Typo fix for Soularr.

2025-01-07 11:54:55 -05:00
63 changed files with 1730 additions and 7855 deletions
@@ -0,0 +1,128 @@
+name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow
+
+on:
+  push:
+    branches-ignore:
+      - main
+
+jobs:
+  # Job 1: Check if PR exists and create one if the branch is new
+  check-and-create-pr:
+    name: Check and Create PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: PR list
+        id: list-prs
+        run: |
+          pr_check=$(curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/main/${{ github.ref_name }} \
+            -X 'GET' \
+            -H 'Accept: application/json' \
+            -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \
+            -sS | jq '{index: .number, state: .state}')
+          pr_state=$(echo ${pr_check} | jq -r '.state')
+
+      - name: Create PR
+        if: steps.list-prs.outputs.pr_state != 'open'
+        uses: arifer612/Gitea-PR-action@v1.2.0
+        with:
+          url: ${{ gitea.server_url }}
+          token: ${{ secrets.BOT_GITEA_TOKEN }}
+          pr-label: 'auto-deploy-pr'
+
+  docker-compose-test:
+    name: Docker Compose Test
+    needs: [check-and-create-pr]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Generate ephemeral .env compose file
+        id: generate-env-file-pr
+        run: |
+          echo "${{ secrets.RINOA_ENV }}" > .env
+
+      - name: Docker Compose Lint
+        uses: yu-ichiro/spin-up-docker-compose-action@v1
+        with:
+          file: docker-compose.yml
+          pull: true
+          pull-opts: --dry-run
+          up: true
+          up-opts: --dry-run -d --remove-orphans
+        env:
+          DOCKER_HOST: tcp://dockerproxy:2375
+
+  cloudflare-dns-setup:
+    name: Cloudflare DNS Setup
+    needs: [docker-compose-test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install jq
+        uses: dcarbone/install-jq-action@v3.0.1
+
+      - name: Install yq
+        uses: dcarbone/install-yq-action@v1
+      
+      - name: Install flarectl
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz'
+          name: 'flarectl'
+          version: '0.113.0'
+
+      - name: Grab Subdomains from Docker Compose & Cloudflare
+        id: grab-subdomains
+        env:
+          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
+        run: |
+          echo "Grabbing subdomains from docker-compose.yml..."
+          yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt
+          echo "Grabbing subdomains from Cloudflare..."
+          flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt
+          
+      - name: Compare Subdomains
+        id: compare-subdomains
+        uses: LouisBrunner/diff-action@v2.2.0
+        with:
+          old: compose_subdomains.txt
+          new: cloudflare_subdomains.txt
+          mode: addition
+          tolerance: mixed-better
+          output: domain_compare.txt
+
+      - name: Create Subdomains
+        if: steps.compare-subdomains.outputs.output != ''
+        env:
+          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
+        run: |
+          cat domain_compare.txt | egrep '^-[a-z]' | sed -e 's|-||g' | while read -r subdomain; do
+            echo "Creating $subdomain.trez.wtf..."
+            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf"
+          done
+
+  merge-pr:
+    name: PR Merge
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    needs: [cloudflare-dns-setup]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Tea CLI Setup & PR Merge
+        run: |
+          curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea
+          chmod +x /usr/local/bin/tea
+          echo "Merging PR..."
+          tea login add --name gitea-rinoa --url ${{ vars.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g')
+          tea pr m --repo ${{ github.repository }} --title "${{ github.ref_name }} Auto Merge" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index}
@@ -1,265 +0,0 @@
-name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
-on:
-  push:
-    branches-ignore:
-      - main
-    paths:
-      - '**.yml'
-jobs:
-  check-and-create-pr:
-    name: Check and Create PR
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Cache tea CLI
-        id: cache-tea
-        uses: actions/cache@v4
-        with:
-          path: /opt/hostedtoolcache/tea/0.9.2/x64
-          key: tea-${{ runner.os }}-0.9.2
-      - name: Install tea
-        uses: supplypike/setup-bin@v4
-        with:
-          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
-          name: 'tea'
-          version: '0.9.2'
-      - name: Check if open PR exists
-        id: check-opened-pr-step
-        continue-on-error: true
-        run: |
-          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
-          echo ${pr_exists}
-          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
-      - name: Create PR
-        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
-        run: |
-          tea login default gitea-rinoa
-          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
-          pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }}
-  docker-compose-ansible-lints:
-    name: Docker Compose & Ansible Lints
-    needs: [check-and-create-pr]
-    runs-on: ubuntu-latest
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Cache Ansible Galaxy Collections
-        uses: actions/cache@v3
-        with:
-          path: ansible/collections
-          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
-          restore-keys: |
-            ${{ runner.os }}-ansible-
-      - name: Install Ansible
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
-        with:
-          version: "11.0.0"
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-      - name: Install hvac
-        run: pip install hvac
-      - name: Ansible Playbook Dry Run
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
-          options: |
-            --inventory inventory/hosts.yml
-            --check
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Generate .env file for Docker Compose Dry Run
-        run: |
-          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-      - name: Cache .env Files
-        uses: actions/cache@v4
-        with:
-          path: .env
-          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
-      - name: Docker Compose Dry Run
-        uses: yu-ichiro/spin-up-docker-compose-action@v1
-        with:
-          file: docker-compose.yml
-          pull: true
-          pull-opts: --dry-run
-          up: true
-          up-opts: --dry-run -d --remove-orphans
-        env:
-          DOCKER_HOST: tcp://dockerproxy:2375
-  cloudflare-dns-setup:
-    name: Cloudflare DNS Setup
-    needs: [docker-compose-ansible-lints]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: Cache flarectl CLI
-        uses: actions/cache@v4
-        with:
-          path: ~/.flarectl
-          key: flarectl-${{ runner.os }}-${{ hashFiles('workflow-config.yml') }}
-      - name: Install flarectl
-        uses: supplypike/setup-bin@v4
-        with:
-          uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz'
-          name: 'flarectl'
-          version: '0.113.0'
-      - name: Cache Subdomain Files
-        uses: actions/cache@v4
-        with:
-          path: |
-            compose_subdomains.txt
-            cloudflare_subdomains.txt
-          key: ${{ runner.os }}-subdomains-${{ hashFiles('docker-compose.yml') }}
-      - name: Grab Subdomains from Docker Compose & Cloudflare
-        id: grab-subdomains
-        env:
-          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
-          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
-        run: |
-          yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt
-          flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt
-      - name: Compare Subdomains
-        id: compare-subdomains
-        uses: LouisBrunner/diff-action@v2.2.0
-        with:
-          old: compose_subdomains.txt
-          new: cloudflare_subdomains.txt
-          mode: addition
-          tolerance: mixed-better
-          output: domain_compare.txt
-      - name: Create Subdomains
-        if: steps.compare-subdomains.outputs.output != ''
-        continue-on-error: true
-        env:
-          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
-          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
-        run: |
-          cat domain_compare.txt | egrep '^-[a-z]' | sed -e 's|-||g' | while read -r subdomain; do
-            echo "Creating $subdomain.trez.wtf..."
-            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf" --proxy true
-          done
-  regenerate-readme:
-    name: Update README
-    runs-on: ubuntu-latest
-    needs: [cloudflare-dns-setup]
-    outputs:
-      pr-pushed: ${{ steps.commit-readme.outputs.pushed }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Install yq
-        uses: dcarbone/install-yq-action@v1
-      - name: Generate service list
-        run: |
-          yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
-      - name: Generate Markdown Table
-        uses: gazab/create-markdown-table@v1
-        id: service-table
-        with:
-          file: ./services.yml
-      - name: Regenerate README
-        run: |
-          echo "# List of Services" > README.md
-          echo -e "\n\n" >> README.md
-          echo "${{ steps.service-table.outputs.table }}" >> README.md
-      - name: Add/Commit README.md
-        id: commit-readme
-        uses: EndBug/add-and-commit@v9
-        with:
-          message: "chore: Update README"
-          add: "README.md"
-  pr-merge:
-    name: PR Merge
-    needs: [regenerate-readme]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Install tea
-        uses: supplypike/setup-bin@v4
-        with:
-          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
-          name: 'tea'
-          version: '0.9.2'
-      - name: PR Merge
-        id: pr_merge
-        run: |
-          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
-          tea login default gitea-rinoa
-          echo "Merging PR..."
-          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
-          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
-  ansible-config-docker-compose-deploy:
-    name: Deploy via Ansible & Docker Compose
-    runs-on: ubuntu-latest
-    needs: [pr-merge]
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      DOCKER_HOST: tcp://dockerproxy:2375
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          ref: main
-      - name: Cache Vault install
-        id: cache-vault
-        uses: actions/cache@v4
-        with:
-          path: /opt/hostedtoolcache/vault/1.18.0/x64
-          key: vault-${{ runner.os }}-1.18.0
-      - name: Install Ansible
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
-        with:
-          version: "11.0.0"
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-      - name: Install hvac
-        run: pip install hvac
-      - name: Deploy Docker Configs via Ansible
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
-          options: |
-            --inventory inventory/hosts.yml
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'Ansible Config Deployment @ Rinoa'
-          notification_message: 'Deployment completed successfully.'
-      - name: Generate .env file for deployment
-        run: |
-           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-      - name: Docker Compose Deployment
-        uses: keatonLiu/docker-compose-remote-action@v1.2
-        with:
-          ssh_user: gitea-deploy
-          ssh_host: 192.168.1.254
-          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
-          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
-          docker_compose_file: docker-compose.yml
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'Docker Compose Deployment @ Rinoa'
-          notification_message: 'Deployment completed successfully.'
@@ -1,2 +1,2 @@
-**/.cache_ggshield
-ansible/collections/ansible_collections/
+**/.env*
+**/*env*
@@ -1,157 +1,588 @@
 # List of Services

+```json
+~> yq '.services | to_entries | map({service: .key, image: .value.image})' docker-compose.yml

-
-| Service | Image |
-| --- | --- |
-| actual_server | docker.io/actualbudget/actual-server:latest |
-| adguard | adguard/adguardhome:latest |
-| apprise | lscr.io/linuxserver/apprise-api:latest |
-| audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
-| authelia | authelia/authelia:master |
-| authelia-pg | postgres:16-alpine |
-| bazarr | lscr.io/linuxserver/bazarr:latest |
-| bitmagnet | ghcr.io/bitmagnet-io/bitmagnet:latest |
-| bitmagnet-pg-db | postgres:17-alpine |
-| bitwarden | vaultwarden/server:latest |
-| bluesky-pds | ghcr.io/bluesky-social/pds:latest |
-| browserless | ghcr.io/browserless/chromium:latest |
-| bunkerweb | bunkerity/bunkerweb:latest |
-| bunkerweb-scheduler | bunkerity/bunkerweb-scheduler:latest |
-| bunkerweb-ui | bunkerity/bunkerweb-ui:latest |
-| castopod | castopod/castopod:latest |
-| cloudflared | cloudflare/cloudflared:latest |
-| cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
-| crowdsec | crowdsecurity/crowdsec:latest |
-| crowdsec-dashboard | metabase/metabase |
-| czkawka | jlesage/czkawka |
-| dagu-scheduler | ghcr.io/dagu-org/dagu:latest |
-| dagu-server | ghcr.io/dagu-org/dagu:latest |
-| delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
-| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
-| docuseal | docuseal/docuseal:latest |
-| duplicati | lscr.io/linuxserver/duplicati:latest |
-| fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
-| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
-| ghost | ghost:latest |
-| gitea | gitea/gitea:1.23.1 |
-| gitea-db | postgres:14 |
-| gitea-opengist | ghcr.io/thomiceli/opengist:latest |
-| gitea-runner | gitea/act_runner:latest |
-| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
-| gluetun | qmcgaw/gluetun:latest |
-| gotify | gotify/server |
-| grafana | grafana/grafana-enterprise:latest |
-| grafana-alloy | grafana/alloy:latest |
-| grafana-loki | grafana/loki:latest |
-| grafana-mimir | grafana/mimir:latest |
-| grafana-mimir-memcached | memcached |
-| grafana-pyroscope | grafana/pyroscope:latest |
-| grafana-tempo | grafana/tempo:latest |
-| guacamole | flcontainers/guacamole:latest |
-| homepage | ghcr.io/gethomepage/homepage:latest |
-| hortusfox | ghcr.io/danielbrendel/hortusfox-web:latest |
-| hugo | hugomods/hugo:exts |
-| invidious | quay.io/invidious/invidious:latest |
-| invidious-db | docker.io/library/postgres:14 |
-| invoice_ninja | invoiceninja/invoiceninja:5 |
-| invoice_ninja_proxy | nginx |
-| it-tools | ghcr.io/corentinth/it-tools:latest |
-| jellyfin | jellyfin/jellyfin |
-| jitsi-etherpad | etherpad/etherpad:1.8.6 |
-| jitsi-jibri | jitsi/jibri:stable |
-| jitsi-jicofo | jitsi/jicofo:stable |
-| jitsi-jigasi | jitsi/jigasi:stable |
-| jitsi-jvb | jitsi/jvb:stable |
-| jitsi-prosody | jitsi/prosody:stable |
-| jitsi-web | jitsi/web:stable |
-| joplin-db | postgres:17-alpine |
-| joplin | joplin/server:latest |
-| lidarr | lscr.io/linuxserver/lidarr:latest |
-| lidify | thewicklowwolf/lidify:latest |
-| lldap | lldap/lldap:stable |
-| localai | localai/localai:latest-aio-cpu |
-| maloja | krateng/maloja:latest |
-| mariadb | linuxserver/mariadb |
-| mastodon | lscr.io/linuxserver/mastodon:latest |
-| mastodon-pg-db | postgres:17-alpine |
-| minio | minio/minio |
-| mongodb | mongo:7.0 |
-| multi-scrobbler | foxxmd/multi-scrobbler |
-| n8n | docker.n8n.io/n8nio/n8n |
-| navidrome | deluan/navidrome:latest |
-| netbox | lscr.io/linuxserver/netbox:latest |
-| netbox-db | postgres:17-alpine |
-| nextcloud | lscr.io/linuxserver/nextcloud:latest |
-| ollama | ollama/ollama |
-| ombi | lscr.io/linuxserver/ombi:latest |
-| paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
-| pgbackweb | eduardolat/pgbackweb:latest |
-| pgbackweb-db | postgres:16-alpine |
-| plantuml-server | plantuml/plantuml-server:jetty |
-| plausible | ghcr.io/plausible/community-edition:v2.1.0 |
-| plausible_db | postgres:16-alpine |
-| plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
-| postal-smtp | ghcr.io/postalserver/postal:latest |
-| postal-web | ghcr.io/postalserver/postal:latest |
-| postal-worker | ghcr.io/postalserver/postal:latest |
-| prowlarr | lscr.io/linuxserver/prowlarr:latest |
-| radarec | thewicklowwolf/radarec:latest |
-| radarr | lscr.io/linuxserver/radarr:latest |
-| reactive-resume | amruthpillai/reactive-resume:latest |
-| reactive-resume-pg | postgres:16-alpine |
-| readarr | lscr.io/linuxserver/readarr:develop |
-| redis | redis:alpine |
-| redlib | quay.io/redlib/redlib:latest |
-| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
-| scraperr | jpyles0524/scraperr:latest |
-| scraperr-api | jpyles0524/scraperr_api:latest |
-| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
-| searxng | searxng/searxng:latest |
-| slurpit-portal | slurpit/portal:latest |
-| slurpit-scanner | slurpit/scanner:latest |
-| slurpit-scraper | slurpit/scraper:latest |
-| slurpit-warehouse | slurpit/warehouse:latest |
-| sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
-| sonarqube-pg-db | postgres:17-alpine |
-| sonarr | lscr.io/linuxserver/sonarr:latest |
-| sonashow | thewicklowwolf/sonashow:latest |
-| soularr | mrusse08/soularr:latest |
-| soulseek | slskd/slskd |
-| speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
-| spotisub | blastbeng/spotisub:latest |
-| swag | lscr.io/linuxserver/swag:latest |
-| synapse | docker.io/matrixdotorg/synapse:latest |
-| synapse-db | postgres:16-alpine |
-| tandoor | vabene1111/recipes |
-| tandoor-pg | postgres:16-alpine |
-| traccar | traccar/traccar:latest |
-| traccar-pg | postgres:16-alpine |
-| unmanic | josh5/unmanic:latest |
-| uptimekuma | louislam/uptime-kuma:latest |
-| vault | hashicorp/vault:latest |
-| wallabag | wallabag/wallabag |
-| wallos | bellamy/wallos:latest |
-| watchtower | ghcr.io/containrrr/watchtower:latest |
-| wazuh.agent | opennix/wazuh-agent:latest |
-| wazuh.dashboard | wazuh/wazuh-dashboard: |
-| wazuh.indexer | wazuh/wazuh-indexer: |
-| wazuh.manager | wazuh/wazuh-manager: |
-| web-check | lissy93/web-check |
-| whodb | clidey/whodb |
-| yacht | selfhostedpro/yacht |
-| your_spotify | lscr.io/linuxserver/your_spotify:latest |
-| youtubedl | nbr23/youtube-dl-server:latest |
-| zammad-backup | postgres: |
-| zammad-elasticsearch | bitnami/elasticsearch: |
-| zammad-init | : |
-| zammad-memcached | memcached: |
-| zammad-nginx | : |
-| zammad-postgresql | postgres: |
-| zammad-railsserver | : |
-| zammad-redis | redis: |
-| zammad-scheduler | : |
-| zammad-websocket | : |
-| zitadel | ghcr.io/zitadel/zitadel:latest |
-| zitadel-pg-db | postgres:16-alpine |
-
+[
+  {
+    "service": "actual_server",
+    "image": "docker.io/actualbudget/actual-server:latest"
+  },
+  {
+    "service": "adguard",
+    "image": "adguard/adguardhome:latest"
+  },
+  {
+    "service": "apprise",
+    "image": "lscr.io/linuxserver/apprise-api:latest"
+  },
+  {
+    "service": "audiobookshelf",
+    "image": "ghcr.io/advplyr/audiobookshelf:latest"
+  },
+  {
+    "service": "authelia",
+    "image": "authelia/authelia:master"
+  },
+  {
+    "service": "authelia-pg",
+    "image": "postgres:16-alpine"
+  },
+  {
+    "service": "bazarr",
+    "image": "lscr.io/linuxserver/bazarr:latest"
+  },
+  {
+    "service": "bitmagnet",
+    "image": "ghcr.io/bitmagnet-io/bitmagnet:latest"
+  },
+  {
+    "service": "bitmagnet-pg-db",
+    "image": "postgres:17-alpine"
+  },
+  {
+    "service": "bitwarden",
+    "image": "vaultwarden/server:latest"
+  },
+  {
+    "service": "bluesky-pds",
+    "image": "ghcr.io/bluesky-social/pds:latest"
+  },
+  {
+    "service": "browserless",
+    "image": "ghcr.io/browserless/chromium:latest"
+  },
+  {
+    "service": "castopod",
+    "image": "castopod/castopod:latest"
+  },
+  {
+    "service": "cloudflared",
+    "image": "cloudflare/cloudflared:latest"
+  },
+  {
+    "service": "cloudflareddns",
+    "image": "ghcr.io/hotio/cloudflareddns:latest"
+  },
+  {
+    "service": "crowdsec",
+    "image": "crowdsecurity/crowdsec:latest"
+  },
+  {
+    "service": "crowdsec-dashboard",
+    "image": "metabase/metabase"
+  },
+  {
+    "service": "czkawka",
+    "image": "jlesage/czkawka"
+  },
+  {
+    "service": "dagu-scheduler",
+    "image": "ghcr.io/dagu-org/dagu:latest"
+  },
+  {
+    "service": "dagu-server",
+    "image": "ghcr.io/dagu-org/dagu:latest"
+  },
+  {
+    "service": "delugevpn",
+    "image": "ghcr.io/binhex/arch-delugevpn:latest"
+  },
+  {
+    "service": "docker-socket-proxy",
+    "image": "ghcr.io/tecnativa/docker-socket-proxy:latest"
+  },
+  {
+    "service": "docuseal",
+    "image": "docuseal/docuseal:latest"
+  },
+  {
+    "service": "duplicati",
+    "image": "lscr.io/linuxserver/duplicati:latest"
+  },
+  {
+    "service": "fastenhealth",
+    "image": "ghcr.io/fastenhealth/fasten-onprem:main"
+  },
+  {
+    "service": "flaresolverr",
+    "image": "ghcr.io/flaresolverr/flaresolverr:latest"
+  },
+  {
+    "service": "ghost",
+    "image": "ghost:latest"
+  },
+  {
+    "service": "gitea",
+    "image": "gitea/gitea:1.22.2"
+  },
+  {
+    "service": "gitea-db",
+    "image": "postgres:14"
+  },
+  {
+    "service": "gitea-opengist",
+    "image": "ghcr.io/thomiceli/opengist:latest"
+  },
+  {
+    "service": "gitea-runner",
+    "image": "gitea/act_runner:latest"
+  },
+  {
+    "service": "gitea-sonarqube-bot",
+    "image": "justusbunsi/gitea-sonarqube-bot:v0.4.0"
+  },
+  {
+    "service": "gluetun",
+    "image": "qmcgaw/gluetun:latest"
+  },
+  {
+    "service": "gotify",
+    "image": "gotify/server"
+  },
+  {
+    "service": "grafana",
+    "image": "grafana/grafana-enterprise:latest"
+  },
+  {
+    "service": "grafana-alloy",
+    "image": "grafana/alloy:latest"
+  },
+  {
+    "service": "grafana-loki",
+    "image": "grafana/loki:latest"
+  },
+  {
+    "service": "grafana-mimir",
+    "image": "grafana/mimir:latest"
+  },
+  {
+    "service": "grafana-mimir-memcached",
+    "image": "memcached"
+  },
+  {
+    "service": "grafana-pyroscope",
+    "image": "grafana/pyroscope:latest"
+  },
+  {
+    "service": "grafana-tempo",
+    "image": "grafana/tempo:latest"
+  },
+  {
+    "service": "homepage",
+    "image": "ghcr.io/gethomepage/homepage:latest"
+  },
+  {
+    "service": "hortusfox",
+    "image": "ghcr.io/danielbrendel/hortusfox-web:latest"
+  },
+  {
+    "service": "hugo",
+    "image": "hugomods/hugo:exts"
+  },
+  {
+    "service": "invidious",
+    "image": "quay.io/invidious/invidious:latest"
+  },
+  {
+    "service": "invidious-db",
+    "image": "docker.io/library/postgres:14"
+  },
+  {
+    "service": "invoice_ninja",
+    "image": "invoiceninja/invoiceninja:5"
+  },
+  {
+    "service": "invoice_ninja_proxy",
+    "image": "nginx"
+  },
+  {
+    "service": "it-tools",
+    "image": "ghcr.io/corentinth/it-tools:latest"
+  },
+  {
+    "service": "jellyfin",
+    "image": "jellyfin/jellyfin"
+  },
+  {
+    "service": "jitsi-etherpad",
+    "image": "etherpad/etherpad:1.8.6"
+  },
+  {
+    "service": "jitsi-jibri",
+    "image": "jitsi/jibri:${JITSI_IMAGE_VERSION:-stable}"
+  },
+  {
+    "service": "jitsi-jicofo",
+    "image": "jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable}"
+  },
+  {
+    "service": "jitsi-jigasi",
+    "image": "jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable}"
+  },
+  {
+    "service": "jitsi-jvb",
+    "image": "jitsi/jvb:${JITSI_IMAGE_VERSION:-stable}"
+  },
+  {
+    "service": "jitsi-prosody",
+    "image": "jitsi/prosody:${JITSI_IMAGE_VERSION:-stable}"
+  },
+  {
+    "service": "jitsi-web",
+    "image": "jitsi/web:${JITSI_IMAGE_VERSION:-stable}"
+  },
+  {
+    "service": "joplin-db",
+    "image": "postgres:17-alpine"
+  },
+  {
+    "service": "joplin",
+    "image": "joplin/server:latest"
+  },
+  {
+    "service": "komodo-core",
+    "image": "ghcr.io/mbecker20/komodo:latest"
+  },
+  {
+    "service": "komodo-ferretdb",
+    "image": "ghcr.io/ferretdb/ferretdb"
+  },
+  {
+    "service": "komodo-periphery",
+    "image": "ghcr.io/mbecker20/periphery:latest"
+  },
+  {
+    "service": "komodo-pg-db",
+    "image": "postgres:17-alpine"
+  },
+  {
+    "service": "librespeed",
+    "image": "lscr.io/linuxserver/librespeed:latest"
+  },
+  {
+    "service": "lidarr",
+    "image": "lscr.io/linuxserver/lidarr:latest"
+  },
+  {
+    "service": "lidify",
+    "image": "thewicklowwolf/lidify:latest"
+  },
+  {
+    "service": "lldap",
+    "image": "lldap/lldap:stable"
+  },
+  {
+    "service": "localai",
+    "image": "localai/localai:latest-aio-cpu"
+  },
+  {
+    "service": "maloja",
+    "image": "krateng/maloja:latest"
+  },
+  {
+    "service": "mariadb",
+    "image": "ghcr.io/linuxserver/mariadb"
+  },
+  {
+    "service": "meshcentral",
+    "image": "ghcr.io/ylianst/meshcentral:master"
+  },
+  {
+    "service": "minio",
+    "image": "minio/minio"
+  },
+  {
+    "service": "mongodb",
+    "image": "mongo:7.0"
+  },
+  {
+    "service": "multi-scrobbler",
+    "image": "foxxmd/multi-scrobbler"
+  },
+  {
+    "service": "n8n",
+    "image": "docker.n8n.io/n8nio/n8n"
+  },
+  {
+    "service": "navidrome",
+    "image": "deluan/navidrome:latest"
+  },
+  {
+    "service": "netbox",
+    "image": "lscr.io/linuxserver/netbox:latest"
+  },
+  {
+    "service": "netbox-db",
+    "image": "postgres:17-alpine"
+  },
+  {
+    "service": "nextcloud",
+    "image": "lscr.io/linuxserver/nextcloud:latest"
+  },
+  {
+    "service": "ollama",
+    "image": "ollama/ollama"
+  },
+  {
+    "service": "ombi",
+    "image": "lscr.io/linuxserver/ombi:latest"
+  },
+  {
+    "service": "paperless-ngx",
+    "image": "ghcr.io/paperless-ngx/paperless-ngx:latest"
+  },
+  {
+    "service": "plausible",
+    "image": "ghcr.io/plausible/community-edition:v2.1.0"
+  },
+  {
+    "service": "plausible_db",
+    "image": "postgres:16-alpine"
+  },
+  {
+    "service": "plausible_events_db",
+    "image": "clickhouse/clickhouse-server:24.3.3.102-alpine"
+  },
+  {
+    "service": "postal-smtp",
+    "image": "ghcr.io/postalserver/postal:latest"
+  },
+  {
+    "service": "postal-web",
+    "image": "ghcr.io/postalserver/postal:latest"
+  },
+  {
+    "service": "postal-worker",
+    "image": "ghcr.io/postalserver/postal:latest"
+  },
+  {
+    "service": "prowlarr",
+    "image": "lscr.io/linuxserver/prowlarr:latest"
+  },
+  {
+    "service": "radarec",
+    "image": "thewicklowwolf/radarec:latest"
+  },
+  {
+    "service": "radarr",
+    "image": "lscr.io/linuxserver/radarr:latest"
+  },
+  {
+    "service": "reactive-resume",
+    "image": "amruthpillai/reactive-resume:latest"
+  },
+  {
+    "service": "reactive-resume-pg",
+    "image": "postgres:16-alpine"
+  },
+  {
+    "service": "readarr",
+    "image": "lscr.io/linuxserver/readarr:develop"
+  },
+  {
+    "service": "redis",
+    "image": "redis:alpine"
+  },
+  {
+    "service": "redlib",
+    "image": "quay.io/redlib/redlib:latest"
+  },
+  {
+    "service": "sabnzbdvpn",
+    "image": "ghcr.io/binhex/arch-sabnzbdvpn:latest"
+  },
+  {
+    "service": "scraperr",
+    "image": "jpyles0524/scraperr:latest"
+  },
+  {
+    "service": "scraperr-api",
+    "image": "jpyles0524/scraperr_api:latest"
+  },
+  {
+    "service": "scrutiny",
+    "image": "ghcr.io/analogj/scrutiny:master-omnibus"
+  },
+  {
+    "service": "searxng",
+    "image": "searxng/searxng:latest"
+  },
+  {
+    "service": "semaphore",
+    "image": "semaphoreui/semaphore:v2.10.32"
+  },
+  {
+    "service": "slurpit-portal",
+    "image": "slurpit/portal:latest"
+  },
+  {
+    "service": "slurpit-scanner",
+    "image": "slurpit/scanner:latest"
+  },
+  {
+    "service": "slurpit-scraper",
+    "image": "slurpit/scraper:latest"
+  },
+  {
+    "service": "slurpit-warehouse",
+    "image": "slurpit/warehouse:latest"
+  },
+  {
+    "service": "sonarqube",
+    "image": "mc1arke/sonarqube-with-community-branch-plugin:lts"
+  },
+  {
+    "service": "sonarqube-pg-db",
+    "image": "postgres:17-alpine"
+  },
+  {
+    "service": "sonarr",
+    "image": "lscr.io/linuxserver/sonarr:latest"
+  },
+  {
+    "service": "sonashow",
+    "image": "thewicklowwolf/sonashow:latest"
+  },
+  {
+    "service": "soulseek",
+    "image": "slskd/slskd"
+  },
+  {
+    "service": "spotisub",
+    "image": "blastbeng/spotisub:latest"
+  },
+  {
+    "service": "swag",
+    "image": "lscr.io/linuxserver/swag:latest"
+  },
+  {
+    "service": "synapse",
+    "image": "docker.io/matrixdotorg/synapse:latest"
+  },
+  {
+    "service": "synapse-db",
+    "image": "postgres:16-alpine"
+  },
+  {
+    "service": "tandoor",
+    "image": "vabene1111/recipes"
+  },
+  {
+    "service": "tandoor-pg",
+    "image": "postgres:16-alpine"
+  },
+  {
+    "service": "traccar",
+    "image": "traccar/traccar:latest"
+  },
+  {
+    "service": "traccar-pg",
+    "image": "postgres:16-alpine"
+  },
+  {
+    "service": "unmanic",
+    "image": "josh5/unmanic:latest"
+  },
+  {
+    "service": "uptimekuma",
+    "image": "louislam/uptime-kuma:latest"
+  },
+  {
+    "service": "vault",
+    "image": "hashicorp/vault:latest"
+  },
+  {
+    "service": "wallabag",
+    "image": "wallabag/wallabag"
+  },
+  {
+    "service": "wallos",
+    "image": "bellamy/wallos:latest"
+  },
+  {
+    "service": "watchtower",
+    "image": "ghcr.io/containrrr/watchtower:latest"
+  },
+  {
+    "service": "wazuh.agent",
+    "image": "opennix/wazuh-agent:latest"
+  },
+  {
+    "service": "wazuh.dashboard",
+    "image": "wazuh/wazuh-dashboard:${WAZUH_VERSION}"
+  },
+  {
+    "service": "wazuh.indexer",
+    "image": "wazuh/wazuh-indexer:${WAZUH_VERSION}"
+  },
+  {
+    "service": "wazuh.manager",
+    "image": "wazuh/wazuh-manager:${WAZUH_VERSION}"
+  },
+  {
+    "service": "web-check",
+    "image": "lissy93/web-check"
+  },
+  {
+    "service": "whodb",
+    "image": "clidey/whodb"
+  },
+  {
+    "service": "your_spotify",
+    "image": "lscr.io/linuxserver/your_spotify:latest"
+  },
+  {
+    "service": "youtubedl",
+    "image": "nbr23/youtube-dl-server:latest"
+  },
+  {
+    "service": "zammad-backup",
+    "image": "postgres:${ZAMMAD_POSTGRES_VERSION}"
+  },
+  {
+    "service": "zammad-elasticsearch",
+    "image": "bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION}"
+  },
+  {
+    "service": "zammad-init",
+    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
+  },
+  {
+    "service": "zammad-memcached",
+    "image": "memcached:${ZAMMAD_MEMCACHE_VERSION}"
+  },
+  {
+    "service": "zammad-nginx",
+    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
+  },
+  {
+    "service": "zammad-postgresql",
+    "image": "postgres:${ZAMMAD_POSTGRES_VERSION}"
+  },
+  {
+    "service": "zammad-railsserver",
+    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
+  },
+  {
+    "service": "zammad-redis",
+    "image": "redis:${ZAMMAD_REDIS_VERSION}"
+  },
+  {
+    "service": "zammad-scheduler",
+    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
+  },
+  {
+    "service": "zammad-websocket",
+    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
+  },
+  {
+    "service": "zitadel",
+    "image": "ghcr.io/zitadel/zitadel:latest"
+  },
+  {
+    "service": "zitadel-pg-db",
+    "image": "postgres:16-alpine"
+  }
+]
+```
@@ -1,167 +0,0 @@
-.logs/*
-*.retry
-*.vault
-# https://raw.githubusercontent.com/github/gitignore/main/Python.gitignore
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-.cache_ggshield
-# Ansible Vault Password Files
-*.pass
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.nox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-*.py,cover
-.hypothesis/
-.pytest_cache/
-cover/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-.pybuilder/
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# IPython
-profile_default/
-ipython_config.py
-
-# pyenv
-#   For a library or package, you might want to ignore these files since the code is
-#   intended to run in multiple environments; otherwise, check them in:
-# .python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# poetry
-#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
-#   This is especially recommended for binary packages to ensure reproducibility, and is more
-#   commonly ignored for libraries.
-#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock
-
-# pdm
-#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
-#pdm.lock
-#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
-#   in version control.
-#   https://pdm.fming.dev/#use-with-ide
-.pdm.toml
-
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
-__pypackages__/
-
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
-.env
-.venv
-env/
-venv/
-ENV/
-env.bak/
-venv.bak/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
-
-# Pyre type checker
-.pyre/
-
-# pytype static type analyzer
-.pytype/
-
-# Cython debug symbols
-cython_debug/
-
-# PyCharm
-#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
-#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
-#  and can be added to the global gitignore or merged into this file.  For a more nuclear
-#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
@@ -1,45 +0,0 @@
-# Rinoa Docker_configs Ansible Project
-
-## Included content/ Directory Structure
-
-The directory structure follows best practices recommended by the Ansible community. Feel free to customize this template according to your specific project requirements.
-
-```
- ansible-project/
- |── .devcontainer/
- |    └── docker/
- |        └── devcontainer.json
- |    └── podman/
- |        └── devcontainer.json
- |    └── devcontainer.json
- |── .github/
- |    └── workflows/
- |        └── tests.yml
- |    └── ansible-code-bot.yml
- |── .vscode/
- |    └── extensions.json
- |── collections/
- |   └── requirements.yml
- |   └── ansible_collections/
- |       └── project_org/
- |           └── project_repo/
- |               └── README.md
- |               └── roles/sample_role/
- |                         └── README.md
- |                         └── tasks/main.yml
- |── inventory/
- |   └── groups_vars/
- |   └── host_vars/
- |   └── hosts.yml
- |── ansible-navigator.yml
- |── ansible.cfg
- |── devfile.yaml
- |── linux_playbook.yml
- |── network_playbook.yml
- |── README.md
- |── site.yml
-```
-
-## Compatible with Ansible-lint
-
-Tested with ansible-lint >=24.2.0 releases and the current development version of ansible-core.
@@ -1,25 +0,0 @@
-[defaults]
-# Specify the inventory file
-inventory = inventory/hosts.yml
-
-collections_path = ./collections
-# Set the logging verbosity level
-verbosity = 2
-
-# Set the default user for SSH connections
-remote_user = charish
-
-# Define the default become method
-become_method = sudo
-
-host_key_checking = false
-
-[persistent_connection]
-# Controls how long the persistent connection will remain idle before it is destroyed
-connect_timeout=30
-
-# Controls the amount of time to wait for response from remote device before timing out persistent connection
-command_timeout=30
-
-[hashi_vault_collection]
-auth_method = token
@@ -1,16 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-tunnel: 52bdee6e-8ccb-47be-ba9e-f8010b905e41
-credentials-file: /etc/cloudflared/52bdee6e-8ccb-47be-ba9e-f8010b905e41.json
-warp-routing:
-  enabled: true
-
-ingress:
-  - hostname: git-ssh.trez.wtf
-    service: ssh://gitea:22
-  - hostname: gist-ssh.trez.wtf
-    service: ssh://gitea-opengist:2222
-  - hostname: ssh.trez.wtf
-    service: ssh://192.168.1.254:22
-  - service: http_status:404  # Default for unmatched requests
@@ -1,15 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-
-source: journalctl
-journalctl_filter: 
-  - "--directory=/var/log/host/"
-labels:
-  type: syslog
---
-filenames:
-  - /var/log/swag/*
-labels:
-  type: nginx
---
@@ -1,17 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-name: default_ip_remediation
-#debug: true
-filters:
- - Alert.Remediation == true && Alert.GetScope() == "Ip"
-decisions:
- - type: ban
-   duration: 4h
-#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
-# notifications:
-#   - slack_default  # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
-#   - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
-#   - http_default   # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
-#   - email_default  # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
-on_success: break
@@ -1,125 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-APP_NAME = Gitea: Git with a cup of tea
-RUN_MODE = prod
-RUN_USER = git
-WORK_PATH = /data/gitea
-
-[repository]
-ROOT = /data/git/repositories
-DEFAULT_PRIVATE = last
-EMABLE_PUSH_CREATE_USER = true
-
-[repository.local]
-LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
-
-[repository.upload]
-TEMP_PATH = /data/gitea/uploads
-
-[server]
-APP_DATA_PATH = /data/gitea
-DOMAIN = git.trez.wtf
-SSH_DOMAIN = git-ssh.trez.wtf
-HTTP_PORT = 3000
-ROOT_URL = https://git.trez.wtf/
-DISABLE_SSH = false
-SSH_PORT = 22
-SSH_LISTEN_PORT = 22
-LFS_START_SERVER = true
-LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_LFS_JWT_SECRET'] }}
-OFFLINE_MODE = true
-
-[database]
-PATH = /data/gitea/gitea.db
-DB_TYPE = postgres
-HOST = gitea-db:5432
-NAME = gitea
-USER = gitea
-PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }}
-LOG_SQL = false
-SCHEMA =
-SSL_MODE = disable
-
-[indexer]
-ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
-REPO_INDEXER_ENABLED = true
-REPO_INDEXER_PATH = indexers/repos.bleve
-MAX_FILE_SIZE = 1048576
-REPO_INDEXER_INCLUDE =
-REPO_INDEXER_EXCLUDE = resources/bin/**
-
-[session]
-PROVIDER_CONFIG = /data/gitea/sessions
-PROVIDER = file
-
-[picture]
-AVATAR_UPLOAD_PATH = /data/gitea/avatars
-REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
-
-[attachment]
-PATH = /data/gitea/attachments
-
-[log]
-MODE = console
-LEVEL = info
-ROOT_PATH = root
-
-[security]
-INSTALL_LOCK = true
-SECRET_KEY =
-REVERSE_PROXY_LIMIT = 1
-REVERSE_PROXY_TRUSTED_PROXIES = *
-INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }}
-PASSWORD_HASH_ALGO = pbkdf2
-
-[service]
-DISABLE_REGISTRATION = false
-REQUIRE_SIGNIN_VIEW = false
-REGISTER_EMAIL_CONFIRM = true
-ENABLE_NOTIFY_MAIL = true
-ALLOW_ONLY_EXTERNAL_REGISTRATION = false
-ENABLE_CAPTCHA = true
-DEFAULT_KEEP_EMAIL_PRIVATE = true
-DEFAULT_ALLOW_CREATE_ORGANIZATION = false
-DEFAULT_ENABLE_TIMETRACKING = false
-NO_REPLY_ADDRESS = noreply@trez.wtf
-
-[lfs]
-PATH = /data/git/lfs
-
-[mailer]
-PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
-PROTOCOL = smtp
-ENABLED = true
-FROM = '"Gitea" <noreply@trez.wtf>'
-SMTP_PORT = 25
-USER = rinoa/postal-smtp
-SMTP_ADDR = postal-smtp
-IS_TLS_ENABLED = faLse
-
-[openid]
-ENABLE_OPENID_SIGNIN = true
-ENABLE_OPENID_SIGNUP = true
-
-[cron.update_checker]
-ENABLED = false
-
-[repository.pull-request]
-DEFAULT_MERGE_STYLE = merge
-
-[repository.signing]
-DEFAULT_TRUST_MODEL = committer
-
-[oauth2]
-JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
-
-[ui]
-THEMES =
-
-[actions]
-ENABLED = true
-
-[webhook]
-ALLOWED_HOST_LIST = private,104.21.1.234,172.67.152.146
-SKIP_TLS_VERIFY = true
@@ -1,81 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
-gitea:
-  # Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
-  url: https://git.trez.wtf
-
-  # Created access token for the user that shall be used as bot account.
-  # User needs "Read project" permissions with access to "Pull Requests"
-  token:
-    value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
-    # # or path to file containing the plain text secret
-    # file: /path/to/gitea/token
-
-  # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
-  # request will be ignored.
-  # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
-  # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
-  webhook:
-    secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
-    # # or path to file containing the plain text secret
-    # secretFile: /path/to/gitea/webhook/secret
-
-  # Pull Request status check settings.
-  statusCheck:
-    # Configure the label/name of the PR status check.
-    name: "gitea-sonarqube-bot"
-
-# SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
-sonarqube:
-  # Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
-  url: https://sqube.trez.wtf
-
-  # Created access token for the user that shall be used as bot account.
-  # User needs "Browse on project" permissions
-  token:
-    value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
-    # # or path to file containing the plain text secret
-    # file: /path/to/sonarqube/token
-
-  # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
-  # request will be ignored.
-  # The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
-  # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
-  # validated.
-  webhook:
-    secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
-    # # or path to file containing the plain text secret
-    # secretFile: /path/to/sonarqube/webhook/secret
-
-  # Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc.
-  # By default, the bot will extract "bugs,vulnerabilities,code_smells"
-  # Setting this option you can extend that default list by your own metrics.
-  # additionalMetrics: []
-  # - "new_security_hotspots"
-
-# List of project mappings to take care of. Webhooks for other projects will be ignored.
-# At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own.
-projects:
-  - sonarqube:
-      key: rinoa-docker
-    # A repository specification contains the owner name and the repository name itself. The owner can be the name of a
-    # real account or an organization in which the repository is located.
-    gitea:
-      owner: Trez.One
-      name: rinoa-docker
-
-# Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema.
-namingPattern:
-  # Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR.
-  # That integer part is identical to the pull request ID in Gitea.
-  regex: "^.*$"
-
-  # Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID.
-  # See: https://pkg.go.dev/fmt#hdr-Printing
-  template: "%s"
-
-  # Example for integer-only names
-  # # regex: "^(\\d+)$"
-  # # template: "%d"
@@ -1,404 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// Agent globals
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-local.file "endpoints" {
-    // The endpoints file is used to define the endpoints, credentials and options
-    // for the Agent export to.
-    filename = "/etc/alloy/endpoints.json"
-}
-
-discovery.docker "rinoadocker" {
-        host = env("DOCKER_HOST")
-}
-
-tracing {
-    write_to = [otelcol.exporter.otlp.tempo.input]
-}
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// Metrics
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-prometheus.remote_write "mimir" {
-  endpoint {
-    url = json_path(local.file.endpoints.content, ".metrics.url")[0]
-    basic_auth {
-        username = json_path(local.file.endpoints.content, ".metrics.basicAuth.username")[0]
-        password = json_path(local.file.endpoints.content, ".metrics.basicAuth.password")[0]
-    }
-  }
-}
-
-prometheus.scrape "prometheus" {
-        targets = [{
-                __address__ = "localhost:12345",
-        }]
-        forward_to = [prometheus.remote_write.mimir.receiver]
-        job_name   = "prometheus"
-}
-
-prometheus.exporter.unix "rinoa" {
-        procfs_path = "/host/proc"
-        sysfs_path  = "/host/sys"
-        rootfs_path = "/rootfs"
-}
-
-prometheus.scrape "rinoa" {
-        targets    = prometheus.exporter.unix.rinoa.targets
-        forward_to = [prometheus.remote_write.mimir.receiver]
-        job_name   = "rinoa_host"
-}
-
-prometheus.exporter.cadvisor "docker" {
-        docker_host      = env("DOCKER_HOST")
-        storage_duration = "5m"
-}
-
-prometheus.scrape "docker" {
-        targets    = prometheus.exporter.cadvisor.docker.targets
-        forward_to = [prometheus.remote_write.mimir.receiver]
-        job_name   = "docker_stats"
-}
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// Logging
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-loki.write "loki" {
-        endpoint {
-                url = json_path(local.file.endpoints.content, ".logs.url")[0]
-                basic_auth {
-                        username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
-                        password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
-                }
-        }
-        external_labels = {}
-}
-
-loki.source.journal "hostjournal" {
-        forward_to = [loki.write.loki.receiver]
-        max_age = "24h"
-        path = "/rootfs/var/log/journal/"
-        labels = {
-                job = "host-journal",
-        }
-}
-
-local.file_match "system" {
-        path_targets = [{
-                __address__ = "localhost",
-                __path__    = "/rootfs/var/log/*log",
-                job         = "varlogs",
-        }]
-}
-
-loki.source.file "system" {
-        targets    = local.file_match.system.targets
-        forward_to = [loki.write.loki.receiver]
-}
-
-loki.source.docker "containers" {
-        host       = env("DOCKER_HOST")
-        targets    = discovery.docker.rinoadocker.targets
-        forward_to = [loki.write.loki.receiver]
-        labels     = {
-                job = "containerlogs",
-        }
-}
-
-loki.process "containers" {
-        forward_to = [loki.write.loki.receiver]
-        // stage.docker {}
-        stage.json {
-		expressions = {
-			attrs  = "",
-			output = "log",
-			stream = "stream",
-		}
-	}
-
-	stage.json {
-		expressions = {
-			tag = "",
-		}
-		source = "attrs"
-	}
-
-	stage.regex {
-		expression = "(?P<image_name>(?:[^|]*[^|])).(?P<container_name>(?:[^|]*[^|])).(?P<image_id>(?:[^|]*[^|])).(?P<container_id>(?:[^|]*[^|]))"
-		source     = "tag"
-	}
-
-	stage.timestamp {
-		source = "time"
-		format = "RFC3339Nano"
-	}
-
-	stage.labels {
-		values = {
-			container_id   = null,
-			container_name = null,
-			image_id       = null,
-			image_name     = null,
-			stream         = null,
-			tag            = null,
-		}
-	}
-
-	stage.output {
-		source = "output"
-	}
-}
-
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// Traces
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-beyla.ebpf "rinoadocker" {
-    open_port = "80-65535"
-    routes {
-        unmatched = "heauristic"
-    }
-    output {
-        traces = [
-            otelcol.connector.servicegraph.tracemetrics.input,
-            otelcol.connector.spanmetrics.tracemetrics.input,
-            otelcol.processor.batch.default.input,
-            otelcol.connector.spanlogs.autologging.input,
-        ]
-    }
-}
-
-prometheus.scrape "beyla" { 
-    targets = beyla.ebpf.rinoadocker.targets
-    forward_to = [prometheus.remote_write.mimir.receiver]
-}
-
-otelcol.auth.headers "tempo" {
-    header {
-        key = "Authorization"
-        value = join(["Basic ", json_path(local.file.endpoints.content, ".traces.basicAuthToken")[0]], "")
-    }
-}
-
-otelcol.processor.batch "default" {
-    // Wait until we've received 16K of data.
-    send_batch_size = 16384
-    send_batch_max_size = 16384
-    // Or until 2 seconds have elapsed.
-    timeout = "2s"
-    // When the Agent has enough batched data, send it to the OpenTelemetry exporter named 'tempo'.
-    output {
-        traces = [otelcol.exporter.otlp.tempo.input]
-    }
-}
-
-otelcol.exporter.otlp "tempo" {
-    // Define the client for exporting.
-    client {
-        // Authentication block.
-        auth = otelcol.auth.headers.tempo.handler
-
-        // Send to the locally running Tempo instance, on port 4317 (OTLP gRPC).
-        endpoint = json_path(local.file.endpoints.content, ".traces.url")[0]
-
-        // Configure TLS settings for communicating with the endpoint.
-        tls {
-            // The connection is insecure.
-            insecure = json_path(local.file.endpoints.content, ".traces.tls.insecure")[0]
-            // Do not verify TLS certificates when connecting.
-            insecure_skip_verify = json_path(local.file.endpoints.content, ".traces.tls.insecureSkipVerify")[0]
-        }
-    }
-}
-
-otelcol.connector.spanlogs "autologging" {
-    // We only want to output a line for each root span (ie. every single trace), and not for every
-    // process or span (outputting a line for every span would be extremely verbose).
-    spans = false
-    roots = true
-    processes = false
-    // We want to ensure that the following three span attributes are included in the log line, if
-    // present.
-    span_attributes = [ "http.method", "http.target", "http.status_code" ]
-
-    // Overrides the default key in the log line to be `traceId`, which is then used by Grafana to
-    // identify the trace ID for correlation with the Tempo datasource.
-    overrides {
-        trace_id_key = "traceId"
-    }
-    // Send to the OpenTelemetry Loki exporter.
-    output {
-        logs = [otelcol.exporter.loki.autologging.input]
-    }
-}
-
-// Simply forwards the incoming OpenTelemetry log format out as a Loki log.
-// We need this stage to ensure we can then process the logline as a Loki object.
-otelcol.exporter.loki "autologging" {
-    forward_to = [loki.process.autologging.receiver]
-}
-
-// The Loki processor allows us to accept a correctly formatted Loki log and mutate it into
-// a set of fields for output.
-loki.process "autologging" {
-    // The JSON stage simply extracts the `body` (the actual logline) from the Loki log, ignoring
-    // all other fields.
-    stage.json {
-        expressions = { "body" = "" }
-    }
-    // The output stage takes the body (the main logline) and uses this as the source for the output
-    // logline. In this case, it essentially turns it into logfmt.
-    stage.output {
-        source = "body"
-    }
-
-    // Finally send the processed logline onto the Loki exporter.
-    forward_to = [loki.write.autologging.receiver]
-}
-
-// The Loki writer receives a processed Loki log and then writes it to a Loki instance.
-loki.write "autologging" {
-    // Add the `agent` value to the `job` label, so we can identify it as having been generated
-    // by Grafana Agent when querying.
-    external_labels = {
-        job = "agent",
-    }
-
-    // Output the Loki log to the local Loki instance.
-    endpoint {
-        url = json_path(local.file.endpoints.content, ".logs.url")[0]
-
-        // The basic auth credentials for the Loki instance.
-        basic_auth {
-            username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
-            password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
-        }
-    }
-}
-
-// The Tail Sampling processor will use a set of policies to determine which received traces to keep
-// and send to Tempo.
-otelcol.processor.tail_sampling "errors" {
-    // Total wait time from the start of a trace before making a sampling decision. Note that smaller time
-    // periods can potentially cause a decision to be made before the end of a trace has occurred.
-    decision_wait = "30s"
-
-    // The following policies follow a logical OR pattern, meaning that if any of the policies match,
-    // the trace will be kept. For logical AND, you can use the `and` policy. Every span of a trace is
-    // examined by each policy in turn. A match will cause a short-circuit.
-
-    // This policy defines that traces that contain errors should be kept.
-    policy {
-        // The name of the policy can be used for logging purposes.
-        name = "sample-erroring-traces"
-        // The type must match the type of policy to be used, in this case examing the status code
-        // of every span in the trace.
-        type = "status_code"
-        // This block determines the error codes that should match in order to keep the trace,
-        // in this case the OpenTelemetry 'ERROR' code.
-        status_code {
-            status_codes = [ "ERROR" ]
-        }
-    }
-
-    // This policy defines that only traces that are longer than 200ms in total should be kept.
-    policy {
-        // The name of the policy can be used for logging purposes.
-        name = "sample-long-traces"
-        // The type must match the policy to be used, in this case the total latency of the trace.
-        type = "latency"
-        // This block determines the total length of the trace in milliseconds.
-        latency {
-            threshold_ms = 200
-        }
-    }
-
-    // The output block forwards the kept traces onto the batch processor, which will marshall them
-    // for exporting to Tempo.
-    output {
-        traces = [otelcol.processor.batch.default.input]
-    }
-}
-
-// The Spanmetrics Connector will generate RED metrics based on the incoming trace span data.
-otelcol.connector.spanmetrics "tracemetrics" {
-    // The namespace explicit adds a prefix to all the generated span metrics names.
-    // In this case, we'll ensure they match as closely as possible those generated by Tempo.
-    namespace = "traces.spanmetrics"
-
-    // Each extra dimension (metrics label) to be added to the generated metrics from matching span attributes. These
-    // need to be defined with a name and optionally a default value (in the following cases, we do not want a default
-    // value if the span attribute is not present).
-    dimension {
-        name = "http.method"
-    }
-    dimension {
-        name = "http.target"
-    }
-    dimension {
-        name = "http.status_code"
-    }
-    dimension {
-        name = "service.version"
-    }
-
-    // A histogram block must be present, either explicitly defining bucket values or via an exponential block.
-    // We do the latter here.
-    histogram {
-        explicit {
-        }
-    }
-
-    // The exemplar block is added to ensure we generate exemplars for traces on relevant metric values.
-    exemplars {
-        enabled = true
-    }
-
-    // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
-    // it gets transformed into Prometheus format data.
-    output {
-        metrics = [otelcol.exporter.prometheus.tracemetrics.input]
-    }
-}
-
-// The Servicegraph Connector will generate service graph metrics (edges and nodes) based on incoming trace spans.
-otelcol.connector.servicegraph "tracemetrics" {
-    // Extra dimensions (metrics labels) to be added to the generated metrics from matching span attributes.
-    // For this component, this is defined as an array. There are no default values and the labels will not be generated
-    // for missing span attributes.
-    dimensions = [
-        "http.method",
-        "http.target",
-        "http.status_code",
-        "service.version",
-    ]
-
-    // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
-    // it gets transformed into Prometheus format data.
-    output {
-        metrics = [otelcol.exporter.prometheus.tracemetrics.input]
-    }
-}
-
-otelcol.exporter.prometheus "tracemetrics" {
-    // Forward to our local Prometheus remote writer which will send the metrics to Mimir.
-    forward_to = [prometheus.remote_write.mimir.receiver]
-}
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// Profiling
-/////////////////////////////////////////////////////////////////////////////////////////////////////////////
-
-pyroscope.write "pyroscope" {
-        endpoint {
-                url = json_path(local.file.endpoints.content, ".profiles.url")[0]
-                basic_auth {
-                        username = json_path(local.file.endpoints.content, ".profiles.basicAuth.username")[0]
-                        password = json_path(local.file.endpoints.content, ".profiles.basicAuth.password")[0]
-                }
-        }
-        external_labels = {}
-}
-
-pyroscope.ebpf "rinoadocker" {
-        forward_to = [pyroscope.write.pyroscope.receiver]
-        targets = discovery.docker.rinoadocker.targets
-}
@@ -1,34 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-{
-    "metrics": {
-        "url": "http://grafana-mimir:9009/api/v1/push",
-        "basicAuth": {
-            "username": "",
-            "password": ""
-        }
-    },
-    "logs": {
-        "url": "http://grafana-loki:3100/loki/api/v1/push",
-        "basicAuth": {
-            "username": "",
-            "password": ""
-        }
-    },
-    "traces": {
-        "url": "http://grafana-tempo:4317",
-        "basicAuthToken": "",
-        "tls": {
-            "insecure": true,
-            "insecureSkipVerify": true
-        }
-    },
-    "profiles": {
-        "url": "http://grafana-pyroscope:4040",
-        "basicAuth": {
-            "username": "",
-            "password": ""
-        }
-    }
-}
@@ -1,7 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-routes:
-  patterns:
-    - /*
-  unmatched: heuristic
@@ -1,77 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-multitenancy_enabled: false
-no_auth_tenant: rinoa_mimir
-# target: query-frontend
-# api:
-#   prometheus_http_prefix: '/prometheus'
-server:
-  http_listen_port: 9009
-# frontend:
-#   split_queries_by_interval: 24h
-#   align_queries_with_step: true
-  # cache_results: true
-  # results_cache:
-  #   backend: "memcached"
-  #   memcached:
-  #     addresses: "memcached-mimir:11211"
-#   downstream_url: http://grafana-agent:12345
-
-common:
-  storage:
-    backend: s3
-    s3:
-      endpoint: minio:9000
-      access_key_id: "Q8KAihuXtGgmretKNh7C"
-      secret_access_key: "hOlRODtnvFlNlL26Bj3GizZG6Ys3rlpG8p6Vo3NX"
-      bucket_name: "mimir"
-      insecure: true
-
-blocks_storage:
-  storage_prefix: rinoa
-  tsdb:
-    dir: /tmp/mimir/tsdb
-
-memberlist:
-  tls_enabled: false
-
-compactor:
-  # Directory to temporarily store blocks underdoing compaction.
