Removing Patchman services.

Auto Merge of PR 149 - open-webui-ollama-portracker-mods_2025-08-26T15-05-45
Merged by Trez.One
2025-08-27 06:49:23 -04:00 · 2025-08-26 15:50:24 -04:00 · 2025-08-26 15:47:12 -04:00 · 2025-08-26 15:46:58 -04:00 · 2025-08-26 15:21:32 -04:00 · 2025-08-26 19:21:11 +00:00
7 changed files with 388 additions and 371 deletions
@@ -1,4 +1,5 @@
 name: Gitea Branch PR & Ansible Deployment
+
 on:
  workflow_dispatch:
  push:
@@ -8,6 +9,7 @@ on:
      - '**.j2'
      - '**/pr-ansible-config-deployment.yaml'
      - 'ansible/**.yml'
+
 jobs:
  check-and-create-pr:
    if: github.ref != 'refs/heads/main'
@@ -15,21 +17,24 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 1
+
      - name: Cache tea CLI
        id: cache-tea
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/tea/0.9.2/x64
          key: tea-${{ runner.os }}-0.9.2
+
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
          name: 'tea'
          version: '0.9.2'
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -37,6 +42,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Check'
          notification_message: 'Checking for existing PR... 🔍'
+
      - name: Check if open PR exists
        id: check-opened-pr-step
        continue-on-error: true
@@ -44,6 +50,7 @@ jobs:
          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
+
      - name: Create PR
        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
        run: |
@@ -51,6 +58,7 @@ jobs:
          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
          pr_index_new=$(expr ${pr_index_old} + 1)
          tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -58,6 +66,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Check'
          notification_message: 'PR Created 🎟️'
+
  ansible-dry-run:
    name: Ansible Dry Run
    needs: [check-and-create-pr]
@@ -68,7 +77,8 @@ jobs:
      VAULT_NAMESPACE: ""
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
+
      - name: Cache Ansible Galaxy Collections
        uses: actions/cache@v3
        with:
@@ -76,15 +86,19 @@ jobs:
          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
          restore-keys: |
            ${{ runner.os }}-ansible-
+
      - name: Install Ansible
        uses: alex-oleshkevich/setup-ansible@v1.0.1
        with:
          version: "11.4.0"
+
      - name: Install Vault
        uses: cpanato/vault-installer@main
+
      - name: Install hvac
        run: |
          pip install hvac
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -92,6 +106,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
          notification_message: 'Starting Ansible dry run...'
+
      - name: Ansible Playbook Dry Run
        uses: dawidd6/action-ansible-playbook@v3
        with:
@@ -103,6 +118,7 @@ jobs:
          options: |
            --check
            --inventory inventory/hosts.yml
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -110,19 +126,22 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Ansible Dry Run @ Rinoa'
          notification_message: 'Ansible dry run completed successfully.'
+
  pr-merge:
    name: PR Merge
    needs: [ansible-dry-run]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
+
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
          name: 'tea'
          version: '0.9.2'
+
      - name: PR Merge
        id: pr_merge
        run: |
@@ -132,6 +151,7 @@ jobs:
          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -139,6 +159,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Merge Successful'
          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
+
  ansible-config-deploy:
    name: Ansible Config Deployment
    runs-on: ubuntu-latest
@@ -149,28 +170,34 @@ jobs:
      DOCKER_HOST: tcp://dockerproxy:2375
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          ref: main
+
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: 3.12
+
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/vault/1.18.0/x64
          key: vault-${{ runner.os }}-1.18.0
+
      - name: Install Ansible
        uses: alex-oleshkevich/setup-ansible@v1.0.1
        with:
          version: "11.4.0"
+
      - name: Install Vault
        uses: cpanato/vault-installer@main
+
      - name: Install hvac
        run: |
          pip install hvac
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -178,6 +205,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
          notification_message: 'Starting config deployment with Ansible...'
+
      - name: Ansible Playbook Config Deploy
        uses: dawidd6/action-ansible-playbook@v3
        with:
@@ -188,6 +216,7 @@ jobs:
          requirements: collections/requirements.yml
          options: |
            --inventory inventory/hosts.yml
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -1,4 +1,5 @@
 name: Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment
+
 on:
  workflow_dispatch:
  push:
@@ -8,10 +9,12 @@ on:
      - '**/docker-compose.yml'
      - '**/pr-cloudflare-docker-deploy.yml'
      - '!ansible/**.yml'
+
 env:
  FLARECTL_VERSION: '0.115.0'
  HC_VAULT_VERSION: '1.20.0'
  TEA_VERSION: '0.10.1'
+
 jobs:
  check-and-create-pr:
    if: github.ref != 'refs/heads/main'
@@ -22,18 +25,21 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
+
      - name: Cache tea CLI
        id: cache-tea
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
          key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
+
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
          name: tea
          version: ${{ env.TEA_VERSION }}
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -41,6 +47,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Check'
          notification_message: 'Checking for existing PR... 🔍'
+
      - name: Check if open PR exists
        id: check-opened-pr-step
        continue-on-error: true
@@ -48,6 +55,7 @@ jobs:
          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
+
      - name: Create PR
        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
        run: |
@@ -55,6 +63,7 @@ jobs:
          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
          pr_index_new=$(expr ${pr_index_old} + 1)
          tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -62,6 +71,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Check'
          notification_message: 'PR Created 🎟️'
+
  generate-service-list:
    name: Generate list of added/modified/deleted services
    runs-on: ubuntu-latest
@@ -69,11 +79,14 @@ jobs:
    outputs:
      svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
    steps:
+
      - name: Checkout
        uses: actions/checkout@v4
+
      - name: Fetch base branch
        run: |
          git fetch origin ${{ github.event.pull_request.base.ref }}
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -81,10 +94,12 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Services TBD'
          notification_message: 'Generating list of services to deploy...'
+
      - name: Save both versions of docker-compose.yml
        run: |
          git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
          cp docker-compose.yml docker-compose-head.yml
+
      - name: Detect added, deleted, and modified services
        id: detect_services
        run: |
@@ -114,9 +129,11 @@ jobs:
          echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
          echo "$mod_svcs" >> "$GITHUB_OUTPUT"
          echo "EOF" >> "$GITHUB_OUTPUT"
+
      - name: List of Services for (Re)Deployment
        run: |
          echo -e "${{ steps.detect_services.outputs.docker_svc_list }}"
+
  docker-compose-dry-run:
    name: Docker Compose Dry Run
    needs: [generate-service-list]
@@ -130,20 +147,24 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
+
      - name: Login to Gitea Container Registry
        run: |
          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
+
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
          key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
+
      - name: Install Vault (only if not cached)
        if: steps.cache-vault.outputs.cache-hit != 'true'
        uses: cpanato/vault-installer@main
        with:
          version: ${{ env.HC_VAULT_VERSION }}
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -151,10 +172,12 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
          notification_message: 'Starting Docker Compose dry run...'
+
      - name: Generate .env file for Docker Compose
        run: |
          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
          echo ${DOCKER_SVC_LIST}
+
      - name: Docker Compose Dry Run
        uses: hoverkraft-tech/compose-action@v2.2.0
        env:
@@ -165,6 +188,7 @@ jobs:
          up-flags: -d --remove-orphans --dry-run
          down-flags: --dry-run
          compose-flags: --dry-run
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -172,6 +196,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
          notification_message: 'Docker Compose dry run completed successfully.'
+
  cloudflare-dns-setup:
    name: Cloudflare DNS Setup
    needs: [docker-compose-dry-run]
@@ -181,17 +206,20 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
+
      - name: Cache flarectl CLI
        uses: actions/cache@v4
        with:
          path: ~/.flarectl
          key: flarectl-${{ runner.os }}-${{ env.FLARECTL_VERSION }}-${{ hashFiles('workflow-config.yml') }}
+
      - name: Install flarectl
        uses: supplypike/setup-bin@v4
        with:
          uri: https://github.com/cloudflare/cloudflare-go/releases/download/v${{ env.FLARECTL_VERSION }}/flarectl_${{ env.FLARECTL_VERSION }}_linux_amd64.tar.gz
          name: flarectl
          version: ${{ env.FLARECTL_VERSION }}
+
      - name: Cache Subdomain Files
        uses: actions/cache@v4
        with:
@@ -199,6 +227,7 @@ jobs:
            compose_subdomains.txt
            cloudflare_subdomains.txt
          key: ${{ runner.os }}-subdomains-${{ hashFiles('docker-compose.yml') }}
+
      - name: Grab Subdomains from Docker Compose & Cloudflare
        id: grab-subdomains
        env:
@@ -214,6 +243,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Cloudflare Setup @ Rinoa'
          notification_message: 'Starting Cloudflare DNS setup...'
+
      - name: Compare Subdomains
        id: compare-subdomains
        uses: LouisBrunner/diff-action@v2.2.0
@@ -223,6 +253,7 @@ jobs:
          mode: addition
          tolerance: mixed-better
          output: domain_compare.txt
+
      - name: Create Subdomains
        if: steps.compare-subdomains.outputs.output != ''
        continue-on-error: true
@@ -234,6 +265,7 @@ jobs:
            echo "Creating $subdomain.trez.wtf..."
            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf" --proxy true
          done
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -241,6 +273,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Cloudflare Setup @ Rinoa'
          notification_message: 'Cloudflare DNS setup completed successfully.'
+
  regenerate-readme-modified-services:
    name: Update README & Generate List of Modified Services
    runs-on: ubuntu-latest
@@ -248,8 +281,10 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
+
      - name: Install yq
        uses: dcarbone/install-yq-action@v1
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -257,25 +292,30 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: README Update'
          notification_message: 'Updating README...'
+
      - name: Generate service list
        run: |
          yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
+
      - name: Generate Markdown Table
        uses: gazab/create-markdown-table@v1
        id: service-table
        with:
          file: ./services.yml
+
      - name: Regenerate README
        run: |
          echo "# List of Services" > README.md
          echo -e "\n\n" >> README.md
          echo "${{ steps.service-table.outputs.table }}" >> README.md
+
      - name: Add/Commit README.md
        id: commit-readme
        uses: EndBug/add-and-commit@v9
        with:
          message: "chore: Update README"
          add: "README.md"
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -283,6 +323,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: README Update'
          notification_message: 'README updated'
+
  pr-merge:
    name: PR Merge
    needs: [regenerate-readme-modified-services]
@@ -290,18 +331,21 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
+
      - name: Cache tea CLI
        id: cache-tea
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
          key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
+
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
          name: tea
          version: ${{ env.TEA_VERSION }}
+
      - name: PR Merge
        id: pr_merge
        run: |
@@ -311,6 +355,7 @@ jobs:
          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -318,6 +363,7 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Merge Successful'
          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
+
  docker-compose-deploy:
    name: Docker Compose Deployment
    runs-on: ubuntu-latest
@@ -333,20 +379,24 @@ jobs:
        uses: actions/checkout@v4
        with:
          ref: main
+
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
          key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
+
      - name: Install Vault (only if not cached)
        if: steps.cache-vault.outputs.cache-hit != 'true'
        uses: cpanato/vault-installer@main
        with:
          version: ${{ env.HC_VAULT_VERSION }}
+
      - name: Login to Gitea Container Registry
        run: |
          docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -354,10 +404,12 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Docker Compose Deployment @ Rinoa'
          notification_message: 'Starting Docker Compose run...'
+
      - name: Generate .env file for deployment
        run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
           echo ${DOCKER_SVC_LIST}
+
      - name: Docker Compose Deployment
        uses: hoverkraft-tech/compose-action@v2.2.0
        env:
@@ -367,6 +419,7 @@ jobs:
            ${{ needs.generate-service-list.outputs.svc_deploy_list }}
          up-flags: -d --remove-orphans
          down-flags: --dry-run
+
      - name: Docker Compose Healthcheck
        uses: jaracogmbh/docker-compose-health-check-action@v1.0.0
        with:
@@ -375,6 +428,7 @@ jobs:
          compose-file: "docker-compose.yml"
          skip-exited: "true"
          skip-no-healthcheck: "true"
+
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
@@ -1,10 +1,13 @@
 name: Auto-Unseal for Vault
+
 on:
  workflow_dispatch:
  schedule:
    - cron: '30 5 * * *'
+
 env:
  HC_VAULT_VERSION: '1.20.0'
+
 jobs:
  auto-unseal:
    name: Unseal Vault
@@ -22,22 +25,26 @@ jobs:
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: HC Vault @ Rinoa'
          notification_message: 'Hashicorp Vault unsealing started... 🔐'
+
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
          key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
+
      - name: Install Vault (only if not cached)
        if: steps.cache-vault.outputs.cache-hit != 'true'
        uses: cpanato/vault-installer@main
        with:
          version: ${{ env.HC_VAULT_VERSION }}
+
      - name: Unseal Vault
        run: |
          for vault_shard in $VAULT_SHARDS; do
            vault operator unseal -address="${VAULT_ADDR}" -non-interactive "${vault_shard}"
          done
+
      - name: Vault Unseal Completion
        uses: eikendev/gotify-action@master
        with:
@@ -10,6 +10,8 @@
 | apprise-api | lscr.io/linuxserver/apprise-api:latest |
 | archivebox | archivebox/archivebox:latest |
 | argus | quay.io/argus-io/argus:latest |
+| asciinema | ghcr.io/asciinema/asciinema-server:latest |
+| asciinema-pg-db | postgres:14-alpine |
 | audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
 | authelia | authelia/authelia:master |
 | authelia-pg | postgres:16-alpine |
@@ -50,10 +52,11 @@
 | garage | dxflrs/garage:v2.0.0 |
 | garage-webui | khairul169/garage-webui:latest |
 | ghost | ghost:latest |
-| gitea | gitea/gitea:1.24.3 |
+| gitea | gitea/gitea:1.24.5 |
 | gitea-db | postgres:14 |
 | gitea-runner | gitea/act_runner:latest |
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
+| gitignore-io | guog/gitignore.io:latest |
 | gluetun | qmcgaw/gluetun:latest |
 | gotify | gotify/server |
 | graylog | graylog/graylog:6.1 |
@@ -86,10 +89,6 @@
 | joplin | joplin/server:latest |
 | karakeep | ghcr.io/karakeep-app/karakeep:release |
 | languagetool | elestio/languagetool:latest |
-| librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
-| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
-| librechat-valkey | docker.io/bitnami/valkey:latest |
-| librechat-vectordb | ankane/pgvector:latest |
 | libretranslate | libretranslate/libretranslate |
 | lidarr | lscr.io/linuxserver/lidarr:latest |
 | lidify | thewicklowwolf/lidify:latest |
@@ -121,10 +120,15 @@
 | navidrome | deluan/navidrome:latest |
 | netalertx | jokobsk/netalertx:latest |
 | nextcloud | nextcloud/all-in-one:latest |
-| ollama | ollama/ollama |
+| nocodb | nocodb/nocodb:latest |
+| nocodb-pg-db | postgres:16-alpine |
+| nocodb-valkey | docker.io/bitnami/valkey:latest |
+| ollama | ollama/ollama:latest |
 | ombi | lscr.io/linuxserver/ombi:latest |
 | omnitools | iib0011/omni-tools:latest |
 | omnipoly | kweg/omnipoly:latest |
+| open-webui | ghcr.io/open-webui/open-webui:main |
+| open-webui-valkey | docker.io/bitnami/valkey:latest |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | paperless-valkey | docker.io/bitnami/valkey:latest |
 | patchman-server | ghcr.io/tigattack/patchman |
@@ -136,8 +140,6 @@
 | penpot-exporter | penpotapp/exporter:latest |
 | penpot-pg-db | postgres:15-alpine |
 | penpot-redis | redis:7.2 |
-| pgbackweb | eduardolat/pgbackweb:latest |
-| pgbackweb-db | postgres:16-alpine |
 | planka | ghcr.io/plankanban/planka:2.0.0-rc.3 |
 | planka-pg-db | postgres:16-alpine |
 | plant-it | msdeluise/plant-it-server:latest |
@@ -146,9 +148,7 @@
 | portainer | portainer/portainer-ce:alpine |
 | portchecker-web | ghcr.io/dsgnr/portcheckerio-web:latest |
 | portchecker-api | ghcr.io/dsgnr/portcheckerio-api:latest |
-| portnote-web | haedlessdev/portnote:latest |
-| portnote-agent | haedlessdev/portnote-agent:latest |
-| portnote-pg-db | postgres:17-alpine |
+| portracker | mostafawahied/portracker:latest |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
 | postal-worker | ghcr.io/postalserver/postal:latest |
@@ -187,8 +187,7 @@
 | soularr-dashboard | git.trez.wtf/trez.one/soularr-dashboard:v0.1 |
 | soulseek | slskd/slskd |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
-| stable-diffusion-download | git./trez.one/stable-diffusion-download:v9.0.0 |
-| stable-diffusion-webui | git./trez.one/stable-diffusion-ui:v9.0.1 |
+| stable-diffusion-webui | ghcr.io/neggles/sd-webui-docker:latest |
 | stirling-pdf | docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest |
 | swag | lscr.io/linuxserver/swag:latest |
 | tandoor | vabene1111/recipes |
@@ -15,7 +15,7 @@ showStats: false
 statusStyle: "dot"
 favicon: /icons/favicon.ico
 useEqualHeights: true
-hideErrors: false
+hideErrors: true
 searchDescriptions: true
 showSearchSuggestions: true
 provider: duckduckgo
@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  31616264333530373062366539333738643937326562616130636266646532653862663966663862
-  6336343130363932316237373939656530663339383061360a626433656432633734363635313236
-  36646161663939393035333066656435663064313031636430386163653438336165663432393563
-  3032316331653662310a653930623965303835396239383663306438633738356563633834623036
-  35616132656166663233613937346364343439306561306661633239623837373564323430386635
-  31663762303234326363643262633761363661656538373333396139376132303564336635623632
-  30303166336432653038333733386334323262623736626435623933653035363035383930366166
-  64376639396664303034656533656339363436306638396462333230636136396538303638323338
-  3138
+  $ANSIBLE_VAULT;1.2;AES256
+  66306233356534393231373064633939646434316262343431663466653262646431633737343432
+  3364626261356234333233383433316233663866653466390a323733663932316434373038336466
+  36313462356238336638326135363263393863343939313534336134633037643563373837663263
+  3963323538636336360a313564316137333665353565623332623666373066316561323738626336
+  37616537616561336661313763386163643230643731396131373232343038323365626238366430
+  39613835383461393232613730353133343337303838646131353034613966393865346433386133
+  32373161306534396330656531353831356430633038333339326564666464663534363164663130
+  31316665343032396361383534373365613632616436343566323165383166356131636162626339
+  6336
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"
@@ -13,87 +13,6 @@ x-jitsi-admin: &jitsi_admin_app
    PHP_INI_MEMORY_LIMIT: "1G"
    PHP_EXTENSION_LDAP: 1
    PHP_EXTENSION_INTL: 1
-x-librechat: &librechat-env
-  ALLOW_EMAIL_LOGIN: true
-  ALLOW_PASSWORD_RESET: false
-  ALLOW_REGISTRATION: true
-  ALLOW_SHARED_LINKS_PUBLIC: true
-  ALLOW_SHARED_LINKS: true
-  ALLOW_SOCIAL_LOGIN: false
-  ALLOW_SOCIAL_REGISTRATION: false
-  ALLOW_UNVERIFIED_EMAIL_LOGIN: true
-  ANTHROPIC_API_KEY: ${LIBRECHAT_ANTHROPIC_API_KEY}
-  ANTHROPIC_MODELS: claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
-  APPLE_CALLBACK_URL: /oauth/apple/callback
-  APP_TITLE: LibreChat
-  BAN_DURATION: 1000 * 60 * 60 * 2
-  BAN_INTERVAL: 20
-  BAN_VIOLATIONS: true
-  CHECK_BALANCE: false
-  CONCURRENT_MESSAGE_MAX: 2
-  CONCURRENT_VIOLATION_SCORE: 1
-  CONSOLE_JSON: true
-  CREDS_IV: ${LIBRECHAT_CREDS_IV}
-  CREDS_KEY: ${LIBRECHAT_CREDS_KEY}
-  DB_HOST: librechat-vectordb
-  DEBUG_CONSOLE: false
-  DEBUG_LOGGING: true
-  DEBUG_OPENAI: false
-  DEEPSEEK_API_KEY: ${LIBRECHAT_DEEPSEEK_API_KEY}
-  DISCORD_CALLBACK_URL: /oauth/discord/callback
-  DOMAIN_CLIENT: https://ai.${MY_TLD}
-  DOMAIN_SERVER: https://ai.${MY_TLD}
-  EMAIL_FROM: noreply@librechat.ai
-  EMAIL_HOST: postal-smtp
-  EMAIL_PORT: 25
-  FACEBOOK_CALLBACK_URL: /oauth/facebook/callback
-  GITHUB_CALLBACK_URL: /oauth/github/callback
-  GOOGLE_CALLBACK_URL: /oauth/google/callback
-  HELP_AND_FAQ_URL: https://librechat.ai
-  HOST: 0.0.0.0
-  ILLEGAL_MODEL_REQ_SCORE: 5
-  JWT_REFRESH_SECRET: ${LIBRECHAT_JWT_REFRESH_SECRET}
-  JWT_SECRET: ${LIBRECHAT_JWT_SECRET}
-  LIMIT_CONCURRENT_MESSAGES: true
-  LIMIT_MESSAGE_IP: true
-  LIMIT_MESSAGE_USER: false
-  LOGIN_MAX: 7
-  LOGIN_VIOLATION_SCORE: 1
-  LOGIN_WINDOW: 5
-  MEILI_HOST: http://meilisearch:7700
-  MEILI_MASTER_KEY: ${MEILISEARCH_MASTER_KEY}
-  MEILI_NO_ANALYTICS: true
-  MESSAGE_IP_MAX: 40
-  MESSAGE_IP_WINDOW: 1
-  MESSAGE_USER_MAX: 40
-  MESSAGE_USER_WINDOW: 1
-  MESSAGE_VIOLATION_SCORE: 1
-  MISTRAL_API_KEY: ${LIBRECHAT_MISTRAL_API_KEY}
-  MONGO_URI: mongodb://librechat:${LIBRECHAT_MONGODB_PASSWORD}@mongodb:27017/librechat?replicaSet=rinoa
-  NO_INDEX: true
-  NON_BROWSER_VIOLATION_SCORE: 20
-  OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
-  OPENAI_MODELS: o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
-  OPENAI_MODERATION: false
-  OPENID_CALLBACK_URL: /oauth/openid/callback
-  OPENID_SCOPE: "openid profile email"
-  OPENWEATHER_API_KEY: ${HOMEPAGE_OPENWEATHERMAP_API_KEY}
-  PORT: 3080
-  POSTGRES_DB: librechat
-  POSTGRES_PASSWORD: ${LIBRECHAT_PG_DB_PASSWD}
-  POSTGRES_USER: librechat
-  RAG_PORT: 8000
-  REDIS_PREFIX: librechat_
-  REDIS_URI: librechat-valkey:6379
-  REFRESH_TOKEN_EXPIRY: (1000 * 60 * 60 * 24) * 7
-  REGISTER_MAX: 5
-  REGISTER_WINDOW: 60
-  REGISTRATION_VIOLATION_SCORE: 1
-  SD_WEBUI_URL: http://stable-diffusion-webui:7860
-  SEARCH: true
-  SESSION_EXPIRY: 1000 * 60 * 15
-  TRUST_PROXY: 1
-  USE_REDIS: false
 x-maxun: &maxun-env
  environment:
    NODE_ENV: production
@@ -452,6 +371,66 @@ services:
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/argus/config.yml:/app/config.yml
      - ${DOCKER_VOLUME_CONFIG}/argus/:/app/data/
+  asciinema:
+    container_name: asciinema
+    depends_on:
+      asciinema-pg-db:
+        condition: service_healthy
+        required: true
+    environment:
+      DATABASE_URL: postgresql://asciinema:${ASCIINEMA_PG_DB_PASSWORD}@asciinema-pg-db:5432/asciinema
+      DEFAULT_AVATAR: gravatar
+      MAIL_FROM_ADDRESS: noreply@${MY_TLD}
+      SECRET_KEY_BASE: ${ASCIINEMA_SECRET_KEY_BASE}
+      SIGN_UP_DISABLED: true
+      SMTP_HOST: postal-smtp
+      SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
+      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      SMTP_PORT: 25
+      UPLOAD_AUTH_REQUIRED: true
+      URL_HOST: asciinema.trez.wtf
+      URL_PORT: 4000
+      URL_SCHEME: https
+    image: ghcr.io/asciinema/asciinema-server:latest
+    labels:
+      homepage.group: Code/DevOps
+      homepage.name: Asciinema
+      homepage.href: https://asciinema.${MY_TLD}
+      homepage.icon: asciinema.svg
+      homepage.description: Platform for hosting and sharing terminal session recordings
+      swag: enable
+      swag_port: 4000
+      swag_proto: http
+      swag_url: asciinema.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.name: Asciinema
+      swag.uptime-kuma.monitor.url: https://asciinema.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+      swag.uptime-kuma.monitor.retryInterval: 60
+      swag.uptime-kuma.monitor.maxretries: 5
+    ports:
+      - 4000:4000
+      - 4002:4002
+    restart: unless-stopped
+    volumes:
+      - asciinema-data:/var/opt/asciinema
+  asciinema-pg-db:
+    container_name: asciinema-pg-db
+    environment:
+      POSTGRES_PASSWORD: ${ASCIINEMA_PG_DB_PASSWORD}
+      POSTGRES_USER: asciinema
+      POSTGRES_DB: asciinema
+    expose:
+      - 5432
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -U asciinema']
+      interval: 2s
+      timeout: 5s
+      retries: 10
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - asciinema-pg-data:/var/lib/postgresql/data
  audiobookshelf:
    container_name: audiobookshelf
    environment:
@@ -1221,6 +1200,7 @@ services:
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 31037:8080
+    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/dagu/:/dagu
      - /var/run/docker.sock:/var/run/docker.sock
@@ -1420,11 +1400,7 @@ services:
    privileged: true
    restart: unless-stopped
    volumes:
-      - bind:
-          create_host_path: true
-        source: /var/run/docker.sock
-        target: /var/run/docker.sock
-        type: bind
+      - /var/run/docker.sock:/var/run/docker.sock
  dockflare:
    container_name: dockflare
    environment:
@@ -1785,7 +1761,7 @@ services:
      GITEA__mailer__SMTP_PORT: 25
      GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
      GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
-    image: gitea/gitea:1.24.3
+    image: gitea/gitea:1.24.5
    labels:
      cloudflare.tunnel.enable: true
      cloudflare.tunnel.hostname: git-ssh.${MY_TLD}
@@ -1886,6 +1862,27 @@ services:
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/
+  gitignore-io:
+    container_name: gitignore-io
+    image: guog/gitignore.io:latest
+    labels:
+      homepage.group: Code/DevOps
+      homepage.name: gitignore-io
+      homepage.href: https://gitignore.${MY_TLD}
+      homepage.icon: /icons/gitignore-io.svg
+      homepage.description: .gitignore generator
+      swag: enable
+      swag_url: gitignore.${MY_TLD}
+      swag_address: gitignore-io
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.name: gitignore-io
+      swag.uptime-kuma.monitor.url: https://gitignore.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+      swag.uptime-kuma.monitor.retryInterval: 60
+      swag.uptime-kuma.monitor.maxretries: 5
+    ports:
+      - 14822:8080
+    restart: unless-stopped
  gluetun:
    cap_add:
      - NET_ADMIN
@@ -3232,68 +3229,6 @@ services:
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/languagetool/:/opt/languagetool/langModel
-  librechat-api:
-    container_name: librechat-api
-    depends_on:
-      - mongodb
-      - librechat-rag-api
-    environment:
-      << : *librechat-env
-      RAG_PORT: 8000
-      RAG_API_URL: http://librechat-rag-api:8000
-    image: ghcr.io/danny-avila/librechat-dev:latest
-    labels:
-      homepage.group: Personal Tools
-      homepage.name: LibreChat
-      homepage.href: https://ai.${MY_TLD}
-      homepage.icon: sh-librechat.svg
-      homepage.description: Local AI chat
-      swag: enable
-      swag_port: 3080
-      swag_proto: http
-      swag_url: ai.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.name: LibreChat
-      swag.uptime-kuma.monitor.url: https://ai.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-      swag.uptime-kuma.monitor.retryInterval: 60
-      swag.uptime-kuma.monitor.maxretries: 5
-    ports:
-      - 3080:3080
-    restart: always
-    user: ${PUID}:${PGID}
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/librechat/librechat.env:/app/.env
-      - ${DOCKER_VOLUME_CONFIG}/librechat/librechat.yaml:/app/librechat.yaml
-      - ${DOCKER_VOLUME_CONFIG}/librechat/images:/app/client/public/images
-      - ${DOCKER_VOLUME_CONFIG}/librechat/uploads:/app/uploads
-      - ${DOCKER_VOLUME_CONFIG}/librechat/logs:/app/api/logs
-  librechat-rag-api:
-    container_name: librechat-rag-api
-    depends_on:
-      - librechat-vectordb
-    environment:
-      << : *librechat-env
-      RAG_PORT: 8000
-    image: ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest
-    restart: always
-  librechat-valkey:
-    container_name: librechat-valkey
-    << : *valkey-params
-    volumes:
-      - librechat-valkey-data:/data/valkey
-  librechat-vectordb:
-    container_name: librechat-vectordb
-    environment:
-      POSTGRES_DB: librechat
-      POSTGRES_USER: librechat
-      POSTGRES_PASSWORD: ${LIBRECHAT_PG_DB_PASSWD}
-    expose:
-      - 5432
-    image: ankane/pgvector:latest
-    restart: always
-    volumes:
-      - librechat-pg-data:/var/lib/postgresql/data
  libretranslate:
    container_name: libretranslate
    environment:
@@ -4180,9 +4115,75 @@ services:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+  nocodb:
+    container_name: nocodb
+    depends_on:
+      nocodb-pg-db:
+        condition: service_healthy
+        required: true
+      nocodb-valkey:
+        condition: service_healthy
+        required: true
+    environment:
+      NC_DB: pg://nocodb-pg-db:5432?u=nocodb&p=${NOCODB_PG_PASSWORD}&d=nocodb
+      NC_ADMIN_EMAIL: noreply@${MY_TLD}
+      NC_ADMIN_PASSWORD: ${NOCODB_ADMIN_PASSWORD}
+      NC_PUBLIC_URL: https://nocodb.${MY_TLD}
+      NC_AUTH_JWT_SECRET: ${NOCODB_AUTH_JWT_SECRET}
+      NC_REDIS_URL: redis://nocodb-valkey:6379
+      NC_SMTP_HOST: postal-smtp
+      NC_SMTP_PORT: 25
+      NC_SMTP_SECURE: true
+      NC_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
+      NC_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      NC_SMTP_FROM: noreply@${MY_TLD}
+    image: "nocodb/nocodb:latest"
+    labels:
+      homepage.group: Code/DevOps
+      homepage.name: NocoDB
+      homepage.href: https://nocodb.${MY_TLD}
+      homepage.icon: nocodb.svg
+      homepage.description: Turn any SQL-based database into a smart spreadsheet
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_url: nocodb.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.name: NocoDB
+      swag.uptime-kuma.monitor.url: https://nocodb.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+      swag.uptime-kuma.monitor.retryInterval: 60
+      swag.uptime-kuma.monitor.maxretries: 5
+    ports:
+      - 8946:8080
+    restart: unless-stopped
+    volumes:
+      - nocodb_data:/usr/app/data
+  nocodb-pg-db:
+    container_name: nocodb-pg-db
+    environment:
+      POSTGRES_DB: nocodb
+      POSTGRES_PASSWORD: ${NOCODB_PG_PASSWORD}
+      POSTGRES_USER: nocodb
+    expose:
+      - 5432
+    healthcheck:
+      interval: 10s
+      retries: 10
+      test: "pg_isready -U \"$$POSTGRES_USER\" -d \"$$POSTGRES_DB\""
+      timeout: 2s
+    image: postgres:16-alpine
+    restart: unless-stopped
+    volumes:
+      - nocodb_pg_data:/var/lib/postgresql/data
+  nocodb-valkey:
+    container_name: nocodb-valkey
+    << : *valkey-params
+    volumes:
+      - nocodb_valkey_data:/data/valkey
  ollama:
    container_name: ollama
-    image: ollama/ollama
+    image: ollama/ollama:latest
    ports:
      - 11434:11434
    restart: unless-stopped
@@ -4288,6 +4289,76 @@ services:
    ports:
      - 3734:80
    restart: unless-stopped
+  open-webui:
+    container_name: open-webui
+    depends_on:
+      ollama:
+        condition: service_started
+        required: true
+      stable-diffusion-webui:
+        condition: service_started
+        required: true
+    environment:
+      OLLAMA_BASE_URLS: http://ollama:11434;http://192.168.1.252:11434
+      WEBUI_AUTH: false
+      ENABLE_IMAGE_GENERATION: "true"
+      AUTOMATIC1111_BASE_URL: http://stable-diffusion-webui:7860
+      IMAGE_SIZE: "1024x1024"
+      IMAGE_STEPS: "3"
+      ENABLE_OTEL: true
+      ENABLE_OTEL_METRICS: true
+      OTEL_EXPORTER_OTLP_INSECURE: true # Use insecure connection for OTLP, remove in production
+      OTEL_EXPORTER_OTLP_ENDPOINT: http://signoz-otel-collector:4317
+      OTEL_SERVICE_NAME: open-webui
+      ENABLE_RAG_WEB_SEARCH: True
+      RAG_WEB_SEARCH_ENGINE: searxng
+      RAG_WEB_SEARCH_RESULT_COUNT: 3
+      RAG_WEB_SEARCH_CONCURRENT_REQUESTS: 10
+      SEARXNG_QUERY_URL: "http://searxng:8080/search?q=<query>"
+      # LibreTranslate
+      LT_DEBUG: false
+      LT_UPDATE_MODELS: true
+      LT_SSL: false
+      LT_SUGGESTIONS: false
+      LT_METRICS: false
+      LT_HOST: http://libretranslate:5000
+      LT_API_KEYS: false
+      LT_THREADS: 12
+      LT_FRONTEND_TIMEOUT: 2000
+      # Redis Websocket
+      ENABLE_WEBSOCKET_SUPPORT: true
+      WEBSOCKET_MANAGER: redis
+      WEBSOCKET_REDIS_URL: redis://open-webui-valkey:6379/0
+      REDIS_KEY_PREFIX: open-webui
+    image: ghcr.io/open-webui/open-webui:main
+    labels:
+      homepage.group: Personal Tools
+      homepage.name: Open WebUI
+      homepage.href: https://ai.${MY_TLD}
+      homepage.icon: open-webui.svg
+      homepage.description: User-friendly and extensible AI interface
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_auth: authelia
+      swag_url: ai.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.name: Open WebUI
+      swag.uptime-kuma.monitor.url: https://ai.${MY_TLD}/health
+      swag.uptime-kuma.monitor.interval: 300
+      swag.uptime-kuma.monitor.retryInterval: 60
+      swag.uptime-kuma.monitor.maxretries: 5
+      swag.uptime-kuma.monitor.type: https
+    ports:
+      - 3080:8080
+    restart: unless-stopped
+    volumes:
+      - open-webui-data:/app/backend/data
+  open-webui-valkey:
+    container_name: open-webui-valkey
+    << : *valkey-params
+    volumes:
+      - open-webui-valkey-data:/data/valkey
  paperless-ngx:
    container_name: paperless-ngx
    depends_on:
@@ -4355,82 +4426,6 @@ services:
    << : *valkey-params
    volumes:
      - paperless-valkey-data:/data/valkey
-  patchman-server:
-    command: server
-    container_name: patchman-server
-    depends_on:
-      mariadb:
-        condition: service_healthy
-        required: true
-      patchman-memcached:
-        condition: service_healthy
-        required: true
-    environment:
-      ADMIN_USERNAME: admin
-      ADMIN_EMAIL: noreply@${MY_TLD}
-      SECRET_KEY: ${PATCHMAN_SECRET_KEY}
-      DB_ENGINE: mysql
-      DB_HOST: mariadb
-      DB_NAME: patchman
-      DB_USER: patchman
-      DB_PASSWORD: ${PATCHMAN_DB_PASSWORD}
-      PATCHMAN_MAINTENANCE_ENABLED: true
-      PATCHMAN_MAINTENANCE_SCHEDULE: '@daily'
-    image: ghcr.io/tigattack/patchman
-    labels:
-      homepage.group: System Administration
-      homepage.name: Patchman
-      homepage.href: https://patch.${MY_TLD}
-      homepage.icon: mdi-update
-      homepage.description: Open-source design and prototyping platform
-      swag: enable
-      swag_port: 80
-      swag_proto: http
-      swag_url: patch.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.name: Patchman
-      swag.uptime-kuma.monitor.url: https://patch.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-      swag.uptime-kuma.monitor.retryInterval: 60
-      swag.uptime-kuma.monitor.maxretries: 5
-    ports: [2939:80]
-    restart: unless-stopped
-  patchman-worker:
-    command: worker
-    container_name: patchman-worker
-    depends_on:
-      patchman-valkey:
-        condition: service_healthy
-        required: true
-    environment:
-      ADMIN_USERNAME: admin
-      ADMIN_EMAIL: noreply@${MY_TLD}
-      SECRET_KEY: ${PATCHMAN_SECRET_KEY}
-      DB_ENGINE: mysql
-      DB_HOST: mariadb
-      DB_NAME: patchman
-      DB_USER: patchman
-      DB_PASSWORD: ${PATCHMAN_DB_PASSWORD}
-      PATCHMAN_MAINTENANCE_ENABLED: true
-      PATCHMAN_MAINTENANCE_SCHEDULE: '@daily'
-    image: ghcr.io/tigattack/patchman
-    restart: unless-stopped
-  patchman-memcached:
-    container_name: patchman-memcached
-    healthcheck:
-      test:
-        - "CMD-SHELL"
-        - "echo version | nc -vn -w 1 127.0.0.1 11211"
-      start_period: 5s
-      timeout: 2s
-      interval: 10s
-    image: memcached:1.6-alpine
-    restart: unless-stopped
-  patchman-valkey:
-    container_name: patchman-valkey
-    << : *valkey-params
-    volumes:
-      - patchman-valkey-data:/data/valkey
  penpot-frontend:
    container_name: penpot-frontend
    depends_on:
@@ -4531,52 +4526,6 @@ services:
      retries: 5
      start_period: 3s
    restart: always
-  pgbackweb:
-    container_name: pgbackweb
-    depends_on:
-      pgbackweb-db:
-        condition: service_healthy
-    environment:
-      PBW_ENCRYPTION_KEY: ${PGBACKWEB_ENCRYPTION_KEY}
-      PBW_POSTGRES_CONN_STRING: "postgresql://pgbackweb:${PGBACKWEB_PG_DB_PASSWD}@pgbackweb-db:5432/pgbackweb?sslmode=disable"
-      TZ: ${TZ}
-    image: eduardolat/pgbackweb:latest
-    labels:
-      homepage.group: System Administration
-      homepage.name: PG Back Web
-      homepage.href: https://pg.${MY_TLD}
-      homepage.icon: sh-pg-back-web.svg
-      homepage.description: Backups for PostgreSQL
-      swag: enable
-      swag_proto: http
-      swag_port: 8085
-      swag_url: pg.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.name: PG Back Web
-      swag.uptime-kuma.monitor.url: https://pg.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-      swag.uptime-kuma.monitor.retryInterval: 60
-      swag.uptime-kuma.monitor.maxretries: 5
-    ports:
-      - "8085:8085" # Access the web interface at http://localhost:8085
-    restart: unless-stopped
-  pgbackweb-db:
-    container_name: pgbackweb-db
-    environment:
-      POSTGRES_USER: pgbackweb
-      POSTGRES_DB: pgbackweb
-      POSTGRES_PASSWORD: ${PGBACKWEB_PG_DB_PASSWD}
-    expose:
-      - 5432
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
-    image: postgres:16-alpine
-    restart: unless-stopped
-    volumes:
-      - pgbackweb-data:/var/lib/postgresql/data
  planka:
    container_name: planka
    depends_on:
@@ -4819,61 +4768,43 @@ services:
    ports:
      - 36102:8000
    restart: unless-stopped
-  portnote-web:
-    container_name: portnote
-    depends_on:
-      portnote-pg-db:
-        condition: service_started
-        required: true
-        restart: true
+  portracker:
+    cap_add:
+      - SYS_PTRACE
+      - SYS_ADMIN
+    container_name: portracker
    environment:
-      JWT_SECRET: ${PORTNOTE_JWT_SECRET} # Replace with a secure random string
-      USER_SECRET:  ${PORTNOTE_USER_SECRET} # Replace with a secure random string
-      LOGIN_USERNAME: portnote # Replace with a username
-      LOGIN_PASSWORD: ${PORTNOTE_LOGIN_PASSWORD} # Replace with a custom password
-      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
-    image: haedlessdev/portnote:latest
+      DATABASE_PATH: /data/portracker.db
+      DEBUG: false
+      PORT: 4999
+    image: mostafawahied/portracker:latest
    labels:
      swag: enable
+      swag_auth: authelia
      swag_proto: http
-      swag_port: 3000
+      swag_port: 4999
      swag_url: ports.${MY_TLD}
+      swag_address: 192.168.1.254
      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.name: PortNote
+      swag.uptime-kuma.name: Portracker
      swag.uptime-kuma.monitor.url: https://ports.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: System Administration
-      homepage.name: PortNote
+      homepage.name: Portracker
      homepage.href: https://ports.${MY_TLD}
-      homepage.icon: port-note.png
-      homepage.description: Management for container ports
+      homepage.icon: sh-portracker.svg
+      homepage.description: Real-time port monitoring and discovery
+    pid: "host"
    ports:
-      - 23186:3000
-    restart: always
-  portnote-agent:
-    container_name: portnote-agent
-    depends_on:
-      portnote-pg-db:
-        condition: service_started
-        required: true
-    image: haedlessdev/portnote-agent:latest
-    environment:
-      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
-    restart: always
-  portnote-pg-db:
-    container_name: portnote-pg-db
-    image: postgres:17-alpine
-    environment:
-      POSTGRES_USER: portnote
-      POSTGRES_PASSWORD: ${PORTNOTE_POSTGRES_PASSWORD}
-      POSTGRES_DB: portnote
-    expose:
-      - 5432
-    restart: always
+      - 4999:4999
+    restart: unless-stopped
+    security_opt:
+      - apparmor:unconfined
    volumes:
-      - portnote-db-data:/var/lib/postgresql/data
+      - ${DOCKER_VOLUME_CONFIG}/portracker:/data
+      - /var/run/docker.sock:/var/run/docker.sock:ro
  postal-smtp:
    cap_add:
      - NET_BIND_SERVICE
@@ -6146,38 +6077,17 @@ services:
    restart: unless-stopped
    volumes:
        - ${DOCKER_VOLUME_CONFIG}/speedtest-tracker:/config
-  stable-diffusion-download:
-    container_name: stable-diffusion-download
-    image: git.${MY_TLD}/trez.one/stable-diffusion-download:v9.0.0
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
  stable-diffusion-webui:
    container_name: stable-diffusion-webui
-    image: git.${MY_TLD}/trez.one/stable-diffusion-ui:v9.0.1
+    image: ghcr.io/neggles/sd-webui-docker:latest
    environment:
-      - CLI_ARGS=--allow-code --medvram --xformers --enable-insecure-extension-access --api
-    labels:
-      homepage.name: Stable-Diffusion WebUI
-      homepage.group: Personal Tools
-      homepage.description: Deep learning, text-to-image model
-      homepage.href: https://sd.${MY_TLD}
-      homepage.icon: /icons/stable-diffusion.png
-      swag: enable
-      swag_port: 7860
-      swag_auth: authelia
-      swag_proto: http
-      swag_url: sd.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.name: Stable-Diffusion WebUI
-      swag.uptime-kuma.monitor.url: https://sd.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-      swag.uptime-kuma.monitor.retryInterval: 60
-      swag.uptime-kuma.monitor.maxretries: 5
+      CLI_ARGS: "--api --use-cpu all --precision full --no-half --skip-torch-cuda-test --ckpt /empty.pt --do-not-download-clip --disable-nan-check --disable-opt-split-attention"
+      PYTHONUNBUFFERED: "1"
+      TERM: "vt100"
+      SD_WEBUI_VARIANT: "default"
    ports:
      - 7860:7860
    restart: unless-stopped
-    tty: true
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/output:/output
@@ -6285,6 +6195,7 @@ services:
    environment:
      DB_ENGINE: django.db.backends.postgresql
      GID: 1000
+      GUNICORN_MEDIA: 1
      POSTGRES_DB: tandoor
      POSTGRES_HOST: tandoor-pg
      POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
@@ -6304,6 +6215,7 @@ services:
      homepage.widget.key: ${TANDOOR_API_TOKEN}
      swag: enable
      swag_proto: http
+      swag_address: tandoor-recipes
      swag_url: recipes.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.name: Tandoor Recipes
@@ -6729,6 +6641,12 @@ services:
            "password": "${TANDOOR_POSTGRES_PASSWORD}",
            "database": "tandoor"
          }'
+      WHODB_POSTGRES_15: '{
+            "host": "asciinema-pg-db",
+            "user": "asciinema",
+            "password": "${ASCIINEMA_PG_DB_PASSWORD}",
+            "database": "asciinema"
+          }'
      WHODB_REDIS_1: '{
            "host": "castopod-valkey"
          }'
@@ -6957,6 +6875,10 @@ services:
    command: ["zammad-websocket"]
    container_name: zammad-websocket
 volumes:
+  asciinema-data:
+    name: asciinema-data
+  asciinema-pg-data:
+    name: asciinema-pg-data
  authelia-pg-db:
    name: authelia-pg-db
  authelia-valkey-data:
@@ -7023,10 +6945,6 @@ volumes:
    name: karakeep-data
  linkstack_data:
    name: linkstack_data
-  librechat-pg-data:
-    name: librechat-pg-data
-  librechat-valkey-data:
-    name: librechat-valkey-data
  libretranslate_api_keys:
    name: libretranslate_api_keys
  libretranslate_models:
@@ -7057,8 +6975,18 @@ volumes:
    name: n8n-data
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
+  nocodb_data:
+    name: nocodb_data
+  nocodb_pg_data:
+    name: nocodb_pg_data
+  nocodb_valkey_data:
+    name: nocodb_valkey_data
  ollama:
    name: ollama
+  open-webui-data:
+    name: open-webui-data
+  open-webui-valkey-data:
+    name: open-webui-valkey-data
  paperless-ngx-data:
    name: paperless-ngx-data
  paperless-ngx-media: