Merge remote-tracking branch 'refs/remotes/origin/main'

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -1,10 +1,8 @@
 name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
 on:
   push:
-    branches:
-      - '**'
-    paths:
-      - 'docker-compose.yml'
+    branches-ignore:
+      - 'main'
 jobs:
   check-and-create-pr:
     if: github.ref != 'refs/heads/main'

README.md

@@ -6,6 +6,7 @@
 | --- | --- |
 | actual_server | docker.io/actualbudget/actual-server:latest |
 | adguard | adguard/adguardhome:latest |
+| archivebox | archivebox/archivebox:latest |
 | audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
 | authelia | authelia/authelia:master |
 | authelia-pg | postgres:16-alpine |
@@ -37,6 +38,7 @@
 | dbgate | dbgate/dbgate:alpine |
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
+| docker-volume-backup | offen/docker-volume-backup:v2 |
 | docuseal | docuseal/docuseal:latest |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
@@ -88,6 +90,7 @@
 | mastodon-pg-db | postgres:17-alpine |
 | meilisearch | getmeili/meilisearch:v1.12.3 |
 | minio | minio/minio |
+| mixpost | inovector/mixpost:latest |
 | mongodb | bitnami/mongodb:7.0 |
 | multi-scrobbler | foxxmd/multi-scrobbler |
 | n8n | docker.n8n.io/n8nio/n8n |
@@ -141,6 +144,8 @@
 | sourcebot | ghcr.io/sourcebot-dev/sourcebot:latest |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
 | spotisub | blastbeng/spotisub:latest |
+| stable-diffusion-download | git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0 |
+| stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.0 |
 | swag | lscr.io/linuxserver/swag:latest |
 | tandoor | vabene1111/recipes |
 | tandoor-pg | postgres:16-alpine |

ansible/app-configs/homepage_settings.yaml.j2

@@ -26,7 +26,7 @@ layout:
     columns: 5
   Infrastructure/App Performance Monitoring:
     style: row
-    columns: 4
+    columns: 3
   Code/DevOps:
     style: row
     columns: 4
@@ -44,7 +44,7 @@ layout:
     columns: 3
   Personal Services:
     style: row
-    columns: 3
+    columns: 4
   Professional Services:
     style: row
     columns: 5

ansible/app-configs/librechat_librechat.env.j2

@@ -226,8 +226,8 @@ DEBUG_OPENAI=false
 
 # DEBUG_PLUGINS=
 
-# CREDS_KEY=
-# CREDS_IV=
+CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }}
+CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }}
 
 # Azure AI Search
 #-----------------
@@ -273,7 +273,7 @@ SERPAPI_API_KEY=
 
 # Stable Diffusion
 #-----------------
-# SD_WEBUI_URL=http://host.docker.internal:7860
+SD_WEBUI_URL=http://stable-diffusion-webui:7860
 
 # Tavily
 #-----------------

ansible/app-configs/librechat_librechat.yaml.j2

@@ -1,11 +1,12 @@
+version: 1.0.0
 endpoints:
   custom:
-    - name: "Ollama"
+    - name: "ollama"
       apiKey: "ollama"
       baseURL: "http://ollama:11434/v1/chat/completions"
       models:
         default: [
-          "deepseek-r1"
+          "deepseek-r1",
           "deepseek-coder-v2",
           "deepseek-v3",
           "llama3.3",

ansible/app-configs/postal_postal.yml.j2

@@ -30,6 +30,9 @@ message_db:
 smtp_server:
   default_port: 25
   default_bind_address: "::"
+  tls_enabled: true
+  tls_certificate_path: /config/certs/fullchain.pem
+  tls_private_key_path: /config/certs/privkey.pem
 
 dns:
   # Specify the DNS records that you have configured. Refer to the documentation at

docker-compose.yml

@@ -102,6 +102,36 @@ services:
         type: bind
         bind:
           create_host_path: true
+  archivebox:
+    container_name: archivebox
+    environment:
+      ADMIN_USERNAME: admin            # creates an admin user on first run with the given user/pass combo
+      ADMIN_PASSWORD: ${ARCHIVEBOX_ADMIN_PASSWORD}
+      ALLOWED_HOSTS: '*'                   # set this to the hostname(s) you're going to serve the site from!
+      CSRF_TRUSTED_ORIGINS: http://localhost:8000  # you MUST set this to the server's URL for admin login and the REST API to work
+      PUBLIC_INDEX: false                 # set to False to prevent anonymous users from viewing snapshot list
+      PUBLIC_SNAPSHOTS: false             # set to False to prevent anonymous users from viewing snapshot content
+      PUBLIC_ADD_VIEW: false             # set to True to allow anonymous users to submit new URLs to archive
+      SEARCH_BACKEND_ENGINE: ripgrep       # tells ArchiveBox to use sonic container below for fast full-text search
+    image: archivebox/archivebox:latest
+    labels:
+      homepage.group: Personal Services
+      homepage.name: ArchiveBox
+      homepage.href: https://archive.${MY_TLD}
+      homepage.icon: archivebox.png
+      homepage.description: Open-source and self-hosted web archiving
+      swag: enable
+      swag_port: 8000
+      swag_proto: http
+      swag_url: archive.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://archive.${MY_TLD}
+    ports:
+      - 21324:8000
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/archivebox:/data
+      # ./data/personas/Default/chrome_profile/Default:/data/personas/Default/chrome_profile/Default
   audiobookshelf:
     container_name: audiobookshelf
     environment:
@@ -812,7 +842,7 @@ services:
       swag_proto: http
       swag_url: cchef.trez.wtf
       swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://gist.trez.wtf
+      swag.uptime-kuma.monitor.url: https://cchef.trez.wtf
     ports:
       - 20992:8000
     restart: unless-stopped
@@ -985,8 +1015,7 @@ services:
   dbgate:
     container_name: dbgate
     environment:
-      CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,mariadb,mastodon-pg-db,mongodb,pgbackweb,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,traccar-pg,zitadel-pg-db
-
+      CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,mariadb,mastodon-pg-db,mongodb,peppermint-db,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,redis
       LOGIN: TrezOne
       PASSWORD: ${DBGATE_LOGIN_PASSWORD}
 
@@ -1054,6 +1083,13 @@ services:
       # URI_mongodb: mongodb://root:${MONGO_INITDB_ROOT_PASSWORD}@mongodb:27017/admin?replicaSet=rinoa
       ENGINE_mongodb: mongo@dbgate-plugin-mongo-v2
 
+      LABEL_peppermint-db: peppermint-pg-db
+      SERVER_peppermint-db: peppermint-pg-db
+      USER_peppermint-db: peppermint
+      PASSWORD_peppermint-db: ${PEPPERMINT_PG_PASSWORD}
+      PORT_peppermint-db: 5432
+      ENGINE_peppermint-db: postgres@dbgate-plugin-postgres
+
       LABEL_pgbackweb-db: pgbackweb-db
       SERVER_pgbackweb-db: pgbackweb-db
       USER_pgbackweb-db: pgbackweb
@@ -1089,19 +1125,10 @@ services:
       PORT_tandoor-pg: 5432
       ENGINE_tandoor-pg: postgres@dbgate-plugin-postgres
 
-      LABEL_traccar-pg: traccar-pg
-      SERVER_traccar-pg: traccar-pg
-      USER_traccar-pg: ${TRACCAR_POSTGRES_USER}
-      PASSWORD_traccar-pg: ${TRACCAR_POSTGRES_PASSWORD}
-      PORT_traccar-pg: 5432
-      ENGINE_traccar-pg: postgres@dbgate-plugin-postgres
-
-      LABEL_zitadel-pg-db: zitadel-pg-db
-      SERVER_zitadel-pg-db: zitadel-pg-db
-      USER_zitadel-pg-db: root
-      PASSWORD_zitadel-pg-db: ${ZITADEL_DB_ADMIN_PASSWORD}
-      PORT_zitadel-pg-db: 5432
-      ENGINE_zitadel-pg-db: postgres@dbgate-plugin-postgres
+      LABEL_redis: redis
+      SERVER_redis: redis
+      PORT_redis: 6379
+      ENGINE_redis: redis@dbgate-plugin-redis
     image: dbgate/dbgate:alpine
     labels:
       homepage.group: System Administration
@@ -1225,6 +1252,22 @@ services:
         source: /var/run/docker.sock
         target: /var/run/docker.sock
         type: bind
+  docker-volume-backup:
+    container_name: docker-volume-backup
+    image: offen/docker-volume-backup:v2
+    environment:
+      BACKUP_ARCHIVE: /archive
+      BACKUP_CRON_EXPRESSION: '@weekly'
+      BACKUP_COMPRESSION: zst
+      BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}
+      BACKUP_FILENAME_EXPAND: true
+      BACKUP_RETENTION_DAYS: 14
+      DOCKER_HOST: tcp://dockerproxy:2375
+      NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN}
+    restart: always
+    volumes:
+      - docker-volume-bkup-data:/backup/my-app-backup:ro
+      - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
   docuseal:
     container_name: docuseal
     image: docuseal/docuseal:latest
@@ -2763,12 +2806,25 @@ services:
       - mongodb
       - librechat-rag-api
     environment:
+      CONFIG_PATH: /app/librechat.yaml
       HOST: 0.0.0.0
-      MONGO_URI: mongodb://librechat:${LIBRECHAT_MONGODB_PASSWORD}:27017/librechat?replicaSet=rinoa
+      MONGO_URI: mongodb://librechat:${LIBRECHAT_MONGODB_PASSWORD}@mongodb:27017/librechat?replicaSet=rinoa
       MEILI_HOST: http://meilisearch:7700
       RAG_PORT: 8000
       RAG_API_URL: http://librechat-rag-api:8000
     image: ghcr.io/danny-avila/librechat-dev:latest
+    labels:
+      homepage.group: Personal Services
+      homepage.name: LibreChat
+      homepage.href: https://ai.${MY_TLD}
+      homepage.icon: sh-librechat.svg
+      homepage.description: Local AI chat
+      swag: enable
+      swag_port: 3080
+      swag_proto: http
+      swag_url: ai.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://ai.${MY_TLD}
     ports:
       - 3080:3080
     restart: always
@@ -2785,6 +2841,8 @@ services:
       POSTGRES_DB: librechat
       POSTGRES_USER: librechat
       POSTGRES_PASSWORD: ${LIBRECHAT_PG_DB_PASSWD}
+    expose:
+      - 5432
     image: ankane/pgvector:latest
     restart: always
     volumes:
@@ -2795,11 +2853,14 @@ services:
       - librechat-vectordb
     environment:
       DB_HOST: librechat-vectordb
+      POSTGRES_DB: librechat
+      POSTGRES_USER: librechat
+      POSTGRES_PASSWORD: ${LIBRECHAT_PG_DB_PASSWD}
       RAG_PORT: 8000
     image: ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest
     restart: always
-    env_file:
-      - ${DOCKER_VOLUME_CONFIG}/librechat/librechat.env
+    # env_file:
+    #   - ${DOCKER_VOLUME_CONFIG}/librechat/librechat.env
   libretranslate:
     container_name: libretranslate
     # command: --ssl --ga-id MY-GA-ID --req-limit 100 --char-limit 500
@@ -3104,6 +3165,10 @@ services:
       SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
       SMTP_FROM_ADDRESS: noreply@trez.wtf
       S3_ENABLED: true
+      S3_ENDPOINT: http://minio:9000
+      S3_REGION: us-east-fh-pln
+      S3_HOST: s3.trez.wtf
+      S3_PROTOCOL: https
       S3_BUCKET: mastodon
       AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY}
       AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY}
@@ -3198,6 +3263,42 @@ services:
         type: bind
         bind:
           create_host_path: true
+  mixpost:
+    container_name: mixpost
+    image: inovector/mixpost:latest
+    depends_on:
+      - mariadb
+      - redis
+    environment:
+      APP_NAME: Mixpost
+      APP_KEY: ${MIXPOST_APP_KEY}
+      APP_DEBUG: true
+      APP_DOMAIN: social.trez.wtf
+      APP_URL: https://social.trez.wtf
+      DB_HOST: mariadb
+      DB_DATABASE: mixpost
+      DB_USERNAME: mixpost
+      DB_PASSWORD: ${MIXPOST_DB_PASSWORD}
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+    labels:
+      swag: enable
+      swag_port: 80
+      swag_proto: http
+      swag_url: social.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://social.${MY_TLD}
+      homepage.group: Social
+      homepage.name: Mixpost
+      homepage.href: https://social.${MY_TLD}
+      homepage.icon: mixpost.svg
+      homepage.description: Multi-channel social media manager
+    ports:
+      - 61757:80
+    restart: unless-stopped
+    volumes:
+        - mixpost-storage:/var/www/html/storage/app
+        - mixpost-logs:/var/www/html/storage/logs
   mongodb:
     container_name: mongodb
     environment:
@@ -3636,10 +3737,11 @@ services:
       swag_proto: http
       swag_port: 8000
       swag_url: logs.${MY_TLD}
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
     ports:
       - 14453:8000
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
   peppermint:
     container_name: peppermint
     depends_on:
@@ -3871,11 +3973,8 @@ services:
       - 25:25
     restart: unless-stopped
     volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/postal
-        target: /config
-        type: bind
-        bind:
-          create_host_path: true
+      - ${DOCKER_VOLUME_CONFIG}/postal:/config
+      - ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/live/trez.wtf:/config/certs
   postal-web:
     command: postal web-server
     container_name: postal-web
@@ -4761,7 +4860,7 @@ services:
         SPEEDTEST_SCHEDULE: 15 */3 * * *
     labels:
       homepage.name: Speedtest Tracker
-      homepage.group: System Administration
+      homepage.group: Infrastructure/App Performance Monitoring
       homepage.description: Self-hosted internet performance tracking
       homepage.href: https://speed.${MY_TLD}
       homepage.icon: speedtest-tracker.png
@@ -4799,6 +4898,36 @@ services:
     restart: always
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/spotisub:/home/user/spotisub/cache
+  stable-diffusion-download:
+    container_name: stable-diffusion-download
+    image: git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
+  stable-diffusion-webui:
+    container_name: stable-diffusion-webui
+    image: git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.0
+    environment:
+      - CLI_ARGS=--allow-code --medvram --xformers --enable-insecure-extension-access --api
+    labels:
+      homepage.name: Stable-Diffusion WebUI
+      homepage.group: Personal Services
+      homepage.description: Deep learning, text-to-image model
+      homepage.href: https://sd.${MY_TLD}
+      homepage.icon: /icons/stable-diffusion.png
+      swag: enable
+      swag_port: 7860
+      swag_proto: http
+      swag_url: sd.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://sd.${MY_TLD}
+    ports:
+      - 7860:7860
+    restart: unless-stopped
+    tty: true
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
+      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/output:/output
   swag:
     cap_add:
       - NET_ADMIN
@@ -5311,6 +5440,8 @@ volumes:
     name: dawarich_watched
   dbgate-data:
     name: dbgate-data
+  docker-volume-bkup-data:
+    name: docker-volume-bkup-data
   fastenhealth-cache:
     name: fastenhealth-cache
   fastenhealth-db:
@@ -5361,6 +5492,10 @@ volumes:
     name: lldap_data
   mastodon-pg-db:
     name: mastodon-pg-db
+  mixpost-storage:
+    name: mixpost-storage
+  mixpost-logs:
+    name: mixpost-logs
   mongodb_config:
     name: mongodb_config
   mongodb_data: