Updating HC Vault token in Ansible.

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -311,6 +311,12 @@ jobs:
           version: "11.0.0"
       - name: Install Vault
         uses: cpanato/vault-installer@main
+      - name: Login to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.trez.wtf
+          username: gitea-sonarqube-bot
+          password: ${{ secrets.BOT_GITEA_TOKEN }}
       - name: Install hvac
         run: pip install hvac
       - name: Gotify Notification

.gitea/workflows/vault-auto-unseal-flow.yml

@@ -0,0 +1,28 @@
+name: Auto-Unseal for Vault
+on:
+  schedule:
+    - cron: "30 2 * * *"
+jobs:
+  auto-unseal:
+    name: Unseal Vault
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_SHARDS: |
+        ${{ secrets.VAULT_UNSEAL_SHARDS }}
+      VAULT_NAMESPACE: ""
+    steps:
+      - name: Cache Vault install
+        id: cache-vault
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/vault/1.18.0/x64
+          key: vault-${{ runner.os }}-1.18.0
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Unseal Vault
+        run: |
+          for vault_shard in $(cat ${VAULT_SHARDS}); do
+            vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
+          done

README.md

@@ -63,13 +63,6 @@
 | invidious-db | docker.io/library/postgres:14 |
 | it-tools | ghcr.io/corentinth/it-tools:latest |
 | jellyfin | jellyfin/jellyfin |
-| jitsi-etherpad | etherpad/etherpad:1.8.6 |
-| jitsi-jibri | jitsi/jibri:stable |
-| jitsi-jicofo | jitsi/jicofo:stable |
-| jitsi-jigasi | jitsi/jigasi:stable |
-| jitsi-jvb | jitsi/jvb:stable |
-| jitsi-prosody | jitsi/prosody:stable |
-| jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
 | librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
@@ -88,6 +81,7 @@
 | mastodon-pg-db | postgres:17-alpine |
 | meilisearch | getmeili/meilisearch:v1.12.3 |
 | minio | minio/minio |
+| mirotalk | mirotalk/p2p:latest |
 | mixpost | inovector/mixpost:latest |
 | mongodb | bitnami/mongodb:7.0 |
 | multi-scrobbler | foxxmd/multi-scrobbler |

ansible/app-configs/loggifly_config.yaml.j2

@@ -1,8 +1,15 @@
-containers:
+containers
+  ghost_blog:
+    action_keywords:
+      - restart:
+          regex: '^Connection Error: Error: read ECONNRESET$'
   immich-server:
     action_keywords:
       - restart:
           regex: 'ADVICE:.*error'
+  invidious:
+    keywords:
+      - regex: 'Error reading.*Connection reset by peer trying to reconnect...'
 global_keywords:
   keywords:
     - panic

