Adding Sablier service.

Merged by Trez.One

.gitea/workflows/pr-ansible-config-deployment.yaml

@@ -0,0 +1,192 @@
+name: Gitea Branch PR & Ansible Deployment
+on:
+  push:
+    branches-ignore:
+      - 'main'
+    paths:
+      - '**.j2'
+      - 'ansible/**.yml'
+jobs:
+  check-and-create-pr:
+    if: github.ref != 'refs/heads/main'
+    name: Check and Create PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Cache tea CLI
+        id: cache-tea
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/tea/0.9.2/x64
+          key: tea-${{ runner.os }}-0.9.2
+      - name: Install tea
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
+          name: 'tea'
+          version: '0.9.2'
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'Checking for existing PR... 🔍'
+      - name: Check if open PR exists
+        id: check-opened-pr-step
+        continue-on-error: true
+        run: |
+          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
+          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
+      - name: Create PR
+        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
+        run: |
+          tea login default gitea-rinoa
+          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
+          pr_index_new=$(expr ${pr_index_old} + 1)
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'PR Created 🎟️'
+  ansible-linting:
+    name: Docker Compose & Ansible Lints
+    needs: [check-and-create-pr]
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${{ github.event.pull_request.base.ref }}
+      - name: Cache Ansible Galaxy Collections
+        uses: actions/cache@v3
+        with:
+          path: ansible/collections
+          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
+          restore-keys: |
+            ${{ runner.os }}-ansible-
+      - name: Install Ansible
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "11.0.0"
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Install hvac
+        run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+          notification_message: 'Starting Ansible dry run...'
+      - name: Ansible Playbook Dry Run
+        uses: arillso/action.playbook@0.1.0
+        with:
+          check: true
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+          verbose: 0
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
+          notification_message: 'Docker Compose dry run completed successfully.'
+  pr-merge:
+    name: PR Merge
+    needs: [regenerate-readme-modified-services]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install tea
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
+          name: 'tea'
+          version: '0.9.2'
+      - name: PR Merge
+        id: pr_merge
+        run: |
+          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          tea login default gitea-rinoa
+          echo "Merging PR..."
+          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
+          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
+          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Merge Successful'
+          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
+  ansible-config-docker-compose-deploy:
+    name: Ansible Configs & Docker Compose Deployment
+    runs-on: ubuntu-latest
+    needs: [pr-merge]
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      DOCKER_HOST: tcp://dockerproxy:2375
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Cache Vault install
+        id: cache-vault
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/vault/1.18.0/x64
+          key: vault-${{ runner.os }}-1.18.0
+      - name: Install Ansible
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "11.0.0"
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Install hvac
+        run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
+          notification_message: 'Starting config deployment with Ansible...'
+      - name: Ansible Playbook Dry Run
+        uses: arillso/action.playbook@0.1.0
+        with:
+          check: false
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
+          notification_message: 'Deployment completed successfully.'

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -1,10 +1,10 @@
-name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
+name: Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment
 on:
   push:
     branches-ignore:
       - 'main'
     paths:
-      - '**.yml'
+      - '**/docker-compose.yml'
       - '!ansible/**.yml'
 jobs:
   check-and-create-pr:
@@ -56,14 +56,16 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: PR Check'
           notification_message: 'PR Created 🎟️'
-  docker-compose-ansible-lints:
+  docker-compose-dry-run:
-    name: Docker Compose & Ansible Lints
+    name: Docker Compose Dry Run
     needs: [check-and-create-pr]
     runs-on: ubuntu-latest
     env:
       VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
       VAULT_NAMESPACE: ""
+    outputs:
+      svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -74,10 +76,6 @@ jobs:
         run: |
           git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
           cp docker-compose.yml docker-compose-head.yml
-      # - name: Compare Docker Compose changes
-      #  run: |
-      #    git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
-      #    cp docker-compose.yml docker-compose-head.yml
       - name: Detect added, deleted, and modified services
         id: detect_services
         run: |
@@ -105,39 +103,8 @@ jobs:
 
