Ansible private key fix (hopefully).

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -74,7 +74,7 @@ jobs:
         with:
           directory: ansible/
           playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
+          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_SSH_KEY}}
           options: |
             --inventory inventory/hosts.yml
             --check
@@ -257,6 +257,7 @@ jobs:
           notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
   ansible-config-docker-compose-deploy:
     name: Deploy via Ansible & Docker Compose
+    timeout-minutes: 360
     runs-on: ubuntu-latest
     needs: [pr-merge]
     env:
@@ -303,12 +304,12 @@ jobs:
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
-        if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
+        # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
         continue-on-error: true
         uses: keatonLiu/docker-compose-remote-action@v1.2
         with:
           docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing --parallel -1 ${{ steps.regenerate-readme-modified-services.outputs.modified_services }}
+          docker_args: -d --remove-orphans --pull missing
           ssh_user: gitea-deploy
           ssh_host: 192.168.1.254
           ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}

README.md

@@ -6,11 +6,12 @@
 | --- | --- |
 | actual_server | docker.io/actualbudget/actual-server:latest |
 | adguard | adguard/adguardhome:latest |
-| apprise | lscr.io/linuxserver/apprise-api:latest |
 | audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
 | authelia | authelia/authelia:master |
 | authelia-pg | postgres:16-alpine |
 | bazarr | lscr.io/linuxserver/bazarr:latest |
+| beszel | henrygd/beszel:latest |
+| beszel-agent | henrygd/beszel-agent:latest |
 | bitmagnet | ghcr.io/bitmagnet-io/bitmagnet:latest |
 | bitmagnet-pg-db | postgres:17-alpine |
 | bitwarden | vaultwarden/server:latest |
@@ -19,11 +20,10 @@
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
+| cronicle | elestio/cronicle:latest |
 | crowdsec | crowdsecurity/crowdsec:latest |
 | crowdsec-dashboard | metabase/metabase |
 | czkawka | jlesage/czkawka |
-| dagu-scheduler | ghcr.io/dagu-org/dagu:latest |
-| dagu-server | ghcr.io/dagu-org/dagu:latest |
 | dbgate | dbgate/dbgate:alpine |
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
@@ -58,8 +58,8 @@
 | influxdb2 | influxdb:2-alpine |
 | invidious | quay.io/invidious/invidious:latest |
 | invidious-db | docker.io/library/postgres:14 |
-| invoice_ninja | invoiceninja/invoiceninja:5 |
-| invoice_ninja_proxy | nginx |
+| invoice-ninja | invoiceninja/invoiceninja-debian:5 |
+| invoice-ninja_proxy | nginx |
 | it-tools | ghcr.io/corentinth/it-tools:latest |
 | jellyfin | jellyfin/jellyfin |
 | jitsi-etherpad | etherpad/etherpad:1.8.6 |
@@ -74,8 +74,6 @@
 | lidarr | lscr.io/linuxserver/lidarr:latest |
 | lidify | thewicklowwolf/lidify:latest |
 | lldap | lldap/lldap:stable |
-| lobe-chat | lobehub/lobe-chat-database |
-| lobe-chat-pg-db | pgvector/pgvector:pg16 |
 | maloja | krateng/maloja:latest |
 | mariadb | linuxserver/mariadb |
 | mastodon | lscr.io/linuxserver/mastodon:latest |
@@ -85,17 +83,18 @@
 | multi-scrobbler | foxxmd/multi-scrobbler |
 | n8n | docker.n8n.io/n8nio/n8n |
 | navidrome | deluan/navidrome:latest |
+| netalertx | jokobsk/netalertx:latest |
 | netbird-dashboard | netbirdio/dashboard:latest |
 | netbird-signal | netbirdio/signal:latest |
 | netbird-relay | netbirdio/relay:latest |
 | netbird-management | netbirdio/management:latest |
 | netbird-coturn | coturn/coturn:latest |
-| netbox | lscr.io/linuxserver/netbox:latest |
-| netbox-db | postgres:17-alpine |
 | nextcloud | nextcloud/all-in-one:latest |
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
+| open-webui | ghcr.io/open-webui/open-webui:main |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
+| parseable | containers.parseable.com/parseable/parseable:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
@@ -103,6 +102,7 @@
 | plausible_db | postgres:16-alpine |
 | plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
 | portainer | portainer/portainer-ce:alpine-sts |
+| portall | need4swede/portall:latest |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
 | postal-worker | ghcr.io/postalserver/postal:latest |
@@ -120,10 +120,6 @@
 | scraperr-api | jpyles0524/scraperr_api:latest |
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
-| slurpit-portal | slurpit/portal:latest |
-| slurpit-scanner | slurpit/scanner:latest |
-| slurpit-scraper | slurpit/scraper:latest |
-| slurpit-warehouse | slurpit/warehouse:latest |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
@@ -141,13 +137,10 @@
 | unmanic | josh5/unmanic:latest |
 | uptimekuma | louislam/uptime-kuma:latest |
 | vault | hashicorp/vault:latest |
+| vector | timberio/vector:0.44.0-alpine |
 | wallabag | wallabag/wallabag |
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
-| wazuh-agent | kennyopennix/wazuh-agent:latest |
-| wazuh-dashboard | wazuh/wazuh-dashboard: |
-| wazuh-indexer | wazuh/wazuh-indexer: |
-| wazuh-manager | wazuh/wazuh-manager: |
 | web-check | lissy93/web-check |
 | your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |

ansible/app-configs/gitea_act-runner_config.yaml.j2

@@ -0,0 +1,101 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 2
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: "192.168.1.254"
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 63604
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: "compose_default"
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

ansible/app-configs/vector.yaml.j2

@@ -0,0 +1,32 @@
+  sources:
+    rinoa_docker_logs:
+      type: docker_logs
+      exclude_containers:
+        - zammad-init
+        - vector
+
+  sinks:
+    parseable:
+      type: http
+      method: post
+      batch:
+        max_bytes: 10485760
+        max_events: 1000
+        timeout_secs: 10
+      compression: gzip
+      inputs:
+        - rinoa_docker_logs
+      encoding:
+        codec: json
+      uri: http://parseable:8000/api/v1/ingest'
+      auth:
+        strategy: basic
+        user: admin
+        password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
+      request:
+        headers:
+          X-P-Stream: vectordemo
+      healthcheck:
+        enabled: true
+        path: 'http://parseable:8000/api/v1/liveness'
+        port: 80

ansible/app-configs/vector_vector.yaml.j2

@@ -0,0 +1,31 @@
+  sources:
+    rinoa_docker_logs:
+      type: docker_logs
+      exclude_containers:
+        - zammad-init
+
+  sinks:
+    parseable:
+      type: http
+      method: post
+      batch:
+        max_bytes: 10485760
+        max_events: 1000
+        timeout_secs: 10
+      compression: gzip
+      inputs:
+        - rinoa_docker_logs
+      encoding:
+        codec: json
+      uri: http://parseable:8000/api/v1/ingest'
+      auth:
+        strategy: basic
+        user: admin
+        password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
+      request:
+        headers:
+          X-P-Stream: vectordemo
+      healthcheck:
+        enabled: true
+        path: 'http://parseable:8000/api/v1/liveness'
+        port: 80

docker-compose.yml

@@ -617,6 +617,35 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
+  cronicle:
+    container_name: cronicle
+    entrypoint: manager
+    environment:
+      CRONICLE_manager: 1
+      CRONICLE_secret_key: "${CRONICLE_SECRET_KEY}"
+      DOCKER_HOST: tcp://dockerproxy:2375
+    hostname: cronicle
+    image: elestio/cronicle:latest
+    labels:
+      homepage.group: Automation
+      homepage.name: Cronicle
+      homepage.href: https://cron.${MY_TLD}
+      homepage.icon: sh-cronicle.png
+      homepage.description: Multi-server task schedule with a web interface
+      swag: enable
+      swag_port: 3012
+      swag_proto: http
+      swag_url: cron.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://cron.${MY_TLD}
+    ports:
+        - 31037:3012
+    restart: always
+    volumes:
+        - ${DOCKER_VOLUME_CONFIG}/cronicle/data:/opt/cronicle/data
+        - ${DOCKER_VOLUME_CONFIG}/cronicle/logs:/opt/cronicle/logs
+        - ${DOCKER_VOLUME_CONFIG}/cronicle/plugins:/opt/cronicle/plugins
+        - ${DOCKER_VOLUME_CONFIG}/cronicle/workloads/app:/app
   crowdsec:
     container_name: crowdsec
     environment:
@@ -1440,266 +1469,6 @@ services:
         type: bind
         bind:
           create_host_path: true
-  grafana:
-    container_name: grafana
-    depends_on:
-      grafana-alloy:
-        condition: service_started
-        required: true
-    environment:
-      GF_INSTALL_PLUGINS: grafana-piechart-panel
-      TZ: America/New_York
-    hostname: Rinoa
-    image: grafana/grafana-enterprise:latest
-    labels:
-      homepage.group: Infrastructure/App Performance Monitoring
-      homepage.name: Grafana (LGTM)
-      homepage.href: https://mon.${MY_TLD}
-      homepage.description: Monitoring Dashboard for metrics, logs, traces, & profiles
-      homepage.icon: grafana.png
-      homepage.widget.type: grafana
-      homepage.widget.url: http://grafana:3000
-      homepage.widget.username: admin
-      homepage.widget.password: ${GRAFANA_ADMIN_PASSWORD}
-      swag: enable
-      swag_proto: http
-      swag_url: mon.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://mon.${MY_TLD}
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "3006"
-        target: 3000
-    restart: unless-stopped
-    user: 1000:1000
-    volumes:
-      - bind:
-          create_host_path: true
-        read_only: true
-        source: /etc/localtime
-        target: /etc/localtime
-        type: bind
-      - source: ${DOCKER_VOLUME_CONFIG}/grafana/data
-        target: /var/lib/grafana
-        type: bind
-        bind:
-          create_host_path: true
-      - bind:
-          create_host_path: true
-        source: /rinoa-storage
-        target: /storage
-        type: bind
-  grafana-alloy:
-    cap_add:
-      - SYS_ADMIN
-      - SYS_TIME
-      - BPF
-      - SYSLOG
-    command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy
-    container_name: grafana-alloy
-    environment:
-      DOCKER_HOST: tcp://dockerproxy:2375
-    image: grafana/alloy:latest
-    labels:
-      homepage.group: Infrastructure/App Performance Monitoring
-      homepage.name: Grafana Alloy
-      homepage.description: Agent for metric/log/trace/profile collection and writing
-      homepage.href: http://192.168.1.254:12345
-      homepage.icon: sh-grafana-alloy.svg
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "12345"
-        target: 12345
-    privileged: true
-    restart: always
-    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/config.alloy
-        target: /etc/alloy/config.alloy
-        type: bind
-        bind:
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/grafana/alloy/endpoints.json
-        target: /etc/alloy/endpoints.json
-        type: bind
-        bind:
-          create_host_path: true
-      - bind:
-          create_host_path: true
-        read_only: true
-        source: /proc
-        target: /host/proc
-        type: bind
-      - bind:
-          create_host_path: true
-        read_only: true
-        source: /sys
-        target: /host/sys
-        type: bind
-      - bind:
-          create_host_path: true
-        read_only: true
-        source: /
-        target: /rootfs
-        type: bind
-  grafana-loki:
-    command: -config.file=/etc/loki/loki-config.yaml
-    container_name: grafana-loki
-    depends_on:
-      grafana-alloy:
-        condition: service_started
-        required: true
-    image: grafana/loki:latest
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "3100"
-        target: 3100
-    restart: unless-stopped
-    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/grafana/loki/loki-config.yaml
-        target: /etc/loki/loki-config.yaml
-        type: bind
-        bind:
-          create_host_path: true
-  grafana-mimir:
-    command:
-      - -ingester.native-histograms-ingestion-enabled=true
-      - -config.file=/etc/mimir.yaml
-    container_name: grafana-mimir
-    depends_on:
-      grafana-alloy:
-        condition: service_started
-        required: true
-    image: grafana/mimir:latest
-    labels:
-      homepage.group: Infrastructure/App Performance Monitoring
-      homepage.name: Grafana Mimir
-      homepage.href: http://192.168.1.254:9009
-      homepage.description: Long-term metrics storage
-      homepage.icon: /icons/grafana-mimir.png
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "9009"
-        target: 9009
-    restart: unless-stopped
-    volumes:
-      - source: grafana-mimir-data
-        target: /data
-        type: volume
-        volume: {}
-      - source: ${DOCKER_VOLUME_CONFIG}/grafana/mimir/mimir.yaml
-        target: /etc/mimir.yaml
-        type: bind
-        bind:
-          create_host_path: true
-  grafana-mimir-memcached:
-    container_name: grafana-mimir-memcached
-    depends_on:
-      grafana-alloy:
-        condition: service_started
-        required: true
-    environment:
-      MEMCACHED_MEMORY_LIMIT: 1g
-      MEMCACHED_THREADS: 4
-      MEMCACHED_MAX_CONNECTIONS: 2048
-      MEMCACHED_TCP_PORT: 11211
-      MEMCACHED_UDP_PORT: 11211
-    image: memcached
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "11211"
-        target: 11211
-    restart: unless-stopped
-  grafana-pyroscope:
-    command:
-      - -config.file=/etc/pyroscope.yml
-    container_name: grafana-pyroscope
-    depends_on:
-      grafana-alloy:
-        condition: service_started
-        required: true
-    image: grafana/pyroscope:latest
-    labels:
-      homepage.group: Infrastructure/App Performance Monitoring
-      homepage.name: Grafana Pyroscope
-      homepage.description: Profiling for applications
-      homepage.href: http://192.168.1.254:4040
-      homepage.icon: /icons/grafana-pyroscope.svg
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "4040"
-        target: 4040
-    restart: unless-stopped
-    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/grafana/pyroscope/config.yaml
-        target: /etc/pyroscope.yml
-        type: bind
-        bind:
-          create_host_path: true
-  grafana-tempo:
-    command:
-      - -config.file=/etc/tempo.yaml
-    container_name: grafana-tempo
-    depends_on:
-      grafana-alloy:
-        condition: service_started
-        required: true
-    image: grafana/tempo:latest
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "14268"
-        target: 14268
-      - mode: ingress
-        protocol: tcp
-        published: "3200"
-        target: 3200
-      - mode: ingress
-        protocol: tcp
-        published: "9095"
-        target: 9095
-      - mode: ingress
-        protocol: tcp
-        published: "4317"
-        target: 4317
-      - mode: ingress
-        protocol: tcp
-        published: "4318"
-        target: 4318
-      - mode: ingress
-        protocol: tcp
-        published: "9411"
-        target: 9411
-    restart: unless-stopped
-    volumes:
-      - source: grafana-tempo-data
-        target: /var/tempo
-        type: volume
-        volume: {}
-      - source: ${DOCKER_VOLUME_CONFIG}/grafana/tempo/tempo.yaml
-        target: /etc/tempo.yaml
-        type: bind
-        bind:
-          create_host_path: true
   guacamole:
     container_name: guacamole
     environment:
@@ -2259,6 +2028,7 @@ services:
       swag_port: 8096
       swag_proto: http
       swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://jf.${MY_TLD}
     ports:
       - 8487:8096
       - 7359:7359
@@ -3372,6 +3142,30 @@ services:
         type: bind
         bind:
           create_host_path: true
+  netalertx:
+    container_name: netalertx
+    environment:
+      TZ: ${TZ}
+      PORT: 20211
+    image: jokobsk/netalertx:latest
+    network_mode: host
+    labels:
+      homepage.group: Infrastructure/App Performance Monitoring
+      homepage.name: NetAlertX
+      homepage.href: http://192.168.1.254:20211
+      homepage.icon: netalertx.svg
+      homepage.description: Network Monitoring
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/netalertx/config:/app/config
+      - ${DOCKER_VOLUME_CONFIG}/netalertx/db:/app/db
+      # (optional) useful for debugging if you have issues setting up the container
+      # - ${DOCKER_VOLUME_CONFIG}/netalertx/logs:/app/log
+      # (API: OPTION 1) use for performance
+      - type: tmpfs
+        target: /app/api
+      # (API: OPTION 2) use when debugging issues
+      # - ${DOCKER_VOLUME_CONFIG}/netalertx/api:/app/api
   netbird-dashboard:
     container_name: netbird-dashboard
     environment:
@@ -3505,6 +3299,9 @@ services:
       homepage.href: https://cloud.${MY_TLD}
       homepage.icon: nextcloud.svg
       homepage.description: Private Cloud
+      homepage.widget.type: nextcloud
+      homepage.widget.url: https://cloud.trez.wtf
+      homepage.widget.token: ${NEXTCLOUD_HOMEPAGE_TOKEN}
       swag: enable
       swag_port: 11000
       swag_proto: http
@@ -3661,6 +3458,36 @@ services:
         type: bind
         bind:
           create_host_path: true
+  parseable:
+    container_name: parseable
+    command: [ "parseable", "s3-store" ]
+    depends_on:
+      - minio
+    environment:
+      P_STAGING_DIR: /staging
+      P_ADDR: 0.0.0.0:8000
+      P_USERNAME: admin
+      P_PASSWORD: ${PARSEABLE_PASSWORD}
+      P_S3_URL: http://minio:9000
+      P_S3_BUCKET: parseable
+      P_S3_ACCESS_KEY: ${PARSEABLE_S3_ACCESS_KEY}
+      P_S3_SECRET_KEY: ${PARSEABLE_S3_SECRET_KEY}
+      P_S3_REGION: us-east-fh-pln
+    image: containers.parseable.com/parseable/parseable:latest
+    labels:
+      homepage.group: Infrastructure/App Performance Monitoring
+      homepage.name: Parseable
+      homepage.href: https://logs.${MY_TLD}
+      homepage.icon: parseable.svg
+      homepage.description: Log analytics system for high throughput log ingestion
+      swag: enable
+      swag_proto: http
+      swag_port: 8000
+      swag_url: logs.${MY_TLD}
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
+    ports:
+      - 14453:8000
   pgbackweb:
     container_name: pgbackweb
     depends_on:
@@ -3824,17 +3651,18 @@ services:
       swag: enable
       swag_auth: authelia
       swag_proto: http
-      swag_port: 9000
+      swag_port: 8080
       swag_url: portall.${MY_TLD}
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://portall.${MY_TLD}
       homepage.group: System Administration
       homepage.name: Portall
-      homepage.href: https://portainer.${MY_TLD}
+      homepage.href: https://portall.${MY_TLD}
       homepage.icon: sh-portall.png
       homepage.description: Management for container ports
     ports:
       - 8000:8080
+    restart: unless-stopped
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/portall:/app/instance
   postal-smtp:
@@ -6284,6 +6112,16 @@ services:
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
       - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
+  vector:
+    image: timberio/vector:0.44.0-alpine
+    container_name: vector
+    environment:
+      DOCKER_HOST: tcp://dockerproxy:2375
+    ports:
+      - 60157:8686
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/vector/vector.yaml:/etc/vector/vector.yaml:ro
   wallabag:
     container_name: wallabag
     depends_on:
@@ -7134,4 +6972,4 @@ x-shared:
     image: ${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}
     restart: ${ZAMMAD_RESTART}
     volumes:
-      - zammad-storage:/opt/zammad/storage
+      - zammad-storage:/opt/zammad/storage