Compare commits

..

1 Commits

Author SHA1 Message Date
Trez.One cc9c76d958 chore: Update README 2025-06-11 22:43:57 +00:00
83 changed files with 1020 additions and 1784 deletions
@@ -6,7 +6,6 @@ on:
- 'main'
paths:
- '**.j2'
- '**/pr-ansible-config-deployment.yaml'
- 'ansible/**.yml'
jobs:
check-and-create-pr:
@@ -42,7 +41,7 @@ jobs:
continue-on-error: true
run: |
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[ANSIBLE\].*${{ github.ref_name }}' | tail -1 | wc -l)
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
- name: Create PR
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -50,7 +49,7 @@ jobs:
tea login default gitea-rinoa
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
pr_index_new=$(expr ${pr_index_old} + 1)
tea pr c -r ${{ github.repository }} -t "[ANSIBLE] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Ansible Configs.j2"
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
@@ -58,8 +57,8 @@ jobs:
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: PR Check'
notification_message: 'PR Created 🎟️'
ansible-dry-run:
name: Ansible Dry Run
ansible-linting:
name: Docker Compose & Ansible Lints
needs: [check-and-create-pr]
runs-on: ubuntu-latest
env:
@@ -69,6 +68,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Fetch base branch
run: |
git fetch origin ${{ github.event.pull_request.base.ref }}
- name: Cache Ansible Galaxy Collections
uses: actions/cache@v3
with:
@@ -79,12 +81,11 @@ jobs:
- name: Install Ansible
uses: alex-oleshkevich/setup-ansible@v1.0.1
with:
version: "11.4.0"
version: "11.0.0"
- name: Install Vault
uses: cpanato/vault-installer@main
- name: Install hvac
run: |
pip install hvac
run: pip install hvac
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
@@ -93,26 +94,26 @@ jobs:
notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
notification_message: 'Starting Ansible dry run...'
- name: Ansible Playbook Dry Run
uses: dawidd6/action-ansible-playbook@v3
uses: arillso/action.playbook@0.1.0
with:
directory: ansible/
playbook: docker_config_deploy.yml
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
check: true
galaxy_collections_path: ansible/collections
galaxy_requirements_file: ansible/collections/requirements.yml
inventory: ansible/inventory/hosts.yml
playbook: ansible/docker_config_deploy.yml
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
requirements: collections/requirements.yml
options: |
--check
--inventory inventory/hosts.yml
verbose: 0
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Ansible Dry Run @ Rinoa'
notification_message: 'Ansible dry run completed successfully.'
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
notification_message: 'Docker Compose dry run completed successfully.'
pr-merge:
name: PR Merge
needs: [ansible-dry-run]
needs: [regenerate-readme-modified-services]
runs-on: ubuntu-latest
steps:
- name: Checkout
@@ -152,10 +153,6 @@ jobs:
uses: actions/checkout@v4
with:
ref: main
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.12
- name: Cache Vault install
id: cache-vault
uses: actions/cache@v4
@@ -165,12 +162,11 @@ jobs:
- name: Install Ansible
uses: alex-oleshkevich/setup-ansible@v1.0.1
with:
version: "11.4.0"
version: "11.0.0"
- name: Install Vault
uses: cpanato/vault-installer@main
- name: Install hvac
run: |
pip install hvac
run: pip install hvac
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
@@ -179,15 +175,15 @@ jobs:
notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
notification_message: 'Starting config deployment with Ansible...'
- name: Ansible Playbook Config Deploy
uses: dawidd6/action-ansible-playbook@v3
uses: arillso/action.playbook@0.1.0
with:
directory: ansible/
playbook: docker_config_deploy.yml
key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
check: false
galaxy_collections_path: ansible/collections
galaxy_requirements_file: ansible/collections/requirements.yml
inventory: ansible/inventory/hosts.yml
playbook: ansible/docker_config_deploy.yml
private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
requirements: collections/requirements.yml
options: |
--inventory inventory/hosts.yml
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
@@ -42,7 +42,7 @@ jobs:
continue-on-error: true
run: |
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l)
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
- name: Create PR
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -50,7 +50,7 @@ jobs:
tea login default gitea-rinoa
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
pr_index_new=$(expr ${pr_index_old} + 1)
tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
@@ -58,25 +58,26 @@ jobs:
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: PR Check'
notification_message: 'PR Created 🎟️'
generate-service-list:
name: Generate list of added/modified/deleted services
runs-on: ubuntu-latest
docker-compose-dry-run:
name: Docker Compose Dry Run
needs: [check-and-create-pr]
runs-on: ubuntu-latest
env:
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
VAULT_NAMESPACE: ""
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
outputs:
svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
svc_deploy_list: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Fetch base branch
run: |
git fetch origin ${{ github.event.pull_request.base.ref }}
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Services TBD'
notification_message: 'Generating list of services to deploy...'
- name: Login to Gitea Container Registry
run: |
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
- name: Save both versions of docker-compose.yml
run: |
git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
@@ -106,29 +107,8 @@ jobs:
echo "Detected service changes:"
cat service_changes.txt
mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq)
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
echo "$mod_svcs" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
- name: Testing service list output
run: |
echo -e "${{ steps.detect_services.outputs.docker_svc_list }}"
docker-compose-dry-run:
name: Docker Compose Dry Run
needs: [generate-service-list]
runs-on: ubuntu-latest
env:
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
VAULT_NAMESPACE: ""
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Gitea Container Registry
run: |
docker login -u gitea-sonarqube-bot -p ${RINOA_REGISTRY_PASSWORD} git.trez.wtf
svc_list=$(paste -sd '|' service_changes.txt)
echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
- name: Install Vault
uses: cpanato/vault-installer@main
- name: Gotify Notification
@@ -138,20 +118,37 @@ jobs:
gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
notification_message: 'Starting Docker Compose dry run...'
- name: Generate .env file for Docker Compose
- name: Cache .env Files
uses: actions/cache@v4
with:
path: .env
key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
- name: Generate modified services list & .env file for Docker Compose Dry Run
id: modded_svcs
run: |
mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
echo ${mod_svcs}
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
echo ${DOCKER_SVC_LIST}
echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
- name: Testing service list output
run: |
echo ${{ steps.modded_svcs.outputs.rinoa_svcs }}
- name: Docker Compose Dry Run
uses: hoverkraft-tech/compose-action@v2.2.0
timeout-minutes: 360
continue-on-error: true
uses: chaplyk/docker-compose-remote-action@v1.1
with:
ssh_host: 192.168.1.254
ssh_port: 22
ssh_user: gitea-deploy
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
service: ${{ steps.modded_svcs.outputs.rinoa_svcs }}
compose_file: docker-compose.yml
pull: false
build: false
options: -d --remove-orphans
env:
DOCKER_HOST: tcp://dockerproxy:2375
with:
services: |
${{ needs.generate-service-list.outputs.svc_deploy_list }}
up-flags: -d --remove-orphans --dry-run
down-flags: --dry-run
compose-flags: --dry-run
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
@@ -161,7 +158,7 @@ jobs:
notification_message: 'Docker Compose dry run completed successfully.'
cloudflare-dns-setup:
name: Cloudflare DNS Setup
needs: [docker-compose-dry-run]
needs: [docker-compose-ansible-lints]
runs-on: ubuntu-latest
steps:
- name: Checkout
@@ -302,13 +299,13 @@ jobs:
docker-compose-deploy:
name: Docker Compose Deployment
runs-on: ubuntu-latest
needs: [generate-service-list, docker-compose-dry-run, pr-merge]
needs: [docker-compose-dry-run, pr-merge]
env:
VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
DOCKER_HOST: tcp://dockerproxy:2375
RINOA_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
DOCKER_SVC_LIST: ${{ needs.docker-compose-dry-run.outputs.svc_deploy_list }}
steps:
- name: Checkout
uses: actions/checkout@v4
@@ -320,6 +317,10 @@ jobs:
with:
path: /opt/hostedtoolcache/vault/1.18.0/x64
key: vault-${{ runner.os }}-1.18.0
- name: Install Ansible
uses: alex-oleshkevich/setup-ansible@v1.0.1
with:
version: "11.0.0"
- name: Install Vault
uses: cpanato/vault-installer@main
- name: Login to Gitea Container Registry
@@ -335,22 +336,22 @@ jobs:
- name: Generate .env file for deployment
run: |
vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
echo ${DOCKER_SVC_LIST}
- name: Docker Compose Deployment
uses: hoverkraft-tech/compose-action@v2.2.0
- name: Docker Compose Dry Run
timeout-minutes: 360
continue-on-error: true
uses: chaplyk/docker-compose-remote-action@v1.1
env:
DOCKER_HOST: tcp://dockerproxy:2375
with:
services: |
${{ needs.generate-service-list.outputs.svc_deploy_list }}
up-flags: -d --remove-orphans
down-flags: --dry-run
- name: Check Services' Healthiness
uses: thegabriele97/dockercompose-health-action@main
with:
filename: 'docker-compose.yml'
timeout: '60'
workdir: '.'
ssh_host: 192.168.1.254
ssh_port: 22
ssh_user: gitea-deploy
ssh_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
service: ${DOCKER_SVC_LIST}
compose_file: docker-compose.yml
pull: false
build: false
options: -d --remove-orphans
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
+1 -2
View File
@@ -1,8 +1,7 @@
name: Auto-Unseal for Vault
on:
workflow_dispatch:
schedule:
- cron: "0 5 * * *"
- cron: "30 2 * * *"
jobs:
auto-unseal:
name: Unseal Vault
+11 -43
View File
@@ -8,11 +8,9 @@
| adguard | adguard/adguardhome:latest |
| apprise-api | lscr.io/linuxserver/apprise-api:latest |
| archivebox | archivebox/archivebox:latest |
| argus | quay.io/argus-io/argus:latest |
| audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
| authelia | authelia/authelia:master |
| authelia-pg | postgres:16-alpine |
| authelia-valkey | docker.io/bitnami/valkey:latest |
| bazarr | lscr.io/linuxserver/bazarr:latest |
| beszel | henrygd/beszel:latest |
| beszel-agent | henrygd/beszel-agent:latest |
@@ -21,8 +19,6 @@
| browserless | ghcr.io/browserless/chromium:latest |
| bytestash | ghcr.io/jordan-dalby/bytestash:latest |
| castopod | castopod/castopod:latest |
| castopod-valkey | docker.io/bitnami/valkey:latest |
| chrome | gcr.io/zenika-hub/alpine-chrome:123 |
| cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
| convertx | ghcr.io/c4illin/convertx |
| cronicle | elestio/cronicle:latest |
@@ -33,7 +29,6 @@
| dawarich-app | freikin/dawarich:latest |
| dawarich-pg-db | postgis/postgis:17-3.5-alpine |
| dawarich-sidekiq | freikin/dawarich:latest |
| dawarich-valkey | docker.io/bitnami/valkey:latest |
| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
| dockflare | alplat/dockflare:stable |
@@ -60,7 +55,6 @@
| immich-pg-db | tensorchord/pgvecto-rs:pg14-v0.2.1 |
| immich-public-proxy | alangrainger/immich-public-proxy:latest |
| immich-power-tools | ghcr.io/varun-raj/immich-power-tools:latest |
| immich-valkey | docker.io/bitnami/valkey:latest |
| influxdb2 | influxdb:2-alpine |
| invidious | quay.io/invidious/invidious:latest |
| invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
@@ -78,12 +72,10 @@
| jitsi-web | jitsi/web:stable |
| joplin-db | postgres:17-alpine |
| joplin | joplin/server:latest |
| karakeep | ghcr.io/karakeep-app/karakeep:release |
| languagetool | elestio/languagetool:latest |
| librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
| librechat-valkey | docker.io/bitnami/valkey:latest |
| librechat-vectordb | ankane/pgvector:latest |
| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
| libretranslate | libretranslate/libretranslate |
| lidarr | lscr.io/linuxserver/lidarr:latest |
| lidify | thewicklowwolf/lidify:latest |
@@ -92,22 +84,15 @@
| loggifly | ghcr.io/clemcer/loggifly:latest |
| maloja | krateng/maloja:latest |
| manyfold | lscr.io/linuxserver/manyfold:latest |