           svc_list=$(paste -sd '|' service_changes.txt)
           echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
-      # - name: Cache Ansible Galaxy Collections
-      #   uses: actions/cache@v3
-      #   with:
-      #     path: ansible/collections
-      #     key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
-      #     restore-keys: |
-      #       ${{ runner.os }}-ansible-
-      # - name: Install Ansible
-      #   uses: alex-oleshkevich/setup-ansible@v1.0.1
-      #   with:
-      #     version: "11.0.0"
       - name: Install Vault
         uses: cpanato/vault-installer@main
-      # - name: Install hvac
-      #   run: pip install hvac
-      # - name: Gotify Notification
-      #   uses: eikendev/gotify-action@master
-      #   with:
-      #     gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-      #     gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-      #     notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-      #     notification_message: 'Starting Ansible dry run...'
-      # - name: Ansible Playbook Dry Run
-      #   uses: arillso/action.playbook@0.1.0
-      #   with:
-      #     check: true
-      #     galaxy_collections_path: ansible/collections
-      #     galaxy_requirements_file: ansible/collections/requirements.yml
-      #     inventory: ansible/inventory/hosts.yml
-      #     playbook: ansible/docker_config_deploy.yml
-      #     private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
-      #     vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      #     verbose: 0
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -157,13 +124,16 @@ jobs:
           echo ${mod_svcs}
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
           echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
+      - name: Testing service list output
+        run: |
+          echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
       - name: Docker Compose Dry Run
         timeout-minutes: 360
         continue-on-error: true
         uses: keatonLiu/docker-compose-remote-action@v1.2
         with:
           docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }}
+          docker_args: -d --remove-orphans --pull missing ${{ steps.modded_svcs.outputs.rinoa_svcs }}
           ssh_user: gitea-deploy
           ssh_host: 192.168.1.254
           ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
@@ -250,28 +220,11 @@ jobs:
     name: Update README & Generate List of Modified Services
     runs-on: ubuntu-latest
     needs: [cloudflare-dns-setup]
-    # outputs:
-    #   pr-pushed: ${{ steps.commit-readme.outputs.pushed }}
-    #   modified_services: ${{ steps.compare-services.outputs.modified_services }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Install yq
         uses: dcarbone/install-yq-action@v1
-      # - name: Fetch main branch for comparison
-      #   run: |
-      #     git fetch origin main:main
-      # - name: Compare services using yq
-      #   continue-on-error: true
-      #   id: compare-services
-      #   run: |
-      #     current_services=$(yq '.services | to_entries' docker-compose.yml)
-      #     git show main:docker-compose.yml > main_compose.yml
-      #     main_services=$(yq '.services | to_entries' main_compose.yml)
-      #     modified_services_file=$(comm -13 <(echo "$main_services") <(echo "$current_services") > changes_compose.yml)
-      #     modified_services=${egrep '^  [a-z]' changes.yml | sed -e 's|^  ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'}
-      #     echo "Modified services: $modified_services"
-      #     echo "modified_services=$modified_services" >> $GITHUB_OUTPUT
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -334,8 +287,8 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: PR Merge Successful'
           notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
-  ansible-config-docker-compose-deploy:
+  docker-compose-deploy:
-    name: Ansible Configs & Docker Compose Deployment
+    name: Docker Compose Deployment
     runs-on: ubuntu-latest
     needs: [pr-merge]
     env:
@@ -362,35 +315,9 @@ jobs:
       - name: Login to Gitea Container Registry
         uses: docker/login-action@v3
         with:
-          registry: git.trez.wtf
+          registry: https://git.trez.wtf
           username: gitea-sonarqube-bot
           password: ${{ secrets.BOT_GITEA_TOKEN }}
-      - name: Install hvac
-        run: pip install hvac
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Starting config deployment with Ansible.'
-      - name: Deploy Docker Configs via Ansible
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
-          options: |
-            --inventory inventory/hosts.yml
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Deployment completed successfully.'
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -407,7 +334,7 @@ jobs:
         uses: keatonLiu/docker-compose-remote-action@v1.2
         with:
           docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing --no-recreate
+          docker_args: -d --remove-orphans --pull missing ${{ docker-compose-dry-run.outputs.svc_deploy_list }}
           ssh_user: gitea-deploy
           ssh_host: 192.168.1.254
           ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}

.gitea/workflows/vault-auto-unseal-flow.yml

@@ -23,6 +23,6 @@ jobs:
         uses: cpanato/vault-installer@main
       - name: Unseal Vault
         run: |
-          for vault_shard in $(cat ${VAULT_SHARDS}); do
+          for vault_shard in $(echo ${VAULT_SHARDS}); do
             vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
           done

README.md

@@ -14,15 +14,11 @@
 | bazarr | lscr.io/linuxserver/bazarr:latest |
 | beszel | henrygd/beszel:latest |
 | beszel-agent | henrygd/beszel-agent:latest |
-| bitmagnet | ghcr.io/bitmagnet-io/bitmagnet:latest |
-| bitmagnet-pg-db | postgres:17-alpine |
 | bitwarden | vaultwarden/server:latest |
 | bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 |
 | browserless | ghcr.io/browserless/chromium:latest |
-| bytebase | bytebase/bytebase:3.5.0 |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
-| cloudflared | cloudflare/cloudflared:latest |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
 | convertx | ghcr.io/c4illin/convertx |
 | cronicle | elestio/cronicle:latest |
@@ -33,10 +29,10 @@
 | dawarich-app | freikin/dawarich:latest |
 | dawarich-pg-db | postgis/postgis:17-3.5-alpine |
 | dawarich-sidekiq | freikin/dawarich:latest |
-| delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
+| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
-| docker-volume-backup | offen/docker-volume-backup:v2 |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
+| excalidraw | excalidraw/excalidraw:latest |
 | explo | ghcr.io/lumepart/explo:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
@@ -61,6 +57,8 @@
 | invidious | quay.io/invidious/invidious:latest |
 | invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
 | invidious-db | docker.io/library/postgres:14 |
+| invoice-ninja | invoiceninja/invoiceninja-debian:5 |
+| invoice-ninja_proxy | nginx |
 | it-tools | ghcr.io/corentinth/it-tools:latest |
 | jellyfin | jellyfin/jellyfin |
 | jitsi-etherpad | etherpad/etherpad:1.8.6 |
@@ -72,6 +70,7 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
+| languagetool | elestio/languagetool:latest |
 | librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
 | librechat-vectordb | ankane/pgvector:latest |
 | librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
@@ -98,16 +97,20 @@
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
 | omni-tools | iib0011/omni-tools:latest |
+| omnipoly | kweg/omnipoly:latest |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
 | portainer | portainer/portainer-ce:alpine |
-| portall | need4swede/portall:latest |
+| portnote-web | haedlessdev/portnote:latest |
+| portnote-agent | haedlessdev/portnote-agent:latest |
+| portnote-pg-db | postgres:17-alpine |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
 | postal-worker | ghcr.io/postalserver/postal:latest |
 | prowlarr | lscr.io/linuxserver/prowlarr:latest |
+| qbittorrentvpn | ghcr.io/binhex/arch-qbittorrentvpn:latest |
 | radarec | thewicklowwolf/radarec:latest |
 | radarr | lscr.io/linuxserver/radarr:latest |
 | reactive-resume | amruthpillai/reactive-resume:latest |
@@ -116,6 +119,7 @@
 | redis | redis:alpine |
 | redlib | quay.io/redlib/redlib:latest |
 | rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
+| romm | rommapp/romm:latest |
 | sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
 | scraperr | jpyles0524/scraperr:latest |
 | scraperr-api | jpyles0524/scraperr_api:latest |
@@ -140,6 +144,7 @@
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |
+| whodb | clidey/whodb |
 | youtubedl | nbr23/youtube-dl-server:latest |
 | zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |

ansible/app-configs/gitea_act-runner_config.yaml.j2

@@ -0,0 +1,101 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 3
+  # Extra environment variables to run jobs.
+#   envs:
+#     A_TEST_ENV_NAME_1: a_test_env_value_1
+#     A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+#   env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: "192.168.1.254"
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 63604
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: "compose_default"
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

ansible/app-configs/homepage_settings.yaml.j2

@@ -53,4 +53,4 @@ layout:
     columns: 2
   Media Library:
     style: row
-    columns: 4
+    columns: 3

ansible/app-configs/romm_config.yml.j2

@@ -0,0 +1,48 @@
+# This is a generic example of a configuration file
+# Rename this file to `config.yml`, copy it to a `config` folder, and mount that folder as per the docker-compose.example.yml
+# Only uncomment the lines you want to use/modify, or add new ones where needed
+
+exclude:
+  # Exclude platforms to be scanned
+  platforms: [] # ['my_excluded_platform_1', 'my_excluded_platform_2']
+
+  # Exclude roms or parts of roms to be scanned
+  roms:
+    # Single file games section.
+    # Will not apply to files that are in sub-folders (multi-disc roms, games with updates, DLC, patches, etc.)
+    single_file:
+      # Exclude all files with certain extensions to be scanned
+      extensions: [] # ['xml', 'txt']
+
+      # Exclude matched file names to be scanned.
+      # Supports unix filename pattern matching
+      # Can also exclude files by extension
+      names: [] # ['info.txt', '._*', '*.nfo']
+
+    # Multi files games section
+    # Will apply to files that are in sub-folders (multi-disc roms, games with updates, DLC, patches, etc.)
+    multi_file:
+      # Exclude matched 'folder' names to be scanned (RomM identifies folders as multi file games)
+      names: [] # ['my_multi_file_game', 'DLC']
+
+      # Exclude files within sub-folders.
+      parts:
+        # Exclude matched file names to be scanned from multi file roms
+        # Keep in mind that RomM doesn't scan folders inside multi files games,
+        # so there is no need to exclude folders from inside of multi files games.
+        names: [] # ['data.xml', '._*'] # Supports unix filename pattern matching
+
+        # Exclude all files with certain extensions to be scanned from multi file roms
+        extensions: [] # ['xml', 'txt']
+
+system:
+  # Asociate different platform names to your current file system platform names
+  # [your custom platform folder name]: [RomM platform name]
+  # In this example if you have a 'gc' folder, RomM will treat it like the 'ngc' folder and if you have a 'psx' folder, RomM will treat it like the 'ps' folder
+  platforms: {} # { gc: 'ngc', psx: 'ps' }
+
+  # Asociate one platform to it's main version
+  versions: {} # { naomi: 'arcade' }
+
+# The folder name where your roms are located
+filesystem: {} # { roms_folder: 'roms' } For example if your folder structure is /home/user/library/roms_folder

