Adding Jitsi admin services (WIP).

2025-05-19 10:39:12 -04:00
17 changed files with 1262 additions and 2492 deletions
@@ -1,6 +1,5 @@
 name: Gitea Branch PR & Ansible Deployment
 on:
  workflow_dispatch:
  push:
    branches-ignore:
      - 'main'
@@ -140,8 +139,8 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Merge Successful'
          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
-  ansible-config-deploy:
+  ansible-config-docker-compose-deploy:
-    name: Ansible Config Deployment
+    name: Ansible Configs & Docker Compose Deployment
    runs-on: ubuntu-latest
    needs: [pr-merge]
    env:
@@ -174,7 +173,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
          notification_message: 'Starting config deployment with Ansible...'
-      - name: Ansible Playbook Config Deploy
+      - name: Ansible Playbook Dry Run
        uses: arillso/action.playbook@0.1.0
        with:
          check: false
@@ -1,12 +1,10 @@
 name: Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment
 on:
  workflow_dispatch:
  push:
    branches-ignore:
      - 'main'
    paths:
      - '**/docker-compose.yml'
      - '**/pr-cloudflare-docker-deploy.yml'
      - '!ansible/**.yml'
 jobs:
  check-and-create-pr:
@@ -58,26 +56,20 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Check'
          notification_message: 'PR Created 🎟️'
-  docker-compose-dry-run:
+  docker-compose-ansible-lints:
-    name: Docker Compose Dry Run
+    name: Docker Compose & Ansible Lints
    needs: [check-and-create-pr]
    runs-on: ubuntu-latest
    env:
      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
      VAULT_NAMESPACE: ""
      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
    outputs:
      svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Fetch base branch
        run: |
          git fetch origin ${{ github.event.pull_request.base.ref }}
      - name: Login to Gitea Container Registry
        run: |
          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
      - name: Save both versions of docker-compose.yml
        run: |
          git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
@@ -130,16 +122,13 @@ jobs:
          echo ${mod_svcs}
          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
      - name: Testing service list output
        run: |
          echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
      - name: Docker Compose Dry Run
        timeout-minutes: 360
        continue-on-error: true
        uses: keatonLiu/docker-compose-remote-action@v1.2
        with:
          docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing ${{ steps.modded_svcs.outputs.rinoa_svcs }}
+          docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }}
          ssh_user: gitea-deploy
          ssh_host: 192.168.1.254
          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
@@ -293,15 +282,14 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Merge Successful'
          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
-  docker-compose-deploy:
+  ansible-config-docker-compose-deploy:
-    name: Docker Compose Deployment
+    name: Ansible Configs & Docker Compose Deployment
    runs-on: ubuntu-latest
    needs: [pr-merge]
    env:
      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
      DOCKER_HOST: tcp://dockerproxy:2375
      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -320,8 +308,11 @@ jobs:
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Login to Gitea Container Registry
-        run: |
+        uses: docker/login-action@v3
-          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
+        with:
          registry: git.trez.wtf
          username: gitea-sonarqube-bot
          password: ${{ secrets.BOT_GITEA_TOKEN }}
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -338,7 +329,7 @@ jobs:
        uses: keatonLiu/docker-compose-remote-action@v1.2
        with:
          docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing ${{ docker-compose-dry-run.outputs.svc_deploy_list }}
+          docker_args: -d --remove-orphans --pull missing --no-recreate
          ssh_user: gitea-deploy
          ssh_host: 192.168.1.254
          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
@@ -14,11 +14,14 @@
 | bazarr | lscr.io/linuxserver/bazarr:latest |
 | beszel | henrygd/beszel:latest |
 | beszel-agent | henrygd/beszel-agent:latest |
 | bitmagnet | ghcr.io/bitmagnet-io/bitmagnet:latest |
 | bitmagnet-pg-db | postgres:17-alpine |
 | bitwarden | vaultwarden/server:latest |
 | bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 |
 | browserless | ghcr.io/browserless/chromium:latest |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
 | convertx | ghcr.io/c4illin/convertx |
 | cronicle | elestio/cronicle:latest |
@@ -30,14 +33,13 @@
 | dawarich-pg-db | postgis/postgis:17-3.5-alpine |
 | dawarich-sidekiq | freikin/dawarich:latest |
 | dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
 | dockflare | alplat/dockflare:stable |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
 | excalidraw | excalidraw/excalidraw:latest |
 | explo | ghcr.io/lumepart/explo:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
 | freescout | tiredofit/freescout:latest |
 | ghost | ghost:latest |
 | gitea | gitea/gitea:1.23.1 |
 | gitea-db | postgres:14 |
@@ -87,11 +89,8 @@
 | mariadb | linuxserver/mariadb |
 | mastodon | lscr.io/linuxserver/mastodon:latest |
 | mastodon-pg-db | postgres:17-alpine |
 | maxun-backend | getmaxun/maxun-backend:latest |
 | maxun-frontend | getmaxun/maxun-frontend:latest |
 | maxun-pg-db | postgres:13-alpine |
 | meilisearch | getmeili/meilisearch:v1.12.3 |
-| minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
+| minio | minio/minio |
 | mixpost | inovector/mixpost:latest |
 | mongodb | bitnami/mongodb:7.0 |
 | multi-scrobbler | foxxmd/multi-scrobbler |
@@ -115,7 +114,6 @@
 | postal-web | ghcr.io/postalserver/postal:latest |
 | postal-worker | ghcr.io/postalserver/postal:latest |
 | prowlarr | lscr.io/linuxserver/prowlarr:latest |
 | qbittorrentvpn | ghcr.io/binhex/arch-qbittorrentvpn:latest |
 | radarec | thewicklowwolf/radarec:latest |
 | radarr | lscr.io/linuxserver/radarr:latest |
 | reactive-resume | amruthpillai/reactive-resume:latest |
@@ -124,19 +122,12 @@
 | redis | redis:alpine |
 | redlib | quay.io/redlib/redlib:latest |
 | rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
 | romm | rommapp/romm:latest |
 | sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
-| sablier | sablierapp/sablier:latest |
+| scraperr | jpyles0524/scraperr:latest |
 | scraperr-api | jpyles0524/scraperr_api:latest |
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
 | semaphore | semaphoreui/semaphore:v2.12.14 |
 | signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
 | signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
 | signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
 | signoz-app | signoz/signoz:v0.86.2 |
 | signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
 | signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
 | signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
@@ -157,4 +148,14 @@
 | web-check | lissy93/web-check |
 | whodb | clidey/whodb |
 | youtubedl | nbr23/youtube-dl-server:latest |
 | zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |
 | zammad-init | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-memcached | memcached:1.6.38-alpine |
 | zammad-nginx | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-postgresql | postgres:17.4-alpine |
 | zammad-railsserver | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-redis | redis:7.4.2-alpine |
 | zammad-scheduler | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-websocket | ghcr.io/zammad/zammad:6.5.0-15 |
@@ -1,199 +0,0 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 http:
  pprof:
    port: 6060
    enabled: false
  address: 0.0.0.0:8008
  session_ttl: 720h
 users:
  - name: admin
    password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ADGUARD_BCRYPT'] }}
 auth_attempts: 5
 block_auth_min: 15
 http_proxy: ""
 language: ""
 theme: auto
 dns:
  bind_hosts:
    - 0.0.0.0
  port: 53
  anonymize_client_ip: false
  ratelimit: 20
  ratelimit_subnet_len_ipv4: 24
  ratelimit_subnet_len_ipv6: 56
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - 94.140.14.14
    - 94.140.15.15
    - https://dns.adguard-dns.com/dns-query
    - tls://dns.adguard-dns.com
    - quic://dns.adguard-dns.com
    - 1.1.1.1
    - 1.0.0.1
    - 1.1.1.2
    - 1.0.0.2
    - 185.228.168.9
    - 185.228.169.9
    - 76.76.2.3
    - tls://getdnsapi.net
    - 185.49.141.37
    - tls://dot.seby.io
  upstream_dns_file: ""
  bootstrap_dns:
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
  fallback_dns: []
  upstream_mode: load_balance
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 0
  cache_ttl_max: 0
  cache_optimistic: false
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: false
  edns_client_subnet:
    custom_ip: ""
    enabled: false
    use_custom: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  bootstrap_prefer_ipv6: false
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: false
  local_ptr_upstreams: []
  use_dns64: false
  dns64_prefixes: []
  serve_http3: false
  use_http3_upstreams: false
  serve_plain_dns: true
  hostsfile_enabled: true
  pending_requests:
    enabled: true
 tls:
  enabled: true
  server_name: ""
  force_https: false
  port_https: 446
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
  private_key_path: /opt/adguardhome/certs/live/trez.wtf/priv-fullchain-bundle.pem
  strict_sni_check: false
 querylog:
  dir_path: ""
  ignored: []
  interval: 2160h
  size_memory: 1000
  enabled: true
  file_enabled: true
 statistics:
  dir_path: ""
  ignored: []
  interval: 24h
  enabled: true
 filters:
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
    name: AdAway Default Blocklist
    id: 2
 whitelist_filters: []
 user_rules: []
 dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: 192.168.1.1
    subnet_mask: 255.255.255.0
    range_start: 192.168.1.2
    range_end: 192.168.1.240
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
 filtering:
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_services:
    schedule:
      time_zone: America/New_York
    ids: []
  protection_disabled_until: null
  safe_search:
    enabled: false
    bing: true
    duckduckgo: true
    ecosia: true
    google: true
    pixabay: true
    yandex: true
    youtube: true
  blocking_mode: default
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  rewrites: []
  safe_fs_patterns:
    - /opt/adguardhome/work/userfilters/*
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  filters_update_interval: 24
  blocked_response_ttl: 10
  filtering_enabled: true
  parental_enabled: false
  safebrowsing_enabled: false
  protection_enabled: true
 clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
 log:
  enabled: true
  file: ""
  max_backups: 0
  max_size: 100
  max_age: 3
  compress: false
  local_time: false
  verbose: false
 os:
  group: ""
  user: ""
  rlimit_nofile: 0
 schema_version: 29
@@ -53,4 +53,4 @@ layout:
    columns: 2
  Media Library:
    style: row
-    columns: 3
+    columns: 4
@@ -1,48 +0,0 @@
 # This is a generic example of a configuration file
 # Rename this file to `config.yml`, copy it to a `config` folder, and mount that folder as per the docker-compose.example.yml
 # Only uncomment the lines you want to use/modify, or add new ones where needed
 exclude:
  # Exclude platforms to be scanned
  platforms: [] # ['my_excluded_platform_1', 'my_excluded_platform_2']
  # Exclude roms or parts of roms to be scanned
  roms:
    # Single file games section.
    # Will not apply to files that are in sub-folders (multi-disc roms, games with updates, DLC, patches, etc.)
    single_file:
      # Exclude all files with certain extensions to be scanned
      extensions: [] # ['xml', 'txt']
      # Exclude matched file names to be scanned.
      # Supports unix filename pattern matching
      # Can also exclude files by extension
      names: [] # ['info.txt', '._*', '*.nfo']
    # Multi files games section
    # Will apply to files that are in sub-folders (multi-disc roms, games with updates, DLC, patches, etc.)
    multi_file:
      # Exclude matched 'folder' names to be scanned (RomM identifies folders as multi file games)
      names: [] # ['my_multi_file_game', 'DLC']
      # Exclude files within sub-folders.
      parts:
        # Exclude matched file names to be scanned from multi file roms
        # Keep in mind that RomM doesn't scan folders inside multi files games,
        # so there is no need to exclude folders from inside of multi files games.
        names: [] # ['data.xml', '._*'] # Supports unix filename pattern matching
        # Exclude all files with certain extensions to be scanned from multi file roms
        extensions: [] # ['xml', 'txt']
 system:
  # Asociate different platform names to your current file system platform names
  # [your custom platform folder name]: [RomM platform name]
  # In this example if you have a 'gc' folder, RomM will treat it like the 'ngc' folder and if you have a 'psx' folder, RomM will treat it like the 'ps' folder
  platforms: {} # { gc: 'ngc', psx: 'ps' }
  # Asociate one platform to it's main version
  versions: {} # { naomi: 'arcade' }
 # The folder name where your roms are located
 filesystem: {} # { roms_folder: 'roms' } For example if your folder structure is /home/user/library/roms_folder
@@ -1,75 +0,0 @@
 <?xml version="1.0"?>
 <clickhouse>
    <!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
         Optional. If you don't use replicated tables, you could omit that.
         See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/
      -->
    <zookeeper>
        <node index="1">
            <host>signoz-zookeeper-1</host>
            <port>2181</port>
        </node>
        <node index="2">
            <host>zookeeper-2</host>
            <port>2181</port>
        </node>
        <node index="3">
            <host>zookeeper-3</host>
            <port>2181</port>
        </node>
    </zookeeper>
    <!-- Configuration of clusters that could be used in Distributed tables.
         https://clickhouse.com/docs/en/operations/table_engines/distributed/
      -->
    <remote_servers>
        <cluster>
            <!-- Inter-server per-cluster secret for Distributed queries
                 default: no secret (no authentication will be performed)
                 If set, then Distributed queries will be validated on shards, so at least:
                 - such cluster should exist on the shard,
                 - such cluster should have the same secret.
                 And also (and which is more important), the initial_user will
                 be used as current user for the query.
                 Right now the protocol is pretty simple and it only takes into account:
                 - cluster name
                 - query
                 Also it will be nice if the following will be implemented:
                 - source hostname (see interserver_http_host), but then it will depends from DNS,
                   it can use IP address instead, but then the you need to get correct on the initiator node.
                 - target hostname / ip address (same notes as for source hostname)
                 - time-based security tokens
            -->
            <!-- <secret></secret> -->
            <shard>
                <!-- Optional. Whether to write data to just one of the replicas. Default: false (write data to all replicas). -->
                <!-- <internal_replication>false</internal_replication> -->
                <!-- Optional. Shard weight when writing data. Default: 1. -->
                <!-- <weight>1</weight> -->
                <replica>
                    <host>signoz-clickhouse</host>
                    <port>9000</port>
                    <!-- Optional. Priority of the replica for load_balancing. Default: 1 (less value has more priority). -->
                    <!-- <priority>1</priority> -->
                </replica>
            </shard>
            <shard>
                <replica>
                    <host>clickhouse-2</host>
                    <port>9000</port>
                </replica>
            </shard>
            <shard>
                <replica>
                    <host>clickhouse-3</host>
                    <port>9000</port>
                </replica>
            </shard>
        </cluster>
    </remote_servers>
 </clickhouse>
@@ -1,75 +0,0 @@
 <?xml version="1.0"?>
 <clickhouse>
    <!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
         Optional. If you don't use replicated tables, you could omit that.
         See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/
      -->
    <zookeeper>
        <node index="1">
            <host>signoz-zookeeper-1</host>
            <port>2181</port>
        </node>
        <!-- <node index="2">
            <host>zookeeper-2</host>
            <port>2181</port>
        </node>
        <node index="3">
            <host>zookeeper-3</host>
            <port>2181</port>
        </node> -->
    </zookeeper>
    <!-- Configuration of clusters that could be used in Distributed tables.
         https://clickhouse.com/docs/en/operations/table_engines/distributed/
      -->
    <remote_servers>
        <cluster>
            <!-- Inter-server per-cluster secret for Distributed queries
                 default: no secret (no authentication will be performed)
                 If set, then Distributed queries will be validated on shards, so at least:
                 - such cluster should exist on the shard,
                 - such cluster should have the same secret.
                 And also (and which is more important), the initial_user will
                 be used as current user for the query.
                 Right now the protocol is pretty simple and it only takes into account:
                 - cluster name
                 - query
                 Also it will be nice if the following will be implemented:
                 - source hostname (see interserver_http_host), but then it will depends from DNS,
                   it can use IP address instead, but then the you need to get correct on the initiator node.
                 - target hostname / ip address (same notes as for source hostname)
                 - time-based security tokens
            -->
            <!-- <secret></secret> -->
            <shard>
                <!-- Optional. Whether to write data to just one of the replicas. Default: false (write data to all replicas). -->
                <!-- <internal_replication>false</internal_replication> -->
                <!-- Optional. Shard weight when writing data. Default: 1. -->
                <!-- <weight>1</weight> -->
                <replica>
                    <host>signoz-clickhouse</host>
                    <port>9000</port>
                    <!-- Optional. Priority of the replica for load_balancing. Default: 1 (less value has more priority). -->
                    <!-- <priority>1</priority> -->
                </replica>
            </shard>
            <!-- <shard>
                <replica>
                    <host>clickhouse-2</host>
                    <port>9000</port>
                </replica>
            </shard>
            <shard>
                <replica>
                    <host>clickhouse-3</host>
                    <port>9000</port>
                </replica>
            </shard> -->
        </cluster>
    </remote_servers>
 </clickhouse>
@@ -1,21 +0,0 @@
 <functions>
    <function>
        <type>executable</type>
        <name>histogramQuantile</name>
        <return_type>Float64</return_type>
        <argument>
            <type>Array(Float64)</type>
            <name>buckets</name>
        </argument>
        <argument>
            <type>Array(Float64)</type>
            <name>counts</name>
        </argument>
        <argument>
            <type>Float64</type>
            <name>quantile</name>
        </argument>
        <format>CSV</format>
        <command>./histogramQuantile</command>
    </function>
 </functions>
@@ -1,41 +0,0 @@
 <?xml version="1.0"?>
 <clickhouse>
 <storage_configuration>
    <disks>
        <default>
            <keep_free_space_bytes>10485760</keep_free_space_bytes>
        </default>
        <s3>
            <type>s3</type>
            <!-- For S3 cold storage,
                    if region is us-east-1, endpoint can be https://<bucket-name>.s3.amazonaws.com
                    if region is not us-east-1, endpoint should be https://<bucket-name>.s3-<region>.amazonaws.com
                For GCS cold storage,
                    endpoint should be https://storage.googleapis.com/<bucket-name>/data/
                -->
            <endpoint>https://BUCKET-NAME.s3-REGION-NAME.amazonaws.com/data/</endpoint>
            <access_key_id>ACCESS-KEY-ID</access_key_id>
            <secret_access_key>SECRET-ACCESS-KEY</secret_access_key>
            <!-- In case of S3, uncomment the below configuration in case you want to read
                AWS credentials from the Environment variables if they exist. -->
            <!-- <use_environment_credentials>true</use_environment_credentials> -->
            <!-- In case of GCS, uncomment the below configuration, since GCS does
                not support batch deletion and result in error messages in logs. -->
            <!-- <support_batch_delete>false</support_batch_delete> -->
        </s3>
   </disks>
   <policies>
       <tiered>
           <volumes>
                <default>
                    <disk>default</disk>
                </default>
                <s3>
                    <disk>s3</disk>
                    <perform_ttl_move_on_insert>0</perform_ttl_move_on_insert>
                </s3>
            </volumes>
        </tiered>
    </policies>
 </storage_configuration>
 </clickhouse>
@@ -1,123 +0,0 @@
 <?xml version="1.0"?>
 <clickhouse>
    <!-- See also the files in users.d directory where the settings can be overridden. -->
    <!-- Profiles of settings. -->
    <profiles>
        <!-- Default settings. -->
        <default>
            <!-- Maximum memory usage for processing single query, in bytes. -->
            <max_memory_usage>10000000000</max_memory_usage>
            <!-- How to choose between replicas during distributed query processing.
                 random - choose random replica from set of replicas with minimum number of errors
                 nearest_hostname - from set of replicas with minimum number of errors, choose replica
                  with minimum number of different symbols between replica's hostname and local hostname
                  (Hamming distance).
                 in_order - first live replica is chosen in specified order.
                 first_or_random - if first replica one has higher number of errors, pick a random one from replicas with minimum number of errors.
            -->
            <load_balancing>random</load_balancing>
        </default>
        <!-- Profile that allows only read queries. -->
        <readonly>
            <readonly>1</readonly>
        </readonly>
    </profiles>
    <!-- Users and ACL. -->
    <users>
        <!-- If user name was not specified, 'default' user is used. -->
        <default>
            <!-- See also the files in users.d directory where the password can be overridden.
                 Password could be specified in plaintext or in SHA256 (in hex format).
                 If you want to specify password in plaintext (not recommended), place it in 'password' element.
                 Example: <password>qwerty</password>.
                 Password could be empty.
                 If you want to specify SHA256, place it in 'password_sha256_hex' element.
                 Example: <password_sha256_hex>65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5</password_sha256_hex>
                 Restrictions of SHA256: impossibility to connect to ClickHouse using MySQL JS client (as of July 2019).
                 If you want to specify double SHA1, place it in 'password_double_sha1_hex' element.
                 Example: <password_double_sha1_hex>e395796d6546b1b65db9d665cd43f0e858dd4303</password_double_sha1_hex>
                 If you want to specify a previously defined LDAP server (see 'ldap_servers' in the main config) for authentication,
                  place its name in 'server' element inside 'ldap' element.
                 Example: <ldap><server>my_ldap_server</server></ldap>
                 If you want to authenticate the user via Kerberos (assuming Kerberos is enabled, see 'kerberos' in the main config),
                  place 'kerberos' element instead of 'password' (and similar) elements.
                 The name part of the canonical principal name of the initiator must match the user name for authentication to succeed.
                 You can also place 'realm' element inside 'kerberos' element to further restrict authentication to only those requests
                  whose initiator's realm matches it.
                 Example: <kerberos />
                 Example: <kerberos><realm>EXAMPLE.COM</realm></kerberos>
                 How to generate decent password:
                 Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'
                 In first line will be password and in second - corresponding SHA256.
                 How to generate double SHA1:
                 Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'
                 In first line will be password and in second - corresponding double SHA1.
            -->
            <password></password>
            <!-- List of networks with open access.
                 To open access from everywhere, specify:
                    <ip>::/0</ip>
                 To open access only from localhost, specify:
                    <ip>::1</ip>
                    <ip>127.0.0.1</ip>
                 Each element of list has one of the following forms:
                 <ip> IP-address or network mask. Examples: 213.180.204.3 or 10.0.0.1/8 or 10.0.0.1/255.255.255.0
                     2a02:6b8::3 or 2a02:6b8::3/64 or 2a02:6b8::3/ffff:ffff:ffff:ffff::.
                 <host> Hostname. Example: server01.clickhouse.com.
                     To check access, DNS query is performed, and all received addresses compared to peer address.
                 <host_regexp> Regular expression for host names. Example, ^server\d\d-\d\d-\d\.clickhouse\.com$
                     To check access, DNS PTR query is performed for peer address and then regexp is applied.
                     Then, for result of PTR query, another DNS query is performed and all received addresses compared to peer address.
                     Strongly recommended that regexp is ends with $
                 All results of DNS requests are cached till server restart.
            -->
            <networks>
                <ip>::/0</ip>
            </networks>
            <!-- Settings profile for user. -->
            <profile>default</profile>
            <!-- Quota for user. -->
            <quota>default</quota>
            <!-- User can create other users and grant rights to them. -->
            <!-- <access_management>1</access_management> -->
        </default>
    </users>
    <!-- Quotas. -->
    <quotas>
        <!-- Name of quota. -->
        <default>
            <!-- Limits for time interval. You could specify many intervals with different limits. -->
            <interval>
                <!-- Length of interval. -->
                <duration>3600</duration>
                <!-- No limits. Just calculate resource usage for time interval. -->
                <queries>0</queries>
                <errors>0</errors>
                <result_rows>0</result_rows>
                <read_rows>0</read_rows>
                <execution_time>0</execution_time>
            </interval>
        </default>
    </quotas>
 </clickhouse>
@@ -1 +0,0 @@
 server_endpoint: ws://signoz:4320/v1/opamp
@@ -1 +0,0 @@
 server_endpoint: ws://signoz:4320/v1/opamp
@@ -1,25 +0,0 @@
 # my global config
 global:
  scrape_interval:     5s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).
 # Alertmanager configuration
 alerting:
  alertmanagers:
  - static_configs:
    - targets:
      - alertmanager:9093
 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
 rule_files: []
  # - "first_rules.yml"
  # - "second_rules.yml"
  # - 'alerts.yml'
 # A scrape configuration containing exactly one endpoint to scrape:
 # Here it's Prometheus itself.
 scrape_configs: []
 remote_read:
  - url: tcp://clickhouse:9000/signoz_metrics
@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
  $ANSIBLE_VAULT;1.1;AES256
-  62353532343234343230663331623062376533346166343963383464303535646362376233663361
+  39306238386563313462666238333237346239326636633731326263653639646235363937386333
-  3532343530653365663331393339646337653564316337390a646264353561623132366635343032
+  6138653434613437643134653463363230303038373765380a636162663734393632396638313261
-  63326535376434353837663334366336613631346161363034646134333439613531376362646161
+  39613730633935373063663030616131653731376461333762633131633066366165343536323031
-  6438316662626566340a346665666234386630633764376336333063363934643162393565386330
+  3539373461383138310a383734313237313231363539383632323130336536656662313861336261
-  35333139303939613232303264646236326637613862303339353334623066393966353032333839
+  65393033633461363837366462656134386430353236343136616161663364376261623834366466
-  33323962303635333335376364366336663035303530396262356130373537363134303937353433
+  30303765393039376666303937663839663630623063666135313636353432396161333434653435
-  34393338336666396338616465666466613931373461663761366235643437646136373039353939
+  32623634313531343466613966663139333234616137646636636134373264333263343533393331
-  33643133313264303637646336653537383337336661313765663366356262343064316334313337
+  32313530373164653730656662383837626139643364376134376634613237323063343731663734
-  35306232303132653566356130343366313139336665313737363732613261623439
+  36306335303936633334353564306239663563366435316464343039373965383032
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"