| manyfold-valkey | docker.io/bitnami/valkey:latest |
| mariadb | linuxserver/mariadb |
| mastodon | lscr.io/linuxserver/mastodon:latest |
| mastodon-pg-db | postgres:17-alpine |
| mastodon-valkey | docker.io/bitnami/valkey:latest |
| maxun-backend | getmaxun/maxun-backend:latest |
| maxun-frontend | getmaxun/maxun-frontend:latest |
| maxun-pg-db | postgres:13-alpine |
| maxun-valkey | docker.io/bitnami/valkey:latest |
| meilisearch | getmeili/meilisearch:v1.15 |
| meme-search-pro | ghcr.io/neonwatty/meme_search_pro:latest |
| meme-search-pro-img2txt-gen | ghcr.io/neonwatty/image_to_text_generator:latest |
| meme-search-db | pgvector/pgvector:pg17 |
| meilisearch | getmeili/meilisearch:v1.12.3 |
| minio | minio/minio:RELEASE.2025-04-22T22-12-26Z |
| mixpost | inovector/mixpost:latest |
| mixpost-valkey | docker.io/bitnami/valkey:latest |
| mongodb | bitnami/mongodb:7.0 |
| multi-scrobbler | foxxmd/multi-scrobbler |
| n8n | docker.n8n.io/n8nio/n8n |
@@ -119,18 +104,8 @@
| omni-tools | iib0011/omni-tools:latest |
| omnipoly | kweg/omnipoly:latest |
| paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
| paperless-valkey | docker.io/bitnami/valkey:latest |
| penpot-frontend | penpotapp/frontend:latest |
| penpot-backend | penpotapp/backend:latest |
| penpot-exporter | penpotapp/exporter:latest |
| penpot-pg-db | postgres:15-alpine |
| penpot-redis | redis:7.2 |
| pgbackweb | eduardolat/pgbackweb:latest |
| pgbackweb-db | postgres:16-alpine |
| planka | ghcr.io/plankanban/planka:2.0.0-rc.3 |
| planka-pg-db | postgres:16-alpine |
| plant-it | msdeluise/plant-it-server:latest |
| plant-it-valkey | docker.io/bitnami/valkey:latest |
| plantuml-server | plantuml/plantuml-server:jetty |
| portainer | portainer/portainer-ce:alpine |
| portnote-web | haedlessdev/portnote:latest |
@@ -140,42 +115,35 @@
| postal-web | ghcr.io/postalserver/postal:latest |
| postal-worker | ghcr.io/postalserver/postal:latest |
| prowlarr | lscr.io/linuxserver/prowlarr:latest |
| qbit-manage | ghcr.io/stuffanthings/qbit_manage:latest |
| qbittorrentvpn | ghcr.io/binhex/arch-qbittorrentvpn:latest |
| radarec | thewicklowwolf/radarec:latest |
| radarr | lscr.io/linuxserver/radarr:latest |
| reactive-resume | amruthpillai/reactive-resume:latest |
| reactive-resume-pg | postgres:16-alpine |
| readarr | lscr.io/linuxserver/readarr:develop |
| redis | redis:alpine |
| redlib | quay.io/redlib/redlib:latest |
| rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
| romm | rommapp/romm:latest |
| romm-valkey | docker.io/bitnami/valkey:latest |
| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
| sablier | sablierapp/sablier:latest |
| scraparr | ghcr.io/thecfu/scraparr:latest |
| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
| searxng | searxng/searxng:latest |
| searxng-valkey | docker.io/bitnami/valkey:latest |
| semaphore | semaphoreui/semaphore:v2.12.14 |
| signoz-app | signoz/signoz:v0.86.2 |
| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
| signoz-init-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
| signoz-logspout | pavanputhra/logspout-signoz |
| signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
| signoz-zookeeper-1 | bitnami/zookeeper:3.7.1 |
| signoz-clickhouse | clickhouse/clickhouse-server:24.1.2-alpine |
| signoz-app | signoz/signoz:v0.86.2 |
| signoz-otel-collector | signoz/signoz-otel-collector:v0.111.42 |
| signoz-schema-migrator-sync | signoz/signoz-schema-migrator:v0.111.42 |
| signoz-schema-migrator-async | signoz/signoz-schema-migrator:v0.111.42 |
| sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
| sonarqube-pg-db | postgres:17-alpine |
| sonarr | lscr.io/linuxserver/sonarr:latest |
| sonashow | thewicklowwolf/sonashow:latest |
| soularr | mrusse08/soularr:latest |
| soularr-dashboard | git.trez.wtf/trez.one/soularr-dashboard:v0.1 |
| soulseek | slskd/slskd |
| speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
| stable-diffusion-download | git./trez.one/stable-diffusion-download:v9.0.0 |
| stable-diffusion-webui | git./trez.one/stable-diffusion-ui:v9.0.1 |
| stable-diffusion-download | git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0 |
| stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.1 |
| stirling-pdf | docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest |
| swag | lscr.io/linuxserver/swag:latest |
| tandoor | vabene1111/recipes |
@@ -183,10 +151,10 @@
| unmanic | josh5/unmanic:latest |
| uptimekuma | louislam/uptime-kuma:latest |
| vault | hashicorp/vault:latest |
| wallabag | wallabag/wallabag |
| wallos | bellamy/wallos:latest |
| watchtower | ghcr.io/containrrr/watchtower:latest |
| web-check | lissy93/web-check |
| whodb | clidey/whodb |
| wizarr | ghcr.io/wizarrrr/wizarr |
| youtubedl | nbr23/youtube-dl-server:latest |
-337
View File
@@ -1,337 +0,0 @@
settings:
log:
level: INFO
timestamps: true
data:
database_file: data/argus.db
web:
listen_host: 0.0.0.0
listen_port: 8080
route_prefix: /
basic_auth:
username: 'admin'
password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ARGUS_WEB_PASSWORD'] }}"
disabled_routes: []
favicon:
png: ''
svg: ''
notify:
rinoa-gotify:
type: gotify
url_fields:
Host: gotify
Token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ARGUS_WEB_PASSWORD'] }}
params:
Title: Argus @ Rinoa
service:
AdguardTeam/AdGuardHome:
latest_version:
type: github
url: AdguardTeam/AdGuardHome
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://adguard.trez.wtf/control/status"
basic_auth:
username: admin
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ADGUARD_PASSWORD'] }}
json: version
regex: v([0-9.]+)
dashboard:
web_url: "https://github.com/AdguardTeam/AdGuardHome/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://avatars.githubusercontent.com/u/8361145?s=200&v=4"
advplyr/audiobookshelf:
latest_version:
type: github
url: advplyr/audiobookshelf
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
method: GET
url: "https://abs.trez.wtf/status"
json: serverVersion
dashboard:
icon: "https://raw.githubusercontent.com/advplyr/audiobookshelf/master/client/static/icon.svg"
web_url: "https://github.com/advplyr/audiobookshelf/releases/tag/v{% raw %}{{ version }}{% endraw %}"
dani-garcia/vaultwarden:
latest_version:
type: github
url: dani-garcia/vaultwarden
deployed_version:
url: "https://bitwarden.trez.wtf/api/version"
regex: ([0-9.]+)
dashboard:
web_url: "https://github.com/dani-garcia/vaultwarden/releases/{% raw %}{{ version }}{% endraw %}"
icon: "https://raw.githubusercontent.com/dani-garcia/vaultwarden/main/src/static/images/vaultwarden-icon.png"
ellite/Wallos:
latest_version:
type: github
url: ellite/Wallos
deployed_version:
method: GET
url: http://wallos.com/api/status/version.php?api_key=xxx
json: version_number
dashboard:
icon: "https://github.com/ellite/Wallos/raw/main/images/siteicons/wallos.png"
web_url: "https://github.com/ellite/Wallos/releases"
FlareSolverr/FlareSolverr:
latest_version:
type: github
url: FlareSolverr/FlareSolverr
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
method: GET
url: "https://flaresolverr.trez.wtf"
json: version
dashboard:
icon: "https://raw.githubusercontent.com/FlareSolverr/FlareSolverr/master/resources/flaresolverr_logo.png"
web_url: "https://github.com/FlareSolverr/FlareSolverr/releases/tag/v{% raw %}{{ version }}{% endraw %}"
go-gitea/gitea:
latest_version:
type: github
url: go-gitea/gitea
url_commands:
- type: regex
regex: v([0-9.]+)$
require:
regex_content: gitea-{% raw %}{{ version }}{% endraw %}-linux-amd64
regex_version: ^[0-9.]+[0-9]$
deployed_version:
url: "https://git.trez.wtf"
regex: 'Powered by Gitea\s+Version:\s+([0-9.]+) '
dashboard:
web_url: "https://github.com/go-gitea/gitea/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/logo.png"
gohugoio/hugo:
latest_version:
type: github
url: gohugoio/hugo
url_commands:
- type: regex
regex: v([0-9.]+)$
require:
regex_content: hugo_{% raw %}{{ version }}{% endraw %}_Linux-64bit\.deb
dashboard:
web_url: "https://github.com/gohugoio/hugo/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://raw.githubusercontent.com/gohugoio/hugo/master/docs/static/img/hugo.png"
gotify/server:
latest_version:
type: github
url: gotify/server
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://gotify.trez.wtf/version"
json: version
dashboard:
web_url: "https://github.com/gotify/server/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://github.com/gotify/logo/raw/master/gotify-logo.png"
hashicorp/vault:
latest_version:
type: github
url: hashicorp/vault
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://vault.trez.wtf/v1/sys/health"
json: version
dashboard:
web_url: "https://github.com/hashicorp/vault/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://raw.githubusercontent.com/hashicorp/vault/main/ui/public/vault-logo.svg"
immich-app/immich:
latest_version:
type: github
url: immich-app/immich
deployed_version:
url: "https://pics.trez.wtf/api/server/about"
json: version
regex: ^v([0-9.]+)$
headers:
- key: x-api-key
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IMMICH_POWER_TOOLS_KEY'] }}
dashboard:
icon: "https://raw.githubusercontent.com/immich-app/immich/main/web/static/immich-logo.svg"
web_url: "https://github.com/immich-app/immich/releases/tag/v{% raw %}{{ version }}{% endraw %}"
influxdata/influxdb:
latest_version:
type: github
url: influxdata/influxdb
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://influxdb.trez.wtf/health"
json: version
dashboard:
web_url: "https://github.com/influxdata/influxdb/releases/tag/v{% raw %}{{ version }}{% endraw %}"
icon: "https://github.com/influxdata/ui/raw/master/src/writeData/graphics/influxdb.svg"
jellyfin/jellyfin:
latest_version:
type: github
url: jellyfin/jellyfin
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://jellyfin.trez.wtf/System/Info/Public"
json: Version
dashboard:
web_url: "https://github.com/jellyfin/jellyfin/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://avatars.githubusercontent.com/u/45698031?s=200&v=4"
Lidarr/Lidarr:
options:
semantic_versioning: false
latest_version:
type: github
url: Lidarr/Lidarr
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
method: GET
url: "https://lidarr.trez.wtf/api/v1/system/status"
headers:
- key: X-Api-Key
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
json: version
dashboard:
icon: "https://raw.githubusercontent.com/Lidarr/Lidarr/develop/Logo/1024.png"
web_url: "https://github.com/Lidarr/Lidarr/releases/v{% raw %}{{ version }}{% endraw %}"
louislam/uptime-kuma:
latest_version:
type: github
url: louislam/uptime-kuma
deployed_version:
url: "https://status.trez.wtf/metrics"
regex: app_version{version=\"([0-9.]+)\",major=\"[0-9]+\",minor=\"[0-9]+\",patch=\"[0-9]+\"}
dashboard:
web_url: "https://github.com/louislam/uptime-kuma/releases/{% raw %}{{ version }}{% endraw %}"
icon: "https://raw.githubusercontent.com/louislam/uptime-kuma/master/public/icon.png"
morpheus65535/bazarr:
latest_version:
type: github
url: morpheus65535/bazarr
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://bazarr.trez.wtf/api/system/status"
headers:
- key: X-API-KEY
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['BAZARR_API_KEY'] }}
json: data.bazarr_version
dashboard:
web_url: "https://github.com/morpheus65535/bazarr/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://raw.githubusercontent.com/morpheus65535/bazarr/master/frontend/public/images/logo128.png"
n8n-io/n8n:
latest_version:
type: url
url: "https://github.com/n8n-io/n8n/tags"
url_commands:
- type: regex
regex: n8n\%40([0-9.]+)
dashboard:
web_url: "https://github.com/n8n-io/n8n/blob/master/CHANGELOG.md"
icon: "https://raw.githubusercontent.com/n8n-io/n8n-docs/main/docs/_images/n8n-docs-icon.svg"
extcloud/server:
latest_version:
type: github
url: nextcloud/server
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://cloud.trez.wtf/status.php"
json: versionstring
dashboard:
web_url: "https://nextcloud.com/changelog/"
icon: "https://github.com/nextcloud/server/raw/master/core/img/favicon.png"
Prowlarr/Prowlarr:
options:
semantic_versioning: false
latest_version:
type: github
url: Prowlarr/Prowlarr
url_commands:
- type: regex
regex: v([0-9.]+)$
use_prerelease: true
deployed_version:
url: "https://prowlarr.trez.wtf/api/v1/system/status"
headers:
- key: X-Api-Key
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}
json: version
dashboard:
web_url: "https://github.com/Prowlarr/Prowlarr/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://avatars.githubusercontent.com/u/73049443?s=200&v=4"
Radarr/Radarr:
options:
semantic_versioning: false
latest_version:
type: github
url: Radarr/Radarr
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
url: "https://radarr.trez.wtf/api/v3/system/status"
headers:
- key: X-Api-Key
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}
json: version
dashboard:
web_url: "https://github.com/Radarr/Radarr/releases/v{% raw %}{{ version }}{% endraw %}"
icon: "https://avatars.githubusercontent.com/u/25025331?s=200&v=4"
Readarr/Readarr:
options:
semantic_versioning: false
latest_version:
type: github
url: Readarr/Readarr
use_prerelease: true
url_commands:
- type: regex
regex: v([0-9.]+)$
deployed_version:
method: GET
url: "https://readarr.trez.wtf/api/v1/system/status"
headers:
- key: X-Api-Key
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}
json: version
dashboard:
icon: "https://raw.githubusercontent.com/Readarr/Readarr/develop/Logo/1024.png"
web_url: "https://github.com/Readarr/Readarr/releases/v{% raw %}{{ version }}{% endraw %}"
Sonarr/Sonarr:
options:
semantic_versioning: false
latest_version:
type: url
url: "https://github.com/Sonarr/Sonarr/tags"
url_commands:
- type: regex
regex: \/releases\/tag\/v?([0-9.]+)\"
deployed_version:
url: "https://sonarr.trez.wtf/api/v3/system/status"
headers:
- key: X-Api-Key
value: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}
json: version
dashboard:
web_url: "https://sonarr.trez.wtf/system/updates"
icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png"
release-argus/argus:
latest_version:
type: github
url: release-argus/argus
dashboard:
icon: "https://raw.githubusercontent.com/release-argus/Argus/master/web/ui/react-app/public/favicon.svg"
icon_link-to: "https://release-argus.io"
web_url: "https://github.com/release-argus/Argus/blob/master/CHANGELOG.md"
@@ -102,14 +102,6 @@ access_control:
policy: one_factor
subject:
- ['user:the.trezured.one']
- domain: wizarr.trez.wtf
resources:
- '^/join(/.*)?$'
- '^/j(/.*)?$'
- '^/static(/.*)?$'
- '^/setup(/.*)?$'
- '^/wizard(/.*)?$'
policy: bypass
session:
name: authelia_session
secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
@@ -120,9 +112,8 @@ session:
- domain: 'trez.wtf'
authelia_url: 'https://auth.trez.wtf'
redis:
host: authelia-valkey
host: redis
port: 6379
database_index: 0
storage:
encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
postgres:
@@ -1,65 +0,0 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
source: journalctl
journalctl_filter:
- "--directory=/var/log/host/"
labels:
type: syslog
---
filenames:
- /var/log/swag/*
labels:
type: nginx
---
filenames:
- /var/log/auth/auth.log
labels:
type: syslog
---
filenames:
- /var/lib/mysql/log/mysql/*
- /var/lib/mysql/databases/*.err
- /var/lib/mysql/databases/*.log
labels:
type: mariadb
---
source: docker
container_name:
- adguard
labels:
type: adguardhome
---
source: docker
container_name:
- mongodb
labels:
type: mongodb
---
source: docker
container_name:
- immich-server
labels:
type: immich
---
source: docker
container_name:
- uptimekuma
labels:
type: uptime-kuma
---
source: docker
container_name:
- jellyfin
labels:
type: jellyfin
---
source: docker
container_name:
- navidrome
labels:
type: navidrome
---
filenames:
- /var/log/audiobookshelf/*.txt
labels:
type: audiobookshelf
@@ -0,0 +1,15 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
source: journalctl
journalctl_filter:
- "--directory=/var/log/host/"
labels:
type: syslog
---
filenames:
- /var/log/swag/*
labels:
type: nginx
---
@@ -1,5 +1,3 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
common:
daemonize: false
log_media: stdout
@@ -26,7 +26,7 @@ layout:
columns: 4
Infrastructure/App Performance Monitoring:
style: row
columns: 5
columns: 3
Code/DevOps:
style: row
columns: 3
@@ -35,25 +35,22 @@ layout:
columns: 4
Lifestyle:
style: row
columns: 5
columns: 3
Automation:
style: row
columns: 5
Privacy/Security:
style: row
columns: 5
Personal Tools:
Personal/Professional Services:
style: row
columns: 3
Professional Services:
style: row
columns: 4
columns: 5
Servarr Stack:
style: row
columns: 5
columns: 3
Downloaders:
style: row
columns: 5
columns: 2
Media Library:
style: row
columns: 3
@@ -0,0 +1,550 @@
{% set vault_addr = 'https://vault.trez.wtf' %}
{% set secrets_path = 'rinoa-docker/env' %}
#=====================================================================#
# LibreChat Configuration #
#=====================================================================#
# Please refer to the reference documentation for assistance #
# with configuring your LibreChat environment. #
# #
# https://www.librechat.ai/docs/configuration/dotenv #
#=====================================================================#
#==================================================#
# Server Configuration #
#==================================================#
HOST=localhost
PORT=3080
MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
DOMAIN_CLIENT=https://ai.trez.wtf
DOMAIN_SERVER=https://ai.trez.wtf
NO_INDEX=true
# Use the address that is at most n number of hops away from the Express application.
# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left.
# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.
# Defaulted to 1.
TRUST_PROXY=1
#===============#
# JSON Logging #
#===============#
# Use when process console logs in cloud deployment like GCP/AWS
CONSOLE_JSON=true
#===============#
# Debug Logging #
#===============#
DEBUG_LOGGING=true
DEBUG_CONSOLE=false
#=============#
# Permissions #
#=============#
# UID=1000
# GID=1000
#===============#
# Configuration #
#===============#
# Use an absolute path, a relative path, or a URL
# CONFIG_PATH="/alternative/path/to/librechat.yaml"
#===================================================#
# Endpoints #
#===================================================#
# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic
PROXY=
#===================================#
# Known Endpoints - librechat.yaml #
#===================================#
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints
# ANYSCALE_API_KEY=
# APIPIE_API_KEY=
# COHERE_API_KEY=
DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }}
# DATABRICKS_API_KEY=
# FIREWORKS_API_KEY=
# GROQ_API_KEY=
# HUGGINGFACE_TOKEN=
MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }}
# OPENROUTER_KEY=
# PERPLEXITY_API_KEY=
# SHUTTLEAI_API_KEY=
# TOGETHERAI_API_KEY=
# UNIFY_API_KEY=
# XAI_API_KEY=
#============#
# Anthropic #
#============#
ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }}
ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
# ANTHROPIC_REVERSE_PROXY=
#============#
# Azure #
#============#
# Note: these variables are DEPRECATED
# Use the `librechat.yaml` configuration for `azureOpenAI` instead
# You may also continue to use them if you opt out of using the `librechat.yaml` configuration
# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated
# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated
# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated
# AZURE_API_KEY= # Deprecated
# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated
# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated
# AZURE_OPENAI_API_VERSION= # Deprecated
# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated
# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated
# PLUGINS_USE_AZURE="true" # Deprecated
#=================#
# AWS Bedrock #
#=================#
# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
# BEDROCK_AWS_SESSION_TOKEN=someSessionToken
# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you.
# BEDROCK_AWS_MODELS=anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0
# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns
# Notes on specific models:
# The following models are not support due to not supporting streaming:
# ai21.j2-mid-v1
# The following models are not support due to not supporting conversation history:
# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14
#============#
# Google #
#============#
{# GOOGLE_KEY=user_provided #}
# GOOGLE_REVERSE_PROXY=
# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead.
# GOOGLE_AUTH_HEADER=true
# Gemini API (AI Studio)
# GOOGLE_MODELS=gemini-2.0-flash-exp,gemini-2.0-flash-thinking-exp-1219,gemini-exp-1121,gemini-exp-1114,gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
# Vertex AI
# GOOGLE_MODELS=gemini-1.5-flash-preview-0514,gemini-1.5-pro-preview-0514,gemini-1.0-pro-vision-001,gemini-1.0-pro-002,gemini-1.0-pro-001,gemini-pro-vision,gemini-1.0-pro
# GOOGLE_TITLE_MODEL=gemini-pro
# GOOGLE_LOC=us-central1
# Google Safety Settings
# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
#
# For Vertex AI:
# To use the BLOCK_NONE setting, you need either:
# (a) Access through an allowlist via your Google account team, or
# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
#
# For Gemini API (AI Studio):
# BLOCK_NONE is available by default, no special account requirements.
#
# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
#
# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH
#============#
# OpenAI #
#============#
OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }}
OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
DEBUG_OPENAI=false
# TITLE_CONVO=false
# OPENAI_TITLE_MODEL=gpt-4o-mini
# OPENAI_SUMMARIZE=true
# OPENAI_SUMMARY_MODEL=gpt-4o-mini
# OPENAI_FORCE_PROMPT=true
# OPENAI_REVERSE_PROXY=
# OPENAI_ORGANIZATION=
#====================#
# Assistants API #
#====================#
# ASSISTANTS_API_KEY=user_provided
# ASSISTANTS_BASE_URL=
# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
#==========================#
# Azure Assistants API #
#==========================#
# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration
# The models for Azure Assistants are also determined by your Azure OpenAI configuration.
# More info, including how to enable use of Assistants with Azure here:
# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure
#============#
# OpenRouter #
#============#
# !!!Warning: Use the variable above instead of this one. Using this one will override the OpenAI endpoint
# OPENROUTER_API_KEY=
#============#
# Plugins #
#============#
# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
# DEBUG_PLUGINS=
CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }}
CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }}
# Azure AI Search
#-----------------
# AZURE_AI_SEARCH_SERVICE_ENDPOINT=
# AZURE_AI_SEARCH_INDEX_NAME=
# AZURE_AI_SEARCH_API_KEY=
# AZURE_AI_SEARCH_API_VERSION=
# AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
# AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
# AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
# DALL·E
#----------------
# DALLE_API_KEY=
# DALLE3_API_KEY=
# DALLE2_API_KEY=
# DALLE3_SYSTEM_PROMPT=
# DALLE2_SYSTEM_PROMPT=
# DALLE_REVERSE_PROXY=
# DALLE3_BASEURL=
# DALLE2_BASEURL=
# DALL·E (via Azure OpenAI)
# Note: requires some of the variables above to be set
#----------------
# DALLE3_AZURE_API_VERSION=
# DALLE2_AZURE_API_VERSION=
# Google
#-----------------
GOOGLE_SEARCH_API_KEY=
GOOGLE_CSE_ID=
# YOUTUBE
#-----------------
YOUTUBE_API_KEY=
# SerpAPI
#-----------------
SERPAPI_API_KEY=
# Stable Diffusion
#-----------------
SD_WEBUI_URL=http://stable-diffusion-webui:7860
# Tavily
#-----------------
TAVILY_API_KEY=
# Traversaal
#-----------------
TRAVERSAAL_API_KEY=
# WolframAlpha
#-----------------
WOLFRAM_APP_ID=
# Zapier
#-----------------
ZAPIER_NLA_API_KEY=
#==================================================#
# Search #
#==================================================#
SEARCH=true
MEILI_NO_ANALYTICS=true
MEILI_HOST=http://meilisearch:7700
MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }}
# Optional: Disable indexing, useful in a multi-node setup
# where only one instance should perform an index sync.
# MEILI_NO_SYNC=true
#==================================================#
# Speech to Text & Text to Speech #
#==================================================#
STT_API_KEY=
TTS_API_KEY=
#==================================================#
# RAG #
#==================================================#
# More info: https://www.librechat.ai/docs/configuration/rag_api
# RAG_OPENAI_BASEURL=
# RAG_OPENAI_API_KEY=
# RAG_USE_FULL_CONTEXT=
# EMBEDDINGS_PROVIDER=openai
# EMBEDDINGS_MODEL=text-embedding-3-small
#===================================================#
# User System #
#===================================================#
#========================#
# Moderation #
#========================#
OPENAI_MODERATION=false
OPENAI_MODERATION_API_KEY=
# OPENAI_MODERATION_REVERSE_PROXY=
BAN_VIOLATIONS=true
BAN_DURATION=1000 * 60 * 60 * 2
BAN_INTERVAL=20
LOGIN_VIOLATION_SCORE=1
REGISTRATION_VIOLATION_SCORE=1
CONCURRENT_VIOLATION_SCORE=1
MESSAGE_VIOLATION_SCORE=1
NON_BROWSER_VIOLATION_SCORE=20
LOGIN_MAX=7
LOGIN_WINDOW=5
REGISTER_MAX=5
REGISTER_WINDOW=60
LIMIT_CONCURRENT_MESSAGES=true
CONCURRENT_MESSAGE_MAX=2
LIMIT_MESSAGE_IP=true
MESSAGE_IP_MAX=40
MESSAGE_IP_WINDOW=1
LIMIT_MESSAGE_USER=false
MESSAGE_USER_MAX=40
MESSAGE_USER_WINDOW=1
ILLEGAL_MODEL_REQ_SCORE=5
#========================#
# Balance #
#========================#
CHECK_BALANCE=false
# START_BALANCE=20000 # note: the number of tokens that will be credited after registration.
#========================#
# Registration and Login #
#========================#
ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATION=true
ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATION=false
ALLOW_PASSWORD_RESET=false
# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out
ALLOW_UNVERIFIED_EMAIL_LOGIN=true
SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }}
JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }}
# Discord
DISCORD_CLIENT_ID=
DISCORD_CLIENT_SECRET=
DISCORD_CALLBACK_URL=/oauth/discord/callback
# Facebook
FACEBOOK_CLIENT_ID=
FACEBOOK_CLIENT_SECRET=
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
# GitHub
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_CALLBACK_URL=/oauth/github/callback
# GitHub Enterprise
# GITHUB_ENTERPRISE_BASE_URL=
# GITHUB_ENTERPRISE_USER_AGENT=
# Google
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_CALLBACK_URL=/oauth/google/callback
# Apple
APPLE_CLIENT_ID=
APPLE_TEAM_ID=
APPLE_KEY_ID=
APPLE_PRIVATE_KEY_PATH=
APPLE_CALLBACK_URL=/oauth/apple/callback
# OpenID
OPENID_CLIENT_ID=
OPENID_CLIENT_SECRET=
OPENID_ISSUER=
OPENID_SESSION_SECRET=
OPENID_SCOPE="openid profile email"
OPENID_CALLBACK_URL=/oauth/openid/callback
OPENID_REQUIRED_ROLE=
OPENID_REQUIRED_ROLE_TOKEN_KIND=
OPENID_REQUIRED_ROLE_PARAMETER_PATH=
# Set to determine which user info property returned from OpenID Provider to store as the User's username
OPENID_USERNAME_CLAIM=
# Set to determine which user info property returned from OpenID Provider to store as the User's name
OPENID_NAME_CLAIM=
OPENID_BUTTON_LABEL=
OPENID_IMAGE_URL=
# LDAP
# LDAP_URL=
# LDAP_BIND_DN=
# LDAP_BIND_CREDENTIALS=
# LDAP_USER_SEARCH_BASE=
# LDAP_SEARCH_FILTER=mail=
# LDAP_CA_CERT_PATH=
# LDAP_TLS_REJECT_UNAUTHORIZED=
# LDAP_LOGIN_USES_USERNAME=true
# LDAP_ID=
# LDAP_USERNAME=
# LDAP_EMAIL=
# LDAP_FULL_NAME=
#========================#
# Email Password Reset #
#========================#
EMAIL_SERVICE=
EMAIL_HOST=postal-smtp
EMAIL_PORT=25
EMAIL_ENCRYPTION=
EMAIL_ENCRYPTION_HOSTNAME=
EMAIL_ALLOW_SELFSIGNED=
EMAIL_USERNAME=
EMAIL_PASSWORD=
EMAIL_FROM_NAME=
EMAIL_FROM=noreply@librechat.ai
#========================#
# Firebase CDN #
#========================#
# FIREBASE_API_KEY=
# FIREBASE_AUTH_DOMAIN=
# FIREBASE_PROJECT_ID=
# FIREBASE_STORAGE_BUCKET=
# FIREBASE_MESSAGING_SENDER_ID=
# FIREBASE_APP_ID=
#========================#
# Shared Links #
#========================#
ALLOW_SHARED_LINKS=true
ALLOW_SHARED_LINKS_PUBLIC=true
#==============================#
# Static File Cache Control #
#==============================#
# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
# NODE_ENV must be set to production for these to take effect
# STATIC_CACHE_MAX_AGE=172800
# STATIC_CACHE_S_MAX_AGE=86400
# If you have another service in front of your LibreChat doing compression, disable express based compression here
# DISABLE_COMPRESSION=true
#===================================================#
# UI #
#===================================================#
APP_TITLE=LibreChat
# CUSTOM_FOOTER="My custom footer"
HELP_AND_FAQ_URL=https://librechat.ai
# SHOW_BIRTHDAY_ICON=true
# Google tag manager id
#ANALYTICS_GTM_ID=user provided google tag manager id
#===============#
# REDIS Options #
#===============#
REDIS_URI=redis:6379
USE_REDIS=true
# USE_REDIS_CLUSTER=true
# REDIS_CA=/path/to/ca.crt
#==================================================#
# Others #
#==================================================#
# You should leave the following commented out #
# NODE_ENV=
# E2E_USER_EMAIL=
# E2E_USER_PASSWORD=
#=====================================================#
# Cache Headers #
#=====================================================#
# Headers that control caching of the index.html #
# Default configuration prevents caching to ensure #
# users always get the latest version. Customize #
# only if you understand caching implications. #
# INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate
# INDEX_HTML_PRAGMA=no-cache
# INDEX_HTML_EXPIRES=0
# no-cache: Forces validation with server before using cached version
# no-store: Prevents storing the response entirely
# must-revalidate: Prevents using stale content when offline
#=====================================================#
# OpenWeather #
#=====================================================#
OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
@@ -1,26 +1,26 @@
version: 1.2.8
version: 1.0.0
endpoints:
custom:
- name: "rinoa-ollama"
- name: "ollama"
apiKey: "ollama"
baseURL: "http://ollama:11434/v1/chat/completions"
models:
default: [
"codellama:7b",
"deepseek-coder-v2:16b",
"deepseek-r1:1.5b",
"deepseek-coder-v2:16b",
"deepseek-v3:671b",
"dolphin-mistral:7b",
"llama2:7b",
"llama3.3:70b",
"mistral-openorca:7b"
"mistral:7b",
"orca-mini:3b",
"phi4:14b",
"qwen2.5",
"smollm2:1.7b",
"starcoder2:3b",
"llama2:7b",
"mistral:7b",
"codellama:7b",
"tinyllama:1.1b",
"starcoder2:3b",
"dolphin-mistral:7b",
"smollm2:1.7b",
"orca-mini:3b",
"mistral-openorca:7b"
]
# fetching list of models is supported but the `name` field must start
# with `ollama` (case-insensitive), as it does in this example.
@@ -13,10 +13,6 @@ containers:
invidious:
keywords:
- regex: 'Error reading.*Connection reset by peer trying to reconnect...'
scrutiny:
action_keywords:
- restart:
regex: s6.*fatal
global_keywords:
keywords:
- panic
@@ -100,7 +100,7 @@ server:
redis:
# URL to connect redis database. Is overwritten by ${SEARXNG_REDIS_URL}.
# https://docs.searxng.org/admin/settings/settings_redis.html#settings-redis
url: redis://searxng-valkey:6379/0
url: redis://redis:6379/0
ui:
# Custom static path - leave it blank if you didn't change
@@ -1,106 +0,0 @@
receivers:
httplogreceiver/json:
endpoint: 0.0.0.0:8082
source: json
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
prometheus:
config:
global:
scrape_interval: 60s
scrape_configs:
- job_name: otel-collector
static_configs:
- targets:
- localhost:8888
labels:
job_name: otel-collector
processors:
batch:
send_batch_size: 10000
send_batch_max_size: 11000
timeout: 10s
resourcedetection:
# Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
detectors: [env, system]
timeout: 2s
signozspanmetrics/delta:
metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
metrics_flush_interval: 60s
latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
dimensions_cache_size: 100000
aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
enable_exp_histogram: true
dimensions:
- name: service.namespace
default: default
- name: deployment.environment
default: default
# This is added to ensure the uniqueness of the timeseries
# Otherwise, identical timeseries produced by multiple replicas of
# collectors result in incorrect APM metrics
- name: signoz.collector.id
- name: service.version
- name: browser.platform
- name: browser.mobile
- name: k8s.cluster.name
- name: k8s.node.name
- name: k8s.namespace.name
- name: host.name
- name: host.type
- name: container.name
extensions:
health_check:
endpoint: 0.0.0.0:13133
pprof:
endpoint: 0.0.0.0:1777
exporters:
clickhousetraces:
datasource: tcp://clickhouse:9000/signoz_traces
low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
use_new_schema: true
clickhousemetricswrite:
endpoint: tcp://clickhouse:9000/signoz_metrics
disable_v2: true
resource_to_telemetry_conversion:
enabled: true
clickhousemetricswrite/prometheus:
endpoint: tcp://clickhouse:9000/signoz_metrics
disable_v2: true
signozclickhousemetrics:
dsn: tcp://clickhouse:9000/signoz_metrics
clickhouselogsexporter:
dsn: tcp://clickhouse:9000/signoz_logs
timeout: 10s
use_new_schema: true
# debug: {}
service:
telemetry:
logs:
encoding: json
metrics:
address: 0.0.0.0:8888
extensions:
- health_check
- pprof
pipelines:
traces:
receivers: [otlp]
processors: [signozspanmetrics/delta, batch]
exporters: [clickhousetraces]
metrics:
receivers: [otlp]
processors: [batch]
exporters: [clickhousemetricswrite, signozclickhousemetrics]
metrics/prometheus:
receivers: [prometheus]
processors: [batch]
exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
logs:
receivers: [otlp, tcplog/docker, httplogreceiver/json]
processors: [batch]
exporters: [clickhouselogsexporter]
@@ -1 +0,0 @@
server_endpoint: ws://signoz-app:4320/v1/opamp
@@ -0,0 +1 @@
server_endpoint: ws://signoz:4320/v1/opamp
@@ -0,0 +1 @@
server_endpoint: ws://signoz:4320/v1/opamp
+6 -20
View File
@@ -2,33 +2,19 @@
- name: Deploy Docker Service Configurations
hosts: rinoa
vars:
template_base_path: "{{ playbook_dir }}/app-configs"
appdata_base_path: "~/.docker/config/appdata"
tasks:
- name: Find all Jinja2 templates
ansible.builtin.find:
paths: "{{ template_base_path }}"
patterns: "*.j2"
recurse: yes
register: jinja_templates
delegate_to: localhost
run_once: true
- name: Ensure target directories exist
ansible.builtin.file:
path: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + template_base_path + '/', '') | regex_replace('\\.j2$', '') | dirname }}"
path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
state: directory
mode: '0755'
loop: "{{ jinja_templates.files }}"
loop_control:
label: "{{ item.path }}"
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
- name: Render and deploy templates
- name: Deploy configuration templates
ansible.builtin.template:
src: "{{ item.path }}"
dest: "{{ appdata_base_path }}/{{ item.path | regex_replace('^' + template_base_path + '/', '') | regex_replace('\\.j2$', '') }}"
src: "{{ item }}"
dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
mode: '0644'
loop: "{{ jinja_templates.files }}"
loop_control:
label: "{{ item.path }}"
loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
+325 -1079
View File
File diff suppressed because it is too large Load Diff