docker-compose.yml

@@ -423,80 +423,6 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - /rinoa-storage:/extra-filesystems/rinoa-storage:ro
       - /dev/nvme0n1:/extra-filesystems/nvme0n1:ro
-  bitmagnet:
-    command:
-      - worker
-      - run
-      - --keys=http_server
-      - --keys=queue_server
-      - --keys=dht_crawler
-    container_name: bitmagnet
-    depends_on:
-      bitmagnet-pg-db:
-        condition: service_healthy
-        required: true
-      gluetun:
-        condition: service_started
-        required: true
-        restart: true
-    environment:
-      LOG_FILE_ROTATION_ENABLED: true
-      POSTGRES_HOST: bitmagnet-pg-db
-      POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD}
-      POSTGRES_USER: bitmagnet
-    image: ghcr.io/bitmagnet-io/bitmagnet:latest
-    labels:
-      homepage.group: Downloaders
-      homepage.name: Bitmagnet
-      homepage.href: https://btmag.${MY_TLD}
-      homepage.icon: sh-bitmagnet.png
-      homepage.description: Torrent indexer, DHT crawler, search engine, & content classifier
-      homepage.widget.type: gluetun
-      homepage.widget.url: http://gluetun:8000
-      swag: enable
-      swag_proto: http
-      swag_address: gluetun
-      swag_auth: authelia
-      swag_auth_bypass: /v1
-      swag_port: 3333
-      swag_url: btmag.${MY_TLD}
-      swag_server_custom_directive: |
-        access_log /config/log/$$host_access.log ;
-        error_log /config/log/$$host_error.log ;
-    network_mode: service:gluetun
-    restart: always
-    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/bitmagnet
-        target: /root/.local/share/bitmagnet
-        type: bind
-        bind:
-          create_host_path: true
-  bitmagnet-pg-db:
-    container_name: bitmagnet-pg-db
-    environment:
-      POSTGRES_DB: bitmagnet
-      POSTGRES_PASSWORD: ${BITMAGNET_POSTGRESQL_PASSWORD}
-      POSTGRES_USER: bitmagnet
-    expose:
-      - 5432
-    healthcheck:
-      interval: 10s
-      start_period: 20s
-      test:
-        - CMD-SHELL
-        - pg_isready
-    image: postgres:17-alpine
-    networks:
-      bitmagnet:
-        ipv4_address: 192.168.55.8
-      default: null
-    restart: unless-stopped
-    shm_size: 1g
-    volumes:
-      - source: bitmagnet-pg-db
-        target: /var/lib/postgresql/data
-        type: volume
-        volume: {}
   bitwarden:
     container_name: bitwarden
     environment:
@@ -694,15 +620,6 @@ services:
     restart: unless-stopped
     volumes:
       - castopod-media:/var/www/castopod/public/media
-  cloudflared:
-    command: ['tunnel', '--no-autoupdate', 'run', '--token', '${CLOUDFLARED_TUNNEL_TOKEN}']
-    container_name: cloudflared
-    environment:
-      CLOUDFLARED_TUNNEL_KEY: ${CLOUDFLARED_TUNNEL_TOKEN}
-    image: 'cloudflare/cloudflared:latest'
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/cloudflared:/etc/cloudflared
   cloudflareddns:
     container_name: cloudflareddns
     environment:
@@ -1088,83 +1005,29 @@ services:
       - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
   dead-man-hand:
     container_name: dead-man-hand
+    image: ghcr.io/bkupidura/dead-man-hand:latest
     environment:
       DMH_CONFIG_FILE: /data/config.yaml
-    image: 'ghcr.io/bkupidura/dead-man-hand:latest'
-    ports:
-      - '8080:8080'
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/dead-man-hand/data:/data
-  delugevpn:
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    container_name: delugevpn
-    environment:
-      ENABLE_PRIVOXY: "no"
-      LAN_NETWORK: 192.168.1.0/24
-      NAME_SERVERS: 192.168.1.254,1.1.1.1
-      PGID: "1000"
-      PUID: "1000"
-      TZ: America/New_York
-      VPN_CLIENT: openvpn
-      VPN_ENABLED: "yes"
-      VPN_INPUT_PORTS: ""
-      VPN_OPTIONS: ""
-      VPN_OUTPUT_PORTS: ""
-      VPN_PASS: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
-      VPN_PROV: pia
-      VPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
-    hostname: Rinoa
-    image: ghcr.io/binhex/arch-delugevpn:latest
     labels:
-      homepage.group: Downloaders
+      # homepage.group: Personal/Professional Services
-      homepage.name: DelugeVPN
+      # homepage.name: Dawarich
-      homepage.href: https://deluge.${MY_TLD}
+      # homepage.href: https://loc.${MY_TLD}
-      homepage.icon: deluge.png
+      # homepage.icon: dawarich.svg
-      homepage.description: Torrent over VPN
+      # homepage.description: Self-hosted alternative to Google Location History
-      homepage.widget.type: deluge
-      homepage.widget.url: http://delugevpn:8112
-      homepage.widget.password: ${DELUGEVPN_PASSWORD}
       swag: enable
-      swag_port: 8112
+      swag_port: 8080
       swag_proto: http
-      swag_url: deluge.${MY_TLD}
+      swag_url: dms.${MY_TLD}
       swag_server_custom_directive: |
         access_log /config/log/$$host_access.log ;
         error_log /config/log/$$host_error.log ;
       swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://deluge.${MY_TLD}
+      swag.uptime-kuma.monitor.url: https://dms.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
-    networks:
-      default: null
     ports:
-      - 58846:58846
+      - 25807:8080
-      - 58946:58946
-      - 6881:6881
-      - 8112:8112
-      - 8118:8118
-    privileged: true
-    restart: unless-stopped
-    sysctls:
-      net.ipv4.conf.all.src_valid_mark: "1"
     volumes:
-      - bind:
+      - ${DOCKER_VOLUME_CONFIG}/dead-man-hand:/data
-          create_host_path: true
-        read_only: true
-        source: /etc/localtime
-        target: /etc/localtime
-        type: bind
-      - bind:
-          create_host_path: true
-        source: ${DOCKER_VOLUME_CONFIG}/delugevpn
-        target: /config
-        type: bind
-      - bind:
-          create_host_path: true
-        source: /rinoa-storage
-        target: /storage
-        type: bind
   docker-socket-proxy:
     container_name: dockerproxy
     environment:
@@ -1279,7 +1142,7 @@ services:
   explo:
     container_name: explo
     environment:
-      CRON_SCHEDULE: 15 00 * * 2 # Runs weekly, every Tuesday 15 minutes past midnight (UTC time)
+      CRON_SCHEDULE: 0 8 * * 2 # Runs weekly, every Tuesday 15 minutes past midnight (UTC time)
       # Music system you use (emby, jellyfin, mpd, plex or subsonic)
       EXPLO_SYSTEM: subsonic
       SYSTEM_URL: http://navidrome:4533
@@ -1300,9 +1163,9 @@ services:
       # 'playlist' to get tracks from Weekly Exploration playlist, anything else gets it from API (not the best recommendations). 'test' will download 1 song
       LISTENBRAINZ_DISCOVERY: playlist
       # Time to sleep (in minutes) between scanning and querying tracks from your system (If using Subsonic, Jellyfin)
-      # SLEEP=2
+      SLEEP: 5
       # Whether to provide additional info for debugging
-      # DEBUG=false
+      DEBUG: true
       SINGLE_ARTIST: true
     image: ghcr.io/lumepart/explo:latest
     restart: unless-stopped
@@ -3905,12 +3768,12 @@ services:
         access_log /config/log/$$host_access.log ;
         error_log /config/log/$$host_error.log ;
       swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://portall.${MY_TLD}
+      swag.uptime-kuma.monitor.url: https://ports.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
       homepage.group: System Administration
       homepage.name: PortNote
-      homepage.href: https://portall.${MY_TLD}
+      homepage.href: https://ports.${MY_TLD}
-      homepage.icon: /icons/portnote.png
+      homepage.icon: port-note.png
       homepage.description: Management for container ports
     ports:
       - 23186:3000
@@ -4048,6 +3911,64 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
+  qbittorrentvpn:
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    container_name: qbittorrentvpn
+    environment:
+      ENABLE_PRIVOXY: yes
+      ENABLE_SOCKS: yes
+      LAN_NETWORK: 192.168.1.0/24
+      NAME_SERVERS: 192.168.1.254,1.1.1.1
+      PGID: ${PGID}
+      PUID: ${PUID}
+      SOCKS_USER: admin
+      SOCKS_PASS: socks
+      TZ: ${TZ}
+      VPN_CLIENT: openvpn
+      VPN_ENABLED: "yes"
+      VPN_INPUT_PORTS: ""
+      VPN_OPTIONS: ""
+      VPN_OUTPUT_PORTS: ""
+      VPN_PASS: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
+      VPN_PROV: pia
+      VPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
+      WEBUI_PORT: 8080
+    image: ghcr.io/binhex/arch-qbittorrentvpn:latest
+    labels:
+      homepage.group: Downloaders
+      homepage.name: qBittorrent
+      homepage.href: https://qbit.${MY_TLD}
+      homepage.icon: qBittorrent.svg
+      homepage.description: qbittorrentvpn over VPN
+      homepage.widget.type: qbittorrent
+      homepage.widget.url: http://qbittorrentvpn:8080
+      homepage.widget.user: admin
+      homepage.widget.password: ${DELUGEVPN_PASSWORD}
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_url: qbit.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://qbit.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 58846:58846
+      - 58946:58946/udp
+      - 8118:8118
+      - 9118:9118
+      - 38927:8080
+    restart: unless-stopped
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${DOCKER_VOLUME_CONFIG}/.openvpn:/config/openvpn
+      - ${DOCKER_VOLUME_CONFIG}/qbittorrent/:/config
+      - ${DOCKER_VOLUME_CONFIG}/qbittorrent/data:/data
+      - ${DOCKER_VOLUME_STORAGE}/downloads:/downloads
   radarec:
     container_name: radarec
     environment:
@@ -4382,6 +4303,75 @@ services:
       swag.uptime-kuma.monitor.url: https://chat.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
     restart: always
+  romm:
+    container_name: romm
+    depends_on:
+      mariadb:
+        condition: service_started
+        restart: true
+    image: rommapp/romm:latest
+    environment:
+      ROMM_DB_DRIVER: mariadb # mariadb | sqlite (default: sqlite)
+      ROMM_HOST: https://localhost:3000 # [Optional] your host ip or domain name (including http(s)://, subdomain and port if needed). Being used only for webRcade feed for now.
+      # [Optional] Only required if using MariaDB as the database
+      DB_HOST: mariadb
+      DB_PORT: 3306
+      DB_USER: romm
+      DB_NAME: romm # Should match the MYSQL_DATABASE value in the mariadb container
+      DB_PASSWD: ${ROMM_MARIADB_PASSWORD}
+      # [Optional WIP] Use SteamGridDB as a source for covers
+      # STEAMGRIDDB_API_KEY: <SteamGridDB api key>
+      # [Optional] Will enable user management and require authentication to access the interface (disabled by default)
+      ROMM_AUTH_ENABLED: true # default: false
+      ROMM_AUTH_SECRET_KEY: ${ROMM_AUTH_SECRET_KEY} # Generate a key with `openssl rand -hex 32`
+      ROMM_AUTH_USERNAME: admin # default: admin
+      ROMM_AUTH_PASSWORD: ${ROMM_AUTH_PASSWORD} # default: admin
+      # [Optional] Only required if authentication is enabled
+      ENABLE_EXPERIMENTAL_REDIS: false # default: false
+      # REDIS_HOST: redis # default: localhost
+      # REDIS_PORT: 6379 # default: 6379
+      # REDIS_PASSWORD: # [Optional] Support for secured redis
+      # [Optional] Will enable asynchronous tasks (all disabled by default)
+      # Important: Do NOT wrap the cron expression in quotes
+      ENABLE_RESCAN_ON_FILESYSTEM_CHANGE: true # Runs a quick scan on the library when a file is added or removed 
+      RESCAN_ON_FILESYSTEM_CHANGE_DELAY: 5 # Delay in seconds before running the quick scan (default: 5)
+      ENABLE_SCHEDULED_RESCAN: true # Runs a quick scan on the library at a given time
+      SCHEDULED_RESCAN_CRON: 0 3 * * * # Cron expression for the scheduled scan (default: 0 3 * * * At 3:00 AM every day)
+      ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB: true # Updates the Switch TitleDB database at a given time
+      SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON: 0 4 * * * # Cron expression for the scheduled update (default: 0 4 * * * At 4:00 AM every day)
+      ENABLE_SCHEDULED_UPDATE_MAME_XML: true # Updates the MAME XML database at a given time
+      SCHEDULED_UPDATE_MAME_XML_CRON: 0 5 * * * # Cron expression for the scheduled update (default: 0 5 * * * At 5:00 AM every day)
+      IGDB_CLIENT_ID:  ${ROMM_IGDB_CLIENT_ID} # Generate an ID and SECRET in IGDB
+      IGDB_CLIENT_SECRET: ${ROMM_IGDB_CLIENT_SECRET} # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#igdb
+      MOBYGAMES_API_KEY:  # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#mobygames
+      STEAMGRIDDB_API_KEY: ${ROMM_STEAMGRIDDB_API_KEY} # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#steamgriddb
