Ansible private key fix (hopefully).

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -51,7 +51,6 @@ jobs:
     env:
       VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_NAMESPACE: ""
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -75,7 +74,7 @@ jobs:
         with:
           directory: ansible/
           playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_SSH_KEY}}
           options: |
             --inventory inventory/hosts.yml
             --check
@@ -258,6 +257,7 @@ jobs:
           notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
   ansible-config-docker-compose-deploy:
     name: Deploy via Ansible & Docker Compose
+    timeout-minutes: 360
     runs-on: ubuntu-latest
     needs: [pr-merge]
     env:
@@ -305,7 +305,6 @@ jobs:
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
         # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
-        timeout-minutes: 360
         continue-on-error: true
         uses: keatonLiu/docker-compose-remote-action@v1.2
         with:

README.md

@@ -39,6 +39,13 @@
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
 | gluetun | qmcgaw/gluetun:latest |
 | gotify | gotify/server |
+| grafana | grafana/grafana-enterprise:latest |
+| grafana-alloy | grafana/alloy:latest |
+| grafana-loki | grafana/loki:latest |
+| grafana-mimir | grafana/mimir:latest |
+| grafana-mimir-memcached | memcached |
+| grafana-pyroscope | grafana/pyroscope:latest |
+| grafana-tempo | grafana/tempo:latest |
 | guacamole | flcontainers/guacamole:latest |
 | homepage | ghcr.io/gethomepage/homepage:latest |
 | hortusfox | ghcr.io/danielbrendel/hortusfox-web:latest |
@@ -88,8 +95,6 @@
 | open-webui | ghcr.io/open-webui/open-webui:main |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | parseable | containers.parseable.com/parseable/parseable:latest |
-| peppermint | pepperlabs/peppermint:latest |
-| peppermint-pg-db | postgres:17-alpine |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
@@ -139,6 +144,16 @@
 | web-check | lissy93/web-check |
 | your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |
+| zammad-backup | postgres: |
+| zammad-elasticsearch | bitnami/elasticsearch: |
+| zammad-init | : |
+| zammad-memcached | memcached: |
+| zammad-nginx | : |
+| zammad-postgresql | postgres: |
+| zammad-railsserver | : |
+| zammad-redis | redis: |
+| zammad-scheduler | : |
+| zammad-websocket | : |
 | zitadel | ghcr.io/zitadel/zitadel:latest |
 | zitadel-pg-db | postgres:16-alpine |
 

ansible/app-configs/gitea_act-runner_config.yaml.j2

@@ -0,0 +1,101 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 2
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: "192.168.1.254"
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 63604
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: "compose_default"
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

ansible/app-configs/vector.yaml.j2

@@ -0,0 +1,32 @@
+  sources:
+    rinoa_docker_logs:
+      type: docker_logs
+      exclude_containers:
+        - zammad-init
+        - vector
+
+  sinks:
+    parseable:
+      type: http
+      method: post
+      batch:
+        max_bytes: 10485760
+        max_events: 1000
+        timeout_secs: 10
+      compression: gzip
+      inputs:
+        - rinoa_docker_logs
+      encoding:
+        codec: json
+      uri: http://parseable:8000/api/v1/ingest'
+      auth:
+        strategy: basic
+        user: admin
+        password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
+      request:
+        headers:
+          X-P-Stream: vectordemo
+      healthcheck:
+        enabled: true
+        path: 'http://parseable:8000/api/v1/liveness'
+        port: 80

ansible/group_vars/all.yml

@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
   $ANSIBLE_VAULT;1.1;AES256
-  30623330336664656231653066343930303830343530323930613666643863623837633738346639
-  3734386663383333386635623931343361343363396434660a633637666539626264653437636134
-  36616334386264383330323164333432623538366234326563323664353338646331353233396161
-  3030623162373232320a386432393337613431303432613065626163326363316365613937623031
-  39316566343238363934383833376136323461336666663762383663633531303138616132333938
-  30316334363436333164303035643835316238313038663761636338313433303766626238656234
-  34373436396430646339326361366634363735346637303865373164363663663263646661366663
-  36336334393535386332646461313262646131383932353534363936623961613761333762376561
-  31366662626231346638346339626565653831613865646436643233653066366534
+  66373236656261373330343233616231386539616566613864306436613635323533336365383232
+  6636653139393566643265303135343864363632393035380a643566373137316363626438356431
+  64653237313866316537326565386164373564353166346334663638636531353337303937346466
+  3539366634393337620a653133336530333963343638643934303336653935363932643665353234
+  63343565663632633563396131346139666236313863663332386131633831633566373366613738
+  63343634313539336534666632313736343338623538303434316230383764643432646663356238
+  61373132633062346436363036333533623931313037306633616662623032616137613734343638
+  63633031616161623437623935346366636433653435646333313638376161663237323130636433
+  31383031646666626163323966393738386233346137326231366263316532343563
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"

docker-compose.yml

@@ -617,28 +617,6 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
-  convertx:
-    container_name: convertx
-    environment:
-      JWT_SECRET: ${CONVERTX_JWT_SECRET}
-    image: ghcr.io/c4illin/convertx
-    labels:
-      homepage.group: System Administration
-      homepage.name: ConvertX
-      homepage.href: https://convert.${MY_TLD}
-      homepage.icon: sh-convertx.png
-      homepage.description: Online file converter
-      swag: enable
-      swag_port: 3000
-      swag_proto: http
-      swag_url: convert.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://convert.${MY_TLD}
-    ports:
-      - 38946:3000
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/convertx:/app/data
   cronicle:
     container_name: cronicle
     entrypoint: manager
@@ -2686,31 +2664,6 @@ services:
         published: "22300"
         target: 22300
     restart: unless-stopped
-  libretranslate:
-    container_name: libretranslate
-    # command: --ssl --ga-id MY-GA-ID --req-limit 100 --char-limit 500
-    image: libretranslate/libretranslate
-    healthcheck:
-      test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
-    environment:
-      LT_UPDATE_MODELS: true
-    labels:
-      homepage.group: Personal Services
-      homepage.name: LibreTranslate
-      homepage.href: https://translate.${MY_TLD}
-      homepage.icon: sh-libretranslate.svg
-      homepage.description: Open-source language translation
-      swag: enable
-      swag_port: 5000
-      swag_url: translate.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
-    ports:
-      - 5000:5000
-    restart: unless-stopped
-    volumes:
-    #   - libretranslate_api_keys:/app/db
-      - libretranslate_models:/home/libretranslate/.local:rw
   lidarr:
     container_name: lidarr
     environment:
@@ -3195,16 +3148,13 @@ services:
       TZ: ${TZ}
       PORT: 20211
     image: jokobsk/netalertx:latest
+    network_mode: host
     labels:
       homepage.group: Infrastructure/App Performance Monitoring
       homepage.name: NetAlertX
       homepage.href: http://192.168.1.254:20211
       homepage.icon: netalertx.svg
       homepage.description: Network Monitoring
-      homepage.widget.type: netalertx
-      homepage.widget.url: http://192.168.1.254:20211
-      homepage.widget.key: ${NETALERTX_API_TOKEN}
-    network_mode: host
     restart: unless-stopped
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/netalertx/config:/app/config
@@ -3351,7 +3301,7 @@ services:
       homepage.description: Private Cloud
       homepage.widget.type: nextcloud
       homepage.widget.url: https://cloud.trez.wtf
-      homepage.widget.key: ${NEXTCLOUD_HOMEPAGE_TOKEN}
+      homepage.widget.token: ${NEXTCLOUD_HOMEPAGE_TOKEN}
       swag: enable
       swag_port: 11000
       swag_proto: http
@@ -3538,51 +3488,6 @@ services:
       - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
     ports:
       - 14453:8000
-  peppermint:
-    container_name: peppermint
-    depends_on:
-      peppermint-pg-db:
-        condition: service_started
-        required: true
-    environment:
-      BASE_URL: https://support.trez.wtf
-      DB_USERNAME: peppermint
-      DB_PASSWORD: ${PEPPERMINT_PG_PASSWORD}
-      DB_HOST: peppermint-pg-db
-      SECRET: ${PEPPERMINT_SECRET_KEY}
-    image: pepperlabs/peppermint:latest
-    labels:
-      swag: enable
-      swag_proto: http
-      swag_port: 3000
-      swag_url: support.${MY_TLD}
-      swag_server_custom_directive: |
-        location /api {
-              proxy_pass http://peppermint:5003;
-        }
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
-      homepage.group: Professional Services
-      homepage.name: Peppermint
-      homepage.href: https://support.${MY_TLD}
-      homepage.icon: peppermint.svg
-      homepage.description: Open-source ticket management and help desk solution
-    ports:
-      - 3000:3000
-      - 5003:5003
-    restart: always
-  peppermint-pg-db:
-    container_name: peppermint-pg-db
-    environment:
-      POSTGRES_USER: peppermint
-      POSTGRES_PASSWORD: ${PEPPERMINT_PG_PASSWORD}
-      POSTGRES_DB: peppermint
-    expose:
-      - 5432
-    image: postgres:17-alpine
-    restart: always
-    volumes:
-      - peppermint-pg-data:/var/lib/postgresql/data
   pgbackweb:
     container_name: pgbackweb
     depends_on:
@@ -6137,10 +6042,11 @@ services:
     environment:
       PGID: ${PGID}
       PUID: ${PUID}
-      TZ: ${TZ}
+      TZ: America/New_York
       UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME}
       UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
-      DOCKER_HOST: tcp://dockerproxy:2375
+      DOCKER_HOST: http://dockerproxy:2375
+      DOCKER_MODS: ghcr.io/themepark-dev/theme.park:uptime-kuma
     hostname: Rinoa
     image: louislam/uptime-kuma:latest
     labels:
@@ -6149,9 +6055,6 @@ services:
       homepage.href: https://uptime.${MY_TLD}
       homepage.icon: uptime-kuma.png
       homepage.description: HTTP Endpoint Monitoring
-      homepage.widget.type: uptimekuma
-      homepage.widget.url: http://uptimekuma:3001
-      homepage.widget.slug: rinoa-services
       swag: enable
       swag_proto: http
       swag_url: uptime.${MY_TLD}
@@ -6459,6 +6362,362 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
+  zammad-backup:
+    command:
+      - zammad-backup
+    container_name: zammad-backup
+    depends_on:
+      zammad-postgresql:
+        condition: service_started
+        required: true
+      zammad-railsserver:
+        condition: service_started
+        required: true
+    entrypoint: /usr/local/bin/backup.sh
+    environment:
+      AUTOWIZARD_JSON: null
+      AUTOWIZARD_RELATIVE_PATH: null
+      BACKUP_TIME: "03:00"
+      ELASTICSEARCH_ENABLED: true
+      ELASTICSEARCH_HOST: zammad-elasticsearch
+      ELASTICSEARCH_NAMESPACE: trez_it
+      ELASTICSEARCH_PORT: 9200
+      ELASTICSEARCH_REINDEX: true
+      ELASTICSEARCH_SCHEMA: http
+      ELASTICSEARCH_SSL_VERIFY: false
+      HOLD_DAYS: "10"
+      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
+      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRESQL_DB_CREATE: true
+      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
+      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
+      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
+      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
+      RAILS_LOG_TO_STDOUT: true
+      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
+      REDIS_URL: ${ZAMMAD_REDIS_URL}
+      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
+      TZ: Europe/Berlin
+      ZAMMAD_BIND_IP: 0.0.0.0
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
+      ZAMMAD_PROCESS_SCHEDULED: null
+      ZAMMAD_SESSION_JOBS: null
+      ZAMMAD_WEB_CONCURRENCY: null
+    image: postgres:${ZAMMAD_POSTGRES_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - source: zammad-backup
+        target: /var/tmp/zammad
+        type: volume
+        volume: {}
+      - read_only: true
+        source: zammad-storage
+        target: /opt/zammad/storage
+        type: volume
+        volume: {}
+      - read_only: true
+        source: ${DOCKER_VOLUME_CONFIG}/zammad/scripts/backup.sh
+        target: /usr/local/bin/backup.sh
+        type: bind
+        volume: {}
+  zammad-elasticsearch:
+    container_name: zammad-elasticsearch
+    expose:
+      - 9200
+    image: bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - source: zammad-es-data
+        target: /bitnami/elasticsearch/data
+        type: volume
+        volume: {}
+  zammad-init:
+    command:
+      - zammad-init
+    container_name: zammad-init
+    depends_on:
+      zammad-postgresql:
+        condition: service_started
+        required: true
+    environment:
+      AUTOWIZARD_JSON: null
+      AUTOWIZARD_RELATIVE_PATH: null
+      ELASTICSEARCH_ENABLED: true
+      ELASTICSEARCH_HOST: zammad-elasticsearch
+      ELASTICSEARCH_NAMESPACE: trez_it
+      ELASTICSEARCH_PORT: 9200
+      ELASTICSEARCH_REINDEX: true
+      ELASTICSEARCH_SCHEMA: http
+      ELASTICSEARCH_SSL_VERIFY: false
+      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
+      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRESQL_DB_CREATE: true
+      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
+      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
+      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
+      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
+      RAILS_LOG_TO_STDOUT: true
+      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
+      REDIS_URL: ${ZAMMAD_REDIS_URL}
+      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
+      ZAMMAD_BIND_IP: 0.0.0.0
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
+      ZAMMAD_PROCESS_SCHEDULED: null
+      ZAMMAD_SESSION_JOBS: null
+      ZAMMAD_WEB_CONCURRENCY: null
+    hostname: init
+    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
+    networks:
+      default: null
+    restart: on-failure
+    user: "0:0"
+    volumes:
+      - zammad-storage:/opt/zammad/storage
+  zammad-memcached:
+    command: memcached -m 256M
+    container_name: zammad-memcached
+    image: memcached:${ZAMMAD_MEMCACHE_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+  zammad-nginx:
+    command:
+      - zammad-nginx
+    container_name: zammad-nginx
+    depends_on:
+      zammad-railsserver:
+        condition: service_started
+        required: true
+    environment:
+      AUTOWIZARD_JSON: null
+      AUTOWIZARD_RELATIVE_PATH: null
+      ELASTICSEARCH_ENABLED: true
+      ELASTICSEARCH_HOST: zammad-elasticsearch
+      ELASTICSEARCH_NAMESPACE: trez_it
+      ELASTICSEARCH_PORT: 9200
+      ELASTICSEARCH_REINDEX: true
+      ELASTICSEARCH_SCHEMA: http
+      ELASTICSEARCH_SSL_VERIFY: false
+      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
+      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRESQL_DB_CREATE: true
+      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
+      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
+      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
+      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
+      RAILS_LOG_TO_STDOUT: true
+      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
+      REDIS_URL: ${ZAMMAD_REDIS_URL}
+      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
+      ZAMMAD_BIND_IP: 0.0.0.0
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
+      ZAMMAD_PROCESS_SCHEDULED: null
+      ZAMMAD_SESSION_JOBS: null
+      ZAMMAD_WEB_CONCURRENCY: null
+    expose:
+      - "8080"
+    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
+    labels:
+      swag: enable
+      swag_proto: http
+      swag_port: 8080
+      swag_url: support.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
+      homepage.group: Professional Services
+      homepage.name: Zammad
+      homepage.href: https://support.${MY_TLD}
+      homepage.icon: zammad.svg
+      homepage.description: Open-source helpdesk/customer support system
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - zammad-storage:/opt/zammad/storage
+  zammad-postgresql:
+    container_name: zammad-postgresql
+    environment:
+      POSTGRES_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRES_USER: ${ZAMMAD_POSTGRES_USER}
+    hostname: postgresql
+    image: postgres:${ZAMMAD_POSTGRES_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - source: zammad-pg-data
+        target: /var/lib/postgresql/data
+        type: volume
+        volume: {}
+  zammad-railsserver:
+    command:
+      - zammad-railsserver
+    container_name: zammad-railserver
+    depends_on:
+      zammad-memcached:
+        condition: service_started
+        required: true
+      zammad-postgresql:
+        condition: service_started
+        required: true
+      zammad-redis:
+        condition: service_started
+        required: true
+    environment:
+      AUTOWIZARD_JSON: null
+      AUTOWIZARD_RELATIVE_PATH: null
+      ELASTICSEARCH_ENABLED: true
+      ELASTICSEARCH_HOST: zammad-elasticsearch
+      ELASTICSEARCH_NAMESPACE: trez_it
+      ELASTICSEARCH_PORT: 9200
+      ELASTICSEARCH_REINDEX: true
+      ELASTICSEARCH_SCHEMA: http
+      ELASTICSEARCH_SSL_VERIFY: false
+      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
+      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRESQL_DB_CREATE: true
+      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
+      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
+      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
+      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
+      RAILS_LOG_TO_STDOUT: true
+      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
+      REDIS_URL: ${ZAMMAD_REDIS_URL}
+      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
+      ZAMMAD_BIND_IP: 0.0.0.0
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
+      ZAMMAD_PROCESS_SCHEDULED: null
+      ZAMMAD_SESSION_JOBS: null
+      ZAMMAD_WEB_CONCURRENCY: null
+    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - source: zammad-storage
+        target: /opt/zammad/storage
+        type: volume
+        volume: {}
+  zammad-redis:
+    container_name: zammad-redis
+    image: redis:${ZAMMAD_REDIS_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - source: zammad-redis-data
+        target: /data
+        type: volume
+        volume: {}
+  zammad-scheduler:
+    command:
+      - zammad-scheduler
+    container_name: zammad-scheduler
+    depends_on:
+      zammad-memcached:
+        condition: service_started
+        required: true
+      zammad-postgresql:
+        condition: service_started
+        required: true
+      zammad-redis:
+        condition: service_started
+        required: true
+    environment:
+      AUTOWIZARD_JSON: null
+      AUTOWIZARD_RELATIVE_PATH: null
+      ELASTICSEARCH_ENABLED: true
+      ELASTICSEARCH_HOST: zammad-elasticsearch
+      ELASTICSEARCH_NAMESPACE: trez_it
+      ELASTICSEARCH_PORT: 9200
+      ELASTICSEARCH_REINDEX: true
+      ELASTICSEARCH_SCHEMA: http
+      ELASTICSEARCH_SSL_VERIFY: false
+      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
+      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRESQL_DB_CREATE: true
+      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
+      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
+      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
+      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
+      RAILS_LOG_TO_STDOUT: true
+      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
+      REDIS_URL: ${ZAMMAD_REDIS_URL}
+      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
+      ZAMMAD_BIND_IP: 0.0.0.0
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
+      ZAMMAD_PROCESS_SCHEDULED: null
+      ZAMMAD_SESSION_JOBS: null
+      ZAMMAD_WEB_CONCURRENCY: null
+    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - source: zammad-storage
+        target: /opt/zammad/storage
+        type: volume
+        volume: {}
+  zammad-websocket:
+    command:
+      - zammad-websocket
+    container_name: zammad-websocket
+    depends_on:
+      zammad-memcached:
+        condition: service_started
+        required: true
+      zammad-postgresql:
+        condition: service_started
+        required: true
+      zammad-redis:
+        condition: service_started
+        required: true
+    environment:
+      AUTOWIZARD_JSON: null
+      AUTOWIZARD_RELATIVE_PATH: null
+      ELASTICSEARCH_ENABLED: true
+      ELASTICSEARCH_HOST: zammad-elasticsearch
+      ELASTICSEARCH_NAMESPACE: trez_it
+      ELASTICSEARCH_PORT: 9200
+      ELASTICSEARCH_REINDEX: true
+      ELASTICSEARCH_SCHEMA: http
+      ELASTICSEARCH_SSL_VERIFY: false
+      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
+      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRESQL_DB_CREATE: true
+      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
+      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
+      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
+      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
+      RAILS_LOG_TO_STDOUT: true
+      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
+      REDIS_URL: ${ZAMMAD_REDIS_URL}
+      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
+      ZAMMAD_BIND_IP: 0.0.0.0
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
+      ZAMMAD_PROCESS_SCHEDULED: null
+      ZAMMAD_SESSION_JOBS: null
+      ZAMMAD_WEB_CONCURRENCY: null
+    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
+    networks:
+      default: null
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - source: zammad-storage
+        target: /opt/zammad/storage
+        type: volume
+        volume: {}
   zitadel:
     container_name: zitadel
     image: ghcr.io/zitadel/zitadel:latest
@@ -6516,6 +6775,10 @@ volumes:
     name: crowdsec-config
   crowdsec-db:
     name: crowdsec-db
+  dagu_config:
+    name: dagu_config
+  dagu_data:
+    name: dagu_data
   dbgate-data:
     name: dbgate-data
   fastenhealth-cache:
@@ -6528,6 +6791,10 @@ volumes:
     name: filebeat_var
   gitea-pg-db:
     name: gitea-pg-db
+  grafana-mimir-data:
+    name: grafana-mimir-data
+  grafana-tempo-data:
+    name: grafana-tempo-data
   hortusfox_app_backup:
     name: hortusfox_app_backup
   hortusfox_app_images:
@@ -6560,8 +6827,6 @@ volumes:
     name: jitsi-web-admin-upload
   joplin_data:
     name: joplin_data
-  libretranslate_models:
-    name: libretranslate_models
   lldap_data:
     name: lldap_data
   mastodon-pg-db:
@@ -6578,6 +6843,12 @@ volumes:
     name: netbird-signal
   netbird-letsencrypt:
     name: netbird-letsencrypt
+  netbox-pg-db:
+    name: netbox-pg-db
+  netdata-cache:
+    name: netdata-cache
+  netdata-lib:
+    name: netdata-lib
   nextcloud_aio_mastercontainer:
     name: nextcloud_aio_mastercontainer
   ollama:
@@ -6590,8 +6861,6 @@ volumes:
     name: paperless-ngx-media
   paperless-ngx-pg:
     name: paperless-ngx-pg
-  peppermint-pg-data:
-    name: peppermint-pg-data
   pgbackweb-data:
     name: pgbackweb-data
   plausible-db-data:
@@ -6626,5 +6895,81 @@ volumes:
     name: wallos-db
   wallos-logos:
     name: wallos-logos
+  wazuh-dashboard-config:
+    name: wazuh-dashboard-config
+  wazuh-dashboard-custom:
+    name: wazuh-dashboard-custom
+  wazuh-indexer-data:
+    name: wazuh-indexer-data
+  wazuh_active_response:
+    name: wazuh_active_response
+  wazuh_agentless:
+    name: wazuh_agentless
+  wazuh_api_configuration:
+    name: wazuh_api_configuration
+  wazuh_etc:
+    name: wazuh_etc
+  wazuh_integrations:
+    name: wazuh_integrations
+  wazuh_logs:
+    name: wazuh_logs
+  wazuh_queue:
+    name: wazuh_queue
+  wazuh_var_multigroups:
+    name: wazuh_var_multigroups
+  wazuh_wodles:
+    name: wazuh_wodles
+  zammad-backup:
+    driver: local
+    name: zammad-backup
+  zammad-es-data:
+    driver: local
+    name: zammad-es-data
+  zammad-pg-data:
+    driver: local
+    name: zammad-pg-data
+  zammad-redis-data:
+    driver: local
+    name: zammad-redis-data
+  zammad-storage:
+    driver: local
+    name: zammad-storage
   zitadel-pg-db:
-    name: zitadel-pg-db
+    name: zitadel-pg-db
+x-shared:
+  zammad-service:
+    depends_on:
+      - zammad-memcached
+      - zammad-postgresql
+      - zammad-redis
+    environment:
+      AUTOWIZARD_JSON: null
+      AUTOWIZARD_RELATIVE_PATH: null
+      ELASTICSEARCH_ENABLED: true
+      ELASTICSEARCH_HOST: zammad-elasticsearch
+      ELASTICSEARCH_NAMESPACE: trez_it
+      ELASTICSEARCH_PORT: 9200
+      ELASTICSEARCH_REINDEX: true
+      ELASTICSEARCH_SCHEMA: http
+      ELASTICSEARCH_SSL_VERIFY: false
+      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS}
+      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB}
+      POSTGRESQL_DB_CREATE: true
+      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST}
+      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS}
+      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS}
+      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT}
+      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER}
+      RAILS_LOG_TO_STDOUT: true
+      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
+      REDIS_URL: ${ZAMMAD_REDIS_URL}
+      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad?region=us-east-fh-pln&force_path_style=true
+      ZAMMAD_BIND_IP: 0.0.0.0
+      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: null
+      ZAMMAD_PROCESS_SCHEDULED: null
+      ZAMMAD_SESSION_JOBS: null
+      ZAMMAD_WEB_CONCURRENCY: null
+    image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
+    restart: ${ZAMMAD_RESTART}
+    volumes:
+      - zammad-storage:/opt/zammad/storage