
-#       files: 1000
+  - Dub Techno
-#       megabytes: 10000
+  - Dubstep
-#       failures: 200
+  - EBM-GOTHIC-INDUSTRIAL
-#     weekly:
+  - EBooks
-#       files: 5000
+  - Emo
-#       megabytes: 50000
+  - Eurodance
-#       failures: 1000
+  - Eurovision Song Contest
-#   download:
+  - Experimental Electronica
-#     slots: 500
+  - FOLK MUSIC
-#     speed_limit: 1000
+  - Free Jazz
-# groups:
+  - Furry
-#   default:
+  - Gay
-#     upload:
+  - Gothic
-#       priority: 500
+  - Greece
-#       strategy: roundrobin
+  - Grindcore
-#       slots: 10
+  - HEE cum eaters 1! !
-#     limits:
+  - HOUSE MUSIC LOVERS (AG)
-#       queued:
+  - Happy Hardcore
-#         files: 150
+  - Hardcore NL
-#         megabytes: 1500
+  - Hardcore/punk
-#       daily: ~ # no daily limits (weekly still apply)
+  - Hip Hop
-#       weekly:
+  - Horror movies
-#         files: 1500
+  - IDM
-#         megabytes: 15000
+  - INDUSTRIAL
-#         failures: 150
+  - IReGGaeGaLaXy
-#   leechers:
+  - Incredibly Strange Music
-#     thresholds:
+  - Israel
-#       files: 1
+  - Jaz (Full CDs)
-#       directories: 1
+  - Jazz
-#     upload:
+  - Jazz-Rock-Fusion-Guitar
-#       priority: 999
+  - Juggalo Family
-#       strategy: roundrobin
+  - Jungle
-#       slots: 1
+  - Korean Music
-#       speed_limit: 100
+  - LANGUAGE EXCHANGE here
-#     limits:
+  - LGBTQ+!!
-#       queued:
+  - Last.fm
-#         files: 15
+  - Linux
-#         megabytes: 150
+  - Lossless Scores
-#       daily:
+  - MOVIES
-#         files: 30
+  - Mac Users
-#         megabytes: 300
+  - Metal
-#         failures: 10
+  - MovieMusic
-#       weekly:
+  - NORWAY
-#         files: 150
+  - New Crystal Vibrations
-#         megabytes: 1500
+  - New Wave
-#         failures: 30
+  - New Zealand
-#   blacklisted:
+  - OLD SKOOL GANGSTA SHIT
-#     members:
+  - OLDSCHOOL 88-94
-#       - <username to blacklist>
+  - OLI SHOTA CUB ROOM!
-#     cidrs:
+  - Original Blues Bunker
-#       - <CIDR to blacklist, e.g. 255.255.255.255/32>
+  - PSYCHEDELIA
-#   user_defined:
+  - PUNK/HARDCORE/GRIND
-#     my_buddies:
+  - Portugal
-#       upload:
+  - Post Punk
-#         priority: 250
+  - Post-Hardcore (modern)
-#         strategy: firstinfirstout
+  - Progressive Rock
-#         slots: 10
+  - Psychedelic/Acid Rock
-#       limits:
+  - Psytrance
-#         queued:
+  - Quebec
-#           files: 1000 # override global default
+  - REGGAE
-#       members:
+  - Rare Music
-#         - alice
+  - RareVHS/DVD/Rips
-#         - bob
+  - Retro Gaming
-# blacklist:
+  - Romania
-#   enabled: true
+  - Room Name
-#   file: <path to file containing CIDRs to blacklist>
+  - SIsk Idiots !!
-# filters:
+  - SLUDGE!
-#   search:
+  - Slovenia
-#     request:
+  - Soundtracks&Scores
-#       - ^.{1,2}$
+  - Spain
-# web:
+  - Stoner HiVe
-#   port: 5030
+  - Stoner Rock
-#   https:
+  - Strange Music
-#     disabled: false
+  - TECHNO, Mixes and Tunes
-#     port: 5031
+  - THC
-#     force: false
+  - Talia
-#     certificate:
+  - The Dangerous Kitchen
-#       pfx: ~
+  - TheScoreZone
-#       password: ~
+  - Thrash Metal
-#   url_base: /
+  - Tinmans Movie Room
-#   content_path: wwwroot
+  - Trip-Hop
-#   logging: false
+  - Ttalian_dancefloor
-#   authentication:
+  - Twee Folks
-#     disabled: false
+  - UK DUB
-#     username: slskd
+  - URIDDIM!!
