Adding Jitsi admin services (WIP).

Trimming down Docker Compose pipeline.
Merge pull request 'Vault Auto-Unseal and Ansible-exclusive pipelines.' (#51 ) from ansible-config-only-deployment into main
2025-05-19 10:39:12 -04:00 · 2025-05-19 08:11:17 -04:00 · 2025-05-19 08:00:05 -04:00 · 2025-05-19 07:47:12 -04:00 · 2025-05-19 07:46:01 -04:00 · 2025-05-19 07:43:15 -04:00
12 changed files with 1031 additions and 282 deletions
@@ -0,0 +1,192 @@
+name: Gitea Branch PR & Ansible Deployment
+on:
+  push:
+    branches-ignore:
+      - 'main'
+    paths:
+      - '**.j2'
+      - 'ansible/**.yml'
+jobs:
+  check-and-create-pr:
+    if: github.ref != 'refs/heads/main'
+    name: Check and Create PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Cache tea CLI
+        id: cache-tea
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/tea/0.9.2/x64
+          key: tea-${{ runner.os }}-0.9.2
+      - name: Install tea
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
+          name: 'tea'
+          version: '0.9.2'
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'Checking for existing PR... 🔍'
+      - name: Check if open PR exists
+        id: check-opened-pr-step
+        continue-on-error: true
+        run: |
+          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
+          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
+      - name: Create PR
+        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
+        run: |
+          tea login default gitea-rinoa
+          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
+          pr_index_new=$(expr ${pr_index_old} + 1)
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'PR Created 🎟️'
+  ansible-linting:
+    name: Docker Compose & Ansible Lints
+    needs: [check-and-create-pr]
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${{ github.event.pull_request.base.ref }}
+      - name: Cache Ansible Galaxy Collections
+        uses: actions/cache@v3
+        with:
+          path: ansible/collections
+          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
+          restore-keys: |
+            ${{ runner.os }}-ansible-
+      - name: Install Ansible
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "11.0.0"
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Install hvac
+        run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+          notification_message: 'Starting Ansible dry run...'
+      - name: Ansible Playbook Dry Run
+        uses: arillso/action.playbook@0.1.0
+        with:
+          check: true
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+          verbose: 0
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
+          notification_message: 'Docker Compose dry run completed successfully.'
+  pr-merge:
+    name: PR Merge
+    needs: [regenerate-readme-modified-services]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install tea
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
+          name: 'tea'
+          version: '0.9.2'
+      - name: PR Merge
+        id: pr_merge
+        run: |
+          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          tea login default gitea-rinoa
+          echo "Merging PR..."
+          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
+          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
+          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Merge Successful'
+          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
+  ansible-config-docker-compose-deploy:
+    name: Ansible Configs & Docker Compose Deployment
+    runs-on: ubuntu-latest
+    needs: [pr-merge]
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      DOCKER_HOST: tcp://dockerproxy:2375
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Cache Vault install
+        id: cache-vault
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/vault/1.18.0/x64
+          key: vault-${{ runner.os }}-1.18.0
+      - name: Install Ansible
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "11.0.0"
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Install hvac
+        run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
+          notification_message: 'Starting config deployment with Ansible...'
+      - name: Ansible Playbook Dry Run
+        uses: arillso/action.playbook@0.1.0
+        with:
+          check: false
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
+          notification_message: 'Deployment completed successfully.'
@@ -1,8 +1,11 @@
-name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
+name: Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment
 on:
  push:
    branches-ignore:
      - 'main'
+    paths:
+      - '**/docker-compose.yml'
+      - '!ansible/**.yml'
 jobs:
  check-and-create-pr:
    if: github.ref != 'refs/heads/main'
@@ -64,62 +67,72 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-      - name: Cache Ansible Galaxy Collections
-        uses: actions/cache@v3
-        with:
-          path: ansible/collections
-          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
-          restore-keys: |
-            ${{ runner.os }}-ansible-
-      - name: Install Ansible
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
-        with:
-          version: "11.0.0"
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${{ github.event.pull_request.base.ref }}
+      - name: Save both versions of docker-compose.yml
+        run: |
+          git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
+          cp docker-compose.yml docker-compose-head.yml
+      - name: Detect added, deleted, and modified services
+        id: detect_services
+        run: |
+          echo "Getting services from main and ${{ github.ref_name }}"
+          yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt
+          yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt
+
+          echo "Creating list of modified services..."
+          touch service_changes.txt
+
+          comm -13 services_main.txt services_head.txt | while read service; do
+            echo "$service: added" >> service_changes.txt
+          done
+
+          comm -12 services_main.txt services_head.txt | while read service; do
+            yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml
+            yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml
+            if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then
+              echo "$service: modified" >> service_changes.txt
+            fi
+          done
+
+          echo "Detected service changes:"
+          cat service_changes.txt
+
+          svc_list=$(paste -sd '|' service_changes.txt)
+          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
      - name: Install Vault
        uses: cpanato/vault-installer@main
-      - name: Install hvac
-        run: pip install hvac
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Starting Ansible dry run...'
-      - name: Ansible Playbook Dry Run
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
-          options: |
-            --inventory inventory/hosts.yml
-            --check
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Ansible dry run completed successfully; starting Docker Compose'
-      - name: Generate .env file for Docker Compose Dry Run
-        run: |
-          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
+          notification_message: 'Starting Docker Compose dry run...'
      - name: Cache .env Files
        uses: actions/cache@v4
        with:
          path: .env
          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
+      - name: Generate modified services list & .env file for Docker Compose Dry Run
+        id: modded_svcs
+        run: |
+          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
+          echo ${mod_svcs}
+          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
+          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
      - name: Docker Compose Dry Run
-        uses: yu-ichiro/spin-up-docker-compose-action@v1
+        timeout-minutes: 360
+        continue-on-error: true
+        uses: keatonLiu/docker-compose-remote-action@v1.2
        with:
-          file: docker-compose.yml
-          pull: true
-          pull-opts: --dry-run
-          up: true
-          up-opts: --dry-run -d --remove-orphans
+          docker_compose_file: docker-compose.yml
+          docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }}
+          ssh_user: gitea-deploy
+          ssh_host: 192.168.1.254
+          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
+          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
        env:
          DOCKER_HOST: tcp://dockerproxy:2375
      - name: Gotify Notification
@@ -202,28 +215,11 @@ jobs:
    name: Update README & Generate List of Modified Services
    runs-on: ubuntu-latest
    needs: [cloudflare-dns-setup]
-    # outputs:
-    #   pr-pushed: ${{ steps.commit-readme.outputs.pushed }}
-    #   modified_services: ${{ steps.compare-services.outputs.modified_services }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install yq
        uses: dcarbone/install-yq-action@v1
-      # - name: Fetch main branch for comparison
-      #   run: |
-      #     git fetch origin main:main
-      # - name: Compare services using yq
-      #   continue-on-error: true
-      #   id: compare-services
-      #   run: |
-      #     current_services=$(yq '.services | to_entries' docker-compose.yml)
-      #     git show main:docker-compose.yml > main_compose.yml
-      #     main_services=$(yq '.services | to_entries' main_compose.yml)
-      #     modified_services_file=$(comm -13 <(echo "$main_services") <(echo "$current_services") > changes_compose.yml)
-      #     modified_services=${egrep '^  [a-z]' changes.yml | sed -e 's|^  ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'}
-      #     echo "Modified services: $modified_services"
-      #     echo "modified_services=$modified_services" >> $GITHUB_OUTPUT
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -317,32 +313,6 @@ jobs:
          registry: git.trez.wtf
          username: gitea-sonarqube-bot
          password: ${{ secrets.BOT_GITEA_TOKEN }}
-      - name: Install hvac
-        run: pip install hvac
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Starting config deployment with Ansible.'
-      - name: Deploy Docker Configs via Ansible
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
-          options: |
-            --inventory inventory/hosts.yml
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Deployment completed successfully.'
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -354,7 +324,6 @@ jobs:
        run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
      - name: Docker Compose Deployment
-        # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
        timeout-minutes: 360
        continue-on-error: true
        uses: keatonLiu/docker-compose-remote-action@v1.2
@@ -23,6 +23,6 @@ jobs:
        uses: cpanato/vault-installer@main
      - name: Unseal Vault
        run: |
-          for vault_shard in $(cat ${VAULT_SHARDS}); do
+          for vault_shard in $(echo ${VAULT_SHARDS}); do
            vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
          done
@@ -19,7 +19,6 @@
 | bitwarden | vaultwarden/server:latest |
 | bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 |
 | browserless | ghcr.io/browserless/chromium:latest |
-| bytebase | bytebase/bytebase:3.5.0 |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
@@ -33,10 +32,11 @@
 | dawarich-app | freikin/dawarich:latest |
 | dawarich-pg-db | postgis/postgis:17-3.5-alpine |
 | dawarich-sidekiq | freikin/dawarich:latest |
+| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
-| docker-volume-backup | offen/docker-volume-backup:v2 |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
+| excalidraw | excalidraw/excalidraw:latest |
 | explo | ghcr.io/lumepart/explo:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
@@ -61,6 +61,8 @@
 | invidious | quay.io/invidious/invidious:latest |
 | invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
 | invidious-db | docker.io/library/postgres:14 |
+| invoice-ninja | invoiceninja/invoiceninja-debian:5 |
+| invoice-ninja_proxy | nginx |
 | it-tools | ghcr.io/corentinth/it-tools:latest |
 | jellyfin | jellyfin/jellyfin |
 | jitsi-etherpad | etherpad/etherpad:1.8.6 |
@@ -72,6 +74,7 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
+| languagetool | elestio/languagetool:latest |
 | librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
 | librechat-vectordb | ankane/pgvector:latest |
 | librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
@@ -98,12 +101,15 @@
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
 | omni-tools | iib0011/omni-tools:latest |
+| omnipoly | kweg/omnipoly:latest |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
 | portainer | portainer/portainer-ce:alpine |
-| portall | need4swede/portall:latest |
+| portnote-web | haedlessdev/portnote:latest |
+| portnote-agent | haedlessdev/portnote-agent:latest |
+| portnote-pg-db | postgres:17-alpine |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
 | postal-worker | ghcr.io/postalserver/postal:latest |
@@ -140,6 +146,7 @@
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |
+| whodb | clidey/whodb |
 | youtubedl | nbr23/youtube-dl-server:latest |
 | zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |
@@ -0,0 +1,101 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 3
+  # Extra environment variables to run jobs.
+#   envs:
+#     A_TEST_ENV_NAME_1: a_test_env_value_1
+#     A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+#   env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: "192.168.1.254"
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 63604
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: "compose_default"
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:
@@ -1,3 +1,6 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
 #########################################
 #
 #  Database and other external servers
@@ -2,8 +2,8 @@
 {% set secrets_path = 'rinoa-docker/env' %}

 # IN application vars
-IN_APP_URL=http://in.localhost:8003
-IN_APP_KEY=<insert your generated key in here>
+IN_APP_URL=https://biz.trez.wtf
+IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_APP_KEY'] }}
 IN_APP_DEBUG=true
 IN_REQUIRE_HTTPS=false
 IN_PHANTOMJS_PDF_GENERATION=false
@@ -14,11 +14,11 @@ IN_TRUSTED_PROXIES='*'
 IN_QUEUE_CONNECTION=database

 # DB connection
-IN_DB_HOST=db
+IN_DB_HOST=mariadb
 IN_DB_PORT=3306
-IN_DB_DATABASE=ninja
-IN_DB_USERNAME=ninja
-IN_DB_PASSWORD=ninja
+IN_DB_DATABASE=invoice_ninja
+IN_DB_USERNAME=ininja
+IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_MYSQL_PASSWORD'] }}

 # Create initial user
 # Default to these values if empty
@@ -29,13 +29,13 @@ IN_PASSWORD=

 # Mail options
 IN_MAIL_MAILER=log
-IN_MAIL_HOST=smtp.mailtrap.io
-IN_MAIL_PORT=2525
-IN_MAIL_USERNAME=null
-IN_MAIL_PASSWORD=null
+IN_MAIL_HOST=postal-smtp
+IN_MAIL_PORT=25
+IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
+IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
 IN_MAIL_ENCRYPTION=null
-IN_MAIL_FROM_ADDRESS='user@example.com'
-IN_MAIL_FROM_NAME='Self Hosted User'
+IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
+IN_MAIL_FROM_NAME='Treasured IT'

 # MySQL
 IN_MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
  $ANSIBLE_VAULT;1.1;AES256
-  64633862363730303434663261343764323731376539646264333339303234333733306234616462
-  6634333934373065633632376165636432346330396538330a626633666365353362656139643362
-  38636133326633316339346237326438626538613433656364333132333630366135663836396131
-  6132316130623936660a353432653864366539616433356537386633633437626133313262353363
-  65356538666366393934316231313037393061373763313164643331396331326533613132303531
-  39623836313031343034353163353339653330623139663266303836643632323237353335303361
-  66353833643564653666323835613863313232626538626163333231306461393535376338646633
-  64303965653730313565613735386230616137393034613437353261333737313236386530383163
-  65393238623237616135356361353836343532396137323734346136313466663036