+      SCREENSCRAPER_USER: ${ROMM_SCREENSCRAPER_USERNAME} # Use your ScreenScraper username and password
+      SCREENSCRAPER_PASSWORD: ${ROMM_SCREENSCRAPER_PASSWORD} # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#screenscraper
+    labels:
+      homepage.group: Media Library
+      homepage.name: RomM
+      homepage.href: https://romm.${MY_TLD}
+      homepage.icon: romm.svg
+      homepage.description: Beautiful, powerful, self-hosted ROM manager
+      homepage.widget.type: romm
+      homepage.widget.url: http://romm:8080
+      swag: enable
+      swag_proto: http
+      swag_url: romm.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://romm.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 30229:8080
+    restart: unless-stopped
+    volumes:
+      - romm_resources:/romm/resources # Resources fetched from IGDB (covers, screenshots, etc.)
+      - ${DOCKER_VOLUME_STORAGE}/roms:/romm/library # Your game library. Check https://github.com/rommapp/romm?tab=readme-ov-file#folder-structure for more details.
+      - ${DOCKER_VOLUME_STORAGE}/roms/assets:/romm/assets # Uploaded saves, states, etc.
+      - ${DOCKER_VOLUME_CONFIG}/romm:/romm/config # Path where config.yml is stored
   sabnzbdvpn:
     cap_add:
       - NET_ADMIN
@@ -4451,6 +4441,33 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
+  sablier:
+    container_name: sablier
+    depends_on:
+      swag:
+        condition: service_started
+        required: true
+    environment:
+      PROVIDER_NAME: docker
+      SERVER_PORT: 10000
+      SERVER_BASE_PATH: /
+      STORAGE_FILE: /opt/sablier/state
+      SESSIONS_DEFAULT_DURATION: 5m
+      SESSIONS_EXPIRATION_INTERVAL: 20s
+      LOGGING_LEVEL: trace
+      STRATEGY_DYNAMIC_CUSTOM_THEMES_PATH: /opt/sablier/custom_themes
+      STRATEGY_DYNAMIC_SHOW_DETAILS_BY_DEFAULT: false
+      STRATEGY_DYNAMIC_DEFAULT_THEME: hacker-terminal
+      STRATEGY_DYNAMIC_DEFAULT_REFRESH_FREQUENCY: 5s
+      STRATEGY_BLOCKING_DEFAULT_TIMEOUT: 1m
+    image: sablierapp/sablier:latest
+    ports:
+      - 19311:10000
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/sablier/state:/opt/sablier/state
+      - ${DOCKER_VOLUME_CONFIG}/sablier/custom_themes:/opt/sablier/custom_themes
+      - /var/run/docker.sock:/var/run/docker.sock
   scraperr:
     command:
       - npm
@@ -4490,6 +4507,7 @@ services:
       OLLAMA_URL: http://ollama:11434
       OLLAMA_MODEL: phi3
       MONGODB_URI: mongodb://scraperr:${SCRAPERR_MONGODB_PASSWORD}@mongodb:27017/scraperr?replicaSet=rinoa
+      REGISTRATION_ENABLED: true
       SECRET_KEY: ${SCRAPERR_SECRET_KEY}
       ALGORITHM: HS256
       ACCESS_TOKEN_EXPIRE_MINUTES: 600
@@ -4847,6 +4865,7 @@ services:
       homepage.icon: /icons/stable-diffusion.png
       swag: enable
       swag_port: 7860
+      swag_auth: authelia
       swag_proto: http
       swag_url: sd.${MY_TLD}
       swag_server_custom_directive: |
@@ -5336,9 +5355,82 @@ services:
     container_name: whodb
     image: clidey/whodb
     environment:
-      WHODB_POSTGRES_1: '[{"host":"authelia-pg","user":"authelia","password":"${AUTHELIA_STORAGE_POSTGRES_PASSWORD}","database":"authelia"},{"host":"bitmagnet-pg-db","user":"bitmagnet","password":"${BITMAGNET_POSTGRESQL_PASSWORD}","database":"bitmagnet"},{"host":"dawarich-pg-db","user":"dawarich","password":"${DAWARICH_PG_PASSWORD}","database":"dawarich"},{"host":"gitea-db","user":"gitea","password":"${GITEA_PG_DB_PASSWORD}","database":"gitea"},{"host":"immich-pg-db","user":"immich","password":"${IMMICH_DB_PASSWORD}","database":"immich"},{"host":"invidious-db","user":"kemal","password":"${INVID_PG_DB_PASSWORD}","database":"invidious"},{"host":"librechat-vectordb","user":"librechat","password":"${LIBRECHAT_PG_DB_PASSWD}","database":"librechat"},{"host":"mastodon-pg-db","user":"mastodon","password":"${MASTODON_PG_DB_PASSWORD}","database":"mastodon"},{"host":"reactive-resume-pg","user":"reactiveresume","password":"${REACTIVE_RESUME_PGSQL_PASSWORD}","database":"reactiveresume"},{"host":"sonarqube-pg-db","user":"sonar","password":"${SONARQUBE_POSTGRES_PASSWORD}","database":"sonar"},{"host":"tandoor-pg","user":"tandoor","password":"${TANDOOR_POSTGRES_PASSWORD}","database":"tandoor"},{"host":"zammad-postgresql","user":"zammad","password":"${ZAMMAD_POSTGRES_PASS}","database":"zammad_production"}]'
+      WHODB_POSTGRES_1: '{
-      WHODB_MARIADB_1: '[{"host":"mariadb","user":"root","password":"${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}","database":"mysql"}]'
+            "host": "authelia-pg",
-      WHODB_MONGODB_1: '{"host":"mongodb:27017/admin?replicaSet=rinoa","user":"root","password":"${MONGO_INITDB_ROOT_PASSWORD}"}'
+            "user": "authelia",
+            "password": "${AUTHELIA_STORAGE_POSTGRES_PASSWORD}",
+            "database": "authelia"
+          }'
+      WHODB_POSTGRES_2: '{
+            "host": "dawarich-pg-db",
+            "user": "dawarich",
+            "password": "${DAWARICH_PG_PASSWORD}",
+            "database": "authelia"
+          }'
+      WHODB_POSTGRES_3: '{
+            "host": "gitea-db",
+            "user": "gitea",
+            "password": "${GITEA_PG_DB_PASSWORD}",
+            "database": "gitea"
+          }'
+      WHODB_POSTGRES_4: '{
+            "host": "immich-pg-db",
+            "user": "immich",
+            "password": "${IMMICH_DB_PASSWORD}",
+            "database": "immich"
+          }'
+      WHODB_POSTGRES_5: '{
+            "host": "invidious-db",
+            "user": "kemal",
+            "password": "${INVID_PG_DB_PASSWORD}",
+            "database": "invidious"
+          }'
+      WHODB_POSTGRES_6: '{
+            "host": "librechat-vectordb",
+            "user": "librechat",
+            "password": "${LIBRECHAT_PG_DB_PASSWD}",
+            "database": "librechat"
+          }'
+      WHODB_POSTGRES_7: '{
+            "host": "mastodon-pg-db",
+            "user": "mastodon",
+            "password": "${MASTODON_PG_DB_PASSWORD}",
+            "database": "mastodon"
+          }'
+      WHODB_POSTGRES_8: '{
+            "host": "reactive-resume-pg",
+            "user": "reactiveresume",
+            "password": "${REACTIVE_RESUME_PGSQL_PASSWORD}",
+            "database": "reactiveresume"
+          }'
+      WHODB_POSTGRES_9: '{
+            "host": "sonarqube-pg-db",
+            "user": "sonar",
+            "password": "${SONARQUBE_POSTGRES_PASSWORD}",
+            "database": "sonar"
+          }'
+      WHODB_POSTGRES_10: '{
+            "host": "tandoor-pg",
+            "user": "tandoor",
+            "password": "${TANDOOR_POSTGRES_PASSWORD}",
+            "database": "tandoor"
+          }'
+      WHODB_POSTGRES_11: '{
+            "host": "zammad-postgresql",
+            "user": "zammad",
+            "password": "${ZAMMAD_POSTGRES_PASS}",
+            "database": "zammad_production"
+          }'
+      WHODB_MARIADB_1: '{
+          "host": "mariadb",
+          "user": "root",
+          "password": "${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}"
+        }'
+      WHODB_MONGODB_1: '{
+          "host": "mongodb:27017/admin?replicaSet=rinoa",
+          "user": "root",
+          "password": "${MONGO_INITDB_ROOT_PASSWORD}"
+        }'
       WHODB_OLLAMA_HOST: ollama
       WHODB_OLLAMA_PORT: 11434
       WHODB_ANTHROPIC_API_KEY: ${LIBRECHAT_ANTHROPIC_API_KEY}
@@ -5350,8 +5442,9 @@ services:
       homepage.name: WhoDB
       homepage.href: https://dbs.${MY_TLD}
       homepage.icon: whodb.png
-      homepage.description: Database-as-Code CI/CD
+      homepage.description: Lightweight next-gen database explorer
       swag: enable
+      swag_auth: authelia
       swag_port: 8080
       swag_proto: http
       swag_url: dbs.${MY_TLD}
@@ -5502,10 +5595,6 @@ services:
 volumes:
   authelia-pg-db:
     name: authelia-pg-db
-  bitmagnet-pg-db:
-    name: bitmagnet-pg-db
-  bunkerweb-storage:
-    name: bunkerweb-storage
   castopod-media:
     name: castopod-media
   crowdsec-config:
@@ -5520,8 +5609,6 @@ volumes:
     name: dawarich_public
   dawarich_watched:
     name: dawarich_watched
-  docker-volume-bkup-data:
-    name: docker-volume-bkup-data
   fastenhealth-cache:
     name: fastenhealth-cache
   fastenhealth-db:
@@ -5608,6 +5695,8 @@ volumes:
     name: portnote-db-data
   reactive-resume-pg:
     name: reactive-resume-pg
+  romm_resources:
+    name: romm_resources
   semaphore_config:
     name: semaphore_config
   semaphore_data: