chore: Update README

Output var fix.
2025-06-22 12:54:16 +00:00 · 2025-06-22 08:52:17 -04:00 · 2025-06-22 08:49:44 -04:00 · 2025-06-22 08:43:45 -04:00 · 2025-06-22 08:38:51 -04:00 · 2025-06-22 08:28:45 -04:00
83 changed files with 713 additions and 318 deletions
@@ -6,6 +6,7 @@ on:
      - 'main'
    paths:
      - '**.j2'
+      - '**/pr-ansible-config-deployment.yaml'
      - 'ansible/**.yml'
 jobs:
  check-and-create-pr:
@@ -41,7 +42,7 @@ jobs:
        continue-on-error: true
        run: |
          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
+          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
      - name: Create PR
        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -49,7 +50,7 @@ jobs:
          tea login default gitea-rinoa
          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
          pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
+          tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -58,7 +59,7 @@ jobs:
          notification_title: 'GITEA: PR Check'
          notification_message: 'PR Created 🎟️'
  ansible-linting:
-    name: Docker Compose & Ansible Lints
+    name: Ansible Lint
    needs: [check-and-create-pr]
    runs-on: ubuntu-latest
    env:
@@ -68,9 +69,6 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-      - name: Fetch base branch
-        run: |
-          git fetch origin ${{ github.event.pull_request.base.ref }}
      - name: Cache Ansible Galaxy Collections
        uses: actions/cache@v3
        with:
@@ -81,11 +79,12 @@ jobs:
      - name: Install Ansible
        uses: alex-oleshkevich/setup-ansible@v1.0.1
        with:
-          version: "11.0.0"
+          version: "11.4.0"
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Install hvac
-        run: pip install hvac
+        run: |
+          pip install hvac
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -94,16 +93,17 @@ jobs:
          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
          notification_message: 'Starting Ansible dry run...'
      - name: Ansible Playbook Dry Run
-        uses: arillso/action.playbook@0.1.0
+        uses: dawidd6/action-ansible-playbook@v3
        with:
-          check: true
-          galaxy_collections_path: ansible/collections
-          galaxy_requirements_file: ansible/collections/requirements.yml
-          inventory: ansible/inventory/hosts.yml
-          playbook: ansible/docker_config_deploy.yml
-          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          directory: ansible/
+          playbook: docker_config_deploy.yml
+          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-          verbose: 0
+          requirements: collections/requirements.yml
+          options: |
+            --check
+            --inventory inventory/hosts.yml
+            -v
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -153,6 +153,10 @@ jobs:
        uses: actions/checkout@v4
        with:
          ref: main
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.12
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
@@ -162,11 +166,12 @@ jobs:
      - name: Install Ansible
        uses: alex-oleshkevich/setup-ansible@v1.0.1
        with:
-          version: "11.0.0"
+          version: "11.4.0"
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Install hvac
-        run: pip install hvac
+        run: |
+          pip install hvac
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -175,15 +180,15 @@ jobs:
          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
          notification_message: 'Starting config deployment with Ansible...'
      - name: Ansible Playbook Config Deploy
-        uses: arillso/action.playbook@0.1.0
+        uses: dawidd6/action-ansible-playbook@v3
        with:
-          check: false
-          galaxy_collections_path: ansible/collections
-          galaxy_requirements_file: ansible/collections/requirements.yml
-          inventory: ansible/inventory/hosts.yml
-          playbook: ansible/docker_config_deploy.yml
-          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          directory: ansible/
+          playbook: docker_config_deploy.yml
+          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+          requirements: collections/requirements.yml
+          options: |
+            --inventory inventory/hosts.yml
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -42,7 +42,7 @@ jobs:
        continue-on-error: true
        run: |
          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
+          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
      - name: Create PR
        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -50,7 +50,7 @@ jobs:
          tea login default gitea-rinoa
          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
          pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
+          tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -58,26 +58,25 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Check'
          notification_message: 'PR Created 🎟️'
-  docker-compose-dry-run:
-    name: Docker Compose Dry Run
-    needs: [check-and-create-pr]
+  generate-service-list:
+    name: Generate list of added/modified/deleted services
    runs-on: ubuntu-latest
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_NAMESPACE: ""
-      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
+    needs: [check-and-create-pr]
    outputs:
-      svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
+      svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Fetch base branch
        run: |
          git fetch origin ${{ github.event.pull_request.base.ref }}
-      - name: Login to Gitea Container Registry
-        run: |
-          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Services TBD'
+          notification_message: 'Generating list of services to deploy...'
      - name: Save both versions of docker-compose.yml
        run: |
          git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
@@ -107,8 +106,29 @@ jobs:
          echo "Detected service changes:"
          cat service_changes.txt

-          svc_list=$(paste -sd '|' service_changes.txt)
-          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
+          mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq)
+          echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
+          echo "$mod_svcs" >> "$GITHUB_OUTPUT"
+          echo "EOF" >> "$GITHUB_OUTPUT"
+      - name: Testing service list output
+        run: |
+          echo -e "${{ steps.detect_services.outputs.docker_svc_list }}"
+  docker-compose-dry-run:
+    name: Docker Compose Dry Run
+    needs: [generate-service-list]
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
+      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
+      DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to Gitea Container Registry
+        run: |
+          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Gotify Notification
@@ -118,34 +138,20 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
          notification_message: 'Starting Docker Compose dry run...'
-      - name: Cache .env Files
-        uses: actions/cache@v4
-        with:
-          path: .env
-          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
-      - name: Generate modified services list & .env file for Docker Compose Dry Run
-        id: modded_svcs
+      - name: Generate .env file for Docker Compose
        run: |
-          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
-          echo ${mod_svcs}
          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
-      - name: Testing service list output
-        run: |
-          echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
+          echo ${DOCKER_SVC_LIST}
      - name: Docker Compose Dry Run
-        timeout-minutes: 360
-        continue-on-error: true
-        uses: keatonLiu/docker-compose-remote-action@v1.2
-        with:
-          docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing ${{ steps.modded_svcs.outputs.rinoa_svcs }}
-          ssh_user: gitea-deploy
-          ssh_host: 192.168.1.254
-          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
-          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
+        uses: hoverkraft-tech/compose-action@v2.2.0
        env:
          DOCKER_HOST: tcp://dockerproxy:2375
+        with:
+          services: |
+            ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+          up-flags: -d --remove-orphans --dry-run
+          down-flags: --dry-run
+          compose-flags: --dry-run
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -155,7 +161,7 @@ jobs:
          notification_message: 'Docker Compose dry run completed successfully.'
  cloudflare-dns-setup:
    name: Cloudflare DNS Setup
-    needs: [docker-compose-ansible-lints]
+    needs: [docker-compose-dry-run]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
@@ -296,12 +302,13 @@ jobs:
  docker-compose-deploy:
    name: Docker Compose Deployment
    runs-on: ubuntu-latest
-    needs: [pr-merge]
+    needs: [generate-service-list, docker-compose-dry-run, pr-merge]
    env:
      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
      DOCKER_HOST: tcp://dockerproxy:2375
      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
+      DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -313,10 +320,6 @@ jobs:
        with:
          path: /opt/hostedtoolcache/vault/1.18.0/x64
          key: vault-${{ runner.os }}-1.18.0
-      - name: Install Ansible
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
-        with:
-          version: "11.0.0"
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Login to Gitea Container Registry
@@ -332,17 +335,22 @@ jobs:
      - name: Generate .env file for deployment
        run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
+           echo ${DOCKER_SVC_LIST}
      - name: Docker Compose Deployment
-        timeout-minutes: 360
-        continue-on-error: true
-        uses: keatonLiu/docker-compose-remote-action@v1.2
+        uses: hoverkraft-tech/compose-action@v2.2.0
+        env:
+          DOCKER_HOST: tcp://dockerproxy:2375
        with:
-          docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing ${{ docker-compose-dry-run.outputs.svc_deploy_list }}
-          ssh_user: gitea-deploy
-          ssh_host: 192.168.1.254
-          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
-          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
+          services: |
+            ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+          up-flags: -d --remove-orphans
+          down-flags: --dry-run
+      - name: Check Services' Healthiness
+        uses: thegabriele97/dockercompose-health-action@main
+        with:
+          filename: 'docker-compose.yml'
+          timeout: '180'
+          workdir: '.'
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -1,7 +1,8 @@
 name: Auto-Unseal for Vault
 on:
+  workflow_dispatch:
  schedule:
-    - cron: "30 2 * * *"
+    - cron: "0 5 * * *"
 jobs:
  auto-unseal:
    name: Unseal Vault
@@ -19,6 +19,7 @@
 | browserless | ghcr.io/browserless/chromium:latest |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
+| chrome | gcr.io/zenika-hub/alpine-chrome:123 |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
 | convertx | ghcr.io/c4illin/convertx |
 | cronicle | elestio/cronicle:latest |
@@ -39,7 +40,7 @@
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
 | freescout | tiredofit/freescout:latest |
 | ghost | ghost:latest |
-| gitea | gitea/gitea:1.23.1 |
+| gitea | gitea/gitea:1.24.0 |
 | gitea-db | postgres:14 |
 | gitea-runner | gitea/act_runner:latest |
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
@@ -72,6 +73,7 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
+| karakeep | ghcr.io/karakeep-app/karakeep:release |
 | languagetool | elestio/languagetool:latest |
 | librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
 | librechat-vectordb | ankane/pgvector:latest |
@@ -90,7 +92,7 @@
 | maxun-backend | getmaxun/maxun-backend:latest |
 | maxun-frontend | getmaxun/maxun-frontend:latest |
 | maxun-pg-db | postgres:13-alpine |
-| meilisearch | getmeili/meilisearch:v1.12.3 |
+| meilisearch | getmeili/meilisearch:v1.13.3 |
 | minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
 | mixpost | inovector/mixpost:latest |
 | mongodb | bitnami/mongodb:7.0 |
@@ -106,6 +108,8 @@
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
+| planka | ghcr.io/plankanban/planka:2.0.0-rc.3 |
+| planka-pg-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
 | portainer | portainer/portainer-ce:alpine |
 | portnote-web | haedlessdev/portnote:latest |
@@ -130,13 +134,14 @@
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
 | semaphore | semaphoreui/semaphore:v2.12.14 |
-| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
-| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
-| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
 | signoz-app | signoz/signoz:v0.86.2 |
+| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
+| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
+| signoz-logspout | pavanputhra/logspout-signoz |
 | signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
-| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
 | signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
+| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
+| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
@@ -151,7 +156,6 @@
 | unmanic | josh5/unmanic:latest |
 | uptimekuma | louislam/uptime-kuma:latest |
 | vault | hashicorp/vault:latest |
-| wallabag | wallabag/wallabag |
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |
@@ -0,0 +1,6 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+urls:
+  - gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
+  - mailto://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
@@ -1,6 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-urls:
-  - gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
-  - mailtos://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
@@ -0,0 +1,65 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+source: journalctl
+journalctl_filter:
+  - "--directory=/var/log/host/"
+labels:
+  type: syslog
+---
+filenames:
+  - /var/log/swag/*
+labels:
+  type: nginx
+---
+filenames:
+  - /var/log/auth/auth.log
+labels:
+  type: syslog
+---
+filenames:
+  - /var/lib/mysql/log/mysql/*
+  - /var/lib/mysql/databases/*.err
+  - /var/lib/mysql/databases/*.log
+labels:
+  type: mariadb
+---
+source: docker
+container_name:
+  - adguard
+labels:
+  type: adguardhome
+---
+source: docker
+container_name:
+ - mongodb
+labels:
+  type: mongodb
+---
+source: docker
+container_name:
+ - immich-server
+labels:
+  type: immich
+---
+source: docker
+container_name:
+ - uptimekuma
+labels:
+  type: uptime-kuma
+---
+source: docker
+container_name:
+ - jellyfin
+labels:
+  type: jellyfin
+---
+source: docker
+container_name:
+ - navidrome
+labels:
+  type: navidrome
+---
+filenames:
+  - /var/log/audiobookshelf/*.txt
+labels:
+  type: audiobookshelf
@@ -0,0 +1,51 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+common:
+  daemonize: false
+  log_media: stdout
+  log_level: info
+  log_dir: /var/log/
+config_paths:
+  config_dir: /etc/crowdsec/
+  data_dir: /var/lib/crowdsec/data/
+  simulation_path: /etc/crowdsec/simulation.yaml
+  hub_dir: /etc/crowdsec/hub/
+  index_path: /etc/crowdsec/hub/.index.json
+  notification_dir: /etc/crowdsec/notifications/
+  plugin_dir: /usr/local/lib/crowdsec/plugins/
+crowdsec_service:
+  acquisition_path: /etc/crowdsec/acquis.yaml
+  acquisition_dir: /etc/crowdsec/acquis.d
+  parser_routines: 1
+plugin_config:
+  user: nobody
+  group: nobody
+cscli:
+  output: human
+db_config:
+  log_level: info
+  type: sqlite
+  db_path: /var/lib/crowdsec/data/crowdsec.db
+  flush:
+    max_items: 5000
+    max_age: 7d
+  use_wal: false
+api:
+  client:
+    insecure_skip_verify: false
+    credentials_path: /etc/crowdsec/local_api_credentials.yaml
+  server:
+    log_level: info
+    listen_uri: 0.0.0.0:8080
+    profiles_path: /etc/crowdsec/profiles.yaml
+    trusted_ips: # IP ranges, or IPs which can have admin API access
+      - 127.0.0.1
+      - ::1
+    online_client: # Central API credentials (to push signals and receive bad IPs)
+      credentials_path: /etc/crowdsec/online_api_credentials.yaml
+    enable: true
+prometheus:
+  enabled: true
+  level: full
+  listen_addr: 0.0.0.0
+  listen_port: 6060
@@ -0,0 +1,6 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+url: https://api.crowdsec.net/
+login: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
+password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_ONLINE_PASSWORD'] }}
@@ -1,15 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-
-source: journalctl
-journalctl_filter: 
-  - "--directory=/var/log/host/"
-labels:
-  type: syslog
---
-filenames:
-  - /var/log/swag/*
-labels:
-  type: nginx
---
@@ -26,7 +26,7 @@ layout:
    columns: 4
  Infrastructure/App Performance Monitoring:
    style: row
-    columns: 3
+    columns: 5
  Code/DevOps:
    style: row
    columns: 3
@@ -35,22 +35,38 @@ layout:
    columns: 4
  Lifestyle:
    style: row
-    columns: 3
+    columns: 4
  Automation:
    style: row
    columns: 5
  Privacy/Security:
    style: row
+<<<<<<< Updated upstream
    columns: 5
-  Personal/Professional Services:
+  Personal Tools:
    style: row
    columns: 5
+<<<<<<< HEAD
+=======
+    columns: 3
+  Personal Tools:
+    style: row
+    columns: 3
+  Professional Services:
+    style: row
+    columns: 3
+>>>>>>> Stashed changes
+=======
+  Professional Tools:
+    style: row
+    columns: 3
+>>>>>>> refs/remotes/origin/main
  Servarr Stack:
    style: row
    columns: 3
  Downloaders:
    style: row
-    columns: 2
+    columns: 
  Media Library:
    style: row
    columns: 3
@@ -13,6 +13,10 @@ containers:
  invidious:
    keywords:
      - regex: 'Error reading.*Connection reset by peer trying to reconnect...'
+  scrutiny:
+    action_keywords:
+      - restart:
+          regex: s6.*fatal
 global_keywords:
  keywords:
    - panic
@@ -0,0 +1,106 @@
+receivers:
+  httplogreceiver/json:
+    endpoint: 0.0.0.0:8082
+    source: json
+  otlp:
+    protocols:
+      grpc:
+        endpoint: 0.0.0.0:4317
+      http:
+        endpoint: 0.0.0.0:4318
+  prometheus:
+    config:
+      global:
+        scrape_interval: 60s
+      scrape_configs:
+        - job_name: otel-collector
+          static_configs:
+          - targets:
+              - localhost:8888
+            labels:
+              job_name: otel-collector
+processors:
+  batch:
+    send_batch_size: 10000
+    send_batch_max_size: 11000
+    timeout: 10s
+  resourcedetection:
+    # Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
+    detectors: [env, system]
+    timeout: 2s
+  signozspanmetrics/delta:
+    metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
+    metrics_flush_interval: 60s
+    latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
+    dimensions_cache_size: 100000
+    aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
+    enable_exp_histogram: true
+    dimensions:
+      - name: service.namespace
+        default: default
+      - name: deployment.environment
+        default: default
+      # This is added to ensure the uniqueness of the timeseries
+      # Otherwise, identical timeseries produced by multiple replicas of
+      # collectors result in incorrect APM metrics
+      - name: signoz.collector.id
+      - name: service.version
+      - name: browser.platform
+      - name: browser.mobile
+      - name: k8s.cluster.name
+      - name: k8s.node.name
+      - name: k8s.namespace.name
+      - name: host.name
+      - name: host.type
+      - name: container.name
+extensions:
+  health_check:
+    endpoint: 0.0.0.0:13133
+  pprof:
+    endpoint: 0.0.0.0:1777
+exporters:
+  clickhousetraces:
+    datasource: tcp://clickhouse:9000/signoz_traces
+    low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
+    use_new_schema: true
+  clickhousemetricswrite:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    disable_v2: true
+    resource_to_telemetry_conversion:
+      enabled: true
+  clickhousemetricswrite/prometheus:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    disable_v2: true
+  signozclickhousemetrics:
+    dsn: tcp://clickhouse:9000/signoz_metrics
+  clickhouselogsexporter:
+    dsn: tcp://clickhouse:9000/signoz_logs
+    timeout: 10s
+    use_new_schema: true
+  # debug: {}
+service:
+  telemetry:
+    logs:
+      encoding: json
+    metrics:
+      address: 0.0.0.0:8888
+  extensions:
+    - health_check
+    - pprof
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [signozspanmetrics/delta, batch]
+      exporters: [clickhousetraces]
+    metrics:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [clickhousemetricswrite, signozclickhousemetrics]
+    metrics/prometheus:
+      receivers: [prometheus]
+      processors: [batch]
+      exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
+    logs:
+      receivers: [otlp, tcplog/docker, httplogreceiver/json]
+      processors: [batch]
+      exporters: [clickhouselogsexporter]
@@ -0,0 +1 @@
+server_endpoint: ws://signoz-app:4320/v1/opamp
@@ -1 +0,0 @@
-server_endpoint: ws://signoz:4320/v1/opamp
@@ -1 +0,0 @@
-server_endpoint: ws://signoz:4320/v1/opamp
@@ -1,20 +1,52 @@
---
 - name: Deploy Docker Service Configurations
  hosts: rinoa
  vars:
    appdata_base_path: "~/.docker/config/appdata"
+    template_base_path: "{{ playbook_dir }}/app-configs"
+    local_render_dir: "/tmp/rendered_templates"  # Temp directory on control node

  tasks:
-    - name: Ensure target directories exist
+
+    - name: Ensure local render directory exists
      ansible.builtin.file:
-        path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
+        path: "{{ local_render_dir }}"
        state: directory
        mode: '0755'
-      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
+      delegate_to: localhost
+      run_once: true

-    - name: Deploy configuration templates
+    - name: Recursively collect all Jinja2 templates (*.j2)
+      ansible.builtin.find:
+        paths: "{{ template_base_path }}"
+        patterns: "*.j2"
+        recurse: true
+      register: template_files
+      delegate_to: localhost
+      run_once: true
+
+    - name: Render templates locally
      ansible.builtin.template:
-        src: "{{ item }}"
-        dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
+        src: "{{ item.path }}"
+        dest: "{{ local_render_dir }}/{{ item.path | regex_replace('^' + (template_base_path | regex_escape) + '/', '') | regex_replace('\\.j2$', '') }}"
        mode: '0644'
-      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
+      loop: "{{ template_files.files }}"
+      delegate_to: localhost
+      loop_control:
+        label: "{{ item.path | basename }}"
+      run_once: true
+
+    - name: Copy rendered templates to remote host
+      ansible.builtin.copy:
+        src: "{{ local_render_dir }}/{{ item.path | regex_replace('^' + (template_base_path | regex_escape) + '/', '') | regex_replace('\\.j2$', '') }}"
+        dest: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + (template_base_path | regex_escape) + '/', '') | regex_replace('\\.j2$', '') }}"
+        mode: '0644'
+      loop: "{{ template_files.files }}"
+      loop_control:
+        label: "{{ item.path | basename }}"
+
+    - name: Clean up local render directory
+      ansible.builtin.file:
+        path: "{{ local_render_dir }}"
+        state: absent
+      delegate_to: localhost
+      run_once: true
@@ -33,9 +33,9 @@ x-maxun: &maxun-env
    REDIS_PORT: 6379
    BACKEND_PORT: 8080
    FRONTEND_PORT: 5173
-    BACKEND_URL: http://maxun-backend:8080
+    BACKEND_URL: https://scrape.trez.wtf/api
    PUBLIC_URL: https://scrape.trez.wtf
-    VITE_BACKEND_URL: http://maxun-backend:8080
+    VITE_BACKEND_URL: https://scrape.trez.wtf/api
    VITE_PUBLIC_URL: https://scrape.trez.wtf
    MAXUN_TELEMETRY: true
    PLAYWRIGHT_BROWSERS_PATH: /ms-playwright
@@ -153,6 +153,7 @@ services:
      homepage.widget.username: admin
      homepage.widget.password: ${ADGUARD_PASSWORD}
    network_mode: host
+    privileged: true
    # ports:
    #   - "192.168.1.254:53:53/udp"
    #   - "192.168.1.254:53:53/tcp"
@@ -179,6 +180,11 @@ services:
      APPRISE_STATEFUL_MODE: simple
    image: lscr.io/linuxserver/apprise-api:latest
    labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: apprise.trez.wtf
+      cloudflare.tunnel.service: http://apprise:8000
+      cloudflare.tunnel.zonename: trez.wtf
+      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Apprise
      homepage.icon: apprise.png
@@ -203,7 +209,7 @@ services:
      SEARCH_BACKEND_ENGINE: ripgrep       # tells ArchiveBox to use sonic container below for fast full-text search
    image: archivebox/archivebox:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: ArchiveBox
      homepage.href: https://archive.${MY_TLD}
      homepage.icon: archivebox.png
@@ -448,8 +454,8 @@ services:
    image: vaultwarden/server:latest
    labels:
      homepage.group: Privacy/Security
-      homepage.name: Bitwarden
-      homepage.icon: bitwarden.png
+      homepage.name: Vaultwarden
+      homepage.icon: vaultwarden.svg
      homepage.href: https://bitwarden.${MY_TLD}
      homepage.description: Credential/Information Vault
      swag: enable
@@ -615,6 +621,17 @@ services:
    restart: unless-stopped
    volumes:
      - castopod-media:/var/www/castopod/public/media
+  chrome:
+    container_name: chrome
+    command:
+      - --no-sandbox
+      - --disable-gpu
+      - --disable-dev-shm-usage
+      - --remote-debugging-address=0.0.0.0
+      - --remote-debugging-port=9222
+      - --hide-scrollbars
+    image: gcr.io/zenika-hub/alpine-chrome:123
+    restart: unless-stopped
  cloudflareddns:
    container_name: cloudflareddns
    environment:
@@ -708,11 +725,35 @@ services:
        - ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app
  crowdsec:
    container_name: crowdsec
+    depends_on:
+      - swag
    environment:
      DOCKER_HOST: tcp://dockerproxy:2375
      GID: 1000
-      BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
-      COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
+      BOUNCER_KEY_SWAG: ${CROWDSEC_SWAG_API_KEY}
+      COLLECTIONS: >-
+        corvese/apache-guacamole
+        crowdsecurity/home-assistant
+        crowdsecurity/http-cve
+        crowdsecurity/iptables
+        crowdsecurity/linux
+        crowdsecurity/mariadb
+        crowdsecurity/nextcloud
+        crowdsecurity/nginx
+        crowdsecurity/whitelist-good-actors
+        Dominic-Wagner/vaultwarden
+        gauth-fr/immich
+        LePresidente/adguardhome
+        LePresidente/authelia
+        LePresidente/gitea
+        LePresidente/jellyfin
+        LePresidente/ombi
+        plague-doctor/audiobookshelf
+        schiz0phr3ne/sonarr
+        sdwilsh/navidrome
+        timokoessler/mongodb
+        timokoessler/uptime-kuma
+        xs539/joplin-server
    image: crowdsecurity/crowdsec:latest
    networks:
      default: null
@@ -722,36 +763,14 @@ services:
    security_opt:
      - no-new-privileges=true
    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local
-        target: /etc/crowdsec/config.yaml.local
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/crowdsec/local_api_credentials.yaml.local
-        target: /etc/crowdsec/local_api_credentials.yaml.local
-        type: bind
-        bind:
-          create_host_path: true
-      - read_only: true
-        source: ${DOCKER_VOLUME_CONFIG}/swag/log/nginx
-        target: /var/log/swag
-        type: bind
-        bind:
-          create_host_path: true
-      - source: crowdsec-config
-        target: /etc/crowdsec
-        type: volume
-        volume: {}
-      - source: crowdsec-db
-        target: /var/lib/crowdsec/data
-        type: volume
-        volume: {}
-      - bind:
-          create_host_path: true
-        read_only: true
-        source: /var/log/journal
-        target: /var/log/host
-        type: bind
+      # - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
+      - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG
+      - ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB
+      - ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata/logs:/var/log/audiobookself:ro # Audiobookshelf
+      - crowdsec-config:/etc/crowdsec
+      - crowdsec-db:/var/lib/crowdsec/data
+      - /var/log/journal:/var/log/host/journal:ro
+      - /var/log/auth.log:/var/log/host/auth.log:ro
  crowdsec-dashboard:
    container_name: crowdsec-dashboard
    depends_on:
@@ -786,11 +805,7 @@ services:
      - 8908:3000
    restart: always
    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
-      - source: crowdsec-db
-        target: /data/
-        type: volume
-        volume: {}
+      - crowdsec-db:/data/
  cyber-chef:
    container_name: cyber-chef
    image: mpepping/cyberchef:latest
@@ -868,7 +883,7 @@ services:
    entrypoint: web-entrypoint.sh
    environment:
      RAILS_ENV: development
-      REDIS_URL: redis://redis:6379/
+      REDIS_URL: redis://redis:6379
      DATABASE_HOST: dawarich-pg-db
      DATABASE_USERNAME: dawarich
      DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -891,7 +906,7 @@ services:
      timeout: 10s
    image: freikin/dawarich:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Privacy/Security
      homepage.name: Dawarich
      homepage.href: https://loc.${MY_TLD}
      homepage.icon: dawarich.svg
@@ -920,7 +935,7 @@ services:
      POSTGRES_USER: dawarich
      POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD}
    healthcheck:
-      test: [ "CMD-SHELL", "pg_isready -U postgres -d dawarich_development" ]
+      test: [ "CMD-SHELL", "pg_isready -U dawarich -d dawarich" ]
      interval: 10s
      retries: 5
      start_period: 30s
@@ -952,7 +967,7 @@ services:
    entrypoint: sidekiq-entrypoint.sh
    environment:
      RAILS_ENV: development
-      REDIS_URL: redis://redis:6379/
+      REDIS_URL: redis://redis:6379
      DATABASE_HOST: dawarich-pg-db
      DATABASE_USERNAME: dawarich
      DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -1067,6 +1082,7 @@ services:
      homepage.icon: /icons/dockflare.png
      homepage.description: Cloudflare Tunnel controller
      swag: enable
+      swag_auth: authelia
      swag_proto: http
      swag_url: cftunn.${MY_TLD}
      swag.uptime-kuma.enabled: true
@@ -1148,7 +1164,7 @@ services:
    container_name: excalidraw
    image: 'excalidraw/excalidraw:latest'
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: Excalidraw
      homepage.href: https://draw.${MY_TLD}
      homepage.icon: excalidraw.svg
@@ -1284,7 +1300,7 @@ services:
      TIMEZONE: ${TZ}
    image: tiredofit/freescout:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Professional Services
      homepage.name: FreeScout
      homepage.icon: sh-freescout.svg
      homepage.href: https://support.${MY_TLD}
@@ -1367,8 +1383,12 @@ services:
      GITEA__mailer__SMTP_PORT: 25
      GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
      GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
-    image: gitea/gitea:1.23.1
+    image: gitea/gitea:1.24.0
    labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: git-ssh.trez.wtf
+      cloudflare.tunnel.service: http://gitea:22
+      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Code/DevOps
      homepage.name: Gitea
      homepage.href: https://git.${MY_TLD}
@@ -1417,9 +1437,7 @@ services:
    healthcheck:
      interval: 10s
      start_period: 20s
-      test:
-        - CMD-SHELL
-        - pg_isready
+      test: ["CMD-SHELL", "pg_isready -U gitea -d gitea"]
    image: postgres:14
    networks:
      default: null
@@ -1443,6 +1461,7 @@ services:
    image: gitea/act_runner:latest
    ports:
      - 63604:63604
+    profiles: ["ci-exclude"]
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml
@@ -1687,7 +1706,7 @@ services:
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://it-services.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Personal/Professional Services
+      homepage.group: Professional Services
      homepage.name: Hugo
      homepage.href: https://it-services.${MY_TLD}
      homepage.icon: hugo.svg
@@ -2027,7 +2046,7 @@ services:
      swag_url: biz.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
-      homepage.group: Personal/Professional Services
+      homepage.group: Professional Services
      homepage.name: Invoice Ninja
      homepage.href: https://biz.${MY_TLD}
      homepage.icon: invoice-ninja.svg
@@ -2636,7 +2655,7 @@ services:
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://meet.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Social
+      homepage.group: Professional Services
      homepage.name: Jitsi
      homepage.href: https://meet.${MY_TLD}
      homepage.icon: jitsi.png
@@ -2707,7 +2726,7 @@ services:
      POSTGRES_HOST: joplin-db
    image: joplin/server:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: Joplin
      homepage.href: https://notes.${MY_TLD}
      homepage.icon: joplin.svg
@@ -2722,6 +2741,36 @@ services:
    ports:
      - 22300:22300
    restart: unless-stopped
+  karakeep:
+    container_name: karakeep
+    image: ghcr.io/karakeep-app/karakeep:release
+    environment:
+      BROWSER_WEB_URL: http://chrome:9222
+      DATA_DIR: /data
+      INFERENCE_TEXT_MODEL: llama3.3:latest
+      INFERENCE_IMAGE_MODEL: llava:latest
+      MEILI_ADDR: http://meilisearch:7700
+      NEXTAUTH_SECRET: ${KARAKEEP_NEXTAUTH_SECRET}
+      NEXTAUTH_URL: https://kkeep.${MY_TLD}
+      OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
+      OLLAMA_BASE_URL: http://ollama:11434
+    labels:
+      homepage.group: Lifestyle
+      homepage.name: Karakeep
+      homepage.href: https://kkeep.${MY_TLD}
+      homepage.icon: karakeep-dark.svg
+      homepage.description: Self-hosted bookmark-everything app with a touch of AI for data hoarders
+      swag: enable
+      swag_url: kkeep.${MY_TLD}
+      swag_port: 3000
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://notes.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 24977:3000
+    restart: unless-stopped
+    volumes:
+      - karakeep-data:/data
  languagetool:
    container_name: languagetool
    environment:
@@ -2748,7 +2797,7 @@ services:
      RAG_API_URL: http://librechat-rag-api:8000
    image: ghcr.io/danny-avila/librechat-dev:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: LibreChat
      homepage.href: https://ai.${MY_TLD}
      homepage.icon: sh-librechat.svg
@@ -3184,10 +3233,12 @@ services:
      - 8080
    image: getmaxun/maxun-backend:latest
    mem_limit: 2g   # Set a 2GB memory limit
+    ports:
+      - 8369:8080
+    restart: unless-stopped
    security_opt:
      - seccomp=unconfined  # This might help with browser sandbox issues
    shm_size: '2gb' # Increase shared memory size for Chromium
-    restart: unless-stopped
    volumes:
      - /var/run/dbus:/var/run/dbus
  maxun-frontend:
@@ -3201,10 +3252,14 @@ services:
      swag_proto: http
      swag_port: 5173
      swag_url: scrape.${MY_TLD}
+      swag_server_custom_directive:
+        location /api {
+              proxy_pass http://maxun-backend:8080;
+        }
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://scrape.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: Maxun
      homepage.href: https://scrape.${MY_TLD}
      homepage.icon: sh-maxun.svg
@@ -3235,7 +3290,9 @@ services:
      MEILI_HOST: http://meilisearch:7700
      MEILI_NO_ANALYTICS: true
      MEILI_MASTER_KEY: ${MEILISEARCH_MASTER_KEY}
-    image: getmeili/meilisearch:v1.12.3
+    image: getmeili/meilisearch:v1.13.3
+    ports:
+      - 7700:7700
    restart: always
    user: ${PUID}:${PGID}
    volumes:
@@ -3464,6 +3521,11 @@ services:
      PORT: 20211
    image: jokobsk/netalertx:latest
    labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: net.trez.wtf
+      cloudflare.tunnel.service: http://192.168.1.254:20211
+      cloudflare.tunnel.zonename: trez.wtf
+      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: NetAlertX
      homepage.href: http://192.168.1.254:20211
@@ -3495,7 +3557,7 @@ services:
      - 11000
    image: nextcloud/all-in-one:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Privacy/Security
      homepage.name: NextCloud
      homepage.href: https://cloud.${MY_TLD}
      homepage.icon: nextcloud.svg
@@ -3572,7 +3634,7 @@ services:
    container_name: omni-tools
    image: iib0011/omni-tools:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: OmniTools
      homepage.href: https://otools.${MY_TLD}
      homepage.icon: sh-omnitools.svg
@@ -3605,7 +3667,7 @@ services:
      - 80
    image: kweg/omnipoly:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: OmniPoly
      homepage.href: https://translate.${MY_TLD}
      homepage.icon: sh-omnipoly.svg
@@ -3646,7 +3708,7 @@ services:
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://docs.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.name: Paperless-ngx
      homepage.href: https://docs.${MY_TLD}
      homepage.icon: paperless-ngx.svg
@@ -3715,6 +3777,81 @@ services:
    restart: unless-stopped
    volumes:
      - pgbackweb-data:/var/lib/postgresql/data
+  planka:
+    container_name: planka
+    depends_on:
+      planka-pg-db:
+        condition: service_healthy
+    environment:
+      BASE_URL: https://kanban.${MY_TLD}
+      DATABASE_URL: postgresql://planka:${PLANKA_PG_PASSWORD}@planka-pg-db/planka
+      SECRET_KEY: ${PLANKA_SECRET_KEY}
+      LOG_LEVEL: warn
+      TRUST_PROXY: true
+      TOKEN_EXPIRES_IN: 365 # In days
+      # KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE: false
+      DEFAULT_LANGUAGE: en-US
+      DEFAULT_ADMIN_EMAIL: noreply@${MY_TLD}
+      DEFAULT_ADMIN_PASSWORD: ${PLANKA_ADMIN_PASSWORD}
+      DEFAULT_ADMIN_NAME: Planka Rinoa
+      DEFAULT_ADMIN_USERNAME: admin
+      S3_ENDPOINT: http://minio:9000
+      S3_REGION: us-east-fh-pln
+      S3_ACCESS_KEY_ID: ${PLANKA_MINIO_ACCESS_KEY}
+      S3_SECRET_ACCESS_KEY: ${PLANKA_MINIO_SECRET_KEY}
+      S3_BUCKET: planka
+      S3_FORCE_PATH_STYLE: true
+      SMTP_HOST: postal-smtp
+      SMTP_PORT: 25
+      SMTP_NAME: noreply@${MY_TLD}
+      SMTP_SECURE: true
+      SMTP_USER: ${POSTAL_SMTP_AUTH_USER}
+      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      SMTP_FROM: '"Planka @ Rinoa" <noreply@${MY_TLD}>'
+      SMTP_TLS_REJECT_UNAUTHORIZED: false
+    image: ghcr.io/plankanban/planka:2.0.0-rc.3
+    labels:
+      homepage.group: Professional Services
+      homepage.name: Planka
+      homepage.href: https://kanban.${MY_TLD}
+      homepage.icon: planka.svg
+      homepage.description: Kanban board
+      swag: enable
+      swag_url: kanban.${MY_TLD}
+      swag_address: planka
+      # swag_server_custom_directive:
+      #   location ~* \.io {
+      #       proxy_pass http://planka:1337;
+      #   }
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://kanban.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 54476:1337
+    restart: on-failure
+    volumes:
+      - planka-favicons:/app/public/favicons
+      - planka-user-avatars:/app/public/user-avatars
+      - planka-background-images:/app/public/background-images
+      - planka-attachments:/app/private/attachments
+  planka-pg-db:
+    container_name: planka-pg-db
+    environment:
+      POSTGRES_DB: planka
+      POSTGRES_USER: planka
+      POSTGRES_PASSWORD: ${PLANKA_PG_PASSWORD}
+      POSTGRES_HOST_AUTH_METHOD: trust
+    expose:
+      - 5432
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U planka -d planka"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    image: postgres:16-alpine
+    restart: on-failure
+    volumes:
+      - planka-db-data:/var/lib/postgresql/data
  plantuml-server:
    container_name: plantuml-server
    expose:
@@ -3940,12 +4077,12 @@ services:
      homepage.group: Downloaders
      homepage.name: qBittorrent
      homepage.href: https://qbit.${MY_TLD}
-      homepage.icon: qBittorrent.svg
-      homepage.description: qbittorrentvpn over VPN
+      homepage.icon: qbittorrent.svg
+      homepage.description: Fast and stable torrent client
      homepage.widget.type: qbittorrent
      homepage.widget.url: http://qbittorrentvpn:8080
      homepage.widget.user: admin
-      homepage.widget.password: "${DELUGEVPN_PASSWORD}"
+      homepage.widget.password: ${DELUGEVPN_PASSWORD}
      swag: enable
      swag_port: 8080
      swag_proto: http
@@ -4087,7 +4224,7 @@ services:
      TZ: ${TZ}
    image: amruthpillai/reactive-resume:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Professional Services
      homepage.name: Reactive Resume
      homepage.href: https://resume.${MY_TLD}
      homepage.icon: reactive-resume.svg
@@ -4427,9 +4564,14 @@ services:
      - "/dev/sdf:/dev/sdf:rwm"
    image: ghcr.io/analogj/scrutiny:master-omnibus
    labels:
+      cloudflare.tunnel.enable: true
+      cloudflare.tunnel.hostname: smartd.trez.wtf
+      cloudflare.tunnel.service: http://scrutiny:8080
+      cloudflare.tunnel.zonename: trez.wtf
+      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Scrutiny
-      homepage.href: http://192.168.1.254:8909
+      homepage.href: https://smartd.trez.wtf
      homepage.icon: scrutiny.png
      homepage.description: WebUI for smartd S.M.A.R.T monitoring
      homepage.widget.type: scrutiny
@@ -4469,7 +4611,7 @@ services:
      SEARXNG_BASE_URL: https://search.${MY_TLD}
    image: searxng/searxng:latest
    labels:
-      homepage.group: Personal/Professional Services
+      homepage.group: Privacy/Security
      homepage.name: SearxNG
      homepage.href: https://search.${MY_TLD}
      homepage.icon: searxng.png
@@ -4536,57 +4678,6 @@ services:
      - semaphore_config:/etc/semaphore
      - semaphore_data:/var/lib/semaphore
      - semaphore_tmp:/tmp/semaphore
-  signoz-init-clickhouse:
-    <<: *signoz-common
-    container_name: signoz-init-clickhouse
-    command:
-      - bash
-      - -c
-      - |
-        version="v0.0.1"
-        node_os=$$(uname -s | tr '[:upper:]' '[:lower:]')
-        node_arch=$$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
-        echo "Fetching histogram-binary for $${node_os}/$${node_arch}"
-        cd /tmp
-        wget -O histogram-quantile.tar.gz "https://github.com/SigNoz/signoz/releases/download/histogram-quantile%2F$${version}/histogram-quantile_$${node_os}_$${node_arch}.tar.gz"
-        tar -xvzf histogram-quantile.tar.gz
-        mv histogram-quantile /var/lib/clickhouse/user_scripts/histogramQuantile
-    image: clickhouse/clickhouse-server:24.1.2-alpine
-    restart: on-failure
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
-  signoz-zookeeper-1:
-    <<: *signoz-zookeeper-defaults
-    container_name: signoz-zookeeper-1
-    environment:
-      ZOO_SERVER_ID: 1
-      ALLOW_ANONYMOUS_LOGIN: yes
-      ZOO_AUTOPURGE_INTERVAL: 1
-      ZOO_ENABLE_PROMETHEUS_METRICS: yes
-      ZOO_PROMETHEUS_METRICS_PORT_NUMBER: 9141
-    # ports:
-    #   - "2181:2181"
-    #   - "2888:2888"
-    #   - "3888:3888"
-    volumes:
-      - signoz-zookeeper-1:/bitnami/zookeeper
-  signoz-clickhouse:
-    <<: *signoz-clickhouse-defaults
-    container_name: signoz-clickhouse
-    expose:
-      - 9000
-    ports:
-    #   - "9000:9000"
-      - "8123:8123"
-      - "9181:9181"
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
-      - signoz-clickhouse:/var/lib/clickhouse/
-      # - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz-app:
    <<: *signoz-db-depend
    container_name: signoz-app
@@ -4632,6 +4723,56 @@ services:
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/prometheus.yml:/root/config/prometheus.yml
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/dashboards:/root/config/dashboards
      - signoz-sqlite:/var/lib/signoz/
+  signoz-clickhouse:
+    <<: *signoz-clickhouse-defaults
+    container_name: signoz-clickhouse
+    expose:
+      - 9000
+    ports:
+    #   - "9000:9000"
+      - "8123:8123"
+      - "9181:9181"
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
+      - signoz-clickhouse:/var/lib/clickhouse/
+      # - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
+  signoz-init-clickhouse:
+    <<: *signoz-common
+    container_name: signoz-init-clickhouse
+    command:
+      - bash
+      - -c
+      - |
+        version="v0.0.1"
+        node_os=$$(uname -s | tr '[:upper:]' '[:lower:]')
+        node_arch=$$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
+        echo "Fetching histogram-binary for $${node_os}/$${node_arch}"
+        cd /tmp
+        wget -O histogram-quantile.tar.gz "https://github.com/SigNoz/signoz/releases/download/histogram-quantile%2F$${version}/histogram-quantile_$${node_os}_$${node_arch}.tar.gz"
+        tar -xvzf histogram-quantile.tar.gz
+        mv histogram-quantile /var/lib/clickhouse/user_scripts/histogramQuantile
+    image: clickhouse/clickhouse-server:24.1.2-alpine
+    restart: on-failure
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
+  signoz-logspout:
+    command: signoz://signoz-otel-collector:8082
+    container_name: signoz-logspout
+    depends_on:
+      signoz-otel-collector:
+        required: true
+        condition: service_started
+    environment:
+      ENV: prod
+      SIGNOZ_LOG_ENDPOINT: http://signoz-otel-collector:8082
+    image: pavanputhra/logspout-signoz
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
  signoz-otel-collector:
    <<: *signoz-db-depend
    container_name: signoz-otel-collector
@@ -4651,13 +4792,23 @@ services:
      # - "1777:1777"     # pprof extension
      - "4317:4317" # OTLP gRPC receiver
      - "4318:4318" # OTLP HTTP receiver
+      - 8082:8082 # Logspout collection (https://signoz.io/blog/logspout-signoz-setup/)
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-config.yaml:/etc/otel-collector-config.yaml
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
+  signoz-schema-migrator-async:
+    <<: *signoz-db-depend
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
+    container_name: signoz-schema-migrator-async
+    command:
+      - async
+      - --dsn=tcp://signoz-clickhouse:9000
+      - --up=
+    restart: on-failure
  signoz-schema-migrator-sync:
    <<: *signoz-common
    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
-    container_name: schema-migrator-sync
+    container_name: signoz-schema-migrator-sync
    command:
      - sync
      - --dsn=tcp://signoz-clickhouse:9000
@@ -4666,15 +4817,21 @@ services:
      signoz-clickhouse:
        condition: service_healthy
    restart: on-failure
-  signoz-schema-migrator-async:
-    <<: *signoz-db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
-    container_name: schema-migrator-async
-    command:
-      - async
-      - --dsn=tcp://signoz-clickhouse:9000
-      - --up=
-    restart: on-failure
+  signoz-zookeeper-1:
+    <<: *signoz-zookeeper-defaults
+    container_name: signoz-zookeeper-1
+    environment:
+      ZOO_SERVER_ID: 1
+      ALLOW_ANONYMOUS_LOGIN: yes
+      ZOO_AUTOPURGE_INTERVAL: 1
+      ZOO_ENABLE_PROMETHEUS_METRICS: yes
+      ZOO_PROMETHEUS_METRICS_PORT_NUMBER: 9141
+    # ports:
+    #   - "2181:2181"
+    #   - "2888:2888"
+    #   - "3888:3888"
+    volumes:
+      - signoz-zookeeper-1:/bitnami/zookeeper
  sonarqube:
    container_name: sonarqube
    depends_on:
@@ -4724,7 +4881,7 @@ services:
      POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD}
      POSTGRES_DB: sonar
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready"]
+      test: ["CMD-SHELL", "pg_isready -U sonar -d sonar"]
      interval: 10s
      timeout: 5s
      retries: 5
@@ -4862,7 +5019,7 @@ services:
      - CLI_ARGS=--allow-code --medvram --xformers --enable-insecure-extension-access --api
    labels:
      homepage.name: Stable-Diffusion WebUI
-      homepage.group: Personal/Professional Services
+      homepage.group: Personal Tools
      homepage.description: Deep learning, text-to-image model
      homepage.href: https://sd.${MY_TLD}
      homepage.icon: /icons/stable-diffusion.png
@@ -4892,7 +5049,7 @@ services:
    image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
    labels:
      homepage.name: Stirling-PDF
-      homepage.group: Personal/Professional Services
+      homepage.group: Professional Services
      homepage.description: PDF Operations
      homepage.href: https://pdf.${MY_TLD}
      homepage.icon: stirling-pdf.svg
@@ -4927,9 +5084,9 @@ services:
      TZ: America/New_York
      URL: trez.wtf
      VALIDATION: dns
-      CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
+      CROWDSEC_API_KEY: ${CROWDSEC_SWAG_API_KEY}
      CROWDSEC_LAPI_URL: http://crowdsec:8080
-      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install #|ghcr.io/linuxserver/mods:swag-crowdsec#|linuxserver/mods:swag-auto-uptime-kuma
+      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec #|ghcr.io/trezone/swag-auto-uptime-kuma:a443b8542f7d033fb99d2dde3782497534bd7508 #linuxserver/mods:swag-auto-uptime-kuma
      INSTALL_PACKAGES: nginx-mod-http-js
      PROPAGATION: 30
      UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
@@ -4955,7 +5112,7 @@ services:
      homepage.widget.url: http://swag:81
    networks:
      - default
-      - nextcloud-aio
+      # - nextcloud-aio
    ports:
      - 443:443
      - 80:80
@@ -4965,6 +5122,9 @@ services:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/swag:/config
      - ${DOCKER_VOLUME_CONFIG}/sablier/sablier.js:/etc/nginx/conf.d/sablier.js
+      # - ${DOCKER_VOLUME_CONFIG}/swag/otel_ngx_module.so:/usr/lib/nginx/modules/otel_ngx_module.so
+      # - ${DOCKER_VOLUME_CONFIG}/swag/30_http_otel.conf:/etc/nginx/modules/30_http_otel.conf
+      # - ${DOCKER_VOLUME_CONFIG}/swag/opentelemetry_config.toml:/etc/nginx/opentelemetry_config.toml
      - /rinoa-storage:/storage
      - /var/run/docker.sock:/var/run/docker.sock:ro
  tandoor:
@@ -5154,65 +5314,6 @@ services:
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
      - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
-  wallabag:
-    container_name: wallabag
-    depends_on:
-      mariadb:
-        condition: service_started
-        required: true
-        restart: true
-      redis:
-        condition: service_started
-        required: true
-    environment:
-      SYMFONY__ENV__DATABASE_DRIVER: pdo_mysql
-      SYMFONY__ENV__DATABASE_HOST: mariadb
-      SYMFONY__ENV__DATABASE_PORT: 3306
-      SYMFONY__ENV__DATABASE_NAME: ${WALLABAG_DB}
-      SYMFONY__ENV__DATABASE_USER: ${WALLABAG_DB}
-      SYMFONY__ENV__DATABASE_PASSWORD: ${WALLABAG_DB_PASSWORD}
-      SYMFONY__ENV__DATABASE_CHARSET: utf8
-      SYMFONY__ENV__DATABASE_TABLE_PREFIX: "wallabag_"
-      SYMFONY__ENV__MAILER_DSN: smtp://postal-smtp
-      SYMFONY__ENV__FROM_EMAIL: noreply@trez.wtf
-      SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${MY_TLD}
-      SYMFONY__ENV__SERVER_NAME: "Wallabag @ Rinoa"
-      SYMFONY__ENV__REDIS_HOST: redis
-      SYMFONY__ENV__REDIS_PORT: 6379
-    healthcheck:
-      interval: 1m
-      test:
-        - CMD
-        - wget
-        - --no-verbose
-        - --tries=1
-        - --spider
-        - http://localhost
-      timeout: 3s
-    image: wallabag/wallabag
-    labels:
-      swag: enable
-      swag_address: wallabag
-      swag_proto: http
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://wallabag.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Lifestyle
-      homepage.name: Wallabag
-      homepage.href: https://wallabag.${MY_TLD}
-      homepage.icon: wallabag.png
-      homepage.description: Knowledge Store
-    networks:
-      default: null
-    ports:
-      - 32768:80
-    restart: unless-stopped
-    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/wallabag/images
-        target: /var/www/wallabag/web/assets/images
-        type: bind
-        bind:
-          create_host_path: true
  wallos:
    container_name: wallos
    environment:
@@ -5508,6 +5609,8 @@ volumes:
    name: jitsi-web-admin-upload
  joplin_data:
    name: joplin_data
+  karakeep-data:
+    name: karakeep-data
  linkstack_data:
    name: linkstack_data
  librechat-pg-data:
@@ -5542,6 +5645,16 @@ volumes:
    name: paperless-ngx-pg
  pgbackweb-data:
    name: pgbackweb-data
+  planka-favicons:
+    name: planka-favicons
+  planka-user-avatars:
+    name: planka-user-avatars
+  planka-background-images:
+    name: planka-background-images
+  planka-attachments:
+    name: planka-attachments
+  planka-db-data:
+    name: planka-db-data
  portainer-data:
    name: portainer-data
  portnote-db-data:
				`@@ -0,0 +1 @@`
				`server_endpoint: ws://signoz-app:4320/v1/opamp`