Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| cc9c76d958 |
@@ -6,7 +6,6 @@ on:
|
||||
- 'main'
|
||||
paths:
|
||||
- '**.j2'
|
||||
- '**/pr-ansible-config-deployment.yaml'
|
||||
- 'ansible/**.yml'
|
||||
jobs:
|
||||
check-and-create-pr:
|
||||
@@ -42,7 +41,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
run: |
|
||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||
- name: Create PR
|
||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||
@@ -50,7 +49,7 @@ jobs:
|
||||
tea login default gitea-rinoa
|
||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||
tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -58,8 +57,8 @@ jobs:
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: PR Check'
|
||||
notification_message: 'PR Created 🎟️'
|
||||
ansible-dry-run:
|
||||
name: Ansible Dry Run
|
||||
ansible-linting:
|
||||
name: Docker Compose & Ansible Lints
|
||||
needs: [check-and-create-pr]
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
@@ -69,6 +68,9 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Fetch base branch
|
||||
run: |
|
||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||
- name: Cache Ansible Galaxy Collections
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
@@ -79,12 +81,11 @@ jobs:
|
||||
- name: Install Ansible
|
||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||
with:
|
||||
version: "11.4.0"
|
||||
version: "11.0.0"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Install hvac
|
||||
run: |
|
||||
pip install hvac
|
||||
run: pip install hvac
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -93,26 +94,26 @@ jobs:
|
||||
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
|
||||
notification_message: 'Starting Ansible dry run...'
|
||||
- name: Ansible Playbook Dry Run
|
||||
uses: dawidd6/action-ansible-playbook@v3
|
||||
uses: arillso/action.playbook@0.1.0
|
||||
with:
|
||||
directory: ansible/
|
||||
playbook: docker_config_deploy.yml
|
||||
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
check: true
|
||||
galaxy_collections_path: ansible/collections
|
||||
galaxy_requirements_file: ansible/collections/requirements.yml
|
||||
inventory: ansible/inventory/hosts.yml
|
||||
playbook: ansible/docker_config_deploy.yml
|
||||
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||
requirements: collections/requirements.yml
|
||||
options: |
|
||||
--check
|
||||
--inventory inventory/hosts.yml
|
||||
verbose: 0
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Ansible Dry Run @ Rinoa'
|
||||
notification_message: 'Ansible dry run completed successfully.'
|
||||
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
|
||||
notification_message: 'Docker Compose dry run completed successfully.'
|
||||
pr-merge:
|
||||
name: PR Merge
|
||||
needs: [ansible-dry-run]
|
||||
needs: [regenerate-readme-modified-services]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -152,10 +153,6 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: main
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: 3.12
|
||||
- name: Cache Vault install
|
||||
id: cache-vault
|
||||
uses: actions/cache@v4
|
||||
@@ -165,12 +162,11 @@ jobs:
|
||||
- name: Install Ansible
|
||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||
with:
|
||||
version: "11.4.0"
|
||||
version: "11.0.0"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Install hvac
|
||||
run: |
|
||||
pip install hvac
|
||||
run: pip install hvac
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -179,15 +175,15 @@ jobs:
|
||||
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
|
||||
notification_message: 'Starting config deployment with Ansible...'
|
||||
- name: Ansible Playbook Config Deploy
|
||||
uses: dawidd6/action-ansible-playbook@v3
|
||||
uses: arillso/action.playbook@0.1.0
|
||||
with:
|
||||
directory: ansible/
|
||||
playbook: docker_config_deploy.yml
|
||||
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
check: false
|
||||
galaxy_collections_path: ansible/collections
|
||||
galaxy_requirements_file: ansible/collections/requirements.yml
|
||||
inventory: ansible/inventory/hosts.yml
|
||||
playbook: ansible/docker_config_deploy.yml
|
||||
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
|
||||
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
|
||||
requirements: collections/requirements.yml
|
||||
options: |
|
||||
--inventory inventory/hosts.yml
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
|
||||
@@ -42,7 +42,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
run: |
|
||||
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
|
||||
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
|
||||
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
|
||||
- name: Create PR
|
||||
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
|
||||
@@ -50,7 +50,7 @@ jobs:
|
||||
tea login default gitea-rinoa
|
||||
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
|
||||
pr_index_new=$(expr ${pr_index_old} + 1)
|
||||
tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||||
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -58,25 +58,26 @@ jobs:
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: PR Check'
|
||||
notification_message: 'PR Created 🎟️'
|
||||
generate-service-list:
|
||||
name: Generate list of added/modified/deleted services
|
||||
runs-on: ubuntu-latest
|
||||
docker-compose-dry-run:
|
||||
name: Docker Compose Dry Run
|
||||
needs: [check-and-create-pr]
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
VAULT_NAMESPACE: ""
|
||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||
outputs:
|
||||
svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
|
||||
svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Fetch base branch
|
||||
run: |
|
||||
git fetch origin ${{ github.event.pull_request.base.ref }}
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Services TBD'
|
||||
notification_message: 'Generating list of services to deploy...'
|
||||
- name: Login to Gitea Container Registry
|
||||
run: |
|
||||
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
||||
- name: Save both versions of docker-compose.yml
|
||||
run: |
|
||||
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
|
||||
@@ -106,29 +107,8 @@ jobs:
|
||||
echo "Detected service changes:"
|
||||
cat service_changes.txt
|
||||
|
||||
mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq)
|
||||
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
|
||||
echo "$mod_svcs" >> "$GITHUB_OUTPUT"
|
||||
echo "EOF" >> "$GITHUB_OUTPUT"
|
||||
- name: Testing service list output
|
||||
run: |
|
||||
echo -e "${{ steps.detect_services.outputs.docker_svc_list }}"
|
||||
docker-compose-dry-run:
|
||||
name: Docker Compose Dry Run
|
||||
needs: [generate-service-list]
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
VAULT_NAMESPACE: ""
|
||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Login to Gitea Container Registry
|
||||
run: |
|
||||
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
|
||||
svc_list=$(paste -sd '|' service_changes.txt)
|
||||
echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Gotify Notification
|
||||
@@ -138,20 +118,37 @@ jobs:
|
||||
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
|
||||
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
|
||||
notification_message: 'Starting Docker Compose dry run...'
|
||||
- name: Generate .env file for Docker Compose
|
||||
- name: Cache .env Files
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: .env
|
||||
key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
|
||||
- name: Generate modified services list & .env file for Docker Compose Dry Run
|
||||
id: modded_svcs
|
||||
run: |
|
||||
mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
|
||||
echo ${mod_svcs}
|
||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||
echo ${DOCKER_SVC_LIST}
|
||||
echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
|
||||
- name: Testing service list output
|
||||
run: |
|
||||
echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||
- name: Docker Compose Dry Run
|
||||
uses: hoverkraft-tech/compose-action@v2.2.0
|
||||
timeout-minutes: 360
|
||||
continue-on-error: true
|
||||
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||
with:
|
||||
ssh_host: 192.168.1.254
|
||||
ssh_port: 22
|
||||
ssh_user: gitea-deploy
|
||||
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||
service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
|
||||
compose_file: docker-compose.yml
|
||||
pull: false
|
||||
build: false
|
||||
options: -d --remove-orphans
|
||||
env:
|
||||
DOCKER_HOST: tcp://dockerproxy:2375
|
||||
with:
|
||||
services: |
|
||||
${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||||
up-flags: -d --remove-orphans --dry-run
|
||||
down-flags: --dry-run
|
||||
compose-flags: --dry-run
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
@@ -161,7 +158,7 @@ jobs:
|
||||
notification_message: 'Docker Compose dry run completed successfully.'