-#     password: slskd
+  - Ukraine
-#     jwt:
+  - Underground Hiphop
-#       key: ~
+  - VAPORWAVE
-#       ttl: 604800000
+  - Video Game Chat
-#     api_keys:
+  - Vinyl Addicts
-#       my_api_key:
+  - Vocaloid
-#         key: <some example string between 16 and 255 characters>
+  - WHATCDs
-#         role: readonly # readonly, readwrite, administrator
+  - World Music
-#         cidr: 0.0.0.0/0,::/0
+  - Yacht Rock
-# retention:
+  - '[German] [Deutsch]'
-#   transfers:
+  - abbey road Itd
-#     upload:
+  - anime cunny
-#       succeeded: 1440 # 1 day
+  - bleeps&klonks
-#       errored: 30
+  - breakbeat
-#       cancelled: 5
+  - comics
-#     download:
+  - deep house connection
-#       succeeded: 1440 # 1 day
+  - drum'n'bass
-#       errored: 20160 # 2 weeks 
+  - eesti mehed
-#       cancelled: 5
+  - electro
-#   files:
+  - flacfield
-#     complete: 20160 # 2 weeks
+  - food
-#     incomplete: 43200 # 30 days
+  - for Losers
-#   logs: 259200 # 180 days
+  - hungary
-# logger:
+  - indie
-#   disk: false
+  - japanese music
-#   no_color: false
+  - library music
-#   loki: ~
+  - lossless
-# metrics:
+  - minimal music
-#   enabled: false
+  - museek
-#   url: /metrics
+  - noise
-#   authentication:
+  - 'on'
-#     disabled: false
+  - postrock
-#     username: slskd
+  - programming
-#     password: slskd
+  - progressive house
-# feature:
+  - public porn
-#   swagger: false
+  - r/musichoarder
-# soulseek:
+  - ru
-#   address: vps.slsknet.org
+  - shoegaze
-#   port: 2271
+  - tapekvit
-#   username: ~
+  - test
-#   password: ~
+  - trancEaddict
-#   description: |
+  - trivia
-#     A slskd user. https://github.com/slskd/slskd
+  - what.cd
-#   listen_ip_address: 0.0.0.0
+  - what.cd electronic
-#   listen_port: 50300
+  - what.cd-flac
-#   diagnostic_level: Info
+  - '{Italo Disco'
-#   distributed_network:
+web:
-#     disabled: false
+  authentication:
-#     disable_children: false
+    username: slskd
-#     child_limit: 25
+    password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_WEB_PASSSWORD'] }}
-#     logging: false
+    api_keys:
-#   connection:
+      my_api_key:
-#     timeout:
+        key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
-#       connect: 10000
+        role: readwrite
-#       inactivity: 15000
+        cidr: 0.0.0.0/0,::/0
-#     buffer:
+soulseek:
-#       read: 16384
+  address: vps.slsknet.org
-#       write: 16384
+  port: 2271
-#       transfer: 262144
+  username: Trez.One
-#       write_queue: 250
+  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
-#     proxy:
+  diagnostic_level: Info
-#       enabled: false
-#       address: ~
-#       port: ~
-#       username: ~
-#       password: ~
-# integration:
-#   ftp:
-#     enabled: false
-#     address: ~
-#     port: ~
-#     username: ~
-#     password: ~
-#     remote_path: /
-#     encryption_mode: auto
-#     ignore_certificate_errors: false
-#     overwrite_existing: true
-#     connection_timeout: 5000
-#     retry_attempts: 3
-#   pushbullet:
-#     enabled: false
-#     access_token: ~
-#     notification_prefix: "From slskd:"
-#     notify_on_private_message: true
-#     notify_on_room_mention: true
-#     retry_attempts: 3
-#     cooldown_time: 900000