chore: Update README

.gitea/workflows/pr-ansible-config-deployment.yaml

@@ -6,7 +6,6 @@ on:
       - 'main'
     paths:
       - '**.j2'
-      - '**/pr-ansible-config-deployment.yaml'
       - 'ansible/**.yml'
 jobs:
   check-and-create-pr:
@@ -42,7 +41,7 @@ jobs:
         continue-on-error: true
         run: |
           tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
+          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
           echo "exists=$pr_exists" >> $GITHUB_OUTPUT
       - name: Create PR
         if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -50,7 +49,7 @@ jobs:
           tea login default gitea-rinoa
           pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
           pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -59,7 +58,7 @@ jobs:
           notification_title: 'GITEA: PR Check'
           notification_message: 'PR Created 🎟️'
   ansible-linting:
-    name: Ansible Lint
+    name: Docker Compose & Ansible Lints
     needs: [check-and-create-pr]
     runs-on: ubuntu-latest
     env:
@@ -69,6 +68,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${{ github.event.pull_request.base.ref }}
       - name: Cache Ansible Galaxy Collections
         uses: actions/cache@v3
         with:
@@ -79,12 +81,11 @@ jobs:
       - name: Install Ansible
         uses: alex-oleshkevich/setup-ansible@v1.0.1
         with:
-          version: "11.4.0"
+          version: "11.0.0"
       - name: Install Vault
         uses: cpanato/vault-installer@main
       - name: Install hvac
-        run: |
-          pip install hvac
+        run: pip install hvac
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -93,17 +94,16 @@ jobs:
           notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
           notification_message: 'Starting Ansible dry run...'
       - name: Ansible Playbook Dry Run
-        uses: dawidd6/action-ansible-playbook@v3
+        uses: arillso/action.playbook@0.1.0
         with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          check: true
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
           vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-          requirements: collections/requirements.yml
-          options: |
-            --check
-            --inventory inventory/hosts.yml
-            -v
+          verbose: 0
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -153,10 +153,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: main
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.12
       - name: Cache Vault install
         id: cache-vault
         uses: actions/cache@v4
@@ -166,12 +162,11 @@ jobs:
       - name: Install Ansible
         uses: alex-oleshkevich/setup-ansible@v1.0.1
         with:
-          version: "11.4.0"
+          version: "11.0.0"
       - name: Install Vault
         uses: cpanato/vault-installer@main
       - name: Install hvac
-        run: |
-          pip install hvac
+        run: pip install hvac
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -180,15 +175,15 @@ jobs:
           notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
           notification_message: 'Starting config deployment with Ansible...'
       - name: Ansible Playbook Config Deploy
-        uses: dawidd6/action-ansible-playbook@v3
+        uses: arillso/action.playbook@0.1.0
         with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          check: false
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
           vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-          requirements: collections/requirements.yml
-          options: |
-            --inventory inventory/hosts.yml
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -42,7 +42,7 @@ jobs:
         continue-on-error: true
         run: |
           tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
+          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
           echo "exists=$pr_exists" >> $GITHUB_OUTPUT
       - name: Create PR
         if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -50,7 +50,7 @@ jobs:
           tea login default gitea-rinoa
           pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
           pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -58,25 +58,26 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: PR Check'
           notification_message: 'PR Created 🎟️'
-  generate-service-list:
-    name: Generate list of added/modified/deleted services
-    runs-on: ubuntu-latest
+  docker-compose-dry-run:
+    name: Docker Compose Dry Run
     needs: [check-and-create-pr]
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
+      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
     outputs:
-      svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
+      svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Fetch base branch
         run: |
           git fetch origin ${{ github.event.pull_request.base.ref }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Services TBD'
-          notification_message: 'Generating list of services to deploy...'
+      - name: Login to Gitea Container Registry
+        run: |
+          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
       - name: Save both versions of docker-compose.yml
         run: |
           git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
@@ -106,29 +107,8 @@ jobs:
           echo "Detected service changes:"
           cat service_changes.txt
 
-          mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq)
-          echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
-          echo "$mod_svcs" >> "$GITHUB_OUTPUT"
-          echo "EOF" >> "$GITHUB_OUTPUT"
-      - name: Testing service list output
-        run: |
-          echo -e "${{ steps.detect_services.outputs.docker_svc_list }}"
-  docker-compose-dry-run:
-    name: Docker Compose Dry Run
-    needs: [generate-service-list]
-    runs-on: ubuntu-latest
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_NAMESPACE: ""
-      RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
-      DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Login to Gitea Container Registry
-        run: |
-          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
+          svc_list=$(paste -sd '|' service_changes.txt)
+          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
       - name: Install Vault
         uses: cpanato/vault-installer@main
       - name: Gotify Notification
@@ -138,20 +118,37 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
           notification_message: 'Starting Docker Compose dry run...'
-      - name: Generate .env file for Docker Compose
+      - name: Cache .env Files
+        uses: actions/cache@v4
+        with:
+          path: .env
+          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
+      - name: Generate modified services list & .env file for Docker Compose Dry Run
+        id: modded_svcs
         run: |
+          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
+          echo ${mod_svcs}
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-          echo ${DOCKER_SVC_LIST}
+          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
+      - name: Testing service list output
+        run: |
+          echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
       - name: Docker Compose Dry Run
-        uses: hoverkraft-tech/compose-action@v2.2.0
+        timeout-minutes: 360
+        continue-on-error: true
+        uses: chaplyk/docker-compose-remote-action@v1.1
+        with:
+          ssh_host: 192.168.1.254
+          ssh_port: 22
+          ssh_user: gitea-deploy
+          ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
+          service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
+          compose_file: docker-compose.yml
+          pull: false
+          build: false
+          options: -d --remove-orphans
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
-        with:
-          services: |
-            ${{ needs.generate-service-list.outputs.svc_deploy_list }}
-          up-flags: -d --remove-orphans --dry-run
-          down-flags: --dry-run
-          compose-flags: --dry-run
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -161,7 +158,7 @@ jobs:
           notification_message: 'Docker Compose dry run completed successfully.'
   cloudflare-dns-setup:
     name: Cloudflare DNS Setup
-    needs: [docker-compose-dry-run]
+    needs: [docker-compose-ansible-lints]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -302,13 +299,13 @@ jobs:
   docker-compose-deploy:
     name: Docker Compose Deployment
     runs-on: ubuntu-latest
-    needs: [generate-service-list, docker-compose-dry-run, pr-merge]
+    needs: [docker-compose-dry-run, pr-merge]
     env:
       VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
       DOCKER_HOST: tcp://dockerproxy:2375
       RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
-      DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
+      DOCKER_SVC_LIST: ${{ needs.docker-compose-dry-run.outputs.svc_deploy_list }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -320,6 +317,10 @@ jobs:
         with:
           path: /opt/hostedtoolcache/vault/1.18.0/x64
           key: vault-${{ runner.os }}-1.18.0
+      - name: Install Ansible
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "11.0.0"
       - name: Install Vault
         uses: cpanato/vault-installer@main
       - name: Login to Gitea Container Registry
@@ -335,22 +336,22 @@ jobs:
       - name: Generate .env file for deployment
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-           echo ${DOCKER_SVC_LIST}
-      - name: Docker Compose Deployment
-        uses: hoverkraft-tech/compose-action@v2.2.0
+      - name: Docker Compose Dry Run
+        timeout-minutes: 360
+        continue-on-error: true
+        uses: chaplyk/docker-compose-remote-action@v1.1
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
         with:
-          services: |
-            ${{ needs.generate-service-list.outputs.svc_deploy_list }}
-          up-flags: -d --remove-orphans
-          down-flags: --dry-run
-      - name: Check Services' Healthiness
-        uses: thegabriele97/dockercompose-health-action@main
-        with:
-          filename: 'docker-compose.yml'
-          timeout: '180'
-          workdir: '.'
+          ssh_host: 192.168.1.254
+          ssh_port: 22
+          ssh_user: gitea-deploy
+          ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
+          service: ${DOCKER_SVC_LIST}
+          compose_file: docker-compose.yml
+          pull: false
+          build: false
+          options: -d --remove-orphans
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:

.gitea/workflows/vault-auto-unseal-flow.yml

@@ -1,8 +1,7 @@
 name: Auto-Unseal for Vault
 on:
-  workflow_dispatch:
   schedule:
-    - cron: "0 5 * * *"
+    - cron: "30 2 * * *"
 jobs:
   auto-unseal:
     name: Unseal Vault

README.md

@@ -19,7 +19,6 @@
 | browserless | ghcr.io/browserless/chromium:latest |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
-| chrome | gcr.io/zenika-hub/alpine-chrome:123 |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
 | convertx | ghcr.io/c4illin/convertx |
 | cronicle | elestio/cronicle:latest |
@@ -73,7 +72,6 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
-| karakeep | ghcr.io/karakeep-app/karakeep:release |
 | languagetool | elestio/languagetool:latest |
 | librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
 | librechat-vectordb | ankane/pgvector:latest |
@@ -92,7 +90,7 @@
 | maxun-backend | getmaxun/maxun-backend:latest |
 | maxun-frontend | getmaxun/maxun-frontend:latest |
 | maxun-pg-db | postgres:13-alpine |
-| meilisearch | getmeili/meilisearch:v1.13.3 |
+| meilisearch | getmeili/meilisearch:v1.12.3 |
 | minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
 | mixpost | inovector/mixpost:latest |
 | mongodb | bitnami/mongodb:7.0 |
@@ -108,8 +106,6 @@
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
-| planka | ghcr.io/plankanban/planka:2.0.0-rc.3 |
-| planka-pg-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
 | portainer | portainer/portainer-ce:alpine |
 | portnote-web | haedlessdev/portnote:latest |
@@ -134,14 +130,13 @@
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
 | semaphore | semaphoreui/semaphore:v2.12.14 |
-| signoz-app | signoz/signoz:v0.86.2 |
-| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
 | signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
-| signoz-logspout | pavanputhra/logspout-signoz |
-| signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
-| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
-| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
 | signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
+| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
+| signoz-app | signoz/signoz:v0.86.2 |
+| signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
+| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
+| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
@@ -156,6 +151,7 @@
 | unmanic | josh5/unmanic:latest |
 | uptimekuma | louislam/uptime-kuma:latest |
 | vault | hashicorp/vault:latest |
+| wallabag | wallabag/wallabag |
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |

ansible/app-configs/crowdsec/acquis.yaml.j2

@@ -1,65 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-source: journalctl
-journalctl_filter:
-  - "--directory=/var/log/host/"
-labels:
-  type: syslog
----
-filenames:
-  - /var/log/swag/*
-labels:
-  type: nginx
----
-filenames:
-  - /var/log/auth/auth.log
-labels:
-  type: syslog
----
-filenames:
-  - /var/lib/mysql/log/mysql/*
-  - /var/lib/mysql/databases/*.err
-  - /var/lib/mysql/databases/*.log
-labels:
-  type: mariadb
----
-source: docker
-container_name:
-  - adguard
-labels:
-  type: adguardhome
----
-source: docker
-container_name:
- - mongodb
-labels:
-  type: mongodb
----
-source: docker
-container_name:
- - immich-server
-labels:
-  type: immich
----
-source: docker
-container_name:
- - uptimekuma
-labels:
-  type: uptime-kuma
----
-source: docker
-container_name:
- - jellyfin
-labels:
-  type: jellyfin
----
-source: docker
-container_name:
- - navidrome
-labels:
-  type: navidrome
----
-filenames:
-  - /var/log/audiobookshelf/*.txt
-labels:
-  type: audiobookshelf

ansible/app-configs/crowdsec_acquis.yaml.j2

@@ -0,0 +1,15 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+
+source: journalctl
+journalctl_filter: 
+  - "--directory=/var/log/host/"
+labels:
+  type: syslog
+---
+filenames:
+  - /var/log/swag/*
+labels:
+  type: nginx
+---

ansible/app-configs/crowdsec_config.yaml.j2

@@ -1,5 +1,3 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
 common:
   daemonize: false
   log_media: stdout

ansible/app-configs/homepage_settings.yaml.j2

@@ -26,7 +26,7 @@ layout:
     columns: 4
   Infrastructure/App Performance Monitoring:
     style: row
-    columns: 5
+    columns: 3
   Code/DevOps:
     style: row
     columns: 3
@@ -35,38 +35,22 @@ layout:
     columns: 4
   Lifestyle:
     style: row
-    columns: 4
+    columns: 3
   Automation:
     style: row
     columns: 5
   Privacy/Security:
     style: row
-<<<<<<< Updated upstream
     columns: 5
-  Personal Tools:
+  Personal/Professional Services:
     style: row
     columns: 5
-<<<<<<< HEAD
-=======
-    columns: 3
-  Personal Tools:
-    style: row
-    columns: 3
-  Professional Services:
-    style: row
-    columns: 3
->>>>>>> Stashed changes
-=======
-  Professional Tools:
-    style: row
-    columns: 3
->>>>>>> refs/remotes/origin/main
   Servarr Stack:
     style: row
     columns: 3
   Downloaders:
     style: row
-    columns: 
+    columns: 2
   Media Library:
     style: row
     columns: 3

ansible/app-configs/loggifly_config.yaml.j2

@@ -13,10 +13,6 @@ containers:
   invidious:
     keywords:
       - regex: 'Error reading.*Connection reset by peer trying to reconnect...'
-  scrutiny:
-    action_keywords:
-      - restart:
-          regex: s6.*fatal
 global_keywords:
   keywords:
     - panic

ansible/app-configs/signoz/otel/otel-collector-config.yaml.j2

@@ -1,106 +0,0 @@
-receivers:
-  httplogreceiver/json:
-    endpoint: 0.0.0.0:8082
-    source: json
-  otlp:
-    protocols:
-      grpc:
-        endpoint: 0.0.0.0:4317
-      http:
-        endpoint: 0.0.0.0:4318
-  prometheus:
-    config:
-      global:
-        scrape_interval: 60s
-      scrape_configs:
-        - job_name: otel-collector
-          static_configs:
-          - targets:
-              - localhost:8888
-            labels:
-              job_name: otel-collector
-processors:
-  batch:
-    send_batch_size: 10000
-    send_batch_max_size: 11000
-    timeout: 10s
-  resourcedetection:
-    # Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
-    detectors: [env, system]
-    timeout: 2s
-  signozspanmetrics/delta:
-    metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
-    metrics_flush_interval: 60s
-    latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
-    dimensions_cache_size: 100000
-    aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
-    enable_exp_histogram: true
-    dimensions:
-      - name: service.namespace
-        default: default
-      - name: deployment.environment
-        default: default
-      # This is added to ensure the uniqueness of the timeseries
-      # Otherwise, identical timeseries produced by multiple replicas of
-      # collectors result in incorrect APM metrics
-      - name: signoz.collector.id
-      - name: service.version
-      - name: browser.platform
-      - name: browser.mobile
-      - name: k8s.cluster.name
-      - name: k8s.node.name
-      - name: k8s.namespace.name
-      - name: host.name
-      - name: host.type
-      - name: container.name
-extensions:
-  health_check:
-    endpoint: 0.0.0.0:13133
-  pprof:
-    endpoint: 0.0.0.0:1777
-exporters:
-  clickhousetraces:
-    datasource: tcp://clickhouse:9000/signoz_traces
-    low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
-    use_new_schema: true
-  clickhousemetricswrite:
-    endpoint: tcp://clickhouse:9000/signoz_metrics
-    disable_v2: true
-    resource_to_telemetry_conversion:
-      enabled: true
-  clickhousemetricswrite/prometheus:
-    endpoint: tcp://clickhouse:9000/signoz_metrics
-    disable_v2: true
-  signozclickhousemetrics:
-    dsn: tcp://clickhouse:9000/signoz_metrics
-  clickhouselogsexporter:
-    dsn: tcp://clickhouse:9000/signoz_logs
-    timeout: 10s
-    use_new_schema: true
-  # debug: {}
-service:
-  telemetry:
-    logs:
-      encoding: json
-    metrics:
-      address: 0.0.0.0:8888
-  extensions:
-    - health_check
-    - pprof
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [signozspanmetrics/delta, batch]
-      exporters: [clickhousetraces]
-    metrics:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [clickhousemetricswrite, signozclickhousemetrics]
-    metrics/prometheus:
-      receivers: [prometheus]
-      processors: [batch]
-      exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
-    logs:
-      receivers: [otlp, tcplog/docker, httplogreceiver/json]
-      processors: [batch]
-      exporters: [clickhouselogsexporter]

ansible/app-configs/signoz/otel/otel-collector-opamp-config.yaml.j2

@@ -1 +0,0 @@
-server_endpoint: ws://signoz-app:4320/v1/opamp

ansible/app-configs/signoz_common_otel_otel-collector-opamp-config.yaml.j2

@@ -0,0 +1 @@
+server_endpoint: ws://signoz:4320/v1/opamp

ansible/app-configs/signoz_common_signoz_otel-collector-opamp-config.yaml.j2

@@ -0,0 +1 @@
+server_endpoint: ws://signoz:4320/v1/opamp

ansible/docker_config_deploy.yml

@@ -1,52 +1,20 @@
+---
 - name: Deploy Docker Service Configurations
   hosts: rinoa
   vars:
     appdata_base_path: "~/.docker/config/appdata"
-    template_base_path: "{{ playbook_dir }}/app-configs"
-    local_render_dir: "/tmp/rendered_templates"  # Temp directory on control node
 
   tasks:
-
-    - name: Ensure local render directory exists
+    - name: Ensure target directories exist
       ansible.builtin.file:
-        path: "{{ local_render_dir }}"
+        path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
         state: directory
         mode: '0755'
-      delegate_to: localhost
-      run_once: true
+      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
 
-    - name: Recursively collect all Jinja2 templates (*.j2)
-      ansible.builtin.find:
-        paths: "{{ template_base_path }}"
-        patterns: "*.j2"
-        recurse: true
-      register: template_files
-      delegate_to: localhost
-      run_once: true
-
-    - name: Render templates locally
+    - name: Deploy configuration templates
       ansible.builtin.template:
-        src: "{{ item.path }}"
-        dest: "{{ local_render_dir }}/{{ item.path | regex_replace('^' + (template_base_path | regex_escape) + '/', '') | regex_replace('\\.j2$', '') }}"
+        src: "{{ item }}"
+        dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
         mode: '0644'
-      loop: "{{ template_files.files }}"
-      delegate_to: localhost
-      loop_control:
-        label: "{{ item.path | basename }}"
-      run_once: true
-
-    - name: Copy rendered templates to remote host
-      ansible.builtin.copy:
-        src: "{{ local_render_dir }}/{{ item.path | regex_replace('^' + (template_base_path | regex_escape) + '/', '') | regex_replace('\\.j2$', '') }}"
-        dest: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + (template_base_path | regex_escape) + '/', '') | regex_replace('\\.j2$', '') }}"
-        mode: '0644'
-      loop: "{{ template_files.files }}"
-      loop_control:
-        label: "{{ item.path | basename }}"
-
-    - name: Clean up local render directory
-      ansible.builtin.file:
-        path: "{{ local_render_dir }}"
-        state: absent
-      delegate_to: localhost
-      run_once: true
+      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"

docker-compose.yml

@@ -33,9 +33,9 @@ x-maxun: &maxun-env
     REDIS_PORT: 6379
     BACKEND_PORT: 8080
     FRONTEND_PORT: 5173
-    BACKEND_URL: https://scrape.trez.wtf/api
+    BACKEND_URL: http://maxun-backend:8080
     PUBLIC_URL: https://scrape.trez.wtf
-    VITE_BACKEND_URL: https://scrape.trez.wtf/api
+    VITE_BACKEND_URL: http://maxun-backend:8080
     VITE_PUBLIC_URL: https://scrape.trez.wtf
     MAXUN_TELEMETRY: true
     PLAYWRIGHT_BROWSERS_PATH: /ms-playwright
@@ -153,7 +153,6 @@ services:
       homepage.widget.username: admin
       homepage.widget.password: ${ADGUARD_PASSWORD}
     network_mode: host
-    privileged: true
     # ports:
     #   - "192.168.1.254:53:53/udp"
     #   - "192.168.1.254:53:53/tcp"
@@ -180,11 +179,6 @@ services:
       APPRISE_STATEFUL_MODE: simple
     image: lscr.io/linuxserver/apprise-api:latest
     labels:
-      cloudflare.tunnel.enable: true
-      cloudflare.tunnel.hostname: apprise.trez.wtf
-      cloudflare.tunnel.service: http://apprise:8000
-      cloudflare.tunnel.zonename: trez.wtf
-      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: Apprise
       homepage.icon: apprise.png
@@ -209,7 +203,7 @@ services:
       SEARCH_BACKEND_ENGINE: ripgrep       # tells ArchiveBox to use sonic container below for fast full-text search
     image: archivebox/archivebox:latest
     labels:
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: ArchiveBox
       homepage.href: https://archive.${MY_TLD}
       homepage.icon: archivebox.png
@@ -454,8 +448,8 @@ services:
     image: vaultwarden/server:latest
     labels:
       homepage.group: Privacy/Security
-      homepage.name: Vaultwarden
-      homepage.icon: vaultwarden.svg
+      homepage.name: Bitwarden
+      homepage.icon: bitwarden.png
       homepage.href: https://bitwarden.${MY_TLD}
       homepage.description: Credential/Information Vault
       swag: enable
@@ -621,17 +615,6 @@ services:
     restart: unless-stopped
     volumes:
       - castopod-media:/var/www/castopod/public/media
-  chrome:
-    container_name: chrome
-    command:
-      - --no-sandbox
-      - --disable-gpu
-      - --disable-dev-shm-usage
-      - --remote-debugging-address=0.0.0.0
-      - --remote-debugging-port=9222
-      - --hide-scrollbars
-    image: gcr.io/zenika-hub/alpine-chrome:123
-    restart: unless-stopped
   cloudflareddns:
     container_name: cloudflareddns
     environment:
@@ -725,35 +708,11 @@ services:
         - ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app
   crowdsec:
     container_name: crowdsec
-    depends_on:
-      - swag
     environment:
       DOCKER_HOST: tcp://dockerproxy:2375
       GID: 1000
-      BOUNCER_KEY_SWAG: ${CROWDSEC_SWAG_API_KEY}
-      COLLECTIONS: >-
-        corvese/apache-guacamole
-        crowdsecurity/home-assistant
-        crowdsecurity/http-cve
-        crowdsecurity/iptables
-        crowdsecurity/linux
-        crowdsecurity/mariadb
-        crowdsecurity/nextcloud
-        crowdsecurity/nginx
-        crowdsecurity/whitelist-good-actors
-        Dominic-Wagner/vaultwarden
-        gauth-fr/immich
-        LePresidente/adguardhome
-        LePresidente/authelia
-        LePresidente/gitea
-        LePresidente/jellyfin
-        LePresidente/ombi
-        plague-doctor/audiobookshelf
-        schiz0phr3ne/sonarr
-        sdwilsh/navidrome
-        timokoessler/mongodb
-        timokoessler/uptime-kuma
-        xs539/joplin-server
+      BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
+      COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
     image: crowdsecurity/crowdsec:latest
     networks:
       default: null
@@ -763,14 +722,13 @@ services:
     security_opt:
       - no-new-privileges=true
     volumes:
-      # - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
-      - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG
-      - ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB
-      - ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata/logs:/var/log/audiobookself:ro # Audiobookshelf
+      - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
+      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
+      - ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml
+      - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro
       - crowdsec-config:/etc/crowdsec
       - crowdsec-db:/var/lib/crowdsec/data
-      - /var/log/journal:/var/log/host/journal:ro
-      - /var/log/auth.log:/var/log/host/auth.log:ro
+      - /var/log/journal:/var/log/host:ro
   crowdsec-dashboard:
     container_name: crowdsec-dashboard
     depends_on:
@@ -805,7 +763,11 @@ services:
       - 8908:3000
     restart: always
     volumes:
-      - crowdsec-db:/data/
+      - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
+      - source: crowdsec-db
+        target: /data/
+        type: volume
+        volume: {}
   cyber-chef:
     container_name: cyber-chef
     image: mpepping/cyberchef:latest
@@ -883,7 +845,7 @@ services:
     entrypoint: web-entrypoint.sh
     environment:
       RAILS_ENV: development
-      REDIS_URL: redis://redis:6379
+      REDIS_URL: redis://redis:6379/
       DATABASE_HOST: dawarich-pg-db
       DATABASE_USERNAME: dawarich
       DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -906,7 +868,7 @@ services:
       timeout: 10s
     image: freikin/dawarich:latest
     labels:
-      homepage.group: Privacy/Security
+      homepage.group: Personal/Professional Services
       homepage.name: Dawarich
       homepage.href: https://loc.${MY_TLD}
       homepage.icon: dawarich.svg
@@ -935,7 +897,7 @@ services:
       POSTGRES_USER: dawarich
       POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD}
     healthcheck:
-      test: [ "CMD-SHELL", "pg_isready -U dawarich -d dawarich" ]
+      test: [ "CMD-SHELL", "pg_isready -U postgres -d dawarich_development" ]
       interval: 10s
       retries: 5
       start_period: 30s
@@ -967,7 +929,7 @@ services:
     entrypoint: sidekiq-entrypoint.sh
     environment:
       RAILS_ENV: development
-      REDIS_URL: redis://redis:6379
+      REDIS_URL: redis://redis:6379/
       DATABASE_HOST: dawarich-pg-db
       DATABASE_USERNAME: dawarich
       DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
@@ -1164,7 +1126,7 @@ services:
     container_name: excalidraw
     image: 'excalidraw/excalidraw:latest'
     labels:
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: Excalidraw
       homepage.href: https://draw.${MY_TLD}
       homepage.icon: excalidraw.svg
@@ -1300,7 +1262,7 @@ services:
       TIMEZONE: ${TZ}
     image: tiredofit/freescout:latest
     labels:
-      homepage.group: Professional Services
+      homepage.group: Personal/Professional Services
       homepage.name: FreeScout
       homepage.icon: sh-freescout.svg
       homepage.href: https://support.${MY_TLD}
@@ -1385,10 +1347,6 @@ services:
       GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
     image: gitea/gitea:1.24.0
     labels:
-      cloudflare.tunnel.enable: true
-      cloudflare.tunnel.hostname: git-ssh.trez.wtf
-      cloudflare.tunnel.service: http://gitea:22
-      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Code/DevOps
       homepage.name: Gitea
       homepage.href: https://git.${MY_TLD}
@@ -1437,7 +1395,9 @@ services:
     healthcheck:
       interval: 10s
       start_period: 20s
-      test: ["CMD-SHELL", "pg_isready -U gitea -d gitea"]
+      test:
+        - CMD-SHELL
+        - pg_isready
     image: postgres:14
     networks:
       default: null
@@ -1461,7 +1421,6 @@ services:
     image: gitea/act_runner:latest
     ports:
       - 63604:63604
-    profiles: ["ci-exclude"]
     restart: always
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml
@@ -1706,7 +1665,7 @@ services:
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://it-services.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Professional Services
+      homepage.group: Personal/Professional Services
       homepage.name: Hugo
       homepage.href: https://it-services.${MY_TLD}
       homepage.icon: hugo.svg
@@ -2046,7 +2005,7 @@ services:
       swag_url: biz.${MY_TLD}
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
-      homepage.group: Professional Services
+      homepage.group: Personal/Professional Services
       homepage.name: Invoice Ninja
       homepage.href: https://biz.${MY_TLD}
       homepage.icon: invoice-ninja.svg
@@ -2655,7 +2614,7 @@ services:
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://meet.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Professional Services
+      homepage.group: Social
       homepage.name: Jitsi
       homepage.href: https://meet.${MY_TLD}
       homepage.icon: jitsi.png
@@ -2726,7 +2685,7 @@ services:
       POSTGRES_HOST: joplin-db
     image: joplin/server:latest
     labels:
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: Joplin
       homepage.href: https://notes.${MY_TLD}
       homepage.icon: joplin.svg
@@ -2741,36 +2700,6 @@ services:
     ports:
       - 22300:22300
     restart: unless-stopped
-  karakeep:
-    container_name: karakeep
-    image: ghcr.io/karakeep-app/karakeep:release
-    environment:
-      BROWSER_WEB_URL: http://chrome:9222
-      DATA_DIR: /data
-      INFERENCE_TEXT_MODEL: llama3.3:latest
-      INFERENCE_IMAGE_MODEL: llava:latest
-      MEILI_ADDR: http://meilisearch:7700
-      NEXTAUTH_SECRET: ${KARAKEEP_NEXTAUTH_SECRET}
-      NEXTAUTH_URL: https://kkeep.${MY_TLD}
-      OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
-      OLLAMA_BASE_URL: http://ollama:11434
-    labels:
-      homepage.group: Lifestyle
-      homepage.name: Karakeep
-      homepage.href: https://kkeep.${MY_TLD}
-      homepage.icon: karakeep-dark.svg
-      homepage.description: Self-hosted bookmark-everything app with a touch of AI for data hoarders
-      swag: enable
-      swag_url: kkeep.${MY_TLD}
-      swag_port: 3000
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://notes.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-    ports:
-      - 24977:3000
-    restart: unless-stopped
-    volumes:
-      - karakeep-data:/data
   languagetool:
     container_name: languagetool
     environment:
@@ -2797,7 +2726,7 @@ services:
       RAG_API_URL: http://librechat-rag-api:8000
     image: ghcr.io/danny-avila/librechat-dev:latest
     labels:
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: LibreChat
       homepage.href: https://ai.${MY_TLD}
       homepage.icon: sh-librechat.svg
@@ -3233,12 +3162,10 @@ services:
       - 8080
     image: getmaxun/maxun-backend:latest
     mem_limit: 2g   # Set a 2GB memory limit
-    ports:
-      - 8369:8080
-    restart: unless-stopped
     security_opt:
       - seccomp=unconfined  # This might help with browser sandbox issues
     shm_size: '2gb' # Increase shared memory size for Chromium
+    restart: unless-stopped
     volumes:
       - /var/run/dbus:/var/run/dbus
   maxun-frontend:
@@ -3252,14 +3179,10 @@ services:
       swag_proto: http
       swag_port: 5173
       swag_url: scrape.${MY_TLD}
-      swag_server_custom_directive:
-        location /api {
-              proxy_pass http://maxun-backend:8080;
-        }
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://scrape.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: Maxun
       homepage.href: https://scrape.${MY_TLD}
       homepage.icon: sh-maxun.svg
@@ -3290,9 +3213,7 @@ services:
       MEILI_HOST: http://meilisearch:7700
       MEILI_NO_ANALYTICS: true
       MEILI_MASTER_KEY: ${MEILISEARCH_MASTER_KEY}
-    image: getmeili/meilisearch:v1.13.3
-    ports:
-      - 7700:7700
+    image: getmeili/meilisearch:v1.12.3
     restart: always
     user: ${PUID}:${PGID}
     volumes:
@@ -3521,11 +3442,6 @@ services:
       PORT: 20211
     image: jokobsk/netalertx:latest
     labels:
-      cloudflare.tunnel.enable: true
-      cloudflare.tunnel.hostname: net.trez.wtf
-      cloudflare.tunnel.service: http://192.168.1.254:20211
-      cloudflare.tunnel.zonename: trez.wtf
-      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: NetAlertX
       homepage.href: http://192.168.1.254:20211
@@ -3557,7 +3473,7 @@ services:
       - 11000
     image: nextcloud/all-in-one:latest
     labels:
-      homepage.group: Privacy/Security
+      homepage.group: Personal/Professional Services
       homepage.name: NextCloud
       homepage.href: https://cloud.${MY_TLD}
       homepage.icon: nextcloud.svg
@@ -3634,7 +3550,7 @@ services:
     container_name: omni-tools
     image: iib0011/omni-tools:latest
     labels:
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: OmniTools
       homepage.href: https://otools.${MY_TLD}
       homepage.icon: sh-omnitools.svg
@@ -3667,7 +3583,7 @@ services:
       - 80
     image: kweg/omnipoly:latest
     labels:
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: OmniPoly
       homepage.href: https://translate.${MY_TLD}
       homepage.icon: sh-omnipoly.svg
@@ -3708,7 +3624,7 @@ services:
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://docs.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.name: Paperless-ngx
       homepage.href: https://docs.${MY_TLD}
       homepage.icon: paperless-ngx.svg
@@ -3777,81 +3693,6 @@ services:
     restart: unless-stopped
     volumes:
       - pgbackweb-data:/var/lib/postgresql/data
-  planka:
-    container_name: planka
-    depends_on:
-      planka-pg-db:
-        condition: service_healthy
-    environment:
-      BASE_URL: https://kanban.${MY_TLD}
-      DATABASE_URL: postgresql://planka:${PLANKA_PG_PASSWORD}@planka-pg-db/planka
-      SECRET_KEY: ${PLANKA_SECRET_KEY}
-      LOG_LEVEL: warn
-      TRUST_PROXY: true
-      TOKEN_EXPIRES_IN: 365 # In days
-      # KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE: false
-      DEFAULT_LANGUAGE: en-US
-      DEFAULT_ADMIN_EMAIL: noreply@${MY_TLD}
-      DEFAULT_ADMIN_PASSWORD: ${PLANKA_ADMIN_PASSWORD}
-      DEFAULT_ADMIN_NAME: Planka Rinoa
-      DEFAULT_ADMIN_USERNAME: admin
-      S3_ENDPOINT: http://minio:9000
-      S3_REGION: us-east-fh-pln
-      S3_ACCESS_KEY_ID: ${PLANKA_MINIO_ACCESS_KEY}
-      S3_SECRET_ACCESS_KEY: ${PLANKA_MINIO_SECRET_KEY}
-      S3_BUCKET: planka
-      S3_FORCE_PATH_STYLE: true
-      SMTP_HOST: postal-smtp
-      SMTP_PORT: 25
-      SMTP_NAME: noreply@${MY_TLD}
-      SMTP_SECURE: true
-      SMTP_USER: ${POSTAL_SMTP_AUTH_USER}
-      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
-      SMTP_FROM: '"Planka @ Rinoa" <noreply@${MY_TLD}>'
-      SMTP_TLS_REJECT_UNAUTHORIZED: false
-    image: ghcr.io/plankanban/planka:2.0.0-rc.3
-    labels:
-      homepage.group: Professional Services
-      homepage.name: Planka
-      homepage.href: https://kanban.${MY_TLD}
-      homepage.icon: planka.svg
-      homepage.description: Kanban board
-      swag: enable
-      swag_url: kanban.${MY_TLD}
-      swag_address: planka
-      # swag_server_custom_directive:
-      #   location ~* \.io {
-      #       proxy_pass http://planka:1337;
-      #   }
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://kanban.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-    ports:
-      - 54476:1337
-    restart: on-failure
-    volumes:
-      - planka-favicons:/app/public/favicons
-      - planka-user-avatars:/app/public/user-avatars
-      - planka-background-images:/app/public/background-images
-      - planka-attachments:/app/private/attachments
-  planka-pg-db:
-    container_name: planka-pg-db
-    environment:
-      POSTGRES_DB: planka
-      POSTGRES_USER: planka
-      POSTGRES_PASSWORD: ${PLANKA_PG_PASSWORD}
-      POSTGRES_HOST_AUTH_METHOD: trust
-    expose:
-      - 5432
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U planka -d planka"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    image: postgres:16-alpine
-    restart: on-failure
-    volumes:
-      - planka-db-data:/var/lib/postgresql/data
   plantuml-server:
     container_name: plantuml-server
     expose:
@@ -4077,12 +3918,12 @@ services:
       homepage.group: Downloaders
       homepage.name: qBittorrent
       homepage.href: https://qbit.${MY_TLD}
-      homepage.icon: qbittorrent.svg
-      homepage.description: Fast and stable torrent client
+      homepage.icon: qBittorrent.svg
+      homepage.description: qbittorrentvpn over VPN
       homepage.widget.type: qbittorrent
       homepage.widget.url: http://qbittorrentvpn:8080
       homepage.widget.user: admin
-      homepage.widget.password: ${DELUGEVPN_PASSWORD}
+      homepage.widget.password: "${DELUGEVPN_PASSWORD}"
       swag: enable
       swag_port: 8080
       swag_proto: http
@@ -4224,7 +4065,7 @@ services:
       TZ: ${TZ}
     image: amruthpillai/reactive-resume:latest
     labels:
-      homepage.group: Professional Services
+      homepage.group: Personal/Professional Services
       homepage.name: Reactive Resume
       homepage.href: https://resume.${MY_TLD}
       homepage.icon: reactive-resume.svg
@@ -4564,14 +4405,9 @@ services:
       - "/dev/sdf:/dev/sdf:rwm"
     image: ghcr.io/analogj/scrutiny:master-omnibus
     labels:
-      cloudflare.tunnel.enable: true
-      cloudflare.tunnel.hostname: smartd.trez.wtf
-      cloudflare.tunnel.service: http://scrutiny:8080
-      cloudflare.tunnel.zonename: trez.wtf
-      cloudflare.tunnel.no_tls_verify: true
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: Scrutiny
-      homepage.href: https://smartd.trez.wtf
+      homepage.href: http://192.168.1.254:8909
       homepage.icon: scrutiny.png
       homepage.description: WebUI for smartd S.M.A.R.T monitoring
       homepage.widget.type: scrutiny
@@ -4611,7 +4447,7 @@ services:
       SEARXNG_BASE_URL: https://search.${MY_TLD}
     image: searxng/searxng:latest
     labels:
-      homepage.group: Privacy/Security
+      homepage.group: Personal/Professional Services
       homepage.name: SearxNG
       homepage.href: https://search.${MY_TLD}
       homepage.icon: searxng.png
@@ -4678,6 +4514,57 @@ services:
       - semaphore_config:/etc/semaphore
       - semaphore_data:/var/lib/semaphore
       - semaphore_tmp:/tmp/semaphore
+  signoz-init-clickhouse:
+    <<: *signoz-common
+    container_name: signoz-init-clickhouse
+    command:
+      - bash
+      - -c
+      - |
+        version="v0.0.1"
+        node_os=$$(uname -s | tr '[:upper:]' '[:lower:]')
+        node_arch=$$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
+        echo "Fetching histogram-binary for $${node_os}/$${node_arch}"
+        cd /tmp
+        wget -O histogram-quantile.tar.gz "https://github.com/SigNoz/signoz/releases/download/histogram-quantile%2F$${version}/histogram-quantile_$${node_os}_$${node_arch}.tar.gz"
+        tar -xvzf histogram-quantile.tar.gz
+        mv histogram-quantile /var/lib/clickhouse/user_scripts/histogramQuantile
+    image: clickhouse/clickhouse-server:24.1.2-alpine
+    restart: on-failure
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
+  signoz-zookeeper-1:
+    <<: *signoz-zookeeper-defaults
+    container_name: signoz-zookeeper-1
+    environment:
+      ZOO_SERVER_ID: 1
+      ALLOW_ANONYMOUS_LOGIN: yes
+      ZOO_AUTOPURGE_INTERVAL: 1
+      ZOO_ENABLE_PROMETHEUS_METRICS: yes
+      ZOO_PROMETHEUS_METRICS_PORT_NUMBER: 9141
+    # ports:
+    #   - "2181:2181"
+    #   - "2888:2888"
+    #   - "3888:3888"
+    volumes:
+      - signoz-zookeeper-1:/bitnami/zookeeper
+  signoz-clickhouse:
+    <<: *signoz-clickhouse-defaults
+    container_name: signoz-clickhouse
+    expose:
+      - 9000
+    ports:
+    #   - "9000:9000"
+      - "8123:8123"
+      - "9181:9181"
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
+      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
+      - signoz-clickhouse:/var/lib/clickhouse/
+      # - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz-app:
     <<: *signoz-db-depend
     container_name: signoz-app
@@ -4723,56 +4610,6 @@ services:
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/prometheus.yml:/root/config/prometheus.yml
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/dashboards:/root/config/dashboards
       - signoz-sqlite:/var/lib/signoz/
-  signoz-clickhouse:
-    <<: *signoz-clickhouse-defaults
-    container_name: signoz-clickhouse
-    expose:
-      - 9000
-    ports:
-    #   - "9000:9000"
-      - "8123:8123"
-      - "9181:9181"
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
-      - signoz-clickhouse:/var/lib/clickhouse/
-      # - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
-  signoz-init-clickhouse:
-    <<: *signoz-common
-    container_name: signoz-init-clickhouse
-    command:
-      - bash
-      - -c
-      - |
-        version="v0.0.1"
-        node_os=$$(uname -s | tr '[:upper:]' '[:lower:]')
-        node_arch=$$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
-        echo "Fetching histogram-binary for $${node_os}/$${node_arch}"
-        cd /tmp
-        wget -O histogram-quantile.tar.gz "https://github.com/SigNoz/signoz/releases/download/histogram-quantile%2F$${version}/histogram-quantile_$${node_os}_$${node_arch}.tar.gz"
-        tar -xvzf histogram-quantile.tar.gz
-        mv histogram-quantile /var/lib/clickhouse/user_scripts/histogramQuantile
-    image: clickhouse/clickhouse-server:24.1.2-alpine
-    restart: on-failure
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
-  signoz-logspout:
-    command: signoz://signoz-otel-collector:8082
-    container_name: signoz-logspout
-    depends_on:
-      signoz-otel-collector:
-        required: true
-        condition: service_started
-    environment:
-      ENV: prod
-      SIGNOZ_LOG_ENDPOINT: http://signoz-otel-collector:8082
-    image: pavanputhra/logspout-signoz
-    restart: unless-stopped
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
   signoz-otel-collector:
     <<: *signoz-db-depend
     container_name: signoz-otel-collector
@@ -4792,23 +4629,13 @@ services:
       # - "1777:1777"     # pprof extension
       - "4317:4317" # OTLP gRPC receiver
       - "4318:4318" # OTLP HTTP receiver
-      - 8082:8082 # Logspout collection (https://signoz.io/blog/logspout-signoz-setup/)
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-config.yaml:/etc/otel-collector-config.yaml
       - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
-  signoz-schema-migrator-async:
-    <<: *signoz-db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
-    container_name: signoz-schema-migrator-async
-    command:
-      - async
-      - --dsn=tcp://signoz-clickhouse:9000
-      - --up=
-    restart: on-failure
   signoz-schema-migrator-sync:
     <<: *signoz-common
     image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
-    container_name: signoz-schema-migrator-sync
+    container_name: schema-migrator-sync
     command:
       - sync
       - --dsn=tcp://signoz-clickhouse:9000
@@ -4817,21 +4644,15 @@ services:
       signoz-clickhouse:
         condition: service_healthy
     restart: on-failure
-  signoz-zookeeper-1:
-    <<: *signoz-zookeeper-defaults
-    container_name: signoz-zookeeper-1
-    environment:
-      ZOO_SERVER_ID: 1
-      ALLOW_ANONYMOUS_LOGIN: yes
-      ZOO_AUTOPURGE_INTERVAL: 1
-      ZOO_ENABLE_PROMETHEUS_METRICS: yes
-      ZOO_PROMETHEUS_METRICS_PORT_NUMBER: 9141
-    # ports:
-    #   - "2181:2181"
-    #   - "2888:2888"
-    #   - "3888:3888"
-    volumes:
-      - signoz-zookeeper-1:/bitnami/zookeeper
+  signoz-schema-migrator-async:
+    <<: *signoz-db-depend
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.42}
+    container_name: schema-migrator-async
+    command:
+      - async
+      - --dsn=tcp://signoz-clickhouse:9000
+      - --up=
+    restart: on-failure
   sonarqube:
     container_name: sonarqube
     depends_on:
@@ -4881,7 +4702,7 @@ services:
       POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD}
       POSTGRES_DB: sonar
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U sonar -d sonar"]
+      test: ["CMD-SHELL", "pg_isready"]
       interval: 10s
       timeout: 5s
       retries: 5
@@ -5019,7 +4840,7 @@ services:
       - CLI_ARGS=--allow-code --medvram --xformers --enable-insecure-extension-access --api
     labels:
       homepage.name: Stable-Diffusion WebUI
-      homepage.group: Personal Tools
+      homepage.group: Personal/Professional Services
       homepage.description: Deep learning, text-to-image model
       homepage.href: https://sd.${MY_TLD}
       homepage.icon: /icons/stable-diffusion.png
@@ -5049,7 +4870,7 @@ services:
     image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
     labels:
       homepage.name: Stirling-PDF
-      homepage.group: Professional Services
+      homepage.group: Personal/Professional Services
       homepage.description: PDF Operations
       homepage.href: https://pdf.${MY_TLD}
       homepage.icon: stirling-pdf.svg
@@ -5084,9 +4905,9 @@ services:
       TZ: America/New_York
       URL: trez.wtf
       VALIDATION: dns
-      CROWDSEC_API_KEY: ${CROWDSEC_SWAG_API_KEY}
+      CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
       CROWDSEC_LAPI_URL: http://crowdsec:8080
-      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec #|ghcr.io/trezone/swag-auto-uptime-kuma:a443b8542f7d033fb99d2dde3782497534bd7508 #linuxserver/mods:swag-auto-uptime-kuma
+      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install #|ghcr.io/linuxserver/mods:swag-crowdsec#|linuxserver/mods:swag-auto-uptime-kuma
       INSTALL_PACKAGES: nginx-mod-http-js
       PROPAGATION: 30
       UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
@@ -5112,7 +4933,7 @@ services:
       homepage.widget.url: http://swag:81
     networks:
       - default
-      # - nextcloud-aio
+      - nextcloud-aio
     ports:
       - 443:443
       - 80:80
@@ -5122,9 +4943,6 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - ${DOCKER_VOLUME_CONFIG}/swag:/config
       - ${DOCKER_VOLUME_CONFIG}/sablier/sablier.js:/etc/nginx/conf.d/sablier.js
-      # - ${DOCKER_VOLUME_CONFIG}/swag/otel_ngx_module.so:/usr/lib/nginx/modules/otel_ngx_module.so
-      # - ${DOCKER_VOLUME_CONFIG}/swag/30_http_otel.conf:/etc/nginx/modules/30_http_otel.conf
-      # - ${DOCKER_VOLUME_CONFIG}/swag/opentelemetry_config.toml:/etc/nginx/opentelemetry_config.toml
       - /rinoa-storage:/storage
       - /var/run/docker.sock:/var/run/docker.sock:ro
   tandoor:
@@ -5314,6 +5132,65 @@ services:
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
       - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
+  wallabag:
+    container_name: wallabag
+    depends_on:
+      mariadb:
+        condition: service_started
+        required: true
+        restart: true
+      redis:
+        condition: service_started
+        required: true
+    environment:
+      SYMFONY__ENV__DATABASE_DRIVER: pdo_mysql
+      SYMFONY__ENV__DATABASE_HOST: mariadb
+      SYMFONY__ENV__DATABASE_PORT: 3306
+      SYMFONY__ENV__DATABASE_NAME: ${WALLABAG_DB}
+      SYMFONY__ENV__DATABASE_USER: ${WALLABAG_DB}
+      SYMFONY__ENV__DATABASE_PASSWORD: ${WALLABAG_DB_PASSWORD}
+      SYMFONY__ENV__DATABASE_CHARSET: utf8
+      SYMFONY__ENV__DATABASE_TABLE_PREFIX: "wallabag_"
+      SYMFONY__ENV__MAILER_DSN: smtp://postal-smtp
+      SYMFONY__ENV__FROM_EMAIL: noreply@trez.wtf
+      SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${MY_TLD}
+      SYMFONY__ENV__SERVER_NAME: "Wallabag @ Rinoa"
+      SYMFONY__ENV__REDIS_HOST: redis
+      SYMFONY__ENV__REDIS_PORT: 6379
+    healthcheck:
+      interval: 1m
+      test:
+        - CMD
+        - wget
+        - --no-verbose
+        - --tries=1
+        - --spider
+        - http://localhost
+      timeout: 3s
+    image: wallabag/wallabag
+    labels:
+      swag: enable
+      swag_address: wallabag
+      swag_proto: http
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://wallabag.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+      homepage.group: Lifestyle
+      homepage.name: Wallabag
+      homepage.href: https://wallabag.${MY_TLD}
+      homepage.icon: wallabag.png
+      homepage.description: Knowledge Store
+    networks:
+      default: null
+    ports:
+      - 32768:80
+    restart: unless-stopped
+    volumes:
+      - source: ${DOCKER_VOLUME_CONFIG}/wallabag/images
+        target: /var/www/wallabag/web/assets/images
+        type: bind
+        bind:
+          create_host_path: true
   wallos:
     container_name: wallos
     environment:
@@ -5609,8 +5486,6 @@ volumes:
     name: jitsi-web-admin-upload
   joplin_data:
     name: joplin_data
-  karakeep-data:
-    name: karakeep-data
   linkstack_data:
     name: linkstack_data
   librechat-pg-data:
@@ -5645,16 +5520,6 @@ volumes:
     name: paperless-ngx-pg
   pgbackweb-data:
     name: pgbackweb-data
-  planka-favicons:
-    name: planka-favicons
-  planka-user-avatars:
-    name: planka-user-avatars
-  planka-background-images:
-    name: planka-background-images
-  planka-attachments:
-    name: planka-attachments
-  planka-db-data:
-    name: planka-db-data
   portainer-data:
     name: portainer-data
   portnote-db-data: