Merge remote-tracking branch 'refs/remotes/origin/invidious-config-ansible-fix' into invidious-config-ansible-fix

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -33,9 +33,7 @@ jobs:
         continue-on-error: true
         run: |
           tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          tea pr list --repo ${{ github.repository }} --state all
           pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
-          echo ${pr_exists}
           echo "exists=$pr_exists" >> $GITHUB_OUTPUT
       - name: Create PR
         if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -51,6 +49,7 @@ jobs:
     env:
       VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -74,7 +73,7 @@ jobs:
         with:
           directory: ansible/
           playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_GITEA_PRIVATE_SSH_KEY}}
+          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
           options: |
             --inventory inventory/hosts.yml
             --check
@@ -257,7 +256,6 @@ jobs:
           notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
   ansible-config-docker-compose-deploy:
     name: Deploy via Ansible & Docker Compose
-    timeout-minutes: 360
     runs-on: ubuntu-latest
     needs: [pr-merge]
     env:
@@ -305,11 +303,12 @@ jobs:
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
         # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
+        timeout-minutes: 360
         continue-on-error: true
         uses: keatonLiu/docker-compose-remote-action@v1.2
         with:
           docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing
+          docker_args: -d --remove-orphans --pull missing --no-recreate
           ssh_user: gitea-deploy
           ssh_host: 192.168.1.254
           ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}

README.md

@@ -20,6 +20,7 @@
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
+| convertx | ghcr.io/c4illin/convertx |
 | cronicle | elestio/cronicle:latest |
 | crowdsec | crowdsecurity/crowdsec:latest |
 | crowdsec-dashboard | metabase/metabase |
@@ -39,13 +40,6 @@
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
 | gluetun | qmcgaw/gluetun:latest |
 | gotify | gotify/server |
-| grafana | grafana/grafana-enterprise:latest |
-| grafana-alloy | grafana/alloy:latest |
-| grafana-loki | grafana/loki:latest |
-| grafana-mimir | grafana/mimir:latest |
-| grafana-mimir-memcached | memcached |
-| grafana-pyroscope | grafana/pyroscope:latest |
-| grafana-tempo | grafana/tempo:latest |
 | guacamole | flcontainers/guacamole:latest |
 | homepage | ghcr.io/gethomepage/homepage:latest |
 | hortusfox | ghcr.io/danielbrendel/hortusfox-web:latest |
@@ -57,6 +51,7 @@
 | immich-power-tools | ghcr.io/varun-raj/immich-power-tools:latest |
 | influxdb2 | influxdb:2-alpine |
 | invidious | quay.io/invidious/invidious:latest |
+| invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
 | invidious-db | docker.io/library/postgres:14 |
 | invoice-ninja | invoiceninja/invoiceninja-debian:5 |
 | invoice-ninja_proxy | nginx |
@@ -71,6 +66,7 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
+| libretranslate | libretranslate/libretranslate |
 | lidarr | lscr.io/linuxserver/lidarr:latest |
 | lidify | thewicklowwolf/lidify:latest |
 | lldap | lldap/lldap:stable |
@@ -95,6 +91,8 @@
 | open-webui | ghcr.io/open-webui/open-webui:main |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | parseable | containers.parseable.com/parseable/parseable:latest |
+| peppermint | pepperlabs/peppermint:latest |
+| peppermint-pg-db | postgres:17-alpine |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
@@ -144,16 +142,6 @@
 | web-check | lissy93/web-check |
 | your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |
-| zammad-backup | postgres: |
-| zammad-elasticsearch | bitnami/elasticsearch: |
-| zammad-init | : |
-| zammad-memcached | memcached: |
-| zammad-nginx | : |
-| zammad-postgresql | postgres: |
-| zammad-railsserver | : |
-| zammad-redis | redis: |
-| zammad-scheduler | : |
-| zammad-websocket | : |
 | zitadel | ghcr.io/zitadel/zitadel:latest |
 | zitadel-pg-db | postgres:16-alpine |
 

ansible/app-configs/invidious_config.yml.j2

@@ -0,0 +1,949 @@
+#########################################
+#
+#  Database and other external servers
+#
+#########################################
+
+##
+## Database configuration with separate parameters.
+## This setting is MANDATORY, unless 'database_url' is used.
+##
+db:
+  user: kemal
+  host: invidious-db
+  port: 5432
+  dbname: invidious
+  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PG_DB_PASSWORD'] }}
+
+##
+## Database configuration using a single URI. This is an
+## alternative to the 'db' parameter above. If both forms
+## are used, then only database_url is used.
+## This setting is MANDATORY, unless 'db' is used.
+##
+## Note: The 'database_url' setting allows the use of UNIX
+## sockets. To do so, remove the IP address (or FQDN) and port
+## and append the 'host' parameter. E.g:
+##   postgres://kemal:kemal@/invidious?host=/var/run/postgresql
+##
+## Accepted values: a postgres:// URI
+## Default: postgres://kemal:kemal@localhost:5432/invidious
+##
+#database_url: postgres://kemal:kemal@localhost:5432/invidious
+
+##
+## Enable automatic table integrity check. This will create
+## the required tables and columns if anything is missing.
+##
+## Accepted values: true, false
+## Default: false
+##
+check_tables: true
+
+
+##
+## Path to an external signature resolver, used to emulate
+## the Youtube client's Javascript. If no such server is
+## available, some videos will not be playable.
+##
+## When this setting is commented out, no external
+## resolver will be used.
+##
+## Accepted values: a path to a UNIX socket or "<IP>:<Port>"
+## Default: <none>
+##
+signature_server: invidious-sig-helper:12999
+
+
+#########################################
+#
+#  Server config
+#
+#########################################
+
+# -----------------------------
+#  Network (inbound)
+# -----------------------------
+
+##
+## Port to listen on for incoming connections.
+##
+## Note: Ports lower than 1024 requires either root privileges
+## (not recommended) or the "CAP_NET_BIND_SERVICE" capability
+## (See https://stackoverflow.com/a/414258 and `man capabilities`)
+##
+## Accepted values: 1-65535
+## Default: 3000
+##
+#port: 3000
+
+##
+## When the invidious instance is behind a proxy, and the proxy
+## listens on a different port than the instance does, this lets
+## invidious know about it. This is used to craft absolute URLs
+## to the instance (e.g in the API).
+##
+## Note: This setting is MANDATORY if invidious is behind a
+## reverse proxy.
+##
+## Accepted values: 1-65535
+## Default: <none>
+##
+#external_port:
+
+##
+## Interface address to listen on for incoming connections.
+##
+## Accepted values: a valid IPv4 or IPv6 address.
+## default: 0.0.0.0  (listen on all interfaces)
+##
+#host_binding: 0.0.0.0
+
+##
+## Domain name under which this instance is hosted. This is
+## used to craft absolute URLs to the instance (e.g in the API).
+## The domain MUST be defined if your instance is accessed from
+## a domain name (like 'example.com').
+##
+## Accepted values: a fully qualified domain name (FQDN)
+## Default: <none>
+##
+# domain:
+
+##
+## Tell Invidious that it is behind a proxy that provides only
+## HTTPS, so all links must use the https:// scheme. This
+## setting MUST be set to true if invidious is behind a
+## reverse proxy serving HTTPs.
+##
+## Accepted values: true, false
+## Default: false
+##
+https_only: false
+
+##
+## Enable/Disable 'Strict-Transport-Security'. Make sure that
+## the domain specified under 'domain' is served securely.
+##
+## Accepted values: true, false
+## Default: true
+##
+#hsts: true
+
+
+# -----------------------------
+#  Network (outbound)
+# -----------------------------
+
+##
+## Disable proxying server-wide. Can be disable as a whole, or
+## only for a single function.
+##
+## Accepted values: true, false, dash, livestreams, downloads, local
+## Default: false
+##
+#disable_proxy: false
+
+##
+## Size of the HTTP pool used to connect to youtube. Each
+## domain ('youtube.com', 'ytimg.com', ...) has its own pool.
+##
+## Accepted values: a positive integer
+## Default: 100
+##
+#pool_size: 100
+
+
+##
+## Additional cookies to be sent when requesting the youtube API.
+##
+## Accepted values: a string in the format "name1=value1; name2=value2..."
+## Default: <none>
+##
+#cookies:
+
+##
+## Force connection to youtube over a specific IP family.
+##
+## Note: This may sometimes resolve issues involving rate-limiting.
+## See https://github.com/ytdl-org/youtube-dl/issues/21729.
+##
+## Accepted values: ipv4, ipv6
+## Default: <none>
+##
+#force_resolve:
+
+##
+## Configuration for using a HTTP proxy
+##
+## If unset, then no HTTP proxy will be used.
+## 
+#http_proxy:
+#  user:
+#  password:
+#  host:
+#  port:
+
+
+##
+## Use Innertube's transcripts API instead of timedtext for closed captions
+##
+## Useful for larger instances as InnerTube is **not ratelimited**. See https://github.com/iv-org/invidious/issues/2567
+##
+## Subtitle experience may differ slightly on Invidious.
+##
+## Accepted values: true, false
+## Default: false
+##
+# use_innertube_for_captions: false
+
+##
+## Send Google session informations. This is useful when Invidious is blocked
+## by the message "This helps protect our community."
+## See https://github.com/iv-org/invidious/issues/4734.
+##
+## Warning: These strings gives much more identifiable information to Google!
+##
+## Accepted values: String
+## Default: <none>
+##
+po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PO_TOKEN'] }}
+visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_VISITOR_DATA'] }}
+
+# -----------------------------
+#  Logging
+# -----------------------------
+
+##
+## Path to log file. Can be absolute or relative to the invidious
+## binary. This is overridden if "-o OUTPUT" or "--output=OUTPUT"
+## are passed on the command line.
+##
+## Accepted values: a filesystem path or 'STDOUT'
+## Default: STDOUT
+##
+#output: STDOUT
+
+##
+## Logging Verbosity. This is overridden if "-l LEVEL" or
+## "--log-level=LEVEL" are passed on the command line.
+##
+## Accepted values: All, Trace, Debug, Info, Warn, Error, Fatal, Off
+## Default: Info
+##
+#log_level: Info
+
+##
+## Enables colors in logs. Useful for debugging purposes
+## This is overridden if "-k" or "--colorize"
+## are passed on the command line.
+## Colors are also disabled if the environment variable
+## NO_COLOR is present and has any value
+##
+## Accepted values: true, false
+## Default: true
+##
+#colorize_logs: false
+
+# -----------------------------
+#  Features
+# -----------------------------
+
+##
+## Enable/Disable the "Popular" tab on the main page.
+##
+## Accepted values: true, false
+## Default: true
+##
+#popular_enabled: true
+
+##
+## Enable/Disable statstics (available at /api/v1/stats).
+## The following data is available:
+##   - Software name ("invidious") and version+branch (same data as
+##     displayed in the footer, e.g: "2021.05.13-75e5b49" / "master")
+##   - The value of the 'registration_enabled' config (true/false)
+##   - Number of currently registered users
+##   - Number of registered users who connected in the last month
+##   - Number of registered users who connected in the last 6 months
+##   - Timestamp of the last server restart
+##   - Timestamp of the last "Channel Refresh" job execution
+##
+## Warning: This setting MUST be set to true if you plan to run
+## a public instance. It is used by api.invidious.io to refresh
+## your instance's status.
+##
+## Accepted values: true, false
+## Default: false
+##
+#statistics_enabled: false
+
+
+# -----------------------------
+#  Users and accounts
+# -----------------------------
+
+##
+## Allow/Forbid Invidious (local) account creation. Invidious
+## accounts allow users to subscribe to channels and to create
+## playlists without a Google account.
+##
+## Accepted values: true, false
+## Default: true
+##
+#registration_enabled: true
+
+##
+## Allow/Forbid users to log-in.
+##
+## Accepted values: true, false
+## Default: true
+##
+#login_enabled: true
+
+##
+## Enable/Disable the captcha challenge on the login page.
+##
+## Note: this is a basic captcha challenge that doesn't
+## depend on any third parties.
+##
+## Accepted values: true, false
+## Default: true
+##
+#captcha_enabled: true
+
+##
+## List of usernames that will be granted administrator rights.
+## A user with administrator rights will be able to change the
+## server configuration options listed below in /preferences,
+## in addition to the usual user preferences.
+##
+## Server-wide settings:
+##   - popular_enabled
+##   - captcha_enabled
+##   - login_enabled
+##   - registration_enabled
+##   - statistics_enabled
+## Default user preferences:
+##   - default_home
+##   - feed_menu
+##
+## Accepted values: an array of strings
+## Default: [""]
+##
+#admins: [""]
+
+##
+## Enable/Disable the user notifications for all users
+##
+## Note: On large instances, it is recommended to set this option to 'false'
+## in order to reduce the amount of data written to the database, and hence
+## improve the overall performance of the instance.
+##
+## Accepted values: true, false
+## Default: true
+##
+#enable_user_notifications: true
+
+# -----------------------------
+#  Background jobs
+# -----------------------------
+
+##
+## Number of threads to use when crawling channel videos (during
+## subscriptions update).
+##
+## Notes: This setting is overridden if either "-c THREADS" or
+## "--channel-threads=THREADS" is passed on the command line.
+##
+## Accepted values: a positive integer
+## Default: 1
+##
+channel_threads: 1
+
+##
+## Time interval between two executions of the job that crawls
+## channel videos (subscriptions update).
+##
+## Accepted values: a valid time interval (like 1h30m or 90m)
+## Default: 30m
+##
+#channel_refresh_interval: 30m
+
+##
+## Forcefully dump and re-download the entire list of uploaded
+## videos when crawling channel (during subscriptions update).
+##
+## Accepted values: true, false
+## Default: false
+##
+full_refresh: false
+
+##
+## Number of threads to use when updating RSS feeds.
+##
+## Notes: This setting is overridden if either "-f THREADS" or
+## "--feed-threads=THREADS" is passed on the command line.
+##
+## Accepted values: a positive integer
+## Default: 1
+##
+feed_threads: 1
+
+
+jobs:
+
+  ## Options for the database cleaning job
+  clear_expired_items:
+
+    ## Enable/Disable job
+    ##
+    ## Accepted values: true, false
+    ## Default: true
+    ##
+    enable: true
+
+  ## Options for the channels updater job
+  refresh_channels:
+
+    ## Enable/Disable job
+    ##
+    ## Accepted values: true, false
+    ## Default: true
+    ##
+    enable: true
+
+  ## Options for the RSS feeds updater job
+  refresh_feeds:
+
+    ## Enable/Disable job
+    ##
+    ## Accepted values: true, false
+    ## Default: true
+    ##
+    enable: true
+
+
+# -----------------------------
+#  Miscellaneous
+# -----------------------------
+
+##
+## custom banner displayed at the top of every page. This can
+## used for instance announcements, e.g.
+##
+## Accepted values: any string. HTML is accepted.
+## Default: <none>
+##
+#banner:
+
+##
+## Subscribe to channels using PubSubHub (Google PubSubHubbub service).
+## PubSubHub allows Invidious to be instantly notified when a new video
+## is published on any subscribed channels. When PubSubHub is not used,
+## Invidious will check for new videos every minute.
+##
+## Note: This setting is recommended for public instances.
+##
+## Note 2:
+##  - Requires a public instance (it uses /feed/webhook/v1)
+##  - Requires 'domain' and 'hmac_key' to be set.
+##  - Setting this parameter to any number greater than zero will
+##    enable channel subscriptions via PubSubHub, but will limit the
+##    amount of concurrent subscriptions.
+##
+## Accepted values: true, false, a positive integer
+## Default: false
+##
+#use_pubsub_feeds: false
+
+##
+## HMAC signing key used for CSRF tokens, cookies and pubsub
+## subscriptions verification.
+##
+## Note: This parameter is mandatory and should be a random string.
+## Such random string can be generated on linux with the following
+## command: `pwgen 20 1`
+##
+## Accepted values: a string
+## Default: <none>
+##
+hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_HMAC_KEY'] }}
+
+##
+## List of video IDs where the "download" widget must be
+## disabled, in order to comply with DMCA requests.
+##
+## Accepted values: an array of string
+## Default: <none>
+##
+#dmca_content:
+
+##
+## Cache video annotations in the database.
+##
+## Warning: empty annotations or annotations that only contain
+## cards won't be cached.
+##
+## Accepted values: true, false
+## Default: false
+##
+#cache_annotations: false
+
+##
+## Source code URL. If your instance is running a modified source
+## code, you MUST publish it somewhere and set this option.
+##
+## Accepted values: a string
+## Default: <none>
+##
+#modified_source_code_url: ""
+
+##
+## Maximum custom playlist length limit.
+##
+## Accepted values: Integer
+## Default: 500
+##
+#playlist_length_limit: 500
+
+#########################################
+#
+#  Default user preferences
+#
+#########################################
+
+##
+## NOTE: All the settings below define the default user
+## preferences. They will apply to ALL users connecting
+## without a preferences cookie (so either on the first
+## connection to the instance or after clearing the
+## browser's cookies).
+##
+
+default_user_preferences:
+
+  # -----------------------------
+  #  Internationalization
+  # -----------------------------
+
+  ##
+  ## Default user interface language (locale).
+  ##
+  ## Note: When hosting a public instance, overriding the
+  ## default (english) is not recommended, as it may
+  ## people using other languages.
+  ##
+  ## Accepted values:
+  ##   ar      (Arabic)
+  ##   da      (Danish)
+  ##   de      (German)
+  ##   en-US   (english, US)
+  ##   el      (Greek)
+  ##   eo      (Esperanto)
+  ##   es      (Spanish)
+  ##   fa      (Persian)
+  ##   fi      (Finnish)
+  ##   fr      (French)
+  ##   he      (Hebrew)
+  ##   hr      (Hungarian)
+  ##   id      (Indonesian)
+  ##   is      (Icelandic)
+  ##   it      (Italian)
+  ##   ja      (Japanese)
+  ##   nb-NO   (Norwegian, Bokmål)
+  ##   nl      (Dutch)
+  ##   pl      (Polish)
+  ##   pt-BR   (Portuguese, Brazil)
+  ##   pt-PT   (Portuguese, Portugal)
+  ##   ro      (Romanian)
+  ##   ru      (Russian)
+  ##   sv      (Swedish)
+  ##   tr      (Turkish)
+  ##   uk      (Ukrainian)
+  ##   zh-CN   (Chinese, China)  (a.k.a "Simplified Chinese")
+  ##   zh-TW   (Chinese, Taiwan) (a.k.a "Traditional Chinese")
+  ##
+  ## Default: en-US
+  ##
+  #locale: en-US
+
+  ##
+  ## Default geographical location for content.
+  ##
+  ## Accepted values:
+  ##   AE, AR, AT, AU, AZ, BA, BD, BE, BG, BH, BO, BR, BY, CA, CH, CL, CO, CR,
+  ##   CY, CZ, DE, DK, DO, DZ, EC, EE, EG, ES, FI, FR, GB, GE, GH, GR, GT, HK,
+  ##   HN, HR, HU, ID, IE, IL, IN, IQ, IS, IT, JM, JO, JP, KE, KR, KW, KZ, LB,
+  ##   LI, LK, LT, LU, LV, LY, MA, ME, MK, MT, MX, MY, NG, NI, NL, NO, NP, NZ,
+  ##   OM, PA, PE, PG, PH, PK, PL, PR, PT, PY, QA, RO, RS, RU, SA, SE, SG, SI,
+  ##   SK, SN, SV, TH, TN, TR, TW, TZ, UA, UG, US, UY, VE, VN, YE, ZA, ZW
+  ##
+  ## Default: US
+  ##
+  #region: US
+
+  ##
+  ## Top 3 preferred languages for video captions.
+  ##
+  ## Note: overriding the default (no preferred
+  ## caption language) is not recommended, in order
+  ## to not penalize people using other languages.
+  ##
+  ## Accepted values: a three-entries array.
+  ## Each entry can be one of:
+  ##   "English", "English (auto-generated)",
+  ##   "Afrikaans", "Albanian", "Amharic", "Arabic",
+  ##   "Armenian", "Azerbaijani", "Bangla", "Basque",
+  ##   "Belarusian", "Bosnian", "Bulgarian", "Burmese",
+  ##   "Catalan", "Cebuano", "Chinese (Simplified)",
+  ##   "Chinese (Traditional)", "Corsican", "Croatian",
+  ##   "Czech", "Danish", "Dutch", "Esperanto", "Estonian",
+  ##   "Filipino", "Finnish", "French", "Galician", "Georgian",
+  ##   "German", "Greek", "Gujarati", "Haitian Creole", "Hausa",
+  ##   "Hawaiian", "Hebrew", "Hindi", "Hmong", "Hungarian",
+  ##   "Icelandic", "Igbo", "Indonesian", "Irish", "Italian",
+  ##   "Japanese", "Javanese", "Kannada", "Kazakh", "Khmer",
+  ##   "Korean", "Kurdish", "Kyrgyz", "Lao", "Latin", "Latvian",
+  ##   "Lithuanian", "Luxembourgish", "Macedonian",
+  ##   "Malagasy", "Malay", "Malayalam", "Maltese", "Maori",
+  ##   "Marathi", "Mongolian", "Nepali", "Norwegian Bokmål",
+  ##   "Nyanja", "Pashto", "Persian", "Polish", "Portuguese",
+  ##   "Punjabi", "Romanian", "Russian", "Samoan",
+  ##   "Scottish Gaelic", "Serbian", "Shona", "Sindhi",
+  ##   "Sinhala", "Slovak", "Slovenian", "Somali",
+  ##   "Southern Sotho", "Spanish", "Spanish (Latin America)",
+  ##   "Sundanese",  "Swahili", "Swedish", "Tajik", "Tamil",
+  ##   "Telugu", "Thai", "Turkish", "Ukrainian", "Urdu",
+  ##   "Uzbek", "Vietnamese", "Welsh", "Western Frisian",
+  ##   "Xhosa", "Yiddish", "Yoruba", "Zulu"
+  ##
+  ## Default: ["", "", ""]
+  ##
+  #captions: ["", "", ""]
+
+
+  # -----------------------------
+  #  Interface
+  # -----------------------------
+
+  ##
+  ## Enable/Disable dark mode.
+  ##
+  ## Accepted values: "dark", "light", "auto"
+  ## Default: "auto"
+  ##
+  #dark_mode: "auto"
+
+  ##
+  ## Enable/Disable thin mode (no video thumbnails).
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #thin_mode: false
+
+  ##
+  ## List of feeds available on the home page.
+  ##
+  ## Note: "Subscriptions" and "Playlists" are only visible
+  ## when the user is logged in.
+  ##
+  ## Accepted values: A list of strings
+  ## Each entry can be one of: "Popular", "Trending",
+  ##    "Subscriptions", "Playlists"
+  ##
+  ## Default: ["Popular", "Trending", "Subscriptions", "Playlists"]  (show all feeds)
+  ##
+  #feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"]
+
+  ##
+  ## Default feed to display on the home page.
+  ##
+  ## Note: setting this option to "Popular" has no
+  ## effect when 'popular_enabled' is set to false.
+  ##
+  ## Accepted values: Popular, Trending, Subscriptions, Playlists, <none>
+  ## Default: Popular
+  ##
+  #default_home: Popular
+
+  ##
+  ## Default number of results to display per page.
+  ##
+  ## Note: this affects invidious-generated pages only, such
+  ## as watch history and subscription feeds. Playlists, search
+  ## results and channel videos depend on the data returned by
+  ## the Youtube API.
+  ##
+  ## Accepted values: any positive integer
+  ## Default: 40
+  ##
+  #max_results: 40
+
+  ##
+  ## Show/hide annotations.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #annotations: false
+
+  ##
+  ## Show/hide annotation.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #annotations_subscribed: false
+
+  ##
+  ## Type of comments to display below video.
+  ##
+  ## Accepted values: a two-entries array.
+  ## Each entry can be one of: "youtube", "reddit", ""
+  ##
+  ## Default: ["youtube", ""]
+  ##
+  #comments: ["youtube", ""]
+
+  ##
+  ## Default player style.
+  ##
+  ## Accepted values: invidious, youtube
+  ## Default: invidious
+  ##
+  #player_style: invidious
+
+  ##
+  ## Show/Hide the "related videos" sidebar when
+  ## watching a video.
+  ##
+  ## Accepted values: true, false
+  ## Default: true
+  ##
+  #related_videos: true
+
+
+  # -----------------------------
+  #  Video player behavior
+  # -----------------------------
+
+  ##
+  ## This option controls the value of the HTML5 <video> element's
+  ## "preload" attribute.
+  ##
+  ## If set to 'false', no video data will be loaded until the user
+  ## explicitly starts the video by clicking the "Play" button.
+  ## If set to 'true', the web browser will buffer some video data
+  ## while the page is loading.
+  ##
+  ## See: https://www.w3schools.com/tags/att_video_preload.asp
+  ##
+  ## Accepted values: true, false
+  ## Default: true
+  ##
+  #preload: true
+
+  ##
+  ## Automatically play videos on page load.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #autoplay: false
+
+  ##
+  ## Automatically load the "next" video (either next in
+  ## playlist or proposed) when the current video ends.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #continue: false
+
+  ##
+  ## Autoplay next video by default.
+  ##
+  ## Note: Only effective if 'continue' is set to true.
+  ##
+  ## Accepted values: true, false
+  ## Default: true
+  ##
+  #continue_autoplay: true
+
+  ##
+  ## Play videos in Audio-only mode by default.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #listen: false
+
+  ##
+  ## Loop videos automatically.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #video_loop: false
+
+
+  # -----------------------------
+  #  Video playback settings
+  # -----------------------------
+
+  ##
+  ## Default video quality.
+  ##
+  ## Accepted values: dash, hd720, medium, small
+  ## Default: hd720
+  ##
+  #quality: hd720
+
+  ##
+  ## Default dash video quality.
+  ##
+  ## Note: this setting only takes effet if the
+  ## 'quality' parameter is set to "dash".
+  ##
+  ## Accepted values:
+  ##    auto, best, 4320p, 2160p, 1440p, 1080p,
+  ##    720p, 480p, 360p, 240p, 144p, worst
+  ## Default: auto
+  ##
+  #quality_dash: auto
+
+  ##
+  ## Default video playback speed.
+  ##
+  ## Accepted values: 0.25, 0.5, 0.75, 1.0, 1.25, 1.5, 1.75, 2.0
+  ## Default: 1.0
+  ##
+  #speed: 1.0
+
+  ##
+  ## Default volume.
+  ##
+  ## Accepted values: 0-100
+  ## Default: 100
+  ##
+  #volume: 100
+
+  ##
+  ## Allow 360° videos to be played.
+  ##
+  ## Note: This feature requires a WebGL-enabled browser.
+  ##
+  ## Accepted values: true, false
+  ## Default: true
+  ##
+  #vr_mode: true
+  
+  ##
+  ## Save the playback position
+  ## Allow to continue watching at the previous position when
+  ## watching the same video.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #save_player_pos: false
+
+  # -----------------------------
+  #  Subscription feed
+  # -----------------------------
+
+  ##
+  ## In the "Subscription" feed, only show the latest video
+  ## of each channel the user is subscribed to.
+  ##
+  ## Note: when combined with 'unseen_only', the latest unseen
+  ## video of each channel will be displayed instead of the
+  ## latest by date.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #latest_only: false
+
+  ##
+  ## Enable/Disable user subscriptions desktop notifications.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #notifications_only: false
+
+  ##
+  ## In the "Subscription" feed, Only show the videos that the
+  ## user haven't watched yet (i.e which are not in their watch
+  ## history).
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #unseen_only: false
+
+  ##
+  ## Default sorting parameter for subscription feeds.
+  ##
+  ## Accepted values:
+  ##   'alphabetically'
+  ##   'alphabetically - reverse'
+  ##   'channel name'
+  ##   'channel name - reverse'
+  ##   'published'
+  ##   'published - reverse'
+  ##
+  ## Default: published
+  ##
+  #sort: published
+
+
+  # -----------------------------
+  #  Miscellaneous
+  # -----------------------------
+
+  ##
+  ## Proxy videos through instance by default.
+  ##
+  ## Warning: As most users won't change this setting in their
+  ## preferences, defaulting  to true will significantly
+  ## increase the instance's network usage, so make sure that
+  ## your server's connection can handle it.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #local: false
+
+  ##
+  ## Show the connected user's nick at the top right.
+  ##
+  ## Accepted values: true, false
+  ## Default: true
+  ##
+  #show_nick: true
+
+  ##
+  ## Automatically redirect to a random instance when the user uses
+  ## any "switch invidious instance" link (For videos, it's the plane
+  ## icon, next to "watch on youtube" and "listen"). When set to false,
+  ## the user is sent to https://redirect.invidious.io instead, where
+  ## they can manually select an instance.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #automatic_instance_redirect: false
+
+  ##
+  ## Show the entire video description by default (when set to 'false',
+  ## only the first few lines of the description are shown and a
+  ## "show more" button allows to expand it).
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  #extend_desc: false

ansible/group_vars/all.yml

@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
   $ANSIBLE_VAULT;1.1;AES256
-  66373236656261373330343233616231386539616566613864306436613635323533336365383232
-  6636653139393566643265303135343864363632393035380a643566373137316363626438356431
-  64653237313866316537326565386164373564353166346334663638636531353337303937346466
-  3539366634393337620a653133336530333963343638643934303336653935363932643665353234
-  63343565663632633563396131346139666236313863663332386131633831633566373366613738
-  63343634313539336534666632313736343338623538303434316230383764643432646663356238
-  61373132633062346436363036333533623931313037306633616662623032616137613734343638
-  63633031616161623437623935346366636433653435646333313638376161663237323130636433
-  31383031646666626163323966393738386233346137326231366263316532343563
+  30623330336664656231653066343930303830343530323930613666643863623837633738346639
+  3734386663383333386635623931343361343363396434660a633637666539626264653437636134
+  36616334386264383330323164333432623538366234326563323664353338646331353233396161
+  3030623162373232320a386432393337613431303432613065626163326363316365613937623031
+  39316566343238363934383833376136323461336666663762383663633531303138616132333938
+  30316334363436333164303035643835316238313038663761636338313433303766626238656234
+  34373436396430646339326361366634363735346637303865373164363663663263646661366663
+  36336334393535386332646461313262646131383932353534363936623961613761333762376561
+  31366662626231346638346339626565653831613865646436643233653066366534
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"

docker-compose.yml

@@ -311,7 +311,7 @@ services:
       homepage.widget.url: http://beszel:8090
       homepage.widget.username: ${SWAG_ENVIRONMENT_EMAIL}
       homepage.widget.password: ${BESZEL_ADMIN_PASSWORD}
-      homepage.widget.systemId: Rinoa
+      homepage.widget.version: 2
       swag: enable
       swag_proto: http
       swag_port: 8090
@@ -617,6 +617,28 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
+  convertx:
+    container_name: convertx
+    environment:
+      JWT_SECRET: ${CONVERTX_JWT_SECRET}
+    image: ghcr.io/c4illin/convertx
+    labels:
+      homepage.group: System Administration
+      homepage.name: ConvertX
+      homepage.href: https://convert.${MY_TLD}
+      homepage.icon: sh-convertx.png
+      homepage.description: Online file converter
+      swag: enable
+      swag_port: 3000
+      swag_proto: http
+      swag_url: convert.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://convert.${MY_TLD}
+    ports:
+      - 38946:3000
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/convertx:/app/data
   cronicle:
     container_name: cronicle
     entrypoint: manager
@@ -1469,266 +1491,6 @@ services:
         type: bind
         bind:
           create_host_path: true
-#  grafana:
-#    container_name: grafana
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    environment:
-#      GF_INSTALL_PLUGINS: grafana-piechart-panel
-#      TZ: America/New_York
-#    hostname: Rinoa
-#    image: grafana/grafana-enterprise:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana (LGTM)
-#      homepage.href: https://mon.${MY_TLD}
-#      homepage.description: Monitoring Dashboard for metrics, logs, traces, & profiles
-#      homepage.icon: grafana.png
-#      homepage.widget.type: grafana
-#      homepage.widget.url: http://grafana:3000
-#      homepage.widget.username: admin
-#      homepage.widget.password: ${GRAFANA_ADMIN_PASSWORD}
-#      swag: enable
-#      swag_proto: http
-#      swag_url: mon.${MY_TLD}
-#      swag.uptime-kuma.enabled: true
-#      swag.uptime-kuma.monitor.url: https://mon.${MY_TLD}
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "3006"
-#        target: 3000
-#    restart: unless-stopped
-#    user: 1000:1000
-#    volumes:
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /etc/localtime
-#        target: /etc/localtime
-#        type: bind
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/data
-#        target: /var/lib/grafana
-#        type: bind
-#        bind:
-#          create_host_path: true
-#      - bind:
-#          create_host_path: true
-#        source: /rinoa-storage
-#        target: /storage
-#        type: bind
-#  grafana-alloy:
-#    cap_add:
-#      - SYS_ADMIN
-#      - SYS_TIME
-#      - BPF
-#      - SYSLOG
-#    command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy
-#    container_name: grafana-alloy
-#    environment:
-#      DOCKER_HOST: tcp://dockerproxy:2375
-#    image: grafana/alloy:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana Alloy
-#      homepage.description: Agent for metric/log/trace/profile collection and writing
-#      homepage.href: http://192.168.1.254:12345
-#      homepage.icon: sh-grafana-alloy.svg
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "12345"
-#        target: 12345
-#    privileged: true
-#    restart: always
-#    volumes:
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy
-#        target: /etc/alloy/config.alloy
-#        type: bind
-#        bind:
-#          create_host_path: true
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json
-#        target: /etc/alloy/endpoints.json
-#        type: bind
-#        bind:
-#          create_host_path: true
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /proc
-#        target: /host/proc
-#        type: bind
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /sys
-#        target: /host/sys
-#        type: bind
-#      - bind:
-#          create_host_path: true
-#        read_only: true
-#        source: /
-#        target: /rootfs
-#        type: bind
-#  grafana-loki:
-#    command: -config.file=/etc/loki/loki-config.yaml
-#    container_name: grafana-loki
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/loki:latest
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "3100"
-#        target: 3100
-#    restart: unless-stopped
-#    volumes:
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml
-#        target: /etc/loki/loki-config.yaml
-#        type: bind
-#        bind:
-#          create_host_path: true
-#  grafana-mimir:
-#    command:
-#      - -ingester.native-histograms-ingestion-enabled=true
-#      - -config.file=/etc/mimir.yaml
-#    container_name: grafana-mimir
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/mimir:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana Mimir
-#      homepage.href: http://192.168.1.254:9009
-#      homepage.description: Long-term metrics storage
-#      homepage.icon: /icons/grafana-mimir.png
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "9009"
-#        target: 9009
-#    restart: unless-stopped
-#    volumes:
-#      - source: grafana-mimir-data
-#        target: /data
-#        type: volume
-#        volume: {}
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml
-#        target: /etc/mimir.yaml
-#        type: bind
-#        bind:
-#          create_host_path: true
-#  grafana-mimir-memcached:
-#    container_name: grafana-mimir-memcached
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    environment:
-#      MEMCACHED_MEMORY_LIMIT: 1g
-#      MEMCACHED_THREADS: 4
-#      MEMCACHED_MAX_CONNECTIONS: 2048
-#      MEMCACHED_TCP_PORT: 11211
-#      MEMCACHED_UDP_PORT: 11211
-#    image: memcached
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "11211"
-#        target: 11211
-#    restart: unless-stopped
-#  grafana-pyroscope:
-#    command:
-#      - -config.file=/etc/pyroscope.yml
-#    container_name: grafana-pyroscope
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/pyroscope:latest
-#    labels:
-#      homepage.group: Infrastructure/App Performance Monitoring
-#      homepage.name: Grafana Pyroscope
-#      homepage.description: Profiling for applications
-#      homepage.href: http://192.168.1.254:4040
-#      homepage.icon: /icons/grafana-pyroscope.svg
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "4040"
-#        target: 4040
-#    restart: unless-stopped
-#    volumes:
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml
-#        target: /etc/pyroscope.yml
-#        type: bind
-#        bind:
-#          create_host_path: true
-#  grafana-tempo:
-#    command:
-#      - -config.file=/etc/tempo.yaml
-#    container_name: grafana-tempo
-#    depends_on:
-#      grafana-alloy:
-#        condition: service_started
-#        required: true
-#    image: grafana/tempo:latest
-#    networks:
-#      default: null
-#    ports:
-#      - mode: ingress
-#        protocol: tcp
-#        published: "14268"
-#        target: 14268
-#      - mode: ingress
-#        protocol: tcp
-#        published: "3200"
-#        target: 3200
-#      - mode: ingress
-#        protocol: tcp
-#        published: "9095"
-#        target: 9095
-#      - mode: ingress
-#        protocol: tcp
-#        published: "4317"
-#        target: 4317
-#      - mode: ingress
-#        protocol: tcp
-#        published: "4318"
-#        target: 4318
-#      - mode: ingress
-#        protocol: tcp
-#        published: "9411"
-#        target: 9411
-#    restart: unless-stopped
-#    volumes:
-#      - source: grafana-tempo-data
-#        target: /var/tempo
-#        type: volume
-#        volume: {}
-#      - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml
-#        target: /etc/tempo.yaml
-#        type: bind
-#        bind:
-#          create_host_path: true
   guacamole:
     container_name: guacamole
     environment:
@@ -2055,19 +1817,7 @@ services:
         condition: service_started
         required: true
     environment:
-      INVIDIOUS_CONFIG: |
-        db:
-          dbname: invidious
-          user: kemal
-          password: ${INVID_PG_DB_PASSWORD}
-          host: invidious-db
-          port: 5432
-        check_tables: true
-        # external_port:
-        # domain:
-        # https_only: false
-        # statistics_enabled: false
-        hmac_key: "8Qyuvl9TWYdkvVo8BJ14qM4HBshKieR3KvDc3vsECx1L4OR51i-EtW2K74MmAVHeNPmJetM67T0M-9FIm7b-MA"
+      INVIDIOUS_CONFIG_FILE: /config.yml
     healthcheck:
       interval: 30s
       retries: 2
@@ -2094,6 +1844,23 @@ services:
         published: "3007"
         target: 3000
     restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/invidious/config.yml:/config.yml
+  invidious-sig-helper:
+    cap_drop:
+      - ALL
+    command: ["--tcp", "0.0.0.0:12999"]
+    container_name: invidious-sig-helper
+    image: quay.io/invidious/inv-sig-helper:latest
+    init: true
+    environment:
+      RUST_LOG: info
+    expose:
+      - 12999
+    restart: unless-stopped
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
   invidious-db:
     container_name: invidious-db
     environment:
@@ -2924,6 +2691,31 @@ services:
         published: "22300"
         target: 22300
     restart: unless-stopped
+  libretranslate:
+    container_name: libretranslate
+    # command: --ssl --ga-id MY-GA-ID --req-limit 100 --char-limit 500
+    image: libretranslate/libretranslate
+    healthcheck:
+      test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
+    environment:
+      LT_UPDATE_MODELS: true
+    labels:
+      homepage.group: Personal Services
+      homepage.name: LibreTranslate
+      homepage.href: https://translate.${MY_TLD}
+      homepage.icon: sh-libretranslate.svg
+      homepage.description: Open-source language translation
+      swag: enable
+      swag_port: 5000
+      swag_url: translate.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
+    ports:
+      - 5000:5000
+    restart: unless-stopped
+    volumes:
+    #   - libretranslate_api_keys:/app/db
+      - libretranslate_models:/home/libretranslate/.local:rw
   lidarr:
     container_name: lidarr
     environment:
@@ -3408,13 +3200,16 @@ services:
       TZ: ${TZ}
       PORT: 20211
     image: jokobsk/netalertx:latest
-    network_mode: host
     labels:
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: NetAlertX
       homepage.href: http://192.168.1.254:20211
       homepage.icon: netalertx.svg
       homepage.description: Network Monitoring
+      homepage.widget.type: netalertx
+      homepage.widget.url: http://192.168.1.254:20211
+      homepage.widget.key: ${NETALERTX_API_TOKEN}
+    network_mode: host
     restart: unless-stopped
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/netalertx/config:/app/config
@@ -3559,6 +3354,9 @@ services:
       homepage.href: https://cloud.${MY_TLD}
       homepage.icon: nextcloud.svg
       homepage.description: Private Cloud
+      homepage.widget.type: nextcloud
+      homepage.widget.url: https://cloud.trez.wtf
+      homepage.widget.key: ${NEXTCLOUD_HOMEPAGE_TOKEN}
       swag: enable
       swag_port: 11000
       swag_proto: http
@@ -3745,6 +3543,51 @@ services:
       - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
     ports:
       - 14453:8000
+  peppermint:
+    container_name: peppermint
+    depends_on:
+      peppermint-pg-db:
+        condition: service_started
+        required: true
+    environment:
+      BASE_URL: https://support.trez.wtf
+      DB_USERNAME: peppermint
+      DB_PASSWORD: ${PEPPERMINT_PG_PASSWORD}
+      DB_HOST: peppermint-pg-db
+      SECRET: ${PEPPERMINT_SECRET_KEY}
+    image: pepperlabs/peppermint:latest
+    labels:
+      swag: enable
+      swag_proto: http
+      swag_port: 3000
+      swag_url: support.${MY_TLD}
+      swag_server_custom_directive: |
+        location /api {
+              proxy_pass http://peppermint:5003;
+        }
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
+      homepage.group: Professional Services
+      homepage.name: Peppermint
+      homepage.href: https://support.${MY_TLD}
+      homepage.icon: peppermint.svg
+      homepage.description: Open-source ticket management and help desk solution
+    ports:
+      - 3000:3000
+      - 5003:5003
+    restart: always
+  peppermint-pg-db:
+    container_name: peppermint-pg-db
+    environment:
+      POSTGRES_USER: peppermint
+      POSTGRES_PASSWORD: ${PEPPERMINT_PG_PASSWORD}
+      POSTGRES_DB: peppermint
+    expose:
+      - 5432
+    image: postgres:17-alpine
+    restart: always
+    volumes:
+      - peppermint-pg-data:/var/lib/postgresql/data
   pgbackweb:
     container_name: pgbackweb
     depends_on:
@@ -6299,11 +6142,10 @@ services:
     environment:
       PGID: ${PGID}
       PUID: ${PUID}
-      TZ: America/New_York
+      TZ: ${TZ}
       UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME}
       UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
-      DOCKER_HOST: http://dockerproxy:2375
-      DOCKER_MODS: ghcr.io/themepark-dev/theme.park:uptime-kuma
+      DOCKER_HOST: tcp://dockerproxy:2375
     hostname: Rinoa
     image: louislam/uptime-kuma:latest
     labels:
@@ -6312,6 +6154,9 @@ services:
       homepage.href: https://uptime.${MY_TLD}
       homepage.icon: uptime-kuma.png
       homepage.description: HTTP Endpoint Monitoring
+      homepage.widget.type: uptimekuma
+      homepage.widget.url: http://uptimekuma:3001
+      homepage.widget.slug: rinoa-services
       swag: enable
       swag_proto: http
       swag_url: uptime.${MY_TLD}
@@ -6619,362 +6464,6 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
-  zammad-backup:
-    command:
-      - zammad-backup
-    container_name: zammad-backup
-    depends_on:
-      zammad-postgresql:
-        condition: service_started
-        required: true
-      zammad-railsserver:
-        condition: service_started
-        required: true
-    entrypoint: /usr/local/bin/backup.sh
-    environment:
-      AUTOWIZARD_JSON: null
-      AUTOWIZARD_RELATIVE_PATH: null
-      BACKUP_TIME: "03:00"
-      ELASTICSEARCH_ENABLED: true
-      ELASTICSEARCH_HOST: zammad-elasticsearch
-      ELASTICSEARCH_NAMESPACE: trez_it
-      ELASTICSEARCH_PORT: 9200
-      ELASTICSEARCH_REINDEX: true
-      ELASTICSEARCH_SCHEMA: http
-      ELASTICSEARCH_SSL_VERIFY: false
-      HOLD_DAYS: "10"
-      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
-      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRESQL_DB_CREATE: true
-      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
-      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
-      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
-      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
-      RAILS_LOG_TO_STDOUT: true
-      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
-      REDIS_URL: ${ZAMMAD_REDIS_URL}
-      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
-      TZ: Europe/Berlin
-      ZAMMAD_BIND_IP: 0.0.0.0
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
-      ZAMMAD_PROCESS_SCHEDULED: null
-      ZAMMAD_SESSION_JOBS: null
-      ZAMMAD_WEB_CONCURRENCY: null
-    image: postgres:${ZAMMAD_POSTGRES_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - source: zammad-backup
-        target: /var/tmp/zammad
-        type: volume
-        volume: {}
-      - read_only: true
-        source: zammad-storage
-        target: /opt/zammad/storage
-        type: volume
-        volume: {}
-      - read_only: true
-        source: ${DOCKER_VOLUME_CONFIG}/zammad/scripts/backup.sh
-        target: /usr/local/bin/backup.sh
-        type: bind
-        volume: {}
-  zammad-elasticsearch:
-    container_name: zammad-elasticsearch
-    expose:
-      - 9200
-    image: bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - source: zammad-es-data
-        target: /bitnami/elasticsearch/data
-        type: volume
-        volume: {}
-  zammad-init:
-    command:
-      - zammad-init
-    container_name: zammad-init
-    depends_on:
-      zammad-postgresql:
-        condition: service_started
-        required: true
-    environment:
-      AUTOWIZARD_JSON: null
-      AUTOWIZARD_RELATIVE_PATH: null
-      ELASTICSEARCH_ENABLED: true
-      ELASTICSEARCH_HOST: zammad-elasticsearch
-      ELASTICSEARCH_NAMESPACE: trez_it
-      ELASTICSEARCH_PORT: 9200
-      ELASTICSEARCH_REINDEX: true
-      ELASTICSEARCH_SCHEMA: http
-      ELASTICSEARCH_SSL_VERIFY: false
-      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
-      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRESQL_DB_CREATE: true
-      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
-      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
-      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
-      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
-      RAILS_LOG_TO_STDOUT: true
-      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
-      REDIS_URL: ${ZAMMAD_REDIS_URL}
-      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
-      ZAMMAD_BIND_IP: 0.0.0.0
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
-      ZAMMAD_PROCESS_SCHEDULED: null
-      ZAMMAD_SESSION_JOBS: null
-      ZAMMAD_WEB_CONCURRENCY: null
-    hostname: init
-    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
-    networks:
-      default: null
-    restart: on-failure
-    user: "0:0"
-    volumes:
-      - zammad-storage:/opt/zammad/storage
-  zammad-memcached:
-    command: memcached -m 256M
-    container_name: zammad-memcached
-    image: memcached:${ZAMMAD_MEMCACHE_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-  zammad-nginx:
-    command:
-      - zammad-nginx
-    container_name: zammad-nginx
-    depends_on:
-      zammad-railsserver:
-        condition: service_started
-        required: true
-    environment:
-      AUTOWIZARD_JSON: null
-      AUTOWIZARD_RELATIVE_PATH: null
-      ELASTICSEARCH_ENABLED: true
-      ELASTICSEARCH_HOST: zammad-elasticsearch
-      ELASTICSEARCH_NAMESPACE: trez_it
-      ELASTICSEARCH_PORT: 9200
-      ELASTICSEARCH_REINDEX: true
-      ELASTICSEARCH_SCHEMA: http
-      ELASTICSEARCH_SSL_VERIFY: false
-      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
-      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRESQL_DB_CREATE: true
-      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
-      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
-      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
-      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
-      RAILS_LOG_TO_STDOUT: true
-      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
-      REDIS_URL: ${ZAMMAD_REDIS_URL}
-      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
-      ZAMMAD_BIND_IP: 0.0.0.0
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
-      ZAMMAD_PROCESS_SCHEDULED: null
-      ZAMMAD_SESSION_JOBS: null
-      ZAMMAD_WEB_CONCURRENCY: null
-    expose:
-      - "8080"
-    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
-    labels:
-      swag: enable
-      swag_proto: http
-      swag_port: 8080
-      swag_url: support.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
-      homepage.group: Professional Services
-      homepage.name: Zammad
-      homepage.href: https://support.${MY_TLD}
-      homepage.icon: zammad.svg
-      homepage.description: Open-source helpdesk/customer support system
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - zammad-storage:/opt/zammad/storage
-  zammad-postgresql:
-    container_name: zammad-postgresql
-    environment:
-      POSTGRES_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRES_USER: ${ZAMMAD_POSTGRES_USER}
-    hostname: postgresql
-    image: postgres:${ZAMMAD_POSTGRES_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - source: zammad-pg-data
-        target: /var/lib/postgresql/data
-        type: volume
-        volume: {}
-  zammad-railsserver:
-    command:
-      - zammad-railsserver
-    container_name: zammad-railserver
-    depends_on:
-      zammad-memcached:
-        condition: service_started
-        required: true
-      zammad-postgresql:
-        condition: service_started
-        required: true
-      zammad-redis:
-        condition: service_started
-        required: true
-    environment:
-      AUTOWIZARD_JSON: null
-      AUTOWIZARD_RELATIVE_PATH: null
-      ELASTICSEARCH_ENABLED: true
-      ELASTICSEARCH_HOST: zammad-elasticsearch
-      ELASTICSEARCH_NAMESPACE: trez_it
-      ELASTICSEARCH_PORT: 9200
-      ELASTICSEARCH_REINDEX: true
-      ELASTICSEARCH_SCHEMA: http
-      ELASTICSEARCH_SSL_VERIFY: false
-      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
-      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRESQL_DB_CREATE: true
-      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
-      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
-      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
-      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
-      RAILS_LOG_TO_STDOUT: true
-      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
-      REDIS_URL: ${ZAMMAD_REDIS_URL}
-      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
-      ZAMMAD_BIND_IP: 0.0.0.0
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
-      ZAMMAD_PROCESS_SCHEDULED: null
-      ZAMMAD_SESSION_JOBS: null
-      ZAMMAD_WEB_CONCURRENCY: null
-    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - source: zammad-storage
-        target: /opt/zammad/storage
-        type: volume
-        volume: {}
-  zammad-redis:
-    container_name: zammad-redis
-    image: redis:${ZAMMAD_REDIS_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - source: zammad-redis-data
-        target: /data
-        type: volume
-        volume: {}
-  zammad-scheduler:
-    command:
-      - zammad-scheduler
-    container_name: zammad-scheduler
-    depends_on:
-      zammad-memcached:
-        condition: service_started
-        required: true
-      zammad-postgresql:
-        condition: service_started
-        required: true
-      zammad-redis:
-        condition: service_started
-        required: true
-    environment:
-      AUTOWIZARD_JSON: null
-      AUTOWIZARD_RELATIVE_PATH: null
-      ELASTICSEARCH_ENABLED: true
-      ELASTICSEARCH_HOST: zammad-elasticsearch
-      ELASTICSEARCH_NAMESPACE: trez_it
-      ELASTICSEARCH_PORT: 9200
-      ELASTICSEARCH_REINDEX: true
-      ELASTICSEARCH_SCHEMA: http
-      ELASTICSEARCH_SSL_VERIFY: false
-      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
-      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRESQL_DB_CREATE: true
-      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
-      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
-      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
-      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
-      RAILS_LOG_TO_STDOUT: true
-      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
-      REDIS_URL: ${ZAMMAD_REDIS_URL}
-      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
-      ZAMMAD_BIND_IP: 0.0.0.0
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
-      ZAMMAD_PROCESS_SCHEDULED: null
-      ZAMMAD_SESSION_JOBS: null
-      ZAMMAD_WEB_CONCURRENCY: null
-    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - source: zammad-storage
-        target: /opt/zammad/storage
-        type: volume
-        volume: {}
-  zammad-websocket:
-    command:
-      - zammad-websocket
-    container_name: zammad-websocket
-    depends_on:
-      zammad-memcached:
-        condition: service_started
-        required: true
-      zammad-postgresql:
-        condition: service_started
-        required: true
-      zammad-redis:
-        condition: service_started
-        required: true
-    environment:
-      AUTOWIZARD_JSON: null
-      AUTOWIZARD_RELATIVE_PATH: null
-      ELASTICSEARCH_ENABLED: true
-      ELASTICSEARCH_HOST: zammad-elasticsearch
-      ELASTICSEARCH_NAMESPACE: trez_it
-      ELASTICSEARCH_PORT: 9200
-      ELASTICSEARCH_REINDEX: true
-      ELASTICSEARCH_SCHEMA: http
-      ELASTICSEARCH_SSL_VERIFY: false
-      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
-      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRESQL_DB_CREATE: true
-      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
-      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
-      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
-      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
-      RAILS_LOG_TO_STDOUT: true
-      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
-      REDIS_URL: ${ZAMMAD_REDIS_URL}
-      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
-      ZAMMAD_BIND_IP: 0.0.0.0
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
-      ZAMMAD_PROCESS_SCHEDULED: null
-      ZAMMAD_SESSION_JOBS: null
-      ZAMMAD_WEB_CONCURRENCY: null
-    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
-    networks:
-      default: null
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - source: zammad-storage
-        target: /opt/zammad/storage
-        type: volume
-        volume: {}
   zitadel:
     container_name: zitadel
     image: ghcr.io/zitadel/zitadel:latest
@@ -7032,10 +6521,6 @@ volumes:
     name: crowdsec-config
   crowdsec-db:
     name: crowdsec-db
-  dagu_config:
-    name: dagu_config
-  dagu_data:
-    name: dagu_data
   dbgate-data:
     name: dbgate-data
   fastenhealth-cache:
@@ -7048,10 +6533,6 @@ volumes:
     name: filebeat_var
   gitea-pg-db:
     name: gitea-pg-db
-  grafana-mimir-data:
-    name: grafana-mimir-data
-  grafana-tempo-data:
-    name: grafana-tempo-data
   hortusfox_app_backup:
     name: hortusfox_app_backup
   hortusfox_app_images:
@@ -7084,6 +6565,8 @@ volumes:
     name: jitsi-web-admin-upload
   joplin_data:
     name: joplin_data
+  libretranslate_models:
+    name: libretranslate_models
   lldap_data:
     name: lldap_data
   mastodon-pg-db:
@@ -7100,12 +6583,6 @@ volumes:
     name: netbird-signal
   netbird-letsencrypt:
     name: netbird-letsencrypt
-  netbox-pg-db:
-    name: netbox-pg-db
-  netdata-cache:
-    name: netdata-cache
-  netdata-lib:
-    name: netdata-lib
   nextcloud_aio_mastercontainer:
     name: nextcloud_aio_mastercontainer
   ollama:
@@ -7118,6 +6595,8 @@ volumes:
     name: paperless-ngx-media
   paperless-ngx-pg:
     name: paperless-ngx-pg
+  peppermint-pg-data:
+    name: peppermint-pg-data
   pgbackweb-data:
     name: pgbackweb-data
   plausible-db-data:
@@ -7152,81 +6631,5 @@ volumes:
     name: wallos-db
   wallos-logos:
     name: wallos-logos
-  wazuh-dashboard-config:
-    name: wazuh-dashboard-config
-  wazuh-dashboard-custom:
-    name: wazuh-dashboard-custom
-  wazuh-indexer-data:
-    name: wazuh-indexer-data
-  wazuh_active_response:
-    name: wazuh_active_response
-  wazuh_agentless:
-    name: wazuh_agentless
-  wazuh_api_configuration:
-    name: wazuh_api_configuration
-  wazuh_etc:
-    name: wazuh_etc
-  wazuh_integrations:
-    name: wazuh_integrations
-  wazuh_logs:
-    name: wazuh_logs
-  wazuh_queue:
-    name: wazuh_queue
-  wazuh_var_multigroups:
-    name: wazuh_var_multigroups
-  wazuh_wodles:
-    name: wazuh_wodles
-  zammad-backup:
-    driver: local
-    name: zammad-backup
-  zammad-es-data:
-    driver: local
-    name: zammad-es-data
-  zammad-pg-data:
-    driver: local
-    name: zammad-pg-data
-  zammad-redis-data:
-    driver: local
-    name: zammad-redis-data
-  zammad-storage:
-    driver: local
-    name: zammad-storage
   zitadel-pg-db:
-    name: zitadel-pg-db
-x-shared:
-  zammad-service:
-    depends_on:
-      - zammad-memcached
-      - zammad-postgresql
-      - zammad-redis
-    environment:
-      AUTOWIZARD_JSON: null
-      AUTOWIZARD_RELATIVE_PATH: null
-      ELASTICSEARCH_ENABLED: true
-      ELASTICSEARCH_HOST: zammad-elasticsearch
-      ELASTICSEARCH_NAMESPACE: trez_it
-      ELASTICSEARCH_PORT: 9200
-      ELASTICSEARCH_REINDEX: true
-      ELASTICSEARCH_SCHEMA: http
-      ELASTICSEARCH_SSL_VERIFY: false
-      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
-      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
-      POSTGRESQL_DB_CREATE: true
-      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
-      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
-      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
-      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
-      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
-      RAILS_LOG_TO_STDOUT: true
-      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
-      REDIS_URL: ${ZAMMAD_REDIS_URL}
-      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
-      ZAMMAD_BIND_IP: 0.0.0.0
-      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
-      ZAMMAD_PROCESS_SCHEDULED: null
-      ZAMMAD_SESSION_JOBS: null
-      ZAMMAD_WEB_CONCURRENCY: null
-    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
-    restart: ${ZAMMAD_RESTART}
-    volumes:
-      - zammad-storage:/opt/zammad/storage
+    name: zitadel-pg-db