-  data_dir: /tmp/mimir/compactor
-  # The sharding ring type used to share the hashed ring for the compactor.
-  sharding_ring:
-    # Use memberlist backend store (the default).
-    kvstore:
-      store: memberlist
-
-# The distributor receives incoming metrics data for the system.
-distributor:
-  # The ring to share hash ring data across instances.
-  ring:
-    # The address advertised in the ring. Localhost.
-    instance_addr: 127.0.0.1
-    # Use memberlist backend store (the default).
-    kvstore:
-      store: memberlist
-
-# The ingester receives data from the distributor and processes it into indices and blocks.
-ingester:
-  # The ring to share hash ring data across instances.
-  ring:
-    # The address advertised in the ring. Localhost.
-    instance_addr: 127.0.0.1
-    # Use memberlist backend store (the default).
-    kvstore:
-      store: memberlist
-    # Only run one instance of the ingesters.
-    # Note: It is highly recommended to run more than one ingester in production, the default is an RF of 3.
-    replication_factor: 1
-
-# The store gateway block configures gateway storage.
-store_gateway:
-  # Configuration for the hash ring.
-  sharding_ring:
-    # Only run a single instance. In production setups, the replication factor must
-    # be set on the querier and ruler as well.
-    replication_factor: 1
@@ -1,12 +0,0 @@
-storage:
-  backend: s3
-  s3:
-    bucket_name: pyroscope
-    endpoint: minio:9000
-    region: us-east-fh-pln
-    access_key_id: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }}
-    secret_access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }}
-    insecure: true
-
-analytics:
-  reporting_enabled: false
@@ -1,787 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-target: all
-http_api_prefix: ""
-autocomplete_filtering_enabled: true
-server:
-    http_listen_network: tcp
-    http_listen_address: ""
-    http_listen_port: 80
-    http_listen_conn_limit: 0
-    grpc_listen_network: tcp
-    grpc_listen_address: ""
-    grpc_listen_port: 9095
-    grpc_listen_conn_limit: 0
-    tls_cipher_suites: ""
-    tls_min_version: ""
-    http_tls_config:
-        cert: ""
-        key: null
-        client_ca: ""
-        cert_file: ""
-        key_file: ""
-        client_auth_type: ""
-        client_ca_file: ""
-    grpc_tls_config:
-        cert: ""
-        key: null
-        client_ca: ""
-        cert_file: ""
-        key_file: ""
-        client_auth_type: ""
-        client_ca_file: ""
-    register_instrumentation: true
-    report_grpc_codes_in_instrumentation_label_enabled: false
-    graceful_shutdown_timeout: 30s
-    http_server_read_timeout: 30s
-    http_server_read_header_timeout: 0s
-    http_server_write_timeout: 30s
-    http_server_idle_timeout: 2m0s
-    http_log_closed_connections_without_response_enabled: false
-    grpc_server_max_recv_msg_size: 16777216
-    grpc_server_max_send_msg_size: 16777216
-    grpc_server_max_concurrent_streams: 100
-    grpc_server_max_connection_idle: 2562047h47m16.854775807s
-    grpc_server_max_connection_age: 2562047h47m16.854775807s
-    grpc_server_max_connection_age_grace: 2562047h47m16.854775807s
-    grpc_server_keepalive_time: 2h0m0s
-    grpc_server_keepalive_timeout: 20s
-    grpc_server_min_time_between_pings: 10s
-    grpc_server_ping_without_stream_allowed: true
-    grpc_server_num_workers: 0
-    log_format: logfmt
-    log_level: info
-    log_source_ips_enabled: false
-    log_source_ips_header: ""
-    log_source_ips_regex: ""
-    log_request_headers: false
-    log_request_at_info_level_enabled: false
-    log_request_exclude_headers_list: ""
-    http_path_prefix: ""
-internal_server:
-    http_listen_network: tcp
-    http_listen_address: ""
-    http_listen_port: 3101
-    http_listen_conn_limit: 0
-    grpc_listen_network: ""
-    grpc_listen_address: ""
-    grpc_listen_port: 0
-    grpc_listen_conn_limit: 0
-    tls_cipher_suites: ""
-    tls_min_version: ""
-    http_tls_config:
-        cert: ""
-        key: null
-        client_ca: ""
-        cert_file: ""
-        key_file: ""
-        client_auth_type: ""
-        client_ca_file: ""
-    grpc_tls_config:
-        cert: ""
-        key: null
-        client_ca: ""
-        cert_file: ""
-        key_file: ""
-        client_auth_type: ""
-        client_ca_file: ""
-    register_instrumentation: false
-    report_grpc_codes_in_instrumentation_label_enabled: false
-    graceful_shutdown_timeout: 30s
-    http_server_read_timeout: 30s
-    http_server_read_header_timeout: 0s
-    http_server_write_timeout: 30s
-    http_server_idle_timeout: 2m0s
-    http_log_closed_connections_without_response_enabled: false
-    grpc_server_max_recv_msg_size: 0
-    grpc_server_max_send_msg_size: 0
-    grpc_server_max_concurrent_streams: 0
-    grpc_server_max_connection_idle: 0s
-    grpc_server_max_connection_age: 0s
-    grpc_server_max_connection_age_grace: 0s
-    grpc_server_keepalive_time: 0s
-    grpc_server_keepalive_timeout: 0s
-    grpc_server_min_time_between_pings: 0s
-    grpc_server_ping_without_stream_allowed: false
-    grpc_server_num_workers: 0
-    log_format: logfmt
-    log_level: info
-    log_source_ips_enabled: false
-    log_source_ips_header: ""
-    log_source_ips_regex: ""
-    log_request_headers: false
-    log_request_at_info_level_enabled: false
-    log_request_exclude_headers_list: ""
-    http_path_prefix: ""
-    enable: false
-distributor:
-    ring:
-        kvstore:
-            store: memberlist
-            prefix: collectors/
-            consul:
-                host: localhost:8500
-                acl_token: ""
-                http_client_timeout: 20s
-                consistent_reads: false
-                watch_rate_limit: 1
-                watch_burst_size: 1
-                cas_retry_delay: 1s
-            etcd:
-                endpoints: []
-                dial_timeout: 10s
-                max_retries: 10
-                tls_enabled: false
-                tls_cert_path: ""
-                tls_key_path: ""
-                tls_ca_path: ""
-                tls_server_name: ""
-                tls_insecure_skip_verify: false
-                tls_cipher_suites: ""
-                tls_min_version: ""
-                username: ""
-                password: ""
-            multi:
-                primary: ""
-                secondary: ""
-                mirror_enabled: false
-                mirror_timeout: 2s
-        heartbeat_period: 5s
-        heartbeat_timeout: 5m0s
-        instance_id: local-instance
-        instance_interface_names:
-            - eth0
-            - en0
-        instance_port: 0
-        instance_addr: ""
-    receivers: {}
-    override_ring_key: distributor
-    forwarders: []
-    extend_writes: true
-    retry_after_on_resource_exhausted: 0s
-ingester_client:
-    pool_config:
-        checkinterval: 15s
-        healthcheckenabled: true
-        healthchecktimeout: 1s
-        maxconcurrenthealthchecks: 0
-    remote_timeout: 5s
-    grpc_client_config:
-        max_recv_msg_size: 104857600
-        max_send_msg_size: 104857600
-        grpc_compression: snappy
-        rate_limit: 0
-        rate_limit_burst: 0
-        backoff_on_ratelimits: false
-        backoff_config:
-            min_period: 100ms
-            max_period: 10s
-            max_retries: 10
-        initial_stream_window_size: 63KiB1023B
-        initial_connection_window_size: 63KiB1023B
-        tls_enabled: false
-        tls_cert_path: ""
-        tls_key_path: ""
-        tls_ca_path: ""
-        tls_server_name: ""
-        tls_insecure_skip_verify: false
-        tls_cipher_suites: ""
-        tls_min_version: ""
-        connect_timeout: 5s
-        connect_backoff_base_delay: 1s
-        connect_backoff_max_delay: 5s
-metrics_generator_client:
-    pool_config:
-        checkinterval: 15s
-        healthcheckenabled: true
-        healthchecktimeout: 1s
-        maxconcurrenthealthchecks: 0
-    remote_timeout: 5s
-    grpc_client_config:
-        max_recv_msg_size: 104857600
-        max_send_msg_size: 104857600
-        grpc_compression: snappy
-        rate_limit: 0
-        rate_limit_burst: 0
-        backoff_on_ratelimits: false
-        backoff_config:
-            min_period: 100ms
-            max_period: 10s
-            max_retries: 10
-        initial_stream_window_size: 63KiB1023B
-        initial_connection_window_size: 63KiB1023B
-        tls_enabled: false
-        tls_cert_path: ""
-        tls_key_path: ""
-        tls_ca_path: ""
-        tls_server_name: ""
-        tls_insecure_skip_verify: false
-        tls_cipher_suites: ""
-        tls_min_version: ""
-        connect_timeout: 5s
-        connect_backoff_base_delay: 1s
-        connect_backoff_max_delay: 5s
-querier:
-    search:
-        query_timeout: 30s
-        prefer_self: 10
-        external_hedge_requests_at: 8s
-        external_hedge_requests_up_to: 2
-        external_backend: ""
-        google_cloud_run: null
-        external_endpoints: []
-    trace_by_id:
-        query_timeout: 10s
-    max_concurrent_queries: 20
-    frontend_worker:
-        frontend_address: 127.0.0.1:9095
-        dns_lookup_duration: 10s
-        parallelism: 2
-        match_max_concurrent: true
-        id: ""
-        grpc_client_config:
-            max_recv_msg_size: 104857600
-            max_send_msg_size: 16777216
-            grpc_compression: gzip
-            rate_limit: 0
-            rate_limit_burst: 0
-            backoff_on_ratelimits: false
-            backoff_config:
-                min_period: 100ms
-                max_period: 1s
-                max_retries: 5
-            initial_stream_window_size: 0B
-            initial_connection_window_size: 0B
-            tls_enabled: false
-            tls_cert_path: ""
-            tls_key_path: ""
-            tls_ca_path: ""
-            tls_server_name: ""
-            tls_insecure_skip_verify: false
-            tls_cipher_suites: ""
-            tls_min_version: ""
-            connect_timeout: 0s
-            connect_backoff_base_delay: 0s
-            connect_backoff_max_delay: 0s
-    query_relevant_ingesters: false
-query_frontend:
-    max_outstanding_per_tenant: 2000
-    querier_forget_delay: 0s
-    max_batch_size: 5
-    max_retries: 2
-    search:
-        concurrent_jobs: 1000
-        target_bytes_per_job: 104857600
-        default_result_limit: 20
-        max_result_limit: 0
-        max_duration: 168h0m0s
-        query_backend_after: 15m0s
-        query_ingesters_until: 30m0s
-    trace_by_id:
-        query_shards: 50
-        hedge_requests_at: 2s
-        hedge_requests_up_to: 2
-    metrics:
-        concurrent_jobs: 1000
-        target_bytes_per_job: 104857600
-        max_duration: 0s
-        query_backend_after: 1h0m0s
-        interval: 5m0s
-    multi_tenant_queries_enabled: true
-compactor:
-    ring:
-        kvstore:
-            store: ""
-            prefix: collectors/
-            consul:
-                host: localhost:8500
-                acl_token: ""
-                http_client_timeout: 20s
-                consistent_reads: false
-                watch_rate_limit: 1
-                watch_burst_size: 1
-                cas_retry_delay: 1s
-            etcd:
-                endpoints: []
-                dial_timeout: 10s
-                max_retries: 10
-                tls_enabled: false
-                tls_cert_path: ""
-                tls_key_path: ""
-                tls_ca_path: ""
-                tls_server_name: ""
-                tls_insecure_skip_verify: false
-                tls_cipher_suites: ""
-                tls_min_version: ""
-                username: ""
-                password: ""
-            multi:
-                primary: ""
-                secondary: ""
-                mirror_enabled: false
-                mirror_timeout: 2s
-        heartbeat_period: 5s
-        heartbeat_timeout: 1m0s
-        wait_stability_min_duration: 1m0s
-        wait_stability_max_duration: 5m0s
-        instance_id: local-instance
-        instance_interface_names:
-            - eth0
-            - en0
-        instance_port: 0
-        instance_addr: ""
-        enable_inet6: false
-        wait_active_instance_timeout: 10m0s
-    compaction:
-        v2_in_buffer_bytes: 5242880
-        v2_out_buffer_bytes: 20971520
-        v2_prefetch_traces_count: 1000
-        compaction_window: 1h0m0s
-        max_compaction_objects: 6000000
-        max_block_bytes: 107374182400
-        block_retention: 336h0m0s
-        compacted_block_retention: 1h0m0s
-        retention_concurrency: 10
-        max_time_per_tenant: 5m0s
-        compaction_cycle: 30s
-    override_ring_key: compactor
-ingester:
-    lifecycler:
-        ring:
-            kvstore:
-                store: inmemory
-                prefix: collectors/
-                consul:
-                    host: localhost:8500
-                    acl_token: ""
-                    http_client_timeout: 20s
-                    consistent_reads: false
-                    watch_rate_limit: 1
-                    watch_burst_size: 1
-                    cas_retry_delay: 1s
-                etcd:
-                    endpoints: []
-                    dial_timeout: 10s
-                    max_retries: 10
-                    tls_enabled: false
-                    tls_cert_path: ""
-                    tls_key_path: ""
-                    tls_ca_path: ""
-                    tls_server_name: ""
-                    tls_insecure_skip_verify: false
-                    tls_cipher_suites: ""
-                    tls_min_version: ""
-                    username: ""
-                    password: ""
-                multi:
-                    primary: ""
-                    secondary: ""
-                    mirror_enabled: false
-                    mirror_timeout: 2s
-            heartbeat_timeout: 5m0s
-            replication_factor: 1
-            zone_awareness_enabled: false
-            excluded_zones: ""
-        num_tokens: 128
-        heartbeat_period: 5s
-        heartbeat_timeout: 1m0s
-        observe_period: 0s
-        join_after: 0s
-        min_ready_duration: 15s
-        interface_names:
-            - en0
-            - bridge100
-        enable_inet6: false
-        final_sleep: 0s
-        tokens_file_path: ""
-        availability_zone: ""
-        unregister_on_shutdown: true
-        readiness_check_ring_health: true
-        address: 127.0.0.1
-        port: 0
-        id: local-instance
-    concurrent_flushes: 4
-    flush_check_period: 10s
-    flush_op_timeout: 5m0s
-    trace_idle_period: 10s
-    max_block_duration: 30m0s
-    max_block_bytes: 524288000
-    complete_block_timeout: 15m0s
-    override_ring_key: ring
-    flush_all_on_shutdown: false
-metrics_generator:
-    ring:
-        kvstore:
-            store: inmemory
-            prefix: collectors/
-            consul:
-                host: localhost:8500
-                acl_token: ""
-                http_client_timeout: 20s
-                consistent_reads: false
-                watch_rate_limit: 1
-                watch_burst_size: 1
-                cas_retry_delay: 1s
-            etcd:
-                endpoints: []
-                dial_timeout: 10s
-                max_retries: 10
-                tls_enabled: false
-                tls_cert_path: ""
-                tls_key_path: ""
-                tls_ca_path: ""
-                tls_server_name: ""
-                tls_insecure_skip_verify: false
-                tls_cipher_suites: ""
-                tls_min_version: ""
-                username: ""
-                password: ""
-            multi:
-                primary: ""
-                secondary: ""
-                mirror_enabled: false
-                mirror_timeout: 2s
-        heartbeat_period: 5s
-        heartbeat_timeout: 1m0s
-        instance_id: local-instance
-        instance_interface_names:
-            - eth0
-            - en0
-        instance_addr: 127.0.0.1
-        instance_port: 0
-        enable_inet6: false
-    processor:
-        service_graphs:
-            wait: 10s
-            max_items: 10000
-            workers: 10
-            histogram_buckets:
-                - 0.1
-                - 0.2
-                - 0.4
-                - 0.8
-                - 1.6
-                - 3.2
-                - 6.4
-                - 12.8
-            dimensions: []
-            enable_client_server_prefix: false
-            peer_attributes:
-                - peer.service
-                - db.name
-                - db.system
-            span_multiplier_key: ""
-        span_metrics:
-            histogram_buckets:
-                - 0.002
-                - 0.004
-                - 0.008
-                - 0.016
-                - 0.032
-                - 0.064
-                - 0.128
-                - 0.256
-                - 0.512
-                - 1.024
-                - 2.048
-                - 4.096
-                - 8.192
-                - 16.384
-            intrinsic_dimensions:
-                service: true
-                span_name: true
-                span_kind: true
-                status_code: true
-            dimensions: []
-            dimension_mappings: []
-            enable_target_info: false
-            span_multiplier_key: ""
-            subprocessors:
-                0: true
-                1: true
-                2: true
-            filter_policies: []
-            target_info_excluded_dimensions: []
-        local_blocks:
-            block:
-                bloom_filter_false_positive: 0.01
-                bloom_filter_shard_size_bytes: 102400
-                version: vParquet3
-                search_encoding: snappy
-                search_page_size_bytes: 1048576
-                v2_index_downsample_bytes: 1048576
-                v2_index_page_size_bytes: 256000
-                v2_encoding: zstd
-                parquet_row_group_size_bytes: 100000000
-                parquet_dedicated_columns: []
-            search:
-                chunk_size_bytes: 1000000
-                prefetch_trace_count: 1000
-                read_buffer_count: 32
-                read_buffer_size_bytes: 1048576
-                cache_control:
-                    footer: false
-                    column_index: false
-                    offset_index: false
-            flush_check_period: 10s
-            trace_idle_period: 10s
-            max_block_duration: 1m0s
-            max_block_bytes: 500000000
-            complete_block_timeout: 1h0m0s
-            max_live_traces: 0
-            concurrent_blocks: 10
-            filter_server_spans: true
-    registry:
-        collection_interval: 15s
-        stale_duration: 15m0s
-        max_label_name_length: 1024
-        max_label_value_length: 2048
-    storage:
-        path: ""
-        wal:
-            wal_segment_size: 134217728
-            wal_compression: none
-            stripe_size: 16384
-            truncate_frequency: 2h0m0s
-            min_wal_time: 300000
-            max_wal_time: 14400000
-            no_lockfile: false
-        remote_write_flush_deadline: 1m0s
-        remote_write_add_org_id_header: true
-    traces_storage:
-        path: ""
-        completedfilepath: ""
-        blocksfilepath: ""
-        v2_encoding: none
-        search_encoding: none
-        ingestion_time_range_slack: 0s
-        version: vParquet3
-    metrics_ingestion_time_range_slack: 30s
-    query_timeout: 30s
-    override_ring_key: metrics-generator
-storage:
-    trace:
-        pool:
-            max_workers: 400
-            queue_depth: 20000
-        wal:
-            path: /tmp/tempo/wal
-            completedfilepath: /tmp/tempo/wal/completed
-            blocksfilepath: /tmp/tempo/wal/blocks
-            v2_encoding: snappy
-            search_encoding: none
-            ingestion_time_range_slack: 2m0s
-            version: vParquet3
-        block:
-            bloom_filter_false_positive: 0.01
-            bloom_filter_shard_size_bytes: 102400
-            version: vParquet3
-            search_encoding: snappy
-            search_page_size_bytes: 1048576
-            v2_index_downsample_bytes: 1048576
-            v2_index_page_size_bytes: 256000
-            v2_encoding: zstd
-            parquet_row_group_size_bytes: 100000000
-            parquet_dedicated_columns: []
-        search:
-            chunk_size_bytes: 1000000
-            prefetch_trace_count: 1000
-            read_buffer_count: 32
-            read_buffer_size_bytes: 1048576
-            cache_control:
-                footer: false
-                column_index: false
-                offset_index: false
-        blocklist_poll: 5m0s
-        blocklist_poll_concurrency: 50
-        blocklist_poll_fallback: true
-        blocklist_poll_tenant_index_builders: 2
-        blocklist_poll_stale_tenant_index: 0s
-        blocklist_poll_jitter_ms: 0
-        blocklist_poll_tolerate_consecutive_errors: 1
-        backend: local
-        local:
-            path: /tmp/tempo/traces
-        gcs:
-            bucket_name: ""
-            prefix: ""
-            chunk_buffer_size: 10485760
-            endpoint: ""
-            hedge_requests_at: 0s
-            hedge_requests_up_to: 2
-            insecure: false
-            object_cache_control: ""
-            object_metadata: {}
-            list_blocks_concurrency: 3
-        s3:
-            tls_cert_path: ""
-            tls_key_path: ""
-            tls_ca_path: ""
-            tls_server_name: ""
-            tls_insecure_skip_verify: false
-            tls_cipher_suites: ""
-            tls_min_version: VersionTLS12
-            bucket: ""
-            prefix: ""
-            endpoint: ""
-            region: ""
-            access_key: ""
-            secret_key: ""
-            session_token: ""
-            insecure: false
-            part_size: 0
-            hedge_requests_at: 0s
-            hedge_requests_up_to: 2
-            signature_v2: false
-            forcepathstyle: false
-            bucket_lookup_type: 0
-            tags: {}
-            storage_class: ""
-            metadata: {}
-            native_aws_auth_enabled: false
-            list_blocks_concurrency: 3
-        azure:
-            storage_account_name: ""
-            storage_account_key: ""
-            use_managed_identity: false
-            use_federated_token: false
-            user_assigned_id: ""
-            container_name: ""
-            prefix: ""
-            endpoint_suffix: blob.core.windows.net
-            max_buffers: 4
-            buffer_size: 3145728
-            hedge_requests_at: 0s
-            hedge_requests_up_to: 2
-            use_v2_sdk: false
-        cache: ""
-        background_cache:
-            writeback_goroutines: 10
-            writeback_buffer: 10000
-        memcached: null
-        redis: null
-        cache_min_compaction_level: 0
-        cache_max_block_age: 0s
-overrides:
-    defaults:
-        ingestion:
-            rate_strategy: local
-            rate_limit_bytes: 15000000
-            burst_size_bytes: 20000000
-            max_traces_per_user: 10000
-        read:
-            max_bytes_per_tag_values_query: 5000000
-        global:
-            max_bytes_per_trace: 5000000
-    per_tenant_override_config: ""
-    per_tenant_override_period: 10s
-    user_configurable_overrides:
-        enabled: false
-        poll_interval: 1m0s
-        client:
-            backend: ""
-            confirm_versioning: true
-            local:
-                path: ""
-            gcs:
-                bucket_name: ""
-                prefix: ""
-                chunk_buffer_size: 10485760
-                endpoint: ""
-                hedge_requests_at: 0s
-                hedge_requests_up_to: 2
-                insecure: false
-                object_cache_control: ""
-                object_metadata: {}
-                list_blocks_concurrency: 3
-            s3:
-                tls_cert_path: ""
-                tls_key_path: ""
-                tls_ca_path: ""
-                tls_server_name: ""
-                tls_insecure_skip_verify: false
-                tls_cipher_suites: ""
-                tls_min_version: VersionTLS12
-                bucket: ""
-                prefix: ""
-                endpoint: ""
-                region: ""
-                access_key: ""
-                secret_key: ""
-                session_token: ""
-                insecure: false
-                part_size: 0
-                hedge_requests_at: 0s
-                hedge_requests_up_to: 2
-                signature_v2: false
-                forcepathstyle: false
-                bucket_lookup_type: 0
-                tags: {}
-                storage_class: ""
-                metadata: {}
-                native_aws_auth_enabled: false
-                list_blocks_concurrency: 3
-            azure:
-                storage_account_name: ""
-                storage_account_key: ""
-                use_managed_identity: false
-                use_federated_token: false
-                user_assigned_id: ""
-                container_name: ""
-                prefix: ""
-                endpoint_suffix: blob.core.windows.net
-                max_buffers: 4
-                buffer_size: 3145728
-                hedge_requests_at: 0s
-                hedge_requests_up_to: 2
-                use_v2_sdk: false
-        api:
-            check_for_conflicting_runtime_overrides: false
-memberlist:
-    node_name: ""
-    randomize_node_name: true
-    stream_timeout: 2s
-    retransmit_factor: 2
-    pull_push_interval: 30s
-    gossip_interval: 1s
-    gossip_nodes: 2
-    gossip_to_dead_nodes_time: 30s
-    dead_node_reclaim_time: 0s
-    compression_enabled: false
-    advertise_addr: ""
-    advertise_port: 7946
-    cluster_label: ""
-    cluster_label_verification_disabled: false
-    join_members: []
-    min_join_backoff: 1s
-    max_join_backoff: 1m0s
-    max_join_retries: 10
-    abort_if_cluster_join_fails: false
-    rejoin_interval: 0s
-    left_ingesters_timeout: 5m0s
-    leave_timeout: 20s
-    message_history_buffer_bytes: 0
-    bind_addr: []
-    bind_port: 7946
-    packet_dial_timeout: 2s
-    packet_write_timeout: 5s
-    tls_enabled: false
-    tls_cert_path: ""
-    tls_key_path: ""
-    tls_ca_path: ""
-    tls_server_name: ""
-    tls_insecure_skip_verify: false
-    tls_cipher_suites: ""
-    tls_min_version: ""
-usage_report:
-    reporting_enabled: true
-    backoff:
-        min_period: 100ms
-        max_period: 10s
-        max_retries: 0
-cache:
-    background:
-        writeback_goroutines: 10
-        writeback_buffer: 10000
-    caches: []
@@ -1,54 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-
-server:
-  http_listen_port: 3200
-
-distributor:
-  receivers:                           # this configuration will listen on all ports and protocols that tempo is capable of.
-    jaeger:                            # the receives all come from the OpenTelemetry collector.  more configuration information can
-      protocols:                       # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
-        thrift_http:                   #
-        grpc:                          # for a production deployment you should only enable the receivers you need!
-        thrift_binary:
-        thrift_compact:
-    zipkin:
-    otlp:
-      protocols:
-        http:
-        grpc:
-    opencensus:
-
-ingester:
-  max_block_duration: 5m               # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
-
-compactor:
-  compaction:
-    block_retention: 1h                # overall Tempo trace retention. set for demo purposes
-
-# metrics_generator:
-#   registry:
-#     external_labels:
-#       source: tempo
-#       cluster: docker-compose
-#   storage:
-#     path: /tmp/tempo/generator/wal
-#     remote_write:
-#       - url: http://grafana-alloy:12345/api/v1/write
-#         send_exemplars: true
-
-storage:
-  trace:
-    backend: s3                        # backend configuration to use
-    wal:
-      path: /tmp/tempo/wal             # where to store the the wal locally
-    s3:
-      bucket: tempo                    # how to store data in s3
-      endpoint: minio:9000
-      access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }}
-      secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_SECRET_KEY'] }}
-      insecure: true
-
-usage_report:
-  reporting_enabled: false
@@ -1,22 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-
---
-# For configuration options and examples, please see:
-# https://gethomepage.dev/en/configs/bookmarks
-
-#- Developer:
-#    - Github:
-#        - abbr: GH
-#          href: https://github.com/
-#
-#- Social:
-#    - Reddit:
-#        - abbr: RE
-#          href: https://reddit.com/
-#
-#- Entertainment:
-#    - YouTube:
-#        - abbr: YT
-#          href: https://youtube.com/
@@ -1,15 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-
---
-# For configuration options and examples, please see:
-# https://gethomepage.dev/en/configs/docker/
-
-# my-docker:
-#   host: 127.0.0.1
-#   port: 2375
-
- my-docker:
-   host: dockerproxy
-   port: 2375
@@ -1,6 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-
---
-# sample kubernetes config
@@ -1,33 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
---
-# For configuration options and examples, please see:
-# https://gethomepage.dev/en/configs/services
-
-#- My First Group:
-#    - My First Service:
-#        href: http://localhost/
-#        description: Homepage is awesome
-#
-#- My Second Group:
-#    - My Second Service:
-#        href: http://localhost/
-#        description: Homepage is the best
-#
-#- My Third Group:
-#    - My Third Service:
-#        href: http://localhost/
-#        description: Homepage is 😎
-
- Automation:
-    - Home Assistant (Rikku):
-        href: https://ha.trez.wtf
-        description: Smart Home
-        icon: home-assistant.png
-        weight: 0
-        widget:
-            type: homeassistant
-            url: http://192.168.1.252:8123
-            key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
-
@@ -1,60 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
---
-# For configuration options and examples, please see:
-# https://gethomepage.dev/en/configs/settings
-
-providers:
-  openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
-  # weatherapi: weatherapiapikey
-title: Rinoa Dashboard (trez.WTF)
-headerStyle: underlined
-color: slate
-showStats: true
-statusStyle: "dot"
-favicon: /icons/favicon.ico
-useEqualHeights: false
-hideErrors: false
-searchDescriptions: true
-showSearchSuggestions: true
-provider: duckduckgo
-
-layout:
-  System Administration:
-    style: row
-    columns: 4
-    # fiveColumns: true
-  Infrastructure/App Performance Monitoring:
-    style: row
-    columns: 4
-  Automation:
-    style: columns
-    row: 2
-  Code/DevOps:
-    style: columms
-    row: 2
-  Privacy/Security:
-    style: columns
-    row: 5
-  Social:
-    style: columns
-    row: 4
-  Lifestyle:
-    style: row
-    columns: 4
-  Personal Services:
-    style: row
-    columns: 4
-  Professional Services:
-    style: row
-    columns: 3
-  Servarr Stack:
-    style: row
-    columns: 3
-  Downloaders:
-    style: row
-    columns: 3
-  Media Library:
-    style: row
-    columns: 4
@@ -1,33 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
---
-# For configuration options and examples, please see:
-# https://gethomepage.dev/en/configs/widgets
-
- resources:
-    label: System
-    cpu: true
-    memory: true
-    cputemp: true
-    uptime: true
-
- resources:
-    label: Storage
-    expanded: true
-    disk:
-        - /
-        - /rinoa-storage
-
- search:
-    provider: custom
-    url: https://search.trez.wtf/search?q=
-    target: _blank
-
- openweathermap:
-    label: New York
-    latitude: 40.72
-    longitude: -73.85
-    units: imperial
-    provider: openweathermap
-    cache: 10
@@ -1,52 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-# IN application vars
-IN_APP_URL=http://in.localhost:8003
-IN_APP_KEY=<insert your generated key in here>
-IN_APP_DEBUG=true
-IN_REQUIRE_HTTPS=false
-IN_PHANTOMJS_PDF_GENERATION=false
-IN_PDF_GENERATOR=snappdf
-IN_TRUSTED_PROXIES='*'
-
-
-IN_QUEUE_CONNECTION=database
-
-# DB connection
-IN_DB_HOST=db
-IN_DB_PORT=3306
-IN_DB_DATABASE=ninja
-IN_DB_USERNAME=ninja
-IN_DB_PASSWORD=ninja
-
-# Create initial user
-# Default to these values if empty
-# IN_USER_EMAIL=admin@example.com
-# IN_PASSWORD=changeme!
-IN_USER_EMAIL=
-IN_PASSWORD=
-
-# Mail options
-IN_MAIL_MAILER=log
-IN_MAIL_HOST=smtp.mailtrap.io
-IN_MAIL_PORT=2525
-IN_MAIL_USERNAME=null
-IN_MAIL_PASSWORD=null
-IN_MAIL_ENCRYPTION=null
-IN_MAIL_FROM_ADDRESS='user@example.com'
-IN_MAIL_FROM_NAME='Self Hosted User'
-
-# MySQL
-IN_MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
-IN_MYSQL_USER=ninja
-IN_MYSQL_PASSWORD=ninja
-IN_MYSQL_DATABASE=ninja
-
-# GoCardless/Nordigen API key for banking integration
-NORDIGEN_SECRET_ID=
-NORDIGEN_SECRET_KEY=
-
-# V4 env vars
-# DB_STRICT=false
-# APP_CIPHER=AES-256-CBC
@@ -1,477 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-###########################
-# 🦎 KOMODO CORE CONFIG 🦎 #
-###########################
-
-## This is the offical "Default" config file for Komodo Core.
-## It serves as documentation for the meaning of the fields.
-## It is located at `https://github.com/mbecker20/komodo/blob/main/config/core.config.toml`.
-
-## All fields with a "Default" provided are optional. If they are
-## left out of the file, the "Default" value will be used.
-
-## This file is bundled into the official image, `ghcr.io/mbecker20/komodo`,
-## as the default config at `/config/config.toml`.
-## Komodo can start with no external config file mounted.
-
-## There is usually no need to create this file on your host.
-## Most fields can instead be configured using environment variables.
-## Environment variables will override values set in this file.
-
-## This will be the document title on the web page.
-## Env: KOMODO_TITLE
-## Default: 'Komodo'
-title = "Komodo @ Rinoa"
-
-## This should be the url used to access Komodo in browser, potentially behind DNS.
-## Eg https://komodo.example.com or http://12.34.56.78:9120. This should match the address configured in your Oauth app.
-## Env: KOMODO_HOST
-## Required, no default.
-host = "https://komodo.trez.wtf"
-
-## The port the core system will run on.
-## Env: KOMODO_PORT
-## Default: 9120
-port = 9120
-
-## This is the token used to authenticate core requests to periphery.
-## Ensure this matches a passkey in the connected periphery configs.
-## If the periphery servers don't have passkeys configured, this doesn't need to be changed.
-## Env: KOMODO_PASSKEY or KOMODO_PASSKEY_FILE
-## Required, no default
-passkey = "JgzFdZYbE7JfH5zhrh5pWUEQEWA4MCXG"
-
-## Ensure a server with this address exists on Core
-## upon first startup. Example: `https://periphery:8120`
-## Env: KOMODO_FIRST_SERVER
-## Optional, no default.
-first_server = ""
-
-## Disables write support on resources in the UI.
-## This protects users that that would normally have write priviledges during their UI usage,
-## when they intend to fully rely on ResourceSyncs to manage config.
-## Env: KOMODO_UI_WRITE_DISABLED
-## Default: false
-ui_write_disabled = false
-
-## Disables the confirm dialogs on all actions. All buttons will now be double-click.
-## Useful when only having http connection to core, as UI quick-copy button won't work.
-## Env: KOMODO_DISABLE_CONFIRM_DIALOG
-## Default: false
-disable_confirm_dialog = false
-
-## Configure the directory for sync files (inside the container).
-## There shouldn't be a need to change this, just mount a volume.
-## Env: KOMODO_SYNC_DIRECTORY
-## Default: /syncs
-sync_directory = "/syncs"
-
-## Configure the repo directory (inside the container).
-## There shouldn't be a need to change this, just mount a volume.
-## Env: KOMODO_REPO_DIRECTORY
-## Default: /repo-cache
-repo_directory = "/repo-cache"
-
-## Configure the action directory (inside the container).
-## There shouldn't be a need to change this, or even mount a volume.
-## Env: KOMODO_ACTION_DIRECTORY
-## Default: /action-cache
-action_directory = "/action-cache"
-
-################
-# AUTH / LOGIN #
-################
-
-## Allow user login with a username / password.
-## The password will be hashed and stored in the db for login comparison.
-##
-## NOTE:
-## Komodo has no API to recover account logins, but if this happens you can doctor the database using Mongo Compass.
-## Create a new Komodo user (Sign Up button), login to the database with Compass, note down your old users username and _id.
-## Then delete the old user, and update the new user to have the same username and _id. 
-## Make sure to set `enabled: true` and maybe `admin: true` on the new user as well, while using Compass.
-##
-## Env: KOMODO_LOCAL_AUTH
-## Default: false
-local_auth = true
-
-## Normally new users will be registered, but not enabled until an Admin enables them.
-## With `disable_user_registration = true`, only the first user to log in will registered as a user.
-## Env: KOMODO_DISABLE_USER_REGISTRATION
-## Default: false
-disable_user_registration = false
-
-## New users will be automatically enabled when they sign up.
-## Otherwise, new users will be disabled on first login.
-## The first user to login will always be enabled on creation.
-## Env: KOMODO_ENABLE_NEW_USERS
-## Default: false
-enable_new_users = false
-
-## Allows all users to have Read level access to all resources.
-## Env: KOMODO_TRANSPARENT_MODE
-## Default: false
-transparent_mode = false
-
-## Normally all enabled users can create resources.
-## If `disable_non_admin_create = true`, only admin users can create resources.
-## Env: KOMODO_DISABLE_NON_ADMIN_CREATE
-## Default: false
-disable_non_admin_create = false
-
-## Optionally provide a specific jwt secret.
-## Passing nothing or an empty string will cause one to be generated on every startup.
-## This means users will have to log in again if Komodo restarts.
-## Env: KOMODO_JWT_SECRET or KOMODO_JWT_SECRET_FILE
-## Default: empty string, meaning a random secret will be generated at startup.
-jwt_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['KOMODO_JWT_SECRET'] }}"
-
-## Specify how long a user can stay logged in before they have to log in again.
-## All jwts are invalidated on application restart unless `jwt_secret` is set.
-## Env: KOMODO_JWT_TTL
-## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk, 30-day
-## Default: 1-day. 
-jwt_ttl = "1-day"
-
-#############
-# OIDC Auth #
-#############
-
-## Enable logins with configured OIDC provider.
-## Env: KOMODO_OIDC_ENABLED
-## Default: false
-oidc_enabled = false
-
-## Give the provider address.
-##
-## The path, ie /application/o/komodo for Authentik,
-## is provider and configuration specific.
-##
-## Note. this address must be reachable from Komodo Core container.
-##
-## Env: KOMODO_OIDC_PROVIDER
-## Optional, no default.
-oidc_provider = "https://oidc.provider.internal/application/o/komodo"
-
-## Configure OIDC user redirect host.
-##
-## This is the host address users are redirected to in their browser,
-## and may be different from `oidc_provider` host depending on your networking.
-## If not provided (or empty string ""), the `oidc_provider` will be used.
-##
-## Note. DO NOT include the `path` part of the URL.
-## Example: `https://oidc.provider.external`
-##
-## Env: KOMODO_OIDC_REDIRECT_HOST
-## Optional, no default.
-oidc_redirect_host = ""
-
-## Give the OIDC Client ID.
-## Env: KOMODO_OIDC_CLIENT_ID or KOMODO_OIDC_CLIENT_ID_FILE
-oidc_client_id = ""
-
-## Give the OIDC Client Secret.
-## Env: KOMODO_OIDC_CLIENT_SECRET or KOMODO_OIDC_CLIENT_SECRET_FILE
-oidc_client_secret = ""
-
-## If true, use the full email for usernames.
-## Otherwise, the @address will be stripped,
-## making usernames more concise.
-## Env: KOMODO_OIDC_USE_FULL_EMAIL
-## Default: false.
-oidc_use_full_email = false
-
-## Some providers attach other audiences in addition to the client_id.
-## If you have this issue, `Invalid audiences: `...` is not a trusted audience"`,
-## you can add the audience `...` to the list here (assuming it should be trusted).
-## Env: KOMODO_OIDC_ADDITIONAL_AUDIENCES or KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
-## Default: empty
-oidc_additional_audiences = []
-
-#########
-# OAUTH #
-#########
-
-## Google
-
-## Env: KOMODO_GOOGLE_OAUTH_ENABLED
-## Default: false
-google_oauth.enabled = false
-
-## Env: KOMODO_GOOGLE_OAUTH_ID or KOMODO_GOOGLE_OAUTH_ID_FILE
-## Required if google_oauth is enabled.
-google_oauth.id = ""
-
-## Env: KOMODO_GOOGLE_OAUTH_SECRET or KOMODO_GOOGLE_OAUTH_SECRET_FILE
-## Required if google_oauth is enabled.
-google_oauth.secret = ""
-
-## Github
-
-## Env: KOMODO_GITHUB_OAUTH_ENABLED
-## Default: false
-github_oauth.enabled = false
-
-## Env: KOMODO_GITHUB_OAUTH_ID or KOMODO_GITHUB_OAUTH_ID_FILE
-## Required if github_oauth is enabled.
-github_oauth.id = ""
-
-## Env: KOMODO_GITHUB_OAUTH_SECRET or KOMODO_GITHUB_OAUTH_SECRET_FILE
-## Required if github_oauth is enabled.
-github_oauth.secret = ""
-
-############
-# Security #
-############
-
-## Enable HTTPS server using the given key and cert.
-## Env: KOMODO_SSL_ENABLED
-## Default: false
-ssl_enabled = false
-
-## Path to the ssl key.
-## Env: KOMODO_SSL_KEY_FILE
-## Default: /config/ssl/key.pem
-ssl_key_file = "/config/ssl/key.pem"
-
-## Path to the ssl cert.
-## Env: KOMODO_SSL_CERT_FILE
-## Default: /config/ssl/cert.pem
-ssl_cert_file = "/config/ssl/cert.pem"
-
-############
-# DATABASE #
-############
-
-## Configure the database connection in one of the following ways:
-
-## Pass a full Mongo URI to the database.
-## Example: mongodb://username:password@localhost:27017
-## Env: KOMODO_DATABASE_URI or KOMODO_DATABASE_URI_FILE
-## Optional, can usually use `address`, `username`, `password` instead.
-database.uri = "mongodb://komodo:jtyl2U8KZPUe8V9MOTXQDYRlg7QemGuF@komodo-ferretdb:27017/komodo?authMechanism=PLAIN"
-
-## ==== * OR * ==== ##
-
-# Construct the address as mongodb://{username}:{password}@{address}
-## Env: KOMODO_DATABASE_ADDRESS
-# database.address = "localhost:27017"
-## Env: KOMODO_DATABASE_USERNAME or KOMODO_DATABASE_USERNAME_FILE
-# database.username = ""
-## Env: KOMODO_DATABASE_PASSWORD or KOMODO_DATABASE_PASSWORD_FILE
-# database.password = ""
-
-## ==== other ====
-
-## Komodo will create its collections under this database name.
-## The only reason to change this is if multiple Komodo Cores share the same db.
-## Env: KOMODO_DATABASE_DB_NAME
-## Default: komodo.
-database.db_name = "komodo"
-
-## This is the assigned app_name of the mongo client.
-## The only reason to change this is if multiple Komodo Cores share the same db.
-## Env: KOMODO_DATABASE_APP_NAME
-## Default: komodo_core.
-database.app_name = "komodo_core"
-
-############
-# WEBHOOKS #
-############
-
-## This token must be given to git provider during repo webhook config.
-## The secret configured on the git provider side must match the secret configured here.
-## If not provided, 
-## Env: KOMODO_WEBHOOK_SECRET or KOMODO_WEBHOOK_SECRET_FILE
-## Optional, no default.
-webhook_secret = "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['KOMODO_WEBHOOK_SECRET'] }}"
-
-## An alternate base url that is used to recieve git webhook requests.
-## If empty or not specified, will use 'host' address as base.
-## This is useful if Komodo is on an internal network, but can have a
-## proxy just allowing through the webhook listener api using NGINX.
-## Env: KOMODO_WEBHOOK_BASE_URL
-## Default: empty (none)
-webhook_base_url = ""
-
-## Configure Github webhook app. Enables webhook management apis.
-## <INSERT LINK TO GUIDE>
-## Env: KOMODO_GITHUB_WEBHOOK_APP_APP_ID or KOMODO_GITHUB_WEBHOOK_APP_APP_ID_FILE
-# github_webhook_app.app_id = 1234455 # Find on the app page.
-## Env: 
-##   - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS or KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_IDS_FILE
-##   - KOMODO_GITHUB_WEBHOOK_APP_INSTALLATIONS_NAMESPACES
-# github_webhook_app.installations = [
-#   ## Find the id after installing the app to user / organization. "namespace" is the username / organization name.
-#   { id = 1234, namespace = "mbecker20" }
-# ]
-
-## The path to Github webhook app private key. <INSERT LINK TO GUIDE>
-## This is defaulted to `/github/private-key.pem`, and doesn't need to be changed if running core in Docker.
-## Just mount the private key pem file on the host to `/github/private-key.pem` in the container.
-## Eg. `/your/path/to/key.pem : /github/private-key.pem`
-## Env: KOMODO_GITHUB_WEBHOOK_APP_PK_PATH
-# github_webhook_app.pk_path = "/path/to/pk.pem"
-
-###########
-# LOGGING #
-###########
-
-## Specify the logging verbosity
-## Env: KOMODO_LOGGING_LEVEL
-## Options: off, error, warn, info, debug, trace
-## Default: info
-logging.level = "info"
-
-## Specify the logging format for stdout / stderr.
-## Env: KOMODO_LOGGING_STDIO
-## Options: standard, json, none
-## Default: standard
-logging.stdio = "standard"
-
-## Optionally specify a opentelemetry otlp endpoint to send traces to.
-## Example: http://localhost:4317
-## Env: KOMODO_LOGGING_OTLP_ENDPOINT
-logging.otlp_endpoint = ""
-
-## Set the opentelemetry service name.
-## This will be attached to the telemetry Komodo will send.
-## Env: KOMODO_LOGGING_OPENTELEMETRY_SERVICE_NAME
-## Default: "Komodo"
-logging.opentelemetry_service_name = "Komodo"
-
-###########
-# PRUNING #
-###########
-
-## The number of days to keep historical system stats around, or 0 to disable pruning. 
-## Stats older that are than this number of days are deleted on a daily cycle.
-## Env: KOMODO_KEEP_STATS_FOR_DAYS
-## Default: 14
-keep_stats_for_days = 14
-
-## The number of days to keep alerts around, or 0 to disable pruning. 
-## Alerts older that are than this number of days are deleted on a daily cycle.
-## Env: KOMODO_KEEP_ALERTS_FOR_DAYS
-## Default: 14
-keep_alerts_for_days = 14
-
-##################
-# POLL INTERVALS #
-##################
-
-## Controls the rate at which servers are polled for health, system stats, and container status.
-## This affects network usage, and the size of the stats stored in mongo.
-## Env: KOMODO_MONITORING_INTERVAL
-## Options: 1-sec, 5-sec, 15-sec, 30-sec, 1-min, 2-min, 5-min, 15-min
-## Default: 15-sec
-monitoring_interval = "15-sec"
-
-## Interval at which to poll Resources for any updates / automated actions.
-## Env: KOMODO_RESOURCE_POLL_INTERVAL
-## Options: `15-sec`, `1-min`, `5-min`, `15-min`, `1-hr`.
-## Default: 5-min
-resource_poll_interval = "5-min"
-
-###################
-# CLOUD PROVIDERS #
-###################
-
-## Komodo can build images by deploying AWS EC2 instances,
-## running the build, and afterwards destroying the instance.
-
-## Additionally, Komodo can deploy cloud VPS on AWS EC2 and Hetzner.
-## Use the Template resource to configure launch preferences.
-## Hetzner is not supported for builds as their pricing model is by the hour,
-## while AWS is by the minute. This is very important for builds.
-
-## Provide AWS api keys for ephemeral builders / server launch
-## Env: KOMODO_AWS_ACCESS_KEY_ID or KOMODO_AWS_ACCESS_KEY_ID_FILE
-aws.access_key_id = ""
-## Env: KOMODO_AWS_SECRET_ACCESS_KEY or KOMODO_AWS_SECRET_ACCESS_KEY_FILE
-aws.secret_access_key = ""
-
-## Provide Hetzner api token for server launch
-## Env: KOMODO_HETZNER_TOKEN or KOMODO_HETZNER_TOKEN_FILE
-hetzner.token = ""
-
-#################
-# GIT PROVIDERS #
-#################
-
-## These will be available to attach to Builds, Repos, Stacks, and Syncs.
-## They allow these Resources to clone private repositories.
-## They cannot be configured on the environment.
-
-## configure git providers
-# [[git_provider]]
-# domain = "github.com"
-# accounts = [
-# 	{ username = "mbecker20", token = "access_token_for_account" },
-# 	{ username = "moghtech", token = "access_token_for_other_account" },
-# ]
-
-# [[git_provider]]
-# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
-# accounts = [
-# 	{ username = "mbecker20", token = "access_token_for_account" },
-# ]
-
-# [[git_provider]]
-# domain = "localhost:8000" # use a custom provider, like self-hosted gitea
-# https = false # use http://localhost:8000 as base-url for clone
-# accounts = [
-# 	{ username = "mbecker20", token = "access_token_for_account" },
-# ]
-
-######################
-# REGISTRY PROVIDERS #
-######################
-
-## These will be available to attach to Builds and Stacks.
-## They allow these Resources to pull private images.
-## They cannot be configured on the environment.
-
-## configure docker registries
-# [[docker_registry]]
-# domain = "docker.io"
-# accounts = [
-# 	{ username = "mbecker2020", token = "access_token_for_account" }
-# ]
-# organizations = ["DockerhubOrganization"]
-
-[[gitea_rinoa]]
-domain = "git.trez.wtf"
-accounts = [
-	{ username = "gitea-sonarqube-bot", token = "594a3a9611bdb508bd6a3575e2ddb3ac4922a4da" }
-]
-
-[[gitea_rinoa_local]]
-domain = "http://gitea:3000"
-accounts = [
-	{ username = "gitea-sonarqube-bot", token = "594a3a9611bdb508bd6a3575e2ddb3ac4922a4da" }
-]
-
-# [[docker_registry]]
-# domain = "git.mogh.tech" # use a custom provider, like self-hosted gitea
-# accounts = [
-# 	{ username = "mbecker20", token = "access_token_for_account" },
-# ]
-# organizations = ["Mogh"] # These become available in the UI
-
-###########
-# SECRETS #
-###########
-
-## Provide Core based secrets.
-## These will be available to interpolate into your Deployment / Stack environments,
-## and will be hidden in the UI and logs.
-## These are available to use on any Periphery (Server),
-## but you can also limit access more by placing them in a single Periphery's config file instead.
-## These cannot be configured in the Komodo Core environment, they must be passed in the file.
-
-# [secrets]
-# SECRET_1 = "value_1"
-# SECRET_2 = "value_2"
@@ -1,21 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-<Config>
-  <BindAddress>*</BindAddress>
-  <Port>8686</Port>
-  <SslPort>6868</SslPort>
-  <EnableSsl>False</EnableSsl>
-  <LaunchBrowser>True</LaunchBrowser>
-  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}</ApiKey>
-  <AuthenticationMethod>Forms</AuthenticationMethod>
-  <Branch>master</Branch>
-  <LogLevel>trace</LogLevel>
-  <SslCertPath></SslCertPath>
-  <SslCertPassword></SslCertPassword>
-  <UrlBase></UrlBase>
-  <InstanceName>Lidarr</InstanceName>
-  <UpdateMechanism>Docker</UpdateMechanism>
-  <Theme>auto</Theme>
-  <AuthenticationRequired>Enabled</AuthenticationRequired>
-</Config>
@@ -1,25 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-{
-    "lidarr_address": "http://lidarr:8686",
-    "lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}",
-    "spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
-    "root_folder_path": "/data/media/music",
-    "spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
-    "spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
-    "fallback_to_top_result": false,
-    "lidarr_api_timeout": 120.0,
-    "quality_profile_id": 1,
-    "metadata_profile_id": 1,
-    "search_for_missing_albums": false,
-    "dry_run_adding_to_lidarr": true,
-    "app_name": "lidify",
-    "app_rev": "0.09",
-    "app_url": "lidify.trez.wtf",
-    "last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
-    "last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
-    "mode": "LastFM",
-    "auto_start": false,
-    "auto_start_delay": 60
-}
@@ -1,63 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-{
-    "sourceDefaults": {
-      "maxPollRetries": 0,          // optional, default # of automatic polling restarts on error. can be overridden by property in individual config
-      "maxRequestRetries": 1,       // optional, default # of http request retries a source can make before error is thrown. can be overridden by property in individual config
-      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
-    },
-    "clientDefaults": {
-      "maxRequestRetries": 1,       // optional, default # of http request retries a client can make before error is thrown. can be overridden by property in individual config
-      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
-    },
-    "clients": [
-        {
-            "name": "Last.fm Client",
-            "enable": true,
-            "configureAs": "client",
-            "data": {
-            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
-            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
-            "redirectUri": "http://localhost:9078/lastfm/callback"
-            }
-        },
-        {
-            "name": "Last.fm Source",
-            "enable": true,
-            "configureAs": "source",
-            "data": {
-            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
-            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
-            "redirectUri": "http://localhost:9078/lastfm/callback"
-            }
-        },
-        {
-            "name": "Maloja",
-            "enable": true,
-            "data": {
-            "url": "http://maloja:42010",
-            "apiKey": "myMalojaKey"
-            }
-        },
-        {
-          "name": "ListenBrainz Client",
-          "enable": true,
-          "configureAs": "client",
-          "data": {
-            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
-            "username": "Trez.One"
-          }
-        },
-        {
-          "name": "ListenBrainz Source",
-          "enable": true,
-          "configureAs": "source",
-          "data": {
-            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
-            "username": "Trez.One"
-          }
-        }
-      ]
-  }
-}
@@ -1,106 +0,0 @@
-{
-  "Stuns": [
-    {
-      "Proto": "udp",
-      "URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
-      "Username": "",
-      "Password": null
-    }
-  ],
-  "TURNConfig": {
-    "Turns": [
-      {
-        "Proto": "udp",
-        "URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
-        "Username": "self",
-        "Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
-      }
-    ],
-    "CredentialsTTL": "12h",
-    "Secret": "secret",
-    "TimeBasedCredentials": false
-  },
-  "Relay": {
-    "Addresses": [
-      "rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
-    ],
-    "CredentialsTTL": "24h",
-    "Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
-  },
-  "Signal": {
-    "Proto": "https",
-    "URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
-    "Username": "",
-    "Password": null
-  },
-  "ReverseProxy": {
-    "TrustedHTTPProxies": [],
-    "TrustedHTTPProxiesCount": 0,
-    "TrustedPeers": [
-      "0.0.0.0/0"
-    ]
-  },
-  "Datadir": "",
-  "DataStoreEncryptionKey": "",
-  "StoreConfig": {
-    "Engine": "sqlite"
-  },
-  "HttpConfig": {
-    "Address": "0.0.0.0:33073",
-    "AuthIssuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
-    "AuthAudience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
-    "AuthKeysLocation": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/keys",
-    "AuthUserIDClaim": "",
-    "CertFile": "",
-    "CertKey": "",
-    "IdpSignKeyRefreshEnabled": true,
-    "OIDCConfigEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
-  },
-  "IdpManagerConfig": {
-    "ManagerType": "zitadel",
-    "ClientConfig": {
-      "Issuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
-      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
-      "ClientID": "netbird",
-      "ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_SECRET'] }}",
-      "GrantType": "client_credentials"
-    },
-    "ExtraConfig": {
-      "ManagementEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/management/v1"
-    },
-    "Auth0ClientCredentials": null,
-    "AzureClientCredentials": null,
-    "KeycloakClientCredentials": null,
-    "ZitadelClientCredentials": null
-  },
-  "DeviceAuthorizationFlow": {
-    "Provider": "hosted",
-    "ProviderConfig": {
-      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
-      "AuthorizationEndpoint": "",
-      "Domain": "",
-      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
-      "ClientSecret": "",
-      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
-      "DeviceAuthEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/device_authorization",
-      "Scope": "openid",
-      "UseIDToken": false,
-      "RedirectURLs": null
-    }
-  },
-  "PKCEAuthorizationFlow": {
-    "ProviderConfig": {
-      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
-      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
-      "ClientSecret": "",
-      "Domain": "",
-      "AuthorizationEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/authorize",
-      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
-      "Scope": "openid profile email offline_access api",
-      "RedirectURLs": [
-        "http://localhost:53000"
-      ],
-      "UseIDToken": false
-    }
-  }
-}
@@ -1,122 +0,0 @@
-{
-    "issuer": "https://id.trez.wtf",
-    "authorization_endpoint": "https://id.trez.wtf/oauth/v2/authorize",
-    "token_endpoint": "https://id.trez.wtf/oauth/v2/token",
-    "introspection_endpoint": "https://id.trez.wtf/oauth/v2/introspect",
-    "userinfo_endpoint": "https://id.trez.wtf/oidc/v1/userinfo",
-    "revocation_endpoint": "https://id.trez.wtf/oauth/v2/revoke",
-    "end_session_endpoint": "https://id.trez.wtf/oidc/v1/end_session",
-    "device_authorization_endpoint": "https://id.trez.wtf/oauth/v2/device_authorization",
-    "jwks_uri": "https://id.trez.wtf/oauth/v2/keys",
-    "scopes_supported": [
-        "openid",
-        "profile",
-        "email",
-        "phone",
-        "address",
-        "offline_access"
-    ],
-    "response_types_supported": [
-        "code",
-        "id_token",
-        "id_token token"
-    ],
-    "response_modes_supported": [
-        "query",
-        "fragment",
-        "form_post"
-    ],
-    "grant_types_supported": [
-        "authorization_code",
-        "implicit",
-        "refresh_token",
-        "client_credentials",
-        "urn:ietf:params:oauth:grant-type:jwt-bearer",
-        "urn:ietf:params:oauth:grant-type:device_code"
-    ],
-    "subject_types_supported": [
-        "public"
-    ],
-    "id_token_signing_alg_values_supported": [
-        "RS256"
-    ],
-    "request_object_signing_alg_values_supported": [
-        "RS256"
-    ],
-    "token_endpoint_auth_methods_supported": [
-        "none",
-        "client_secret_basic",
-        "client_secret_post",
-        "private_key_jwt"
-    ],
-    "token_endpoint_auth_signing_alg_values_supported": [
-        "RS256"
-    ],
-    "revocation_endpoint_auth_methods_supported": [
-        "none",
-        "client_secret_basic",
-        "client_secret_post",
-        "private_key_jwt"
-    ],
-    "revocation_endpoint_auth_signing_alg_values_supported": [
-        "RS256"
-    ],
-    "introspection_endpoint_auth_methods_supported": [
-        "client_secret_basic",
-        "private_key_jwt"
-    ],
-    "introspection_endpoint_auth_signing_alg_values_supported": [
-        "RS256"
-    ],
-    "claims_supported": [
-        "sub",
-        "aud",
-        "exp",
-        "iat",
-        "iss",
-        "auth_time",
-        "nonce",
-        "acr",
-        "amr",
-        "c_hash",
-        "at_hash",
-        "act",
-        "scopes",
-        "client_id",
-        "azp",
-        "preferred_username",
-        "name",
-        "family_name",
-        "given_name",
-        "locale",
-        "email",
-        "email_verified",
-        "phone_number",
-        "phone_number_verified"
-    ],
-    "code_challenge_methods_supported": [
-        "S256"
-    ],
-    "ui_locales_supported": [
-        "bg",
-        "cs",
-        "de",
-        "en",
-        "es",
-        "fr",
-        "hu",
-        "id",
-        "it",
-        "ja",
-        "ko",
-        "mk",
-        "nl",
-        "pl",
-        "pt",
-        "ru",
-        "sv",
-        "zh"
-    ],
-    "request_parameter_supported": true,
-    "request_uri_parameter_supported": false
-}
@@ -1,725 +0,0 @@
-# Coturn TURN SERVER configuration file
-#
-# Boolean values note: where a boolean value is supposed to be used,
-# you can use '0', 'off', 'no', 'false', or 'f' as 'false,
-# and you can use '1', 'on', 'yes', 'true', or 't' as 'true'
-# If the value is missing, then it means 'true' by default.
-#
-
-# Listener interface device (optional, Linux only).
-# NOT RECOMMENDED.
-#
-#listening-device=eth0
-
-# TURN listener port for UDP and TCP (Default: 3478).
-# Note: actually, TLS & DTLS sessions can connect to the
-# "plain" TCP & UDP port(s), too - if allowed by configuration.
-#
-listening-port=3478
-
-# TURN listener port for TLS (Default: 5349).
-# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
-# port(s), too - if allowed by configuration. The TURN server
-# "automatically" recognizes the type of traffic. Actually, two listening
-# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
-# functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs.
-# For secure TCP connections, Coturn currently supports SSL version 3 and
-# TLS version 1.0, 1.1 and 1.2.
-# For secure UDP connections, Coturn supports DTLS version 1.
-#
-tls-listening-port=5349
-
-# Alternative listening port for UDP and TCP listeners;
-# default (or zero) value means "listening port plus one".
-# This is needed for RFC 5780 support
-# (STUN extension specs, NAT behavior discovery). The TURN Server
-# supports RFC 5780 only if it is started with more than one
-# listening IP address of the same family (IPv4 or IPv6).
-# RFC 5780 is supported only by UDP protocol, other protocols
-# are listening to that endpoint only for "symmetry".
-#
-#alt-listening-port=0
-
-# Alternative listening port for TLS and DTLS protocols.
-# Default (or zero) value means "TLS listening port plus one".
-#
-#alt-tls-listening-port=0
-
-# Some network setups will require using a TCP reverse proxy in front
-# of the STUN server. If the proxy port option is set a single listener
-# is started on the given port that accepts connections using the
-# haproxy proxy protocol v2.
-# (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
-#
-#tcp-proxy-port=5555
-
-# Listener IP address of relay server. Multiple listeners can be specified.
-# If no IP(s) specified in the config file or in the command line options,
-# then all IPv4 and IPv6 system IPs will be used for listening.
-#
-#listening-ip=172.17.19.101
-#listening-ip=10.207.21.238
-#listening-ip=2607:f0d0:1002:51::4
-
-# Auxiliary STUN/TURN server listening endpoint.
-# Aux servers have almost full TURN and STUN functionality.
-# The (minor) limitations are:
-#
-# 1) Auxiliary servers do not have alternative ports and
-# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
-#
-# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
-#
-# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
-#
-# There may be multiple aux-server options, each will be used for listening
-# to client requests.
-#
-#aux-server=172.17.19.110:33478
-#aux-server=[2607:f0d0:1002:51::4]:33478
-
-# (recommended for older Linuxes only)
-# Automatically balance UDP traffic over auxiliary servers (if configured).
-# The load balancing is using the ALTERNATE-SERVER mechanism.
-# The TURN client must support 300 ALTERNATE-SERVER response for this
-# functionality.
-#
-#udp-self-balance
-
-# Relay interface device for relay sockets (optional, Linux only).
-# NOT RECOMMENDED.
-#
-#relay-device=eth1
-
-# Relay address (the local IP address that will be used to relay the
-# packets to the peer).
-# Multiple relay addresses may be used.
-# The same IP(s) can be used as both listening IP(s) and relay IP(s).
-#
-# If no relay IP(s) specified, then the turnserver will apply the default
-# policy: it will decide itself which relay addresses to be used, and it
-# will always be using the client socket IP address as the relay IP address
-# of the TURN session (if the requested relay address family is the same
-# as the family of the client socket).
-#
-#relay-ip=172.17.19.105
-#relay-ip=2607:f0d0:1002:51::5
-
-# For Amazon EC2 users:
-#
-# TURN Server public/private address mapping, if the server is behind NAT.
-# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
-# as relay IP address of all allocations. This scenario works only in a simple case
-# when one single relay address is be used, and no RFC5780 functionality is required.
-# That single relay address must be mapped by NAT to the 'external' IP.
-# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
-# For that 'external' IP, NAT must forward ports directly (relayed port 12345
-# must be always mapped to the same 'external' port 12345).
-#
-# In more complex case when more than one IP address is involved,
-# that option must be used several times, each entry must
-# have form "-X <public-ip/private-ip>", to map all involved addresses.
-# RFC5780 NAT discovery STUN functionality will work correctly,
-# if the addresses are mapped properly, even when the TURN server itself
-# is behind A NAT.
-#
-# By default, this value is empty, and no address mapping is used.
-#
-# external-ip=193.224.22.37
-#
-#OR:
-#
-#external-ip=60.70.80.91/172.17.19.101
-#external-ip=60.70.80.92/172.17.19.102
-
-external-ip=108.29.206.17
-
-# Number of the relay threads to handle the established connections
-# (in addition to authentication thread and the listener thread).
-# If explicitly set to 0 then application runs relay process in a
-# single thread, in the same thread with the listener process
-# (the authentication thread will still be a separate thread).
-#
-# If this parameter is not set, then the default OS-dependent
-# thread pattern algorithm will be employed. Usually the default
-# algorithm is optimal, so you have to change this option
-# if you want to make some fine tweaks.
-#
-# In the older systems (Linux kernel before 3.9),
-# the number of UDP threads is always one thread per network listening
-# endpoint - including the auxiliary endpoints - unless 0 (zero) or
-# 1 (one) value is set.
-#
-#relay-threads=0
-
-# Lower and upper bounds of the UDP relay endpoints:
-# (default values are 49152 and 65535)
-#
-min-port=49152
-max-port=65535
-
-# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
-# By default the verbose mode is off.
-#verbose
-
-# Uncomment to run TURN server in 'extra' verbose mode.
-# This mode is very annoying and produces lots of output.
-# Not recommended under normal circumstances.
-#
-#Verbose
-
-# Uncomment to use fingerprints in the TURN messages.
-# By default the fingerprints are off.
-#
-fingerprint
-
-# Uncomment to use long-term credential mechanism.
-# By default no credentials mechanism is used (any user allowed).
-#
-lt-cred-mech
-
-# This option is the opposite of lt-cred-mech.
-# (TURN Server with no-auth option allows anonymous access).
-# If neither option is defined, and no users are defined,
-# then no-auth is default. If at least one user is defined,
-# in this file, in command line or in usersdb file, then
-# lt-cred-mech is default.
-#
-#no-auth
-
-# TURN REST API flag.
-# (Time Limited Long Term Credential)
-# Flag that sets a special authorization option that is based upon authentication secret.
-#
-# This feature's purpose is to support "TURN Server REST API", see
-# "TURN REST API" link in the project's page
-# https://github.com/coturn/coturn/
-#
-# This option is used with timestamp:
-#
-# usercombo -> "timestamp:userid"
-# turn user -> usercombo
-# turn password -> base64(hmac(secret key, usercombo))
-#
-# This allows TURN credentials to be accounted for a specific user id.
-# If you don't have a suitable id, then the timestamp alone can be used.
-# This option is enabled by turning on secret-based authentication.
-# The actual value of the secret is defined either by the option static-auth-secret,
-# or can be found in the turn_secret table in the database (see below).
-#
-# Read more about it:
-#  - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
-#  - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
-#
-# Be aware that use-auth-secret overrides some parts of lt-cred-mech.
-# The use-auth-secret feature depends internally on lt-cred-mech, so if you set
-# this option then it automatically enables lt-cred-mech internally
-# as if you had enabled both.
-#
-# Note that you can use only one auth mechanism at the same time! This is because,
-# both mechanisms conduct username and password validation in different ways.
-#
-# Use either lt-cred-mech or use-auth-secret in the conf
-# to avoid any confusion.
-#
-#use-auth-secret
-
-# 'Static' authentication secret value (a string) for TURN REST API only.
-# If not set, then the turn server
-# will try to use the 'dynamic' value in the turn_secret table
-# in the user database (if present). The database-stored  value can be changed on-the-fly
-# by a separate program, so this is why that mode is considered 'dynamic'.
-#
-#static-auth-secret=north
-
-# Server name used for
-# the oAuth authentication purposes.
-# The default value is the realm name.
-#
-# server-name=stun.wiretrustee.com
-
-# Flag that allows oAuth authentication.
-#
-#oauth
-
-# 'Static' user accounts for the long term credentials mechanism, only.
-# This option cannot be used with TURN REST API.
-# 'Static' user accounts are NOT dynamically checked by the turnserver process,
-# so they can NOT be changed while the turnserver is running.
-#
-#user=username1:key1
-#user=username2:key2
-# OR:
-user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
-#user=username2:password2
-#
-# Keys must be generated by turnadmin utility. The key value depends
-# on user name, realm, and password:
-#
-# Example:
-# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
-# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
-# ('0x' in the beginning of the key is what differentiates the key from
-# password. If it has 0x then it is a key, otherwise it is a password).
-#
-# The corresponding user account entry in the config file will be:
-#
-#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
-# Or, equivalently, with open clear password (less secure):
-#user=ninefingers:youhavetoberealistic
-#
-
-# SQLite database file name.
-#
-# The default file name is /var/db/turndb or /usr/local/var/db/turndb or
-# /var/lib/turn/turndb.
-#
-#userdb=/var/db/turndb
-
-# PostgreSQL database connection string in the case that you are using PostgreSQL
-# as the user database.
-# This database can be used for the long-term credential mechanism
-# and it can store the secret value for secret-based timed authentication in TURN REST API.
-# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
-# versions connection string format, see
-# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
-# for 9.x and newer connection string formats.
-#
-#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
-
-# MySQL database connection string in the case that you are using MySQL
-# as the user database.
-# This database can be used for the long-term credential mechanism
-# and it can store the secret value for secret-based timed authentication in TURN REST API.
-#
-# Optional connection string parameters for the secure communications (SSL):
-# ca, capath, cert, key, cipher
-# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
-# command options description).
-#
-# Use the string format below (space separated parameters, all optional):
-#
-# mysql-userdb="host=mysql dbname=coturn user=coturn password=CHANGE_ME port=3306 connect_timeout=10 read_timeout=10"
-
-# If you want to use an encrypted password in the MySQL connection string,
-# then set the MySQL password encryption secret key file with this option.
-#
-# Warning: If this option is set, then the mysql password must be set in "mysql-userdb" in an encrypted format!
-# If you want to use a cleartext password then do not set this option!
-#
-# This is the file path for the aes encrypted secret key used for password encryption.
-#
-#secret-key-file=/path/
-
-# MongoDB database connection string in the case that you are using MongoDB
-# as the user database.
-# This database can be used for long-term credential mechanism
-# and it can store the secret value for secret-based timed authentication in TURN REST API.
-# Use the string format described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
-#
-#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
-
-# Redis database connection string in the case that you are using Redis
-# as the user database.
-# This database can be used for long-term credential mechanism
-# and it can store the secret value for secret-based timed authentication in TURN REST API.
-# Use the string format below (space separated parameters, all optional):
-#
-#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
-
-# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
-# This database keeps allocations status information, and it can be also used for publishing
-# and delivering traffic and allocation event notifications.
-# The connection string has the same parameters as redis-userdb connection string.
-# Use the string format below (space separated parameters, all optional):
-#
-#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
-
-# The default realm to be used for the users when no explicit
-# origin/realm relationship is found in the database, or if the TURN
-# server is not using any database (just the commands-line settings
-# and the userdb file). Must be used with long-term credentials
-# mechanism or with TURN REST API.
-#
-# Note: If the default realm is not specified, then realm falls back to the host domain name.
-#       If the domain name string is empty, or set to '(None)', then it is initialized as an empty string.
-#
-# realm=wiretrustee.com
-# This flag sets the origin consistency
-# check. Across the session, all requests must have the same
-# main ORIGIN attribute value (if the ORIGIN was
-# initially used by the session).
-#
-#check-origin-consistency
-
-# Per-user allocation quota.
-# default value is 0 (no quota, unlimited number of sessions per user).
-# This option can also be set through the database, for a particular realm.
-#
-#user-quota=0
-
-# Total allocation quota.
-# default value is 0 (no quota).
-# This option can also be set through the database, for a particular realm.
-#
-#total-quota=0
-
-# Max bytes-per-second bandwidth a TURN session is allowed to handle
-# (input and output network streams are treated separately). Anything above
-# that limit will be dropped or temporarily suppressed (within
-# the available buffer limits).
-# This option can also be set through the database, for a particular realm.
-#
-#max-bps=0
-
-#
-# Maximum server capacity.
-# Total bytes-per-second bandwidth the TURN server is allowed to allocate
-# for the sessions, combined (input and output network streams are treated separately).
-#
-# bps-capacity=0
-
-# Uncomment if no UDP client listener is desired.
-# By default UDP client listener is always started.
-#
-#no-udp
-
-# Uncomment if no TCP client listener is desired.
-# By default TCP client listener is always started.
-#
-#no-tcp
-
-# Uncomment if no TLS client listener is desired.
-# By default TLS client listener is always started.
-#
-#no-tls
-
-# Uncomment if no DTLS client listener is desired.
-# By default DTLS client listener is always started.
-#
-#no-dtls
-
-# Uncomment if no UDP relay endpoints are allowed.
-# By default UDP relay endpoints are enabled (like in RFC 5766).
-#
-#no-udp-relay
-
-# Uncomment if no TCP relay endpoints are allowed.
-# By default TCP relay endpoints are enabled (like in RFC 6062).
-#
-#no-tcp-relay
-
-# Uncomment if extra security is desired,
-# with nonce value having a limited lifetime.
-# The nonce value is unique for a session.
-# Set this option to limit the nonce lifetime.
-# Set it to 0 for unlimited lifetime.
-# It defaults to 600 secs (10 min) if no value is provided. After that delay,
-# the client will get 438 error and will have to re-authenticate itself.
-#
-#stale-nonce=600
-
-# Uncomment if you want to set the maximum allocation
-# time before it has to be refreshed.
-# Default is 3600s.
-#
-#max-allocate-lifetime=3600
-
-
-# Uncomment to set the lifetime for the channel.
-# Default value is 600 secs (10 minutes).
-# This value MUST not be changed for production purposes.
-#
-#channel-lifetime=600
-
-# Uncomment to set the permission lifetime.
-# Default to 300 secs (5 minutes).
-# In production this value MUST not be changed,
-# however it can be useful for test purposes.
-#
-#permission-lifetime=300
-
-# Certificate file.
-# Use an absolute path or path relative to the
-# configuration file.
-# Use PEM file format.
-#
-cert=/etc/coturn/certs/cert.pem
-
-# Private key file.
-# Use an absolute path or path relative to the
-# configuration file.
-# Use PEM file format.
-#
-pkey=/etc/coturn/private/privkey.pem
-
-# Private key file password, if it is in encoded format.
-# This option has no default value.
-#
-#pkey-pwd=...
-
-# Allowed OpenSSL cipher list for TLS/DTLS connections.
-# Default value is "DEFAULT".
-#
-#cipher-list="DEFAULT"
-
-# CA file in OpenSSL format.
-# Forces TURN server to verify the client SSL certificates.
-# By default this is not set: there is no default value and the client
-# certificate is not checked.
-#
-# Example:
-#CA-file=/etc/ssh/id_rsa.cert
-
-# Curve name for EC ciphers, if supported by OpenSSL
-# library (TLS and DTLS). The default value is prime256v1,
-# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
-# an optimal curve will be automatically calculated, if not defined
-# by this option.
-#
-#ec-curve-name=prime256v1
-
-# Use 566 bits predefined DH TLS key. Default size of the key is 2066.
-#
-#dh566
-
-# Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
-#
-#dh1066
-
-# Use custom DH TLS key, stored in PEM format in the file.
-# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
-#
-#dh-file=<DH-PEM-file-name>
-
-# Flag to prevent stdout log messages.
-# By default, all log messages go to both stdout and to
-# the configured log file. With this option everything will
-# go to the configured log only (unless the log file itself is stdout).
-#
-#no-stdout-log
-
-# Option to set the log file name.
-# By default, the turnserver tries to open a log file in
-# /var/log, /var/tmp, /tmp and the current directory
-# (Whichever file open operation succeeds first will be used).
-# With this option you can set the definite log file name.
-# The special names are "stdout" and "-" - they will force everything
-# to the stdout. Also, the "syslog" name will force everything to
-# the system log (syslog).
-# In the runtime, the logfile can be reset with the SIGHUP signal
-# to the turnserver process.
-#
-log-file=stdout
-
-# Option to redirect all log output into system log (syslog).
-#
-# syslog
-
-# This flag means that no log file rollover will be used, and the log file
-# name will be constructed as-is, without PID and date appendage.
-# This option can be used, for example, together with the logrotate tool.
-#
-#simple-log
-
-# Option to set the "redirection" mode. The value of this option
-# will be the address of the alternate server for UDP & TCP service in the form of
-# <ip>[:<port>]. The server will send this value in the attribute
-# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
-# Client will receive only values with the same address family
-# as the client network endpoint address family.
-# See RFC 5389 and RFC 5766 for the description of ALTERNATE-SERVER functionality.
-# The client must use the obtained value for subsequent TURN communications.
-# If more than one --alternate-server option is provided, then the functionality
-# can be more accurately described as "load-balancing" than a mere "redirection".
-# If the port number is omitted, then the default port
-# number 3478 for the UDP/TCP protocols will be used.
-# Colon (:) characters in IPv6 addresses may conflict with the syntax of
-# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
-# in square brackets in such resource identifiers, for example:
-# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
-# Multiple alternate servers can be set. They will be used in the
-# round-robin manner. All servers in the pool are considered of equal weight and
-# the load will be distributed equally. For example, if you have 4 alternate servers,
-# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
-# address can be used more than one time with the alternate-server option, so this
-# can emulate "weighting" of the servers.
-#
-# Examples:
-#alternate-server=1.2.3.4:5678
-#alternate-server=11.22.33.44:56789
-#alternate-server=5.6.7.8
-#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
-
-# Option to set alternative server for TLS & DTLS services in form of
-# <ip>:<port>. If the port number is omitted, then the default port
-# number 5349 for the TLS/DTLS protocols will be used. See the previous
-# option for the functionality description.
-#
-# Examples:
-#tls-alternate-server=1.2.3.4:5678
-#tls-alternate-server=11.22.33.44:56789
-#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
-
-# Option to suppress TURN functionality, only STUN requests will be processed.
-# Run as STUN server only, all TURN requests will be ignored.
-# By default, this option is NOT set.
-#
-#stun-only
-
-# Option to hide software version. Enhance security when used in production.
-# Revealing the specific software version of the agent through the
-# SOFTWARE attribute might allow them to become more vulnerable to
-# attacks against software that is known to contain security holes.
-# Implementers SHOULD make usage of the SOFTWARE attribute a
-# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
-#
-no-software-attribute
-
-# Option to suppress STUN functionality, only TURN requests will be processed.
-# Run as TURN server only, all STUN requests will be ignored.
-# By default, this option is NOT set.
-#
-#no-stun
-
-# This is the timestamp/username separator symbol (character) in TURN REST API.
-# The default value is ':'.
-# rest-api-separator=:
-
-# Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1).
-# This is an extra security measure.
-#
-# (To avoid any security issue that allowing loopback access may raise,
-# the no-loopback-peers option is replaced by allow-loopback-peers.)
-#
-# Allow it only for testing in a development environment!
-# In production it adds a possible security vulnerability, so for security reasons
-# it is not allowed using it together with empty cli-password.
-#
-#allow-loopback-peers
-
-# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
-# This is an extra security measure.
-#
-#no-multicast-peers
-
-# Option to set the max time, in seconds, allowed for full allocation establishment.
-# Default is 60 seconds.
-#
-#max-allocate-timeout=60
-
-# Option to allow or ban specific ip addresses or ranges of ip addresses.
-# If an ip address is specified as both allowed and denied, then the ip address is
-# considered to be allowed. This is useful when you wish to ban a range of ip
-# addresses, except for a few specific ips within that range.
-#
-# This can be used when you do not want users of the turn server to be able to access
-# machines reachable by the turn server, but would otherwise be unreachable from the
-# internet (e.g. when the turn server is sitting behind a NAT)
-#
-# Examples:
-# denied-peer-ip=83.166.64.0-83.166.95.255
-# allowed-peer-ip=83.166.68.45
-
-# File name to store the pid of the process.
-# Default is /var/run/turnserver.pid (if superuser account is used) or
-# /var/tmp/turnserver.pid .
-#
-pidfile="/var/tmp/turnserver.pid"
-
-# Require authentication of the STUN Binding request.
-# By default, the clients are allowed anonymous access to the STUN Binding functionality.
-#
-#secure-stun
-
-# Mobility with ICE (MICE) specs support.
-#
-#mobility
-
-# Allocate Address Family according
-# If enabled then TURN server allocates address family according  the TURN
-# Client <=> Server communication address family.
-# (By default Coturn works according RFC 6156.)
-# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
-#
-#keep-address-family
-
-
-# User name to run the process. After the initialization, the turnserver process
-# will attempt to change the current user ID to that user.
-#
-#proc-user=<user-name>
-
-# Group name to run the process. After the initialization, the turnserver process
-# will attempt to change the current group ID to that group.
-#
-#proc-group=<group-name>
-
-# Turn OFF the CLI support.
-# By default it is always ON.
-# See also options cli-ip and cli-port.
-#
-no-cli
-
-#Local system IP address to be used for CLI server endpoint. Default value
-# is 127.0.0.1.
-#
-# cli-ip=127.0.0.1
-
-# CLI server port. Default is 5766.
-#
-# cli-port=5766
-
-# CLI access password. Default is empty (no password).
-# For the security reasons, it is recommended that you use the encrypted
-# form of the password (see the -P command in the turnadmin utility).
-#
-# Secure form for password 'qwerty':
-#
-#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
-#
-# Or insecure form for the same password:
-#
-# cli-password=CHANGE_ME
-
-# Enable Web-admin support on https. By default it is Disabled.
-# If it is enabled it also enables a http a simple static banner page
-# with a small reminder that the admin page is available only on https.
-#
-#web-admin
-
-# Local system IP address to be used for Web-admin server endpoint. Default value is 127.0.0.1.
-#
-#web-admin-ip=127.0.0.1
-
-# Web-admin server port. Default is 8080.
-#
-#web-admin-port=8080
-
-# Web-admin server listen on STUN/TURN worker threads
-# By default it is disabled for security reasons! (Not recommended in any production environment!)
-#
-#web-admin-listen-on-workers
-
-# Server relay. NON-STANDARD AND DANGEROUS OPTION.
-# Only for those applications when you want to run
-# server applications on the relay endpoints.
-# This option eliminates the IP permissions check on
-# the packets incoming to the relay endpoints.
-#
-#server-relay
-
-# Maximum number of output sessions in ps CLI command.
-# This value can be changed on-the-fly in CLI. The default value is 256.
-#
-#cli-max-output-sessions
-
-# Set network engine type for the process (for internal purposes).
-#
-#ne=[1|2|3]
-
-# Do not allow an TLS/DTLS version of protocol
-#
-#no-tlsv1
-#no-tlsv1_1
-#no-tlsv1_2
@@ -1,11 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-<clickhouse>
-    <profiles>
-        <default>
-            <log_queries>0</log_queries>
-            <log_query_threads>0</log_query_threads>
-        </default>
-    </profiles>
-</clickhouse>
@@ -1,59 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-version: 2
-
-postal:
-  web_hostname: post.trez.wtf
-  web_protocol: http
-  smtp_hostname: post.trez.wtf
-  use_ip_pools: false
-  signing_key_path: /config/signing.key
-  trusted_proxies: [ "172.18.0.0/16" ]
-
-web_server:
-  default_port: 5000
-  default_bind_address: 0.0.0.0
-
-main_db:
-  host: mariadb
-  username: postal
-  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
-  database: postal
-
-message_db:
-  host: mariadb
-  username: postal
-  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
-  prefix: postal
-
-smtp_server:
-  default_port: 25
-  default_bind_address: "::"
-
-dns:
-  # Specify the DNS records that you have configured. Refer to the documentation at
-  # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
-  # information about these.
-  mx_records:
-    - mx.post.trez.wtf
-  spf_include: spf.post.trez.wtf
-  return_path_domain: rp.post.trez.wtf
-  route_domain: routes.post.trez.wtf
-  track_domain: track.post.trez.wtf
-
-smtp:
-  # Specify an SMTP server that can be used to send messages from the Postal management
-  # system to users. You can configure this to use a Postal mail server once the
-  # your installation has been set up.
-  host: postal-smtp
-  port: 25
-  username: rinoa/postal-smtp
-  password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
-  from_name: Postal @ Rinoa
-  from_address: noreply@trez.wtf
-
-rails:
-  # This is generated automatically by the config initialization. It should be a random
-  # string unique to your installation.
-  secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
@@ -1,21 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-<Config>
-  <BindAddress>*</BindAddress>
-  <Port>9696</Port>
-  <SslPort>6969</SslPort>
-  <EnableSsl>False</EnableSsl>
-  <LaunchBrowser>True</LaunchBrowser>
-  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
-  <AuthenticationMethod>Forms</AuthenticationMethod>
-  <AuthenticationRequired>Enabled</AuthenticationRequired>
-  <Branch>master</Branch>
-  <LogLevel>info</LogLevel>
-  <SslCertPath></SslCertPath>
-  <SslCertPassword></SslCertPassword>
-  <UrlBase></UrlBase>
-  <InstanceName>Prowlarr</InstanceName>
-  <UpdateMechanism>Docker</UpdateMechanism>
-  <Theme>light</Theme>
-</Config>
@@ -1,20 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-{
-    "radarr_address": "http://radarr:7878",
-    "radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}",
-    "root_folder_path": "/data/media/movies",
-    "tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
-    "fallback_to_top_result": false,
-    "radarr_api_timeout": 120.0,
-    "quality_profile_id": 1,
-    "metadata_profile_id": 1,
-    "search_for_movie": true,
-    "dry_run_adding_to_radarr": false,
-    "minimum_rating": 4.5,
-    "minimum_votes": 50,
-    "language_choice": "all",
-    "auto_start": true,
-    "auto_start_delay": 60.0
-}
@@ -1,21 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-<Config>
-  <LogLevel>info</LogLevel>
-  <BindAddress>*</BindAddress>
-  <EnableSsl>False</EnableSsl>
-  <SslCertPath></SslCertPath>
-  <Port>7878</Port>
-  <UrlBase></UrlBase>
-  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}</ApiKey>
-  <AuthenticationMethod>Forms</AuthenticationMethod>
-  <UpdateMechanism>Docker</UpdateMechanism>
-  <SslPort>9898</SslPort>
-  <LaunchBrowser>True</LaunchBrowser>
-  <Branch>master</Branch>
-  <SslCertPassword></SslCertPassword>
-  <InstanceName>Radarr</InstanceName>
-  <Theme>auto</Theme>
-  <AuthenticationRequired>Enabled</AuthenticationRequired>
-</Config>
@@ -1,21 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-<Config>
-  <BindAddress>*</BindAddress>
-  <Port>8787</Port>
-  <SslPort>6868</SslPort>
-  <EnableSsl>False</EnableSsl>
-  <LaunchBrowser>True</LaunchBrowser>
-  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}</ApiKey>
-  <AuthenticationMethod>Forms</AuthenticationMethod>
-  <Branch>develop</Branch>
-  <LogLevel>info</LogLevel>
-  <SslCertPath></SslCertPath>
-  <SslCertPassword></SslCertPassword>
-  <UrlBase></UrlBase>
-  <InstanceName>Readarr</InstanceName>
-  <UpdateMechanism>Docker</UpdateMechanism>
-  <Theme>auto</Theme>
-  <AuthenticationRequired>Enabled</AuthenticationRequired>
-</Config>
@@ -1,482 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-__version__ = 19
-__encoding__ = utf-8
-[misc]
-pre_script = None
-queue_complete = ""
-queue_complete_pers = 0
-bandwidth_perc = 0
-refresh_rate = 1
-queue_limit = 20
-config_lock = 0
-sched_converted = 2
-notified_new_skin = 2
-direct_unpack_tested = 1
-check_new_rel = 1
-auto_browser = 0
-language = en
-enable_https_verification = 1
-host = 0.0.0.0
-port = 8080
-https_port = 8090
-username = thetrezuredone
-password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_PASSWORD'] }}
-bandwidth_max = 1000M
-cache_limit = 1G
-web_dir = Glitter
-web_color = Auto
-https_cert = server.cert
-https_key = server.key
-https_chain = ""
-enable_https = 1
-inet_exposure = 0
-local_ranges = ,
-api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_API_KEY'] }}
-nzb_key = 3c0fa874bb2748b58c1bd7512e649946
-permissions = 775
-download_dir = /storage/downloads/incomplete
-download_free = ""
-complete_dir = /storage/downloads/completed/nzb
-script_dir = ""
-nzb_backup_dir = ""
-admin_dir = admin
-dirscan_dir = /storage/downloads/watch
-dirscan_speed = 5
-password_file = ""
-log_dir = logs
-max_art_tries = 3
-load_balancing = 2
-top_only = 0
-sfv_check = 1
-quick_check_ext_ignore = nfo, sfv, srr
-script_can_fail = 0
-ssl_ciphers = ""
-enable_recursive = 1
-flat_unpack = 0
-par_option = ""
-pre_check = 1
-nice = ""
-win_process_prio = 3
-ionice = ""
-fail_hopeless_jobs = 1
-fast_fail = 1
-auto_disconnect = 1
-no_dupes = 3
-no_series_dupes = 0
-series_propercheck = 1
-pause_on_pwrar = 2
-ignore_samples = 1
-deobfuscate_final_filenames = 0
-auto_sort = ""
-direct_unpack = 1
-direct_unpack_threads = 3
-propagation_delay = 0
-folder_rename = 1
-replace_spaces = 1
-replace_dots = 1
-safe_postproc = 1
-pause_on_post_processing = 0
-sanitize_safe = 0
-cleanup_list = ,
-unwanted_extensions = ,
-action_on_unwanted_extensions = 0
-new_nzb_on_failure = 1
-history_retention = ""
-enable_meta = 1
-quota_size = ""
-quota_day = ""
-quota_resume = 0
-quota_period = m
-rating_enable = 0
-rating_host = ""
-rating_api_key = ""
-rating_filter_enable = 0
-rating_filter_abort_audio = 0
-rating_filter_abort_video = 0
-rating_filter_abort_encrypted = 0
-rating_filter_abort_encrypted_confirm = 0
-rating_filter_abort_spam = 0
-rating_filter_abort_spam_confirm = 0
-rating_filter_abort_downvoted = 0
-rating_filter_abort_keywords = ""
-rating_filter_pause_audio = 0
-rating_filter_pause_video = 0
-rating_filter_pause_encrypted = 0
-rating_filter_pause_encrypted_confirm = 0
-rating_filter_pause_spam = 0
-rating_filter_pause_spam_confirm = 0
-rating_filter_pause_downvoted = 0
-rating_filter_pause_keywords = ""
-enable_tv_sorting = 1
-tv_sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
-tv_sort_countries = 1
-tv_categories = tv,
-enable_movie_sorting = 0
-movie_sort_string = ""
-movie_sort_extra = -cd%1
-movie_extra_folder = 0
-movie_categories = movies,
-enable_date_sorting = 0
-date_sort_string = ""
-date_categories = tv,
-schedlines = ,
-rss_rate = 60
-ampm = 0
-replace_illegal = 1
-start_paused = 0
-enable_all_par = 1
-enable_par_cleanup = 1
-enable_unrar = 1
-enable_unzip = 1
-enable_7zip = 1
-enable_filejoin = 1
-enable_tsjoin = 1
-overwrite_files = 0
-ignore_unrar_dates = 0
-backup_for_duplicates = 1
-empty_postproc = 0
-wait_for_dfolder = 0
-rss_filenames = 0
-api_logging = 1
-html_login = 1
-osx_menu = 1
-osx_speed = 1
-warn_dupl_jobs = 1
-helpfull_warnings = 1
-keep_awake = 1
-win_menu = 1
-allow_incomplete_nzb = 0
-enable_bonjour = 1
-max_art_opt = 0
-ipv6_hosting = 0
-fixed_ports = 1
-api_warnings = 1
-disable_api_key = 0
-no_penalties = 0
-x_frame_options = 1
-require_modern_tls = 0
-num_decoders = 3
-rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/
-req_completion_rate = 100.2
-selftest_host = self-test.sabnzbd.org
-movie_rename_limit = 100M
-size_limit = 0
-show_sysload = 2
-history_limit = 10
-wait_ext_drive = 5
-max_foldername_length = 246
-nomedia_marker = ""
-ipv6_servers = 1
-url_base = /sabnzbd
-host_whitelist = rinoa, sabnzbd.trez.wtf
-max_url_retries = 10
-email_server = ""
-email_to = ,
-email_from = ""
-email_account = ""
-email_pwd = ""
-email_endjob = 0
-email_full = 0
-email_dir = ""
-email_rss = 0
-email_cats = *,
-interface_settings = '{"dateFormat":"fromNow","extraQueueColumns":["category"],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}'
-complete_free = ""
-fulldisk_autoresume = 0
-enable_broadcast = 1
-downloader_sleep_time = 10
-ssdp_broadcast_interval = 15
-unwanted_extensions_mode = 0
-process_unpacked_par2 = 1
-episode_rename_limit = 20M
-socks5_proxy_url = ""
-preserve_paused_state = 0
-helpful_warnings = 1
-allow_old_ssl_tls = 0
-num_simd_decoders = 2
-ext_rename_ignore = ,
-backup_dir = ""
-replace_underscores = 0
-tray_icon = 1
-sorters_converted = 1
-enable_season_sorting = 1
-receive_threads = 2
-switchinterval = 0.005
-end_queue_script = None
-no_smart_dupes = 1
-dupes_propercheck = 1
-enable_multipar = 1
-verify_xff_header = 0
-history_retention_option = all
-history_retention_number = 1
-ipv6_staging = 0
-disable_archive = 0
-config_conversion_version = 4
-disable_par2cmdline = 0
-[logging]
-log_level = 1
-max_log_size = 5242880
-log_backups = 5
-[ncenter]
-ncenter_enable = 0
-ncenter_cats = *,
-ncenter_prio_startup = 0
-ncenter_prio_download = 0
-ncenter_prio_pause_resume = 0
-ncenter_prio_pp = 0
-ncenter_prio_complete = 0
-ncenter_prio_failed = 0
-ncenter_prio_disk_full = 0
-ncenter_prio_new_login = 0
-ncenter_prio_warning = 0
-ncenter_prio_error = 0
-ncenter_prio_queue_done = 0
-ncenter_prio_other = 0
-[acenter]
-acenter_enable = 0
-acenter_cats = *,
-acenter_prio_startup = 0
-acenter_prio_download = 0
-acenter_prio_pause_resume = 0
-acenter_prio_pp = 0
-acenter_prio_complete = 0
-acenter_prio_failed = 0
-acenter_prio_disk_full = 0
-acenter_prio_new_login = 0
-acenter_prio_warning = 0
-acenter_prio_error = 0
-acenter_prio_queue_done = 0
-acenter_prio_other = 0
-[ntfosd]
-ntfosd_enable = 0
-ntfosd_cats = *,
-ntfosd_prio_startup = 0
-ntfosd_prio_download = 0
-ntfosd_prio_pause_resume = 0
-ntfosd_prio_pp = 0
-ntfosd_prio_complete = 0
-ntfosd_prio_failed = 0
-ntfosd_prio_disk_full = 0
-ntfosd_prio_new_login = 0
-ntfosd_prio_warning = 0
-ntfosd_prio_error = 0
-ntfosd_prio_queue_done = 0
-ntfosd_prio_other = 0
-[prowl]
-prowl_enable = 0
-prowl_cats = *,
-prowl_apikey = ""
-prowl_prio_startup = -3
-prowl_prio_download = -3
-prowl_prio_pause_resume = -3
-prowl_prio_pp = -3
-prowl_prio_complete = 0
-prowl_prio_failed = 1
-prowl_prio_disk_full = 1
-prowl_prio_new_login = -3
-prowl_prio_warning = -3
-prowl_prio_error = -3
-prowl_prio_queue_done = 0
-prowl_prio_other = -3
-[pushover]
-pushover_token = ""
-pushover_userkey = ""
-pushover_device = ""
-pushover_emergency_expire = 3600
-pushover_emergency_retry = 60
-pushover_enable = 0
-pushover_cats = *,
-pushover_prio_startup = -3
-pushover_prio_download = -2
-pushover_prio_pause_resume = -2
-pushover_prio_pp = -3
-pushover_prio_complete = -1
-pushover_prio_failed = -1
-pushover_prio_disk_full = 1
-pushover_prio_new_login = -3
-pushover_prio_warning = 1
-pushover_prio_error = 1
-pushover_prio_queue_done = -1
-pushover_prio_other = -3
-[pushbullet]
-pushbullet_enable = 0
-pushbullet_cats = *,
-pushbullet_apikey = ""
-pushbullet_device = ""
-pushbullet_prio_startup = 0
-pushbullet_prio_download = 0
-pushbullet_prio_pause_resume = 0
-pushbullet_prio_pp = 0
-pushbullet_prio_complete = 1
-pushbullet_prio_failed = 1
-pushbullet_prio_disk_full = 1
-pushbullet_prio_new_login = 0
-pushbullet_prio_warning = 0
-pushbullet_prio_error = 0
-pushbullet_prio_queue_done = 0
-pushbullet_prio_other = 0
-[nscript]
-nscript_enable = 0
-nscript_cats = *,
-nscript_script = None
-nscript_parameters = ""
-nscript_prio_startup = 1
-nscript_prio_download = 0
-nscript_prio_pause_resume = 0
-nscript_prio_pp = 0
-nscript_prio_complete = 1
-nscript_prio_failed = 1
-nscript_prio_disk_full = 1
-nscript_prio_new_login = 0
-nscript_prio_warning = 0
-nscript_prio_error = 0
-nscript_prio_queue_done = 1
-nscript_prio_other = 0
-[servers]
-[[news.newshosting.com]]
-name = news.newshosting.com
-displayname = Newshosting
-host = news.newshosting.com
-port = 563
-timeout = 60
-username = thetrezuredone
-password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_PASSWORD'] }}
-connections = 8
-ssl = 1
-ssl_verify = 3
-ssl_ciphers = ""
-enable = 1
-required = 0
-optional = 0
-retention = 0
-expire_date = ""
-quota = ""
-usage_at_start = 0
-priority = 0
-notes = ""
-[[news.easynews.com]]
-name = news.easynews.com
-displayname = EasyNews
-host = news.easynews.com
-port = 443
-timeout = 60
-username = TrezOne
-password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
-connections = 60
-ssl = 0
-ssl_verify = 3
-ssl_ciphers = ""
-enable = 1
-required = 0
-optional = 0
-retention = 0
-expire_date = ""
-quota = ""
-usage_at_start = 0
-priority = 0
-notes = ""
-[categories]
-[[software]]
-name = software
-order = 0
-pp = ""
-script = Default
-dir = ""
-newzbin = ""
-priority = -100
-[[*]]
-name = *
-order = 0
-pp = 3
-script = Default
-dir = ""
-newzbin = ""
-priority = 0
-[[tv]]
-name = tv
-order = 0
-pp = ""
-script = Default
-dir = tv
-newzbin = ""
-priority = -100
-[[audio]]
-name = audio
-order = 0
-pp = 2
-script = Default
-dir = music
-newzbin = ""
-priority = 1
-[[movies]]
-name = movies
-order = 0
-pp = ""
-script = Default
-dir = movies
-newzbin = ""
-priority = -100
-[[ebook]]
-name = ebook
-order = 0
-pp = 2
-script = Default
-dir = ebooks
-newzbin = ""
-priority = -100
-[[prowlarr]]
-name = prowlarr
-order = 0
-pp = ""
-script = Default
-dir = ""
-newzbin = ""
-priority = -1
-[[sonarr]]
-name = sonarr
-order = 1
-pp = ""
-script = Default
-dir = tv
-newzbin = ""
-priority = -100
-[sorters]
-[[Series Sorting]]
-name = Series Sorting
-order = 0
-min_size = 20M
-multipart_label = ""
-sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
-sort_cats = tv,
-sort_type = 1,
-is_active = 1
-[apprise]
-apprise_enable = 1
-apprise_cats = *,
-apprise_urls = apprise://apprise:8000/aef1ab3765b857585e13340f1f5f879b2babcc47b0eccead98a19e0a93fe1a35
-apprise_target_startup = ""
-apprise_target_startup_enable = 0
-apprise_target_download = ""
-apprise_target_download_enable = 0
-apprise_target_pause_resume = ""
-apprise_target_pause_resume_enable = 1
-apprise_target_pp = ""
-apprise_target_pp_enable = 0
-apprise_target_complete = ""
-apprise_target_complete_enable = 1
-apprise_target_failed = ""
-apprise_target_failed_enable = 1
-apprise_target_disk_full = ""
-apprise_target_disk_full_enable = 0
-apprise_target_new_login = ""
-apprise_target_new_login_enable = 1
-apprise_target_warning = ""
-apprise_target_warning_enable = 1
-apprise_target_error = ""
-apprise_target_error_enable = 1
-apprise_target_queue_done = ""
-apprise_target_queue_done_enable = 0
-apprise_target_other = ""
-apprise_target_other_enable = 1
@@ -1,7 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-bolt-path: /opt/scrutiny/influxdb/influxd.bolt
-engine-path: /opt/scrutiny/influxdb/engine
-http-bind-address: ":8086"
-reporting-disabled: true
@@ -1,49 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-[uwsgi]
-# Who will run the code
-uid = searxng
-gid = searxng
-
-# Number of workers (usually CPU count)
-workers = %k
-threads = 4
-
-# The right granted on the created socket
-chmod-socket = 666
-
-# Plugin to use and interpreter config
-single-interpreter = true
-master = true
-plugin = python3
-lazy-apps = true
-enable-threads = 4
-
-# Module to import
-module = searx.webapp
-
-# Virtualenv and python path
-pythonpath = /usr/local/searxng/
-chdir = /usr/local/searxng/searx/
-
-# automatically set processes name to something meaningful
-auto-procname = true
-
-# Disable request logging for privacy
-disable-logging = true
-log-5xx = true
-
-# Set the max size of a request (request-body excluded)
-buffer-size = 8192
-
-# No keep alive
-# See https://github.com/searx/searx-docker/issues/24
-add-header = Connection: close
-
-# uwsgi serves the static files
-static-map = /static=/usr/local/searxng/searx/static
-# expires set to one day
-static-expires = /* 86400
-static-gzip-all = True
-offload-threads = 4
@@ -1,22 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-<Config>
-  <LogLevel>info</LogLevel>
-  <EnableSsl>False</EnableSsl>
-  <Port>8989</Port>
-  <SslPort>9898</SslPort>
-  <UrlBase></UrlBase>
-  <BindAddress>*</BindAddress>
-  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}</ApiKey>
-  <AuthenticationMethod>Forms</AuthenticationMethod>
-  <UpdateMechanism>Docker</UpdateMechanism>
-  <LaunchBrowser>True</LaunchBrowser>
-  <Branch>main</Branch>
-  <InstanceName>Sonarr</InstanceName>
-  <SyslogPort>514</SyslogPort>
-  <AuthenticationRequired>Enabled</AuthenticationRequired>
-  <SslCertPath></SslCertPath>
-  <SslCertPassword></SslCertPassword>
-  <Theme>auto</Theme>
-</Config>
@@ -1,21 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-{
-    "sonarr_address": "http://192.168.1.2:8989",
-    "sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}",
-    "root_folder_path": "/data/media/shows",
-    "tvdb_api_key": "",
-    "tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
-    "fallback_to_top_result": false,
-    "sonarr_api_timeout": 120.0,
-    "quality_profile_id": 1,
-    "metadata_profile_id": 1,
-    "search_for_missing_episodes": true,
-    "dry_run_adding_to_sonarr": false,
-    "minimum_rating": 4.5,
-    "minimum_votes": 50,
-    "language_choice": "all",
-    "auto_start": true,
-    "auto_start_delay": 60.0
-}
@@ -1,238 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-# debug: false
-# remote_configuration: false
-# remote_file_management: false
-# instance_name: default
-# flags:
-#   no_logo: false
-#   no_start: false
-#   no_config_watch: false
-#   no_connect: false
-#   no_share_scan: false
-#   force_share_scan: false
-#   no_version_check: false
-#   log_sql: false
-#   experimental: false
-#   volatile: false
-#   case_sensitive_reg_ex: false
-#   legacy_windows_tcp_keepalive: false
-# relay:
-#   enabled: false
-#   mode: controller # controller (default), agent, or debug (for local development)
-#   # controller config is required when running in 'agent' mode
-#   # this specifies the relay controller that will be controlling this agent
-#   controller:
-#     address: https://some.site.com:5000
-#     ignore_certificate_errors: false
-#     api_key: <a 16-255 character string corresponding to one of the controller's 'readwrite' or 'administrator' API keys>
-#     secret: <a 16-255 character shared secret matching the controller's config for this agent>
-#     downloads: false
-#   # agent config is optional when running in 'controller' mode
-#   # this specifies all of the agents capable of connecting
-#   agents:
-#     my_agent:
-#       instance_name: my_agent # make sure the top-level instance_name of the agent matches!
-#       secret: <a 16-255 character string unique to this agent>
-#       cidr: 0.0.0.0/0,::/0
-# permissions:
-#   file:
-#     mode: ~ # not for Windows, chmod syntax, e.g. 644, 777. can't escalate beyond umask
-# directories:
-#   incomplete: ~
-#   downloads: ~
-# shares:
-#   directories:
-#     - ~
-#   filters:
-#     - \.ini$
-#     - Thumbs.db$
-#     - \.DS_Store$
-#   cache:
-#     storage_mode: memory
-#     workers: 16
-#     retention: ~ # retain indefinitely (do not automatically re-scan)
-# rooms:
-#   - ~
-# global:
-#   upload:
-#     slots: 20
-#     speed_limit: 1000 # in kibibytes
-#   limits:
-#     queued:
-#       files: 500
-#       megabytes: 5000
-#     daily:
-#       files: 1000
-#       megabytes: 10000
-#       failures: 200
-#     weekly:
-#       files: 5000
-#       megabytes: 50000
-#       failures: 1000
-#   download:
-#     slots: 500
-#     speed_limit: 1000
-# groups:
-#   default:
-#     upload:
-#       priority: 500
-#       strategy: roundrobin
-#       slots: 10
-#     limits:
-#       queued:
-#         files: 150
-#         megabytes: 1500
-#       daily: ~ # no daily limits (weekly still apply)
-#       weekly:
-#         files: 1500
-#         megabytes: 15000
-#         failures: 150
-#   leechers:
-#     thresholds:
-#       files: 1
-#       directories: 1
-#     upload:
-#       priority: 999
-#       strategy: roundrobin
-#       slots: 1
-#       speed_limit: 100
-#     limits:
-#       queued:
-#         files: 15
-#         megabytes: 150
-#       daily:
-#         files: 30
-#         megabytes: 300
-#         failures: 10
-#       weekly:
-#         files: 150
-#         megabytes: 1500
-#         failures: 30
-#   blacklisted:
-#     members:
-#       - <username to blacklist>
-#     cidrs:
-#       - <CIDR to blacklist, e.g. 255.255.255.255/32>
-#   user_defined:
-#     my_buddies:
-#       upload:
-#         priority: 250
-#         strategy: firstinfirstout
-#         slots: 10
-#       limits:
-#         queued:
-#           files: 1000 # override global default
-#       members:
-#         - alice
-#         - bob
-# blacklist:
-#   enabled: true
-#   file: <path to file containing CIDRs to blacklist>
-# filters:
-#   search:
-#     request:
-#       - ^.{1,2}$
-# web:
-#   port: 5030
-#   https:
-#     disabled: false
-#     port: 5031
-#     force: false
-#     certificate:
-#       pfx: ~
-#       password: ~
-#   url_base: /
-#   content_path: wwwroot
-#   logging: false
-#   authentication:
-#     disabled: false
-#     username: slskd
-#     password: slskd
-#     jwt:
-#       key: ~
-#       ttl: 604800000
-#     api_keys:
-#       my_api_key:
-#         key: <some example string between 16 and 255 characters>
-#         role: readonly # readonly, readwrite, administrator
-#         cidr: 0.0.0.0/0,::/0
-# retention:
-#   transfers:
-#     upload:
-#       succeeded: 1440 # 1 day
-#       errored: 30
-#       cancelled: 5
-#     download:
-#       succeeded: 1440 # 1 day
-#       errored: 20160 # 2 weeks 
-#       cancelled: 5
-#   files:
-#     complete: 20160 # 2 weeks
-#     incomplete: 43200 # 30 days
-#   logs: 259200 # 180 days
-# logger:
-#   disk: false
-#   no_color: false
-#   loki: ~
-# metrics:
-#   enabled: false
-#   url: /metrics
-#   authentication:
-#     disabled: false
-#     username: slskd
-#     password: slskd
-# feature:
-#   swagger: false
-# soulseek:
-#   address: vps.slsknet.org
-#   port: 2271
-#   username: ~
-#   password: ~
-#   description: |
-#     A slskd user. https://github.com/slskd/slskd
-#   listen_ip_address: 0.0.0.0
-#   listen_port: 50300
-#   diagnostic_level: Info
-#   distributed_network:
-#     disabled: false
-#     disable_children: false
-#     child_limit: 25
-#     logging: false
-#   connection:
-#     timeout:
-#       connect: 10000
-#       inactivity: 15000
-#     buffer:
-#       read: 16384
-#       write: 16384
-#       transfer: 262144
-#       write_queue: 250
-#     proxy:
-#       enabled: false
-#       address: ~
-#       port: ~
-#       username: ~
-#       password: ~
-# integration:
-#   ftp:
-#     enabled: false
-#     address: ~
-#     port: ~
-#     username: ~
-#     password: ~
-#     remote_path: /
-#     encryption_mode: auto
-#     ignore_certificate_errors: false
-#     overwrite_existing: true
-#     connection_timeout: 5000
-#     retry_attempts: 3
-#   pushbullet:
-#     enabled: false
-#     access_token: ~
-#     notification_prefix: "From slskd:"
-#     notify_on_private_message: true
-#     notify_on_room_mention: true
-#     retry_attempts: 3
-#     cooldown_time: 900000
@@ -1,29 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-<?xml version='1.0' encoding='UTF-8'?>
-
-<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
-
-<properties>
-
-    <entry key='config.default'>./conf/default.xml</entry>
-
-    <!--
-
-    This is the main configuration file. All your configuration parameters should be placed in this file.
-
-    Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
-    with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
-    remove "config.default" parameter from this file unless you know what you are doing.
-
-    For list of available parameters see following page: https://www.traccar.org/configuration-file/
-
-    -->
-
-    <entry key='database.driver'>org.postgresql.Driver</entry>
-    <entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
-    <entry key='database.user'>traccar</entry>
-    <entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry>
-
-</properties>
@@ -1,29 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-{
-    "always_keep_failed_tasks": true,
-    "auto_manage_completed_tasks": false,
-    "cache_path": "/tmp/unmanic",
-    "clear_pending_tasks_on_restart": false,
-    "concurrent_file_testers": 2,
-    "config_path": "/config/.unmanic/config",
-    "debugging": false,
-    "distributed_worker_count_target": 0,
-    "enable_library_scanner": false,
-    "first_run": false,
-    "follow_symlinks": true,
-    "installation_name": "Unmanic @ Rinoa",
-    "library_path": "/library",
-    "log_path": "/config/.unmanic/logs",
-    "max_age_of_completed_tasks": 91,
-    "number_of_workers": null,
-    "plugins_path": "/config/.unmanic/plugins",
-    "release_notes_viewed": "0.2.8",
-    "remote_installations": [],
-    "run_full_scan_on_start": false,
-    "schedule_full_scan_minutes": 1440,
-    "ui_port": 8888,
-    "userdata_path": "/config/.unmanic/userdata",
-    "worker_event_schedules": null
-}
@@ -1,19 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-nodes:
-  # Wazuh indexer server nodes
-  indexer:
-    - name: wazuh.indexer
-      ip: wazuh.indexer
-
-  # Wazuh server nodes
-  # Use node_type only with more than one Wazuh manager
-  server:
-    - name: wazuh.manager
-      ip: wazuh.manager
-
-  # Wazuh dashboard node
-  dashboard:
-    - name: wazuh.dashboard
-      ip: wazuh.dashboard
@@ -1,33 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-network.host: "0.0.0.0"
-node.name: "wazuh.indexer"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-discovery.type: single-node
-http.port: 9200-9299
-transport.tcp.port: 9300-9399
-compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
@@ -1,10 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-hosts:
-  - 1513629884013:
-      url: "https://wazuh.manager"
-      port: 55000
-      username: wazuh-wui
-      password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}
-      run_as: false
@@ -1,19 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-ydl_server:   # youtube-dl-server specific settings
-  port: 8080      # Port youtube-dl-server should listen on
-  host: 0.0.0.0   # IP youtube-dl-server should bind to
-  debug: False    # Enable/Disable debug mode
-  metadata_db_path: '/youtube-dl/.ydl-metadata.db' # Path to metadata DB
-  output_playlist: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # Playlist output directory template
-  update_poll_delay_min: 1440 # Automatically check for updates every 24h
-  max_log_entries: 100 # Maximum number of job log history to keep
-  forwarded_allow_ips: None # uvicorn Comma seperated list of IPs to trust with proxy headers.
-  proxy_headers: True # uvicorn flag Enable/Disable X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Port to populate remote address info.
-
-ydl_options:  # youtube-dl options
-  output: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # output directory template
-  cache-dir: '/youtube-dl/.cache' # youtube-dl cache directory
-  ignore-errors: True # instruct youtube-dl to skip errors
-  age-limit: 6 # minimal age requirement / parental control setting
@@ -1,43 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
-Log:
-  Level: 'debug'
-
-# Make ZITADEL accessible over HTTPs, not HTTP
-ExternalSecure: true
-ExternalDomain: 'id.trez.wtf'
-ExternalPort: 443
-
-# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
-Database:
-  postgres:
-    Host: 'zitadel-pg-db'
-    Port: 5432
-    Database: zitadel
-    User:
-      SSL:
-        Mode: 'disable'
-    Admin:
-      SSL:
-        Mode: 'disable'
-
-DefaultInstance:
-  DomainPolicy:
-    UserLoginMustBeDomain: false
-
-LogStore:
-  Access:
-    Stdout:
-      Enabled: true
-
-SMTPConfiguration:
-    # Configuration of the host
-    SMTP:
-      # must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
-      Host: 'postal-smtp:25'
-      User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
-      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
-    From: 'noreply@trez.wtf'
-    FromName: 'Zitadel @ Rinoa'
@@ -1,13 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
-FirstInstance:
-  Org:
-    Human:
-      # use the loginname root@my-org.my.domain
-      Username: 'root'
-      Password: 'RootPassword1!'
-      Email:
-        Address: 'charish.patel@trez.wtf'
-        Verified: true
@@ -1,13 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
-Database:
-  postgres:
-    User:
-      # If the user doesn't exist already, it is created
-      Username: 'zitadel'
-      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }}
-    Admin:
-      Username: 'root'
-      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }}
@@ -1,4 +0,0 @@
---
-collections:
-  - name: community.hashi_vault
-    version: 6.2.0
@@ -1,20 +0,0 @@
---
- name: Deploy Docker Service Configurations
-  hosts: rinoa
-  vars:
-    appdata_base_path: "~/.docker/config/appdata"
-
-  tasks:
-    - name: Ensure target directories exist
-      ansible.builtin.file:
-        path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
-        state: directory
-        mode: '0755'
-      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
-
-    - name: Deploy configuration templates
-      ansible.builtin.template:
-        src: "{{ item }}"
-        dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
-        mode: '0644'
-      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
@@ -1,14 +0,0 @@
-vault_addr: "https://vault.trez.wtf"
-vault_token: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  66373236656261373330343233616231386539616566613864306436613635323533336365383232
-  6636653139393566643265303135343864363632393035380a643566373137316363626438356431
-  64653237313866316537326565386164373564353166346334663638636531353337303937346466
-  3539366634393337620a653133336530333963343638643934303336653935363932643665353234
-  63343565663632633563396131346139666236313863663332386131633831633566373366613738
-  63343634313539336534666632313736343338623538303434316230383764643432646663356238
-  61373132633062346436363036333533623931313037306633616662623032616137613734343638
-  63633031616161623437623935346366636433653435646333313638376161663237323130636433
-  31383031646666626163323966393738386233346137326231366263316532343563
-vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
-secrets_path: "rinoa-docker/env"
@@ -1,13 +0,0 @@
-rinoa:
-        ansible_host: 192.168.1.254
-        ansible_python_interpreter: /usr/bin/python3
-        ansible_ssh_port: 22
-        ansible_ssh_user: charish
-        ansible_ssh_pass: !vault |
-                $ANSIBLE_VAULT;1.1;AES256
-                38346631616139316365316566386362396661323163306339303635646331373061323531626431
-                3435373031363739356261656239633835393963636663370a613166653463656337666366633639
-                37373637326633363430633336646165343764303063663636313835326130663532323037663331
-                6332353339656134370a353435396532663932313535646636333262353238386331313764633635
-                63383065623930653134666261353439366535646661383434386261393232373432353937636535
-                3432336137393737643735346665303832653630316439333565
@@ -1,12 +0,0 @@
---
-all:
-  hosts:
-    benedikta:
-      ansible_host: 192.168.1.241
-      ansible_user: charish
-    rikku:
-      ansible_host: 192.168.1.253
-      ansible_user: pi
-    rinoa:
-      ansible_host: 192.168.1.254
-      ansible_user: charish
@@ -1,7 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65353131326537376561616630666531353731653835306564323565383332653437633533313932
-6239663065306339366536326432323534303364663862350a353034623936363066303164333434
-32666331326332363463383234316136323031626330366132643034376439616339396662636236
-3633393039376438630a326138653031656465373966356564336463643465613638313838393166
-36626366356266636535613862333631386231626134376264363731353264613261633037646662
-6431393837653564366531316332616232336365636533643036
@@ -22,16 +22,6 @@ services:
      # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
      # !! If you are not using any of these options, remove the 'environment:' tag entirely.
    image: docker.io/actualbudget/actual-server:latest
-    labels:
-      swag: enable
-      swag_port: 5006
-      swag_proto: http
-      swag_url: fin.${MY_TLD}
-      homepage.group: Lifestyle
-      homepage.name: Actual Budget
-      homepage.icon: actual-budget.svg
-      homepage.href: https://fin.${MY_TLD}
-      homepage.description: Privacy-focused app for managing finances
    ports:
      - 5006:5006
    restart: unless-stopped
@@ -553,7 +543,7 @@ services:
      homepage.group: Privacy/Security
      homepage.name: Bunkerweb
      homepage.href: https://bunker.${MY_TLD}
-      homepage.icon: bunkerweb.svg
+      homepage.icon: bunker.svg
      homepage.description: Next-gen WAF
      swag: enable
      swag_port: 7000
@@ -566,10 +556,7 @@ services:
  castopod:
    container_name: castopod
    depends_on:
-      mariadb:
-        condition: service_started
-        required: true
-        restart: true
+      - mariadb
    environment:
      MYSQL_DATABASE: castopod
      MYSQL_USER: castopod
@@ -1167,7 +1154,7 @@ services:
      GITEA__mailer__SMTP_PORT: 25
      GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
      GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
-    image: gitea/gitea:1.23.1
+    image: gitea/gitea:1.22.6
    labels:
      homepage.group: Code/DevOps
      homepage.name: Gitea
@@ -1195,7 +1182,7 @@ services:
    restart: always
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/gitea
-        target: /data/gitea
+        target: /data
        type: bind
        bind:
          create_host_path: true
@@ -1719,7 +1706,6 @@ services:
      mariadb:
        condition: service_started
        required: true
-        restart: true
    environment:
      APP_ADMIN_EMAIL: charish.patel@trez.wtf
      APP_ADMIN_PASSWORD: ${HORTUSFOX_ADMIN_PASSWORD}
@@ -1816,7 +1802,7 @@ services:
        db:
          dbname: invidious
          user: kemal
-          password: ${INVID_PG_DB_PASSWORD}
+          password: kemal
          host: invidious-db
          port: 5432
        check_tables: true
@@ -1855,7 +1841,7 @@ services:
    container_name: invidious-db
    environment:
      POSTGRES_DB: invidious
-      POSTGRES_PASSWORD: ${INVID_PG_DB_PASSWORD}
+      POSTGRES_PASSWORD: kemal
      POSTGRES_USER: kemal
    healthcheck:
      test:
@@ -1882,11 +1868,6 @@ services:
          create_host_path: true
  invoice_ninja:
    container_name: invoice_ninja
-    depends_on:
-      mariadb:
-        condition: service_started
-        required: true
-        restart: true
    environment:
      APP_DEBUG: true
      APP_KEY: ${IN_APP_KEY}
@@ -1991,7 +1972,7 @@ services:
      homepage.group: Professional Services
      homepage.name: Invoice Ninja
      homepage.href: https://biz.${MY_TLD}
-      homepage.icon: invoice-ninja.svg
+      homepage.icon: invoiceninja.svg
      homepage.description: Simple invoicing, multiple payment options, expense and vendor management, and more!
    networks:
      default: null
@@ -2695,6 +2676,121 @@ services:
        published: "22300"
        target: 22300
    restart: unless-stopped
+  komodo-core:
+    container_name: komodo-core
+    depends_on:
+      - komodo-ferretdb
+      - komodo-periphery
+    image: ghcr.io/mbecker20/komodo:latest
+    labels:
+      homepage.group: System Administration
+      homepage.name: Komodo
+      homepage.href: https://komodo.${MY_TLD}
+      homepage.icon: /icons/komodo.png
+      homepage.description: Open-source note taking & to-do
+      komodo.skip: a
+      swag: enable
+      swag_url: komodo.${MY_TLD}
+      swag_port: 9120
+      swag_proto: http
+    ports:
+      - 9120:9120
+    restart: always
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/komodo/core.config.toml:/config/config.toml
+  komodo-ferretdb:
+    container_name: komodo-ferretdb
+    depends_on:
+      - komodo-pg-db
+    image: ghcr.io/ferretdb/ferretdb
+    labels:
+      komodo.skip: a
+    restart: unless-stopped
+    expose:
+      - 27017
+    environment:
+      - FERRETDB_POSTGRESQL_URL=postgres://komodo-pg-db:5432/komodo
+  komodo-periphery:
+    container_name: komodo-periphery
+    environment:
+      DOCKER_HOST: tcp://dockerproxy:2375
+      PERIPHERY_PASSKEYS: ${KOMODO_PASSKEY}
+      PERIPHERY_SSL_ENABLED: false
+      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
+      # PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos
+    expose:
+      - 8120
+    image: ghcr.io/mbecker20/periphery:latest
+    labels:
+      komodo.skip: a
+    restart: always
+    volumes:
+      - /proc:/proc
+  komodo-pg-db:
+    container_name: komodo-pg-db
+    environment:
+      POSTGRES_USER: komodo
+      POSTGRES_PASSWORD: ${KOMODO_PG_DB_PASSWORD}
+      POSTGRES_DB: komodo
+    expose:
+      - 5432
+    labels:
+      komodo.skip: a
+    image: postgres:17-alpine
+    restart: unless-stopped
+    volumes:
+      - komodo-pg-data:/var/lib/postgresql/data
+  librespeed:
+    container_name: librespeed
+    environment:
+      DB_HOSTNAME: 
+      DB_NAME: 
+      DB_PASSWORD: 
+      DB_TYPE: sqlite
+      DB_USERNAME: 
+      PASSWORD: 
+      PGID: 1000
+      PUID: 1000
+      TZ: America/New_York
+      DOCKER_MODS: ghcr.io/themepark-dev/theme.park:librespeed
+    hostname: Rinoa
+    image: lscr.io/linuxserver/librespeed:latest
+    labels:
+      homepage.group: System Administration
+      homepage.name: LibreSpeed
+      homepage.href: https://speed.${MY_TLD}
+      homepage.icon: librespeed.png
+      homepage.description: Speed test
+      homepage: enable
+      homepage_proto: http
+      homepage_url: speed.${MY_TLD}
+      homepage.uptime-kuma.enabled: true
+      homepage.uptime-kuma.monitor.url: https://speed.${MY_TLD}
+    networks:
+      default: null
+    ports:
+      - mode: ingress
+        protocol: tcp
+        published: "8014"
+        target: 80
+    restart: unless-stopped
+    volumes:
+      - bind:
+          create_host_path: true
+        read_only: true
+        source: /etc/localtime
+        target: /etc/localtime
+        type: bind
+      - bind:
+          create_host_path: true
+        source: ${DOCKER_VOLUME_CONFIG}/librespeed
+        target: /config
+        type: bind
+      - bind:
+          create_host_path: true
+        source: /rinoa-storage
+        target: /storage
+        type: bind
  lidarr:
    container_name: lidarr
    environment:
@@ -2929,9 +3025,9 @@ services:
      PGID: 1000
      PUID: 1000
      TZ: America/New_York
-      MYSQL_PASSWORD: ${NEXTCLOUD_MARIADB_PASSWORD}
+      MYSQL_PASSWORD: VQU23wHKRNmfpAPt5E9BxMaSGJdWjLuz
    hostname: Rinoa
-    image: linuxserver/mariadb
+    image: ghcr.io/linuxserver/mariadb
    networks:
      default: null
    ports:
@@ -2962,58 +3058,6 @@ services:
        type: bind
        bind:
          create_host_path: true
-  mastodon:
-    container_name: mastodon
-    environment:
-      PUID: ${PUID}
-      PGID: ${PGID}
-      TZ: ${TZ}
-      LOCAL_DOMAIN: trez.wtf
-      REDIS_HOST: redis
-      REDIS_PORT: 6379
-      DB_HOST: mastodon-pg-db
-      DB_USER: mastodon
-      DB_NAME: mastodon
-      DB_PASS: ${MASTODON_PG_DB_PASSWORD}
-      DB_PORT: 5432
-      ES_ENABLED: false
-      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: 
-      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: 
-      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: 
-      SECRET_KEY_BASE: 
-      OTP_SECRET: 
-      VAPID_PRIVATE_KEY: 
-      VAPID_PUBLIC_KEY: 
-      SMTP_SERVER: postal-smtp
-      SMTP_PORT: 25
-      SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER}
-      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
-      SMTP_FROM_ADDRESS: noreply@trez.wtf
-      S3_ENABLED: true
-      S3_BUCKET: mastodon
-      AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY}
-      AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY}
-    image: lscr.io/linuxserver/mastodon:latest
-    labels:
-      swag: enable
-      swag_proto: http
-      swag_port: 5678
-      swag_url: mastodon.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD}
-      homepage.group: Social
-      homepage.name: Mastodon
-      homepage.href: https://mastodon.${MY_TLD}
-      homepage.icon: mastodon.svg
-      homepage.description: Open-source social network
-      homepage.widget.type: mastodon
-      homepage.widget.url: http://mastodon
-    ports:
-      - 9044:80
-      - 3444:443
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/mastodon:/config
  mastodon-pg-db:
    container_name: mastodon-pg-db
    environment:
@@ -3202,122 +3246,6 @@ services:
        type: bind
        bind:
          create_host_path: true
-  netbird-dashboard:
-    container_name: netbird-dashboard
-    environment:
-      # Endpoints
-      NETBIRD_MGMT_API_ENDPOINT: https://netbird.${MY_TLD}:33073
-      NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.${MY_TLD}:33073
-      # OIDC
-      AUTH_AUDIENCE: ${NETBIRD_ZITADEL_CLIENT_ID}
-      AUTH_CLIENT_ID: ${NETBIRD_ZITADEL_CLIENT_ID}
-      AUTH_CLIENT_SECRET: ${NETBIRD_ZITADEL_CLIENT_SECRET}
-      AUTH_AUTHORITY: https://id.${MY_TLD}
-      USE_AUTH0: false
-      AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
-      AUTH_REDIRECT_URI: /auth
-      AUTH_SILENT_REDIRECT_URI: /silent-auth
-      NETBIRD_TOKEN_SOURCE: accessToken
-      # SSL
-      NGINX_SSL_PORT: 443
-      # Letsencrypt
-      LETSENCRYPT_DOMAIN:
-      LETSENCRYPT_EMAIL:
-    image: netbirdio/dashboard:latest
-    labels:
-      homepage.group: Privacy/Security
-      homepage.name: Netbird
-      homepage.href: https://netbird.${MY_TLD}
-      homepage.icon: netbird.svg
-      homepage.description: Peer-to-peer private network and centralized access control system
-      swag: enable
-      swag_proto: http
-      swag_port: 80
-      swag_auth: authelia
-      swag_url: netbird.${MY_TLD}
-      swag_server_custom_directive: |
-        location /signalexchange.SignalExchange/ {
-            grpc_pass grpc://netbird-signal;
-            #grpc_ssl_verify off;
-            grpc_read_timeout 1d;
-            grpc_send_timeout 1d;
-            grpc_socket_keepalive on;
-        }
-        # Proxy Management http endpoint
-        location /api {
-            proxy_pass http://netbird-management;
-        }
-        # Proxy Management grpc endpoint
-        location /management.ManagementService/ {
-            grpc_pass grpc://netbird-management;
-            #grpc_ssl_verify off;
-            grpc_read_timeout 1d;
-            grpc_send_timeout 1d;
-            grpc_socket_keepalive on;
-        }
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://netbird.${MY_TLD}
-    ports:
-      - 32908:80
-      - 36610:443
-    restart: unless-stopped
-    volumes:
-      - netbird-letsencrypt:/etc/letsencrypt/
-  netbird-signal:
-    container_name: netbird-signal
-    image: netbirdio/signal:latest
-    ports:
-      - 10001:80
-    restart: unless-stopped
-    volumes:
-      - netbird-signal:/var/lib/netbird
-  netbird-relay:
-    image: netbirdio/relay:latest
-    restart: unless-stopped
-    environment:
-      NB_LOG_LEVEL: info
-      NB_LISTEN_ADDRESS: :33080
-      NB_EXPOSED_ADDRESS: netbird.${MY_TLD}:33080
-      # todo: change to a secure secret
-      NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET}
-    ports:
-      - 33080:33080
-  netbird-management:
-    command: [
-      "--port", "443",
-      "--log-file", "console",
-      "--log-level", "info",
-      "--disable-anonymous-metrics=false",
-      "--single-account-mode-domain=netbird.${MY_TLD}",
-      "--dns-domain=netbird.selfhosted"
-      ]
-    container_name: netbird-management
-    depends_on:
-      netbird-dashboard:
-        condition: service_started
-    environment:
-      NETBIRD_STORE_ENGINE_POSTGRES_DSN:
-      NETBIRD_STORE_ENGINE_MYSQL_DSN:
-    image: netbirdio/management:latest
-    restart: unless-stopped
-    volumes:
-      - netbird-mgmt:/var/lib/netbird
-      - netbird-letsencrypt:/etc/letsencrypt:ro
-      - ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json
-    ports:
-      - 33073:443 #API port
-  netbird-coturn:
-    command:
-      - -c /etc/turnserver.conf
-    container_name: netbird-coturn
-    image: coturn/coturn:latest
-    restart: unless-stopped
-    #domainname: netbird.${MY_TLD} # only needed when TLS is enabled
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro
-    #      - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro
-    #      - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro
-    network_mode: host
  netbox:
    container_name: netbox
    depends_on:
@@ -3383,11 +3311,6 @@ services:
        volume: {}
  nextcloud:
    container_name: nextcloud
-    depends_on:
-      mariadb:
-        condition: service_started
-        required: true
-        restart: true
    environment:
      PGID: 1000
      PUID: 1000
@@ -3500,11 +3423,6 @@ services:
        type: bind
  paperless-ngx:
    container_name: paperless-ngx
-    depends_on:
-      mariadb:
-        condition: service_started
-        required: true
-        restart: true
    environment:
      PAPERLESS_DBENGINE: mariadb
      PAPERLESS_DBHOST: mariadb
@@ -3559,52 +3477,6 @@ services:
        type: bind
        bind:
          create_host_path: true
-  pgbackweb:
-    container_name: pgbackweb
-    depends_on:
-      pgbackweb-db:
-        condition: service_healthy
-    environment:
-      PBW_ENCRYPTION_KEY: ${PGBACKWEB_ENCRYPTION_KEY}
-      PBW_POSTGRES_CONN_STRING: "postgresql://pgbackweb:${PGBACKWEB_PG_DB_PASSWD}@pgbackweb-db:5432/pgbackweb?sslmode=disable"
-      TZ: ${TZ}
-    image: eduardolat/pgbackweb:latest
-    labels:
-      homepage.group: System Administration
-      homepage.name: PGBackweb
-      homepage.href: https://pg.${MY_TLD}
-      homepage.icon: sh-pg-back-web.svg
-      homepage.description: Backups for PostgreSQL
-      swag: enable
-      swag_proto: http
-      swag_port: 8085
-      swag_url: pg.${MY_TLD}
-    ports:
-      - "8085:8085" # Access the web interface at http://localhost:8085
-    restart: unless-stopped
-  pgbackweb-db:
-    container_name: pgbackweb-db
-    environment:
-      POSTGRES_USER: pgbackweb
-      POSTGRES_DB: pgbackweb
-      POSTGRES_PASSWORD: ${PGBACKWEB_PG_DB_PASSWD}
-    expose:
-      - 5432
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
-    image: postgres:16-alpine
-    restart: unless-stopped
-    volumes:
-      - pgbackweb-data:/var/lib/postgresql/data
-  plantuml-server:
-    container_name: plantuml-server
-    expose:
-      - 8080
-    image: 'plantuml/plantuml-server:jetty'
-    restart: unless-stopped
  plausible:
    command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
    container_name: plausible
@@ -4290,6 +4162,43 @@ services:
        type: bind
        bind:
          create_host_path: true
+  semaphore:
+    container_name: semaphore
+    environment:
+      ANSIBLE_HOST_KEY_CHECKING: false
+      SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD}
+      SEMAPHORE_ADMIN_NAME: admin
+      SEMAPHORE_ADMIN_EMAIL: charish.patel@pm.me
+      SEMAPHORE_ADMIN: admin
+      SEMAPHORE_DB_DIALECT: bolt
+      SEMAPHORE_EMAIL_ALERT: true
+      SEMAPHORE_EMAIL_SENDER: noreply@trez.wtf
+      SEMAPHORE_EMAIL_HOST: postal-smtp
+      SEMAPHORE_EMAIL_PORT: 25
+      SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}  
+      SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      SEMAPHORE_EMAIL_SECURE: false
+      SEMAPHORE_USE_REMOTE_RUNNER: true
+    image: semaphoreui/semaphore:v2.10.32
+    labels:
+      homepage.group: Code/DevOps
+      homepage.name: Semaphore
+      homepage.href: https://devops.${MY_TLD}
+      homepage.icon: semaphore.svg
+      homepage.description: Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools
+      swag: enable
+      swag_port: 3000
+      swag_proto: http
+      swag_url: devops.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://devops.${MY_TLD}
+    ports:
+      - 3015:3000
+    restart: unless-stopped
+    volumes:
+      - semaphore_config:/etc/semaphore
+      - semaphore_data:/var/lib/semaphore
+      - semaphore_tmp:/tmp/semaphore
  slurpit-portal:
    container_name: slurpit-portal
    environment:
@@ -4580,31 +4489,6 @@ services:
        type: bind
        bind:
          create_host_path: true
-  speedtest-tracker:
-    container_name: speedtest-tracker
-    image: lscr.io/linuxserver/speedtest-tracker:latest
-    environment:
-        PUID: ${PUID}
-        PGID: ${PGID}
-        APP_KEY: ${SPEEDTEST_TRACKER_APP_KEY}
-        DB_CONNECTION: sqlite
-    labels:
-      homepage.name: Speedtest Tracker
-      homepage.group: System Administration
-      homepage.description: Self-hosted internet performance tracking
-      homepage.href: https://speed.${MY_TLD}
-      homepage.icon: speedtest-tracker.png
-      swag: enable
-      swag_proto: http
-      swag_url: speed.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://slsk.${MY_TLD}
-    ports:
-        - 47512:80
-        - 62777:443
-    restart: unless-stopped
-    volumes:
-        - ${DOCKER_VOLUME_CONFIG}/speedtest-tracker:/config
  spotisub:
    container_name: spotisub
    environment:
@@ -4760,7 +4644,7 @@ services:
      homepage.group: Lifestyle
      homepage.name: Tandoor Recipes
      homepage.href: https://recipes.${MY_TLD}
-      homepage.icon: tandoor-recipes.svg
+      homepage.icon: tandoor.svg
      homepage.description: Recipes, cookbooks, meal-planning, & grocery lists
      homepage.widget.type: tandoor
      homepage.widget.url: http://tandoor-recipes:8080
@@ -6188,7 +6072,6 @@ services:
      mariadb:
        condition: service_started
        required: true
-        restart: true
      redis:
        condition: service_started
        required: true
@@ -6367,7 +6250,7 @@ services:
      homepage.group: Privacy/Security
      homepage.name: Wazuh
      homepage.href: https://wsec.${MY_TLD}
-      homepage.icon: wazuh.svg
+      homepage.icon: wazuh-opaque.png
      homepage.description: OSS Security Platform for XDR/SIEM
    links:
      - wazuh.indexer:wazuh.indexer
@@ -6630,32 +6513,6 @@ services:
        published: "8900"
        target: 8080
    restart: unless-stopped
-  yacht:
-    container_name: yacht
-    depends_on:
-      docker-socket-proxy:
-        condition: service_started
-        required: true
-    environment:
-      DOCKER_HOST: tcp://dockerproxy:2375
-    image: selfhostedpro/yacht
-    labels:
-      homepage.group: System Administration
-      homepage.name: Yacht
-      homepage.href: https://yacht.${MY_TLD}
-      homepage.icon: yacht.svg
-      homepage.description: Web interface for managing docker containers
-      swag: enable
-      swag_proto: http
-      swag_port: 8000
-      swag_url: yacht.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://yacht.${MY_TLD}
-    ports:
-      - 19733:8000
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/yacht:/config
  your_spotify:
    container_name: your_spotify
    environment:
@@ -6703,7 +6560,7 @@ services:
    labels:
      homepage.group: Downloaders
      homepage.name: YoutubeDL
-      homepage.icon: youtube-dl.svg
+      homepage.icon: youtubedl.png
      homepage.href: https://ytdl.${MY_TLD}
      homepage.description: YouTube Downloader
      swag: enable
@@ -7115,7 +6972,6 @@ services:
      homepage.href: https://id.${MY_TLD}
      homepage.icon: zitadel.svg
      homepage.description: Centralized authentication management
-    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/zitadel/config.yaml:/config.yaml
      - ${DOCKER_VOLUME_CONFIG}/zitadel/init-steps.yaml:/init-steps.yaml
@@ -7134,7 +6990,7 @@ services:
      retries: 5
      start_period: '20s'
    image: postgres:16-alpine
-    restart: unless-stopped
+    restart: always
    volumes: 
      - zitadel-pg-db:/var/lib/postgresql/data
 volumes:
@@ -7190,6 +7046,8 @@ volumes:
    name: jitsi-web-admin-upload
  joplin_data:
    name: joplin_data
+  komodo-pg-data:
+    name: komodo-pg-data
  lldap_data:
    name: lldap_data
  localai_data:
@@ -7202,12 +7060,6 @@ volumes:
    name: mongo1_data
  n8n-data:
    name: n8n-data
-  netbird-mgmt:
-    name: netbird-mgmt
-  netbird-signal:
-    name: netbird-signal
-  netbird-letsencrypt:
-    name: netbird-letsencrypt
  netbox-pg-db:
    name: netbox-pg-db
  ollama:
@@ -7218,8 +7070,6 @@ volumes:
    name: paperless-ngx-media
  paperless-ngx-pg:
    name: paperless-ngx-pg
-  pgbackweb-data:
-    name: pgbackweb-data
  plausible-db-data:
    name: plausible-db-data
  plausible-event-data:
@@ -7228,6 +7078,12 @@ volumes:
    name: plausible-event-logs
  reactive-resume-pg:
    name: reactive-resume-pg
+  semaphore_config:
+    name: semaphore_config
+  semaphore_data:
+    name: semaphore_data
+  semaphore_tmp:
+    name: semaphore_tmp
  sonarqube-data:
    name: sonarqube-data
  sonarqube-db:
@@ -0,0 +1,842 @@
+# Global Settings
+COMPOSE_HTTP_TIMEOUT=''
+DOCKER_GID=''
+DOCKER_HOSTNAME=''
+DOCKER_VOLUME_CONFIG=''
+DOCKER_VOLUME_STORAGE=''
+PGID=''
+PUID=''
+TZ=''
+MY_TLD=''
+# END OF DEFAULT SETTINGS
+
+##
+## ADDY
+##
+ADDY_ANONADDY_ADDITIONAL_USERNAME_LIMIT=''
+ADDY_ANONADDY_ADMIN_USERNAME=''
+ADDY_ANONADDY_ALL_DOMAINS=''
+ADDY_ANONADDY_BANDWIDTH_LIMIT=''
+ADDY_ANONADDY_DKIM_SELECTOR=''
+ADDY_ANONADDY_DKIM_SIGNING_KEY=''
+ADDY_ANONADDY_DNS_RESOLVER=''
+ADDY_ANONADDY_DOMAIN=''
+ADDY_ANONADDY_HOSTNAME=''
+ADDY_ANONADDY_LIMIT=''
+ADDY_ANONADDY_NEW_ALIAS_LIMIT=''
+ADDY_ANONADDY_RETURN_PATH=''
+ADDY_ANONADDY_SECRET=''
+ADDY_ANONADDY_SIGNING_KEY_FINGERPRINT=''
+ADDY_APP_KEY=''
+ADDY_APP_URL=''
+ADDY_DB_PASSWORD=''
+ADDY_MAIL_ENCRYPTION=''
+ADDY_MAIL_FROM_ADDRESS=''
+ADDY_MAIL_FROM_NAME=''
+ADDY_POSTFIX_DEBUG=''
+ADDY_POSTFIX_MESSAGE_SIZE_LIMIT=''
+ADDY_POSTFIX_RELAYHOST=''
+ADDY_POSTFIX_RELAYHOST_AUTH_ENABLE=''
+ADDY_POSTFIX_SMTPD_TLS_CERT_FILE=''
+ADDY_POSTFIX_SMTPD_TLS_KEY_FILE=''
+ADDY_POSTFIX_SPAMHAUS_DQS_KEY=''
+ADDY_REDIS_PASSWORD=''
+ADDY_RSPAMD_NO_LOCAL_ADDRS=''
+ADDY_RSPAMD_WEB_PASSWORD=''
+
+##
+## ADGUARD
+##
+ADGUARD_CONTAINER_NAME=''
+ADGUARD_ENABLED=''
+ADGUARD_ENVIRONMENT_SERVERIP=''
+ADGUARD_NETWORK_MODE=''
+ADGUARD_PORT_3000=''
+ADGUARD_PORT_443=''
+ADGUARD_PORT_53=''
+ADGUARD_PORT_67=''
+ADGUARD_PORT_68=''
+ADGUARD_PORT_80=''
+ADGUARD_PORT_853=''
+ADGUARD_RESTART=''
+ADGUARD_TAG=''
+
+##
+## ADGUARD
+##
+ADGUARD_CF_TUNNEL_PASSWORD=''
+ADGUARD_PASSWORD=''
+
+##
+## ANYTHINGLLM
+##
+ANYTHINGLLM_JWT_SECRET=''
+
+##
+## APPRISE
+##
+APPRISE_CONTAINER_NAME=''
+APPRISE_ENABLED=''
+APPRISE_NETWORK_MODE=''
+APPRISE_PORT_8000=''
+APPRISE_RESTART=''
+APPRISE_TAG=''
+
+##
+## AUDIOBOOKSHELF
+##
+AUDIOBOOKSHELF_CONTAINER_NAME=''
+AUDIOBOOKSHELF_ENABLED=''
+AUDIOBOOKSHELF_NETWORK_MODE=''
+AUDIOBOOKSHELF_PORT_80=''
+AUDIOBOOKSHELF_RESTART=''
+AUDIOBOOKSHELF_TAG=''
+
+##
+## AUDIOBOOKSHELF
+##
+AUDIOBOOKSHELF_ROOT_API_KEY=''
+
+##
+## AUTHELIA
+##
+AUTHELIA_AUTH_BIND_LDAP_PASSWORD=''
+AUTHELIA_JWT_SECRET=''
+AUTHELIA_SESSION_SECRET=''
+AUTHELIA_STORAGE_ENCRYPTION_KEY=''
+AUTHELIA_STORAGE_POSTGRES_PASSWORD=''
+
+##
+## BAZARR
+##
+BAZARR_CONTAINER_NAME=''
+BAZARR_ENABLED=''
+BAZARR_NETWORK_MODE=''
+BAZARR_PORT_6767=''
+BAZARR_RESTART=''
+BAZARR_TAG=''
+BAZARR_API_KEY=''
+##
+## BITMAGNET
+##
+BITMAGNET_POSTGRESQL_PASSWORD=''
+
+##
+## BITWARDEN
+##
+BITWARDEN_CONTAINER_NAME=''
+BITWARDEN_ENABLED=''
+BITWARDEN_ENVIRONMENT_ADMIN_TOKEN=''
+BITWARDEN_ENVIRONMENT_DATABASE_URL=''
+BITWARDEN_ENVIRONMENT_DISABLE_ADMIN_TOKEN=''
+BITWARDEN_ENVIRONMENT_DOMAIN=''
+BITWARDEN_ENVIRONMENT_ENABLE_DB_WAL=''
+BITWARDEN_ENVIRONMENT_INVITATIONS_ALLOWED=''
+BITWARDEN_ENVIRONMENT_SHOW_PASSWORD_HINT=''
+BITWARDEN_ENVIRONMENT_SIGNUPS_ALLOWED=''
+BITWARDEN_ENVIRONMENT_SIGNUPS_VERIFY=''
+BITWARDEN_ENVIRONMENT_WEBSOCKET_ENABLE=''
+BITWARDEN_NETWORK_MODE=''
+BITWARDEN_PORT_3012=''
+BITWARDEN_PORT_80=''
+BITWARDEN_RESTART=''
+BITWARDEN_TAG=''
+
+##
+## CHROMIUM
+##
+CHROMIUM_TOKEN=''
+
+##
+## CLOUDFLARE
+##
+CLOUDFLARE_ACCOUNT_ID=''
+CLOUDFLARE_DNS_API_TOKEN=''
+CLOUDFLARE_ZONE_ID=''
+
+##
+## CLOUDFLAREDDNS
+##
+CLOUDFLAREDDNS_CONTAINER_NAME=''
+CLOUDFLAREDDNS_ENABLED=''
+CLOUDFLAREDDNS_ENVIRONMENT_APIKEY=''
+CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN=''
+CLOUDFLAREDDNS_ENVIRONMENT_ARGS=''
+CLOUDFLAREDDNS_ENVIRONMENT_DETECTION_MODE=''
+CLOUDFLAREDDNS_ENVIRONMENT_HOSTS=''
+CLOUDFLAREDDNS_ENVIRONMENT_INTERVAL=''
+CLOUDFLAREDDNS_ENVIRONMENT_LOG_LEVEL=''
+CLOUDFLAREDDNS_ENVIRONMENT_RECORDTYPES=''
+CLOUDFLAREDDNS_ENVIRONMENT_USER=''
+CLOUDFLAREDDNS_ENVIRONMENT_ZONES=''
+CLOUDFLAREDDNS_RESTART=''
+CLOUDFLAREDDNS_TAG=''
+
+##
+## CROWDSEC
+##
+CROWDSEC_API_KEY=''
+CROWDSEC_LOCAL_API_KEY=''
+
+##
+## DELUGEVPN
+##
+DELUGEVPN_CONTAINER_NAME=''
+DELUGEVPN_ENABLED=''
+DELUGEVPN_ENVIRONMENT_ENABLE_PRIVOXY=''
+DELUGEVPN_ENVIRONMENT_LAN_NETWORK=''
+DELUGEVPN_ENVIRONMENT_NAME_SERVERS=''
+DELUGEVPN_ENVIRONMENT_VPN_CLIENT=''
+DELUGEVPN_ENVIRONMENT_VPN_ENABLE=''
+DELUGEVPN_ENVIRONMENT_VPN_INPUT_PORTS=''
+DELUGEVPN_ENVIRONMENT_VPN_OPTIONS=''
+DELUGEVPN_ENVIRONMENT_VPN_OUTPUT_PORTS=''
+DELUGEVPN_ENVIRONMENT_VPN_PASS=''
+DELUGEVPN_ENVIRONMENT_VPN_PROV=''
+DELUGEVPN_ENVIRONMENT_VPN_USER=''
+DELUGEVPN_NETWORK_MODE=''
+DELUGEVPN_PORT_58846=''
+DELUGEVPN_PORT_58946=''
+DELUGEVPN_PORT_8112=''
+DELUGEVPN_PORT_8118=''
+DELUGEVPN_RESTART=''
+DELUGEVPN_TAG=''
+
+##
+## DELUGEVPN
+##
+DELUGEVPN_PASSWORD=''
+DELUGEVPN_PORT_51413=''
+DELUGEVPN_PORT_6881=''
+
+##
+## DUPLICATI
+##
+DUPLICATI_CONTAINER_NAME=''
+DUPLICATI_ENABLED=''
+DUPLICATI_NETWORK_MODE=''
+DUPLICATI_PORT_8200=''
+DUPLICATI_RESTART=''
+DUPLICATI_TAG=''
+DUPLICATI_VOLUME_BACKUPSDIR=''
+DUPLICATI_VOLUME_SOURCEDIR=''
+
+##
+## DUPLICATI
+##
+DUPLICATI_CF_TUNNEL_PASSWORD=''
+
+##
+## EMBY
+##
+EMBY_CONTAINER_NAME=''
+EMBY_ENABLED=''
+EMBY_NETWORK_MODE=''
+EMBY_PORT_8096=''
+EMBY_PORT_8920=''
+EMBY_RESTART=''
+EMBY_TAG=''
+EMBY_VOLUME_TRANSCODEDIR=''
+
+##
+## EMBY
+##
+EMBY_HOMEPAGE_API_KEY=''
+
+##
+## FLARESOLVERR
+##
+FLARESOLVERR_CONTAINER_NAME=''
+FLARESOLVERR_ENABLED=''
+FLARESOLVERR_ENVIRONMENT_CAPTCHA_SOLVER=''
+FLARESOLVERR_ENVIRONMENT_LOG_HTML=''
+FLARESOLVERR_ENVIRONMENT_LOG_LEVEL=''
+FLARESOLVERR_NETWORK_MODE=''
+FLARESOLVERR_PORT_8191=''
+FLARESOLVERR_RESTART=''
+FLARESOLVERR_TAG=''
+
+##
+## GHOST
+##
+GHOST_DB_PASSWORD=''
+GHOST_DB_USER=''
+
+##
+## GITEA
+##
+GITEA_HOMEPAGE_API_KEY=''
+GITEA_PG_DB_PASSWORD=''
+GITEA_RUNNER_REGISTRATION_TOKEN=''
+
+##
+## GLUETUN
+##
+GLUETUN_SERVER_REGIONS=''
+
+##
+## GOTIFY
+##
+GOTIFY_HOMEPAGE_CLIENT_KEY=''
+GOTIFY_PASSWORD=''
+
+##
+## GRAFANA
+##
+GRAFANA_CONTAINER_NAME=''
+GRAFANA_ENABLED=''
+GRAFANA_ENVIRONMENT_GF_INSTALL_PLUGINS=''
+GRAFANA_NETWORK_MODE=''
+GRAFANA_PORT_3000=''
+GRAFANA_RESTART=''
+GRAFANA_TAG=''
+
+##
+## GRAFANA
+##
+GRAFANA_ADMIN_PASSWORD=''
+GRAFANA_MIMIR_HTTP_AUTH_PASSWORD=''
+
+##
+## GUID
+##
+GUID=''
+
+##
+## HORTUSFOX
+##
+HORTUSFOX_ADMIN_PASSWORD=''
+HORTUSFOX_DB_PASSWORD=''
+
+##
+## HUGINN
+##
+HUGINN_CONTAINER_NAME=''
+HUGINN_ENABLED=''
+HUGINN_ENVIRONMENT_DATABASE_HOST=''
+HUGINN_ENVIRONMENT_DATABASE_NAME=''
+HUGINN_ENVIRONMENT_DATABASE_PASSWORD=''
+HUGINN_ENVIRONMENT_DATABASE_PORT=''
+HUGINN_ENVIRONMENT_DATABASE_USERNAME=''
+HUGINN_NETWORK_MODE=''
+HUGINN_PORT_3000=''
+HUGINN_RESTART=''
+HUGINN_TAG=''
+
+##
+## IN
+##
+IN_APP_KEY=''
+IN_MYSQL_PASSWORD=''
+IN_PASSWORD=''
+
+##
+## JAN
+##
+JAN_AI_S3_ACCESS_KEY=''
+JAN_AI_S3_SECRET_KEY=''
+
+##
+## JITSI
+##
+JITSI__ADMIN_DB_PASSWORD=''
+JITSI__ADMIN_JWT_SECRET=''
+JITSI__ETHERPAD_DEFAULT_PAD_TEXT=''
+JITSI__ETHERPAD_SKIN_NAME=''
+JITSI__ETHERPAD_SKIN_VARIANTS=''
+JITSI__ETHERPAD_TITLE=''
+JITSI__ETHERPAD_URL_BASE=''
+JITSI__HTTP_PORT=''
+JITSI__HTTPS_PORT=''
+JITSI__JIBRI_RECORDER_PASSWORD=''
+JITSI__JIBRI_XMPP_PASSWORD=''
+JITSI__JICOFO_AUTH_PASSWORD=''
+JITSI__JIGAGI_SIP_PASSWORD=''
+JITSI__JIGAGI_SIP_PORT=''
+JITSI__JIGAGI_SIP_SERVER=''
+JITSI__JIGAGI_SIP_TRANSPORT=''
+JITSI__JIGAGI_SIP_URI=''
+JITSI__JIGASI_XMPP_PASSWORD=''
+JITSI__JVB_AUTH_PASSWORD=''
+JITSI__PUBLIC_URL=''
+JITSI__SIP_URI=''
+JITSI__TZ=''
+JITSI__WEBSOCKET_SECRET=''
+
+##
+## JOPLIN
+##
+JOPLIN_APP_BASE_URL=''
+JOPLIN_APP_PORT=''
+JOPLIN_POSTGRES_DATABASE=''
+JOPLIN_POSTGRES_PASSWORD=''
+JOPLIN_POSTGRES_PORT=''
+JOPLIN_POSTGRES_USER=''
+JOPLIN_S3_ACCESS_KEY=''
+JOPLIN_S3_SECRET_KEY=''
+
+##
+## KEYCLOAK
+##
+KEYCLOAK_ADMIN_PASSWORD=''
+
+##
+## LAN
+##
+LAN_NETWORK=''
+
+##
+## LASTFM
+##
+LASTFM_API_KEY=''
+LASTFM_API_SECRET=''
+LASTFM_PASSWORD=''
+LASTFM_USERNAME=''
+
+##
+## LIBRESPEED
+##
+LIBRESPEED_CONTAINER_NAME=''
+LIBRESPEED_ENABLED=''
+LIBRESPEED_ENVIRONMENT_DB_HOSTNAME=''
+LIBRESPEED_ENVIRONMENT_DB_NAME=''
+LIBRESPEED_ENVIRONMENT_DB_PASSWORD=''
+LIBRESPEED_ENVIRONMENT_DB_TYPE=''
+LIBRESPEED_ENVIRONMENT_DB_USERNAME=''
+LIBRESPEED_ENVIRONMENT_PASSWORD=''
+LIBRESPEED_NETWORK_MODE=''
+LIBRESPEED_PORT_80=''
+LIBRESPEED_RESTART=''
+LIBRESPEED_TAG=''
+
+##
+## LIDARR
+##
+LIDARR_CONTAINER_NAME=''
+LIDARR_ENABLED=''
+LIDARR_NETWORK_MODE=''
+LIDARR_PORT_8686=''
+LIDARR_RESTART=''
+LIDARR_TAG=''
+
+##
+## LIDARR
+##
+LIDARR_API_KEY=''
+
+##
+## LLDAP
+##
+LLDAP_JWT_SECRET=''
+LLDAP_KEY_SEED=''
+
+##
+## LOCALAI
+##
+LOCALAI_API_KEY=''
+
+##
+## MALOJA
+##
+MALOJA_FORCE_PASSWORD=''
+
+##
+## MARIADB
+##
+MARIADB_CONTAINER_NAME=''
+MARIADB_ENABLED=''
+MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD=''
+MARIADB_NETWORK_MODE=''
+MARIADB_PORT_3306=''
+MARIADB_RESTART=''
+MARIADB_TAG=''
+
+##
+## MATTERMOST
+##
+MATTERMOST_AWS_S3_ACCESSKEY=''
+MATTERMOST_AWS_S3_SECRETKEY=''
+MATTERMOST_POSTGRES_CONNECTION_URI=''
+MATTERMOST_POSTGRES_PASSWORD=''
+
+##
+## MAYBE
+##
+MAYBE_POSTGRES_PASSWORD=''
+MAYBE_SECRET_KEY_BASE=''
+
+##
+## MEDUSAJS
+##
+MEDUSAJS_COOKIE_SECRET=''
+MEDUSAJS_JWT_TOKEN=''
+MEDUSAJS_POSTGRES_PASSWORD=''
+MEDUSAJS_S3_ACCESS_KEY=''
+MEDUSAJS_S3_SECRET_KEY=''
+
+##
+## MINIO
+##
+MINIO_MIMIR_STORAGE_ACCESS_KEY=''
+MINIO_MIMIR_STORAGE_SECRET_KEY=''
+MINIO_ROOT_PASSWORD=''
+
+##
+## MONGO
+##
+MONGO_INITDB_ROOT_PASSWORD=''
+MONGO_INITDB_ROOT_USERNAME=''
+
+##
+## NAVIDROME
+##
+NAVIDROME_PASSWORD=''
+NAVIDROME_USERNAME=''
+
+##
+## NEXTCLOUD
+##
+NEXTCLOUD_CONTAINER_NAME=''
+NEXTCLOUD_ENABLED=''
+NEXTCLOUD_NETWORK_MODE=''
+NEXTCLOUD_PORT_443=''
+NEXTCLOUD_RESTART=''
+NEXTCLOUD_TAG=''
+NEXTCLOUD_VOLUME_DATADIR=''
+
+##
+## OMBI
+##
+OMBI_CONTAINER_NAME=''
+OMBI_ENABLED=''
+OMBI_NETWORK_MODE=''
+OMBI_PORT_3579=''
+OMBI_RESTART=''
+OMBI_TAG=''
+OMBI_API_KEY=''
+
+##
+## OPENGIST
+##
+OPENGIST_GITEA_CLIENT_KEY=''
+OPENGIST_GITEA_SECRET=''
+
+##
+## PAPERLESS
+##
+PAPERLESS_DBPASS=''
+PAPERLESS_SECRET_KEY=''
+
+##
+## PLAUSIBLE
+##
+PLAUSIBLE_PG_PASSWORD=''
+PLAUSIBLE_SECRET_KEY_BASE=''
+PLAUSIBLE_TOTP_VAULT_KEY=''
+
+##
+## PODINDEX
+##
+PODINDEX_API_KEY=''
+PODINDEX_API_SECRET=''
+
+##
+## PORTAINER
+##
+PORTAINER_CONTAINER_NAME=''
+PORTAINER_ENABLED=''
+PORTAINER_NETWORK_MODE=''
+PORTAINER_PORT_9000=''
+PORTAINER_RESTART=''
+PORTAINER_TAG=''
+PORTAINER_VOLUME_DOCKER_SOCKET=''
+PORTAINER_API_KEY=''
+
+##
+## POSTAL
+##
+POSTAL_MYSQL_PASSWORD=''
+POSTAL_SMTP_AUTH_PASSWORD=''
+POSTAL_SMTP_AUTH_USER=''
+
+##
+## POSTGRES
+##
+POSTGRES_HOST=''
+POSTGRES_PASSWORD=''
+POSTGRES_USER=''
+
+##
+## PROWLARR
+##
+PROWLARR_CONTAINER_NAME=''
+PROWLARR_ENABLED=''
+PROWLARR_NETWORK_MODE=''
+PROWLARR_PORT_9696=''
+PROWLARR_RESTART=''
+PROWLARR_TAG=''
+PROWLARR_API_KEY=''
+
+##
+## RADARR
+##
+RADARR_CONTAINER_NAME=''
+RADARR_ENABLED=''
+RADARR_NETWORK_MODE=''
+RADARR_PORT_7878=''
+RADARR_RESTART=''
+RADARR_TAG=''
+
+##
+## RADARR
+##
+RADARR_API_KEY=''
+
+##
+## REACTIVE
+##
+REACTIVE_RESUME_ACCESS_TOKEN_SECRET=''
+REACTIVE_RESUME_PGSQL_PASSWORD=''
+REACTIVE_RESUME_REFRESH_TOKEN_SECRET=''
+REACTIVE_RESUME_S3_ACCESS_KEY=''
+REACTIVE_RESUME_S3_SECRET_KEY=''
+
+##
+## READARR
+##
+READARR_CONTAINER_NAME=''
+READARR_ENABLED=''
+READARR_NETWORK_MODE=''
+READARR_PORT_8787=''
+READARR_RESTART=''
+READARR_TAG=''
+READARR_API_KEY=''
+
+##
+## REMMINA
+##
+REMMINA_CF_TUNNEL_ID=''
+REMMINA_CF_TUNNEL_PASSWORD=''
+REMMINA_USER_PASSWORD=''
+
+##
+## RUSTDESK
+##
+RUSTDESK_CUSTOM_PASSWORD=''
+
+##
+## SABNZBDVPN
+##
+SABNZBDVPN_CONTAINER_NAME=''
+SABNZBDVPN_ENABLED=''
+SABNZBDVPN_ENVIRONMENT_ENABLE_PRIVOXY=''
+SABNZBDVPN_ENVIRONMENT_LAN_NETWORK=''
+SABNZBDVPN_ENVIRONMENT_NAME_SERVERS=''
+SABNZBDVPN_ENVIRONMENT_VPN_CLIENT=''
+SABNZBDVPN_ENVIRONMENT_VPN_ENABLE=''
+SABNZBDVPN_ENVIRONMENT_VPN_INPUT_PORTS=''
+SABNZBDVPN_ENVIRONMENT_VPN_OPTIONS=''
+SABNZBDVPN_ENVIRONMENT_VPN_OUTPUT_PORTS=''
+SABNZBDVPN_ENVIRONMENT_VPN_PASS=''
+SABNZBDVPN_ENVIRONMENT_VPN_PROV=''
+SABNZBDVPN_ENVIRONMENT_VPN_USER=''
+SABNZBDVPN_NETWORK_MODE=''
+SABNZBDVPN_PORT_8080=''
+SABNZBDVPN_PORT_8090=''
+SABNZBDVPN_PORT_8118=''
+SABNZBDVPN_RESTART=''
+SABNZBDVPN_TAG=''
+SABNZBDVPN_API_KEY=''
+
+##
+## SCRAPERR
+##
+SCRAPERR_SECRET_KEY=''
+
+##
+## SCRUTINY
+##
+SCRUTINY_CF_TUNNEL_PASSWORD=''
+
+##
+## SEARXNG
+##
+SEARXNG_BASE_URL=''
+
+##
+## SLSKD
+##
+SLSKD_PASSWORD=''
+
+##
+## SONARQUBE
+##
+SONARQUBE_POSTGRES_PASSWORD=''
+SONARQUBE_LDAP_BIND_PASSWORD=''
+
+##
+## SONARR
+##
+SONARR_CONTAINER_NAME=''
+SONARR_ENABLED=''
+SONARR_NETWORK_MODE=''
+SONARR_PORT_8989=''
+SONARR_RESTART=''
+SONARR_TAG=''
+SONARR_API_KEY=''
+
+##
+## SWAG
+##
+SWAG_CONTAINER_NAME=''
+SWAG_ENABLED=''
+SWAG_ENVIRONMENT_DNSPLUGIN=''
+SWAG_ENVIRONMENT_EMAIL=''
+SWAG_ENVIRONMENT_EXTRA_DOMAINS=''
+SWAG_ENVIRONMENT_ONLY_SUBDOMAINS=''
+SWAG_ENVIRONMENT_SUBDOMAINS=''
+SWAG_ENVIRONMENT_URL=''
+SWAG_ENVIRONMENT_VALIDATION=''
+SWAG_NETWORK_MODE=''
+SWAG_PORT_443=''
+SWAG_PORT_80=''
+SWAG_RESTART=''
+SWAG_TAG=''
+
+##
+## SWAG
+##
+SWAG_CF_TUNNEL_ID=''
+SWAG_CF_TUNNEL_PASSWORD=''
+SWAG_DUCKDNSTOKEN=''
+SWAG_MAXMINDDB_LICENSE_KEY=''
+
+##
+## TANDOOR
+##
+TANDOOR_API_TOKEN=''
+TANDOOR_POSTGRES_PASSWORD=''
+TANDOOR_SECRET_KEY=''
+
+##
+## TMDB
+##
+TMDB_API_KEY=''
+
+##
+## TRACCAR
+##
+TRACCAR_POSTGRES_DATABASE=''
+TRACCAR_POSTGRES_PASSWORD=''
+TRACCAR_POSTGRES_USER=''
+
+##
+## UPTIME
+##
+UPTIME_KUMA_PASSWORD=''
+UPTIME_KUMA_USERNAME=''
+
+##
+## UPTIMEKUMA
+##
+UPTIMEKUMA_CONTAINER_NAME=''
+UPTIMEKUMA_ENABLED=''
+UPTIMEKUMA_NETWORK_MODE=''
+UPTIMEKUMA_PORT_3001=''
+UPTIMEKUMA_RESTART=''
+UPTIMEKUMA_TAG=''
+
+##
+## VAULT
+##
+VAULT_HASHICORP_AWS_ACCESS_KEY_ID=''
+VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY=''
+
+##
+## VIRUS
+##
+VIRUS_TOTAL_API_KEY=''
+
+##
+## WALLABAG
+##
+WALLABAG_DB=''
+WALLABAG_DB_PASSWORD=''
+
+##
+## WATCHTOWER
+##
+WATCHTOWER_CONTAINER_NAME=''
+WATCHTOWER_ENABLED=''
+WATCHTOWER_ENVIRONMENT_CLEANUP=''
+WATCHTOWER_ENVIRONMENT_INCLUDE_STOPPED=''
+WATCHTOWER_ENVIRONMENT_MONITOR_ONLY=''
+WATCHTOWER_ENVIRONMENT_NOTIFICATION_TEMPLATE=''
+WATCHTOWER_ENVIRONMENT_NOTIFICATION_URL=''
+WATCHTOWER_ENVIRONMENT_NOTIFICATIONS=''
+WATCHTOWER_ENVIRONMENT_NOTIFICATIONS_LEVEL=''
+WATCHTOWER_ENVIRONMENT_REPO_PASS=''
+WATCHTOWER_ENVIRONMENT_REPO_USER=''
+WATCHTOWER_ENVIRONMENT_SCHEDULE=''
+WATCHTOWER_ENVIRONMENT_TIMEOUT=''
+WATCHTOWER_NETWORK_MODE=''
+WATCHTOWER_RESTART=''
+WATCHTOWER_TAG=''
+WATCHTOWER_VOLUME_DOCKER_SOCKET=''
+
+##
+## WATCHTOWER
+##
+WATCHTOWER_HTTP_API_TOKEN=''
+WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=''
+WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=''
+WATCHTOWER_NOTIFICATION_GOTIFY_URL=''
+
+##
+## WAZUH
+##
+WAZUH_API_PASSWORD=''
+WAZUH_INDEXER_PASSWORD=''
+WAZUH_KIBANA_PASSWORD=''
+WAZUH_VERSION=''
+
+##
+## YOUR
+##
+YOUR_SPOTIFY_ID=''
+YOUR_SPOTIFY_PORT_443=''
+YOUR_SPOTIFY_PORT_80=''
+YOUR_SPOTIFY_SECRET=''
+
+##
+## YOUTUBEDL
+##
+YOUTUBEDL_CONTAINER_NAME=''
+YOUTUBEDL_ENABLED=''
+YOUTUBEDL_ENVIRONMENT_CONFIG_PATH=''
+YOUTUBEDL_ENVIRONMENT_DEBUG=''
+YOUTUBEDL_NETWORK_MODE=''
+YOUTUBEDL_PORT_8080=''
+YOUTUBEDL_RESTART=''
+YOUTUBEDL_TAG=''
+
+##
+## ZAMMAD
+##
+ZAMMAD_ELASTICSEARCH_VERSION=''
+ZAMMAD_IMAGE_REPO=''
+ZAMMAD_MEMCACHE_SERVERS=''
+ZAMMAD_MEMCACHE_VERSION=''
+ZAMMAD_POSTGRES_DB=''
+ZAMMAD_POSTGRES_HOST=''
+ZAMMAD_POSTGRES_PASS=''
+ZAMMAD_POSTGRES_PORT=''
+ZAMMAD_POSTGRES_USER=''
+ZAMMAD_POSTGRES_VERSION=''
+ZAMMAD_POSTGRESQL_OPTIONS=''
+ZAMMAD_REDIS_URL=''
+ZAMMAD_REDIS_VERSION=''
+ZAMMAD_RESTART=''
+ZAMMAD_S3_ACCESS_KEY=''
+ZAMMAD_S3_SECRET_KEY=''
+ZAMMAD_VERSION=''