Small tweaks to Bunkerweb.

Merged by Trez.One

.gitea/workflows/pr-ansible-config-only-deploy.yml

@@ -1,160 +0,0 @@
-name: Gitea Branch PR & Ansible Configurations Deployment
-on:
-  push:
-    branches:
-      - '**'
-    paths:
-      - '**.j2'
-jobs:
-  check-and-create-pr:
-    if: github.ref != 'refs/heads/main'
-    name: Check and Create PR
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Cache tea CLI
-        id: cache-tea
-        uses: actions/cache@v4
-        with:
-          path: /opt/hostedtoolcache/tea/0.9.2/x64
-          key: tea-${{ runner.os }}-0.9.2
-      - name: Install tea
-        uses: supplypike/setup-bin@v4
-        with:
-          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
-          name: 'tea'
-          version: '0.9.2'
-      - name: Check if open PR exists
-        id: check-opened-pr-step
-        continue-on-error: true
-        run: |
-          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
-          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
-      - name: Create PR
-        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
-        run: |
-          tea login default gitea-rinoa
-          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
-          pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
-  ansible-lint:
-    name: Ansible Lint
-    needs: [check-and-create-pr]
-    runs-on: ubuntu-latest
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_NAMESPACE: ""
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Cache Ansible Galaxy Collections
-        uses: actions/cache@v3
-        with:
-          path: ansible/collections
-          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
-          restore-keys: |
-            ${{ runner.os }}-ansible-
-      - name: Install Ansible
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
-        with:
-          version: "11.0.0"
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-      - name: Install hvac
-        run: pip install hvac
-      - name: Ansible Playbook Dry Run
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
-          options: |
-            --inventory inventory/hosts.yml
-            --check
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Ansible dry run completed successfully.'
-  pr-merge:
-    name: PR Merge
-    needs: [regenerate-readme-modified-services]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Install tea
-        uses: supplypike/setup-bin@v4
-        with:
-          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
-          name: 'tea'
-          version: '0.9.2'
-      - name: PR Merge
-        id: pr_merge
-        run: |
-          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          tea login default gitea-rinoa
-          echo "Merging PR..."
-          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
-          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
-          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: PR Merge Successful'
-          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
-  ansible-config-deploy:
-    name: Deploy via Ansible & Docker Compose
-    runs-on: ubuntu-latest
-    needs: [pr-merge]
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      DOCKER_HOST: tcp://dockerproxy:2375
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          ref: main
-      - name: Cache Vault install
-        id: cache-vault
-        uses: actions/cache@v4
-        with:
-          path: /opt/hostedtoolcache/vault/1.18.0/x64
-          key: vault-${{ runner.os }}-1.18.0
-      - name: Install Ansible
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
-        with:
-          version: "11.0.0"
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-      - name: Install hvac
-        run: pip install hvac
-      - name: Deploy Docker Configs via Ansible
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
-          options: |
-            --inventory inventory/hosts.yml
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Deployment completed successfully.'

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -254,7 +254,7 @@ jobs:
           notification_title: 'GITEA: PR Merge Successful'
           notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
   ansible-config-docker-compose-deploy:
-    name: Deploy via Ansible & Docker Compose
+    name: Ansible Configs & Docker Compose Deployment
     runs-on: ubuntu-latest
     needs: [pr-merge]
     env:

README.md

@@ -17,6 +17,11 @@
 | bitwarden | vaultwarden/server:latest |
 | bluesky-pds | ghcr.io/bluesky-social/pds:latest |
 | browserless | ghcr.io/browserless/chromium:latest |
+| bunkerweb | bunkerity/bunkerweb:1.6.0 |
+| bunkerweb-scheduler | bunkerity/bunkerweb-scheduler:1.6.0 |
+| bunkerweb-autoconf | bunkerity/bunkerweb-autoconf:1.6.0 |
+| bunkerweb-ui | bunkerity/bunkerweb-ui:1.6.0 |
+| bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
@@ -24,6 +29,7 @@
 | cronicle | elestio/cronicle:latest |
 | crowdsec | crowdsecurity/crowdsec:latest |
 | crowdsec-dashboard | metabase/metabase |
+| cyber-chef | mpepping/cyberchef:latest |
 | czkawka | jlesage/czkawka |
 | dawarich-app | freikin/dawarich:latest |
 | dawarich-pg-db | postgis/postgis:17-3.5-alpine |
@@ -38,7 +44,6 @@
 | ghost | ghost:latest |
 | gitea | gitea/gitea:1.23.1 |
 | gitea-db | postgres:14 |
-| gitea-opengist | ghcr.io/thomiceli/opengist:latest |
 | gitea-runner | gitea/act_runner:latest |
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
 | gluetun | qmcgaw/gluetun:latest |
@@ -74,6 +79,7 @@
 | lidify | thewicklowwolf/lidify:latest |
 | lldap | lldap/lldap:stable |
 | maloja | krateng/maloja:latest |
+| manyfold | lscr.io/linuxserver/manyfold:latest |
 | mariadb | linuxserver/mariadb |
 | mastodon | lscr.io/linuxserver/mastodon:latest |
 | mastodon-pg-db | postgres:17-alpine |
@@ -102,7 +108,7 @@
 | plausible | ghcr.io/plausible/community-edition:v2.1.0 |
 | plausible_db | postgres:16-alpine |
 | plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
-| portainer | portainer/portainer-ce:alpine-sts |
+| portainer | portainer/portainer-ce:2.27.0-alpine |
 | portall | need4swede/portall:latest |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
@@ -121,11 +127,13 @@
 | scraperr-api | jpyles0524/scraperr_api:latest |
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
+| semaphore | semaphoreui/semaphore:v2.12.14 |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
 | sonashow | thewicklowwolf/sonashow:latest |
 | soularr | mrusse08/soularr:latest |
+| soularr-dashboard | git.trez.wtf/trez.one/soularr-dashboard:v0.1 |
 | soulseek | slskd/slskd |
 | sourcebot | ghcr.io/sourcebot-dev/sourcebot:latest |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
@@ -143,6 +151,4 @@
 | web-check | lissy93/web-check |
 | your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |
-| zitadel | ghcr.io/zitadel/zitadel:latest |
-| zitadel-pg-db | postgres:16-alpine |
 

ansible/app-configs/crowdsec_local-api-credentials.yaml.j2

@@ -0,0 +1,6 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+url: http://0.0.0.0:8080
+login: localhost
+password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_LOCAL_API_KEY'] }}

ansible/app-configs/homepage_settings.yaml.j2

@@ -22,33 +22,32 @@ provider: duckduckgo
 
 layout:
   System Administration:
-    # style: row
-    # columns: 4
-    fiveColumns: true
+    style: row
+    columns: 5
   Infrastructure/App Performance Monitoring:
     style: row
-    columns: 3
+    columns: 4
   Code/DevOps:
     style: row
-    columns: 3
+    columns: 4
   Social:
     style: row
     columns: 3
   Lifestyle:
     style: row
-    columns: 3
+    columns: 5
   Automation:
-    style: columns
-    row: 2
+    style: row
+    columns: 5
   Privacy/Security:
-    style: columns
-    row: 5
+    style: row
+    columns: 3
   Personal Services:
     style: row
     columns: 3
   Professional Services:
     style: row
-    columns: 3
+    columns: 5
   Servarr Stack:
     style: row
     columns: 3

ansible/app-configs/sabnzbdvpn_sabnzbd.ini.j2

@@ -342,7 +342,7 @@ host = news.newshosting.com
 port = 563
 timeout = 60
 username = thetrezuredone
-password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_PASSWORD'] }}
+password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
 connections = 8
 ssl = 1
 ssl_verify = 3

ansible/app-configs/soularr_config.ini.j2

@@ -0,0 +1,76 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+[Lidarr]
+api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
+host_url = http://lidarr:8686
+#This should be the path mounted in lidarr that points to your slskd download directory.
+#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
+download_dir = /storage
+
+[Slskd]
+#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
+api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
+host_url = http://gluetun:5030
+#Slskd download directory. Should have set it up when installing Slskd.
+download_dir = /app/downloads
+#Removes searches from Slskd after the search finishes.
+delete_searches = False
+#Maximum time (in seconds) that the script will wait for downloads to complete.
+#This is used to prevent the script from running forever due to a stalled download. Defaults to 1 hour.
+stalled_timeout = 3600
+
+[Release Settings]
+#Selects the release with the most common amount of tracks out of all the releases.
+use_most_common_tracknum = True
+allow_multi_disc = True
+#See full list of countries below.
+accepted_countries = Europe,Japan,United Kingdom,United States,[Worldwide],Australia,Canada
+#See full list of formats below.
+accepted_formats = CD,Digital Media,Vinyl
+
+[Search Settings]
+search_timeout = 5000
+maximum_peer_queue = 50
+#Min upload speed in bit/s
+minimum_peer_upload_speed = 0
+#Min match ratio accepted when comparing lidarr track names to soulseek filenames.
+minimum_filename_match_ratio = 0.5
+#Specify the file types you prefer from most to least. As well as their attributes such as bitrate / samplerate / bitdepth.
+#For flacs you can choose the bitdepth/samplerate. And for mp3s the bitrate.
+#If you do not care about the specific quality you can still just put "flac" or "mp3".
+#Soularr will then just look at the filetype and ignore file attributes.
+allowed_filetypes = flac 24/192,flac 16/44.1,flac,mp3 320,mp3
+ignored_users = User1,User2,Fred,Bob
+#Set to False if you only want to search for complete albums
+search_for_tracks = True
+#Set to True if you want to add the artist's name to the beginning of the search for albums
+album_prepend_artist = False
+track_prepend_artist = True
+#Valid search types: all || incrementing_page || first_page
+  #"all" will search for every wanted record everytime soularr is run.
+  #"incrementing_page" will start with the first page and increment to the next on each run.
+  #"first_page" will repeatedly search the first page.
+#If using the search type "first_page" remove_wanted_on_failure should be enabled.
+search_type = incrementing_page
+#How mancy records to grab each run, must be a number between 1 - 2,147,483,647
+number_of_albums_to_grab = 10
+#Unmonitors the album if Soularr can't find it and places it in "failure_list.txt".
+#Failed albums can be re monitored by filtering "Unmonitored" in the Lidarr wanted list.
+remove_wanted_on_failure = False
+#Comma separated list of words that can't be in the title of albums or tracks. Case insensitive.
+title_blacklist = BlacklistWord1,blacklistword2
+#Lidarr source to use for searching. Accepted values are "all", "missing", or "cutoff_unmet". If "all" is selected
+# then both missing and cutoff_unme will be searched. The default value is "missing".
+search_source = missing
+
+[Logging]
+#These options are passed into the logger's basicConfig() method as-is.
+#This means, if you're familiar with Python's logging module, you can configure
+#the logger with options beyond what's listed here by default.
+#For more information on available options  --  https://docs.python.org/3/library/logging.html#logging.basicConfig
+level = INFO
+# Format of log message  --  https://docs.python.org/3/library/logging.html#logrecord-attributes
+format = [%(levelname)s|%(module)s|L%(lineno)d] %(asctime)s: %(message)s
+# Format of datetimes  --  https://docs.python.org/3/library/time.html#time.strftime
+datefmt = %Y-%m-%dT%H:%M:%S%z

ansible/app-configs/soulseek_slskd.yml.j2

@@ -1,238 +1,212 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 
-# debug: false
-# remote_configuration: false
-# remote_file_management: false
-# instance_name: default
-# flags:
-#   no_logo: false
-#   no_start: false
-#   no_config_watch: false
-#   no_connect: false
-#   no_share_scan: false
-#   force_share_scan: false
-#   no_version_check: false
-#   log_sql: false
-#   experimental: false
-#   volatile: false
-#   case_sensitive_reg_ex: false
-#   legacy_windows_tcp_keepalive: false
-# relay:
-#   enabled: false
-#   mode: controller # controller (default), agent, or debug (for local development)
-#   # controller config is required when running in 'agent' mode
-#   # this specifies the relay controller that will be controlling this agent
-#   controller:
-#     address: https://some.site.com:5000
-#     ignore_certificate_errors: false
-#     api_key: <a 16-255 character string corresponding to one of the controller's 'readwrite' or 'administrator' API keys>
-#     secret: <a 16-255 character shared secret matching the controller's config for this agent>
-#     downloads: false
-#   # agent config is optional when running in 'controller' mode
-#   # this specifies all of the agents capable of connecting
-#   agents:
-#     my_agent:
-#       instance_name: my_agent # make sure the top-level instance_name of the agent matches!
-#       secret: <a 16-255 character string unique to this agent>
-#       cidr: 0.0.0.0/0,::/0
-# permissions:
-#   file:
-#     mode: ~ # not for Windows, chmod syntax, e.g. 644, 777. can't escalate beyond umask
-# directories:
-#   incomplete: ~
-#   downloads: ~
-# shares:
-#   directories:
-#     - ~
-#   filters:
-#     - \.ini$
-#     - Thumbs.db$
-#     - \.DS_Store$
-#   cache:
-#     storage_mode: memory
-#     workers: 16
-#     retention: ~ # retain indefinitely (do not automatically re-scan)
-# rooms:
-#   - ~
-# global:
-#   upload:
-#     slots: 20
-#     speed_limit: 1000 # in kibibytes
-#   limits:
-#     queued:
-#       files: 500
-#       megabytes: 5000
-#     daily:
-#       files: 1000
-#       megabytes: 10000
-#       failures: 200
-#     weekly:
-#       files: 5000
-#       megabytes: 50000
-#       failures: 1000
-#   download:
-#     slots: 500
-#     speed_limit: 1000
-# groups:
-#   default:
-#     upload:
-#       priority: 500
-#       strategy: roundrobin
-#       slots: 10
-#     limits:
-#       queued:
-#         files: 150
-#         megabytes: 1500
-#       daily: ~ # no daily limits (weekly still apply)
-#       weekly:
-#         files: 1500
-#         megabytes: 15000
-#         failures: 150
-#   leechers:
-#     thresholds:
-#       files: 1
-#       directories: 1
-#     upload:
-#       priority: 999
-#       strategy: roundrobin
-#       slots: 1
-#       speed_limit: 100
-#     limits:
-#       queued:
-#         files: 15
-#         megabytes: 150
-#       daily:
-#         files: 30
-#         megabytes: 300
-#         failures: 10
-#       weekly:
-#         files: 150
-#         megabytes: 1500
-#         failures: 30
-#   blacklisted:
-#     members:
-#       - <username to blacklist>
-#     cidrs:
-#       - <CIDR to blacklist, e.g. 255.255.255.255/32>
-#   user_defined:
-#     my_buddies:
-#       upload:
-#         priority: 250
-#         strategy: firstinfirstout
-#         slots: 10
-#       limits:
-#         queued:
-#           files: 1000 # override global default
-#       members:
-#         - alice
-#         - bob
-# blacklist:
-#   enabled: true
-#   file: <path to file containing CIDRs to blacklist>
-# filters:
-#   search:
-#     request:
-#       - ^.{1,2}$
-# web:
-#   port: 5030
-#   https:
-#     disabled: false
-#     port: 5031
-#     force: false
-#     certificate:
-#       pfx: ~
-#       password: ~
-#   url_base: /
-#   content_path: wwwroot
-#   logging: false
-#   authentication:
-#     disabled: false
-#     username: slskd
-#     password: slskd
-#     jwt:
-#       key: ~
-#       ttl: 604800000
-#     api_keys:
-#       my_api_key:
-#         key: <some example string between 16 and 255 characters>
-#         role: readonly # readonly, readwrite, administrator
-#         cidr: 0.0.0.0/0,::/0
-# retention:
-#   transfers:
-#     upload:
-#       succeeded: 1440 # 1 day
-#       errored: 30
-#       cancelled: 5
-#     download:
-#       succeeded: 1440 # 1 day
-#       errored: 20160 # 2 weeks 
-#       cancelled: 5
-#   files:
-#     complete: 20160 # 2 weeks
-#     incomplete: 43200 # 30 days
-#   logs: 259200 # 180 days
-# logger:
-#   disk: false
-#   no_color: false
-#   loki: ~
-# metrics:
-#   enabled: false
-#   url: /metrics
-#   authentication:
-#     disabled: false
-#     username: slskd
-#     password: slskd
-# feature:
-#   swagger: false
-# soulseek:
-#   address: vps.slsknet.org
-#   port: 2271
-#   username: ~
-#   password: ~
-#   description: |
-#     A slskd user. https://github.com/slskd/slskd
-#   listen_ip_address: 0.0.0.0
-#   listen_port: 50300
-#   diagnostic_level: Info
-#   distributed_network:
-#     disabled: false
-#     disable_children: false
-#     child_limit: 25
-#     logging: false
-#   connection:
-#     timeout:
-#       connect: 10000
-#       inactivity: 15000
-#     buffer:
-#       read: 16384
-#       write: 16384
-#       transfer: 262144
-#       write_queue: 250
-#     proxy:
-#       enabled: false
-#       address: ~
-#       port: ~
-#       username: ~
-#       password: ~
-# integration:
-#   ftp:
-#     enabled: false
-#     address: ~
-#     port: ~
-#     username: ~
-#     password: ~
-#     remote_path: /
-#     encryption_mode: auto
-#     ignore_certificate_errors: false
-#     overwrite_existing: true
-#     connection_timeout: 5000
-#     retry_attempts: 3
-#   pushbullet:
-#     enabled: false
-#     access_token: ~
-#     notification_prefix: "From slskd:"
-#     notify_on_private_message: true
-#     notify_on_room_mention: true
-#     retry_attempts: 3
-#     cooldown_time: 900000
+directories:
+  incomplete: /app/incomplete
+  downloads: /app/downloads
+shares:
+  directories:
+    - /music
+rooms:
+  - '! meow chat :3'
+  - '#ANUS'
+  - '#CORONAVIRUS'
+  - '#Horrorcore'
+  - '#La France'
+  - '#icilombre-hardcore'
+  - '#polska'
+  - '#vegan'
+  - $$RARE RAP MUSIC$$
+  - ([6)]
+  - +Autism+
+  - +BlackMetal+
+  - +HIP_HOP_SCENE_RELEASES+
+  - /mu/
+  - 60lover
+  - 60lover v2
+  - 70 Rare groove Soul Jazz
+  - 80's 12 Inches & More
+  - 90's Rare Riddim !!
+  - 90's emo
+  - <>Electronics Labels<>
+  - ACID
+  - ARGENTINA
+  - "ATLLUMINATI\u201Cawareness"
+  - AUSTRALIA
+  - Alcohol
+  - Ambient
+  - Anime
+  - Audiobooks
+  - Avantgarde
+  - BDSM
+  - BLUES BUNKER MUSIC
+  - BOB DYLAN ROOM
+  - BigEdsClassicRock
+  - BigedsSixties
+  - Blues&Soul
+  - Bootlegged concerts
+  - Brasil
+  - Breakcore
+  - CHILE
+  - Canada
+  - China Room
+  - Chiptunes
+  - Christians
+  - Classical
+  - Come To The Sabbath !
+  - Communism
+  - DEATH METAL CLUB
+  - Dark Ambient
+  - De Koffie Shop
+  - De Kroeg
+  - Deathrock
+  - DieMilitarmusik
+  - Disco Classics
+  - Doom Metal
+  - Doujin Music
+  - Dub Techno
+  - Dubstep
+  - EBM-GOTHIC-INDUSTRIAL
+  - EBooks
+  - Emo
+  - Eurodance
+  - Eurovision Song Contest
+  - Experimental Electronica
+  - FOLK MUSIC
+  - Free Jazz
+  - Furry
+  - Gay
+  - Gothic
+  - Greece
+  - Grindcore
+  - HEE cum eaters 1! !
+  - HOUSE MUSIC LOVERS (AG)
+  - Happy Hardcore
+  - Hardcore NL
+  - Hardcore/punk
+  - Hip Hop
+  - Horror movies
+  - IDM
+  - INDUSTRIAL
+  - IReGGaeGaLaXy
+  - Incredibly Strange Music
+  - Israel
+  - Jaz (Full CDs)
+  - Jazz
+  - Jazz-Rock-Fusion-Guitar
+  - Juggalo Family
+  - Jungle
+  - Korean Music
+  - LANGUAGE EXCHANGE here
+  - LGBTQ+!!
+  - Last.fm
+  - Linux
+  - Lossless Scores
+  - MOVIES
+  - Mac Users
+  - Metal
+  - MovieMusic
+  - NORWAY
+  - New Crystal Vibrations
+  - New Wave
+  - New Zealand
+  - OLD SKOOL GANGSTA SHIT
+  - OLDSCHOOL 88-94
+  - OLI SHOTA CUB ROOM!
+  - Original Blues Bunker
+  - PSYCHEDELIA
+  - PUNK/HARDCORE/GRIND
+  - Portugal
+  - Post Punk
+  - Post-Hardcore (modern)
+  - Progressive Rock
+  - Psychedelic/Acid Rock
+  - Psytrance
+  - Quebec
+  - REGGAE
+  - Rare Music
+  - RareVHS/DVD/Rips
+  - Retro Gaming
+  - Romania
+  - Room Name
+  - SIsk Idiots !!
+  - SLUDGE!
+  - Slovenia
+  - Soundtracks&Scores
+  - Spain
+  - Stoner HiVe
+  - Stoner Rock
+  - Strange Music
+  - TECHNO, Mixes and Tunes
+  - THC
+  - Talia
+  - The Dangerous Kitchen
+  - TheScoreZone
+  - Thrash Metal
+  - Tinmans Movie Room
+  - Trip-Hop
+  - Ttalian_dancefloor
+  - Twee Folks
+  - UK DUB
+  - URIDDIM!!
+  - Ukraine
+  - Underground Hiphop
+  - VAPORWAVE
+  - Video Game Chat
+  - Vinyl Addicts
+  - Vocaloid
+  - WHATCDs
+  - World Music
+  - Yacht Rock
+  - '[German] [Deutsch]'
+  - abbey road Itd
+  - anime cunny
+  - bleeps&klonks
+  - breakbeat
+  - comics
+  - deep house connection
+  - drum'n'bass
+  - eesti mehed
+  - electro
+  - flacfield
+  - food
+  - for Losers
+  - hungary
+  - indie
+  - japanese music
+  - library music
+  - lossless
+  - minimal music
+  - museek
+  - noise
+  - 'on'
+  - postrock
+  - programming
+  - progressive house
+  - public porn
+  - r/musichoarder
+  - ru
+  - shoegaze
+  - tapekvit
+  - test
+  - trancEaddict
+  - trivia
+  - what.cd
+  - what.cd electronic
+  - what.cd-flac
+  - '{Italo Disco'
+web:
+  authentication:
+    username: slskd
+    password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_WEB_PASSSWORD'] }}
+    api_keys:
+      my_api_key:
+        key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
+        role: readwrite
+        cidr: 0.0.0.0/0,::/0
+soulseek:
+  address: vps.slsknet.org
+  port: 2271
+  username: Trez.One
+  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
+  diagnostic_level: Info

docker-compose.yml

@@ -1,4 +1,11 @@
 name: compose
+x-bw-ui-env: &bw-ui-env
+  # We anchor the environment variables to avoid duplication
+  AUTOCONF_MODE: yes
+  DATABASE_URI: "mariadb+pymysql://bunkerweb:${BUNKERWEB_DB_PASSWORD}@mariadb:3306/bunkerweb" # Remember to set a stronger password for the database
+  USE_REAL_IP: yes
+  REAL_IP_FROM: 172.18.0.0/16
+  REAL_IP_HEADER: 'X-Forwarded-For'
 networks:
   bitmagnet:
     driver: bridge
@@ -362,6 +369,7 @@ services:
     networks:
       bitmagnet:
         ipv4_address: 192.168.55.8
+      default: null
     restart: unless-stopped
     shm_size: 1g
     volumes:
@@ -477,6 +485,95 @@ services:
     networks:
       default: null
     restart: unless-stopped
+  bunkerweb:
+    container_name: bunkerweb
+    image: bunkerity/bunkerweb:1.6.0
+    environment:
+      AUTOCONF_MODE: yes
+      API_WHITELIST_IP: 127.0.0.0/8 172.18.0.0/16
+    labels:
+      bunkerweb.INSTANCE: yes
+    ports:
+      - 27002:8080
+      - 63824:8443
+    restart: unless-stopped
+  bunkerweb-scheduler:
+    container_name: bunkerweb-scheduler
+    environment:
+      <<: *bw-ui-env
+      BUNKERWEB_INSTANCES: bunkerweb
+      SERVER_NAME: bunker.trez.wtf
+      API_WHITELIST_IP: 127.0.0.0/8 172.18.0.0/16
+      MULTISITE: yes
+      UI_HOST: http://bunkerweb-ui:7000 # Change it if needed
+      SERVE_FILES: no
+      DISABLE_DEFAULT_SERVER: yes
+      USE_CLIENT_CACHE: yes
+      USE_GZIP: yes
+      USE_REVERSE_PROXY: yes
+      REVERSE_PROXY_URL: /
+      REVERSE_PROXY_HOST: http://swag:80
+    image: bunkerity/bunkerweb-scheduler:1.6.0
+    restart: unless-stopped
+    volumes:
+      - bunkerweb-storage:/data # This is used to persist the cache and other data like the backups
+  bunkerweb-autoconf:
+    container_name: bunkerweb-autoconf
+    depends_on:
+      - docker-socket-proxy
+    environment:
+      <<: *bw-ui-env
+      DOCKER_HOST: tcp://dockerproxy:2375
+    image: bunkerity/bunkerweb-autoconf:1.6.0
+    restart: unless-stopped
+  bunkerweb-ui:
+    container_name: bunkerweb-ui
+    environment:
+      <<: *bw-ui-env
+      TOTP_SECRETS: ${BUNKERWEB_TOTP_SECRETS}
+    expose:
+      - 7000
+    image: bunkerity/bunkerweb-ui:1.6.0
+    labels:
+      homepage.group: Privacy/Security
+      homepage.name: Bunker Web
+      homepage.href: https://bunker.${MY_TLD}
+      homepage.icon: bunkerweb.svg
+      homepage.description: Next-gen WAF
+      swag: enable
+      swag_port: 7000
+      swag_url: bunker.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://bunker.${MY_TLD}
+    restart: unless-stopped
+  bytestash:
+    container_name: bytestash
+    environment:
+      BASE_PATH:
+      JWT_SECRET: ${BYTESTASH_JWT_SECRET}
+      TOKEN_EXPIRY: 24h
+      ALLOW_NEW_ACCOUNTS: true
+      DEBUG: true
+      DISABLE_ACCOUNTS: false
+      DISABLE_INTERNAL_ACCOUNTS: false
+    image: ghcr.io/jordan-dalby/bytestash:latest
+    labels:
+      homepage.description: Code Gists/Snippets
+      homepage.group: Code/DevOps
+      homepage.href: https://gist.trez.wtf
+      homepage.icon: bytestash.svg
+      homepage.name: Bytestash
+      swag: enable
+      swag_port: 5000
+      swag_proto: http
+      swag_url: gist.trez.wtf
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://gist.trez.wtf
+    ports:
+      - 62139:5000
+    restart: always
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/bytestash:/data/snippets
   castopod:
     container_name: castopod
     depends_on:
@@ -696,10 +793,29 @@ services:
       - 8908:3000
     restart: always
     volumes:
+      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
       - source: crowdsec-db
         target: /data/
         type: volume
         volume: {}
+  cyber-chef:
+    container_name: cyber-chef
+    image: mpepping/cyberchef:latest
+    labels:
+      homepage.description: Web app for encryption, encoding, compression, and data analysis
+      homepage.group: Code/DevOps
+      homepage.href: https://cchef.trez.wtf
+      homepage.icon: cyberchef.svg
+      homepage.name: CyberChef
+      swag: enable
+      swag_port: 8000
+      swag_proto: http
+      swag_url: cchef.trez.wtf
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://gist.trez.wtf
+    ports:
+      - 20992:8000
+    restart: unless-stopped
   czkawka:
     container_name: czkawka
     environment:
@@ -1367,36 +1483,6 @@ services:
         target: /var/lib/postgresql/data
         type: volume
         volume: {}
-  gitea-opengist:
-    container_name: gitea-opengist
-    environment:
-      OG_LOG_LEVEL: warn
-      OG_EXTERNAL_URL: https://gist.trez.wtf
-      OG_GIT_DEFAULT_BRANCH: "main"
-      OG_GITEA_CLIENT_KEY: ${OPENGIST_GITEA_CLIENT_KEY}
-      OG_GITEA_SECRET: ${OPENGIST_GITEA_SECRET}
-      OG_GITEA_URL: https://git.trez.wtf
-      OG_GITEA_NAME: "Gitea @ Rinoa"
-      OG_SSH_EXTERNAL_DOMAIN: gist-ssh.trez.wtf
-    image: ghcr.io/thomiceli/opengist:latest
-    labels:
-      homepage.description: Private Code Gists
-      homepage.group: Code/DevOps
-      homepage.href: https://gist.trez.wtf
-      homepage.icon: sh-opengist.svg
-      homepage.name: Opengist
-      swag: enable
-      swag.uptime-kuma.enabled: "true"
-      swag.uptime-kuma.monitor.url: https://gist.trez.wtf
-      swag_port: "6157"
-      swag_proto: http
-      swag_url: gist.trez.wtf
-    ports:
-      - "6157:6157" # HTTP port
-      - "2222:2222" # SSH port, can be removed if you don't use SSH
-    restart: always
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/gitea/opengist:/opengist
   gitea-runner:
     container_name: gitea-runner
     depends_on:
@@ -2855,6 +2941,8 @@ services:
       swag_proto: http
       swag_port: 42010
       swag_url: scrobble.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://scrobble.${MY_TLD}
     networks:
       default: null
     ports:
@@ -2876,6 +2964,34 @@ services:
         type: bind
         bind:
           create_host_path: true
+  manyfold:
+    container_name: manyfold
+    environment:
+      PUID: ${PUID}
+      PGID: ${PGID}
+      TZ: ${TZ}
+      DATABASE_URL: sqlite3:/config/manyfold.sqlite3
+      REDIS_URL: redis://redis:6379/2
+      SECRET_KEY_BASE: ${MANYFOLD_SECRET_KEY_BASE}
+    image: lscr.io/linuxserver/manyfold:latest
+    labels:
+      homepage.group: Lifestyle
+      homepage.name: Manyfold
+      homepage.href: https://3dprint.${MY_TLD}
+      homepage.icon: manyfold.svg
+      homepage.description: Self-hosted digital asset manager for 3D print files
+      swag: enable
+      swag_proto: http
+      swag_port: 3214
+      swag_url: 3dprint.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://3dprint.${MY_TLD}
+    ports:
+      - 3214:3214
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/manyfold/config:/config
+      - ${DOCKER_VOLUME_CONFIG}/manyfold/library:/libraries #optional
   mariadb:
     container_name: mariadb
     environment:
@@ -3676,7 +3792,7 @@ services:
     expose:
       - 9000
       - 9443
-    image: portainer/portainer-ce:alpine-sts
+    image: portainer/portainer-ce:2.27.0-alpine
     labels:
       swag: enable
       swag_proto: http
@@ -4326,6 +4442,43 @@ services:
         type: bind
         bind:
           create_host_path: true
+  semaphore:
+    container_name: semaphore
+    environment:
+      ANSIBLE_HOST_KEY_CHECKING: false
+      SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD}
+      SEMAPHORE_ADMIN_NAME: admin
+      SEMAPHORE_ADMIN_EMAIL: charish.patel@trez.wtf
+      SEMAPHORE_ADMIN: admin
+      SEMAPHORE_DB_DIALECT: bolt
+      SEMAPHORE_EMAIL_ALERT: true
+      SEMAPHORE_EMAIL_SENDER: noreply@trez.wtf
+      SEMAPHORE_EMAIL_HOST: postal-smtp
+      SEMAPHORE_EMAIL_PORT: 25
+      SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
+      SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      SEMAPHORE_EMAIL_SECURE: false
+      SEMAPHORE_USE_REMOTE_RUNNER: true
+    image: semaphoreui/semaphore:v2.12.14
+    labels:
+      homepage.group: Code/DevOps
+      homepage.name: Semaphore
+      homepage.href: https://devops.${MY_TLD}
+      homepage.icon: semaphore.svg
+      homepage.description: Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools
+      swag: enable
+      swag_port: 3000
+      swag_proto: http
+      swag_url: devops.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://devops.${MY_TLD}
+    ports:
+      - 3015:3000
+    restart: unless-stopped
+    volumes:
+      - semaphore_config:/etc/semaphore
+      - semaphore_data:/var/lib/semaphore
+      - semaphore_tmp:/tmp/semaphore
   sonarqube:
     container_name: sonarqube
     depends_on:
@@ -4497,6 +4650,32 @@ services:
       - ${DOCKER_VOLUME_STORAGE}/downloads:/downloads
       #Select where you are storing your config file. Leave "/data" since thats where the script expects the config file to be
       - ${DOCKER_VOLUME_CONFIG}/soularr:/data
+  soularr-dashboard:
+    container_name: soularr-dashboard
+    depends_on:
+      soularr:
+        condition: service_started
+        required: true
+    environment:
+      PUID: ${PUID}
+      PGID: ${PGID}
+      TZ: ${TZ}
+    labels:
+      homepage.name: Soularr
+      homepage.group: Downloaders
+      homepage.description: Dashboard for monitoring Soularr
+      homepage.href: https://slsk.${MY_TLD}
+      homepage.icon: /icons/soularr.png
+    image: git.trez.wtf/trez.one/soularr-dashboard:v0.1
+    ports:
+      - 18364:8080
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/soularr/dashboard:/app
+      - ${DOCKER_VOLUME_CONFIG}/soularr:/data
+      - ${DOCKER_VOLUME_CONFIG}/soularr/logs:/data/logs
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    working_dir: /app
   soulseek:
     container_name: soulseek
     depends_on:
@@ -4504,11 +4683,6 @@ services:
         condition: service_started
         required: true
         restart: true
-    environment:
-      SLSKD_PASSWORD: ${SLSKD_PASSWORD}
-      SLSKD_REMOTE_CONFIGURATION: true
-      SLSKD_SHARED_DIR: /music
-      SLSKD_USERNAME: slsk
     image: slskd/slskd
     labels:
       homepage.name: Soulseek
@@ -4526,16 +4700,10 @@ services:
     network_mode: service:gluetun
     restart: always
     volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/soulseek
-        target: /app
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
-        target: /music
-        type: bind
-        bind:
-          create_host_path: true
+      - ${DOCKER_VOLUME_CONFIG}/soulseek:/app
+      - ${DOCKER_VOLUME_STORAGE}/Audio/Music:/music
+      - ${DOCKER_VOLUME_STORAGE}/downloads/completed/slsk:/app/downloads/
+      - ${DOCKER_VOLUME_STORAGE}/downloads/incomplete/slsk:/app/incomplete
   sourcebot:
     container_name: sourcebot
     environment:
@@ -4614,7 +4782,7 @@ services:
     environment:
       DNSPLUGIN: cloudflare
       EMAIL: charish.patel@trez.wtf
-      EXTRA_DOMAINS: 
+      EXTRA_DOMAINS:
       ONLY_SUBDOMAINS: false
       PGID: 1000
       PUID: 1000
@@ -5096,57 +5264,13 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
-  zitadel:
-    container_name: zitadel
-    image: ghcr.io/zitadel/zitadel:latest
-    command: 'start-from-init --masterkeyFromEnv --config /config.yaml --config /secrets.yaml --config /init-steps.yaml --tlsMode external'
-    depends_on:
-      zitadel-pg-db:
-        condition: 'service_started'
-    environment:
-      ZITADEL_MASTERKEY: ${ZITADEL_MASTER_KEY}
-    expose:
-      - 8080
-    labels:
-      swag: enable
-      swag_proto: http
-      swag_port: 8080
-      swag_url: id.${MY_TLD}
-      swag_server_custom_directive: http2 on;
-      homepage.group: System Administration
-      homepage.name: Zitadel
-      homepage.href: https://id.${MY_TLD}
-      homepage.icon: zitadel.svg
-      homepage.description: Centralized authentication management
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/zitadel/config.yaml:/config.yaml
-      - ${DOCKER_VOLUME_CONFIG}/zitadel/init-steps.yaml:/init-steps.yaml
-      - ${DOCKER_VOLUME_CONFIG}/zitadel/secrets.yaml:/secrets.yaml
-  zitadel-pg-db:
-    container_name: zitadel-pg-db
-    environment:
-      POSTGRES_USER: root
-      POSTGRES_PASSWORD: ${ZITADEL_DB_ADMIN_PASSWORD}
-    expose:
-      - 5432
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "root" ]
-      interval: '10s'
-      timeout: '30s'
-      retries: 5
-      start_period: '20s'
-    image: postgres:16-alpine
-    restart: unless-stopped
-    volumes:
-      - zitadel-pg-db:/var/lib/postgresql/data
 volumes:
   authelia-pg-db:
     name: authelia-pg-db
   bitmagnet-pg-db:
     name: bitmagnet-pg-db
-  bunkerweb-data:
-    name: bunkerweb-data
+  bunkerweb-storage:
+    name: bunkerweb-storage
   castopod-media:
     name: castopod-media
   crowdsec-config:
@@ -5249,6 +5373,12 @@ volumes:
     name: portainer-data
   reactive-resume-pg:
     name: reactive-resume-pg
+  semaphore_config:
+    name: semaphore_config
+  semaphore_data:
+    name: semaphore_data
+  semaphore_tmp:
+    name: semaphore_tmp
   sonarqube-data:
     name: sonarqube-data
   sonarqube-db:
@@ -5270,4 +5400,4 @@ volumes:
   wallos-logos:
     name: wallos-logos
   zitadel-pg-db:
-    name: zitadel-pg-db
+    name: zitadel-pg-db