Removing Emby in favor of Jellyfin.

Merged by Trez.One

.gitea/workflows/branch-sonarscan-pr-merge.yml

@@ -1,163 +0,0 @@
-name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow
-
-on:
-  push:
-    branches-ignore:
-      - main
-
-jobs:
-  # Job 1: Check if PR exists and create one if the branch is new
-  check-and-create-pr:
-    name: Check and Create PR
-    runs-on: ubuntu-latest
-    outputs:
-      pr_created: ${{ steps.cc-pr.outputs.pr_created }}
-      pr_number: ${{ steps.cc-pr.outputs.pr_index }}
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-
-      - name: PR Check/Create
-        id: cc-pr
-        run: |
-          echo "Checking for existing PR..."
-          pr_check=$(curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/main/${{ github.ref_name }} \
-            -X 'GET' \
-            -H 'Accept: application/json' \
-            -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \
-            -s | jq '{index: .number, state: .state}')
-          pr_status=$(echo ${pr_check} | jq -r '.state')
-          if [ "${pr_status}" == "open" ]; then
-            echo "PR already exists. PR number: $(echo ${pr_check} | jq -r '.index')"
-            echo "pr_created=false" >> "$GITHUB_OUTPUT"
-            echo "pr_index=$(echo ${pr_check} | jq -r '.index')" >> "$GITHUB_OUTPUT"
-          elif [ "${pr_status}" == "closed" ]; then
-            echo "PR does not exist. Creating PR..."
-            pr_response=$(curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls -s \
-              -X 'POST' \
-              -H 'Accept: application/json' \
-              -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \
-              -H 'Content-Type: application/json' \
-              -d '{
-                "base": "main",
-                "head": "'"${{ github.ref_name }}"'",
-                "title": "Automated PR for branch '"${{ github.ref_name }}"'",
-                "body": "This is an automated PR created for branch '"${{ github.ref_name }}"'."
-              }')
-            pr_index=$(echo ${pr_response} | jq -r '.number')
-            echo "PR created. PR number: ${pr_index}"
-            echo "pr_created=true" >> "$GITHUB_OUTPUT"
-            echo "pr_index=${pr_index}" >> "$GITHUB_OUTPUT"
-          else
-            echo "Error checking for existing PR. Exiting..."
-            exit 1
-          fi
-
-  sonarqube-analysis:
-    name: SonarQube Analysis
-    runs-on: ubuntu-latest
-    needs: check-and-create-pr
-    outputs:
-      qg_status: ${{ steps.quality-gate.outputs.quality-gate-status }}
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-
-      - name: SonarQube Scan
-        uses: sonarsource/sonarqube-scan-action@v4.1.0
-        env:
-          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
-          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
-
-      - name: SonarQube Quality Gate
-        id: quality-gate
-        uses: sonarsource/sonarqube-quality-gate-action@v1.1.0
-        env:
-          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
-          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
-
-      - name: Custom Quality Gate Check
-        uses: DesarrolloORT/sonarqube-quality-gate-action@v1.0.1
-        id: quality-gate-check
-        with:
-          sonar-project-key: rinoa-docker
-          sonar-host-url: ${{ secrets.SONARQUBE_HOST }}
-          sonar-token: ${{ secrets.SONARQUBE_TOKEN }}
-
-      - name: JSON clean-up for proccessing...
-        id: json-cleanup
-        run: |
-          echo "Cleaning up quality gate response..."
-          echo '${{ steps.quality-gate-check.outputs.quality-gate-result }}' > qg_input.txt
-          sed -E 's/([a-zA-Z0-9_]+):/\\"\1\\":/g; s/:([^",{}\[\]]+)/:"\1"/g' qg_input.txt > qg_raw.json
-          jq -c '.' qg_raw.json > qg_fixed_json.json
-          projstatus=$(jq -r '.projectStatus.status' qg_fixed_json.json)
-          caycStatus=$(jq -r '.projectStatus.caycStatus' qg_fixed_json.json)
-          conditions=$(jq -c '.projectStatus.conditions' qg_fixed_json.json)
-          echo "projstatus=${projstatus}" >> $GITHUB_OUTPUT
-          echo "caycStatus=${caycStatus}" >> $GITHUB_OUTPUT
-          echo "conditions=${conditions}" >> $GITHUB_OUTPUT
-
-      - name: Convert JSON to Markdown Table
-        id: convert-json-to-md
-        uses: buildingcash/json-to-markdown-table-action@v1.1.0
-        with:
-          json: "${{ steps.json-cleanup.outputs.conditions }}"
-
-      - name: Post SonarQube Results as Comment
-        env:
-          PR_NUMBER: ${{ needs.check-and-create-pr.outputs.pr_number }}
-          SQ_RESULTS: ${{ steps.convert-json-to-md.outputs.table }}
-          QG_STATUS: ${{ steps.quality-gate.outputs.quality-gate-status }}
-          RINOA_GITEA_URL: ${{ vars.RINOA_GITEA_URL }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          BOT_GITEA_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
-        run: |
-          formatted_results=$(echo "${SQ_RESULTS}" | sed 's/\\n/\
-          /g')
-          payload=$(jq -n \
-            --arg body "SonarQube analysis results:
-                <br>
-                ${{ env.SQ_RESULTS }}" \
-            '{ body: $body }')
-            
-          response=$(curl -s -o response.json -w "%{http_code}" \
-            -X POST \
-            -H "Accept: application/json" \
-            -H "Authorization: token ${BOT_GITEA_TOKEN}" \
-            -H "Content-Type: application/json" \
-            -d "$payload" \
-            "${RINOA_GITEA_URL}/api/v1/repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}/reviews")
-
-  dry-run-merge-pr:
-    runs-on: ubuntu-latest
-    name: Dry Run & PR Merge
-    needs: sonarqube-analysis
-    if: needs.sonarqube-analysis.outputs.qg_status == 'PASSED'
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-        
-      - name: Generate Ephemeral .env for Docker Compose Dry Run
-        run: |
-          echo "${{ secrets.RINOA_ENV }}" > .env
-
-      - name: Docker Compose Dry Run
-        uses: s3i7h/spin-up-docker-compose-action@v1.2
-        env:
-          DOCKER_HOST: tcp://dockerproxy:2375
-        with:
-          file: docker-compose.yml
-          pull: true
-          pull-opts: --dry-run
-          up: true
-          up-opts: -d --dry-run
-
-      - name: Tea CLI Setup & PR Merge
-        run: |
-          curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea
-          chmod +x /usr/local/bin/tea
-          echo "Merging PR..."
-          tea login add --name gitea-rinoa --url "${{ vars.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token "${{ secrets.BOT_GITEA_TOKEN }}"
-          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --output csv | egrep "${{ gitea.ref_name }}" | awk -F, '{print $1}' | sed -e 's|"||g')
-          tea pr m --repo ${{ github.repository }} --title "Auto Merge" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index}

.gitea/workflows/deployment.yml

@@ -0,0 +1,75 @@
+name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow
+
+on:
+  push:
+    branches-ignore:
+      - main
+
+jobs:
+  # Job 1: Check if PR exists and create one if the branch is new
+  check-and-create-pr:
+    name: Check and Create PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: PR list
+        id: list-prs
+        run: |
+          pr_check=$(curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/main/${{ github.ref_name }} \
+            -X 'GET' \
+            -H 'Accept: application/json' \
+            -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \
+            -s | jq '{index: .number, state: .state}')
+          pr_state=$(echo ${pr_check} | jq -r '.state')
+
+      - name: Create PR
+        if: steps.list-prs.outputs.pr_state != 'open'
+        uses: arifer612/Gitea-PR-action@v1.2.0
+        with:
+          url: ${{ gitea.server_url }}
+          token: ${{ secrets.BOT_GITEA_TOKEN }}
+          assignee: ${{ gitea.actor }}
+
+  docker-compose-test:
+    name: Docker Compose Test
+    needs: [create-pr]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Generate ephemeral .env compose file
+        id: generate-env-file-pr
+        run: |
+          echo "${{ secrets.RINOA_ENV }}" > .env
+
+      - name: Docker Compose Lint
+        uses: yu-ichiro/spin-up-docker-compose-action@v1
+        with:
+          file: docker-compose.yml
+          pull: true
+          pull-opts: --dry-run
+          up: true
+          up-opts: --dry-run -d --remove-orphans
+        env:
+          DOCKER_HOST: tcp://dockerproxy:2375
+
+  merge-pr:
+    name: PR Merge
+    runs-on: ubuntu-latest
+    needs: [docker-compose-test]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Tea CLI Setup & PR Merge
+        run: |
+          curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea
+          chmod +x /usr/local/bin/tea
+          echo "Merging PR..."
+          tea login add --name gitea-rinoa --url ${{ vars.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          echo ${{ gitea.ref_name }}
+          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g')
+          tea pr m --repo ${{ github.repository }} --title "Auto Merge" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index}

docker-compose.yml

@@ -977,62 +977,6 @@ services:
         source: /home/charish/.config/appdata
         target: /source
         type: bind
-  emby:
-    container_name: emby
-    environment:
-      - PGID=1000
-      - PUID=1000
-      - TZ=America/New_York
-      - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:emby
-    hostname: Rinoa
-    image: emby/embyserver
-    labels:
-      - homepage.group=Media Library
-      - homepage.name=Emby
-      - homepage.icon=emby.png
-      - homepage.href=http://emby.${MY_TLD}
-      - homepage.description=Movie/TV Streaming
-      - homepage.widget.type=emby
-      - homepage.widget.url=http://emby:8096
-      - homepage.widget.key=${EMBY_HOMEPAGE_API_KEY}
-      - homepage.widget.enableBlocks=true
-      - homepage.widget.enableNowPlaying=true
-      - swag=enable
-      - swag.uptime-kuma.enabled=true
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "8096"
-        target: 8096
-      - mode: ingress
-        protocol: tcp
-        published: "8920"
-        target: 8920
-    restart: unless-stopped
-    volumes:
-      - bind:
-          create_host_path: true
-        read_only: true
-        source: /etc/localtime
-        target: /etc/localtime
-        type: bind
-      - bind:
-          create_host_path: true
-        source: ${DOCKER_VOLUME_CONFIG}/emby
-        target: /config
-        type: bind
-      - bind:
-          create_host_path: true
-        source: /rinoa-storage
-        target: /storage
-        type: bind
-      - bind:
-          create_host_path: true
-        source: /tmp
-        target: /transcode
-        type: bind
   fastenhealth:
     container_name: fastenhealth
     image: ghcr.io/fastenhealth/fasten-onprem:main
@@ -1996,6 +1940,42 @@ services:
         published: "8104"
         target: 80
     restart: unless-stopped
+  jellyfin:
+    container_name: jellyfin
+    environment:
+      JELLYFIN_PublishedServerUrl: https://jf.trez.wtf
+    image: jellyfin/jellyfin
+    labels:
+      homepage.group: Media Library
+      homepage.name: Jellyfin
+      homepage.icon: jellyfin.svg
+      homepage.href: https://jf.${MY_TLD}
+      homepage.description: Movie/TV Streaming
+      homepage.widget.type: jellyfin
+      homepage.widget.url: http://jellyfin:8096
+      homepage.widget.key: ${JELLYFIN_API_KEY}
+      homepage.widget.enableBlocks: true
+      homepage.widget.enableNowPlaying: true
+      homepage.widget.enableUser: true
+      homepage.widget.showEpisodeNumber: true
+      homepage.widget.expandOneStreamToTwoRows: false
+      swag: enable
+      swag_url: jf.${MY_TLD}
+      swag_port: 8096
+      swag_proto: http
+      swag.uptime-kuma.enabled: true
+    ports:
+      - 8487:8096
+      - 7359:7359
+      - 1900:1900
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/jellyfin:/config
+      - ${DOCKER_VOLUME_CONFIG}/jellyfin/cache:/cache
+      - ${DOCKER_VOLUME_STORAGE}/TV_Shows:/storage/tv
+      - ${DOCKER_VOLUME_STORAGE}/Movies:/storage/movies
+      - /etc/localtime:/etc/localtime
+      - /usr/share/fonts:/usr/local/share/fonts/custom
   jitsi-etherpad:
     container_name: jitsi-etherpad
     environment:
@@ -3001,119 +2981,6 @@ services:
         type: bind
         bind:
           create_host_path: true
-  mattermost:
-    container_name: mattermost
-    depends_on:
-      mattermost-db:
-        condition: service_started
-        required: true
-    environment:
-      MM_EMAILSETTINGS_ENABLESMTPAUTH: true
-      MM_EMAILSETTINGS_SMTPPASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
-      MM_EMAILSETTINGS_SMTPPORT: 25
-      MM_EMAILSETTINGS_SMTPSERVER: postal-smtp
-      MM_EMAILSETTINGS_SMTPUSERNAME: ${POSTAL_SMTP_AUTH_USER}
-      MM_FILESETTINGS_AMAZONS3ACCESSKEYID: ${MATTERMOST_AWS_S3_ACCESSKEY}
-      MM_FILESETTINGS_AMAZONS3BUCKET: mattermost
-      MM_FILESETTINGS_AMAZONS3ENDPOINT: minio:9000
-      MM_FILESETTINGS_AMAZONS3REGION: us-east-fh-pln
-      MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: ${MATTERMOST_AWS_S3_SECRETKEY}
-      MM_FILESETTINGS_AMAZONS3SSL: false
-      MM_FILESETTINGS_ARCHIVERECURSION: true
-      MM_FILESETTINGS_DRIVERNAME: amazons3
-      MM_FILESETTINGS_MAXFILESIZE: 104857600
-      MM_LOGSETTINGS_CONSOLELEVEL: info
-      MM_LOGSETTINGS_ENABLECOLOR: true
-      MM_METRICSSETTINGS_ENABLE: true
-      MM_PLUGINSETTINGS_ENABLEUPLOADS: true
-      MM_SERVICESETTINGS_FORWARD80TO443: false
-      MM_SERVICESETTINGS_LISTENADDRESS: :8065
-      MM_SERVICESETTINGS_SITEURL: https://mm.${MY_TLD}
-      MM_SQLSETTINGS_DATASOURCE: ${MATTERMOST_POSTGRES_CONNECTION_URI}
-      MM_SQLSETTINGS_DRIVERNAME: postgres
-      TZ: ${TZ}
-    expose:
-      - 8067
-    image: mattermost/mattermost-team-edition:latest
-    labels:
-      - homepage.group=Social
-      - homepage.name=Mattermost
-      - homepage.href=https://mm.${MY_TLD}
-      - homepage.icon=mattermost.svg
-      - homepage.description=Team collaboration and technical workflows (Slack alternative)
-      - swag=enable
-      - swag_proto=http
-      - swag_port=8065
-      - swag_url=mm.${MY_TLD}
-      - swag.uptime-kuma.enabled=true
-      - swag.uptime-kuma.monitor.url=https://mm.${MY_TLD}
-    networks:
-      default: null
-    pids_limit: 200
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "8065"
-        target: 8065
-    restart: unless-stopped
-    security_opt:
-      - no-new-privileges:true
-    tmpfs:
-      - /tmp
-    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/mattermost/config
-        target: /mattermost/config
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/mattermost/data
-        target: /mattermost/data
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/mattermost/logs
-        target: /mattermost/logs
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/mattermost/plugins
-        target: /mattermost/plugins
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/mattermost/client/plugins
-        target: /mattermost/client/plugins
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/mattermost/bleve-indexes
-        target: /mattermost/bleve-indexes
-        type: bind
-        bind:
-          create_host_path: true
-  mattermost-db:
-    container_name: mattermost-db
-    environment:
-      - TZ=${TZ}
-      - POSTGRES_DB=mattermost
-      - POSTGRES_USER=mattermost
-      - POSTGRES_PASSWORD=${MATTERMOST_POSTGRES_PASSWORD}
-    expose:
-      - 5432
-    image: postgres:16-alpine
-    networks:
-      default: null
-    restart: unless-stopped
-    security_opt:
-      - no-new-privileges=true
-    tmpfs:
-      - /tmp
-      - /var/run/postgresql
-    volumes:
-      - source: mattermost-postgres
-        target: /var/lib/postgresql/data
-        type: volume
-        volume: {}
   meshcentral:
     container_name: meshcentral
     image: ghcr.io/ylianst/meshcentral:master
@@ -4531,6 +4398,27 @@ services:
         type: bind
         bind:
           create_host_path: true
+  spotisub:
+    container_name: spotisub
+    environment:
+      SPOTIPY_CLIENT_ID: ${YOUR_SPOTIFY_ID}
+      SPOTIPY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET}
+      SPOTIPY_REDIRECT_URI: http://127.0.0.1:8080/
+      SUBSONIC_API_HOST: http://navidrome
+      SUBSONIC_API_PORT: 4533
+      SUBSONIC_API_USER: ${NAVIDROME_USERNAME}
+      SUBSONIC_API_PASS: ${NAVIDROME_PASSWORD}
+    healthcheck:
+      test: curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!' || exit 1
+      interval: 30s
+      retries: 20
+      start_period: 30s
+    image: blastbeng/spotisub:latest
+    ports:
+      - 5183:5183
+    restart: always
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/spotisub:/home/user/spotisub/cache
   swag:
     cap_add:
       - NET_ADMIN
@@ -4610,6 +4498,40 @@ services:
         source: /var/run/docker.sock
         target: /var/run/docker.sock
         type: bind
+  synapse:
+    container_name: synapse
+    depends_on:
+      - synapse-db
+    environment:
+      SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
+      PUID: 1000
+      PGID: 1000
+    image: docker.io/matrixdotorg/synapse:latest
+    labels:
+      swag: enable
+      swag_proto: http
+      swag_url: matrix.${MY_TLD}
+      swag_port: 8008
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://matrix.${MY_TLD}  
+    ports:
+      - 19345:8008
+      - 8448:8448/tcp
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/synapse/:/data
+  synapse-db:
+    container_name: synapse-db
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: synapse
+      POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
+      POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
+    expose:
+      - 5432
+    restart: unless-stopped
+    volumes:
+      - synapse-db:/var/lib/postgresql/data
   tandoor:
     container_name: tandoor-recipes
     depends_on:
@@ -6024,6 +5946,35 @@ services:
         source: /etc/localtime
         target: /etc/localtime
         type: bind
+  vault:
+    cap_add:
+      - IPC_LOCK
+    command:
+      - server
+    container_name: hc-vault
+    environment:
+      - AWS_ACCESS_KEY_ID=${VAULT_HASHICORP_AWS_ACCESS_KEY_ID}
+      - AWS_SECRET_ACCESS_KEY=${VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY}
+    image: hashicorp/vault:latest
+    labels:
+      - homepage.group=Code/DevOps
+      - homepage.name=Vault
+      - homepage.icon=vault.png
+      - homepage.href=https://vault.${MY_TLD}
+      - homepage.description=Hashicorp Vault for secrets, key/value stores, etc.
+      - swag=enable
+      - swag_proto=http
+      - swag_port=8200
+      - swag_url=vault.${MY_TLD}
+      - swag.uptime-kuma.enabled=true
+      - swag.uptime-kuma.monitor.url=https://vault.${MY_TLD}
+    ports:
+      - 8200:8200
+      - 8250:8250
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
+      - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
   wallabag:
     container_name: wallabag
     depends_on:
@@ -7008,8 +6959,6 @@ volumes:
     name: compose_lldap_data
   localai_data:
     name: compose_localai_data
-  mattermost-postgres:
-    name: compose_mattermost-postgres
   meshcentral-data:
   meshcentral-user_files:
   meshcentral-backup:
@@ -7056,6 +7005,8 @@ volumes:
     name: sonarqube-logs
   sonarqube-temp:
     name: sonarqube-temp
+  synapse-db:
+    name: synapse-db
   tandoor-pg:
     name: compose_tandoor-pg
   traccar-pg:

sonar-project.properties

@@ -1,2 +0,0 @@
-sonar.projectKey=rinoa-docker
-sonar.analysis.sqbot=