+  39306238386563313462666238333237346239326636633731326263653639646235363937386333
+  6138653434613437643134653463363230303038373765380a636162663734393632396638313261
+  39613730633935373063663030616131653731376461333762633131633066366165343536323031
+  3539373461383138310a383734313237313231363539383632323130336536656662313861336261
+  65393033633461363837366462656134386430353236343136616161663364376261623834366466
+  30303765393039376666303937663839663630623063666135313636353432396161333434653435
+  32623634313531343466613966663139333234616137646636636134373264333263343533393331
+  32313530373164653730656662383837626139643364376134376634613237323063343731663734
+  36306335303936633334353564306239663563366435316464343039373965383032
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"
@@ -1,13 +1,13 @@
 rinoa:
-        ansible_host: 192.168.1.254
-        ansible_python_interpreter: /usr/bin/python3
-        ansible_ssh_port: 22
-        ansible_ssh_user: charish
-        ansible_ssh_pass: !vault |
-                $ANSIBLE_VAULT;1.1;AES256
-                38346631616139316365316566386362396661323163306339303635646331373061323531626431
-                3435373031363739356261656239633835393963636663370a613166653463656337666366633639
-                37373637326633363430633336646165343764303063663636313835326130663532323037663331
-                6332353339656134370a353435396532663932313535646636333262353238386331313764633635
-                63383065623930653134666261353439366535646661383434386261393232373432353937636535
-                3432336137393737643735346665303832653630316439333565
+  ansible_host: 192.168.1.254
+  ansible_python_interpreter: /usr/bin/python3
+  ansible_ssh_port: 22
+  ansible_ssh_user: charish
+  ansible_ssh_pass: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    32303262303733356636343163363062383539623938383439373166623236366664333830653163
+    3134323461373461663638333265643631666437306362350a353632313337316535633838343137
+    37353139396531613763393139653231333666363935613462343831303866363863653161636138
+    3438316261363139650a313161643039366438356462383730663839366562333464636130346132
+    31363235326362396630313966303064373532306638383739373739336661346438336534366537
+    6565643866333964353563346433323861346262323933333732
@@ -1,7 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-65353131326537376561616630666531353731653835306564323565383332653437633533313932
-6239663065306339366536326432323534303364663862350a353034623936363066303164333434
-32666331326332363463383234316136323031626330366132643034376439616339396662636236
-3633393039376438630a326138653031656465373966356564336463643465613638313838393166
-36626366356266636535613862333631386231626134376264363731353264613261633037646662
-6431393837653564366531316332616232336365636533643036
+32303262303733356636343163363062383539623938383439373166623236366664333830653163
+3134323461373461663638333265643631666437306362350a353632313337316535633838343137
+37353139396531613763393139653231333666363935613462343831303866363863653161636138
+3438316261363139650a313161643039366438356462383730663839366562333464636130346132
+31363235326362396630313966303064373532306638383739373739336661346438336534366537
+6565643866333964353563346433323861346262323933333732
@@ -616,30 +616,6 @@ services:
    networks:
      default: null
    restart: unless-stopped
-  bytebase:
-    container_name: bytebase
-    image: bytebase/bytebase:3.5.0
-    labels:
-      homepage.group: System Administration
-      homepage.name: Bytebase
-      homepage.href: https://dbs.${MY_TLD}
-      homepage.icon: /icons/bytebase.png
-      homepage.description: Database-as-Code CI/CD
-      swag: enable
-      swag_port: 8080
-      swag_proto: http
-      swag_url: dbs.${MY_TLD}
-      swag_server_custom_directive: |
-        access_log /config/log/$$host_access.log ;
-        error_log /config/log/$$host_error.log ;
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-    ports:
-      - 49054:8080
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/bytebase:/var/opt/bytebase
  bytestash:
    container_name: bytestash
    environment:
@@ -830,7 +806,7 @@ services:
      DOCKER_HOST: tcp://dockerproxy:2375
      GID: 1000
      BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
-      COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables
+      COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
    image: crowdsecurity/crowdsec:latest
    networks:
      default: null
@@ -1110,6 +1086,15 @@ services:
      - dawarich_public:/var/app/public
      - dawarich_watched:/var/app/tmp/imports/watched
      - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
+  dead-man-hand:
+    container_name: dead-man-hand
+    environment:
+      DMH_CONFIG_FILE: /data/config.yaml
+    image: 'ghcr.io/bkupidura/dead-man-hand:latest'
+    ports:
+      - '8080:8080'
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/dead-man-hand/data:/data
  delugevpn:
    cap_add:
      - NET_ADMIN
@@ -1217,87 +1202,6 @@ services:
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        type: bind
-  docker-volume-backup:
-    container_name: docker-volume-backup
-    image: offen/docker-volume-backup:v2
-    environment:
-      BACKUP_ARCHIVE: /archive
-      BACKUP_CRON_EXPRESSION: '@weekly'
-      BACKUP_COMPRESSION: zst
-      BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}
-      BACKUP_FILENAME_EXPAND: true
-      BACKUP_RETENTION_DAYS: 14
-      DOCKER_HOST: tcp://dockerproxy:2375
-      NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN}
-    restart: always
-    volumes:
-      - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
-      - authelia-pg-db:/backup/authelia-pg-db:ro
-      - bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro
-      - bunkerweb-storage:/backup/bunkerweb-storage:ro
-      - castopod-media:/backup/castopod-media:ro
-      - crowdsec-config:/backup/crowdsec-config:ro
-      - crowdsec-db:/backup/crowdsec-db:ro
-      - dawarich_db_data:/backup/dawarich_db_data:ro
-      - dawarich_shared:/backup/dawarich_shared:ro
-      - dawarich_public:/backup/dawarich_public:ro
-      - dawarich_watched:/backup/dawarich_watched:ro
-      - docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro
-      - fastenhealth-cache:/backup/fastenhealth-cache:ro
-      - fastenhealth-db:/backup/fastenhealth-db:ro
-      - gitea-pg-db:/backup/gitea-pg-db:ro
-      - hortusfox_app_backup:/backup/hortusfox_app_backup:ro
-      - hortusfox_app_images:/backup/hortusfox_app_images:ro
-      - hortusfox_app_logs:/backup/hortusfox_app_logs:ro
-      - hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro
-      - hortusfox_app_themes:/backup/hortusfox_app_themes:ro
-      - hortusfox_db_data:/backup/hortusfox_db_data:ro
-      - immich-model-cache:/backup/immich-model-cache:ro
-      - influxdb2-data:/backup/influxdb2-data:ro
-      - influxdb2-config:/backup/influxdb2-config:ro
-      - invidious-postgres:/backup/invidious-postgres:ro
-      - invoice-ninja_cache:/backup/invoice-ninja_cache:ro
-      - invoice-ninja_public:/backup/invoice-ninja_public:ro
-      - invoice-ninja_storage:/backup/invoice-ninja_storage:ro
-      - jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro
-      - jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro
-      - joplin_data:/backup/joplin_data:ro
-      - librechat-pg-data:/backup/librechat-pg-data:ro
-      - libretranslate_models:/backup/libretranslate_models:ro
-      - lldap_data:/backup/lldap_data:ro
-      - mastodon-pg-db:/backup/mastodon-pg-db:ro
-      - mixpost-storage:/backup/mixpost-storage:ro
-      - mixpost-logs:/backup/mixpost-logs:ro
-      - mongodb_config:/backup/mongodb_config:ro
-      - mongodb_data:/backup/mongodb_data:ro
-      - n8n-data:/backup/n8n-data:ro
-      - netbird-mgmt:/backup/netbird-mgmt:ro
-      - netbird-signal:/backup/netbird-signal:ro
-      - netbird-letsencrypt:/backup/netbird-letsencrypt:ro
-      - nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro
-      - ollama:/backup/ollama:ro
-      - paperless-ngx-data:/backup/paperless-ngx-data:ro
-      - paperless-ngx-media:/backup/paperless-ngx-media:ro
-      - paperless-ngx-pg:/backup/paperless-ngx-pg:ro
-      - pgbackweb-data:/backup/pgbackweb-data:ro
-      - plausible-db-data:/backup/plausible-db-data:ro
-      - plausible-event-data:/backup/plausible-event-data:ro
-      - plausible-event-logs:/backup/plausible-event-logs:ro
-      - portainer-data:/backup/portainer-data:ro
-      - reactive-resume-pg:/backup/reactive-resume-pg:ro
-      - semaphore_config:/backup/semaphore_config:ro
-      - semaphore_data:/backup/semaphore_data:ro
-      - semaphore_tmp:/backup/semaphore_tmp:ro
-      - sonarqube-data:/backup/sonarqube-data:ro
-      - sonarqube-db:/backup/sonarqube-db:ro
-      - sonarqube-db-data:/backup/sonarqube-db-data:ro
-      - sonarqube-extensions:/backup/sonarqube-extensions:ro
-      - sonarqube-logs:/backup/sonarqube-logs:ro
-      - sonarqube-temp:/backup/sonarqube-temp:ro
-      - tandoor-pg:/backup/tandoor-pg:ro
-      - unmanic-cache:/backup/unmanic-cache:ro
-      - wallos-db:/backup/wallos-db:ro
-      - wallos-logos:/backup/wallos-logos:ro
  duplicati:
    container_name: duplicati
    environment:
@@ -1351,6 +1255,27 @@ services:
        source: /home/charish/.config/appdata
        target: /source
        type: bind
+  excalidraw:
+    container_name: excalidraw
+    image: 'excalidraw/excalidraw:latest'
+    labels:
+      homepage.group: Personal/Professional Services
+      homepage.name: Excalidraw
+      homepage.href: https://draw.${MY_TLD}
+      homepage.icon: excalidraw.svg
+      homepage.description: Virtual whiteboard for sketching hand-drawn like diagrams
+      swag: enable
+      swag_proto: http
+      swag_url: draw.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://draw.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 53721:80
+    restart: unless-stopped
  explo:
    container_name: explo
    environment:
@@ -2001,12 +1926,6 @@ services:
      IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY}
      IMMICH_URL: http://immich-server:2283
    image: ghcr.io/varun-raj/immich-power-tools:latest
-    labels:
-      homepage.group: Lifestyle
-      homepage.name: Immich Power Tools
-      homepage.href: https://pics.${MY_TLD}/tools
-      homepage.icon: sh-immich-power-tools.png
-      homepage.description: Tools for Immich
    ports:
      - 54018:3000
    restart: unless-stopped
@@ -2164,6 +2083,7 @@ services:
    image: invoiceninja/invoiceninja-debian:5
    restart: always
    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/invoice-ninja.env:/var/www/html/.env
      - invoice-ninja_cache:/var/www/html/bootstrap/cache
      - invoice-ninja_public:/var/www/html/public
      - invoice-ninja_storage:/var/www/html/storage
@@ -2209,7 +2129,7 @@ services:
      swag_url: biz.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
-      homepage.group: Professional Services
+      homepage.group: Personal/Professional Services
      homepage.name: Invoice Ninja
      homepage.href: https://biz.${MY_TLD}
      homepage.icon: invoice-ninja.svg
@@ -2285,6 +2205,466 @@ services:
      - ${DOCKER_VOLUME_STORAGE}/Movies:/storage/movies
      - /etc/localtime:/etc/localtime
      - /usr/share/fonts:/usr/local/share/fonts/custom
+  jitsi-admin-app:
+    <<: *jitsi_admin_app
+    container_name: jitsi-admin-app
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    environment:
+      APACHE_DOCUMENT_ROOT: "public/"
+      PHP_EXTENSION_XDEBUG: "1"
+      PHP_INI_MEMORY_LIMIT: "1G"
+      PHP_EXTENSION_LDAP: 1
+      PHP_EXTENSION_INTL: 1
+      PHP_INI_UPLOAD_MAX_FILESIZE: 8M
+      PHP_INI_POST_MAX_SIZE: 8M
+      MAILER_TRANSPORT: smtp
+      OAUTH_KEYCLOAK_CLIENT_ID: jitsiadmin
+      OAUTH_KEYCLOAK_REALM: jitsiadmin
+      input_settings_allow_timezone: 1
+      allowTimeZoneSwitch: 1
+      CRON_USER_1: root
+      CRON_SCHEDULE_1: "* * * * *"
+      CRON_COMMAND_1: "php /var/www/html/bin/console cron:run"
+      ###> symfony/framework-bundle ###
+      APP_ENV: prod
+      APP_DEBUG: 0
+      APP_SECRET: ${JITSI_ADMIN_APP_SECRET}
+
+      ###ODC Parameters###
+      IMPRINT: </impressum>
+      DATAPRIVACY: </datenschutzhinweis>
+      HELPURL: </help>
+
+      ###Cron Parameters###
+      CRON_TOKEN: ${JITSI_ADMIN_CRON_TOKEN}
+      CRON_IPADRESS: 127.0.0.1
+
+      DATABASE_URL: mariadb://jitsiadmin:${JITSI__ADMIN_DB_PASSWORD}@mariadb:3306/jitsiadmin
+      DATABSE_SERVER: mariadb
+      MAILER_DSN: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
+
+      TRUSTED_PROXIES: 127.0.0.1,172.18.0.0/16
+
+      ###> demo ###
+      DEMO_INSTALLATION: prod
+      ###< demo ###
+
+      ###> matomo ###
+      MATOMO_ENABLE: 0
+      MATOMO_ID: 1
+      MATOMO_URL: analytics.local.com
+      ###< matomo ###
+
+
+      ###> LaF ###
+      LAF_BBB: 0
+      LAF_STARTPAGE: false
+      LAF_ONLYREGISTEREDPARTICIPENTS: 0
+      LAF_VERSION: 2.0.0-dev
+      LAF_PEXEL_API_KEY: ${JITSI_ADMIN_PEXEL_API_KEY}
+      LAF_PEXEL_REFRESH_TIME: 1200
+      LAF_EMAILTEXTLOGIN: 1
+      LAF_CREATESERVEROPENTOEVERYONE: 1
+      LAF_KEYCLOAKGROUPTOCREATESERVER: /user
+      LAF_ADMINISTRATOREMAIL: admin@localhost.de
+      LAF_NOTIFICATIONURL: ""
+      LAF_BBB_URL: ""
+      LAF_MAX_REPEAT: 56
+      LAF_REFRESHTIMEDASHBOARD: 10000
+      LAF_DARKMODEASDEFAULT: 0
+      LAF_SHOWNAME: "user.username$"
+      LAF_SHOWNAMEFRONTEND: "user.firstName$ user.lastName$"
+      LAF_ADDPARTICIPANTSNOINPUT: 0
+      LAF_ROOMSMOREOPTIONSCOLLAPSED: 1
+      LAF_LOBBY_REKNOCKTIME: 60
+      LAF_LOBBY_POPUPDURATION: 3000
+      ###< LaF ###
+
+      ###> Default Jitsi Server ###
+      DEFAULT_JITSI_SERVER_ID: 0
+      ###< Default Jitsi Server ###
+
+      ### Enterprise Settings ###
+      ENTERPRISE_NOEXTERNAL: 0
+      ALLOWTIMEZONESWITCH: 0
+      EMAILSENDERISMODERATOR: 0
+      ###<Enterprise Settings>###
+
+      ### LDAP Settings ###
+      LDAP_URL: "ldap://lldap:3890"
+      LDAP_BIND_DN: "cn=jitsi-admin,ou=people,dc=trez,dc=wtf"
+      LDAP_PASSWORD: ${JITSI_ADMIN_LDAP_BIND_PASSWORD}
+      LDAP_USER_DN: "ou=people,dc=trez,dc=wtf"
+      LDAP_USER_OBJECT_CLASSES: person,organizationalPerson,user;person,organizationalPerson,user
+      LDAP_SEARCH_SCOPE: sub;one
+      LDAP_USERNAME_ATTRIBUTE: uid
+      LDAP_ATTRIBUTE_MAPPER: '{"firstName":"givenName", "lastName":"sn", "email":"uid"};{"firstName":"givenName", "lastName":"sn", "email":"uid"}'
+      LDAP_BIND_TYPE: simple
+      LDAP_FILTER: ';'
+      LDAP_RDN_LDAP_ATTRIBUTE: uid
+      LDAP_UUID_LDAP_ATTRIBUTE: uuid
+      LDAP_SERVER_INDIVIDUALNAME: lldap
+      ###<LDAP Settings>###
+
+      ### UploadSetting
+      AWS_BUCKET_NAME: 'jitsi-admin'
+      AWS_BASE_URL: 'http://minio:9000'
+      AWS_KEY: ${JITSI_ADMIN_S3_ACCESS_KEY}
+      AWS_SECRET_KEY: ${JITSI_ADMIN_S3_SECRET_KEY}
+      ###<UploadSettings>
+    expose:
+      - 80
+    healthcheck:
+      test: [ "CMD", "curl", "-s", "-f", "-i", "http://localhost:80/health/check" ]
+      interval: 20s
+      timeout: 10s
+      start_period: 30s
+      retries: 10
+    labels:
+      swag: enable
+      swag_proto: http
+      swag_port: 2283
+      swag_url: jadmin.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+
+        location /ws {
+              proxy_pass http://jitsi-admin-websocket:3000;
+        }
+        location /keycloak {
+              proxy_pass http://jitsi-admin-keycloak:8080;
+        }
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://jadmin.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+      homepage.group: Media Library
+      homepage.name: Jitsi Admin
+      homepage.href: https://jadmin.${MY_TLD}
+      homepage.description: Admin portal for Jitsi (web-conferencing system)
+    restart: unless-stopped
+    volumes:
+      - ja-theme_data:/var/www/html/theme
+      - ja-image_upload:/var/www/html/public/uploads/images
+      - ja-theme_assests_data:/var/www/html/public/theme
+      - ja-recording_uploads:/var/www/html/data/recording
+  jitsi-admin-keycloak:
+    command:
+      - start-dev
+      - --import-realm
+    container_name: jitsi-admin-keycloak
+    depends_on:
+      jitsi-admin-app:
+        condition: service_healthy
+    environment:
+      KEYCLOAK_ADMIN: admin
+      KC_DB: mariadb
+      KC_DB_USERNAME: keycloak
+      KC_HTTP_RELATIVE_PATH: /keycloak
+      KC_PROXY: edge
+      KC_HOSTNAME: https://jadmin.${MY_TLD}/keycloak
+      ###> symfony/framework-bundle ###
+      APP_ENV: prod
+      APP_DEBUG: 0
+      APP_SECRET: ${JITSI_ADMIN_APP_SECRET}
+
+      ###ODC Parameters###
+      IMPRINT: </impressum>
+      DATAPRIVACY: </datenschutzhinweis>
+      HELPURL: </help>
+
+      ###Cron Parameters###
+      CRON_TOKEN: ${JITSI_ADMIN_CRON_TOKEN}
+      CRON_IPADRESS: 127.0.0.1
+
+      DATABASE_URL: mariadb://jitsiadmin:${JITSI__ADMIN_DB_PASSWORD}@mariadb:3306/jitsiadmin
+      DATABSE_SERVER: mariadb
+      MAILER_DSN: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
+
+      TRUSTED_PROXIES: 127.0.0.1,172.18.0.0/16
+
+      ###> demo ###
+      DEMO_INSTALLATION: prod
+      ###< demo ###
+
+      ###> matomo ###
+      MATOMO_ENABLE: 0
+      MATOMO_ID: 1
+      MATOMO_URL: analytics.local.com
+      ###< matomo ###
+
+
+      ###> LaF ###
+      LAF_BBB: 0
+      LAF_STARTPAGE: false
+      LAF_ONLYREGISTEREDPARTICIPENTS: 0
+      LAF_VERSION: 2.0.0-dev
+      LAF_PEXEL_API_KEY: ${JITSI_ADMIN_PEXEL_API_KEY}
+      LAF_PEXEL_REFRESH_TIME: 1200
+      LAF_EMAILTEXTLOGIN: 1
+      LAF_CREATESERVEROPENTOEVERYONE: 1
+      LAF_KEYCLOAKGROUPTOCREATESERVER: /user
+      LAF_ADMINISTRATOREMAIL: admin@localhost.de
+      LAF_NOTIFICATIONURL: ""
+      LAF_BBB_URL: ""
+      LAF_MAX_REPEAT: 56
+      LAF_REFRESHTIMEDASHBOARD: 10000
+      LAF_DARKMODEASDEFAULT: 0
+      LAF_SHOWNAME: "user.username$"
+      LAF_SHOWNAMEFRONTEND: "user.firstName$ user.lastName$"
+      LAF_ADDPARTICIPANTSNOINPUT: 0
+      LAF_ROOMSMOREOPTIONSCOLLAPSED: 1
+      LAF_LOBBY_REKNOCKTIME: 60
+      LAF_LOBBY_POPUPDURATION: 3000
+      ###< LaF ###
+
+      ###> Default Jitsi Server ###
+      DEFAULT_JITSI_SERVER_ID: 0
+      ###< Default Jitsi Server ###
+
+      ### Enterprise Settings ###
+      ENTERPRISE_NOEXTERNAL: 0
+      ALLOWTIMEZONESWITCH: 0
+      EMAILSENDERISMODERATOR: 0
+      ###<Enterprise Settings>###
+
+      ### LDAP Settings ###
+      LDAP_URL: "ldap://lldap:3890"
+      LDAP_BIND_DN: "cn=jitsi-admin,ou=people,dc=trez,dc=wtf"
+      LDAP_PASSWORD: ${JITSI_ADMIN_LDAP_BIND_PASSWORD}
+      LDAP_USER_DN: "ou=people,dc=trez,dc=wtf"
+      LDAP_USER_OBJECT_CLASSES: person,organizationalPerson,user;person,organizationalPerson,user
+      LDAP_SEARCH_SCOPE: sub;one
+      LDAP_USERNAME_ATTRIBUTE: uid
+      LDAP_ATTRIBUTE_MAPPER: '{"firstName":"givenName", "lastName":"sn", "email":"uid"};{"firstName":"givenName", "lastName":"sn", "email":"uid"}'
+      LDAP_BIND_TYPE: simple
+      LDAP_FILTER: ';'
+      LDAP_RDN_LDAP_ATTRIBUTE: uid
+      LDAP_UUID_LDAP_ATTRIBUTE: uuid
+      LDAP_SERVER_INDIVIDUALNAME: lldap
+      ###<LDAP Settings>###
+
+      ### UploadSetting
+      AWS_BUCKET_NAME: 'jitsi-admin'
+      AWS_BASE_URL: 'http://minio:9000'
+      AWS_KEY: ${JITSI_ADMIN_S3_ACCESS_KEY}
+      AWS_SECRET_KEY: ${JITSI_ADMIN_S3_SECRET_KEY}
+      ###<UploadSettings>
+    expose:
+      - 8080
+    image: quay.io/keycloak/keycloak:26.1.0
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/jitsi/admin/keycloak:/opt/keycloak/data/import
+  jitsi-admin-queue:
+    <<: *jitsi_admin_app
+    command: php /var/www/html/bin/console messenger:consume async --memory-limit=126m
+    hostname: app-queu
+    restart: unless-stopped
+    deploy:
+      mode: replicated
+      replicas: 2
+    environment:
+      ###> symfony/framework-bundle ###
+      APP_ENV: prod
+      APP_DEBUG: 0
+      APP_SECRET: ${JITSI_ADMIN_APP_SECRET}
+
+      ###ODC Parameters###
+      IMPRINT: </impressum>
+      DATAPRIVACY: </datenschutzhinweis>
+      HELPURL: </help>
+
+      ###Cron Parameters###
+      CRON_TOKEN: ${JITSI_ADMIN_CRON_TOKEN}
+      CRON_IPADRESS: 127.0.0.1
+
+      DATABASE_URL: mariadb://jitsiadmin:${JITSI__ADMIN_DB_PASSWORD}@mariadb:3306/jitsiadmin
+      DATABSE_SERVER: mariadb
+      MAILER_DSN: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
+
+      TRUSTED_PROXIES: 127.0.0.1,172.18.0.0/16
+
+      ###> demo ###
+      DEMO_INSTALLATION: prod
+      ###< demo ###
+
+      ###> matomo ###
+      MATOMO_ENABLE: 0
+      MATOMO_ID: 1
+      MATOMO_URL: analytics.local.com
+      ###< matomo ###
+
+
+      ###> LaF ###
+      LAF_BBB: 0
+      LAF_STARTPAGE: false
+      LAF_ONLYREGISTEREDPARTICIPENTS: 0
+      LAF_VERSION: 2.0.0-dev
+      LAF_PEXEL_API_KEY: ${JITSI_ADMIN_PEXEL_API_KEY}
+      LAF_PEXEL_REFRESH_TIME: 1200
+      LAF_EMAILTEXTLOGIN: 1
+      LAF_CREATESERVEROPENTOEVERYONE: 1
+      LAF_KEYCLOAKGROUPTOCREATESERVER: /user
+      LAF_ADMINISTRATOREMAIL: admin@localhost.de
+      LAF_NOTIFICATIONURL: ""
+      LAF_BBB_URL: ""
+      LAF_MAX_REPEAT: 56
+      LAF_REFRESHTIMEDASHBOARD: 10000
+      LAF_DARKMODEASDEFAULT: 0
+      LAF_SHOWNAME: "user.username$"
+      LAF_SHOWNAMEFRONTEND: "user.firstName$ user.lastName$"
+      LAF_ADDPARTICIPANTSNOINPUT: 0
+      LAF_ROOMSMOREOPTIONSCOLLAPSED: 1
+      LAF_LOBBY_REKNOCKTIME: 60
+      LAF_LOBBY_POPUPDURATION: 3000
+      ###< LaF ###
+
+      ###> Default Jitsi Server ###
+      DEFAULT_JITSI_SERVER_ID: 0
+      ###< Default Jitsi Server ###
+
+      ### Enterprise Settings ###
+      ENTERPRISE_NOEXTERNAL: 0
+      ALLOWTIMEZONESWITCH: 0
+      EMAILSENDERISMODERATOR: 0
+      ###<Enterprise Settings>###
+
+      ### LDAP Settings ###
+      LDAP_URL: "ldap://lldap:3890"
+      LDAP_BIND_DN: "cn=jitsi-admin,ou=people,dc=trez,dc=wtf"
+      LDAP_PASSWORD: ${JITSI_ADMIN_LDAP_BIND_PASSWORD}
+      LDAP_USER_DN: "ou=people,dc=trez,dc=wtf"
+      LDAP_USER_OBJECT_CLASSES: person,organizationalPerson,user;person,organizationalPerson,user
+      LDAP_SEARCH_SCOPE: sub;one
+      LDAP_USERNAME_ATTRIBUTE: uid
+      LDAP_ATTRIBUTE_MAPPER: '{"firstName":"givenName", "lastName":"sn", "email":"uid"};{"firstName":"givenName", "lastName":"sn", "email":"uid"}'
+      LDAP_BIND_TYPE: simple
+      LDAP_FILTER: ';'
+      LDAP_RDN_LDAP_ATTRIBUTE: uid
+      LDAP_UUID_LDAP_ATTRIBUTE: uuid
+      LDAP_SERVER_INDIVIDUALNAME: lldap
+      ###<LDAP Settings>###
+
+      ### UploadSetting
+      AWS_BUCKET_NAME: 'jitsi-admin'
+      AWS_BASE_URL: 'http://minio:9000'
+      AWS_KEY: ${JITSI_ADMIN_S3_ACCESS_KEY}
+      AWS_SECRET_KEY: ${JITSI_ADMIN_S3_SECRET_KEY}
+      ###<UploadSettings>
+    depends_on:
+      app-ja:
+        condition: service_healthy
+    volumes:
+      - ja-theme_data:/var/www/html/theme
+  jitsi-admin-websocket:
+    container_name: jitsi-admin-websocket
+    depends_on:
+      - swag
+    environment:
+      ###> symfony/framework-bundle ###
+      APP_ENV: prod
+      APP_DEBUG: 0
+      APP_SECRET: ${JITSI_ADMIN_APP_SECRET}
+
+      ###ODC Parameters###
+      IMPRINT: </impressum>
+      DATAPRIVACY: </datenschutzhinweis>
+      HELPURL: </help>
+
+      ###Cron Parameters###
+      CRON_TOKEN: ${JITSI_ADMIN_CRON_TOKEN}
+      CRON_IPADRESS: 127.0.0.1
+
+      DATABASE_URL: mariadb://jitsiadmin:${JITSI__ADMIN_DB_PASSWORD}@mariadb:3306/jitsiadmin
+      DATABSE_SERVER: mariadb
+      MAILER_DSN: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
+
+      TRUSTED_PROXIES: 127.0.0.1,172.18.0.0/16
+
+      ###> demo ###
+      DEMO_INSTALLATION: prod
+      ###< demo ###
+
+      ###> matomo ###
+      MATOMO_ENABLE: 0
+      MATOMO_ID: 1
+      MATOMO_URL: analytics.local.com
+      ###< matomo ###
+
+
+      ###> LaF ###
+      LAF_BBB: 0
+      LAF_STARTPAGE: false
+      LAF_ONLYREGISTEREDPARTICIPENTS: 0
+      LAF_VERSION: 2.0.0-dev
+      LAF_PEXEL_API_KEY: ${JITSI_ADMIN_PEXEL_API_KEY}
+      LAF_PEXEL_REFRESH_TIME: 1200
+      LAF_EMAILTEXTLOGIN: 1
+      LAF_CREATESERVEROPENTOEVERYONE: 1
+      LAF_KEYCLOAKGROUPTOCREATESERVER: /user
+      LAF_ADMINISTRATOREMAIL: admin@localhost.de
+      LAF_NOTIFICATIONURL: ""
+      LAF_BBB_URL: ""
+      LAF_MAX_REPEAT: 56
+      LAF_REFRESHTIMEDASHBOARD: 10000
+      LAF_DARKMODEASDEFAULT: 0
+      LAF_SHOWNAME: "user.username$"
+      LAF_SHOWNAMEFRONTEND: "user.firstName$ user.lastName$"
+      LAF_ADDPARTICIPANTSNOINPUT: 0
+      LAF_ROOMSMOREOPTIONSCOLLAPSED: 1
+      LAF_LOBBY_REKNOCKTIME: 60
+      LAF_LOBBY_POPUPDURATION: 3000
+      ###< LaF ###
+
+      ###> Default Jitsi Server ###
+      DEFAULT_JITSI_SERVER_ID: 0
+      ###< Default Jitsi Server ###
+
+      ### Enterprise Settings ###
+      ENTERPRISE_NOEXTERNAL: 0
+      ALLOWTIMEZONESWITCH: 0
+      EMAILSENDERISMODERATOR: 0
+      ###<Enterprise Settings>###
+
+      ### LDAP Settings ###
+      LDAP_URL: "ldap://lldap:3890"
+      LDAP_BIND_DN: "cn=jitsi-admin,ou=people,dc=trez,dc=wtf"
+      LDAP_PASSWORD: ${JITSI_ADMIN_LDAP_BIND_PASSWORD}
+      LDAP_USER_DN: "ou=people,dc=trez,dc=wtf"
+      LDAP_USER_OBJECT_CLASSES: person,organizationalPerson,user;person,organizationalPerson,user
+      LDAP_SEARCH_SCOPE: sub;one
+      LDAP_USERNAME_ATTRIBUTE: uid
+      LDAP_ATTRIBUTE_MAPPER: '{"firstName":"givenName", "lastName":"sn", "email":"uid"};{"firstName":"givenName", "lastName":"sn", "email":"uid"}'
+      LDAP_BIND_TYPE: simple
+      LDAP_FILTER: ';'
+      LDAP_RDN_LDAP_ATTRIBUTE: uid
+      LDAP_UUID_LDAP_ATTRIBUTE: uuid
+      LDAP_SERVER_INDIVIDUALNAME: lldap
+      ###<LDAP Settings>###
+
+      ### UploadSetting
+      AWS_BUCKET_NAME: 'jitsi-admin'
+      AWS_BASE_URL: 'http://minio:9000'
+      AWS_KEY: ${JITSI_ADMIN_S3_ACCESS_KEY}
+      AWS_SECRET_KEY: ${JITSI_ADMIN_S3_SECRET_KEY}
+      ###<UploadSettings>
+    expose:
+      - 3000
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/healthz"]
+      interval: 10s
+      retries: 5
+      timeout: 10s
+      start_period: 10s
+    hostname: websocket-ja
+    image: h2invent/jitsi-admin-websocket:latest
+    restart: unless-stopped
+    volumes:
+      - ja-caddy_data:/data
+      - ja-caddy_config:/config
  jitsi-etherpad:
    container_name: jitsi-etherpad
    environment:
@@ -2916,6 +3296,18 @@ services:
    ports:
      - 22300:22300
    restart: unless-stopped
+  languagetool:
+    container_name: languagetool
+    environment:
+      langtool_languageModel: /opt/languagetool/langModel
+      Java_Xms: 512m
+      Java_Xmx: 1g
+    expose:
+      - 8010
+    image: elestio/languagetool:latest
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/languagetool/:/opt/languagetool/langModel
  librechat-api:
    container_name: librechat-api
    depends_on:
@@ -2993,24 +3385,11 @@ services:
      test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
    environment:
      LT_UPDATE_MODELS: true
-    labels:
-      homepage.group: Personal/Professional Services
-      homepage.name: LibreTranslate
-      homepage.href: https://translate.${MY_TLD}
-      homepage.icon: sh-libretranslate.svg
-      homepage.description: Open-source language translation
-      swag: enable
-      swag_port: 5000
-      swag_url: translate.${MY_TLD}
-      swag_server_custom_directive: |
-        access_log /config/log/$$host_access.log ;
-        error_log /config/log/$$host_error.log ;
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
    ports:
      - 5000:5000
    restart: unless-stopped
+    tty: true
+    stdin_open: true
    volumes:
    #   - libretranslate_api_keys:/app/db
      - libretranslate_models:/home/libretranslate/.local:rw
@@ -3782,6 +4161,40 @@ services:
    ports:
      - 23693:80
    restart: unless-stopped
+  omnipoly:
+    container_name: omnipoly
+    depends_on:
+      languagetool:
+        condition: service_started
+        required: true
+      libretranslate:
+        condition: service_started
+        required: true
+    environment:
+      LANGUAGE_TOOL: http://languagetool:8010
+      LIBRETRANSLATE: http://libretranslate:5000
+      OLLAMA: http://ollama:11434
+      OLLAMA_MODEL: smollm2:1.7b
+      THEME: 'pole'
+      DISABLE_DICTIONARY: false
+    expose:
+      - 80
+    image: kweg/omnipoly:latest
+    labels:
+      homepage.group: Personal/Professional Services
+      homepage.name: OmniPoly
+      homepage.href: https://translate.${MY_TLD}
+      homepage.icon: sh-omnipoly.svg
+      homepage.description: Open-source language translation with LanguageTool, LibreTranslate, & Ollama
+      swag: enable
+      swag_url: translate.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    restart: unless-stopped
  paperless-ngx:
    container_name: paperless-ngx
    depends_on:
@@ -3929,17 +4342,25 @@ services:
    restart: unless-stopped
    volumes:
        - portainer-data:/data
-  portall:
-    container_name: portall
-    image: need4swede/portall:latest
+  portnote-web:
+    container_name: portnote
+    depends_on:
+      portnote-pg-db:
+        condition: service_started
+        required: true
+        restart: true
    environment:
-      SECRET_KEY: ${PORTALL_SECRET_KEY}
+      JWT_SECRET: ${PORTNOTE_JWT_SECRET} # Replace with a secure random string
+      USER_SECRET:  ${PORTNOTE_USER_SECRET} # Replace with a secure random string
+      LOGIN_USERNAME: portnote # Replace with a username
+      LOGIN_PASSWORD: ${PORTNOTE_LOGIN_PASSWORD} # Replace with a custom password
+      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
+    image: haedlessdev/portnote:latest
    labels:
      swag: enable
-      swag_auth: authelia
      swag_proto: http
-      swag_port: 8080
-      swag_url: portall.${MY_TLD}
+      swag_port: 3000
+      swag_url: ports.${MY_TLD}
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
@@ -3947,15 +4368,35 @@ services:
      swag.uptime-kuma.monitor.url: https://portall.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      homepage.group: System Administration
-      homepage.name: Portall
+      homepage.name: PortNote
      homepage.href: https://portall.${MY_TLD}
-      homepage.icon: sh-portall.png
+      homepage.icon: /icons/portnote.png
      homepage.description: Management for container ports
    ports:
-      - 8000:8080
-    restart: unless-stopped
+      - 23186:3000
+    restart: always
+  portnote-agent:
+    container_name: portnote-agent
+    depends_on:
+      portnote-pg-db:
+        condition: service_started
+        required: true
+    image: haedlessdev/portnote-agent:latest
+    environment:
+      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
+    restart: always
+  portnote-pg-db:
+    container_name: portnote-pg-db
+    image: postgres:17-alpine
+    environment:
+      POSTGRES_USER: portnote
+      POSTGRES_PASSWORD: ${PORTNOTE_POSTGRES_PASSWORD}
+      POSTGRES_DB: portnote
+    expose:
+      - 5432
+    restart: always
    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/portall:/app/instance
+      - portnote-db-data:/var/lib/postgresql/data
  postal-smtp:
    cap_add:
      - NET_BIND_SERVICE
@@ -5351,6 +5792,36 @@ services:
    ports:
      - 3010:3000
    restart: unless-stopped
+  whodb:
+    container_name: whodb
+    image: clidey/whodb
+    environment:
+      WHODB_POSTGRES_1: '[{"host":"authelia-pg","user":"authelia","password":"${AUTHELIA_STORAGE_POSTGRES_PASSWORD}","database":"authelia"},{"host":"bitmagnet-pg-db","user":"bitmagnet","password":"${BITMAGNET_POSTGRESQL_PASSWORD}","database":"bitmagnet"},{"host":"dawarich-pg-db","user":"dawarich","password":"${DAWARICH_PG_PASSWORD}","database":"dawarich"},{"host":"gitea-db","user":"gitea","password":"${GITEA_PG_DB_PASSWORD}","database":"gitea"},{"host":"immich-pg-db","user":"immich","password":"${IMMICH_DB_PASSWORD}","database":"immich"},{"host":"invidious-db","user":"kemal","password":"${INVID_PG_DB_PASSWORD}","database":"invidious"},{"host":"librechat-vectordb","user":"librechat","password":"${LIBRECHAT_PG_DB_PASSWD}","database":"librechat"},{"host":"mastodon-pg-db","user":"mastodon","password":"${MASTODON_PG_DB_PASSWORD}","database":"mastodon"},{"host":"reactive-resume-pg","user":"reactiveresume","password":"${REACTIVE_RESUME_PGSQL_PASSWORD}","database":"reactiveresume"},{"host":"sonarqube-pg-db","user":"sonar","password":"${SONARQUBE_POSTGRES_PASSWORD}","database":"sonar"},{"host":"tandoor-pg","user":"tandoor","password":"${TANDOOR_POSTGRES_PASSWORD}","database":"tandoor"},{"host":"zammad-postgresql","user":"zammad","password":"${ZAMMAD_POSTGRES_PASS}","database":"zammad_production"}]'
+      WHODB_MARIADB_1: '[{"host":"mariadb","user":"root","password":"${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}","database":"mysql"}]'
+      WHODB_MONGODB_1: '{"host":"mongodb:27017/admin?replicaSet=rinoa","user":"root","password":"${MONGO_INITDB_ROOT_PASSWORD}"}'
+      WHODB_OLLAMA_HOST: ollama
+      WHODB_OLLAMA_PORT: 11434
+      WHODB_ANTHROPIC_API_KEY: ${LIBRECHAT_ANTHROPIC_API_KEY}
+      WHODB_OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
+    expose:
+      - 8080
+    labels:
+      homepage.group: System Administration
+      homepage.name: WhoDB
+      homepage.href: https://dbs.${MY_TLD}
+      homepage.icon: whodb.png
+      homepage.description: Database-as-Code CI/CD
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_url: dbs.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    restart: unless-stopped
  youtubedl:
    container_name: youtubedl
    environment:
@@ -5441,9 +5912,9 @@ services:
    container_name: zammad-nginx
    command: ["zammad-nginx"]
    expose:
-      - "${NGINX_PORT:-8080}"
+      - 8080
    ports:
-      - "${NGINX_EXPOSE_PORT:-8080}:${NGINX_PORT:-8080}"
+      - 15257:8080
    labels:
      swag: enable
      swag_proto: http
@@ -5472,6 +5943,8 @@ services:
    <<: *zammad-service
    container_name: zammad-railsserver
    command: ["zammad-railsserver"]
+    expose:
+      - 3000
  zammad-redis:
    container_name: zammad-redis
    image: redis:${REDIS_VERSION:-7.4.2-alpine}
@@ -5545,10 +6018,18 @@ volumes:
    name: invoice-ninja_public
  invoice-ninja_storage:
    name: invoice-ninja_storage
-  jitsi-web-admin-theme:
-    name: jitsi-web-admin-theme
-  jitsi-web-admin-upload:
-    name: jitsi-web-admin-upload
+  ja-caddy_config:
+    name: ja-caddy_config
+  ja-caddy_data:
+    name: ja-caddy_data
+  ja-image_upload:
+    name: ja-image_upload
+  ja-recording_uploads:
+    name: ja-recording_uploads
+  ja-theme_assests_data:
+    name: ja-theme_assests_data
+  ja-theme_data:
+    name: ja-theme_data
  joplin_data:
    name: joplin_data
  linkstack_data:
@@ -5589,14 +6070,10 @@ volumes:
    name: paperless-ngx-pg
  pgbackweb-data:
    name: pgbackweb-data
-  plausible-db-data:
-    name: plausible-db-data
-  plausible-event-data:
-    name: plausible-event-data
-  plausible-event-logs:
-    name: plausible-event-logs
  portainer-data:
    name: portainer-data
+  portnote-db-data:
+    name: portnote-db-data
  reactive-resume-pg:
    name: reactive-resume-pg
  semaphore_config: