Fixing pipeline.

2025-01-19 20:51:47 -05:00 · 2025-01-19 20:45:52 -05:00 · 2025-01-19 20:01:32 -05:00 · 2025-01-19 19:58:15 -05:00 · 2025-01-19 19:57:58 -05:00 · 2025-01-20 00:56:06 +00:00
61 changed files with 6625 additions and 1041 deletions
@@ -0,0 +1 @@
 {"last_found_secrets": [{"name": "Generic Password - /home/charish/app-configs/searxng_settings.yml.j2", "match": "6e0d657eb1f0fbc40cf0b8f3c3873ef627cc9cb7c4108d1c07d979c04bc8a4bb"}]}
@@ -1,42 +1,48 @@
-name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow
+name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
 on:
  push:
    branches-ignore:
      - main
-
+    paths:
      - '**.yml'
 jobs:
  # Job 1: Check if PR exists and create one if the branch is new
  check-and-create-pr:
    name: Check and Create PR
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
-
+        with:
          fetch-depth: 1
      - name: Cache tea CLI
        id: cache-tea
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/tea/0.9.2/x64
          key: tea-${{ runner.os }}-0.9.2
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
          name: 'tea'
          version: '0.9.2'
-
+      - name: Check if open PR exists
-      - name: Check if PR exists & Create
+        id: check-opened-pr-step
-        id: list-prs
+        continue-on-error: true
        run: |
          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
          echo ${pr_exists}
          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
      - name: Create PR
        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
        run: |
          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          tea login default gitea-rinoa
-          echo "Checking if PR exists for ${{ github.ref_name }}..."
+          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
-          tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head,state --output csv | egrep '${{ github.ref_name }}' | head -1 | egrep -q 'open'
+          pr_index_new=$(expr ${pr_index_old} + 1)
-          if [ $? -eq 0 ]; then
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }}
-            echo "An open PR exists, skipping creation..."
+  docker-compose-ansible-lints:
-          elif [ $? -eq 1 ]; then
+    name: Docker Compose & Ansible Lints
            echo "No open PRs, creating one..."
            tea pr c -r "${{ github.repository }}" -t "Automated PR for ${{ github.ref_name }}" -d "Automated PR for ${{ github.ref_name }}"
          fi
  docker-compose-test:
    name: Docker Compose Test
    needs: [check-and-create-pr]
    runs-on: ubuntu-latest
    env:
@@ -45,20 +51,27 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-      
+      - name: Cache Vault install
-      - name: Install jq
+        id: cache-vault
-        uses: dcarbone/install-jq-action@v3.0.1
+        uses: actions/cache@v4
      - name: Install Vault
        uses: cpanato/vault-installer@main
        with:
-          vault-release: '1.18.3'
+          path: /opt/hostedtoolcache/vault/1.18.0/x64
-
+          key: vault-${{ runner.os }}-1.18.0
-      - name: Generate .env file for linting
+      - name: Install Vault
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://releases.hashicorp.com/vault/1.18.0/vault_1.18.0_linux_amd64.zip'
          name: 'vault'
          version: '1.18.0'
      - name: Generate .env file for Docker Compose Dry Run
        run: |
          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-
+      - name: Cache .env Files
-      - name: Docker Compose Lint
+        uses: actions/cache@v4
        with:
          path: .env
          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
      - name: Docker Compose Dry Run
        uses: yu-ichiro/spin-up-docker-compose-action@v1
        with:
          file: docker-compose.yml
@@ -68,39 +81,41 @@ jobs:
          up-opts: --dry-run -d --remove-orphans
        env:
          DOCKER_HOST: tcp://dockerproxy:2375
  cloudflare-dns-setup:
    name: Cloudflare DNS Setup
-    needs: [docker-compose-test]
+    needs: [docker-compose-ansible-lints]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-
+        with:
-      - name: Install jq
+          fetch-depth: 1
-        uses: dcarbone/install-jq-action@v3.0.1
+      - name: Cache flarectl CLI
-
+        uses: actions/cache@v4
-      - name: Install yq
+        with:
-        uses: dcarbone/install-yq-action@v1
+          path: ~/.flarectl
-      
+          key: flarectl-${{ runner.os }}-${{ hashFiles('workflow-config.yml') }}
      - name: Install flarectl
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz'
          name: 'flarectl'
          version: '0.113.0'
-
+      - name: Cache Subdomain Files
        uses: actions/cache@v4
        with:
          path: |
            compose_subdomains.txt
            cloudflare_subdomains.txt
          key: ${{ runner.os }}-subdomains-${{ hashFiles('docker-compose.yml') }}
      - name: Grab Subdomains from Docker Compose & Cloudflare
        id: grab-subdomains
        env:
          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
        run: |
          echo "Grabbing subdomains from docker-compose.yml..."
          yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt
          echo "Grabbing subdomains from Cloudflare..."
          flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt
      - name: Compare Subdomains
        id: compare-subdomains
        uses: LouisBrunner/diff-action@v2.2.0
@@ -110,7 +125,6 @@ jobs:
          mode: addition
          tolerance: mixed-better
          output: domain_compare.txt
      - name: Create Subdomains
        if: steps.compare-subdomains.outputs.output != ''
        continue-on-error: true
@@ -120,9 +134,8 @@ jobs:
        run: |
          cat domain_compare.txt | egrep '^-[a-z]' | sed -e 's|-||g' | while read -r subdomain; do
            echo "Creating $subdomain.trez.wtf..."
-            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf"
+            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf" --proxy true
          done
  regenerate-readme:
    name: Update README
    runs-on: ubuntu-latest
@@ -132,33 +145,27 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install yq
        uses: dcarbone/install-yq-action@v1
      - name: Generate service list
        run: |
          yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
      - name: Generate Markdown Table
        uses: gazab/create-markdown-table@v1
        id: service-table
        with:
          file: ./services.yml
      - name: Regenerate README
        run: |
          echo "# List of Services" > README.md
          echo -e "\n\n" >> README.md
          echo "${{ steps.service-table.outputs.table }}" >> README.md
      - name: Add/Commit README.md
        id: commit-readme
        uses: EndBug/add-and-commit@v9
        with:
          message: "chore: Update README"
          add: "README.md"
  pr-merge:
    name: PR Merge
    needs: [regenerate-readme]
@@ -166,25 +173,23 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
          name: 'tea'
          version: '0.9.2'
      - name: PR Merge
        id: pr_merge
        run: |
          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          echo "Setting default login for Gitea..."
          tea login default gitea-rinoa
-          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g')
+          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g')
-          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR #${pr_index} - ${{ gitea.ref_name }}" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index}
+          echo "${pr_index}"
-
+          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR #${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" --output table ${pr_index}
-
+  ansible-config-docker-compose-deploy:
-  docker-compose-deploy:
+    name: Deploy via Ansible & Docker Compose
    name: Deploy via Docker Compose
    runs-on: ubuntu-latest
    needs: [pr-merge]
    env:
@@ -196,19 +201,40 @@ jobs:
        uses: actions/checkout@v4
        with:
          ref: main
-
+      # - name: Gotify Notification
      #   uses: eikendev/gotify-action@master
      #   with:
      #     gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
      #     gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
      #     notification_title: 'Ansible Config Deployment @ Rinoa'
      #     notification_message: 'Deployment completed successfully.'
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/vault/1.18.0/x64
          key: vault-${{ runner.os }}-1.18.0
      - name: Install Vault
-        uses: cpanato/vault-installer@main
+        uses: supplypike/setup-bin@v4
-
+        with:
          uri: 'https://releases.hashicorp.com/vault/1.18.0/vault_1.18.0_linux_amd64.zip'
          name: 'vault'
          version: '1.18.0'
      - name: Generate .env file for deployment
        run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
      - name: Docker Compose Deployment
        uses: keatonLiu/docker-compose-remote-action@v1.2
-        with: 
+        with:
          ssh_user: gitea-deploy
          ssh_host: 192.168.1.254
          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
          docker_compose_file: docker-compose.yml
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}'
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'Docker Compose Deployment @ Rinoa'
          notification_message: 'Deployment completed successfully.'
@@ -1,2 +1,2 @@
-**/.env*
+**/.cache.ggshield
-**/*env*
+ansible/collections/ansible_collections/
@@ -6,6 +6,7 @@
 | --- | --- |
 | actual_server | docker.io/actualbudget/actual-server:latest |
 | adguard | adguard/adguardhome:latest |
 | ansible0guy-webui | ansible0guy/webui:latest |
 | apprise | lscr.io/linuxserver/apprise-api:latest |
 | audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
 | authelia | authelia/authelia:master |
@@ -34,7 +35,7 @@
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
 | ghost | ghost:latest |
-| gitea | gitea/gitea:1.22.6 |
+| gitea | gitea/gitea:1.23.1 |
 | gitea-db | postgres:14 |
 | gitea-opengist | ghcr.io/thomiceli/opengist:latest |
 | gitea-runner | gitea/act_runner:latest |
@@ -67,17 +68,13 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
 | komodo-core | ghcr.io/mbecker20/komodo:latest |
 | komodo-ferretdb | ghcr.io/ferretdb/ferretdb |
 | komodo-periphery | ghcr.io/mbecker20/periphery:latest |
 | komodo-pg-db | postgres:17-alpine |
 | librespeed | lscr.io/linuxserver/librespeed:latest |
 | lidarr | lscr.io/linuxserver/lidarr:latest |
 | lidify | thewicklowwolf/lidify:latest |
 | lldap | lldap/lldap:stable |
 | localai | localai/localai:latest-aio-cpu |
 | maloja | krateng/maloja:latest |
-| mariadb | ghcr.io/linuxserver/mariadb |
+| mariadb | linuxserver/mariadb |
 | mastodon | lscr.io/linuxserver/mastodon:latest |
 | mastodon-pg-db | postgres:17-alpine |
 | minio | minio/minio |
 | mongodb | mongo:7.0 |
@@ -90,6 +87,8 @@
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plausible | ghcr.io/plausible/community-edition:v2.1.0 |
 | plausible_db | postgres:16-alpine |
 | plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
@@ -104,6 +103,8 @@
 | readarr | lscr.io/linuxserver/readarr:develop |
 | redis | redis:alpine |
 | redlib | quay.io/redlib/redlib:latest |
 | rundeck | rundeck/rundeck:5.8.0 |
 | rundeck-pg-db | postgres:16-alpine |
 | sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
 | scraperr | jpyles0524/scraperr:latest |
 | scraperr-api | jpyles0524/scraperr_api:latest |
@@ -120,6 +121,7 @@
 | sonashow | thewicklowwolf/sonashow:latest |
 | soularr | mrusse08/soularr:latest |
 | soulseek | slskd/slskd |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
 | spotisub | blastbeng/spotisub:latest |
 | swag | lscr.io/linuxserver/swag:latest |
 | synapse | docker.io/matrixdotorg/synapse:latest |
@@ -140,6 +142,7 @@
 | wazuh.manager | wazuh/wazuh-manager: |
 | web-check | lissy93/web-check |
 | whodb | clidey/whodb |
 | yacht | selfhostedpro/yacht |
 | your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |
 | zammad-backup | postgres: |
@@ -0,0 +1,167 @@
 .logs/*
 *.retry
 *.vault
 # https://raw.githubusercontent.com/github/gitignore/main/Python.gitignore
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
 *$py.class
 .cache_ggshield
 # Ansible Vault Password Files
 *.pass
 # C extensions
 *.so
 # Distribution / packaging
 .Python
 build/
 develop-eggs/
 dist/
 downloads/
 eggs/
 .eggs/
 lib/
 lib64/
 parts/
 sdist/
 var/
 wheels/
 share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
 MANIFEST
 # PyInstaller
 #  Usually these files are written by a python script from a template
 #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 *.manifest
 *.spec
 # Installer logs
 pip-log.txt
 pip-delete-this-directory.txt
 # Unit test / coverage reports
 htmlcov/
 .tox/
 .nox/
 .coverage
 .coverage.*
 .cache
 nosetests.xml
 coverage.xml
 *.cover
 *.py,cover
 .hypothesis/
 .pytest_cache/
 cover/
 # Translations
 *.mo
 *.pot
 # Django stuff:
 *.log
 local_settings.py
 db.sqlite3
 db.sqlite3-journal
 # Flask stuff:
 instance/
 .webassets-cache
 # Scrapy stuff:
 .scrapy
 # Sphinx documentation
 docs/_build/
 # PyBuilder
 .pybuilder/
 target/
 # Jupyter Notebook
 .ipynb_checkpoints
 # IPython
 profile_default/
 ipython_config.py
 # pyenv
 #   For a library or package, you might want to ignore these files since the code is
 #   intended to run in multiple environments; otherwise, check them in:
 # .python-version
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 #   install all needed dependencies.
 #Pipfile.lock
 # poetry
 #   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
 #   This is especially recommended for binary packages to ensure reproducibility, and is more
 #   commonly ignored for libraries.
 #   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
 #poetry.lock
 # pdm
 #   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
 #pdm.lock
 #   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
 #   in version control.
 #   https://pdm.fming.dev/#use-with-ide
 .pdm.toml
 # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
 __pypackages__/
 # Celery stuff
 celerybeat-schedule
 celerybeat.pid
 # SageMath parsed files
 *.sage.py
 # Environments
 .env
 .venv
 env/
 venv/
 ENV/
 env.bak/
 venv.bak/
 # Spyder project settings
 .spyderproject
 .spyproject
 # Rope project settings
 .ropeproject
 # mkdocs documentation
 /site
 # mypy
 .mypy_cache/
 .dmypy.json
 dmypy.json
 # Pyre type checker
 .pyre/
 # pytype static type analyzer
 .pytype/
 # Cython debug symbols
 cython_debug/
 # PyCharm
 #  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
@@ -0,0 +1,45 @@
 # Rinoa Docker_configs Ansible Project
 ## Included content/ Directory Structure
 The directory structure follows best practices recommended by the Ansible community. Feel free to customize this template according to your specific project requirements.
 ```
 ansible-project/
 |── .devcontainer/
 |    └── docker/
 |        └── devcontainer.json
 |    └── podman/
 |        └── devcontainer.json
 |    └── devcontainer.json
 |── .github/
 |    └── workflows/
 |        └── tests.yml
 |    └── ansible-code-bot.yml
 |── .vscode/
 |    └── extensions.json
 |── collections/
 |   └── requirements.yml
 |   └── ansible_collections/
 |       └── project_org/
 |           └── project_repo/
 |               └── README.md
 |               └── roles/sample_role/
 |                         └── README.md
 |                         └── tasks/main.yml
 |── inventory/
 |   └── groups_vars/
 |   └── host_vars/
 |   └── hosts.yml
 |── ansible-navigator.yml
 |── ansible.cfg
 |── devfile.yaml
 |── linux_playbook.yml
 |── network_playbook.yml
 |── README.md
 |── site.yml
 ```
 ## Compatible with Ansible-lint
 Tested with ansible-lint >=24.2.0 releases and the current development version of ansible-core.
@@ -0,0 +1,25 @@
 [defaults]
 # Specify the inventory file
 inventory = hosts.yml
 collections_path = ./collections
 # Set the logging verbosity level
 verbosity = 2
 # Set the default user for SSH connections
 remote_user = charish
 # Define the default become method
 become_method = sudo
 host_key_checking = false
 [persistent_connection]
 # Controls how long the persistent connection will remain idle before it is destroyed
 connect_timeout=30
 # Controls the amount of time to wait for response from remote device before timing out persistent connection
 command_timeout=30
 [hashi_vault_collection]
 auth_method = token
@@ -0,0 +1,16 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 tunnel: 52bdee6e-8ccb-47be-ba9e-f8010b905e41
 credentials-file: /etc/cloudflared/52bdee6e-8ccb-47be-ba9e-f8010b905e41.json
 warp-routing:
  enabled: true
 ingress:
  - hostname: git-ssh.trez.wtf
    service: ssh://gitea:22
  - hostname: gist-ssh.trez.wtf
    service: ssh://gitea-opengist:2222
  - hostname: ssh.trez.wtf
    service: ssh://192.168.1.254:22
  - service: http_status:404  # Default for unmatched requests
@@ -0,0 +1,15 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 source: journalctl
 journalctl_filter: 
  - "--directory=/var/log/host/"
 labels:
  type: syslog
 ---
 filenames:
  - /var/log/swag/*
 labels:
  type: nginx
 ---
@@ -0,0 +1,17 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 name: default_ip_remediation
 #debug: true
 filters:
 - Alert.Remediation == true && Alert.GetScope() == "Ip"
 decisions:
 - type: ban
   duration: 4h
 #duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
 # notifications:
 #   - slack_default  # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
 #   - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
 #   - http_default   # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
 #   - email_default  # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
 on_success: break
@@ -0,0 +1,81 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # Gitea related configuration. Necessary for adding/updating comments on repository pull requests
 gitea:
  # Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
  url: https://git.trez.wtf
  # Created access token for the user that shall be used as bot account.
  # User needs "Read project" permissions with access to "Pull Requests"
  token:
    value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
    # # or path to file containing the plain text secret
    # file: /path/to/gitea/token
  # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
  # request will be ignored.
  # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
  # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
  webhook:
    secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
    # # or path to file containing the plain text secret
    # secretFile: /path/to/gitea/webhook/secret
  # Pull Request status check settings.
  statusCheck:
    # Configure the label/name of the PR status check.
    name: "gitea-sonarqube-bot"
 # SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
 sonarqube:
  # Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
  url: https://sqube.trez.wtf
  # Created access token for the user that shall be used as bot account.
  # User needs "Browse on project" permissions
  token:
    value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
    # # or path to file containing the plain text secret
    # file: /path/to/sonarqube/token
  # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
  # request will be ignored.
  # The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
  # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
  # validated.
  webhook:
    secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
    # # or path to file containing the plain text secret
    # secretFile: /path/to/sonarqube/webhook/secret
  # Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc.
  # By default, the bot will extract "bugs,vulnerabilities,code_smells"
  # Setting this option you can extend that default list by your own metrics.
  # additionalMetrics: []
  # - "new_security_hotspots"
 # List of project mappings to take care of. Webhooks for other projects will be ignored.
 # At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own.
 projects:
  - sonarqube:
      key: rinoa-docker
    # A repository specification contains the owner name and the repository name itself. The owner can be the name of a
    # real account or an organization in which the repository is located.
    gitea:
      owner: Trez.One
      name: rinoa-docker
 # Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema.
 namingPattern:
  # Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR.
  # That integer part is identical to the pull request ID in Gitea.
  regex: "^.*$"
  # Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID.
  # See: https://pkg.go.dev/fmt#hdr-Printing
  template: "%s"
  # Example for integer-only names
  # # regex: "^(\\d+)$"
  # # template: "%d"
@@ -0,0 +1,125 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 APP_NAME = Gitea: Git with a cup of tea
 RUN_MODE = prod
 RUN_USER = git
 WORK_PATH = /data/gitea
 [repository]
 ROOT = /data/git/repositories
 DEFAULT_PRIVATE = last
 EMABLE_PUSH_CREATE_USER = true
 [repository.local]
 LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
 [repository.upload]
 TEMP_PATH = /data/gitea/uploads
 [server]
 APP_DATA_PATH = /data/gitea
 DOMAIN = git.trez.wtf
 SSH_DOMAIN = git-ssh.trez.wtf
 HTTP_PORT = 3000
 ROOT_URL = https://git.trez.wtf/
 DISABLE_SSH = false
 SSH_PORT = 22
 SSH_LISTEN_PORT = 22
 LFS_START_SERVER = true
 LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_LFS_JWT_SECRET'] }}
 OFFLINE_MODE = true
 [database]
 PATH = /data/gitea/gitea.db
 DB_TYPE = postgres
 HOST = gitea-db:5432
 NAME = gitea
 USER = gitea
 PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }}
 LOG_SQL = false
 SCHEMA =
 SSL_MODE = disable
 [indexer]
 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
 REPO_INDEXER_ENABLED = true
 REPO_INDEXER_PATH = indexers/repos.bleve
 MAX_FILE_SIZE = 1048576
 REPO_INDEXER_INCLUDE =
 REPO_INDEXER_EXCLUDE = resources/bin/**
 [session]
 PROVIDER_CONFIG = /data/gitea/sessions
 PROVIDER = file
 [picture]
 AVATAR_UPLOAD_PATH = /data/gitea/avatars
 REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
 [attachment]
 PATH = /data/gitea/attachments
 [log]
 MODE = console
 LEVEL = info
 ROOT_PATH = root
 [security]
 INSTALL_LOCK = true
 SECRET_KEY =
 REVERSE_PROXY_LIMIT = 1
 REVERSE_PROXY_TRUSTED_PROXIES = *
 INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }}
 PASSWORD_HASH_ALGO = pbkdf2
 [service]
 DISABLE_REGISTRATION = false
 REQUIRE_SIGNIN_VIEW = false
 REGISTER_EMAIL_CONFIRM = true
 ENABLE_NOTIFY_MAIL = true
 ALLOW_ONLY_EXTERNAL_REGISTRATION = false
 ENABLE_CAPTCHA = true
 DEFAULT_KEEP_EMAIL_PRIVATE = true
 DEFAULT_ALLOW_CREATE_ORGANIZATION = false
 DEFAULT_ENABLE_TIMETRACKING = false
 NO_REPLY_ADDRESS = noreply@trez.wtf
 [lfs]
 PATH = /data/git/lfs
 [mailer]
 PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
 PROTOCOL = smtp
 ENABLED = true
 FROM = '"Gitea" <noreply@trez.wtf>'
 SMTP_PORT = 25
 USER = rinoa/postal-smtp
 SMTP_ADDR = postal-smtp
 IS_TLS_ENABLED = faLse
 [openid]
 ENABLE_OPENID_SIGNIN = true
 ENABLE_OPENID_SIGNUP = true
 [cron.update_checker]
 ENABLED = false
 [repository.pull-request]
 DEFAULT_MERGE_STYLE = merge
 [repository.signing]
 DEFAULT_TRUST_MODEL = committer
 [oauth2]
 JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
 [ui]
 THEMES = theme-catppuccin-blue-auto.css,theme-catppuccin-sapphire-auto.css,theme-catppuccin-yellow-auto.css,theme-catppuccin-maroon-auto.css,theme-catppuccin-mauve-auto.css,theme-catppuccin-peach-auto.css,theme-catppuccin-teal-auto.css,theme-catppuccin-flamingo-auto.css,theme-catppuccin-lavender-auto.css,theme-catppuccin-pink-auto.css,theme-catppuccin-red-auto.css,theme-catppuccin-rosewater-auto.css,theme-catppuccin-sky-auto.css,theme-catppuccin-green-auto.css
 [actions]
 ENABLED = true
 [webhook]
 ALLOWED_HOST_LIST = private,104.21.1.234,172.67.152.146
 SKIP_TLS_VERIFY = true
@@ -0,0 +1,404 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Agent globals
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 local.file "endpoints" {
    // The endpoints file is used to define the endpoints, credentials and options
    // for the Agent export to.
    filename = "/etc/alloy/endpoints.json"
 }
 discovery.docker "rinoadocker" {
        host = env("DOCKER_HOST")
 }
 tracing {
    write_to = [otelcol.exporter.otlp.tempo.input]
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Metrics
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 prometheus.remote_write "mimir" {
  endpoint {
    url = json_path(local.file.endpoints.content, ".metrics.url")[0]
    basic_auth {
        username = json_path(local.file.endpoints.content, ".metrics.basicAuth.username")[0]
        password = json_path(local.file.endpoints.content, ".metrics.basicAuth.password")[0]
    }
  }
 }
 prometheus.scrape "prometheus" {
        targets = [{
                __address__ = "localhost:12345",
        }]
        forward_to = [prometheus.remote_write.mimir.receiver]
        job_name   = "prometheus"
 }
 prometheus.exporter.unix "rinoa" {
        procfs_path = "/host/proc"
        sysfs_path  = "/host/sys"
        rootfs_path = "/rootfs"
 }
 prometheus.scrape "rinoa" {
        targets    = prometheus.exporter.unix.rinoa.targets
        forward_to = [prometheus.remote_write.mimir.receiver]
        job_name   = "rinoa_host"
 }
 prometheus.exporter.cadvisor "docker" {
        docker_host      = env("DOCKER_HOST")
        storage_duration = "5m"
 }
 prometheus.scrape "docker" {
        targets    = prometheus.exporter.cadvisor.docker.targets
        forward_to = [prometheus.remote_write.mimir.receiver]
        job_name   = "docker_stats"
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Logging
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 loki.write "loki" {
        endpoint {
                url = json_path(local.file.endpoints.content, ".logs.url")[0]
                basic_auth {
                        username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
                        password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
                }
        }
        external_labels = {}
 }
 loki.source.journal "hostjournal" {
        forward_to = [loki.write.loki.receiver]
        max_age = "24h"
        path = "/rootfs/var/log/journal/"
        labels = {
                job = "host-journal",
        }
 }
 local.file_match "system" {
        path_targets = [{
                __address__ = "localhost",
                __path__    = "/rootfs/var/log/*log",
                job         = "varlogs",
        }]
 }
 loki.source.file "system" {
        targets    = local.file_match.system.targets
        forward_to = [loki.write.loki.receiver]
 }
 loki.source.docker "containers" {
        host       = env("DOCKER_HOST")
        targets    = discovery.docker.rinoadocker.targets
        forward_to = [loki.write.loki.receiver]
        labels     = {
                job = "containerlogs",
        }
 }
 loki.process "containers" {
        forward_to = [loki.write.loki.receiver]
        // stage.docker {}
        stage.json {
 		expressions = {
 			attrs  = "",
 			output = "log",
 			stream = "stream",
 		}
 	}
 	stage.json {
 		expressions = {
 			tag = "",
 		}
 		source = "attrs"
 	}
 	stage.regex {
 		expression = "(?P<image_name>(?:[^|]*[^|])).(?P<container_name>(?:[^|]*[^|])).(?P<image_id>(?:[^|]*[^|])).(?P<container_id>(?:[^|]*[^|]))"
 		source     = "tag"
 	}
 	stage.timestamp {
 		source = "time"
 		format = "RFC3339Nano"
 	}
 	stage.labels {
 		values = {
 			container_id   = null,
 			container_name = null,
 			image_id       = null,
 			image_name     = null,
 			stream         = null,
 			tag            = null,
 		}
 	}
 	stage.output {
 		source = "output"
 	}
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Traces
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 beyla.ebpf "rinoadocker" {
    open_port = "80-65535"
    routes {
        unmatched = "heauristic"
    }
    output {
        traces = [
            otelcol.connector.servicegraph.tracemetrics.input,
            otelcol.connector.spanmetrics.tracemetrics.input,
            otelcol.processor.batch.default.input,
            otelcol.connector.spanlogs.autologging.input,
        ]
    }
 }
 prometheus.scrape "beyla" { 
    targets = beyla.ebpf.rinoadocker.targets
    forward_to = [prometheus.remote_write.mimir.receiver]
 }
 otelcol.auth.headers "tempo" {
    header {
        key = "Authorization"
        value = join(["Basic ", json_path(local.file.endpoints.content, ".traces.basicAuthToken")[0]], "")
    }
 }
 otelcol.processor.batch "default" {
    // Wait until we've received 16K of data.
    send_batch_size = 16384
    send_batch_max_size = 16384
    // Or until 2 seconds have elapsed.
    timeout = "2s"
    // When the Agent has enough batched data, send it to the OpenTelemetry exporter named 'tempo'.
    output {
        traces = [otelcol.exporter.otlp.tempo.input]
    }
 }
 otelcol.exporter.otlp "tempo" {
    // Define the client for exporting.
    client {
        // Authentication block.
        auth = otelcol.auth.headers.tempo.handler
        // Send to the locally running Tempo instance, on port 4317 (OTLP gRPC).
        endpoint = json_path(local.file.endpoints.content, ".traces.url")[0]
        // Configure TLS settings for communicating with the endpoint.
        tls {
            // The connection is insecure.
            insecure = json_path(local.file.endpoints.content, ".traces.tls.insecure")[0]
            // Do not verify TLS certificates when connecting.
            insecure_skip_verify = json_path(local.file.endpoints.content, ".traces.tls.insecureSkipVerify")[0]
        }
    }
 }
 otelcol.connector.spanlogs "autologging" {
    // We only want to output a line for each root span (ie. every single trace), and not for every
    // process or span (outputting a line for every span would be extremely verbose).
    spans = false
    roots = true
    processes = false
    // We want to ensure that the following three span attributes are included in the log line, if
    // present.
    span_attributes = [ "http.method", "http.target", "http.status_code" ]
    // Overrides the default key in the log line to be `traceId`, which is then used by Grafana to
    // identify the trace ID for correlation with the Tempo datasource.
    overrides {
        trace_id_key = "traceId"
    }
    // Send to the OpenTelemetry Loki exporter.
    output {
        logs = [otelcol.exporter.loki.autologging.input]
    }
 }
 // Simply forwards the incoming OpenTelemetry log format out as a Loki log.
 // We need this stage to ensure we can then process the logline as a Loki object.
 otelcol.exporter.loki "autologging" {
    forward_to = [loki.process.autologging.receiver]
 }
 // The Loki processor allows us to accept a correctly formatted Loki log and mutate it into
 // a set of fields for output.
 loki.process "autologging" {
    // The JSON stage simply extracts the `body` (the actual logline) from the Loki log, ignoring
    // all other fields.
    stage.json {
        expressions = { "body" = "" }
    }
    // The output stage takes the body (the main logline) and uses this as the source for the output
    // logline. In this case, it essentially turns it into logfmt.
    stage.output {
        source = "body"
    }
    // Finally send the processed logline onto the Loki exporter.
    forward_to = [loki.write.autologging.receiver]
 }
 // The Loki writer receives a processed Loki log and then writes it to a Loki instance.
 loki.write "autologging" {
    // Add the `agent` value to the `job` label, so we can identify it as having been generated
    // by Grafana Agent when querying.
    external_labels = {
        job = "agent",
    }
    // Output the Loki log to the local Loki instance.
    endpoint {
        url = json_path(local.file.endpoints.content, ".logs.url")[0]
        // The basic auth credentials for the Loki instance.
        basic_auth {
            username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
            password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
        }
    }
 }
 // The Tail Sampling processor will use a set of policies to determine which received traces to keep
 // and send to Tempo.
 otelcol.processor.tail_sampling "errors" {
    // Total wait time from the start of a trace before making a sampling decision. Note that smaller time
    // periods can potentially cause a decision to be made before the end of a trace has occurred.
    decision_wait = "30s"
    // The following policies follow a logical OR pattern, meaning that if any of the policies match,
    // the trace will be kept. For logical AND, you can use the `and` policy. Every span of a trace is
    // examined by each policy in turn. A match will cause a short-circuit.
    // This policy defines that traces that contain errors should be kept.
    policy {
        // The name of the policy can be used for logging purposes.
        name = "sample-erroring-traces"
        // The type must match the type of policy to be used, in this case examing the status code
        // of every span in the trace.
        type = "status_code"
        // This block determines the error codes that should match in order to keep the trace,
        // in this case the OpenTelemetry 'ERROR' code.
        status_code {
            status_codes = [ "ERROR" ]
        }
    }
    // This policy defines that only traces that are longer than 200ms in total should be kept.
    policy {
        // The name of the policy can be used for logging purposes.
        name = "sample-long-traces"
        // The type must match the policy to be used, in this case the total latency of the trace.
        type = "latency"
        // This block determines the total length of the trace in milliseconds.
        latency {
            threshold_ms = 200
        }
    }
    // The output block forwards the kept traces onto the batch processor, which will marshall them
    // for exporting to Tempo.
    output {
        traces = [otelcol.processor.batch.default.input]
    }
 }
 // The Spanmetrics Connector will generate RED metrics based on the incoming trace span data.
 otelcol.connector.spanmetrics "tracemetrics" {
    // The namespace explicit adds a prefix to all the generated span metrics names.
    // In this case, we'll ensure they match as closely as possible those generated by Tempo.
    namespace = "traces.spanmetrics"
    // Each extra dimension (metrics label) to be added to the generated metrics from matching span attributes. These
    // need to be defined with a name and optionally a default value (in the following cases, we do not want a default
    // value if the span attribute is not present).
    dimension {
        name = "http.method"
    }
    dimension {
        name = "http.target"
    }
    dimension {
        name = "http.status_code"
    }
    dimension {
        name = "service.version"
    }
    // A histogram block must be present, either explicitly defining bucket values or via an exponential block.
    // We do the latter here.
    histogram {
        explicit {
        }
    }
    // The exemplar block is added to ensure we generate exemplars for traces on relevant metric values.
    exemplars {
        enabled = true
    }
    // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
    // it gets transformed into Prometheus format data.
    output {
        metrics = [otelcol.exporter.prometheus.tracemetrics.input]
    }
 }
 // The Servicegraph Connector will generate service graph metrics (edges and nodes) based on incoming trace spans.
 otelcol.connector.servicegraph "tracemetrics" {
    // Extra dimensions (metrics labels) to be added to the generated metrics from matching span attributes.
    // For this component, this is defined as an array. There are no default values and the labels will not be generated
    // for missing span attributes.
    dimensions = [
        "http.method",
        "http.target",
        "http.status_code",
        "service.version",
    ]
    // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
    // it gets transformed into Prometheus format data.
    output {
        metrics = [otelcol.exporter.prometheus.tracemetrics.input]
    }
 }
 otelcol.exporter.prometheus "tracemetrics" {
    // Forward to our local Prometheus remote writer which will send the metrics to Mimir.
    forward_to = [prometheus.remote_write.mimir.receiver]
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Profiling
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 pyroscope.write "pyroscope" {
        endpoint {
                url = json_path(local.file.endpoints.content, ".profiles.url")[0]
                basic_auth {
                        username = json_path(local.file.endpoints.content, ".profiles.basicAuth.username")[0]
                        password = json_path(local.file.endpoints.content, ".profiles.basicAuth.password")[0]
                }
        }
        external_labels = {}
 }
 pyroscope.ebpf "rinoadocker" {
        forward_to = [pyroscope.write.pyroscope.receiver]
        targets = discovery.docker.rinoadocker.targets
 }
@@ -0,0 +1,34 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "metrics": {
        "url": "http://grafana-mimir:9009/api/v1/push",
        "basicAuth": {
            "username": "",
            "password": ""
        }
    },
    "logs": {
        "url": "http://grafana-loki:3100/loki/api/v1/push",
        "basicAuth": {
            "username": "",
            "password": ""
        }
    },
    "traces": {
        "url": "http://grafana-tempo:4317",
        "basicAuthToken": "",
        "tls": {
            "insecure": true,
            "insecureSkipVerify": true
        }
    },
    "profiles": {
        "url": "http://grafana-pyroscope:4040",
        "basicAuth": {
            "username": "",
            "password": ""
        }
    }
 }
@@ -0,0 +1,7 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 routes:
  patterns:
    - /*
  unmatched: heuristic
@@ -0,0 +1,77 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 multitenancy_enabled: false
 no_auth_tenant: rinoa_mimir
 # target: query-frontend
 # api:
 #   prometheus_http_prefix: '/prometheus'
 server:
  http_listen_port: 9009
 # frontend:
 #   split_queries_by_interval: 24h
 #   align_queries_with_step: true
  # cache_results: true
  # results_cache:
  #   backend: "memcached"
  #   memcached:
  #     addresses: "memcached-mimir:11211"
 #   downstream_url: http://grafana-agent:12345
 common:
  storage:
    backend: s3
    s3:
      endpoint: minio:9000
      access_key_id: "Q8KAihuXtGgmretKNh7C"
      secret_access_key: "hOlRODtnvFlNlL26Bj3GizZG6Ys3rlpG8p6Vo3NX"
      bucket_name: "mimir"
      insecure: true
 blocks_storage:
  storage_prefix: rinoa
  tsdb:
    dir: /tmp/mimir/tsdb
 memberlist:
  tls_enabled: false
 compactor:
  # Directory to temporarily store blocks underdoing compaction.
  data_dir: /tmp/mimir/compactor
  # The sharding ring type used to share the hashed ring for the compactor.
  sharding_ring:
    # Use memberlist backend store (the default).
    kvstore:
      store: memberlist
 # The distributor receives incoming metrics data for the system.
 distributor:
  # The ring to share hash ring data across instances.
  ring:
    # The address advertised in the ring. Localhost.
    instance_addr: 127.0.0.1
    # Use memberlist backend store (the default).
    kvstore:
      store: memberlist
 # The ingester receives data from the distributor and processes it into indices and blocks.
 ingester:
  # The ring to share hash ring data across instances.
  ring:
    # The address advertised in the ring. Localhost.
    instance_addr: 127.0.0.1
    # Use memberlist backend store (the default).
    kvstore:
      store: memberlist
    # Only run one instance of the ingesters.
    # Note: It is highly recommended to run more than one ingester in production, the default is an RF of 3.
    replication_factor: 1
 # The store gateway block configures gateway storage.
 store_gateway:
  # Configuration for the hash ring.
  sharding_ring:
    # Only run a single instance. In production setups, the replication factor must
    # be set on the querier and ruler as well.
    replication_factor: 1
@@ -0,0 +1,12 @@
 storage:
  backend: s3
  s3:
    bucket_name: pyroscope
    endpoint: minio:9000
    region: us-east-fh-pln
    access_key_id: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }}
    secret_access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }}
    insecure: true
 analytics:
  reporting_enabled: false
@@ -0,0 +1,787 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 target: all
 http_api_prefix: ""
 autocomplete_filtering_enabled: true
 server:
    http_listen_network: tcp
    http_listen_address: ""
    http_listen_port: 80
    http_listen_conn_limit: 0
    grpc_listen_network: tcp
    grpc_listen_address: ""
    grpc_listen_port: 9095
    grpc_listen_conn_limit: 0
    tls_cipher_suites: ""
    tls_min_version: ""
    http_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    grpc_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    register_instrumentation: true
    report_grpc_codes_in_instrumentation_label_enabled: false
    graceful_shutdown_timeout: 30s
    http_server_read_timeout: 30s
    http_server_read_header_timeout: 0s
    http_server_write_timeout: 30s
    http_server_idle_timeout: 2m0s
    http_log_closed_connections_without_response_enabled: false
    grpc_server_max_recv_msg_size: 16777216
    grpc_server_max_send_msg_size: 16777216
    grpc_server_max_concurrent_streams: 100
    grpc_server_max_connection_idle: 2562047h47m16.854775807s
    grpc_server_max_connection_age: 2562047h47m16.854775807s
    grpc_server_max_connection_age_grace: 2562047h47m16.854775807s
    grpc_server_keepalive_time: 2h0m0s
    grpc_server_keepalive_timeout: 20s
    grpc_server_min_time_between_pings: 10s
    grpc_server_ping_without_stream_allowed: true
    grpc_server_num_workers: 0
    log_format: logfmt
    log_level: info
    log_source_ips_enabled: false
    log_source_ips_header: ""
    log_source_ips_regex: ""
    log_request_headers: false
    log_request_at_info_level_enabled: false
    log_request_exclude_headers_list: ""
    http_path_prefix: ""
 internal_server:
    http_listen_network: tcp
    http_listen_address: ""
    http_listen_port: 3101
    http_listen_conn_limit: 0
    grpc_listen_network: ""
    grpc_listen_address: ""
    grpc_listen_port: 0
    grpc_listen_conn_limit: 0
    tls_cipher_suites: ""
    tls_min_version: ""
    http_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    grpc_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    register_instrumentation: false
    report_grpc_codes_in_instrumentation_label_enabled: false
    graceful_shutdown_timeout: 30s
    http_server_read_timeout: 30s
    http_server_read_header_timeout: 0s
    http_server_write_timeout: 30s
    http_server_idle_timeout: 2m0s
    http_log_closed_connections_without_response_enabled: false
    grpc_server_max_recv_msg_size: 0
    grpc_server_max_send_msg_size: 0
    grpc_server_max_concurrent_streams: 0
    grpc_server_max_connection_idle: 0s
    grpc_server_max_connection_age: 0s
    grpc_server_max_connection_age_grace: 0s
    grpc_server_keepalive_time: 0s
    grpc_server_keepalive_timeout: 0s
    grpc_server_min_time_between_pings: 0s
    grpc_server_ping_without_stream_allowed: false
    grpc_server_num_workers: 0
    log_format: logfmt
    log_level: info
    log_source_ips_enabled: false
    log_source_ips_header: ""
    log_source_ips_regex: ""
    log_request_headers: false
    log_request_at_info_level_enabled: false
    log_request_exclude_headers_list: ""
    http_path_prefix: ""
    enable: false
 distributor:
    ring:
        kvstore:
            store: memberlist
            prefix: collectors/
            consul:
                host: localhost:8500
                acl_token: ""
                http_client_timeout: 20s
                consistent_reads: false
                watch_rate_limit: 1
                watch_burst_size: 1
                cas_retry_delay: 1s
            etcd:
                endpoints: []
                dial_timeout: 10s
                max_retries: 10
                tls_enabled: false
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: ""
                username: ""
                password: ""
            multi:
                primary: ""
                secondary: ""
                mirror_enabled: false
                mirror_timeout: 2s
        heartbeat_period: 5s
        heartbeat_timeout: 5m0s
        instance_id: local-instance
        instance_interface_names:
            - eth0
            - en0
        instance_port: 0
        instance_addr: ""
    receivers: {}
    override_ring_key: distributor
    forwarders: []
    extend_writes: true
    retry_after_on_resource_exhausted: 0s
 ingester_client:
    pool_config:
        checkinterval: 15s
        healthcheckenabled: true
        healthchecktimeout: 1s
        maxconcurrenthealthchecks: 0
    remote_timeout: 5s
    grpc_client_config:
        max_recv_msg_size: 104857600
        max_send_msg_size: 104857600
        grpc_compression: snappy
        rate_limit: 0
        rate_limit_burst: 0
        backoff_on_ratelimits: false
        backoff_config:
            min_period: 100ms
            max_period: 10s
            max_retries: 10
        initial_stream_window_size: 63KiB1023B
        initial_connection_window_size: 63KiB1023B
        tls_enabled: false
        tls_cert_path: ""
        tls_key_path: ""
        tls_ca_path: ""
        tls_server_name: ""
        tls_insecure_skip_verify: false
        tls_cipher_suites: ""
        tls_min_version: ""
        connect_timeout: 5s
        connect_backoff_base_delay: 1s
        connect_backoff_max_delay: 5s
 metrics_generator_client:
    pool_config:
        checkinterval: 15s
        healthcheckenabled: true
        healthchecktimeout: 1s
        maxconcurrenthealthchecks: 0
    remote_timeout: 5s
    grpc_client_config:
        max_recv_msg_size: 104857600
        max_send_msg_size: 104857600
        grpc_compression: snappy
        rate_limit: 0
        rate_limit_burst: 0
        backoff_on_ratelimits: false
        backoff_config:
            min_period: 100ms
            max_period: 10s
            max_retries: 10
        initial_stream_window_size: 63KiB1023B
        initial_connection_window_size: 63KiB1023B
        tls_enabled: false
        tls_cert_path: ""
        tls_key_path: ""
        tls_ca_path: ""
        tls_server_name: ""
        tls_insecure_skip_verify: false
        tls_cipher_suites: ""
        tls_min_version: ""
        connect_timeout: 5s
        connect_backoff_base_delay: 1s
        connect_backoff_max_delay: 5s
 querier:
    search:
        query_timeout: 30s
        prefer_self: 10
        external_hedge_requests_at: 8s
        external_hedge_requests_up_to: 2
        external_backend: ""
        google_cloud_run: null
        external_endpoints: []
    trace_by_id:
        query_timeout: 10s
    max_concurrent_queries: 20
    frontend_worker:
        frontend_address: 127.0.0.1:9095
        dns_lookup_duration: 10s
        parallelism: 2
        match_max_concurrent: true
        id: ""
        grpc_client_config:
            max_recv_msg_size: 104857600
            max_send_msg_size: 16777216
            grpc_compression: gzip
            rate_limit: 0
            rate_limit_burst: 0
            backoff_on_ratelimits: false
            backoff_config:
                min_period: 100ms
                max_period: 1s
                max_retries: 5
            initial_stream_window_size: 0B
            initial_connection_window_size: 0B
            tls_enabled: false
            tls_cert_path: ""
            tls_key_path: ""
            tls_ca_path: ""
            tls_server_name: ""
            tls_insecure_skip_verify: false
            tls_cipher_suites: ""
            tls_min_version: ""
            connect_timeout: 0s
            connect_backoff_base_delay: 0s
            connect_backoff_max_delay: 0s
    query_relevant_ingesters: false
 query_frontend:
    max_outstanding_per_tenant: 2000
    querier_forget_delay: 0s
    max_batch_size: 5
    max_retries: 2
    search:
        concurrent_jobs: 1000
        target_bytes_per_job: 104857600
        default_result_limit: 20
        max_result_limit: 0
        max_duration: 168h0m0s
        query_backend_after: 15m0s
        query_ingesters_until: 30m0s
    trace_by_id:
        query_shards: 50
        hedge_requests_at: 2s
        hedge_requests_up_to: 2
    metrics:
        concurrent_jobs: 1000
        target_bytes_per_job: 104857600
        max_duration: 0s
        query_backend_after: 1h0m0s
        interval: 5m0s
    multi_tenant_queries_enabled: true
 compactor:
    ring:
        kvstore:
            store: ""
            prefix: collectors/
            consul:
                host: localhost:8500
                acl_token: ""
                http_client_timeout: 20s
                consistent_reads: false
                watch_rate_limit: 1
                watch_burst_size: 1
                cas_retry_delay: 1s
            etcd:
                endpoints: []
                dial_timeout: 10s
                max_retries: 10
                tls_enabled: false
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: ""
                username: ""
                password: ""
            multi:
                primary: ""
                secondary: ""
                mirror_enabled: false
                mirror_timeout: 2s
        heartbeat_period: 5s
        heartbeat_timeout: 1m0s
        wait_stability_min_duration: 1m0s
        wait_stability_max_duration: 5m0s
        instance_id: local-instance
        instance_interface_names:
            - eth0
            - en0
        instance_port: 0
        instance_addr: ""
        enable_inet6: false
        wait_active_instance_timeout: 10m0s
    compaction:
        v2_in_buffer_bytes: 5242880
        v2_out_buffer_bytes: 20971520
        v2_prefetch_traces_count: 1000
        compaction_window: 1h0m0s
        max_compaction_objects: 6000000
        max_block_bytes: 107374182400
        block_retention: 336h0m0s
        compacted_block_retention: 1h0m0s
        retention_concurrency: 10
        max_time_per_tenant: 5m0s
        compaction_cycle: 30s
    override_ring_key: compactor
 ingester:
    lifecycler:
        ring:
            kvstore:
                store: inmemory
                prefix: collectors/
                consul:
                    host: localhost:8500
                    acl_token: ""
                    http_client_timeout: 20s
                    consistent_reads: false
                    watch_rate_limit: 1
                    watch_burst_size: 1
                    cas_retry_delay: 1s
                etcd:
                    endpoints: []
                    dial_timeout: 10s
                    max_retries: 10
                    tls_enabled: false
                    tls_cert_path: ""
                    tls_key_path: ""
                    tls_ca_path: ""
                    tls_server_name: ""
                    tls_insecure_skip_verify: false
                    tls_cipher_suites: ""
                    tls_min_version: ""
                    username: ""
                    password: ""
                multi:
                    primary: ""
                    secondary: ""
                    mirror_enabled: false
                    mirror_timeout: 2s
            heartbeat_timeout: 5m0s
            replication_factor: 1
            zone_awareness_enabled: false
            excluded_zones: ""
        num_tokens: 128
        heartbeat_period: 5s
        heartbeat_timeout: 1m0s
        observe_period: 0s
        join_after: 0s
        min_ready_duration: 15s
        interface_names:
            - en0
            - bridge100
        enable_inet6: false
        final_sleep: 0s
        tokens_file_path: ""
        availability_zone: ""
        unregister_on_shutdown: true
        readiness_check_ring_health: true
        address: 127.0.0.1
        port: 0
        id: local-instance
    concurrent_flushes: 4
    flush_check_period: 10s
    flush_op_timeout: 5m0s
    trace_idle_period: 10s
    max_block_duration: 30m0s
    max_block_bytes: 524288000
    complete_block_timeout: 15m0s
    override_ring_key: ring
    flush_all_on_shutdown: false
 metrics_generator:
    ring:
        kvstore:
            store: inmemory
            prefix: collectors/
            consul:
                host: localhost:8500
                acl_token: ""
                http_client_timeout: 20s
                consistent_reads: false
                watch_rate_limit: 1
                watch_burst_size: 1
                cas_retry_delay: 1s
            etcd:
                endpoints: []
                dial_timeout: 10s
                max_retries: 10
                tls_enabled: false
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: ""
                username: ""
                password: ""
            multi:
                primary: ""
                secondary: ""
                mirror_enabled: false
                mirror_timeout: 2s
        heartbeat_period: 5s
        heartbeat_timeout: 1m0s
        instance_id: local-instance
        instance_interface_names:
            - eth0
            - en0
        instance_addr: 127.0.0.1
        instance_port: 0
        enable_inet6: false
    processor:
        service_graphs:
            wait: 10s
            max_items: 10000
            workers: 10
            histogram_buckets:
                - 0.1
                - 0.2
                - 0.4
                - 0.8
                - 1.6
                - 3.2
                - 6.4
                - 12.8
            dimensions: []
            enable_client_server_prefix: false
            peer_attributes:
                - peer.service
                - db.name
                - db.system
            span_multiplier_key: ""
        span_metrics:
            histogram_buckets:
                - 0.002
                - 0.004
                - 0.008
                - 0.016
                - 0.032
                - 0.064
                - 0.128
                - 0.256
                - 0.512
                - 1.024
                - 2.048
                - 4.096
                - 8.192
                - 16.384
            intrinsic_dimensions:
                service: true
                span_name: true
                span_kind: true
                status_code: true
            dimensions: []
            dimension_mappings: []
            enable_target_info: false
            span_multiplier_key: ""
            subprocessors:
                0: true
                1: true
                2: true
            filter_policies: []
            target_info_excluded_dimensions: []
        local_blocks:
            block:
                bloom_filter_false_positive: 0.01
                bloom_filter_shard_size_bytes: 102400
                version: vParquet3
                search_encoding: snappy
                search_page_size_bytes: 1048576
                v2_index_downsample_bytes: 1048576
                v2_index_page_size_bytes: 256000
                v2_encoding: zstd
                parquet_row_group_size_bytes: 100000000
                parquet_dedicated_columns: []
            search:
                chunk_size_bytes: 1000000
                prefetch_trace_count: 1000
                read_buffer_count: 32
                read_buffer_size_bytes: 1048576
                cache_control:
                    footer: false
                    column_index: false
                    offset_index: false
            flush_check_period: 10s
            trace_idle_period: 10s
            max_block_duration: 1m0s
            max_block_bytes: 500000000
            complete_block_timeout: 1h0m0s
            max_live_traces: 0
            concurrent_blocks: 10
            filter_server_spans: true
    registry:
        collection_interval: 15s
        stale_duration: 15m0s
        max_label_name_length: 1024
        max_label_value_length: 2048
    storage:
        path: ""
        wal:
            wal_segment_size: 134217728
            wal_compression: none
            stripe_size: 16384
            truncate_frequency: 2h0m0s
            min_wal_time: 300000
            max_wal_time: 14400000
            no_lockfile: false
        remote_write_flush_deadline: 1m0s
        remote_write_add_org_id_header: true
    traces_storage:
        path: ""
        completedfilepath: ""
        blocksfilepath: ""
        v2_encoding: none
        search_encoding: none
        ingestion_time_range_slack: 0s
        version: vParquet3
    metrics_ingestion_time_range_slack: 30s
    query_timeout: 30s
    override_ring_key: metrics-generator
 storage:
    trace:
        pool:
            max_workers: 400
            queue_depth: 20000
        wal:
            path: /tmp/tempo/wal
            completedfilepath: /tmp/tempo/wal/completed
            blocksfilepath: /tmp/tempo/wal/blocks
            v2_encoding: snappy
            search_encoding: none
            ingestion_time_range_slack: 2m0s
            version: vParquet3
        block:
            bloom_filter_false_positive: 0.01
            bloom_filter_shard_size_bytes: 102400
            version: vParquet3
            search_encoding: snappy
            search_page_size_bytes: 1048576
            v2_index_downsample_bytes: 1048576
            v2_index_page_size_bytes: 256000
            v2_encoding: zstd
            parquet_row_group_size_bytes: 100000000
            parquet_dedicated_columns: []
        search:
            chunk_size_bytes: 1000000
            prefetch_trace_count: 1000
            read_buffer_count: 32
            read_buffer_size_bytes: 1048576
            cache_control:
                footer: false
                column_index: false
                offset_index: false
        blocklist_poll: 5m0s
        blocklist_poll_concurrency: 50
        blocklist_poll_fallback: true
        blocklist_poll_tenant_index_builders: 2
        blocklist_poll_stale_tenant_index: 0s
        blocklist_poll_jitter_ms: 0
        blocklist_poll_tolerate_consecutive_errors: 1
        backend: local
        local:
            path: /tmp/tempo/traces
        gcs:
            bucket_name: ""
            prefix: ""
            chunk_buffer_size: 10485760
            endpoint: ""
            hedge_requests_at: 0s
            hedge_requests_up_to: 2
            insecure: false
            object_cache_control: ""
            object_metadata: {}
            list_blocks_concurrency: 3
        s3:
            tls_cert_path: ""
            tls_key_path: ""
            tls_ca_path: ""
            tls_server_name: ""
            tls_insecure_skip_verify: false
            tls_cipher_suites: ""
            tls_min_version: VersionTLS12
            bucket: ""
            prefix: ""
            endpoint: ""
            region: ""
            access_key: ""
            secret_key: ""
            session_token: ""
            insecure: false
            part_size: 0
            hedge_requests_at: 0s
            hedge_requests_up_to: 2
            signature_v2: false
            forcepathstyle: false
            bucket_lookup_type: 0
            tags: {}
            storage_class: ""
            metadata: {}
            native_aws_auth_enabled: false
            list_blocks_concurrency: 3
        azure:
            storage_account_name: ""
            storage_account_key: ""
            use_managed_identity: false
            use_federated_token: false
            user_assigned_id: ""
            container_name: ""
            prefix: ""
            endpoint_suffix: blob.core.windows.net
            max_buffers: 4
            buffer_size: 3145728
            hedge_requests_at: 0s
            hedge_requests_up_to: 2
            use_v2_sdk: false
        cache: ""
        background_cache:
            writeback_goroutines: 10
            writeback_buffer: 10000
        memcached: null
        redis: null
        cache_min_compaction_level: 0
        cache_max_block_age: 0s
 overrides:
    defaults:
        ingestion:
            rate_strategy: local
            rate_limit_bytes: 15000000
            burst_size_bytes: 20000000
            max_traces_per_user: 10000
        read:
            max_bytes_per_tag_values_query: 5000000
        global:
            max_bytes_per_trace: 5000000
    per_tenant_override_config: ""
    per_tenant_override_period: 10s
    user_configurable_overrides:
        enabled: false
        poll_interval: 1m0s
        client:
            backend: ""
            confirm_versioning: true
            local:
                path: ""
            gcs:
                bucket_name: ""
                prefix: ""
                chunk_buffer_size: 10485760
                endpoint: ""
                hedge_requests_at: 0s
                hedge_requests_up_to: 2
                insecure: false
                object_cache_control: ""
                object_metadata: {}
                list_blocks_concurrency: 3
            s3:
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: VersionTLS12
                bucket: ""
                prefix: ""
                endpoint: ""
                region: ""
                access_key: ""
                secret_key: ""
                session_token: ""
                insecure: false
                part_size: 0
                hedge_requests_at: 0s
                hedge_requests_up_to: 2
                signature_v2: false
                forcepathstyle: false
                bucket_lookup_type: 0
                tags: {}
                storage_class: ""
                metadata: {}
                native_aws_auth_enabled: false
                list_blocks_concurrency: 3
            azure:
                storage_account_name: ""
                storage_account_key: ""
                use_managed_identity: false
                use_federated_token: false
                user_assigned_id: ""
                container_name: ""
                prefix: ""
                endpoint_suffix: blob.core.windows.net
                max_buffers: 4
                buffer_size: 3145728
                hedge_requests_at: 0s
                hedge_requests_up_to: 2
                use_v2_sdk: false
        api:
            check_for_conflicting_runtime_overrides: false
 memberlist:
    node_name: ""
    randomize_node_name: true
    stream_timeout: 2s
    retransmit_factor: 2
    pull_push_interval: 30s
    gossip_interval: 1s
    gossip_nodes: 2
    gossip_to_dead_nodes_time: 30s
    dead_node_reclaim_time: 0s
    compression_enabled: false
    advertise_addr: ""
    advertise_port: 7946
    cluster_label: ""
    cluster_label_verification_disabled: false
    join_members: []
    min_join_backoff: 1s
    max_join_backoff: 1m0s
    max_join_retries: 10
    abort_if_cluster_join_fails: false
    rejoin_interval: 0s
    left_ingesters_timeout: 5m0s
    leave_timeout: 20s
    message_history_buffer_bytes: 0
    bind_addr: []
    bind_port: 7946
    packet_dial_timeout: 2s
    packet_write_timeout: 5s
    tls_enabled: false
    tls_cert_path: ""
    tls_key_path: ""
    tls_ca_path: ""
    tls_server_name: ""
    tls_insecure_skip_verify: false
    tls_cipher_suites: ""
    tls_min_version: ""
 usage_report:
    reporting_enabled: true
    backoff:
        min_period: 100ms
        max_period: 10s
        max_retries: 0
 cache:
    background:
        writeback_goroutines: 10
        writeback_buffer: 10000
    caches: []
@@ -0,0 +1,54 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 server:
  http_listen_port: 3200
 distributor:
  receivers:                           # this configuration will listen on all ports and protocols that tempo is capable of.
    jaeger:                            # the receives all come from the OpenTelemetry collector.  more configuration information can
      protocols:                       # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
        thrift_http:                   #
        grpc:                          # for a production deployment you should only enable the receivers you need!
        thrift_binary:
        thrift_compact:
    zipkin:
    otlp:
      protocols:
        http:
        grpc:
    opencensus:
 ingester:
  max_block_duration: 5m               # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
 compactor:
  compaction:
    block_retention: 1h                # overall Tempo trace retention. set for demo purposes
 # metrics_generator:
 #   registry:
 #     external_labels:
 #       source: tempo
 #       cluster: docker-compose
 #   storage:
 #     path: /tmp/tempo/generator/wal
 #     remote_write:
 #       - url: http://grafana-alloy:12345/api/v1/write
 #         send_exemplars: true
 storage:
  trace:
    backend: s3                        # backend configuration to use
    wal:
      path: /tmp/tempo/wal             # where to store the the wal locally
    s3:
      bucket: tempo                    # how to store data in s3
      endpoint: minio:9000
      access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }}
      secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_SECRET_KEY'] }}
      insecure: true
 usage_report:
  reporting_enabled: false
@@ -0,0 +1,22 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/bookmarks
 #- Developer:
 #    - Github:
 #        - abbr: GH
 #          href: https://github.com/
 #
 #- Social:
 #    - Reddit:
 #        - abbr: RE
 #          href: https://reddit.com/
 #
 #- Entertainment:
 #    - YouTube:
 #        - abbr: YT
 #          href: https://youtube.com/
@@ -0,0 +1,15 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/docker/
 # my-docker:
 #   host: 127.0.0.1
 #   port: 2375
 my-docker:
   host: dockerproxy
   port: 2375
@@ -0,0 +1,6 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # sample kubernetes config
@@ -0,0 +1,33 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/services
 #- My First Group:
 #    - My First Service:
 #        href: http://localhost/
 #        description: Homepage is awesome
 #
 #- My Second Group:
 #    - My Second Service:
 #        href: http://localhost/
 #        description: Homepage is the best
 #
 #- My Third Group:
 #    - My Third Service:
 #        href: http://localhost/
 #        description: Homepage is 😎
 - Automation:
    - Home Assistant (Rikku):
        href: https://ha.trez.wtf
        description: Smart Home
        icon: home-assistant.png
        weight: 0
        widget:
            type: homeassistant
            url: http://192.168.1.252:8123
            key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI5MTFlMDZiMzNlODc0MWYyYjM3Mzg0NDhiMzMyNzMxYiIsImlhdCI6MTcxMzEzODc3MiwiZXhwIjoyMDI4NDk4NzcyfQ.CXFBjf0sJAGdMrRd_PTCkkzU3LsCgkckG8HvbdSYEhs
@@ -0,0 +1,60 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/settings
 providers:
  openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
  # weatherapi: weatherapiapikey
 title: Rinoa Dashboard (trez.WTF)
 headerStyle: underlined
 color: slate
 showStats: true
 statusStyle: "dot"
 favicon: /icons/favicon.ico
 useEqualHeights: false
 hideErrors: false
 searchDescriptions: true
 showSearchSuggestions: true
 provider: duckduckgo
 layout:
  System Administration:
    style: row
    columns: 4
    # fiveColumns: true
  Infrastructure/App Performance Monitoring:
    style: row
    columns: 4
  Automation:
    style: columns
    row: 2
  Code/DevOps:
    style: columms
    row: 2
  Privacy/Security:
    style: columns
    row: 5
  Social:
    style: columns
    row: 4
  Lifestyle:
    style: row
    columns: 4
  Personal Services:
    style: row
    columns: 4
  Professional Services:
    style: row
    columns: 3
  Servarr Stack:
    style: row
    columns: 3
  Downloaders:
    style: row
    columns: 3
  Media Library:
    style: row
    columns: 4
@@ -0,0 +1,33 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/widgets
 - resources:
    label: System
    cpu: true
    memory: true
    cputemp: true
    uptime: true
 - resources:
    label: Storage
    expanded: true
    disk:
        - /
        - /rinoa-storage
 - search:
    provider: custom
    url: https://search.trez.wtf/search?q=
    target: _blank
 - openweathermap:
    label: New York
    latitude: 40.72
    longitude: -73.85
    units: imperial
    provider: openweathermap
    cache: 10
@@ -0,0 +1,52 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # IN application vars
 IN_APP_URL=http://in.localhost:8003
 IN_APP_KEY=<insert your generated key in here>
 IN_APP_DEBUG=true
 IN_REQUIRE_HTTPS=false
 IN_PHANTOMJS_PDF_GENERATION=false
 IN_PDF_GENERATOR=snappdf
 IN_TRUSTED_PROXIES='*'
 IN_QUEUE_CONNECTION=database
 # DB connection
 IN_DB_HOST=db
 IN_DB_PORT=3306
 IN_DB_DATABASE=ninja
 IN_DB_USERNAME=ninja
 IN_DB_PASSWORD=ninja
 # Create initial user
 # Default to these values if empty
 # IN_USER_EMAIL=admin@example.com
 # IN_PASSWORD=changeme!
 IN_USER_EMAIL=
 IN_PASSWORD=
 # Mail options
 IN_MAIL_MAILER=log
 IN_MAIL_HOST=smtp.mailtrap.io
 IN_MAIL_PORT=2525
 IN_MAIL_USERNAME=null
 IN_MAIL_PASSWORD=null
 IN_MAIL_ENCRYPTION=null
 IN_MAIL_FROM_ADDRESS='user@example.com'
 IN_MAIL_FROM_NAME='Self Hosted User'
 # MySQL
 IN_MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
 IN_MYSQL_USER=ninja
 IN_MYSQL_PASSWORD=ninja
 IN_MYSQL_DATABASE=ninja
 # GoCardless/Nordigen API key for banking integration
 NORDIGEN_SECRET_ID=
 NORDIGEN_SECRET_KEY=
 # V4 env vars
 # DB_STRICT=false
 # APP_CIPHER=AES-256-CBC
@@ -0,0 +1,477 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ###########################
 # 🦎 KOMODO CORE CONFIG 🦎 #
 ###########################
 ## This is the offical "Default" config file for Komodo Core.
 ## It serves as documentation for the meaning of the fields.
 ## It is located at `https://github.com/mbecker20/komodo/blob/main/config/core.config.toml`.
 ## All fields with a "Default" provided are optional. If they are
 ## left out of the file, the "Default" value will be used.
 ## This file is bundled into the official image, `ghcr.io/mbecker20/komodo`,
 ## as the default config at `/config/config.toml`.
 ## Komodo can start with no external config file mounted.
 ## There is usually no need to create this file on your host.
 ## Most fields can instead be configured using environment variables.
 ## Environment variables will override values set in this file.
 ## This will be the document title on the web page.
 ## Env: KOMODO_TITLE
 ## Default: 'Komodo'
 title = "Komodo @ Rinoa"
 ## This should be the url used to access Komodo in browser, potentially behind DNS.
 ## Eg https://komodo.example.com or http://12.34.56.78:9120. This should match the address configured in your Oauth app.
 ## Env: KOMODO_HOST
 ## Required, no default.
 host = "https://komodo.trez.wtf"
 ## The port the core system will run on.
 ## Env: KOMODO_PORT
 ## Default: 9120
 port = 9120
 ## This is the token used to authenticate core requests to periphery.
 ## Ensure this matches a passkey in the connected periphery configs.
 ## If the periphery servers don't have passkeys configured, this doesn't need to be changed.
 ## Env: KOMODO_PASSKEY or KOMODO_PASSKEY_FILE
 ## Required, no default
 passkey = "JgzFdZYbE7JfH5zhrh5pWUEQEWA4MCXG"
 ## Ensure a server with this address exists on Core
 ## upon first startup. Example: `https://periphery:8120`
 ## Env: KOMODO_FIRST_SERVER
 ## Optional, no default.
 first_server = ""
 ## Disables write support on resources in the UI.
 ## This protects users that that would normally have write priviledges during their UI usage,
 ## when they intend to fully rely on ResourceSyncs to manage config.
 ## Env: KOMODO_UI_WRITE_DISABLED
 ## Default: false
 ui_write_disabled = false
 ## Disables the confirm dialogs on all actions. All buttons will now be double-click.
 ## Useful when only having http connection to core, as UI quick-copy button won't work.
 ## Env: KOMODO_DISABLE_CONFIRM_DIALOG
 ## Default: false
 disable_confirm_dialog = false
 ## Configure the directory for sync files (inside the container).
 ## There shouldn't be a need to change this, just mount a volume.
 ## Env: KOMODO_SYNC_DIRECTORY
 ## Default: /syncs
 sync_directory = "/syncs"
 ## Configure the repo directory (inside the container).
 ## There shouldn't be a need to change this, just mount a volume.
 ## Env: KOMODO_REPO_DIRECTORY
 ## Default: /repo-cache
 repo_directory = "/repo-cache"
 ## Configure the action directory (inside the container).
 ## There shouldn't be a need to change this, or even mount a volume.
 ## Env: KOMODO_ACTION_DIRECTORY
 ## Default: /action-cache
 action_directory = "/action-cache"
 ################
 # AUTH / LOGIN #
 ################
 ## Allow user login with a username / password.
 ## The password will be hashed and stored in the db for login comparison.
 ##
 ## NOTE:
 ## Komodo has no API to recover account logins, but if this happens you can doctor the database using Mongo Compass.
 ## Create a new Komodo user (Sign Up button), login to the database with Compass, note down your old users username and _id.
 ## Then delete the old user, and update the new user to have the same username and _id. 
 ## Make sure to set `enabled: true` and maybe `admin: true` on the new user as well, while using Compass.
 ##
 ## Env: KOMODO_LOCAL_AUTH
 ## Default: false
 local_auth = true
 ## Normally new users will be registered, but not enabled until an Admin enables them.
 ## With `disable_user_registration = true`, only the first user to log in will registered as a user.
 ## Env: KOMODO_DISABLE_USER_REGISTRATION
 ## Default: false
 disable_user_registration = false
 ## New users will be automatically enabled when they sign up.
 ## Otherwise, new users will be disabled on first login.
 ## The first user to login will always be enabled on creation.
 ## Env: KOMODO_ENABLE_NEW_USERS
 ## Default: false
 enable_new_users = false
 ## Allows all users to have Read level access to all resources.
 ## Env: KOMODO_TRANSPARENT_MODE
 ## Default: false
 transparent_mode = false
 ## Normally all enabled users can create resources.
 ## If `disable_non_admin_create = true`, only admin users can create resources.
 ## Env: KOMODO_DISABLE_NON_ADMIN_CREATE
 ## Default: false
 disable_non_admin_create = false
 ## Optionally provide a specific jwt secret.
 ## Passing nothing or an empty string will cause one to be generated on every startup.
 ## This means users will have to log in again if Komodo restarts.
 ## Env: KOMODO_JWT_SECRET or KOMODO_JWT_SECRET_FILE
 ## Default: empty string, meaning a random secret will be generated at startup.
 jwt_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['KOMODO_JWT_SECRET'] }}"
 ## Specify how long a user can stay logged in before they have to log in again.
 ## All jwts are invalidated on application restart unless `jwt_secret` is set.
 ## Env: KOMODO_JWT_TTL
 ## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk, 30-day
 ## Default: 1-day. 
 jwt_ttl = "1-day"
 #############
 # OIDC Auth #
 #############
 ## Enable logins with configured OIDC provider.
 ## Env: KOMODO_OIDC_ENABLED
 ## Default: false
 oidc_enabled = false
 ## Give the provider address.
 ##
 ## The path, ie /application/o/komodo for Authentik,
 ## is provider and configuration specific.
 ##
 ## Note. this address must be reachable from Komodo Core container.
 ##
 ## Env: KOMODO_OIDC_PROVIDER
 ## Optional, no default.
 oidc_provider = "https://oidc.provider.internal/application/o/komodo"
 ## Configure OIDC user redirect host.
 ##
 ## This is the host address users are redirected to in their browser,
 ## and may be different from `oidc_provider` host depending on your networking.
 ## If not provided (or empty string ""), the `oidc_provider` will be used.
 ##
 ## Note. DO NOT include the `path` part of the URL.
 ## Example: `https://oidc.provider.external`
 ##
 ## Env: KOMODO_OIDC_REDIRECT_HOST
 ## Optional, no default.
 oidc_redirect_host = ""
 ## Give the OIDC Client ID.
 ## Env: KOMODO_OIDC_CLIENT_ID or KOMODO_OIDC_CLIENT_ID_FILE
 oidc_client_id = ""
 ## Give the OIDC Client Secret.
 ## Env: KOMODO_OIDC_CLIENT_SECRET or KOMODO_OIDC_CLIENT_SECRET_FILE
 oidc_client_secret = ""