|
||||
cloudflare-dns-setup:
|
||||
name: Cloudflare DNS Setup
|
||||
needs: [docker-compose-dry-run]
|
||||
needs: [docker-compose-ansible-lints]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -302,13 +299,13 @@ jobs:
|
||||
docker-compose-deploy:
|
||||
name: Docker Compose Deployment
|
||||
runs-on: ubuntu-latest
|
||||
needs: [generate-service-list, docker-compose-dry-run, pr-merge]
|
||||
needs: [docker-compose-dry-run, pr-merge]
|
||||
env:
|
||||
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
|
||||
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
|
||||
DOCKER_HOST: tcp://dockerproxy:2375
|
||||
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
|
||||
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||||
DOCKER_SVC_LIST: ${{ needs.docker-compose-dry-run.outputs.svc_deploy_list }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
@@ -320,6 +317,10 @@ jobs:
|
||||
with:
|
||||
path: /opt/hostedtoolcache/vault/1.18.0/x64
|
||||
key: vault-${{ runner.os }}-1.18.0
|
||||
- name: Install Ansible
|
||||
uses: alex-oleshkevich/setup-ansible@v1.0.1
|
||||
with:
|
||||
version: "11.0.0"
|
||||
- name: Install Vault
|
||||
uses: cpanato/vault-installer@main
|
||||
- name: Login to Gitea Container Registry
|
||||
@@ -335,22 +336,22 @@ jobs:
|
||||
- name: Generate .env file for deployment
|
||||
run: |
|
||||
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
|
||||
echo ${DOCKER_SVC_LIST}
|
||||
- name: Docker Compose Deployment
|
||||
uses: hoverkraft-tech/compose-action@v2.2.0
|
||||
- name: Docker Compose Dry Run
|
||||
timeout-minutes: 360
|
||||
continue-on-error: true
|
||||
uses: chaplyk/docker-compose-remote-action@v1.1
|
||||
env:
|
||||
DOCKER_HOST: tcp://dockerproxy:2375
|
||||
with:
|
||||
services: |
|
||||
${{ needs.generate-service-list.outputs.svc_deploy_list }}
|
||||
up-flags: -d --remove-orphans
|
||||
down-flags: --dry-run
|
||||
- name: Check Services' Healthiness
|
||||
uses: thegabriele97/dockercompose-health-action@main
|
||||
with:
|
||||
filename: 'docker-compose.yml'
|
||||
timeout: '60'
|
||||
workdir: '.'
|
||||
ssh_host: 192.168.1.254
|
||||
ssh_port: 22
|
||||
ssh_user: gitea-deploy
|
||||
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
|
||||
service: ${DOCKER_SVC_LIST}
|
||||
compose_file: docker-compose.yml
|
||||
pull: false
|
||||
build: false
|
||||
options: -d --remove-orphans
|
||||
- name: Gotify Notification
|
||||
uses: eikendev/gotify-action@master
|
||||
with:
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
name: Auto-Unseal for Vault
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: "0 5 * * *"
|
||||
- cron: "30 2 * * *"
|
||||
jobs:
|
||||
auto-unseal:
|
||||
name: Unseal Vault
|
||||
|
||||
@@ -8,11 +8,9 @@
|
||||
| adguard | adguard/adguardhome:latest |
|
||||
| apprise-api | lscr.io/linuxserver/apprise-api:latest |
|
||||
| archivebox | archivebox/archivebox:latest |
|
||||
| argus | quay.io/argus-io/argus:latest |
|
||||
| audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
|
||||
| authelia | authelia/authelia:master |
|
||||
| authelia-pg | postgres:16-alpine |
|
||||
| authelia-valkey | docker.io/bitnami/valkey:latest |
|
||||
| bazarr | lscr.io/linuxserver/bazarr:latest |
|
||||
| beszel | henrygd/beszel:latest |
|
||||
| beszel-agent | henrygd/beszel-agent:latest |
|
||||
@@ -21,8 +19,6 @@
|
||||
| browserless | ghcr.io/browserless/chromium:latest |
|
||||
| bytestash | ghcr.io/jordan-dalby/bytestash:latest |
|
||||
| castopod | castopod/castopod:latest |
|
||||
| castopod-valkey | docker.io/bitnami/valkey:latest |
|
||||
| chrome | gcr.io/zenika-hub/alpine-chrome:123 |
|
||||
| cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
|
||||
| convertx | ghcr.io/c4illin/convertx |
|
||||
| cronicle | elestio/cronicle:latest |
|
||||
@@ -33,7 +29,6 @@
|
||||
| dawarich-app | freikin/dawarich:latest |
|
||||
| dawarich-pg-db | postgis/postgis:17-3.5-alpine |
|
||||
| dawarich-sidekiq | freikin/dawarich:latest |
|
||||
| dawarich-valkey | docker.io/bitnami/valkey:latest |
|
||||
| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
|
||||
| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
|
||||
| dockflare | alplat/dockflare:stable |
|
||||
@@ -60,7 +55,6 @@
|
||||
| immich-pg-db | tensorchord/pgvecto-rs:pg14-v0.2.1 |
|
||||
| immich-public-proxy | alangrainger/immich-public-proxy:latest |
|
||||
| immich-power-tools | ghcr.io/varun-raj/immich-power-tools:latest |
|
||||
| immich-valkey | docker.io/bitnami/valkey:latest |
|
||||
| influxdb2 | influxdb:2-alpine |
|
||||
| invidious | quay.io/invidious/invidious:latest |
|
||||
| invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
|
||||
@@ -78,12 +72,10 @@
|
||||
| jitsi-web | jitsi/web:stable |
|
||||
| joplin-db | postgres:17-alpine |
|
||||
| joplin | joplin/server:latest |
|
||||
| karakeep | ghcr.io/karakeep-app/karakeep:release |
|
||||
| languagetool | elestio/languagetool:latest |
|
||||
| librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
|
||||
| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
|
||||
| librechat-valkey | docker.io/bitnami/valkey:latest |
|
||||
| librechat-vectordb | ankane/pgvector:latest |
|
||||
| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
|
||||
| libretranslate | libretranslate/libretranslate |
|
||||
| lidarr | lscr.io/linuxserver/lidarr:latest |
|
||||
| lidify | thewicklowwolf/lidify:latest |
|
||||
@@ -92,22 +84,15 @@
|
||||
| loggifly | ghcr.io/clemcer/loggifly:latest |
|
||||
| maloja | krateng/maloja:latest |
|
||||
| manyfold | lscr.io/linuxserver/manyfold:latest |
|
||||
| manyfold-valkey | docker.io/bitnami/valkey:latest |
|
||||
| mariadb | linuxserver/mariadb |
|
||||
| mastodon | lscr.io/linuxserver/mastodon:latest |
|
||||
| mastodon-pg-db | postgres:17-alpine |
|
||||
| mastodon-valkey | docker.io/bitnami/valkey:latest |
|
||||
| maxun-backend | getmaxun/maxun-backend:latest |
|
||||
| maxun-frontend | getmaxun/maxun-frontend:latest |
|
||||
| maxun-pg-db | postgres:13-alpine |
|
||||
| maxun-valkey | docker.io/bitnami/valkey:latest |
|
||||
| meilisearch | getmeili/meilisearch:v1.15 |
|
||||
| meme-search-pro | ghcr.io/neonwatty/meme_search_pro:latest |
|
||||
| meme-search-pro-img2txt-gen | ghcr.io/neonwatty/image_to_text_generator:latest |
|
||||
| meme-search-db | pgvector/pgvector:pg17 |
|
||||
| meilisearch | getmeili/meilisearch:v1.12.3 |
|
||||
| minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
|
||||
| mixpost | inovector/mixpost:latest |
|
||||
| mixpost-valkey | docker.io/bitnami/valkey:latest |
|
||||
| mongodb | bitnami/mongodb:7.0 |
|
||||
| multi-scrobbler | foxxmd/multi-scrobbler |
|
||||
| n8n | docker.n8n.io/n8nio/n8n |
|
||||
@@ -119,18 +104,8 @@
|
||||
| omni-tools | iib0011/omni-tools:latest |
|
||||
| omnipoly | kweg/omnipoly:latest |
|
||||
| paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
|
||||
| paperless-valkey | docker.io/bitnami/valkey:latest |
|
||||
| penpot-frontend | penpotapp/frontend:latest |
|
||||
| penpot-backend | penpotapp/backend:latest |
|
||||
| penpot-exporter | penpotapp/exporter:latest |
|
||||
| penpot-pg-db | postgres:15-alpine |
|
||||
| penpot-redis | redis:7.2 |
|
||||
| pgbackweb | eduardolat/pgbackweb:latest |
|
||||
| pgbackweb-db | postgres:16-alpine |
|
||||
| planka | ghcr.io/plankanban/planka:2.0.0-rc.3 |
|
||||
| planka-pg-db | postgres:16-alpine |
|
||||
| plant-it | msdeluise/plant-it-server:latest |
|
||||
| plant-it-valkey | docker.io/bitnami/valkey:latest |
|
||||
| plantuml-server | plantuml/plantuml-server:jetty |
|
||||
| portainer | portainer/portainer-ce:alpine |
|
||||
| portnote-web | haedlessdev/portnote:latest |
|
||||
@@ -140,42 +115,35 @@
|
||||
| postal-web | ghcr.io/postalserver/postal:latest |
|
||||
| postal-worker | ghcr.io/postalserver/postal:latest |
|
||||
| prowlarr | lscr.io/linuxserver/prowlarr:latest |
|
||||
| qbit-manage | ghcr.io/stuffanthings/qbit_manage:latest |
|
||||
| qbittorrentvpn | ghcr.io/binhex/arch-qbittorrentvpn:latest |
|
||||
| radarec | thewicklowwolf/radarec:latest |
|
||||
| radarr | lscr.io/linuxserver/radarr:latest |
|
||||
| reactive-resume | amruthpillai/reactive-resume:latest |
|
||||
| reactive-resume-pg | postgres:16-alpine |
|
||||
| readarr | lscr.io/linuxserver/readarr:develop |
|
||||
| redis | redis:alpine |
|
||||
| redlib | quay.io/redlib/redlib:latest |
|
||||
| rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
|
||||
| romm | rommapp/romm:latest |
|
||||
| romm-valkey | docker.io/bitnami/valkey:latest |
|
||||
| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
|
||||
| sablier | sablierapp/sablier:latest |
|
||||
| scraparr | ghcr.io/thecfu/scraparr:latest |
|
||||
| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
|
||||
| searxng | searxng/searxng:latest |
|
||||
| searxng-valkey | docker.io/bitnami/valkey:latest |
|
||||
| semaphore | semaphoreui/semaphore:v2.12.14 |
|
||||
| signoz-app | signoz/signoz:v0.86.2 |
|
||||
| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
|
||||
| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
|
||||
| signoz-logspout | pavanputhra/logspout-signoz |
|
||||
| signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
|
||||
| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
|
||||
| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
|
||||
| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
|
||||
| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
|
||||
| signoz-app | signoz/signoz:v0.86.2 |
|
||||
| signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
|
||||
| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
|
||||
| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
|
||||
| sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
|
||||
| sonarqube-pg-db | postgres:17-alpine |
|
||||
| sonarr | lscr.io/linuxserver/sonarr:latest |
|
||||
| sonashow | thewicklowwolf/sonashow:latest |
|
||||
| soularr | mrusse08/soularr:latest |
|
||||
| soularr-dashboard | git.trez.wtf/trez.one/soularr-dashboard:v0.1 |
|
||||
| soulseek | slskd/slskd |
|
||||
| speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
|
||||
| stable-diffusion-download | git./trez.one/stable-diffusion-download:v9.0.0 |
|
||||
| stable-diffusion-webui | git./trez.one/stable-diffusion-ui:v9.0.1 |
|
||||
| stable-diffusion-download | git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0 |
|
||||
| stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.1 |
|
||||
| stirling-pdf | docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest |
|
||||
| swag | lscr.io/linuxserver/swag:latest |
|
||||
| tandoor | vabene1111/recipes |
|
||||
@@ -183,10 +151,10 @@
|
||||
| unmanic | josh5/unmanic:latest |
|
||||
| uptimekuma | louislam/uptime-kuma:latest |
|
||||
| vault | hashicorp/vault:latest |
|
||||
| wallabag | wallabag/wallabag |
|
||||
| wallos | bellamy/wallos:latest |
|
||||
| watchtower | ghcr.io/containrrr/watchtower:latest |
|
||||
| web-check | lissy93/web-check |
|
||||
| whodb | clidey/whodb |
|
||||
| wizarr | ghcr.io/wizarrrr/wizarr |
|
||||
| youtubedl | nbr23/youtube-dl-server:latest |
|
||||
|
||||
|
||||
@@ -1,337 +0,0 @@
|
||||
settings:
|
||||
log:
|
||||
level: INFO
|
||||
timestamps: true
|
||||
data:
|
||||
database_file: data/argus.db
|
||||
web:
|
||||
listen_host: 0.0.0.0
|
||||
listen_port: 8080
|
||||
route_prefix: /
|
||||
basic_auth:
|
||||
username: 'admin'
|
||||
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ARGUS_WEB_PASSWORD'] }}"
|
||||
disabled_routes: []
|
||||
favicon:
|
||||
png: ''
|
||||
svg: ''
|
||||
notify:
|
||||
rinoa-gotify:
|
||||
type: gotify
|
||||
url_fields:
|
||||
Host: gotify
|
||||
Token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ARGUS_WEB_PASSWORD'] }}
|
||||
params:
|
||||
Title: Argus @ Rinoa
|
||||
service:
|
||||
AdguardTeam/AdGuardHome:
|
||||
latest_version:
|
||||
type: github
|
||||
url: AdguardTeam/AdGuardHome
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://adguard.trez.wtf/control/status"
|
||||
basic_auth:
|
||||
username: admin
|
||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ADGUARD_PASSWORD'] }}
|
||||
json: version
|
||||
regex: v([0-9.]+)
|
||||
dashboard:
|
||||
web_url: "https://github.com/AdguardTeam/AdGuardHome/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://avatars.githubusercontent.com/u/8361145?s=200&v=4"
|
||||
advplyr/audiobookshelf:
|
||||
latest_version:
|
||||
type: github
|
||||
url: advplyr/audiobookshelf
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
method: GET
|
||||
url: "https://abs.trez.wtf/status"
|
||||
json: serverVersion
|
||||
dashboard:
|
||||
icon: "https://raw.githubusercontent.com/advplyr/audiobookshelf/master/client/static/icon.svg"
|
||||
web_url: "https://github.com/advplyr/audiobookshelf/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
||||
dani-garcia/vaultwarden:
|
||||
latest_version:
|
||||
type: github
|
||||
url: dani-garcia/vaultwarden
|
||||
deployed_version:
|
||||
url: "https://bitwarden.trez.wtf/api/version"
|
||||
regex: ([0-9.]+)
|
||||
dashboard:
|
||||
web_url: "https://github.com/dani-garcia/vaultwarden/releases/{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png"
|
||||
ellite/Wallos:
|
||||
latest_version:
|
||||
type: github
|
||||
url: ellite/Wallos
|
||||
deployed_version:
|
||||
method: GET
|
||||
url: http://wallos.com/api/status/version.php?api_key=xxx
|
||||
json: version_number
|
||||
dashboard:
|
||||
icon: "https://github.com/ellite/Wallos/raw/main/images/siteicons/wallos.png"
|
||||
web_url: "https://github.com/ellite/Wallos/releases"
|
||||
FlareSolverr/FlareSolverr:
|
||||
latest_version:
|
||||
type: github
|
||||
url: FlareSolverr/FlareSolverr
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
method: GET
|
||||
url: "https://flaresolverr.trez.wtf"
|
||||
json: version
|
||||
dashboard:
|
||||
icon: "https://raw.githubusercontent.com/FlareSolverr/FlareSolverr/master/resources/flaresolverr_logo.png"
|
||||
web_url: "https://github.com/FlareSolverr/FlareSolverr/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
||||
go-gitea/gitea:
|
||||
latest_version:
|
||||
type: github
|
||||
url: go-gitea/gitea
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
require:
|
||||
regex_content: gitea-{% raw %}{{ version }}{% endraw %}-linux-amd64
|
||||
regex_version: ^[0-9.]+[0-9]$
|
||||
deployed_version:
|
||||
url: "https://git.trez.wtf"
|
||||
regex: 'Powered by Gitea\s+Version:\s+([0-9.]+) '
|
||||
dashboard:
|
||||
web_url: "https://github.com/go-gitea/gitea/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/logo.png"
|
||||
gohugoio/hugo:
|
||||
latest_version:
|
||||
type: github
|
||||
url: gohugoio/hugo
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
require:
|
||||
regex_content: hugo_{% raw %}{{ version }}{% endraw %}_Linux-64bit\.deb
|
||||
dashboard:
|
||||
web_url: "https://github.com/gohugoio/hugo/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://raw.githubusercontent.com/gohugoio/hugo/master/docs/static/img/hugo.png"
|
||||
gotify/server:
|
||||
latest_version:
|
||||
type: github
|
||||
url: gotify/server
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://gotify.trez.wtf/version"
|
||||
json: version
|
||||
dashboard:
|
||||
web_url: "https://github.com/gotify/server/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://github.com/gotify/logo/raw/master/gotify-logo.png"
|
||||
hashicorp/vault:
|
||||
latest_version:
|
||||
type: github
|
||||
url: hashicorp/vault
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://vault.trez.wtf/v1/sys/health"
|
||||
json: version
|
||||
dashboard:
|
||||
web_url: "https://github.com/hashicorp/vault/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://raw.githubusercontent.com/hashicorp/vault/main/ui/public/vault-logo.svg"
|
||||
immich-app/immich:
|
||||
latest_version:
|
||||
type: github
|
||||
url: immich-app/immich
|
||||
deployed_version:
|
||||
url: "https://pics.trez.wtf/api/server/about"
|
||||
json: version
|
||||
regex: ^v([0-9.]+)$
|
||||
headers:
|
||||
- key: x-api-key
|
||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IMMICH_POWER_TOOLS_KEY'] }}
|
||||
dashboard:
|
||||
icon: "https://raw.githubusercontent.com/immich-app/immich/main/web/static/immich-logo.svg"
|
||||
web_url: "https://github.com/immich-app/immich/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
||||
influxdata/influxdb:
|
||||
latest_version:
|
||||
type: github
|
||||
url: influxdata/influxdb
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://influxdb.trez.wtf/health"
|
||||
json: version
|
||||
dashboard:
|
||||
web_url: "https://github.com/influxdata/influxdb/releases/tag/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://github.com/influxdata/ui/raw/master/src/writeData/graphics/influxdb.svg"
|
||||
jellyfin/jellyfin:
|
||||
latest_version:
|
||||
type: github
|
||||
url: jellyfin/jellyfin
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://jellyfin.trez.wtf/System/Info/Public"
|
||||
json: Version
|
||||
dashboard:
|
||||
web_url: "https://github.com/jellyfin/jellyfin/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://avatars.githubusercontent.com/u/45698031?s=200&v=4"
|
||||
Lidarr/Lidarr:
|
||||
options:
|
||||
semantic_versioning: false
|
||||
latest_version:
|
||||
type: github
|
||||
url: Lidarr/Lidarr
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
method: GET
|
||||
url: "https://lidarr.trez.wtf/api/v1/system/status"
|
||||
headers:
|
||||
- key: X-Api-Key
|
||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
|
||||
json: version
|
||||
dashboard:
|
||||
icon: "https://raw.githubusercontent.com/Lidarr/Lidarr/develop/Logo/1024.png"
|
||||
web_url: "https://github.com/Lidarr/Lidarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
louislam/uptime-kuma:
|
||||
latest_version:
|
||||
type: github
|
||||
url: louislam/uptime-kuma
|
||||
deployed_version:
|
||||
url: "https://status.trez.wtf/metrics"
|
||||
regex: app_version{version=\"([0-9.]+)\",major=\"[0-9]+\",minor=\"[0-9]+\",patch=\"[0-9]+\"}
|
||||
dashboard:
|
||||
web_url: "https://github.com/louislam/uptime-kuma/releases/{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://raw.githubusercontent.com/louislam/uptime-kuma/master/public/icon.png"
|
||||
morpheus65535/bazarr:
|
||||
latest_version:
|
||||
type: github
|
||||
url: morpheus65535/bazarr
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://bazarr.trez.wtf/api/system/status"
|
||||
headers:
|
||||
- key: X-API-KEY
|
||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['BAZARR_API_KEY'] }}
|
||||
json: data.bazarr_version
|
||||
dashboard:
|
||||
web_url: "https://github.com/morpheus65535/bazarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://raw.githubusercontent.com/morpheus65535/bazarr/master/frontend/public/images/logo128.png"
|
||||
n8n-io/n8n:
|
||||
latest_version:
|
||||
type: url
|
||||
url: "https://github.com/n8n-io/n8n/tags"
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: n8n\%40([0-9.]+)
|
||||
dashboard:
|
||||
web_url: "https://github.com/n8n-io/n8n/blob/master/CHANGELOG.md"
|
||||
icon: "https://raw.githubusercontent.com/n8n-io/n8n-docs/main/docs/_images/n8n-docs-icon.svg"
|
||||
extcloud/server:
|
||||
latest_version:
|
||||
type: github
|
||||
url: nextcloud/server
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://cloud.trez.wtf/status.php"
|
||||
json: versionstring
|
||||
dashboard:
|
||||
web_url: "https://nextcloud.com/changelog/"
|
||||
icon: "https://github.com/nextcloud/server/raw/master/core/img/favicon.png"
|
||||
Prowlarr/Prowlarr:
|
||||
options:
|
||||
semantic_versioning: false
|
||||
latest_version:
|
||||
type: github
|
||||
url: Prowlarr/Prowlarr
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
use_prerelease: true
|
||||
deployed_version:
|
||||
url: "https://prowlarr.trez.wtf/api/v1/system/status"
|
||||
headers:
|
||||
- key: X-Api-Key
|
||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}
|
||||
json: version
|
||||
dashboard:
|
||||
web_url: "https://github.com/Prowlarr/Prowlarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://avatars.githubusercontent.com/u/73049443?s=200&v=4"
|
||||
Radarr/Radarr:
|
||||
options:
|
||||
semantic_versioning: false
|
||||
latest_version:
|
||||
type: github
|
||||
url: Radarr/Radarr
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
url: "https://radarr.trez.wtf/api/v3/system/status"
|
||||
headers:
|
||||
- key: X-Api-Key
|
||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}
|
||||
json: version
|
||||
dashboard:
|
||||
web_url: "https://github.com/Radarr/Radarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
icon: "https://avatars.githubusercontent.com/u/25025331?s=200&v=4"
|
||||
Readarr/Readarr:
|
||||
options:
|
||||
semantic_versioning: false
|
||||
latest_version:
|
||||
type: github
|
||||
url: Readarr/Readarr
|
||||
use_prerelease: true
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: v([0-9.]+)$
|
||||
deployed_version:
|
||||
method: GET
|
||||
url: "https://readarr.trez.wtf/api/v1/system/status"
|
||||
headers:
|
||||
- key: X-Api-Key
|
||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}
|
||||
json: version
|
||||
dashboard:
|
||||
icon: "https://raw.githubusercontent.com/Readarr/Readarr/develop/Logo/1024.png"
|
||||
web_url: "https://github.com/Readarr/Readarr/releases/v{% raw %}{{ version }}{% endraw %}"
|
||||
Sonarr/Sonarr:
|
||||
options:
|
||||
semantic_versioning: false
|
||||
latest_version:
|
||||
type: url
|
||||
url: "https://github.com/Sonarr/Sonarr/tags"
|
||||
url_commands:
|
||||
- type: regex
|
||||
regex: \/releases\/tag\/v?([0-9.]+)\"
|
||||
deployed_version:
|
||||
url: "https://sonarr.trez.wtf/api/v3/system/status"
|
||||
headers:
|
||||
- key: X-Api-Key
|
||||
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}
|
||||
json: version
|
||||
dashboard:
|
||||
web_url: "https://sonarr.trez.wtf/system/updates"
|
||||
icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png"
|
||||
release-argus/argus:
|
||||
latest_version:
|
||||
type: github
|
||||
url: release-argus/argus
|
||||
dashboard:
|
||||
icon: "https://raw.githubusercontent.com/release-argus/Argus/master/web/ui/react-app/public/favicon.svg"
|
||||
icon_link-to: "https://release-argus.io"
|
||||
web_url: "https://github.com/release-argus/Argus/blob/master/CHANGELOG.md"
|
||||
+1
-10
@@ -102,14 +102,6 @@ access_control:
|
||||
policy: one_factor
|
||||
subject:
|
||||
- ['user:the.trezured.one']
|
||||
- domain: wizarr.trez.wtf
|
||||
resources:
|
||||
- '^/join(/.*)?$'
|
||||
- '^/j(/.*)?$'
|
||||
- '^/static(/.*)?$'
|
||||
- '^/setup(/.*)?$'
|
||||
- '^/wizard(/.*)?$'
|
||||
policy: bypass
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
|
||||
@@ -120,9 +112,8 @@ session:
|
||||
- domain: 'trez.wtf'
|
||||
authelia_url: 'https://auth.trez.wtf'
|
||||
redis:
|
||||
host: authelia-valkey
|
||||
host: redis
|
||||
port: 6379
|
||||
database_index: 0
|
||||
storage:
|
||||
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
|
||||
postgres:
|
||||
@@ -1,65 +0,0 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
source: journalctl
|
||||
journalctl_filter:
|
||||
- "--directory=/var/log/host/"
|
||||
labels:
|
||||
type: syslog
|
||||
---
|
||||
filenames:
|
||||
- /var/log/swag/*
|
||||
labels:
|
||||
type: nginx
|
||||
---
|
||||
filenames:
|
||||
- /var/log/auth/auth.log
|
||||
labels:
|
||||
type: syslog
|
||||
---
|
||||
filenames:
|
||||
- /var/lib/mysql/log/mysql/*
|
||||
- /var/lib/mysql/databases/*.err
|
||||
- /var/lib/mysql/databases/*.log
|
||||
labels:
|
||||
type: mariadb
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- adguard
|
||||
labels:
|
||||
type: adguardhome
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- mongodb
|
||||
labels:
|
||||
type: mongodb
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- immich-server
|
||||
labels:
|
||||
type: immich
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- uptimekuma
|
||||
labels:
|
||||
type: uptime-kuma
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- jellyfin
|
||||
labels:
|
||||
type: jellyfin
|
||||
---
|
||||
source: docker
|
||||
container_name:
|
||||
- navidrome
|
||||
labels:
|
||||
type: navidrome
|
||||
---
|
||||
filenames:
|
||||
- /var/log/audiobookshelf/*.txt
|
||||
labels:
|
||||
type: audiobookshelf
|
||||
@@ -0,0 +1,15 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
|
||||
|
||||
source: journalctl
|
||||
journalctl_filter:
|
||||
- "--directory=/var/log/host/"
|
||||
labels:
|
||||
type: syslog
|
||||
---
|
||||
filenames:
|
||||
- /var/log/swag/*
|
||||
labels:
|
||||
type: nginx
|
||||
---
|
||||
-2
@@ -1,5 +1,3 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
common:
|
||||
daemonize: false
|
||||
log_media: stdout
|
||||
+6
-9
@@ -26,7 +26,7 @@ layout:
|
||||
columns: 4
|
||||
Infrastructure/App Performance Monitoring:
|
||||
style: row
|
||||
columns: 5
|
||||
columns: 3
|
||||
Code/DevOps:
|
||||
style: row
|
||||
columns: 3
|
||||
@@ -35,25 +35,22 @@ layout:
|
||||
columns: 4
|
||||
Lifestyle:
|
||||
style: row
|
||||
columns: 5
|
||||
columns: 3
|
||||
Automation:
|
||||
style: row
|
||||
columns: 5
|
||||
Privacy/Security:
|
||||
style: row
|
||||
columns: 5
|
||||
Personal Tools:
|
||||
Personal/Professional Services:
|
||||
style: row
|
||||
columns: 3
|
||||
Professional Services:
|
||||
style: row
|
||||
columns: 4
|
||||
columns: 5
|
||||
Servarr Stack:
|
||||
style: row
|
||||
columns: 5
|
||||
columns: 3
|
||||
Downloaders:
|
||||
style: row
|
||||
columns: 5
|
||||
columns: 2
|
||||
Media Library:
|
||||
style: row
|
||||
columns: 3
|
||||
@@ -0,0 +1,550 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
|
||||
#=====================================================================#
|
||||
# LibreChat Configuration #
|
||||
#=====================================================================#
|
||||
# Please refer to the reference documentation for assistance #
|
||||
# with configuring your LibreChat environment. #
|
||||
# #
|
||||
# https://www.librechat.ai/docs/configuration/dotenv #
|
||||
#=====================================================================#
|
||||
|
||||
#==================================================#
|
||||
# Server Configuration #
|
||||
#==================================================#
|
||||
|
||||
HOST=localhost
|
||||
PORT=3080
|
||||
|
||||
MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
|
||||
|
||||
DOMAIN_CLIENT=https://ai.trez.wtf
|
||||
DOMAIN_SERVER=https://ai.trez.wtf
|
||||
|
||||
NO_INDEX=true
|
||||
# Use the address that is at most n number of hops away from the Express application.
|
||||
# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left.
|
||||
# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.
|
||||
# Defaulted to 1.
|
||||
TRUST_PROXY=1
|
||||
|
||||
#===============#
|
||||
# JSON Logging #
|
||||
#===============#
|
||||
|
||||
# Use when process console logs in cloud deployment like GCP/AWS
|
||||
CONSOLE_JSON=true
|
||||
|
||||
#===============#
|
||||
# Debug Logging #
|
||||
#===============#
|
||||
|
||||
DEBUG_LOGGING=true
|
||||
DEBUG_CONSOLE=false
|
||||
|
||||
#=============#
|
||||
# Permissions #
|
||||
#=============#
|
||||
|
||||
# UID=1000
|
||||
# GID=1000
|
||||
|
||||
#===============#
|
||||
# Configuration #
|
||||
#===============#
|
||||
# Use an absolute path, a relative path, or a URL
|
||||
|
||||
# CONFIG_PATH="/alternative/path/to/librechat.yaml"
|
||||
|
||||
#===================================================#
|
||||
# Endpoints #
|
||||
#===================================================#
|
||||
|
||||
# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic
|
||||
|
||||
PROXY=
|
||||
|
||||
#===================================#
|
||||
# Known Endpoints - librechat.yaml #
|
||||
#===================================#
|
||||
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints
|
||||
|
||||
# ANYSCALE_API_KEY=
|
||||
# APIPIE_API_KEY=
|
||||
# COHERE_API_KEY=
|
||||
DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }}
|
||||
# DATABRICKS_API_KEY=
|
||||
# FIREWORKS_API_KEY=
|
||||
# GROQ_API_KEY=
|
||||
# HUGGINGFACE_TOKEN=
|
||||
MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }}
|
||||
# OPENROUTER_KEY=
|
||||
# PERPLEXITY_API_KEY=
|
||||
# SHUTTLEAI_API_KEY=
|
||||
# TOGETHERAI_API_KEY=
|
||||
# UNIFY_API_KEY=
|
||||
# XAI_API_KEY=
|
||||
|
||||
#============#
|
||||
# Anthropic #
|
||||
#============#
|
||||
|
||||
ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }}
|
||||
ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
|
||||
# ANTHROPIC_REVERSE_PROXY=
|
||||
|
||||
#============#
|
||||
# Azure #
|
||||
#============#
|
||||
|
||||
# Note: these variables are DEPRECATED
|
||||
# Use the `librechat.yaml` configuration for `azureOpenAI` instead
|
||||
# You may also continue to use them if you opt out of using the `librechat.yaml` configuration
|
||||
|
||||
# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated
|
||||
# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated
|
||||
# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated
|
||||
# AZURE_API_KEY= # Deprecated
|
||||
# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated
|
||||
# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated
|
||||
# AZURE_OPENAI_API_VERSION= # Deprecated
|
||||
# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated
|
||||
# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated
|
||||
# PLUGINS_USE_AZURE="true" # Deprecated
|
||||
|
||||
#=================#
|
||||
# AWS Bedrock #
|
||||
#=================#
|
||||
|
||||
# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
|
||||
# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
|
||||
# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
|
||||
# BEDROCK_AWS_SESSION_TOKEN=someSessionToken
|
||||
|
||||
# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you.
|
||||
# BEDROCK_AWS_MODELS=anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0
|
||||
|
||||
# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns
|
||||
|
||||
# Notes on specific models:
|
||||
# The following models are not support due to not supporting streaming:
|
||||
# ai21.j2-mid-v1
|
||||
|
||||
# The following models are not support due to not supporting conversation history:
|
||||
# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14
|
||||
|
||||
#============#
|
||||
# Google #
|
||||
#============#
|
||||
|
||||
{# GOOGLE_KEY=user_provided #}
|
||||
|
||||
# GOOGLE_REVERSE_PROXY=
|
||||
# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead.
|
||||
# GOOGLE_AUTH_HEADER=true
|
||||
|
||||
# Gemini API (AI Studio)
|
||||
# GOOGLE_MODELS=gemini-2.0-flash-exp,gemini-2.0-flash-thinking-exp-1219,gemini-exp-1121,gemini-exp-1114,gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
|
||||
|
||||
# Vertex AI
|
||||
# GOOGLE_MODELS=gemini-1.5-flash-preview-0514,gemini-1.5-pro-preview-0514,gemini-1.0-pro-vision-001,gemini-1.0-pro-002,gemini-1.0-pro-001,gemini-pro-vision,gemini-1.0-pro
|
||||
|
||||
# GOOGLE_TITLE_MODEL=gemini-pro
|
||||
|
||||
# GOOGLE_LOC=us-central1
|
||||
|
||||
# Google Safety Settings
|
||||
# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
|
||||
#
|
||||
# For Vertex AI:
|
||||
# To use the BLOCK_NONE setting, you need either:
|
||||
# (a) Access through an allowlist via your Google account team, or
|
||||
# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
|
||||
#
|
||||
# For Gemini API (AI Studio):
|
||||
# BLOCK_NONE is available by default, no special account requirements.
|
||||
#
|
||||
# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
|
||||
#
|
||||
# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
|
||||
# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
|
||||
# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
|
||||
# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
|
||||
# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH
|
||||
|
||||
#============#
|
||||
# OpenAI #
|
||||
#============#
|
||||
|
||||
OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }}
|
||||
OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
|
||||
|
||||
DEBUG_OPENAI=false
|
||||
|
||||
# TITLE_CONVO=false
|
||||
# OPENAI_TITLE_MODEL=gpt-4o-mini
|
||||
|
||||
# OPENAI_SUMMARIZE=true
|
||||
# OPENAI_SUMMARY_MODEL=gpt-4o-mini
|
||||
|
||||
# OPENAI_FORCE_PROMPT=true
|
||||
|
||||
# OPENAI_REVERSE_PROXY=
|
||||
|
||||
# OPENAI_ORGANIZATION=
|
||||
|
||||
#====================#
|
||||
# Assistants API #
|
||||
#====================#
|
||||
|
||||
# ASSISTANTS_API_KEY=user_provided
|
||||
# ASSISTANTS_BASE_URL=
|
||||
# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
|
||||
|
||||
#==========================#
|
||||
# Azure Assistants API #
|
||||
#==========================#
|
||||
|
||||
# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration
|
||||
# The models for Azure Assistants are also determined by your Azure OpenAI configuration.
|
||||
|
||||
# More info, including how to enable use of Assistants with Azure here:
|
||||
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure
|
||||
|
||||
#============#
|
||||
# OpenRouter #
|
||||
#============#
|
||||
# !!!Warning: Use the variable above instead of this one. Using this one will override the OpenAI endpoint
|
||||
# OPENROUTER_API_KEY=
|
||||
|
||||
#============#
|
||||
# Plugins #
|
||||
#============#
|
||||
|
||||
# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
|
||||
|
||||
# DEBUG_PLUGINS=
|
||||
|
||||
CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }}
|
||||
CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }}
|
||||
|
||||
# Azure AI Search
|
||||
#-----------------
|
||||
# AZURE_AI_SEARCH_SERVICE_ENDPOINT=
|
||||
# AZURE_AI_SEARCH_INDEX_NAME=
|
||||
# AZURE_AI_SEARCH_API_KEY=
|
||||
|
||||
# AZURE_AI_SEARCH_API_VERSION=
|
||||
# AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
|
||||
# AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
|
||||
# AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
|
||||
|
||||
# DALL·E
|
||||
#----------------
|
||||
# DALLE_API_KEY=
|
||||
# DALLE3_API_KEY=
|
||||
# DALLE2_API_KEY=
|
||||
# DALLE3_SYSTEM_PROMPT=
|
||||
# DALLE2_SYSTEM_PROMPT=
|
||||
# DALLE_REVERSE_PROXY=
|
||||
# DALLE3_BASEURL=
|
||||
# DALLE2_BASEURL=
|
||||
|
||||
# DALL·E (via Azure OpenAI)
|
||||
# Note: requires some of the variables above to be set
|
||||
#----------------
|
||||
# DALLE3_AZURE_API_VERSION=
|
||||
# DALLE2_AZURE_API_VERSION=
|
||||
|
||||
|
||||
# Google
|
||||
#-----------------
|
||||
GOOGLE_SEARCH_API_KEY=
|
||||
GOOGLE_CSE_ID=
|
||||
|
||||
# YOUTUBE
|
||||
#-----------------
|
||||
YOUTUBE_API_KEY=
|
||||
|
||||
# SerpAPI
|
||||
#-----------------
|
||||
SERPAPI_API_KEY=
|
||||
|
||||
# Stable Diffusion
|
||||
#-----------------
|
||||
SD_WEBUI_URL=http://stable-diffusion-webui:7860
|
||||
|
||||
# Tavily
|
||||
#-----------------
|
||||
TAVILY_API_KEY=
|
||||
|
||||
# Traversaal
|
||||
#-----------------
|
||||
TRAVERSAAL_API_KEY=
|
||||
|
||||
# WolframAlpha
|
||||
#-----------------
|
||||
WOLFRAM_APP_ID=
|
||||
|
||||
# Zapier
|
||||
#-----------------
|
||||
ZAPIER_NLA_API_KEY=
|
||||
|
||||
#==================================================#
|
||||
# Search #
|
||||
#==================================================#
|
||||
|
||||
SEARCH=true
|
||||
MEILI_NO_ANALYTICS=true
|
||||
MEILI_HOST=http://meilisearch:7700
|
||||
MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }}
|
||||
|
||||
# Optional: Disable indexing, useful in a multi-node setup
|
||||
# where only one instance should perform an index sync.
|
||||
# MEILI_NO_SYNC=true
|
||||
|
||||
#==================================================#
|
||||
# Speech to Text & Text to Speech #
|
||||
#==================================================#
|
||||
|
||||
STT_API_KEY=
|
||||
TTS_API_KEY=
|
||||
|
||||
#==================================================#
|
||||
# RAG #
|
||||
#==================================================#
|
||||
# More info: https://www.librechat.ai/docs/configuration/rag_api
|
||||
|
||||
# RAG_OPENAI_BASEURL=
|
||||
# RAG_OPENAI_API_KEY=
|
||||
# RAG_USE_FULL_CONTEXT=
|
||||
# EMBEDDINGS_PROVIDER=openai
|
||||
# EMBEDDINGS_MODEL=text-embedding-3-small
|
||||
|
||||
#===================================================#
|
||||
# User System #
|
||||
#===================================================#
|
||||
|
||||
#========================#
|
||||
# Moderation #
|
||||
#========================#
|
||||
|
||||
OPENAI_MODERATION=false
|
||||
OPENAI_MODERATION_API_KEY=
|
||||
# OPENAI_MODERATION_REVERSE_PROXY=
|
||||
|
||||
BAN_VIOLATIONS=true
|
||||
BAN_DURATION=1000 * 60 * 60 * 2
|
||||
BAN_INTERVAL=20
|
||||
|
||||
LOGIN_VIOLATION_SCORE=1
|
||||
REGISTRATION_VIOLATION_SCORE=1
|
||||
CONCURRENT_VIOLATION_SCORE=1
|
||||
MESSAGE_VIOLATION_SCORE=1
|
||||
NON_BROWSER_VIOLATION_SCORE=20
|
||||
|
||||
LOGIN_MAX=7
|
||||
LOGIN_WINDOW=5
|
||||
REGISTER_MAX=5
|
||||
REGISTER_WINDOW=60
|
||||
|
||||
LIMIT_CONCURRENT_MESSAGES=true
|
||||
CONCURRENT_MESSAGE_MAX=2
|
||||
|
||||
LIMIT_MESSAGE_IP=true
|
||||
MESSAGE_IP_MAX=40
|
||||
MESSAGE_IP_WINDOW=1
|
||||
|
||||
LIMIT_MESSAGE_USER=false
|
||||
MESSAGE_USER_MAX=40
|
||||
MESSAGE_USER_WINDOW=1
|
||||
|
||||
ILLEGAL_MODEL_REQ_SCORE=5
|
||||
|
||||
#========================#
|
||||
# Balance #
|
||||
#========================#
|
||||
|
||||
CHECK_BALANCE=false
|
||||
# START_BALANCE=20000 # note: the number of tokens that will be credited after registration.
|
||||
|
||||
#========================#
|
||||
# Registration and Login #
|
||||
#========================#
|
||||
|
||||
ALLOW_EMAIL_LOGIN=true
|
||||
ALLOW_REGISTRATION=true
|
||||
ALLOW_SOCIAL_LOGIN=false
|
||||
ALLOW_SOCIAL_REGISTRATION=false
|
||||
ALLOW_PASSWORD_RESET=false
|
||||
# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out
|
||||
ALLOW_UNVERIFIED_EMAIL_LOGIN=true
|
||||
|
||||
SESSION_EXPIRY=1000 * 60 * 15
|
||||
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
|
||||
|
||||
JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }}
|
||||
JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }}
|
||||
|
||||
|
||||
# Discord
|
||||
DISCORD_CLIENT_ID=
|
||||
DISCORD_CLIENT_SECRET=
|
||||
DISCORD_CALLBACK_URL=/oauth/discord/callback
|
||||
|
||||
# Facebook
|
||||
FACEBOOK_CLIENT_ID=
|
||||
FACEBOOK_CLIENT_SECRET=
|
||||
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
|
||||
|
||||
# GitHub
|
||||
GITHUB_CLIENT_ID=
|
||||
GITHUB_CLIENT_SECRET=
|
||||
GITHUB_CALLBACK_URL=/oauth/github/callback
|
||||
# GitHub Enterprise
|
||||
# GITHUB_ENTERPRISE_BASE_URL=
|
||||
# GITHUB_ENTERPRISE_USER_AGENT=
|
||||
|
||||
# Google
|
||||
GOOGLE_CLIENT_ID=
|
||||
GOOGLE_CLIENT_SECRET=
|
||||
GOOGLE_CALLBACK_URL=/oauth/google/callback
|
||||
|
||||
# Apple
|
||||
APPLE_CLIENT_ID=
|
||||
APPLE_TEAM_ID=
|
||||
APPLE_KEY_ID=
|
||||
APPLE_PRIVATE_KEY_PATH=
|
||||
APPLE_CALLBACK_URL=/oauth/apple/callback
|
||||
|
||||
# OpenID
|
||||
OPENID_CLIENT_ID=
|
||||
OPENID_CLIENT_SECRET=
|
||||
OPENID_ISSUER=
|
||||
OPENID_SESSION_SECRET=
|
||||
OPENID_SCOPE="openid profile email"
|
||||
OPENID_CALLBACK_URL=/oauth/openid/callback
|
||||
OPENID_REQUIRED_ROLE=
|
||||
OPENID_REQUIRED_ROLE_TOKEN_KIND=
|
||||
OPENID_REQUIRED_ROLE_PARAMETER_PATH=
|
||||
# Set to determine which user info property returned from OpenID Provider to store as the User's username
|
||||
OPENID_USERNAME_CLAIM=
|
||||
# Set to determine which user info property returned from OpenID Provider to store as the User's name
|
||||
OPENID_NAME_CLAIM=
|
||||
|
||||
OPENID_BUTTON_LABEL=
|
||||
OPENID_IMAGE_URL=
|
||||
|
||||
# LDAP
|
||||
# LDAP_URL=
|
||||
# LDAP_BIND_DN=
|
||||
# LDAP_BIND_CREDENTIALS=
|
||||
# LDAP_USER_SEARCH_BASE=
|
||||
# LDAP_SEARCH_FILTER=mail=
|
||||
# LDAP_CA_CERT_PATH=
|
||||
# LDAP_TLS_REJECT_UNAUTHORIZED=
|
||||
# LDAP_LOGIN_USES_USERNAME=true
|
||||
# LDAP_ID=
|
||||
# LDAP_USERNAME=
|
||||
# LDAP_EMAIL=
|
||||
# LDAP_FULL_NAME=
|
||||
|
||||
#========================#
|
||||
# Email Password Reset #
|
||||
#========================#
|
||||
|
||||
EMAIL_SERVICE=
|
||||
EMAIL_HOST=postal-smtp
|
||||
EMAIL_PORT=25
|
||||
EMAIL_ENCRYPTION=
|
||||
EMAIL_ENCRYPTION_HOSTNAME=
|
||||
EMAIL_ALLOW_SELFSIGNED=
|
||||
EMAIL_USERNAME=
|
||||
EMAIL_PASSWORD=
|
||||
EMAIL_FROM_NAME=
|
||||
EMAIL_FROM=noreply@librechat.ai
|
||||
|
||||
#========================#
|
||||
# Firebase CDN #
|
||||
#========================#
|
||||
|
||||
# FIREBASE_API_KEY=
|
||||
# FIREBASE_AUTH_DOMAIN=
|
||||
# FIREBASE_PROJECT_ID=
|
||||
# FIREBASE_STORAGE_BUCKET=
|
||||
# FIREBASE_MESSAGING_SENDER_ID=
|
||||
# FIREBASE_APP_ID=
|
||||
|
||||
#========================#
|
||||
# Shared Links #
|
||||
#========================#
|
||||
|
||||
ALLOW_SHARED_LINKS=true
|
||||
ALLOW_SHARED_LINKS_PUBLIC=true
|
||||
|
||||
#==============================#
|
||||
# Static File Cache Control #
|
||||
#==============================#
|
||||
|
||||
# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
|
||||
# NODE_ENV must be set to production for these to take effect
|
||||
# STATIC_CACHE_MAX_AGE=172800
|
||||
# STATIC_CACHE_S_MAX_AGE=86400
|
||||
|
||||
# If you have another service in front of your LibreChat doing compression, disable express based compression here
|
||||
# DISABLE_COMPRESSION=true
|
||||
|
||||
#===================================================#
|
||||
# UI #
|
||||
#===================================================#
|
||||
|
||||
APP_TITLE=LibreChat
|
||||
# CUSTOM_FOOTER="My custom footer"
|
||||
HELP_AND_FAQ_URL=https://librechat.ai
|
||||
|
||||
# SHOW_BIRTHDAY_ICON=true
|
||||
|
||||
# Google tag manager id
|
||||
#ANALYTICS_GTM_ID=user provided google tag manager id
|
||||
|
||||
#===============#
|
||||
# REDIS Options #
|
||||
#===============#
|
||||
|
||||
REDIS_URI=redis:6379
|
||||
USE_REDIS=true
|
||||
|
||||
# USE_REDIS_CLUSTER=true
|
||||
# REDIS_CA=/path/to/ca.crt
|
||||
|
||||
#==================================================#
|
||||
# Others #
|
||||
#==================================================#
|
||||
# You should leave the following commented out #
|
||||
|
||||
# NODE_ENV=
|
||||
|
||||
# E2E_USER_EMAIL=
|
||||
# E2E_USER_PASSWORD=
|
||||
|
||||
#=====================================================#
|
||||
# Cache Headers #
|
||||
#=====================================================#
|
||||
# Headers that control caching of the index.html #
|
||||
# Default configuration prevents caching to ensure #
|
||||
# users always get the latest version. Customize #
|
||||
# only if you understand caching implications. #
|
||||
|
||||
# INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate
|
||||
# INDEX_HTML_PRAGMA=no-cache
|
||||
# INDEX_HTML_EXPIRES=0
|
||||
|
||||
# no-cache: Forces validation with server before using cached version
|
||||
# no-store: Prevents storing the response entirely
|
||||
# must-revalidate: Prevents using stale content when offline
|
||||
|
||||
#=====================================================#
|
||||
# OpenWeather #
|
||||
#=====================================================#
|
||||
OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
|
||||
+11
-11
@@ -1,26 +1,26 @@
|
||||
version: 1.2.8
|
||||
version: 1.0.0
|
||||
endpoints:
|
||||
custom:
|
||||
- name: "rinoa-ollama"
|
||||
- name: "ollama"
|
||||
apiKey: "ollama"
|
||||
baseURL: "http://ollama:11434/v1/chat/completions"
|
||||
models:
|
||||
default: [
|
||||
"codellama:7b",
|
||||
"deepseek-coder-v2:16b",
|
||||
"deepseek-r1:1.5b",
|
||||
"deepseek-coder-v2:16b",
|
||||
"deepseek-v3:671b",
|
||||
"dolphin-mistral:7b",
|
||||
"llama2:7b",
|
||||
"llama3.3:70b",
|
||||
"mistral-openorca:7b"
|
||||
"mistral:7b",
|
||||
"orca-mini:3b",
|
||||
"phi4:14b",
|
||||
"qwen2.5",
|
||||
"smollm2:1.7b",
|
||||
"starcoder2:3b",
|
||||
"llama2:7b",
|
||||
"mistral:7b",
|
||||
"codellama:7b",
|
||||
"tinyllama:1.1b",
|
||||
"starcoder2:3b",
|
||||
"dolphin-mistral:7b",
|
||||
"smollm2:1.7b",
|
||||
"orca-mini:3b",
|
||||
"mistral-openorca:7b"
|
||||
]
|
||||
# fetching list of models is supported but the `name` field must start
|
||||
# with `ollama` (case-insensitive), as it does in this example.
|
||||
-4
@@ -13,10 +13,6 @@ containers:
|
||||
invidious:
|
||||
keywords:
|
||||
- regex: 'Error reading.*Connection reset by peer trying to reconnect...'
|
||||
scrutiny:
|
||||
action_keywords:
|
||||
- restart:
|
||||
regex: s6.*fatal
|
||||
global_keywords:
|
||||
keywords:
|
||||
- panic
|
||||
+1
-1
@@ -100,7 +100,7 @@ server:
|
||||
redis:
|
||||
# URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}.
|
||||
# https://docs.searxng.org/admin/settings/settings_redis.html#settings-redis
|
||||
url: redis://searxng-valkey:6379/0
|
||||
url: redis://redis:6379/0
|
||||
|
||||
ui:
|
||||
# Custom static path - leave it blank if you didn't change
|
||||
@@ -1,106 +0,0 @@
|
||||
receivers:
|
||||
httplogreceiver/json:
|
||||
endpoint: 0.0.0.0:8082
|
||||
source: json
|
||||
otlp:
|
||||
protocols:
|
||||
grpc:
|
||||
endpoint: 0.0.0.0:4317
|
||||
http:
|
||||
endpoint: 0.0.0.0:4318
|
||||
prometheus:
|
||||
config:
|
||||
global:
|
||||
scrape_interval: 60s
|
||||
scrape_configs:
|
||||
- job_name: otel-collector
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost:8888
|
||||
labels:
|
||||
job_name: otel-collector
|
||||
processors:
|
||||
batch:
|
||||
send_batch_size: 10000
|
||||
send_batch_max_size: 11000
|
||||
timeout: 10s
|
||||
resourcedetection:
|
||||
# Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
|
||||
detectors: [env, system]
|
||||
timeout: 2s
|
||||
signozspanmetrics/delta:
|
||||
metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
|
||||
metrics_flush_interval: 60s
|
||||
latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
|
||||
dimensions_cache_size: 100000
|
||||
aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
|
||||
enable_exp_histogram: true
|
||||
dimensions:
|
||||
- name: service.namespace
|
||||
default: default
|
||||
- name: deployment.environment
|
||||
default: default
|
||||
# This is added to ensure the uniqueness of the timeseries
|
||||
# Otherwise, identical timeseries produced by multiple replicas of
|
||||
# collectors result in incorrect APM metrics
|
||||
- name: signoz.collector.id
|
||||
- name: service.version
|
||||
- name: browser.platform
|
||||
- name: browser.mobile
|
||||
- name: k8s.cluster.name
|
||||
- name: k8s.node.name
|
||||
- name: k8s.namespace.name
|
||||
- name: host.name
|
||||
- name: host.type
|
||||
- name: container.name
|
||||
extensions:
|
||||
health_check:
|
||||
endpoint: 0.0.0.0:13133
|
||||
pprof:
|
||||
endpoint: 0.0.0.0:1777
|
||||
exporters:
|
||||
clickhousetraces:
|
||||
datasource: tcp://clickhouse:9000/signoz_traces
|
||||
low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
|
||||
use_new_schema: true
|
||||
clickhousemetricswrite:
|
||||
endpoint: tcp://clickhouse:9000/signoz_metrics
|
||||
disable_v2: true
|
||||
resource_to_telemetry_conversion:
|
||||
enabled: true
|
||||
clickhousemetricswrite/prometheus:
|
||||
endpoint: tcp://clickhouse:9000/signoz_metrics
|
||||
disable_v2: true
|
||||
signozclickhousemetrics:
|
||||
dsn: tcp://clickhouse:9000/signoz_metrics
|
||||
clickhouselogsexporter:
|
||||
dsn: tcp://clickhouse:9000/signoz_logs
|
||||
timeout: 10s
|
||||
use_new_schema: true
|
||||
# debug: {}
|
||||
service:
|
||||
telemetry:
|
||||
logs:
|
||||
encoding: json
|
||||
metrics:
|
||||
address: 0.0.0.0:8888
|
||||
extensions:
|
||||
- health_check
|
||||
- pprof
|
||||
pipelines:
|
||||
traces:
|
||||
receivers: [otlp]
|
||||
processors: [signozspanmetrics/delta, batch]
|
||||
exporters: [clickhousetraces]
|
||||
metrics:
|
||||
receivers: [otlp]
|
||||
processors: [batch]
|
||||
exporters: [clickhousemetricswrite, signozclickhousemetrics]
|
||||
metrics/prometheus:
|
||||
receivers: [prometheus]
|
||||
processors: [batch]
|
||||
exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
|
||||
logs:
|
||||
receivers: [otlp, tcplog/docker, httplogreceiver/json]
|
||||
processors: [batch]
|
||||
exporters: [clickhouselogsexporter]
|
||||
@@ -1 +0,0 @@
|
||||
server_endpoint: ws://signoz-app:4320/v1/opamp
|
||||
@@ -0,0 +1 @@
|
||||
server_endpoint: ws://signoz:4320/v1/opamp
|
||||
@@ -0,0 +1 @@
|
||||
server_endpoint: ws://signoz:4320/v1/opamp
|
||||
@@ -2,33 +2,19 @@
|
||||
- name: Deploy Docker Service Configurations
|
||||
hosts: rinoa
|
||||
vars:
|
||||
template_base_path: "{{ playbook_dir }}/app-configs"
|
||||
appdata_base_path: "~/.docker/config/appdata"
|
||||
|
||||
tasks:
|
||||
- name: Find all Jinja2 templates
|
||||
ansible.builtin.find:
|
||||
paths: "{{ template_base_path }}"
|
||||
patterns: "*.j2"
|
||||
recurse: yes
|
||||
register: jinja_templates
|
||||
delegate_to: localhost
|
||||
run_once: true
|
||||
|
||||
- name: Ensure target directories exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + template_base_path + '/', '') | regex_replace('\\.j2$', '') | dirname }}"
|
||||
path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
loop: "{{ jinja_templates.files }}"
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
||||
|
||||
- name: Render and deploy templates
|
||||
- name: Deploy configuration templates
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.path }}"
|
||||
dest: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + template_base_path + '/', '') | regex_replace('\\.j2$', '') }}"
|
||||
src: "{{ item }}"
|
||||
dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
|
||||
mode: '0644'
|
||||
loop: "{{ jinja_templates.files }}"
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
|
||||
|
||||
+325
-1079
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user