 ## If true, use the full email for usernames.
 ## Otherwise, the @address will be stripped,
 ## making usernames more concise.
 ## Env: KOMODO_OIDC_USE_FULL_EMAIL
 ## Default: false.
 oidc_use_full_email = false
 ## Some providers attach other audiences in addition to the client_id.
 ## If you have this issue, `Invalid audiences: `...` is not a trusted audience"`,
 ## you can add the audience `...` to the list here (assuming it should be trusted).
 ## Env: KOMODO_OIDC_ADDITIONAL_AUDIENCES or KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
 ## Default: empty
 oidc_additional_audiences = []
 #########
 # OAUTH #
 #########
 ## Google
 ## Env: KOMODO_GOOGLE_OAUTH_ENABLED
 ## Default: false
 google_oauth.enabled = false
 ## Env: KOMODO_GOOGLE_OAUTH_ID or KOMODO_GOOGLE_OAUTH_ID_FILE
 ## Required if google_oauth is enabled.
 google_oauth.id = ""
 ## Env: KOMODO_GOOGLE_OAUTH_SECRET or KOMODO_GOOGLE_OAUTH_SECRET_FILE
 ## Required if google_oauth is enabled.
 google_oauth.secret = ""
 ## Github
 ## Env: KOMODO_GITHUB_OAUTH_ENABLED
 ## Default: false
 github_oauth.enabled = false
 ## Env: KOMODO_GITHUB_OAUTH_ID or KOMODO_GITHUB_OAUTH_ID_FILE
 ## Required if github_oauth is enabled.
 github_oauth.id = ""
 ## Env: KOMODO_GITHUB_OAUTH_SECRET or KOMODO_GITHUB_OAUTH_SECRET_FILE
 ## Required if github_oauth is enabled.
 github_oauth.secret = ""
 ############
 # Security #
 ############
 ## Enable HTTPS server using the given key and cert.
 ## Env: KOMODO_SSL_ENABLED
 ## Default: false
 ssl_enabled = false
 ## Path to the ssl key.
 ## Env: KOMODO_SSL_KEY_FILE
 ## Default: /config/ssl/key.pem
 ssl_key_file = "/config/ssl/key.pem"
 ## Path to the ssl cert.
 ## Env: KOMODO_SSL_CERT_FILE
 ## Default: /config/ssl/cert.pem
 ssl_cert_file = "/config/ssl/cert.pem"
 ############
 # DATABASE #
 ############
 ## Configure the database connection in one of the following ways:
 ## Pass a full Mongo URI to the database.
 ## Example: mongodb://username:password@localhost:27017
 ## Env: KOMODO_DATABASE_URI or KOMODO_DATABASE_URI_FILE
 ## Optional, can usually use `address`, `username`, `password` instead.
 database.uri = "mongodb://komodo:jtyl2U8KZPUe8V9MOTXQDYRlg7QemGuF@komodo-ferretdb:27017/komodo?authMechanism=PLAIN"
 ## ==== * OR * ==== ##
 # Construct the address as mongodb://{username}:{password}@{address}
 ## Env: KOMODO_DATABASE_ADDRESS
 # database.address = "localhost:27017"
 ## Env: KOMODO_DATABASE_USERNAME or KOMODO_DATABASE_USERNAME_FILE
 # database.username = ""
 ## Env: KOMODO_DATABASE_PASSWORD or KOMODO_DATABASE_PASSWORD_FILE
 # database.password = ""
 ## ==== other ====
 ## Komodo will create its collections under this database name.
 ## The only reason to change this is if multiple Komodo Cores share the same db.
 ## Env: KOMODO_DATABASE_DB_NAME
 ## Default: komodo.
 database.db_name = "komodo"
 ## This is the assigned app_name of the mongo client.
 ## The only reason to change this is if multiple Komodo Cores share the same db.
 ## Env: KOMODO_DATABASE_APP_NAME
 ## Default: komodo_core.
 database.app_name = "komodo_core"
 ############
 # WEBHOOKS #
 ############
 ## This token must be given to git provider during repo webhook config.
 ## The secret configured on the git provider side must match the secret configured here.
 ## If not provided, 
 ## Env: KOMODO_WEBHOOK_SECRET or KOMODO_WEBHOOK_SECRET_FILE
 ## Optional, no default.
 webhook_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['KOMODO_WEBHOOK_SECRET'] }}"
 ## An alternate base url that is used to recieve git webhook requests.
 ## If empty or not specified, will use 'host' address as base.
 ## This is useful if Komodo is on an internal network, but can have a
 ## proxy just allowing through the webhook listener api using NGINX.
 ## Env: KOMODO_WEBHOOK_BASE_URL
 ## Default: empty (none)
 webhook_base_url = ""
 ## Configure Github webhook app. Enables webhook management apis.
 ## <INSERT LINK TO GUIDE>
 ## Env: KOMODO_GITHUB_WEBHOOK_APP_APP_ID or KOMODO_GITHUB_WEBHOOK_APP_APP_ID_FILE
 # github_webhook_app.app_id = 1234455 # Find on the app page.
 ## Env: 
 ##   - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS or KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS_FILE
 ##   - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_NAMESPACES
 # github_webhook_app.installations = [
 #   ## Find the id after installing the app to user / organization. "namespace" is the username / organization name.
 #   { id = 1234, namespace = "mbecker20" }
 # ]
 ## The path to Github webhook app private key. <INSERT LINK TO GUIDE>
 ## This is defaulted to `/github/private-key.pem`, and doesn't need to be changed if running core in Docker.
 ## Just mount the private key pem file on the host to `/github/private-key.pem` in the container.
 ## Eg. `/your/path/to/key.pem : /github/private-key.pem`
 ## Env: KOMODO_GITHUB_WEBHOOK_APP_PK_PATH
 # github_webhook_app.pk_path = "/path/to/pk.pem"
 ###########
 # LOGGING #
 ###########
 ## Specify the logging verbosity
 ## Env: KOMODO_LOGGING_LEVEL
 ## Options: off, error, warn, info, debug, trace
 ## Default: info
 logging.level = "info"
 ## Specify the logging format for stdout / stderr.
 ## Env: KOMODO_LOGGING_STDIO
 ## Options: standard, json, none
 ## Default: standard
 logging.stdio = "standard"
 ## Optionally specify a opentelemetry otlp endpoint to send traces to.
 ## Example: http://localhost:4317
 ## Env: KOMODO_LOGGING_OTLP_ENDPOINT
 logging.otlp_endpoint = ""
 ## Set the opentelemetry service name.
 ## This will be attached to the telemetry Komodo will send.
 ## Env: KOMODO_LOGGING_OPENTELEMETRY_SERVICE_NAME
 ## Default: "Komodo"
 logging.opentelemetry_service_name = "Komodo"
 ###########
 # PRUNING #
 ###########
 ## The number of days to keep historical system stats around, or 0 to disable pruning. 
 ## Stats older that are than this number of days are deleted on a daily cycle.
 ## Env: KOMODO_KEEP_STATS_FOR_DAYS
 ## Default: 14
 keep_stats_for_days = 14
 ## The number of days to keep alerts around, or 0 to disable pruning. 
 ## Alerts older that are than this number of days are deleted on a daily cycle.
 ## Env: KOMODO_KEEP_ALERTS_FOR_DAYS
 ## Default: 14
 keep_alerts_for_days = 14
 ##################
 # POLL INTERVALS #
 ##################
 ## Controls the rate at which servers are polled for health, system stats, and container status.
 ## This affects network usage, and the size of the stats stored in mongo.
 ## Env: KOMODO_MONITORING_INTERVAL
 ## Options: 1-sec, 5-sec, 15-sec, 30-sec, 1-min, 2-min, 5-min, 15-min
 ## Default: 15-sec
 monitoring_interval = "15-sec"
 ## Interval at which to poll Resources for any updates / automated actions.
 ## Env: KOMODO_RESOURCE_POLL_INTERVAL
 ## Options: `15-sec`, `1-min`, `5-min`, `15-min`, `1-hr`.
 ## Default: 5-min
 resource_poll_interval = "5-min"
 ###################
 # CLOUD PROVIDERS #
 ###################
 ## Komodo can build images by deploying AWS EC2 instances,
 ## running the build, and afterwards destroying the instance.
 ## Additionally, Komodo can deploy cloud VPS on AWS EC2 and Hetzner.
 ## Use the Template resource to configure launch preferences.
 ## Hetzner is not supported for builds as their pricing model is by the hour,
 ## while AWS is by the minute. This is very important for builds.
 ## Provide AWS api keys for ephemeral builders / server launch
 ## Env: KOMODO_AWS_ACCESS_KEY_ID or KOMODO_AWS_ACCESS_KEY_ID_FILE
 aws.access_key_id = ""
 ## Env: KOMODO_AWS_SECRET_ACCESS_KEY or KOMODO_AWS_SECRET_ACCESS_KEY_FILE
 aws.secret_access_key = ""
 ## Provide Hetzner api token for server launch
 ## Env: KOMODO_HETZNER_TOKEN or KOMODO_HETZNER_TOKEN_FILE
 hetzner.token = ""
 #################
 # GIT PROVIDERS #
 #################
 ## These will be available to attach to Builds, Repos, Stacks, and Syncs.
 ## They allow these Resources to clone private repositories.
 ## They cannot be configured on the environment.
 ## configure git providers
 # [[git_provider]]
 # domain = "github.com"
 # accounts = [
 # 	{ username = "mbecker20", token = "access_token_for_account" },
 # 	{ username = "moghtech", token = "access_token_for_other_account" },
 # ]
 # [[git_provider]]
 # domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
 # accounts = [
 # 	{ username = "mbecker20", token = "access_token_for_account" },
 # ]
 # [[git_provider]]
 # domain = "localhost:8000" # use a custom provider, like self-hosted gitea
 # https = false # use http://localhost:8000 as base-url for clone
 # accounts = [
 # 	{ username = "mbecker20", token = "access_token_for_account" },
 # ]
 ######################
 # REGISTRY PROVIDERS #
 ######################
 ## These will be available to attach to Builds and Stacks.
 ## They allow these Resources to pull private images.
 ## They cannot be configured on the environment.
 ## configure docker registries
 # [[docker_registry]]
 # domain = "docker.io"
 # accounts = [
 # 	{ username = "mbecker2020", token = "access_token_for_account" }
 # ]
 # organizations = ["DockerhubOrganization"]
 [[gitea_rinoa]]
 domain = "git.trez.wtf"
 accounts = [
 	{ username = "gitea-sonarqube-bot", token = "594a3a9611bdb508bd6a3575e2ddb3ac4922a4da" }
 ]
 [[gitea_rinoa_local]]
 domain = "http://gitea:3000"
 accounts = [
 	{ username = "gitea-sonarqube-bot", token = "594a3a9611bdb508bd6a3575e2ddb3ac4922a4da" }
 ]
 # [[docker_registry]]
 # domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
 # accounts = [
 # 	{ username = "mbecker20", token = "access_token_for_account" },
 # ]
 # organizations = ["Mogh"] # These become available in the UI
 ###########
 # SECRETS #
 ###########
 ## Provide Core based secrets.
 ## These will be available to interpolate into your Deployment / Stack environments,
 ## and will be hidden in the UI and logs.
 ## These are available to use on any Periphery (Server),
 ## but you can also limit access more by placing them in a single Periphery's config file instead.
 ## These cannot be configured in the Komodo Core environment, they must be passed in the file.
 # [secrets]
 # SECRET_1 = "value_1"
 # SECRET_2 = "value_2"
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <BindAddress>*</BindAddress>
  <Port>8686</Port>
  <SslPort>6868</SslPort>
  <EnableSsl>False</EnableSsl>
  <LaunchBrowser>True</LaunchBrowser>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <Branch>master</Branch>
  <LogLevel>trace</LogLevel>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <UrlBase></UrlBase>
  <InstanceName>Lidarr</InstanceName>
  <UpdateMechanism>Docker</UpdateMechanism>
  <Theme>auto</Theme>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
 </Config>
@@ -0,0 +1,25 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "lidarr_address": "http://lidarr:8686",
    "lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}",
    "spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
    "root_folder_path": "/data/media/music",
    "spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
    "spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
    "fallback_to_top_result": false,
    "lidarr_api_timeout": 120.0,
    "quality_profile_id": 1,
    "metadata_profile_id": 1,
    "search_for_missing_albums": false,
    "dry_run_adding_to_lidarr": true,
    "app_name": "lidify",
    "app_rev": "0.09",
    "app_url": "lidify.trez.wtf",
    "last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
    "last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
    "mode": "LastFM",
    "auto_start": false,
    "auto_start_delay": 60
 }
@@ -0,0 +1,63 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "sourceDefaults": {
      "maxPollRetries": 0,          // optional, default # of automatic polling restarts on error. can be overridden by property in individual config
      "maxRequestRetries": 1,       // optional, default # of http request retries a source can make before error is thrown. can be overridden by property in individual config
      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
    },
    "clientDefaults": {
      "maxRequestRetries": 1,       // optional, default # of http request retries a client can make before error is thrown. can be overridden by property in individual config
      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
    },
    "clients": [
        {
            "name": "Last.fm Client",
            "enable": true,
            "configureAs": "client",
            "data": {
            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
            "redirectUri": "http://localhost:9078/lastfm/callback"
            }
        },
        {
            "name": "Last.fm Source",
            "enable": true,
            "configureAs": "source",
            "data": {
            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
            "redirectUri": "http://localhost:9078/lastfm/callback"
            }
        },
        {
            "name": "Maloja",
            "enable": true,
            "data": {
            "url": "http://maloja:42010",
            "apiKey": "myMalojaKey"
            }
        },
        {
          "name": "ListenBrainz Client",
          "enable": true,
          "configureAs": "client",
          "data": {
            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
            "username": "Trez.One"
          }
        },
        {
          "name": "ListenBrainz Source",
          "enable": true,
          "configureAs": "source",
          "data": {
            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
            "username": "Trez.One"
          }
        }
      ]
  }
 }
@@ -0,0 +1,11 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <clickhouse>
    <profiles>
        <default>
            <log_queries>0</log_queries>
            <log_query_threads>0</log_query_threads>
        </default>
    </profiles>
 </clickhouse>
@@ -0,0 +1,59 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 version: 2
 postal:
  web_hostname: post.trez.wtf
  web_protocol: http
  smtp_hostname: post.trez.wtf
  use_ip_pools: false
  signing_key_path: /config/signing.key
  trusted_proxies: [ "172.18.0.0/16" ]
 web_server:
  default_port: 5000
  default_bind_address: 0.0.0.0
 main_db:
  host: mariadb
  username: postal
  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
  database: postal
 message_db:
  host: mariadb
  username: postal
  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
  prefix: postal
 smtp_server:
  default_port: 25
  default_bind_address: "::"
 dns:
  # Specify the DNS records that you have configured. Refer to the documentation at
  # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
  # information about these.
  mx_records:
    - mx.post.trez.wtf
  spf_include: spf.post.trez.wtf
  return_path_domain: rp.post.trez.wtf
  route_domain: routes.post.trez.wtf
  track_domain: track.post.trez.wtf
 smtp:
  # Specify an SMTP server that can be used to send messages from the Postal management
  # system to users. You can configure this to use a Postal mail server once the
  # your installation has been set up.
  host: postal-smtp
  port: 25
  username: rinoa/postal-smtp
  password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
  from_name: Postal @ Rinoa
  from_address: noreply@trez.wtf
 rails:
  # This is generated automatically by the config initialization. It should be a random
  # string unique to your installation.
  secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <BindAddress>*</BindAddress>
  <Port>9696</Port>
  <SslPort>6969</SslPort>
  <EnableSsl>False</EnableSsl>
  <LaunchBrowser>True</LaunchBrowser>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
  <Branch>master</Branch>
  <LogLevel>info</LogLevel>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <UrlBase></UrlBase>
  <InstanceName>Prowlarr</InstanceName>
  <UpdateMechanism>Docker</UpdateMechanism>
  <Theme>light</Theme>
 </Config>
@@ -0,0 +1,20 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "radarr_address": "http://radarr:7878",
    "radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}",
    "root_folder_path": "/data/media/movies",
    "tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
    "fallback_to_top_result": false,
    "radarr_api_timeout": 120.0,
    "quality_profile_id": 1,
    "metadata_profile_id": 1,
    "search_for_movie": true,
    "dry_run_adding_to_radarr": false,
    "minimum_rating": 4.5,
    "minimum_votes": 50,
    "language_choice": "all",
    "auto_start": true,
    "auto_start_delay": 60.0
 }
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <LogLevel>info</LogLevel>
  <BindAddress>*</BindAddress>
  <EnableSsl>False</EnableSsl>
  <SslCertPath></SslCertPath>
  <Port>7878</Port>
  <UrlBase></UrlBase>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <UpdateMechanism>Docker</UpdateMechanism>
  <SslPort>9898</SslPort>
  <LaunchBrowser>True</LaunchBrowser>
  <Branch>master</Branch>
  <SslCertPassword></SslCertPassword>
  <InstanceName>Radarr</InstanceName>
  <Theme>auto</Theme>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
 </Config>
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <BindAddress>*</BindAddress>
  <Port>8787</Port>
  <SslPort>6868</SslPort>
  <EnableSsl>False</EnableSsl>
  <LaunchBrowser>True</LaunchBrowser>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <Branch>develop</Branch>
  <LogLevel>info</LogLevel>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <UrlBase></UrlBase>
  <InstanceName>Readarr</InstanceName>
  <UpdateMechanism>Docker</UpdateMechanism>
  <Theme>auto</Theme>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
 </Config>
@@ -0,0 +1,482 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 __version__ = 19
 __encoding__ = utf-8
 [misc]
 pre_script = None
 queue_complete = ""
 queue_complete_pers = 0
 bandwidth_perc = 0
 refresh_rate = 1
 queue_limit = 20
 config_lock = 0
 sched_converted = 2
 notified_new_skin = 2
 direct_unpack_tested = 1
 check_new_rel = 1
 auto_browser = 0
 language = en
 enable_https_verification = 1
 host = 0.0.0.0
 port = 8080
 https_port = 8090
 username = thetrezuredone
 password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_PASSWORD'] }}
 bandwidth_max = 1000M
 cache_limit = 1G
 web_dir = Glitter
 web_color = Auto
 https_cert = server.cert
 https_key = server.key
 https_chain = ""
 enable_https = 1
 inet_exposure = 0
 local_ranges = ,
 api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_API_KEY'] }}
 nzb_key = 3c0fa874bb2748b58c1bd7512e649946
 permissions = 775
 download_dir = /storage/downloads/incomplete
 download_free = ""
 complete_dir = /storage/downloads/completed/nzb
 script_dir = ""
 nzb_backup_dir = ""
 admin_dir = admin
 dirscan_dir = /storage/downloads/watch
 dirscan_speed = 5
 password_file = ""
 log_dir = logs
 max_art_tries = 3
 load_balancing = 2
 top_only = 0
 sfv_check = 1
 quick_check_ext_ignore = nfo, sfv, srr
 script_can_fail = 0
 ssl_ciphers = ""
 enable_recursive = 1
 flat_unpack = 0
 par_option = ""
 pre_check = 1
 nice = ""
 win_process_prio = 3
 ionice = ""
 fail_hopeless_jobs = 1
 fast_fail = 1
 auto_disconnect = 1
 no_dupes = 3
 no_series_dupes = 0
 series_propercheck = 1
 pause_on_pwrar = 2
 ignore_samples = 1
 deobfuscate_final_filenames = 0
 auto_sort = ""
 direct_unpack = 1
 direct_unpack_threads = 3
 propagation_delay = 0
 folder_rename = 1
 replace_spaces = 1
 replace_dots = 1
 safe_postproc = 1
 pause_on_post_processing = 0
 sanitize_safe = 0
 cleanup_list = ,
 unwanted_extensions = ,
 action_on_unwanted_extensions = 0
 new_nzb_on_failure = 1
 history_retention = ""
 enable_meta = 1
 quota_size = ""
 quota_day = ""
 quota_resume = 0
 quota_period = m
 rating_enable = 0
 rating_host = ""
 rating_api_key = ""
 rating_filter_enable = 0
 rating_filter_abort_audio = 0
 rating_filter_abort_video = 0
 rating_filter_abort_encrypted = 0
 rating_filter_abort_encrypted_confirm = 0
 rating_filter_abort_spam = 0
 rating_filter_abort_spam_confirm = 0
 rating_filter_abort_downvoted = 0
 rating_filter_abort_keywords = ""
 rating_filter_pause_audio = 0
 rating_filter_pause_video = 0
 rating_filter_pause_encrypted = 0
 rating_filter_pause_encrypted_confirm = 0
 rating_filter_pause_spam = 0
 rating_filter_pause_spam_confirm = 0
 rating_filter_pause_downvoted = 0
 rating_filter_pause_keywords = ""
 enable_tv_sorting = 1
 tv_sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
 tv_sort_countries = 1
 tv_categories = tv,
 enable_movie_sorting = 0
 movie_sort_string = ""
 movie_sort_extra = -cd%1
 movie_extra_folder = 0
 movie_categories = movies,
 enable_date_sorting = 0
 date_sort_string = ""
 date_categories = tv,
 schedlines = ,
 rss_rate = 60
 ampm = 0
 replace_illegal = 1
 start_paused = 0
 enable_all_par = 1
 enable_par_cleanup = 1
 enable_unrar = 1
 enable_unzip = 1
 enable_7zip = 1
 enable_filejoin = 1
 enable_tsjoin = 1
 overwrite_files = 0
 ignore_unrar_dates = 0
 backup_for_duplicates = 1
 empty_postproc = 0
 wait_for_dfolder = 0
 rss_filenames = 0
 api_logging = 1
 html_login = 1
 osx_menu = 1
 osx_speed = 1
 warn_dupl_jobs = 1
 helpfull_warnings = 1
 keep_awake = 1
 win_menu = 1
 allow_incomplete_nzb = 0
 enable_bonjour = 1
 max_art_opt = 0
 ipv6_hosting = 0
 fixed_ports = 1
 api_warnings = 1
 disable_api_key = 0
 no_penalties = 0
 x_frame_options = 1
 require_modern_tls = 0
 num_decoders = 3
 rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/
 req_completion_rate = 100.2
 selftest_host = self-test.sabnzbd.org
 movie_rename_limit = 100M
 size_limit = 0
 show_sysload = 2
 history_limit = 10
 wait_ext_drive = 5
 max_foldername_length = 246
 nomedia_marker = ""
 ipv6_servers = 1
 url_base = /sabnzbd
 host_whitelist = rinoa, sabnzbd.trez.wtf
 max_url_retries = 10
 email_server = ""
 email_to = ,
 email_from = ""
 email_account = ""
 email_pwd = ""
 email_endjob = 0
 email_full = 0
 email_dir = ""
 email_rss = 0
 email_cats = *,
 interface_settings = '{"dateFormat":"fromNow","extraQueueColumns":["category"],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}'
 complete_free = ""
 fulldisk_autoresume = 0
 enable_broadcast = 1
 downloader_sleep_time = 10
 ssdp_broadcast_interval = 15
 unwanted_extensions_mode = 0
 process_unpacked_par2 = 1
 episode_rename_limit = 20M
 socks5_proxy_url = ""
 preserve_paused_state = 0
 helpful_warnings = 1
 allow_old_ssl_tls = 0
 num_simd_decoders = 2
 ext_rename_ignore = ,
 backup_dir = ""
 replace_underscores = 0
 tray_icon = 1
 sorters_converted = 1
 enable_season_sorting = 1
 receive_threads = 2
 switchinterval = 0.005
 end_queue_script = None
 no_smart_dupes = 1
 dupes_propercheck = 1
 enable_multipar = 1
 verify_xff_header = 0
 history_retention_option = all
 history_retention_number = 1
 ipv6_staging = 0
 disable_archive = 0
 config_conversion_version = 4
 disable_par2cmdline = 0
 [logging]
 log_level = 1
 max_log_size = 5242880
 log_backups = 5
 [ncenter]
 ncenter_enable = 0
 ncenter_cats = *,
 ncenter_prio_startup = 0
 ncenter_prio_download = 0
 ncenter_prio_pause_resume = 0
 ncenter_prio_pp = 0
 ncenter_prio_complete = 0
 ncenter_prio_failed = 0
 ncenter_prio_disk_full = 0
 ncenter_prio_new_login = 0
 ncenter_prio_warning = 0
 ncenter_prio_error = 0
 ncenter_prio_queue_done = 0
 ncenter_prio_other = 0
 [acenter]
 acenter_enable = 0
 acenter_cats = *,
 acenter_prio_startup = 0
 acenter_prio_download = 0
 acenter_prio_pause_resume = 0
 acenter_prio_pp = 0
 acenter_prio_complete = 0
 acenter_prio_failed = 0
 acenter_prio_disk_full = 0
 acenter_prio_new_login = 0
 acenter_prio_warning = 0
 acenter_prio_error = 0
 acenter_prio_queue_done = 0
 acenter_prio_other = 0
 [ntfosd]
 ntfosd_enable = 0
 ntfosd_cats = *,
 ntfosd_prio_startup = 0
 ntfosd_prio_download = 0
 ntfosd_prio_pause_resume = 0
 ntfosd_prio_pp = 0
 ntfosd_prio_complete = 0
 ntfosd_prio_failed = 0
 ntfosd_prio_disk_full = 0
 ntfosd_prio_new_login = 0
 ntfosd_prio_warning = 0
 ntfosd_prio_error = 0
 ntfosd_prio_queue_done = 0
 ntfosd_prio_other = 0
 [prowl]
 prowl_enable = 0
 prowl_cats = *,
 prowl_apikey = ""
 prowl_prio_startup = -3
 prowl_prio_download = -3
 prowl_prio_pause_resume = -3
 prowl_prio_pp = -3
 prowl_prio_complete = 0
 prowl_prio_failed = 1
 prowl_prio_disk_full = 1
 prowl_prio_new_login = -3
 prowl_prio_warning = -3
 prowl_prio_error = -3
 prowl_prio_queue_done = 0
 prowl_prio_other = -3
 [pushover]
 pushover_token = ""
 pushover_userkey = ""
 pushover_device = ""
 pushover_emergency_expire = 3600
 pushover_emergency_retry = 60
 pushover_enable = 0
 pushover_cats = *,
 pushover_prio_startup = -3
 pushover_prio_download = -2
 pushover_prio_pause_resume = -2
 pushover_prio_pp = -3
 pushover_prio_complete = -1
 pushover_prio_failed = -1
 pushover_prio_disk_full = 1
 pushover_prio_new_login = -3
 pushover_prio_warning = 1
 pushover_prio_error = 1
 pushover_prio_queue_done = -1
 pushover_prio_other = -3
 [pushbullet]
 pushbullet_enable = 0
 pushbullet_cats = *,
 pushbullet_apikey = ""
 pushbullet_device = ""
 pushbullet_prio_startup = 0
 pushbullet_prio_download = 0
 pushbullet_prio_pause_resume = 0
 pushbullet_prio_pp = 0
 pushbullet_prio_complete = 1
 pushbullet_prio_failed = 1
 pushbullet_prio_disk_full = 1
 pushbullet_prio_new_login = 0
 pushbullet_prio_warning = 0
 pushbullet_prio_error = 0
 pushbullet_prio_queue_done = 0
 pushbullet_prio_other = 0
 [nscript]
 nscript_enable = 0
 nscript_cats = *,
 nscript_script = None
 nscript_parameters = ""
 nscript_prio_startup = 1
 nscript_prio_download = 0
 nscript_prio_pause_resume = 0
 nscript_prio_pp = 0
 nscript_prio_complete = 1
 nscript_prio_failed = 1
 nscript_prio_disk_full = 1
 nscript_prio_new_login = 0
 nscript_prio_warning = 0
 nscript_prio_error = 0
 nscript_prio_queue_done = 1
 nscript_prio_other = 0
 [servers]
 [[news.newshosting.com]]
 name = news.newshosting.com
 displayname = Newshosting
 host = news.newshosting.com
 port = 563
 timeout = 60
 username = thetrezuredone
 password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_PASSWORD'] }}
 connections = 8
 ssl = 1
 ssl_verify = 3
 ssl_ciphers = ""
 enable = 1
 required = 0
 optional = 0
 retention = 0
 expire_date = ""
 quota = ""
 usage_at_start = 0
 priority = 0
 notes = ""
 [[news.easynews.com]]
 name = news.easynews.com
 displayname = EasyNews
 host = news.easynews.com
 port = 443
 timeout = 60
 username = TrezOne
 password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
 connections = 60
 ssl = 0
 ssl_verify = 3
 ssl_ciphers = ""
 enable = 1
 required = 0
 optional = 0
 retention = 0
 expire_date = ""
 quota = ""
 usage_at_start = 0
 priority = 0
 notes = ""
 [categories]
 [[software]]
 name = software
 order = 0
 pp = ""
 script = Default
 dir = ""
 newzbin = ""
 priority = -100
 [[*]]
 name = *
 order = 0
 pp = 3
 script = Default
 dir = ""
 newzbin = ""
 priority = 0
 [[tv]]
 name = tv
 order = 0
 pp = ""
 script = Default
 dir = tv
 newzbin = ""
 priority = -100
 [[audio]]
 name = audio
 order = 0
 pp = 2
 script = Default
 dir = music
 newzbin = ""
 priority = 1
 [[movies]]
 name = movies
 order = 0
 pp = ""
 script = Default
 dir = movies
 newzbin = ""
 priority = -100
 [[ebook]]
 name = ebook
 order = 0
 pp = 2
 script = Default
 dir = ebooks
 newzbin = ""
 priority = -100
 [[prowlarr]]
 name = prowlarr
 order = 0
 pp = ""
 script = Default
 dir = ""
 newzbin = ""
 priority = -1
 [[sonarr]]
 name = sonarr
 order = 1
 pp = ""
 script = Default
 dir = tv
 newzbin = ""
 priority = -100
 [sorters]
 [[Series Sorting]]
 name = Series Sorting
 order = 0
 min_size = 20M
 multipart_label = ""
 sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
 sort_cats = tv,
 sort_type = 1,
 is_active = 1
 [apprise]
 apprise_enable = 1
 apprise_cats = *,
 apprise_urls = apprise://apprise:8000/aef1ab3765b857585e13340f1f5f879b2babcc47b0eccead98a19e0a93fe1a35
 apprise_target_startup = ""
 apprise_target_startup_enable = 0
 apprise_target_download = ""
 apprise_target_download_enable = 0
 apprise_target_pause_resume = ""
 apprise_target_pause_resume_enable = 1
 apprise_target_pp = ""
 apprise_target_pp_enable = 0
 apprise_target_complete = ""
 apprise_target_complete_enable = 1
 apprise_target_failed = ""
 apprise_target_failed_enable = 1
 apprise_target_disk_full = ""
 apprise_target_disk_full_enable = 0
 apprise_target_new_login = ""
 apprise_target_new_login_enable = 1
 apprise_target_warning = ""
 apprise_target_warning_enable = 1
 apprise_target_error = ""
 apprise_target_error_enable = 1
 apprise_target_queue_done = ""
 apprise_target_queue_done_enable = 0
 apprise_target_other = ""
 apprise_target_other_enable = 1
@@ -0,0 +1,7 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 bolt-path: /opt/scrutiny/influxdb/influxd.bolt
 engine-path: /opt/scrutiny/influxdb/engine
 http-bind-address: ":8086"
 reporting-disabled: true
@@ -0,0 +1,49 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 [uwsgi]
 # Who will run the code
 uid = searxng
 gid = searxng
 # Number of workers (usually CPU count)
 workers = %k
 threads = 4
 # The right granted on the created socket
 chmod-socket = 666
 # Plugin to use and interpreter config
 single-interpreter = true
 master = true
 plugin = python3
 lazy-apps = true
 enable-threads = 4
 # Module to import
 module = searx.webapp
 # Virtualenv and python path
 pythonpath = /usr/local/searxng/
 chdir = /usr/local/searxng/searx/
 # automatically set processes name to something meaningful
 auto-procname = true
 # Disable request logging for privacy
 disable-logging = true
 log-5xx = true
 # Set the max size of a request (request-body excluded)
 buffer-size = 8192
 # No keep alive
 # See https://github.com/searx/searx-docker/issues/24
 add-header = Connection: close
 # uwsgi serves the static files
 static-map = /static=/usr/local/searxng/searx/static
 # expires set to one day
 static-expires = /* 86400
 static-gzip-all = True
 offload-threads = 4
@@ -0,0 +1,22 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = rinoa-docker/env %}
 <Config>
  <LogLevel>info</LogLevel>
  <EnableSsl>False</EnableSsl>
  <Port>8989</Port>
  <SslPort>9898</SslPort>
  <UrlBase></UrlBase>
  <BindAddress>*</BindAddress>
  <ApiKey>386baee1c0e741bea4a91f1f39c57f68</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <UpdateMechanism>Docker</UpdateMechanism>
  <LaunchBrowser>True</LaunchBrowser>
  <Branch>main</Branch>
  <InstanceName>Sonarr</InstanceName>
  <SyslogPort>514</SyslogPort>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <Theme>auto</Theme>
 </Config>
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "sonarr_address": "http://192.168.1.2:8989",
    "sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}",
    "root_folder_path": "/data/media/shows",
    "tvdb_api_key": "",
    "tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
    "fallback_to_top_result": false,
    "sonarr_api_timeout": 120.0,
    "quality_profile_id": 1,
    "metadata_profile_id": 1,
    "search_for_missing_episodes": true,
    "dry_run_adding_to_sonarr": false,
    "minimum_rating": 4.5,
    "minimum_votes": 50,
    "language_choice": "all",
    "auto_start": true,
    "auto_start_delay": 60.0
 }
@@ -0,0 +1,238 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # debug: false
 # remote_configuration: false
 # remote_file_management: false
 # instance_name: default
 # flags:
 #   no_logo: false
 #   no_start: false
 #   no_config_watch: false
 #   no_connect: false
 #   no_share_scan: false
 #   force_share_scan: false
 #   no_version_check: false
 #   log_sql: false
 #   experimental: false
 #   volatile: false
 #   case_sensitive_reg_ex: false
 #   legacy_windows_tcp_keepalive: false
 # relay:
 #   enabled: false
 #   mode: controller # controller (default), agent, or debug (for local development)
 #   # controller config is required when running in 'agent' mode
 #   # this specifies the relay controller that will be controlling this agent
 #   controller:
 #     address: https://some.site.com:5000
 #     ignore_certificate_errors: false
 #     api_key: <a 16-255 character string corresponding to one of the controller's 'readwrite' or 'administrator' API keys>
 #     secret: <a 16-255 character shared secret matching the controller's config for this agent>
 #     downloads: false
 #   # agent config is optional when running in 'controller' mode
 #   # this specifies all of the agents capable of connecting
 #   agents:
 #     my_agent:
 #       instance_name: my_agent # make sure the top-level instance_name of the agent matches!
 #       secret: <a 16-255 character string unique to this agent>
 #       cidr: 0.0.0.0/0,::/0
 # permissions:
 #   file:
 #     mode: ~ # not for Windows, chmod syntax, e.g. 644, 777. can't escalate beyond umask
 # directories:
 #   incomplete: ~
 #   downloads: ~
 # shares:
 #   directories:
 #     - ~
 #   filters:
 #     - \.ini$
 #     - Thumbs.db$
 #     - \.DS_Store$
 #   cache:
 #     storage_mode: memory
 #     workers: 16
 #     retention: ~ # retain indefinitely (do not automatically re-scan)
 # rooms:
 #   - ~
 # global:
 #   upload:
 #     slots: 20
 #     speed_limit: 1000 # in kibibytes
 #   limits:
 #     queued:
 #       files: 500
 #       megabytes: 5000
 #     daily:
 #       files: 1000
 #       megabytes: 10000
 #       failures: 200
 #     weekly:
 #       files: 5000
 #       megabytes: 50000
 #       failures: 1000
 #   download:
 #     slots: 500
 #     speed_limit: 1000
 # groups:
 #   default:
 #     upload:
 #       priority: 500
 #       strategy: roundrobin
 #       slots: 10
 #     limits:
 #       queued:
 #         files: 150
 #         megabytes: 1500
 #       daily: ~ # no daily limits (weekly still apply)
 #       weekly:
 #         files: 1500
 #         megabytes: 15000
 #         failures: 150
 #   leechers:
 #     thresholds:
 #       files: 1
 #       directories: 1
 #     upload:
 #       priority: 999
 #       strategy: roundrobin
 #       slots: 1
 #       speed_limit: 100
 #     limits:
 #       queued:
 #         files: 15
 #         megabytes: 150
 #       daily:
 #         files: 30
 #         megabytes: 300
 #         failures: 10
 #       weekly:
 #         files: 150
 #         megabytes: 1500
 #         failures: 30
 #   blacklisted:
 #     members:
 #       - <username to blacklist>
 #     cidrs:
 #       - <CIDR to blacklist, e.g. 255.255.255.255/32>
 #   user_defined:
 #     my_buddies:
 #       upload:
 #         priority: 250
 #         strategy: firstinfirstout
 #         slots: 10
 #       limits:
 #         queued:
 #           files: 1000 # override global default
 #       members:
 #         - alice
 #         - bob
 # blacklist:
 #   enabled: true
 #   file: <path to file containing CIDRs to blacklist>
 # filters:
 #   search:
 #     request:
 #       - ^.{1,2}$
 # web:
 #   port: 5030
 #   https:
 #     disabled: false
 #     port: 5031
 #     force: false
 #     certificate:
 #       pfx: ~
 #       password: ~
 #   url_base: /
 #   content_path: wwwroot
 #   logging: false
 #   authentication:
 #     disabled: false
 #     username: slskd
 #     password: slskd
 #     jwt:
 #       key: ~
 #       ttl: 604800000
 #     api_keys:
 #       my_api_key:
 #         key: <some example string between 16 and 255 characters>
 #         role: readonly # readonly, readwrite, administrator
 #         cidr: 0.0.0.0/0,::/0
 # retention:
 #   transfers:
 #     upload:
 #       succeeded: 1440 # 1 day
 #       errored: 30
 #       cancelled: 5
 #     download:
 #       succeeded: 1440 # 1 day
 #       errored: 20160 # 2 weeks 
 #       cancelled: 5
 #   files:
 #     complete: 20160 # 2 weeks
 #     incomplete: 43200 # 30 days
 #   logs: 259200 # 180 days
 # logger:
 #   disk: false
 #   no_color: false
 #   loki: ~
 # metrics:
 #   enabled: false
 #   url: /metrics
 #   authentication:
 #     disabled: false
 #     username: slskd
 #     password: slskd
 # feature:
 #   swagger: false
 # soulseek:
 #   address: vps.slsknet.org
 #   port: 2271
 #   username: ~
 #   password: ~
 #   description: |
 #     A slskd user. https://github.com/slskd/slskd
 #   listen_ip_address: 0.0.0.0
 #   listen_port: 50300
 #   diagnostic_level: Info
 #   distributed_network:
 #     disabled: false
 #     disable_children: false
 #     child_limit: 25
 #     logging: false
 #   connection:
 #     timeout:
 #       connect: 10000
 #       inactivity: 15000
 #     buffer:
 #       read: 16384
 #       write: 16384
 #       transfer: 262144
 #       write_queue: 250
 #     proxy:
 #       enabled: false
 #       address: ~
 #       port: ~
 #       username: ~
 #       password: ~
 # integration:
 #   ftp:
 #     enabled: false
 #     address: ~
 #     port: ~
 #     username: ~
 #     password: ~
 #     remote_path: /
 #     encryption_mode: auto
 #     ignore_certificate_errors: false
 #     overwrite_existing: true
 #     connection_timeout: 5000
 #     retry_attempts: 3
 #   pushbullet:
 #     enabled: false
 #     access_token: ~
 #     notification_prefix: "From slskd:"
 #     notify_on_private_message: true
 #     notify_on_room_mention: true
 #     retry_attempts: 3
 #     cooldown_time: 900000
@@ -0,0 +1,29 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <?xml version='1.0' encoding='UTF-8'?>
 <!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
 <properties>
    <entry key='config.default'>./conf/default.xml</entry>
    <!--
    This is the main configuration file. All your configuration parameters should be placed in this file.
    Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
    with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
    remove "config.default" parameter from this file unless you know what you are doing.
    For list of available parameters see following page: https://www.traccar.org/configuration-file/
    -->
    <entry key='database.driver'>org.postgresql.Driver</entry>
    <entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
    <entry key='database.user'>traccar</entry>
    <entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry>
 </properties>
@@ -0,0 +1,29 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "always_keep_failed_tasks": true,
    "auto_manage_completed_tasks": false,
    "cache_path": "/tmp/unmanic",
    "clear_pending_tasks_on_restart": false,
    "concurrent_file_testers": 2,
    "config_path": "/config/.unmanic/config",
    "debugging": false,
    "distributed_worker_count_target": 0,
    "enable_library_scanner": false,
    "first_run": false,
    "follow_symlinks": true,
    "installation_name": "Unmanic @ Rinoa",
    "library_path": "/library",
    "log_path": "/config/.unmanic/logs",
    "max_age_of_completed_tasks": 91,
    "number_of_workers": null,
    "plugins_path": "/config/.unmanic/plugins",
    "release_notes_viewed": "0.2.8",
    "remote_installations": [],
    "run_full_scan_on_start": false,
    "schedule_full_scan_minutes": 1440,
    "ui_port": 8888,
    "userdata_path": "/config/.unmanic/userdata",
    "worker_event_schedules": null
 }
@@ -0,0 +1,19 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh.indexer
      ip: wazuh.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.manager
      ip: wazuh.manager
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
@@ -0,0 +1,33 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 http.port: 9200-9299
 transport.tcp.port: 9300-9399
 compatibility.override_main_response_version: true
 plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
 plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false
@@ -0,0 +1,10 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 hosts:
  - 1513629884013:
      url: "https://wazuh.manager"
      port: 55000
      username: wazuh-wui
      password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}
      run_as: false
@@ -0,0 +1,19 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ydl_server:   # youtube-dl-server specific settings
  port: 8080      # Port youtube-dl-server should listen on
  host: 0.0.0.0   # IP youtube-dl-server should bind to
  debug: False    # Enable/Disable debug mode
  metadata_db_path: '/youtube-dl/.ydl-metadata.db' # Path to metadata DB
  output_playlist: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # Playlist output directory template
  update_poll_delay_min: 1440 # Automatically check for updates every 24h
  max_log_entries: 100 # Maximum number of job log history to keep
  forwarded_allow_ips: None # uvicorn Comma seperated list of IPs to trust with proxy headers.
  proxy_headers: True # uvicorn flag Enable/Disable X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Port to populate remote address info.
 ydl_options:  # youtube-dl options
  output: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # output directory template
  cache-dir: '/youtube-dl/.cache' # youtube-dl cache directory
  ignore-errors: True # instruct youtube-dl to skip errors
  age-limit: 6 # minimal age requirement / parental control setting
@@ -0,0 +1,43 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
 Log:
  Level: 'debug'
 # Make ZITADEL accessible over HTTPs, not HTTP
 ExternalSecure: true
 ExternalDomain: 'id.trez.wtf'
 ExternalPort: 443
 # If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
 Database:
  postgres:
    Host: 'zitadel-pg-db'
    Port: 5432
    Database: zitadel
    User:
      SSL:
        Mode: 'disable'
    Admin:
      SSL:
        Mode: 'disable'
 DefaultInstance:
  DomainPolicy:
    UserLoginMustBeDomain: false
 LogStore:
  Access:
    Stdout:
      Enabled: true
 SMTPConfiguration:
    # Configuration of the host
    SMTP:
      # must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
      Host: 'postal-smtp:25'
      User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
    From: 'noreply@trez.wtf'
    FromName: 'Zitadel @ Rinoa'
@@ -0,0 +1,13 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
 FirstInstance:
  Org:
    Human:
      # use the loginname root@my-org.my.domain
      Username: 'root'
      Password: 'RootPassword1!'
      Email:
        Address: 'charish.patel@trez.wtf'
        Verified: true
@@ -0,0 +1,13 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
 Database:
  postgres:
    User:
      # If the user doesn't exist already, it is created
      Username: 'zitadel'
      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }}
    Admin:
      Username: 'root'
      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }}
@@ -0,0 +1,4 @@
 ---
 collections:
  - name: community.hashi_vault
    version: 6.2.0
@@ -0,0 +1,20 @@
 ---
 - name: Deploy config templates and trigger GitHub workflow
  hosts: rinoa
  vars:
    appdata_base_path: "~/.docker/config/appdata"
  tasks:
    - name: Ensure target directories exist
      ansible.builtin.file:
        path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
        state: directory
        mode: '0755'
      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
    - name: Deploy configuration templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
        mode: '0644'
      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
@@ -0,0 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  66373236656261373330343233616231386539616566613864306436613635323533336365383232
  6636653139393566643265303135343864363632393035380a643566373137316363626438356431
  64653237313866316537326565386164373564353166346334663638636531353337303937346466
  3539366634393337620a653133336530333963343638643934303336653935363932643665353234
  63343565663632633563396131346139666236313863663332386131633831633566373366613738
  63343634313539336534666632313736343338623538303434316230383764643432646663356238
  61373132633062346436363036333533623931313037306633616662623032616137613734343638
  63633031616161623437623935346366636433653435646333313638376161663237323130636433
  31383031646666626163323966393738386233346137326231366263316532343563
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"
@@ -0,0 +1,12 @@
 ansible_host: 192.168.1.254
 ansible_python_interpreter: /usr/bin/python3
 ansible_ssh_port: 22
 ansible_ssh_user: charish
 ansible_ssh_pass: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        38346631616139316365316566386362396661323163306339303635646331373061323531626431
        3435373031363739356261656239633835393963636663370a613166653463656337666366633639
        37373637326633363430633336646165343764303063663636313835326130663532323037663331
        6332353339656134370a353435396532663932313535646636333262353238386331313764633635
        63383065623930653134666261353439366535646661383434386261393232373432353937636535
        3432336137393737643735346665303832653630316439333565
@@ -0,0 +1,12 @@
 ---
 all:
  hosts:
    benedikta:
      ansible_host: 192.168.1.241
      ansible_user: charish
    rikku:
      ansible_host: 192.168.1.253
      ansible_user: pi
    rinoa:
      ansible_host: 192.168.1.254
      ansible_user: charish
@@ -0,0 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
 65353131326537376561616630666531353731653835306564323565383332653437633533313932
 6239663065306339366536326432323534303364663862350a353034623936363066303164333434
 32666331326332363463383234316136323031626330366132643034376439616339396662636236
 3633393039376438630a326138653031656465373966356564336463643465613638313838393166
 36626366356266636535613862333631386231626134376264363731353264613261633037646662
 6431393837653564366531316332616232336365636533643036
@@ -0,0 +1,135 @@
 $ANSIBLE_VAULT;1.1;AES256
 61353462613766353733306330373236633138333538613634653533316430363930633630626631
 3035333733316133643133356134366366343337363032330a316536353561643436373536336563
 61343566373439376138393533313064313537343831386536623632353262386566633464633661
 6161396538323162310a333866383339393535303236633162303038343134623965646331653262
 35633466383131646465393338313036393164323865353366316366313263303735616539386334
 38666262373336326431306236633662666335303135633965326131663437356565613632636436
 32636362393939336636376363666461653563356431316161306631633634376132623636396461
 61353138323062333937313033313230343136343733303339386362616161383564653363383531
 34646463666166326131626361653666626633366535356534396239613838373063613136303034
 31623363633436303238646233363431343933393534346635383362336361323633396430366561
 30323035613132323634656531353831613961646534306636346466623932383637303830396239
 63646361386263316662393533336536396462623930646466393632363166353234383632313930
 31633030303961343830346334613765333039653734313733396533326434383838626537656564
 66646464616566356533653939333330376339666234656137336361633263396165323963343938
 32313261353237636233343238366334306665353333643933376130336331323132393037663461
 35653132333935636132666363333033396630643466303933393434646432336166633461386263
 66316433663831623730303838343566633237363832353933333063356661353564306461383662
 64646530336662346633616335313064663135613439653663653434623931303333613639356633
 64613639653065613962373233656663366462343663623964313338356462336239373830623466
 31316164346437333331336335613336333935323961353335313635636230386339363262616266
 30316533313664623966323230373137653533626563376638386430613465663937343939626661
 65663031663931383465366663383936343338383937356463623431656633653363363137336261
 31663762643132386461333732613330636433326139663133633462343435353065313431663834
 65616232353539653632393337653863346638316233656636383735386265343434613139636230
 62653232653430356539663334653134663536336136343133666461396232303038343934376463
 62623262356638663538343862376365333235366137383535643431353837303762306637653939
 35333130346237353432616130353261386237666366306436353439396630646430343739323330
 35373664656465626538313139383462356435396631343666623437343933393938666464383834
 36613363663534613566633434643466666365396238363837326362646430353034653133616438
 61336233663332336333643564663336333935343266353265376664666135396530656639623338
 34313462333563636564366330636464656263663236303437366564363439646430356338373337
 32353435313164323636336537386437656439306231656139633234303363623363303937383464
 38663736656663316334303937626264666138643434623736336630353663373035363938373630
 36303933613766613763646638316365306539373332623731373363643261373931393733323038
 61303966373733623362353963346433653931303334313664636531313531373932313465326162
 35366136386236613930663037353765393464366234303165636635393763363433316466363438
 33396334623764356362393035626631666363646433356561333633313837303438333734313836
 38343935626334313063316639356436303331643535633230653439326332386432333831336131
 36633732636537353936663838393937326135623261663565323963393335616665323233336435
 62663662303138643239313061323233316262333362323266333739333564316431303964643033
 62313134613031363063333731653634393363356238313463343066636234356239303139313065
 37346532383133323932323164626663663437313166343235653962383162383138373165663865
 61363237323662616634626137393934396131303934623865363133313863396635353964613863
 61376431663134303863663764353238626131623138623030363734366233613637623932356235
 32343664346566383939353137343434316532393639326435616365326565393736663163303861
 37316461303237333861306465613537626337396532356163356235626563356137316330613134
 65636131663633633936613736326338643133336636316461316335653062666631363933323465
 37656564396161363637363238373635626565373334626539633634336561643364316331633132
 32643431616432616562343538366638663238376332666566343237626539336534663162643062
 37376434363661323137356130623135346430633235643530356366343461326534656562363262
 61653365326363366336363933326232373363626430353561646339376236333639346130383537
 64323832323762353964346434313236613436643762306636666134373730646633313032346136
 37636564633365653234373034303933333864636139666132386665666430663136393939626332
 39343234363032646266323862663937626438623237313865656632306666373663633734353132
 33646531333363313031666565653662333039653866633563626564666434356364396530666532
 36326566663138663031616635366134666364656639313265643662633861353030373132306565
 34366665366562623230393066643538396337653361346130326630326338363937353834333664
 64343633373866333562313535386131323336643336376666663836343265306563356466636630
 65363239333937386161616638393464613339316261313764636535326137663861386330353464
 31653232313930663465663036336232306666363865646231643865316366303561303662383730
 38653566356331613430613462643235366636313961373535366639353565623836336637363233
 35333334613566326637633161346638663136666465356461383765663237623631663138613034
 63633766313032363366633838666131303335656139373661316333326661326238366138343435
 39363861393064333532666330313764316539636364393138613939366536653830653932326638
 63303338333934353536646637333065386532383239643933366438616234353839646533336236
 30633465353730653531663333356636393334616534616635333563363136306233323236653266
 39626434363862656465336364333737623461346231613139373031326531396633366432386561
 63363631376634373862646138363565366533636330623366393530306135363261333433303961
 31366362333263636265386434333566616264666562323762666133646139356364626563343663
 31313834303737356638393065336134323762663265623662333061626239393133363465663537
 37633436356631643465313665646365336134653436633762653430326263623230663335633531
 65313532616430616162386265333336323134393831613663386238383936376665346164646239
 65353362626336373661373364313034313533646132623638623063353937313337313539353134
 62623733363339386465633063306465333632353435363532316263303839343231643235313862
 65346137613863353364383430616465643435356162373731323035623431643639396162646139
 31376430386661303164366365653838636662373762623330306534376231313938633837353663
 30333661303961363434313166323933613131366162623466306133333032353035343836646631
 37336232386364663533313261376230336539303933353339323865363962303733316365316438
 30636235393735396637353331623532376534636465666234373231313039323638366631633234
 61353231666565373764663235313130303365613630393661653434383738333066663961366165
 37323334643932626136636631373761393537343764663931646261613361313261373462386430
 65623634303030366230373165623434316461656661336261626335653031633664336265633431
 63646534616438326139353030336236303734616365383166343537393732623930316235616330
 38366430633062313431396633626665376234626663336534643632616139373566303835303564
 32326363393535663137616430616233663463636133363231663739336264663862613832313663
 66343839323861646635666331613236356336316361376162323964313663393030633332313662
 63323634363435346536663637363935323266346639366161643535313031663261633865313936
 34643163323861663432393330663763346138343930313639613139376138376263323232656631
 66623065326336323631313564666430363836386439396533393665396233323465646636643532
 39666364643933643363666164633931333635313233323365373135363833663964333430653338
 39643961626336376539653461643263626635383662323965363233623435386630653464303938
 64633536386535363031333063353633643632666134323464336166653533396437316566373732
 38366465646165313563396363656266653233393965623036623533623638643166356131623338
 31393863346564303865336430376462333831623339653935353664376166636665626637313031
 33353166366634656333663461353631633837663934333737393366373364663833313230333735
 62333333353361653533643233613464616664633736613138636666613932613061666230373565
 37643634376363373031643731366262303733313534303661326462366632656163393532666265
 66383061363336343837373831326135383430383831366563376165303661663732323437623134
 66633763313336376262376233363862663132356164313336393566313062386231633635653332
 65616335343738663565623161383730643735323937316535653032633032363532633434393639
 30343635666162373762376131663336653838626331306365333234333438306433666434613938
 34346137326264633366663332666330646364333938663262633637356263643937343262623834
 32323835623061656535313766643437373066363832353562633463636530386235313365376561
 62303162316365396164333065653638643065633665646436386365323263366237616138636531
 35313337643361656166643036333631656438326365386161303635613363383636346437613434
 66313631343863343939333261396266346333323632623361656638306234656330633635333733
 38376531353230343933613961376638353063346435623366343930313237663733346531323135
 64336239396137353465393361346437383565393638343930356365313163363264333834326139
 30383763336137346530653961613434306664373264316434616263306562623335663330616564
 37346565653562363866343937653238353332336135663766383239653038643130373165353462
 62306238643536336235623638363734656366663530373264663861313438373437306666393731
 33333237636535623631303134303138353434323533653931653762323330643466306565313630
 35366663346165333833626630323330336336303166643463396437383730643166303965363838
 39313739333334613262393135616232316436643835636430653237383739653536373962346161
 30643639303938393266613734346234316331633834643337373265313763393766323431333439
 32353036326333356535633136376630623733306636663363393434653033636431643063393939
 63653164363435306232636536333739633832346137373130303265383135396334343062396463
 30303434613034316365653464343265393736386265623366643763386265316462396464346162
 32623138393363613636336435666233366630653030326561336338306339663837303033366134
 32616334313539653763396164656133613736303335646564633736393463313261613831623664
 38613032333766376135363437313561643863333036363766343333303664303738623738666634
 66623032306337326361383466303431616531313535316134336338656437653134653738393662
 64373437363762633261373533313730383932306161376636393261623534663737633639653462
 66663732306239313764383264663362346433346265303732333535613563613033616165343037
 62633565643433353332663534366564616132646337356265346234366537653561316531356366
 61666163303362666232613164373963383131616336613030626262306136636265633531306133
 64646332336137353765626439346162636233363463313437633763656361653565343835393762
 64343433373938636461646265303238646635346662626331333436343535636231666563326462
 35373435396233313464366636343165376662616134633037376161393565336164646663323266
 36386634383066383763353535616466396464623836646439323535323839646632323839653838
 35383136343333326565383261653763383639313631663631343730353532613764306630326262
 37363665313637633162373264623464346431306537386231613131663934623933353433623031
 66326331666132643637323937376164306565343035363032623231303962313433356362613362
 3233366530336137393333373639613864613561363465306239
@@ -118,6 +118,28 @@ services:
        type: bind
        bind:
          create_host_path: true
  ansible0guy-webui:
    container_name: ansible-webui
    environment:
      AW_HOSTNAMES: ansible.trez.wtf
      AW_PROXY: 1
      AW_SECRET: ${ANSIBLE_WEBUI_SECRET}
    image: ansible0guy/webui:latest
    labels:
      homepage.group: Code/DevOps
      homepage.name: Ansible WebUI
      homepage.icon: ansible.svg
      homepage.href: https://ansible.${MY_TLD}
      homepage.description: WebUI for Ansible
      swag: enable
      swag_url: ansible.${MY_TLD}
      swag_proto: http
      swag_port: 8000
      swag.uptime-kuma.monitor.url: https://ansible.${MY_TLD}
      swag.uptime-kuma.enabled: true
    ports:
        - 44448:8000
    restart: unless-stopped
  apprise:
    container_name: apprise
    environment:
@@ -1157,7 +1179,7 @@ services:
      GITEA__mailer__SMTP_PORT: 25
      GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
      GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
-    image: gitea/gitea:1.22.6
+    image: gitea/gitea:1.23.1
    labels:
      homepage.group: Code/DevOps
      homepage.name: Gitea
@@ -1185,7 +1207,7 @@ services:
    restart: always
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/gitea
-        target: /data
+        target: /data/gitea
        type: bind
        bind:
          create_host_path: true
@@ -1806,7 +1828,7 @@ services:
        db:
          dbname: invidious
          user: kemal
-          password: kemal
+          password: ${INVID_PG_DB_PASSWORD}
          host: invidious-db
          port: 5432
        check_tables: true
@@ -1845,7 +1867,7 @@ services:
    container_name: invidious-db
    environment:
      POSTGRES_DB: invidious
-      POSTGRES_PASSWORD: kemal
+      POSTGRES_PASSWORD: ${INVID_PG_DB_PASSWORD}
      POSTGRES_USER: kemal
    healthcheck:
      test:
@@ -2685,121 +2707,6 @@ services:
        published: "22300"
        target: 22300
    restart: unless-stopped
  komodo-core:
    container_name: komodo-core
    depends_on:
      - komodo-ferretdb
      - komodo-periphery
    image: ghcr.io/mbecker20/komodo:latest
    labels:
      homepage.group: System Administration
      homepage.name: Komodo
      homepage.href: https://komodo.${MY_TLD}
      homepage.icon: /icons/komodo.png
      homepage.description: Open-source note taking & to-do
      komodo.skip: a
      swag: enable
      swag_url: komodo.${MY_TLD}
      swag_port: 9120
      swag_proto: http
    ports:
      - 9120:9120
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/komodo/core.config.toml:/config/config.toml
  komodo-ferretdb:
    container_name: komodo-ferretdb
    depends_on:
      - komodo-pg-db
    image: ghcr.io/ferretdb/ferretdb
    labels:
      komodo.skip: a
    restart: unless-stopped
    expose:
      - 27017
    environment:
      - FERRETDB_POSTGRESQL_URL=postgres://komodo-pg-db:5432/komodo
  komodo-periphery:
    container_name: komodo-periphery
    environment:
      DOCKER_HOST: tcp://dockerproxy:2375
      PERIPHERY_PASSKEYS: ${KOMODO_PASSKEY}
      PERIPHERY_SSL_ENABLED: false
      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
      # PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos
    expose:
      - 8120
    image: ghcr.io/mbecker20/periphery:latest
    labels:
      komodo.skip: a
    restart: always
    volumes:
      - /proc:/proc
  komodo-pg-db:
    container_name: komodo-pg-db
    environment:
      POSTGRES_USER: komodo
      POSTGRES_PASSWORD: ${KOMODO_PG_DB_PASSWORD}
      POSTGRES_DB: komodo
    expose:
      - 5432
    labels:
      komodo.skip: a
    image: postgres:17-alpine
    restart: unless-stopped
    volumes:
      - komodo-pg-data:/var/lib/postgresql/data
  librespeed:
    container_name: librespeed
    environment:
      DB_HOSTNAME: 
      DB_NAME: 
      DB_PASSWORD: 
      DB_TYPE: sqlite
      DB_USERNAME: 
      PASSWORD: 
      PGID: 1000
      PUID: 1000
      TZ: America/New_York
      DOCKER_MODS: ghcr.io/themepark-dev/theme.park:librespeed
    hostname: Rinoa
    image: lscr.io/linuxserver/librespeed:latest
    labels:
      homepage.group: System Administration
      homepage.name: LibreSpeed
      homepage.href: https://speed.${MY_TLD}
      homepage.icon: librespeed.png
      homepage.description: Speed test
      homepage: enable
      homepage_proto: http
      homepage_url: speed.${MY_TLD}
      homepage.uptime-kuma.enabled: true
      homepage.uptime-kuma.monitor.url: https://speed.${MY_TLD}
    networks:
      default: null
    ports:
      - mode: ingress
        protocol: tcp
        published: "8014"
        target: 80
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/librespeed
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  lidarr:
    container_name: lidarr
    environment:
@@ -3034,9 +2941,9 @@ services:
      PGID: 1000
      PUID: 1000
      TZ: America/New_York
-      MYSQL_PASSWORD: VQU23wHKRNmfpAPt5E9BxMaSGJdWjLuz
+      MYSQL_PASSWORD: ${NEXTCLOUD_MARIADB_PASSWORD}
    hostname: Rinoa
-    image: ghcr.io/linuxserver/mariadb
+    image: linuxserver/mariadb
    networks:
      default: null
    ports:
@@ -3067,6 +2974,58 @@ services:
        type: bind
        bind:
          create_host_path: true
  mastodon:
    container_name: mastodon
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      LOCAL_DOMAIN: trez.wtf
      REDIS_HOST: redis
      REDIS_PORT: 6379
      DB_HOST: mastodon-pg-db
      DB_USER: mastodon
      DB_NAME: mastodon
      DB_PASS: ${MASTODON_PG_DB_PASSWORD}
      DB_PORT: 5432
      ES_ENABLED: false
      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: 
      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: 
      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: 
      SECRET_KEY_BASE: 
      OTP_SECRET: 
      VAPID_PRIVATE_KEY: 
      VAPID_PUBLIC_KEY: 
      SMTP_SERVER: postal-smtp
      SMTP_PORT: 25
      SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER}
      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      SMTP_FROM_ADDRESS: noreply@trez.wtf
      S3_ENABLED: true
      S3_BUCKET: mastodon
      AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY}
      AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY}
    image: lscr.io/linuxserver/mastodon:latest
    labels:
      swag: enable
      swag_proto: http
      swag_port: 5678
      swag_url: mastodon.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD}
      homepage.group: Social
      homepage.name: Mastodon
      homepage.href: https://mastodon.${MY_TLD}
      homepage.icon: mastodon.svg
      homepage.description: Open-source social network
      homepage.widget.type: mastodon
      homepage.widget.url: http://mastodon
    ports:
      - 9044:80
      - 3444:443
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/mastodon:/config
  mastodon-pg-db:
    container_name: mastodon-pg-db
    environment:
@@ -3496,6 +3455,44 @@ services:
        type: bind
        bind:
          create_host_path: true
  pgbackweb:
    container_name: pgbackweb
    depends_on:
      pgbackweb-db:
        condition: service_healthy
    environment:
      PBW_ENCRYPTION_KEY: ${PGBACKWEB_ENCRYPTION_KEY}
      PBW_POSTGRES_CONN_STRING: "postgresql://pgbackweb:${PGBACKWEB_PG_DB_PASSWD}@pgbackweb-db:5432/pgbackweb?sslmode=disable"
      TZ: ${TZ}
    image: eduardolat/pgbackweb:latest
    labels:
      homepage.group: System Administration
      homepage.name: PGBackweb
      homepage.href: https://pg.${MY_TLD}
      homepage.icon: sh-pg-back-web.svg
      homepage.description: Backups for PostgreSQL
      swag: enable
      swag_proto: http
      swag_port: 8085
      swag_url: pg.${MY_TLD}
    ports:
      - "8085:8085" # Access the web interface at http://localhost:8085
  pgbackweb-db:
    container_name: pgbackweb-db
    environment:
      POSTGRES_USER: pgbackweb
      POSTGRES_DB: pgbackweb
      POSTGRES_PASSWORD: ${PGBACKWEB_PG_DB_PASSWD}
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 5s
      timeout: 5s
      retries: 5
    image: postgres:16-alpine
    volumes:
      - pgbackweb-data:/var/lib/postgresql/data
  plausible:
    command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
    container_name: plausible
@@ -3966,6 +3963,52 @@ services:
    security_opt:
      - no-new-privileges=true
    user: nobody
  rundeck:
    container_name: rundeck
    depends_on:
      rundeck-pg-db:
        condition: service_started
        required: true
    image: rundeck/rundeck:5.8.0
    environment:
      RUNDECK_SERVER_ADDRESS: 0.0.0.0
      RUNDECK_GRAILS_URL: https://rundeck.trez.wtf
      RUNDECK_SERVER_FORWARDED: true
      RUNDECK_DATABASE_DRIVER: jdbc:postgresql://rundeck-pg-db/rundeck?autoReconnect=true&useSSL=false&allowPublicKeyRetrieval=true
      RUNDECK_DATABASE_USERNAME: rundeck
      RUNDECK_DATABASE_PASSWORD: ${RUNDECK_PG_DB_PASSWD}
      RUNDECK_MAIL_SMTP_HOST: postal-smtp
      RUNDECK_MAIL_SMTP_PORT: 25
      RUNDECK_MAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      RUNDECK_MAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      RUNDECK_MAIL_FROM: noreply@trez.wtf
    labels:
      homepage.group: Code/DevOps
      homepage.name: Rundeck
      homepage.icon: rundeck.svg
      homepage.description: Open-source automation service with a web console, command line tools, and web API
      swag: enable
      swag_proto: http
      swag_port: 4440
      swag_url: rundeck.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://rundeck.${MY_TLD}
    ports:
      - 4440:4440
    restart: unless-stopped
    volumes:
      - rundeck-data:/home/rundeck/server/data
  rundeck-pg-db:
    container_name: rundeck-pg-db
    image: postgres:16-alpine
    expose:
      - 5432
    environment:
      POSTGRES_DB: rundeck
      POSTGRES_USER: rundeck
      POSTGRES_PASSWORD: ${RUNDECK_PG_DB_PASSWD}
    volumes:
      - rundeck-db-data:/var/lib/postgresql/data
  sabnzbdvpn:
    cap_add:
      - NET_ADMIN
@@ -4508,6 +4551,31 @@ services:
        type: bind
        bind:
          create_host_path: true
  speedtest-tracker:
    container_name: speedtest-tracker
    image: lscr.io/linuxserver/speedtest-tracker:latest
    environment:
        PUID: ${PUID}
        PGID: ${PGID}
        APP_KEY: ${SPEEDTEST_TRACKER_APP_KEY}
        DB_CONNECTION: sqlite
    labels:
      homepage.name: Speedtest Traccker
      homepage.group: System Administration
      homepage.description: Self-hosted internet performance tracking
      homepage.href: https://speed.${MY_TLD}
      homepage.icon: speedtest-tracker.png
      swag: enable
      swag_proto: http
      swag_url: speed.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://slsk.${MY_TLD}
    ports:
        - 47512:80
        - 62777:443
    restart: unless-stopped
    volumes:
        - ${DOCKER_VOLUME_CONFIG}/speedtest-tracker:/config
  spotisub:
    container_name: spotisub
    environment:
@@ -4663,7 +4731,7 @@ services:
      homepage.group: Lifestyle
      homepage.name: Tandoor Recipes
      homepage.href: https://recipes.${MY_TLD}
-      homepage.icon: tandoor.svg
+      homepage.icon: tandoor-recipes.svg
      homepage.description: Recipes, cookbooks, meal-planning, & grocery lists
      homepage.widget.type: tandoor
      homepage.widget.url: http://tandoor-recipes:8080
@@ -6533,6 +6601,32 @@ services:
        published: "8900"
        target: 8080
    restart: unless-stopped
  yacht:
    container_name: yacht
    depends_on:
      docker-socket-proxy:
        condition: service_started
        required: true
    environment:
      DOCKER_HOST: tcp://dockerproxy:2375
    image: selfhostedpro/yacht
    labels:
      homepage.group: System Administration
      homepage.name: Yacht
      homepage.href: https://yacht.${MY_TLD}
      homepage.icon: yacht.svg
      homepage.description: Web interface for managing docker containers
      swag: enable
      swag_proto: http
      swag_port: 8000
      swag_url: yacht.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://yacht.${MY_TLD}
    ports:
      - 19733:8000
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/yacht:/config
  your_spotify:
    container_name: your_spotify
    environment:
@@ -7066,8 +7160,6 @@ volumes:
    name: jitsi-web-admin-upload
  joplin_data:
    name: joplin_data
  komodo-pg-data:
    name: komodo-pg-data
  lldap_data:
    name: lldap_data
  localai_data:
@@ -7090,6 +7182,8 @@ volumes:
    name: paperless-ngx-media
  paperless-ngx-pg:
    name: paperless-ngx-pg
  pgbackweb-data:
    name: pgbackweb-data
  plausible-db-data:
    name: plausible-db-data
  plausible-event-data:
@@ -7098,6 +7192,10 @@ volumes:
    name: plausible-event-logs
  reactive-resume-pg:
    name: reactive-resume-pg
  rundeck-data:
    name: rundeck-data
  rundeck-db-data:
    name: rundeck-db-data
  semaphore_config:
    name: semaphore_config
  semaphore_data:
@@ -1,842 +0,0 @@
 # Global Settings
 COMPOSE_HTTP_TIMEOUT=''
 DOCKER_GID=''
 DOCKER_HOSTNAME=''
 DOCKER_VOLUME_CONFIG=''
 DOCKER_VOLUME_STORAGE=''
 PGID=''
 PUID=''
 TZ=''
 MY_TLD=''
 # END OF DEFAULT SETTINGS
 ##
 ## ADDY
 ##
 ADDY_ANONADDY_ADDITIONAL_USERNAME_LIMIT=''
 ADDY_ANONADDY_ADMIN_USERNAME=''
 ADDY_ANONADDY_ALL_DOMAINS=''
 ADDY_ANONADDY_BANDWIDTH_LIMIT=''
 ADDY_ANONADDY_DKIM_SELECTOR=''
 ADDY_ANONADDY_DKIM_SIGNING_KEY=''
 ADDY_ANONADDY_DNS_RESOLVER=''
 ADDY_ANONADDY_DOMAIN=''
 ADDY_ANONADDY_HOSTNAME=''
 ADDY_ANONADDY_LIMIT=''
 ADDY_ANONADDY_NEW_ALIAS_LIMIT=''
 ADDY_ANONADDY_RETURN_PATH=''
 ADDY_ANONADDY_SECRET=''
 ADDY_ANONADDY_SIGNING_KEY_FINGERPRINT=''
 ADDY_APP_KEY=''
 ADDY_APP_URL=''
 ADDY_DB_PASSWORD=''
 ADDY_MAIL_ENCRYPTION=''
 ADDY_MAIL_FROM_ADDRESS=''
 ADDY_MAIL_FROM_NAME=''
 ADDY_POSTFIX_DEBUG=''
 ADDY_POSTFIX_MESSAGE_SIZE_LIMIT=''
 ADDY_POSTFIX_RELAYHOST=''
 ADDY_POSTFIX_RELAYHOST_AUTH_ENABLE=''
 ADDY_POSTFIX_SMTPD_TLS_CERT_FILE=''
 ADDY_POSTFIX_SMTPD_TLS_KEY_FILE=''
 ADDY_POSTFIX_SPAMHAUS_DQS_KEY=''
 ADDY_REDIS_PASSWORD=''
 ADDY_RSPAMD_NO_LOCAL_ADDRS=''
 ADDY_RSPAMD_WEB_PASSWORD=''
 ##
 ## ADGUARD
 ##
 ADGUARD_CONTAINER_NAME=''
 ADGUARD_ENABLED=''
 ADGUARD_ENVIRONMENT_SERVERIP=''
 ADGUARD_NETWORK_MODE=''
 ADGUARD_PORT_3000=''
 ADGUARD_PORT_443=''
 ADGUARD_PORT_53=''
 ADGUARD_PORT_67=''
 ADGUARD_PORT_68=''
 ADGUARD_PORT_80=''
 ADGUARD_PORT_853=''
 ADGUARD_RESTART=''
 ADGUARD_TAG=''
 ##
 ## ADGUARD
 ##
 ADGUARD_CF_TUNNEL_PASSWORD=''
 ADGUARD_PASSWORD=''
 ##
 ## ANYTHINGLLM
 ##
 ANYTHINGLLM_JWT_SECRET=''
 ##
 ## APPRISE
 ##
 APPRISE_CONTAINER_NAME=''
 APPRISE_ENABLED=''
 APPRISE_NETWORK_MODE=''
 APPRISE_PORT_8000=''
 APPRISE_RESTART=''
 APPRISE_TAG=''
 ##
 ## AUDIOBOOKSHELF
 ##
 AUDIOBOOKSHELF_CONTAINER_NAME=''
 AUDIOBOOKSHELF_ENABLED=''
 AUDIOBOOKSHELF_NETWORK_MODE=''
 AUDIOBOOKSHELF_PORT_80=''
 AUDIOBOOKSHELF_RESTART=''
 AUDIOBOOKSHELF_TAG=''
 ##
 ## AUDIOBOOKSHELF
 ##
 AUDIOBOOKSHELF_ROOT_API_KEY=''
 ##
 ## AUTHELIA
 ##
 AUTHELIA_AUTH_BIND_LDAP_PASSWORD=''
 AUTHELIA_JWT_SECRET=''
 AUTHELIA_SESSION_SECRET=''
 AUTHELIA_STORAGE_ENCRYPTION_KEY=''
 AUTHELIA_STORAGE_POSTGRES_PASSWORD=''
 ##
 ## BAZARR
 ##
 BAZARR_CONTAINER_NAME=''
 BAZARR_ENABLED=''
 BAZARR_NETWORK_MODE=''
 BAZARR_PORT_6767=''
 BAZARR_RESTART=''
 BAZARR_TAG=''
 BAZARR_API_KEY=''
 ##
 ## BITMAGNET
 ##
 BITMAGNET_POSTGRESQL_PASSWORD=''
 ##
 ## BITWARDEN
 ##
 BITWARDEN_CONTAINER_NAME=''
 BITWARDEN_ENABLED=''
 BITWARDEN_ENVIRONMENT_ADMIN_TOKEN=''
 BITWARDEN_ENVIRONMENT_DATABASE_URL=''
 BITWARDEN_ENVIRONMENT_DISABLE_ADMIN_TOKEN=''
 BITWARDEN_ENVIRONMENT_DOMAIN=''
 BITWARDEN_ENVIRONMENT_ENABLE_DB_WAL=''
 BITWARDEN_ENVIRONMENT_INVITATIONS_ALLOWED=''
 BITWARDEN_ENVIRONMENT_SHOW_PASSWORD_HINT=''
 BITWARDEN_ENVIRONMENT_SIGNUPS_ALLOWED=''
 BITWARDEN_ENVIRONMENT_SIGNUPS_VERIFY=''
 BITWARDEN_ENVIRONMENT_WEBSOCKET_ENABLE=''
 BITWARDEN_NETWORK_MODE=''
 BITWARDEN_PORT_3012=''
 BITWARDEN_PORT_80=''
 BITWARDEN_RESTART=''
 BITWARDEN_TAG=''
 ##
 ## CHROMIUM
 ##
 CHROMIUM_TOKEN=''
 ##
 ## CLOUDFLARE
 ##
 CLOUDFLARE_ACCOUNT_ID=''
 CLOUDFLARE_DNS_API_TOKEN=''
 CLOUDFLARE_ZONE_ID=''
 ##
 ## CLOUDFLAREDDNS
 ##
 CLOUDFLAREDDNS_CONTAINER_NAME=''
 CLOUDFLAREDDNS_ENABLED=''
 CLOUDFLAREDDNS_ENVIRONMENT_APIKEY=''
 CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN=''
 CLOUDFLAREDDNS_ENVIRONMENT_ARGS=''
 CLOUDFLAREDDNS_ENVIRONMENT_DETECTION_MODE=''
 CLOUDFLAREDDNS_ENVIRONMENT_HOSTS=''
 CLOUDFLAREDDNS_ENVIRONMENT_INTERVAL=''
 CLOUDFLAREDDNS_ENVIRONMENT_LOG_LEVEL=''
 CLOUDFLAREDDNS_ENVIRONMENT_RECORDTYPES=''
 CLOUDFLAREDDNS_ENVIRONMENT_USER=''
 CLOUDFLAREDDNS_ENVIRONMENT_ZONES=''
 CLOUDFLAREDDNS_RESTART=''
 CLOUDFLAREDDNS_TAG=''
 ##
 ## CROWDSEC
 ##
 CROWDSEC_API_KEY=''
 CROWDSEC_LOCAL_API_KEY=''
 ##
 ## DELUGEVPN
 ##
 DELUGEVPN_CONTAINER_NAME=''
 DELUGEVPN_ENABLED=''
 DELUGEVPN_ENVIRONMENT_ENABLE_PRIVOXY=''
 DELUGEVPN_ENVIRONMENT_LAN_NETWORK=''
 DELUGEVPN_ENVIRONMENT_NAME_SERVERS=''
 DELUGEVPN_ENVIRONMENT_VPN_CLIENT=''
 DELUGEVPN_ENVIRONMENT_VPN_ENABLE=''
 DELUGEVPN_ENVIRONMENT_VPN_INPUT_PORTS=''
 DELUGEVPN_ENVIRONMENT_VPN_OPTIONS=''
 DELUGEVPN_ENVIRONMENT_VPN_OUTPUT_PORTS=''
 DELUGEVPN_ENVIRONMENT_VPN_PASS=''
 DELUGEVPN_ENVIRONMENT_VPN_PROV=''
 DELUGEVPN_ENVIRONMENT_VPN_USER=''
 DELUGEVPN_NETWORK_MODE=''
 DELUGEVPN_PORT_58846=''
 DELUGEVPN_PORT_58946=''
 DELUGEVPN_PORT_8112=''
 DELUGEVPN_PORT_8118=''
 DELUGEVPN_RESTART=''
 DELUGEVPN_TAG=''
 ##
 ## DELUGEVPN
 ##
 DELUGEVPN_PASSWORD=''
 DELUGEVPN_PORT_51413=''
 DELUGEVPN_PORT_6881=''
 ##
 ## DUPLICATI
 ##
 DUPLICATI_CONTAINER_NAME=''
 DUPLICATI_ENABLED=''
 DUPLICATI_NETWORK_MODE=''
 DUPLICATI_PORT_8200=''
 DUPLICATI_RESTART=''
 DUPLICATI_TAG=''
 DUPLICATI_VOLUME_BACKUPSDIR=''
 DUPLICATI_VOLUME_SOURCEDIR=''
 ##
 ## DUPLICATI
 ##
 DUPLICATI_CF_TUNNEL_PASSWORD=''
 ##
 ## EMBY
 ##
 EMBY_CONTAINER_NAME=''
 EMBY_ENABLED=''
 EMBY_NETWORK_MODE=''
 EMBY_PORT_8096=''
 EMBY_PORT_8920=''
 EMBY_RESTART=''
 EMBY_TAG=''
 EMBY_VOLUME_TRANSCODEDIR=''
 ##
 ## EMBY
 ##
 EMBY_HOMEPAGE_API_KEY=''
 ##
 ## FLARESOLVERR
 ##
 FLARESOLVERR_CONTAINER_NAME=''
 FLARESOLVERR_ENABLED=''
 FLARESOLVERR_ENVIRONMENT_CAPTCHA_SOLVER=''
 FLARESOLVERR_ENVIRONMENT_LOG_HTML=''
 FLARESOLVERR_ENVIRONMENT_LOG_LEVEL=''
 FLARESOLVERR_NETWORK_MODE=''
 FLARESOLVERR_PORT_8191=''
 FLARESOLVERR_RESTART=''
 FLARESOLVERR_TAG=''
 ##
 ## GHOST
 ##
 GHOST_DB_PASSWORD=''
 GHOST_DB_USER=''
 ##
 ## GITEA
 ##
 GITEA_HOMEPAGE_API_KEY=''
 GITEA_PG_DB_PASSWORD=''
 GITEA_RUNNER_REGISTRATION_TOKEN=''
 ##
 ## GLUETUN
 ##
 GLUETUN_SERVER_REGIONS=''
 ##
 ## GOTIFY
 ##
 GOTIFY_HOMEPAGE_CLIENT_KEY=''
 GOTIFY_PASSWORD=''
 ##
 ## GRAFANA
 ##
 GRAFANA_CONTAINER_NAME=''
 GRAFANA_ENABLED=''
 GRAFANA_ENVIRONMENT_GF_INSTALL_PLUGINS=''
 GRAFANA_NETWORK_MODE=''
 GRAFANA_PORT_3000=''
 GRAFANA_RESTART=''
 GRAFANA_TAG=''
 ##
 ## GRAFANA
 ##
 GRAFANA_ADMIN_PASSWORD=''
 GRAFANA_MIMIR_HTTP_AUTH_PASSWORD=''
 ##
 ## GUID
 ##
 GUID=''
 ##
 ## HORTUSFOX
 ##
 HORTUSFOX_ADMIN_PASSWORD=''
 HORTUSFOX_DB_PASSWORD=''
 ##
 ## HUGINN
 ##
 HUGINN_CONTAINER_NAME=''
 HUGINN_ENABLED=''
 HUGINN_ENVIRONMENT_DATABASE_HOST=''
 HUGINN_ENVIRONMENT_DATABASE_NAME=''
 HUGINN_ENVIRONMENT_DATABASE_PASSWORD=''
 HUGINN_ENVIRONMENT_DATABASE_PORT=''
 HUGINN_ENVIRONMENT_DATABASE_USERNAME=''
 HUGINN_NETWORK_MODE=''
 HUGINN_PORT_3000=''
 HUGINN_RESTART=''
 HUGINN_TAG=''
 ##
 ## IN
 ##
 IN_APP_KEY=''
 IN_MYSQL_PASSWORD=''
 IN_PASSWORD=''
 ##
 ## JAN
 ##
 JAN_AI_S3_ACCESS_KEY=''
 JAN_AI_S3_SECRET_KEY=''
 ##
 ## JITSI
 ##
 JITSI__ADMIN_DB_PASSWORD=''
 JITSI__ADMIN_JWT_SECRET=''
 JITSI__ETHERPAD_DEFAULT_PAD_TEXT=''
 JITSI__ETHERPAD_SKIN_NAME=''
 JITSI__ETHERPAD_SKIN_VARIANTS=''
 JITSI__ETHERPAD_TITLE=''
 JITSI__ETHERPAD_URL_BASE=''
 JITSI__HTTP_PORT=''
 JITSI__HTTPS_PORT=''
 JITSI__JIBRI_RECORDER_PASSWORD=''
 JITSI__JIBRI_XMPP_PASSWORD=''
 JITSI__JICOFO_AUTH_PASSWORD=''
 JITSI__JIGAGI_SIP_PASSWORD=''
 JITSI__JIGAGI_SIP_PORT=''
 JITSI__JIGAGI_SIP_SERVER=''
 JITSI__JIGAGI_SIP_TRANSPORT=''
 JITSI__JIGAGI_SIP_URI=''
 JITSI__JIGASI_XMPP_PASSWORD=''
 JITSI__JVB_AUTH_PASSWORD=''
 JITSI__PUBLIC_URL=''
 JITSI__SIP_URI=''
 JITSI__TZ=''
 JITSI__WEBSOCKET_SECRET=''
 ##
 ## JOPLIN
 ##
 JOPLIN_APP_BASE_URL=''
 JOPLIN_APP_PORT=''
 JOPLIN_POSTGRES_DATABASE=''
 JOPLIN_POSTGRES_PASSWORD=''
 JOPLIN_POSTGRES_PORT=''
 JOPLIN_POSTGRES_USER=''
 JOPLIN_S3_ACCESS_KEY=''
 JOPLIN_S3_SECRET_KEY=''
 ##
 ## KEYCLOAK
 ##
 KEYCLOAK_ADMIN_PASSWORD=''
 ##
 ## LAN
 ##
 LAN_NETWORK=''
 ##
 ## LASTFM
 ##
 LASTFM_API_KEY=''
 LASTFM_API_SECRET=''
 LASTFM_PASSWORD=''
 LASTFM_USERNAME=''
 ##
 ## LIBRESPEED
 ##
 LIBRESPEED_CONTAINER_NAME=''
 LIBRESPEED_ENABLED=''
 LIBRESPEED_ENVIRONMENT_DB_HOSTNAME=''
 LIBRESPEED_ENVIRONMENT_DB_NAME=''
 LIBRESPEED_ENVIRONMENT_DB_PASSWORD=''
 LIBRESPEED_ENVIRONMENT_DB_TYPE=''
 LIBRESPEED_ENVIRONMENT_DB_USERNAME=''
 LIBRESPEED_ENVIRONMENT_PASSWORD=''
 LIBRESPEED_NETWORK_MODE=''
 LIBRESPEED_PORT_80=''
 LIBRESPEED_RESTART=''
 LIBRESPEED_TAG=''
 ##
 ## LIDARR
 ##
 LIDARR_CONTAINER_NAME=''
 LIDARR_ENABLED=''
 LIDARR_NETWORK_MODE=''
 LIDARR_PORT_8686=''
 LIDARR_RESTART=''
 LIDARR_TAG=''
 ##
 ## LIDARR
 ##
 LIDARR_API_KEY=''
 ##
 ## LLDAP
 ##
 LLDAP_JWT_SECRET=''
 LLDAP_KEY_SEED=''
 ##
 ## LOCALAI
 ##
 LOCALAI_API_KEY=''
 ##
 ## MALOJA
 ##
 MALOJA_FORCE_PASSWORD=''
 ##
 ## MARIADB
 ##
 MARIADB_CONTAINER_NAME=''
 MARIADB_ENABLED=''
 MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD=''
 MARIADB_NETWORK_MODE=''
 MARIADB_PORT_3306=''
 MARIADB_RESTART=''
 MARIADB_TAG=''
 ##
 ## MATTERMOST
 ##
 MATTERMOST_AWS_S3_ACCESSKEY=''
 MATTERMOST_AWS_S3_SECRETKEY=''
 MATTERMOST_POSTGRES_CONNECTION_URI=''
 MATTERMOST_POSTGRES_PASSWORD=''
 ##
 ## MAYBE
 ##
 MAYBE_POSTGRES_PASSWORD=''
 MAYBE_SECRET_KEY_BASE=''
 ##
 ## MEDUSAJS
 ##
 MEDUSAJS_COOKIE_SECRET=''
 MEDUSAJS_JWT_TOKEN=''
 MEDUSAJS_POSTGRES_PASSWORD=''
 MEDUSAJS_S3_ACCESS_KEY=''
 MEDUSAJS_S3_SECRET_KEY=''
 ##
 ## MINIO
 ##
 MINIO_MIMIR_STORAGE_ACCESS_KEY=''
 MINIO_MIMIR_STORAGE_SECRET_KEY=''
 MINIO_ROOT_PASSWORD=''
 ##
 ## MONGO
 ##
 MONGO_INITDB_ROOT_PASSWORD=''
 MONGO_INITDB_ROOT_USERNAME=''
 ##
 ## NAVIDROME
 ##
 NAVIDROME_PASSWORD=''
 NAVIDROME_USERNAME=''
 ##
 ## NEXTCLOUD
 ##
 NEXTCLOUD_CONTAINER_NAME=''
 NEXTCLOUD_ENABLED=''
 NEXTCLOUD_NETWORK_MODE=''
 NEXTCLOUD_PORT_443=''
 NEXTCLOUD_RESTART=''
 NEXTCLOUD_TAG=''
 NEXTCLOUD_VOLUME_DATADIR=''
 ##
 ## OMBI
 ##
 OMBI_CONTAINER_NAME=''
 OMBI_ENABLED=''
 OMBI_NETWORK_MODE=''
 OMBI_PORT_3579=''
 OMBI_RESTART=''
 OMBI_TAG=''
 OMBI_API_KEY=''
 ##
 ## OPENGIST
 ##
 OPENGIST_GITEA_CLIENT_KEY=''
 OPENGIST_GITEA_SECRET=''
 ##
 ## PAPERLESS
 ##
 PAPERLESS_DBPASS=''
 PAPERLESS_SECRET_KEY=''
 ##
 ## PLAUSIBLE
 ##
 PLAUSIBLE_PG_PASSWORD=''
 PLAUSIBLE_SECRET_KEY_BASE=''
 PLAUSIBLE_TOTP_VAULT_KEY=''
 ##
 ## PODINDEX
 ##
 PODINDEX_API_KEY=''
 PODINDEX_API_SECRET=''
 ##
 ## PORTAINER
 ##
 PORTAINER_CONTAINER_NAME=''
 PORTAINER_ENABLED=''
 PORTAINER_NETWORK_MODE=''
 PORTAINER_PORT_9000=''
 PORTAINER_RESTART=''
 PORTAINER_TAG=''
 PORTAINER_VOLUME_DOCKER_SOCKET=''
 PORTAINER_API_KEY=''
 ##
 ## POSTAL
 ##
 POSTAL_MYSQL_PASSWORD=''
 POSTAL_SMTP_AUTH_PASSWORD=''
 POSTAL_SMTP_AUTH_USER=''
 ##
 ## POSTGRES
 ##
 POSTGRES_HOST=''
 POSTGRES_PASSWORD=''
 POSTGRES_USER=''
 ##
 ## PROWLARR
 ##
 PROWLARR_CONTAINER_NAME=''
 PROWLARR_ENABLED=''
 PROWLARR_NETWORK_MODE=''
 PROWLARR_PORT_9696=''
 PROWLARR_RESTART=''
 PROWLARR_TAG=''
 PROWLARR_API_KEY=''
 ##
 ## RADARR
 ##
 RADARR_CONTAINER_NAME=''
 RADARR_ENABLED=''
 RADARR_NETWORK_MODE=''
 RADARR_PORT_7878=''
 RADARR_RESTART=''
 RADARR_TAG=''
 ##
 ## RADARR
 ##
 RADARR_API_KEY=''
 ##
 ## REACTIVE
 ##
 REACTIVE_RESUME_ACCESS_TOKEN_SECRET=''
 REACTIVE_RESUME_PGSQL_PASSWORD=''
 REACTIVE_RESUME_REFRESH_TOKEN_SECRET=''
 REACTIVE_RESUME_S3_ACCESS_KEY=''
 REACTIVE_RESUME_S3_SECRET_KEY=''
 ##
 ## READARR
 ##
 READARR_CONTAINER_NAME=''
 READARR_ENABLED=''
 READARR_NETWORK_MODE=''
 READARR_PORT_8787=''
 READARR_RESTART=''
 READARR_TAG=''
 READARR_API_KEY=''
 ##
 ## REMMINA
 ##
 REMMINA_CF_TUNNEL_ID=''
 REMMINA_CF_TUNNEL_PASSWORD=''
 REMMINA_USER_PASSWORD=''
 ##
 ## RUSTDESK
 ##
 RUSTDESK_CUSTOM_PASSWORD=''
 ##
 ## SABNZBDVPN
 ##
 SABNZBDVPN_CONTAINER_NAME=''
 SABNZBDVPN_ENABLED=''
 SABNZBDVPN_ENVIRONMENT_ENABLE_PRIVOXY=''
 SABNZBDVPN_ENVIRONMENT_LAN_NETWORK=''
 SABNZBDVPN_ENVIRONMENT_NAME_SERVERS=''
 SABNZBDVPN_ENVIRONMENT_VPN_CLIENT=''
 SABNZBDVPN_ENVIRONMENT_VPN_ENABLE=''
 SABNZBDVPN_ENVIRONMENT_VPN_INPUT_PORTS=''
 SABNZBDVPN_ENVIRONMENT_VPN_OPTIONS=''
 SABNZBDVPN_ENVIRONMENT_VPN_OUTPUT_PORTS=''
 SABNZBDVPN_ENVIRONMENT_VPN_PASS=''
 SABNZBDVPN_ENVIRONMENT_VPN_PROV=''
 SABNZBDVPN_ENVIRONMENT_VPN_USER=''
 SABNZBDVPN_NETWORK_MODE=''
 SABNZBDVPN_PORT_8080=''
 SABNZBDVPN_PORT_8090=''
 SABNZBDVPN_PORT_8118=''
 SABNZBDVPN_RESTART=''
 SABNZBDVPN_TAG=''
 SABNZBDVPN_API_KEY=''
 ##
 ## SCRAPERR
 ##
 SCRAPERR_SECRET_KEY=''
 ##
 ## SCRUTINY
 ##
 SCRUTINY_CF_TUNNEL_PASSWORD=''
 ##
 ## SEARXNG
 ##
 SEARXNG_BASE_URL=''
 ##
 ## SLSKD
 ##
 SLSKD_PASSWORD=''
 ##
 ## SONARQUBE
 ##
 SONARQUBE_POSTGRES_PASSWORD=''
 SONARQUBE_LDAP_BIND_PASSWORD=''
 ##
 ## SONARR
 ##
 SONARR_CONTAINER_NAME=''
 SONARR_ENABLED=''
 SONARR_NETWORK_MODE=''
 SONARR_PORT_8989=''
 SONARR_RESTART=''
 SONARR_TAG=''
 SONARR_API_KEY=''
 ##
 ## SWAG
 ##
 SWAG_CONTAINER_NAME=''
 SWAG_ENABLED=''
 SWAG_ENVIRONMENT_DNSPLUGIN=''
 SWAG_ENVIRONMENT_EMAIL=''
 SWAG_ENVIRONMENT_EXTRA_DOMAINS=''
 SWAG_ENVIRONMENT_ONLY_SUBDOMAINS=''
 SWAG_ENVIRONMENT_SUBDOMAINS=''
 SWAG_ENVIRONMENT_URL=''
 SWAG_ENVIRONMENT_VALIDATION=''
 SWAG_NETWORK_MODE=''
 SWAG_PORT_443=''
 SWAG_PORT_80=''
 SWAG_RESTART=''
 SWAG_TAG=''
 ##
 ## SWAG
 ##
 SWAG_CF_TUNNEL_ID=''
 SWAG_CF_TUNNEL_PASSWORD=''
 SWAG_DUCKDNSTOKEN=''
 SWAG_MAXMINDDB_LICENSE_KEY=''
 ##
 ## TANDOOR
 ##
 TANDOOR_API_TOKEN=''
 TANDOOR_POSTGRES_PASSWORD=''
 TANDOOR_SECRET_KEY=''
 ##
 ## TMDB
 ##
 TMDB_API_KEY=''
 ##
 ## TRACCAR
 ##
 TRACCAR_POSTGRES_DATABASE=''
 TRACCAR_POSTGRES_PASSWORD=''
 TRACCAR_POSTGRES_USER=''
 ##
 ## UPTIME
 ##
 UPTIME_KUMA_PASSWORD=''
 UPTIME_KUMA_USERNAME=''
 ##
 ## UPTIMEKUMA
 ##
 UPTIMEKUMA_CONTAINER_NAME=''
 UPTIMEKUMA_ENABLED=''
 UPTIMEKUMA_NETWORK_MODE=''
 UPTIMEKUMA_PORT_3001=''
 UPTIMEKUMA_RESTART=''
 UPTIMEKUMA_TAG=''
 ##
 ## VAULT
 ##
 VAULT_HASHICORP_AWS_ACCESS_KEY_ID=''
 VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY=''
 ##
 ## VIRUS
 ##
 VIRUS_TOTAL_API_KEY=''
 ##
 ## WALLABAG
 ##
 WALLABAG_DB=''
 WALLABAG_DB_PASSWORD=''
 ##
 ## WATCHTOWER
 ##
 WATCHTOWER_CONTAINER_NAME=''
 WATCHTOWER_ENABLED=''
 WATCHTOWER_ENVIRONMENT_CLEANUP=''
 WATCHTOWER_ENVIRONMENT_INCLUDE_STOPPED=''
 WATCHTOWER_ENVIRONMENT_MONITOR_ONLY=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATION_TEMPLATE=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATION_URL=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATIONS=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATIONS_LEVEL=''
 WATCHTOWER_ENVIRONMENT_REPO_PASS=''
 WATCHTOWER_ENVIRONMENT_REPO_USER=''
 WATCHTOWER_ENVIRONMENT_SCHEDULE=''
 WATCHTOWER_ENVIRONMENT_TIMEOUT=''
 WATCHTOWER_NETWORK_MODE=''
 WATCHTOWER_RESTART=''
 WATCHTOWER_TAG=''
 WATCHTOWER_VOLUME_DOCKER_SOCKET=''
 ##
 ## WATCHTOWER
 ##
 WATCHTOWER_HTTP_API_TOKEN=''
 WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=''
 WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=''
 WATCHTOWER_NOTIFICATION_GOTIFY_URL=''
 ##
 ## WAZUH
 ##
 WAZUH_API_PASSWORD=''
 WAZUH_INDEXER_PASSWORD=''
 WAZUH_KIBANA_PASSWORD=''
 WAZUH_VERSION=''
 ##
 ## YOUR
 ##
 YOUR_SPOTIFY_ID=''
 YOUR_SPOTIFY_PORT_443=''
 YOUR_SPOTIFY_PORT_80=''
 YOUR_SPOTIFY_SECRET=''
 ##
 ## YOUTUBEDL
 ##
 YOUTUBEDL_CONTAINER_NAME=''
 YOUTUBEDL_ENABLED=''
 YOUTUBEDL_ENVIRONMENT_CONFIG_PATH=''
 YOUTUBEDL_ENVIRONMENT_DEBUG=''
 YOUTUBEDL_NETWORK_MODE=''
 YOUTUBEDL_PORT_8080=''
 YOUTUBEDL_RESTART=''
 YOUTUBEDL_TAG=''
 ##
 ## ZAMMAD
 ##
 ZAMMAD_ELASTICSEARCH_VERSION=''
 ZAMMAD_IMAGE_REPO=''
 ZAMMAD_MEMCACHE_SERVERS=''
 ZAMMAD_MEMCACHE_VERSION=''
 ZAMMAD_POSTGRES_DB=''
 ZAMMAD_POSTGRES_HOST=''
 ZAMMAD_POSTGRES_PASS=''
 ZAMMAD_POSTGRES_PORT=''
 ZAMMAD_POSTGRES_USER=''
 ZAMMAD_POSTGRES_VERSION=''
 ZAMMAD_POSTGRESQL_OPTIONS=''
 ZAMMAD_REDIS_URL=''
 ZAMMAD_REDIS_VERSION=''
 ZAMMAD_RESTART=''
 ZAMMAD_S3_ACCESS_KEY=''
 ZAMMAD_S3_SECRET_KEY=''
 ZAMMAD_VERSION=''
Author	SHA1	Message	Date
Trez.One	7719735849	Fixing pipeline. Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Docker Compose & Ansible Lints (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Update README (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment / Deploy via Ansible & Docker Compose (push) Has been cancelled Details	2025-01-19 20:51:47 -05:00
Trez.One	c7308b9dc4	Fixing pipeline.	2025-01-19 20:45:52 -05:00
Trez.One	a8278b6910	Fixing pipeline.	2025-01-19 20:01:32 -05:00
Trez.One	03c2f0a540	Merge remote-tracking branch 'refs/remotes/origin/pg-backweb-deploy' into pg-backweb-deploy	2025-01-19 19:58:15 -05:00
Trez.One	14e2c8ff87	Fixing pipeline.	2025-01-19 19:57:58 -05:00
Trez.One	a0b6d095c7	chore: Update README	2025-01-20 00:56:06 +00:00
Trez.One	0d82deb06c	Fixing pipeline.	2025-01-19 19:51:32 -05:00
Trez.One	b02387351e	Adding PG Back Web service.	2025-01-19 19:48:25 -05:00
gitea-sonarqube-bot	67c4f335dd	Auto Merge of PR #9 - add-ansible-to-workflow Merged by Trez.One	2025-01-19 09:37:07 -05:00
Trez.One	6c22bd2d55	Switching inventory file in Ansible Dry Run.	2025-01-19 09:32:22 -05:00
gitea-sonarqube-bot	ef0f1c901f	Auto Merge of PR #14 - ansible-guy-webui-service Merged by Trez.One	2025-01-19 08:00:58 -05:00
Trez.One	fbf00bb78e	Envs for ansible-webui. Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Test (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Deploy via Docker Compose (push) Has been cancelled Details	2025-01-19 07:57:09 -05:00
gitea-sonarqube-bot	d59541a354	Auto Merge of PR #13 - ansible-guy-webui-service Merged by Trez.One	2025-01-19 07:51:41 -05:00
Trez.One	cba980f679	Merge remote-tracking branch 'refs/remotes/origin/ansible-guy-webui-service' into ansible-guy-webui-service	2025-01-19 07:45:39 -05:00
Trez.One	8f81633d3f	Correcting homepage.href for ansible-webui.	2025-01-19 07:45:04 -05:00
gitea-sonarqube-bot	a36c41e6a6	Auto Merge of PR #12 - ansible-guy-webui-service Merged by Trez.One	2025-01-19 07:34:56 -05:00
Trez.One	e48565ff17	chore: Update README	2025-01-19 12:34:19 +00:00
Trez.One	e17b03acf4	Adding Ansible0guy WebUI.	2025-01-19 07:31:06 -05:00
Trez.One	8ebd712661	...	2025-01-18 14:03:27 -05:00
Trez.One	9bff971e06	...	2025-01-18 13:59:44 -05:00
Trez.One	6e64597b91	...	2025-01-18 13:52:05 -05:00
Trez.One	62eb7b668b	...	2025-01-18 13:49:24 -05:00
Trez.One	e041026c27	...	2025-01-18 13:47:58 -05:00
Trez.One	1ed8e1c6fb	...	2025-01-18 13:44:35 -05:00
Trez.One	60cd0d31e7	...	2025-01-18 13:35:26 -05:00
Trez.One	5716372fa9	...	2025-01-18 13:25:12 -05:00
Trez.One	514d575ece	...	2025-01-18 12:31:04 -05:00
Trez.One	07069269af	Adding Gotify notifications for deployment; key file for Ansible.	2025-01-18 12:13:17 -05:00
Trez.One	7eabf6fd04	Adding Gotify notifications for deployment; key file for Ansible.	2025-01-18 11:49:52 -05:00
gitea-sonarqube-bot	529087c82f	Auto Merge of PR #11 - speedtest-tracker-deployment-librespeed-removal Merged by Trez.One	2025-01-18 09:38:26 -05:00
Trez.One	128c61f4f4	chore: Update README	2025-01-18 14:37:47 +00:00
Trez.One	540763579a	Removing Librespeed, adding Speedtest-tracker. Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Test (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Deploy via Docker Compose (push) Has been cancelled Details	2025-01-18 07:49:19 -05:00
Trez.One	96f74fa8b9	Adding private key for Ansible steps.	2025-01-18 07:21:22 -05:00
Trez.One	f09e3b4117	Adding Ansible installation step	2025-01-17 22:15:25 -05:00
Trez.One	2c3b41ab75	Adding Ansible installation step	2025-01-17 21:57:53 -05:00
Trez.One	42d811817a	Adding Ansible installation step	2025-01-17 21:53:26 -05:00
Trez.One	7e1cae9910	Adding Ansible installation step	2025-01-17 21:47:45 -05:00
Trez.One	dc22fba4cf	Adding Ansible installation step	2025-01-17 21:40:28 -05:00
Trez.One	4a114d2ead	Adding caching steps; removing hvac removal for now.	2025-01-17 21:30:34 -05:00
Trez.One	675357c89e	Adding caching steps.	2025-01-17 21:25:58 -05:00
Trez.One	9575209e14	Using reusable action for Ansible Playbook actions.	2025-01-17 21:18:36 -05:00
Trez.One	bb58c48441	Using reusable action for Ansible Playbook actions.	2025-01-17 21:16:19 -05:00
Trez.One	09fc8e68a6	.	2025-01-17 19:08:23 -05:00
Trez.One	ed072defde	.	2025-01-17 19:01:01 -05:00
Trez.One	bc6f94456e	.	2025-01-17 18:49:29 -05:00
Trez.One	b47cdf4e71	.	2025-01-17 18:48:08 -05:00
Trez.One	5c4004b333	Moving requirements.yml to another dir.	2025-01-17 18:44:35 -05:00
Trez.One	4ed38f335d	Moving requirements.yml to another dir.	2025-01-17 18:42:32 -05:00
Trez.One	7c4762fbd7	.	2025-01-17 18:39:37 -05:00
Trez.One	9d8207382a	Merge remote-tracking branch 'refs/remotes/origin/add-ansible-to-workflow' into add-ansible-to-workflow	2025-01-17 18:26:13 -05:00
Trez.One	86011ffba0	Moving requirements.yml up a dir.	2025-01-17 18:21:56 -05:00
Trez.One	5b707b9ee1	Moving requirements file up a dir.	2025-01-17 18:20:51 -05:00
Trez.One	f105b6f07d	Adding in PR number to title to distinguish multiple PRs in branches.	2025-01-17 18:15:38 -05:00
Trez.One	0655b384f3	Merging the lint steps into one and deploy steps into another.	2025-01-17 18:15:38 -05:00
Trez.One	c6e78b5cd6	Merging the lint steps into one and deploy steps into another.	2025-01-17 18:15:38 -05:00
Trez.One	17cdf160b5	Removing collections and leaving requirements; updated workflow to run Ansible Lint and deploy configs via Ansible.	2025-01-17 18:15:38 -05:00
Trez.One	df3d4d61a6	Env correction for Rundeck and adding depends_on.	2025-01-17 18:12:41 -05:00
Trez.One	83f51ef142	Env correction for Rundeck and adding depends_on.	2025-01-17 18:12:07 -05:00
gitea-sonarqube-bot	6033764f92	Auto Merge of PR #10 - rundeck-deployment Merged by Trez.One	2025-01-17 18:00:08 -05:00
Trez.One	ccbb947776	chore: Update README	2025-01-17 22:59:27 +00:00
Trez.One	698c8e596d	Adding Postgres and SMTP to Rundeck. Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Test (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Deploy via Docker Compose (push) Has been cancelled Details	2025-01-17 17:28:19 -05:00
Trez.One	373a8dd3b5	Adding in PR number to title to distinguish multiple PRs in branches.	2025-01-17 17:05:27 -05:00
Trez.One	cd746f0030	Merging the lint steps into one and deploy steps into another.	2025-01-17 16:56:42 -05:00
Trez.One	dcca52a2ec	Merging the lint steps into one and deploy steps into another.	2025-01-17 16:53:23 -05:00
Trez.One	d8cc151328	Removing collections and leaving requirements; updated workflow to run Ansible Lint and deploy configs via Ansible.	2025-01-17 16:42:06 -05:00
gitea-sonarqube-bot	b9a6c65b0e	Auto Merge of PR #8 - rundeck-deployment Merged by Trez.One	2025-01-17 15:50:59 -05:00
Trez.One	7d6b9d83be	Envs for Rundeck.	2025-01-17 15:38:39 -05:00
Trez.One	4e8aceb99f	.	2025-01-17 15:11:54 -05:00
Trez.One	9a2e3c0005	Merge branch 'rundeck-deployment'	2025-01-17 15:10:41 -05:00
Trez.One	24461293d7	.	2025-01-17 15:03:43 -05:00
Trez.One	e9ebe526f8	.	2025-01-17 14:58:08 -05:00
Trez.One	cc03885d26	Merge remote-tracking branch 'refs/remotes/origin/rundeck-deployment' into rundeck-deployment	2025-01-17 14:49:50 -05:00
Trez.One	11d629c1c0	Adding labels for Rundeck.	2025-01-17 14:49:33 -05:00
Trez.One	1a46c61546	chore: Update README	2025-01-17 19:41:59 +00:00
Trez.One	034d3f58f5	.	2025-01-17 14:38:46 -05:00
Trez.One	689105fd5a	.	2025-01-17 14:38:20 -05:00
Trez.One	cc535aeab7	Update .gitea/workflows/pr-cloudflare-docker-deploy.yml	2025-01-17 14:35:27 -05:00
Trez.One	636fedba96	Testing out Rundeck.	2025-01-17 14:34:06 -05:00
Trez.One	d8e4548d6c	Merge pull request 'Ansible Playbook for Docker Config Deployment' (#6 ) from ansible-config-mgmt-playbook into main Reviewed-on: Trez.One/rinoa-docker#6	2025-01-17 13:12:40 -05:00
Trez.One	3c1cd60694	Adding ggshield cache to gitignore.	2025-01-17 13:10:38 -05:00
Trez.One	912a19bc55	Adding ggshield cache to gitignore.	2025-01-17 13:10:08 -05:00
Trez.One	51df4b68d8	Adding ggshield cache to gitignore.	2025-01-17 13:03:04 -05:00
Trez.One	2ac0bf622a	Adding everything in Ansible in full.	2025-01-17 12:58:53 -05:00
Trez.One	3d7de6ae7d	Merge remote-tracking branch 'refs/remotes/origin/ansible-config-mgmt-playbook' into ansible-config-mgmt-playbook	2025-01-16 17:46:37 -05:00
Trez.One	83272b36b8	Trimming down Ansible folder.	2025-01-16 17:44:58 -05:00
Trez.One	7298674536	Adding in Ansible (still a WIP).	2025-01-16 16:20:28 -05:00
Trez.One	5495f51326	Changing workflow so that it triggers on branch push only if Compose file changes.	2025-01-16 16:14:54 -05:00
Trez.One	a28e806b8d	Adding in Ansible (still a WIP).	2025-01-16 16:12:35 -05:00
Trez.One	b350653814	Fixing description for Yacht.	2025-01-16 12:35:19 -05:00
gitea-sonarqube-bot	4706425cef	Auto Merge of PR #5 - remove-dockge-install-yacht Merged by Trez.One	2025-01-16 12:25:29 -05:00
Trez.One	92773f7c17	chore: Update README	2025-01-16 17:24:59 +00:00
Trez.One	8009482432	Removing Dockge in favor of Yacht. Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Test (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Deploy via Docker Compose (push) Has been cancelled Details	2025-01-16 12:22:16 -05:00
Trez.One	7645536481	Re-adding .gitignore until Ansible setup is completed.	2025-01-16 12:08:24 -05:00
gitea-sonarqube-bot	b90189ceda	Auto Merge of PR #4 - gg-secret-fixes Merged by Trez.One	2025-01-16 11:55:28 -05:00
Trez.One	24e9302688	Secrets fixes. Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Test (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Deploy via Docker Compose (push) Has been cancelled Details	2025-01-16 11:50:48 -05:00
gitea-sonarqube-bot	306e58e521	Auto Merge of PR #3 - dockge-deploy-remove-komodo Merged by Trez.One	2025-01-16 10:59:37 -05:00
Trez.One	a28769053b	Changing volume path for stacks Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Test (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled Details Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Deploy via Docker Compose (push) Has been cancelled Details	2025-01-16 10:56:35 -05:00
Trez.One	8be5388ba7	Changing volume path for stacks	2025-01-16 10:51:59 -05:00
gitea-sonarqube-bot	9c4e43b697	Auto Merge of PR #2 - dockge-deploy-remove-komodo Merged by Trez.One	2025-01-16 10:41:21 -05:00
Trez.One	d28c46188d	Merge remote-tracking branch 'refs/remotes/origin/dockge-deploy-remove-komodo' into dockge-deploy-remove-komodo	2025-01-16 10:38:03 -05:00
Trez.One	ed81f4c802	Forgot to add DOCKER_HOST env for Dockge.	2025-01-16 10:37:48 -05:00
gitea-sonarqube-bot	cd686b8acd	Auto Merge of PR #1 - dockge-deploy-remove-komodo Merged by Trez.One	2025-01-16 10:16:41 -05:00
Trez.One	bae21696d5	chore: Update README	2025-01-16 15:16:12 +00:00
Trez.One	8820d72f81	Fixing typo for depends_on.	2025-01-16 10:12:51 -05:00
Trez.One	1cfeba0c6f	...	2025-01-16 10:11:13 -05:00
Trez.One	1fe676de60	...	2025-01-16 10:03:59 -05:00
Trez.One	dcf9b7e829	...	2025-01-16 09:59:02 -05:00
Trez.One	e436da962c	...	2025-01-16 09:58:05 -05:00
Trez.One	9c3a666f49	...	2025-01-16 09:56:49 -05:00
Trez.One	bbdf7fe13e	...	2025-01-16 09:54:41 -05:00
Trez.One	227230f11a	...	2025-01-16 09:53:07 -05:00
Trez.One	6a25dde35f	...	2025-01-16 09:52:24 -05:00
Trez.One	2b7c2eb60e	Tweaking PR create step.	2025-01-16 09:50:47 -05:00
Trez.One	f011b3811e	Removing Komodo in favor of Dockge.	2025-01-16 09:47:59 -05:00
Trez.One	91af95090e	Removing comment and renaming workflow file.	2025-01-15 15:03:18 -05:00
Trez.One	108be427ab	Removed .gitignore.	2025-01-15 14:49:01 -05:00
Trez.One	bf9b7d0ed2	Removing env.example.	2025-01-15 14:48:32 -05:00
Trez.One	736c866a65	Removing comments.	2025-01-15 12:49:49 -05:00
gitea-sonarqube-bot	3410008a9d	Auto Merge of PR #12 - mastadon-deployment Merged by Trez.One	2025-01-15 12:36:48 -05:00
Trez.One	592e88f147	chore: Update README	2025-01-15 17:36:17 +00:00
Trez.One	6ca7560eb7	.... Gitea Branch PR, SonarQube Analyze, and Merge Workflow / Check and Create PR (push) Has been cancelled Details Gitea Branch PR, SonarQube Analyze, and Merge Workflow / Docker Compose Test (push) Has been cancelled Details Gitea Branch PR, SonarQube Analyze, and Merge Workflow / Cloudflare DNS Setup (push) Has been cancelled Details Gitea Branch PR, SonarQube Analyze, and Merge Workflow / Update README (push) Has been cancelled Details Gitea Branch PR, SonarQube Analyze, and Merge Workflow / PR Merge (push) Has been cancelled Details Gitea Branch PR, SonarQube Analyze, and Merge Workflow / Deploy via Docker Compose (push) Has been cancelled Details	2025-01-15 12:33:12 -05:00
Trez.One	2642a9897e	....	2025-01-15 12:25:44 -05:00
Trez.One	a76e7e53da	....	2025-01-15 12:24:16 -05:00
Trez.One	fe0d4f5035	....	2025-01-15 12:23:17 -05:00
Trez.One	7d7e291127	....	2025-01-15 12:21:31 -05:00
Trez.One	ef36881e15	.	2025-01-15 12:16:01 -05:00
Trez.One	4e39415f49	.	2025-01-15 12:14:27 -05:00
Trez.One	ef24bb97e5	.	2025-01-15 12:10:52 -05:00
Trez.One	88380e6991	.	2025-01-15 11:56:12 -05:00
Trez.One	fb3f0452a2	.	2025-01-15 11:55:17 -05:00
Trez.One	fe66d7a723	.	2025-01-15 11:51:44 -05:00
Trez.One	22f37bcdee	.	2025-01-15 11:42:45 -05:00
Trez.One	60351f5d11	.	2025-01-15 11:17:11 -05:00
Trez.One	1c391ceb8b	.	2025-01-15 11:01:58 -05:00
Trez.One	260c6a8aa5	Adding Mastodon container.	2025-01-15 10:53:27 -05:00
Trez.One	8c70e5b1c4	Removing extra whitespaces.	2025-01-15 10:50:24 -05:00
gitea-sonarqube-bot	4b9d2cca29	Auto Merge of PR #10 - docker-compose-deploy Merged by Trez.One	2025-01-14 13:44:55 -05:00
Trez.One	ffde329c8f	Merge remote-tracking branch 'refs/remotes/origin/main'	2025-01-14 12:34:31 -05:00
Trez.One	4e88423877	Updating workflow.	2025-01-14 12:34:20 -05:00
gitea-sonarqube-bot	2c95d98555	Auto Merge of PR #9 - docker-compose-deploy Merged by Trez.One	2025-01-14 12:25:04 -05:00
gitea-sonarqube-bot	f15e5b87f6	Auto Merge of PR #8 - docker-compose-deploy Merged by Trez.One	2025-01-14 11:40:11 -05:00
gitea-sonarqube-bot	3442ac6c7f	Auto Merge of PR #7 - docker-compose-deploy Merged by Trez.One	2025-01-14 11:18:57 -05:00
gitea-sonarqube-bot	229d683a19	Auto Merge of PR #6 - docker-compose-deploy Merged by Trez.One	2025-01-14 11:14:10 -05:00
gitea-sonarqube-bot	802a2283f6	Auto Merge of PR #5 - docker-compose-deploy Merged by Trez.One	2025-01-14 11:05:29 -05:00
gitea-sonarqube-bot	a1a8722040	Auto Merge of PR #4 - docker-compose-deploy Merged by Trez.One	2025-01-14 10:36:36 -05:00
Trez.One	8781df1332	Changing image for MariaDB.	2025-01-14 07:43:57 -05:00
Trez.One	74339125e0	Gitea version update 1.22.6 to 1.23.1.	2025-01-12 13:47:50 -05:00
gitea-sonarqube-bot	d4ca0a8ffa	Auto Merge of PR #3 - docker-compose-deploy Merged by Trez.One	2025-01-11 20:07:10 -05:00
gitea-sonarqube-bot	2f46f884e4	Auto Merge of PR #2 - docker-compose-deploy Merged by Trez.One	2025-01-09 13:29:21 -05:00
		`@@ -0,0 +1 @@`
							`{"last_found_secrets": [{"name": "Generic Password - /home/charish/app-configs/searxng_settings.yml.j2", "match": "6e0d657eb1f0fbc40cf0b8f3c3873ef627cc9cb7c4108d1c07d979c04bc8a4bb"}]}`
`@@ -1,2 +1,2 @@`
	`*/.env`	`**/.cache.ggshield`
	`*/env*`	`ansible/collections/ansible_collections/`