ansible/app-configs/mirotalk_src_config.js.j2

@@ -0,0 +1,159 @@
+'use strict';
+
+const packageJson = require('../../package.json');
+
+module.exports = {
+    // Branding and customizations require a license: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
+    brand: {
+        app: {
+            language: 'en', // https://en.wikipedia.org/wiki/List_of_ISO_639_language_codes
+            name: 'MiroTalk',
+            title: '<h1>MiroTalk</h1/>Free browser based Real-time video calls.<br />Simple, Secure, Fast.',
+            description:
+                'Start your next video call with a single click. No download, plug-in, or login is required. Just get straight to talking, messaging, and sharing your screen.',
+            joinDescription: 'Pick a room name.<br />How about this one?',
+            joinButtonLabel: 'JOIN ROOM',
+            joinLastLabel: 'Your recent room:',
+        },
+        og: {
+            type: 'app-webrtc',
+            siteName: 'MiroTalk',
+            title: 'Click the link to make a call.',
+            description:
+                'MiroTalk calling provides real-time HD quality and latency simply not available with traditional technology.',
+            image: 'https://p2p.mirotalk.com/images/preview.png',
+            url: 'https://p2p.mirotalk.com',
+        },
+        site: {
+            shortcutIcon: '../images/logo.svg',
+            appleTouchIcon: '../images/logo.svg',
+            landingTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
+            newCallTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
+            newCallRoomTitle: 'Pick name. <br />Share URL. <br />Start conference.',
+            newCallRoomDescription:
+                "Each room has its disposable URL. Just pick a room name and share your custom URL. It's that easy.",
+            loginTitle: 'MiroTalk - Host Protected login required.',
+            clientTitle: 'MiroTalk WebRTC Video call, Chat Room & Screen Sharing.',
+            privacyPolicyTitle: 'MiroTalk - privacy and policy.',
+            stunTurnTitle: 'Test Stun/Turn Servers.',
+            notFoundTitle: 'MiroTalk - 404 Page not found.',
+        },
+        html: {
+            features: true,
+            browsers: true,
+            teams: true, // please keep me always true ;)
+            tryEasier: true,
+            poweredBy: true,
+            sponsors: true,
+            advertisers: true,
+            footer: true,
+        },
+        about: {
+            imageUrl: '../images/mirotalk-logo.gif',
+            title: `WebRTC P2P v${packageJson.version}`,
+            html: `
+                <button
+                    id="support-button"
+                    data-umami-event="Support button"
+                    onclick="window.open('https://codecanyon.net/user/miroslavpejic85')">
+                    <i class="fas fa-heart" ></i>&nbsp;Support
+                </button>
+                <br /><br /><br />
+                Author:<a
+                    id="linkedin-button"
+                    data-umami-event="Linkedin button"
+                    href="https://www.linkedin.com/in/miroslav-pejic-976a07101/" target="_blank">
+                    Miroslav Pejic
+                </a>
+                <br /><br />
+                Email:<a
+                    id="email-button"
+                    data-umami-event="Email button"
+                    href="mailto:miroslav.pejic.85@gmail.com?subject=MiroTalk P2P info">
+                    miroslav.pejic.85@gmail.com
+                </a>
+                <br /><br />
+                <hr />
+                <span>&copy; 2025 MiroTalk P2P, all rights reserved</span>
+                <hr />
+            `,
+        },
+        //...
+    },
+    /**
+     * Configuration for controlling the visibility of buttons in the MiroTalk P2P client.
+     * Set properties to true to show the corresponding buttons, or false to hide them.
+     * captionBtn, showSwapCameraBtn, showScreenShareBtn, showFullScreenBtn, showVideoPipBtn, showDocumentPipBtn -> (auto-detected).
+     */
+    buttons: {
+        main: {
+            showShareQr: true,
+            showShareRoomBtn: true, // For guests
+            showHideMeBtn: true,
+            showAudioBtn: true,
+            showVideoBtn: true,
+            showScreenBtn: true, // autodetected
+            showRecordStreamBtn: true,
+            showChatRoomBtn: true,
+            showCaptionRoomBtn: true,
+            showRoomEmojiPickerBtn: true,
+            showMyHandBtn: true,
+            showWhiteboardBtn: true,
+            showSnapshotRoomBtn: true,
+            showFileShareBtn: true,
+            showDocumentPipBtn: true,
+            showMySettingsBtn: true,
+            showAboutBtn: true, // Please keep me always true, Thank you!
+        },
+        chat: {
+            showTogglePinBtn: true,
+            showMaxBtn: true,
+            showSaveMessageBtn: true,
+            showMarkDownBtn: true,
+            showChatGPTBtn: true,
+            showFileShareBtn: true,
+            showShareVideoAudioBtn: true,
+            showParticipantsBtn: true,
+        },
+        caption: {
+            showTogglePinBtn: true,
+            showMaxBtn: true,
+        },
+        settings: {
+            showMicOptionsBtn: true,
+            showTabRoomPeerName: true,
+            showTabRoomParticipants: true,
+            showTabRoomSecurity: true,
+            showTabEmailInvitation: true,
+            showCaptionEveryoneBtn: true,
+            showMuteEveryoneBtn: true,
+            showHideEveryoneBtn: true,
+            showEjectEveryoneBtn: true,
+            showLockRoomBtn: true,
+            showUnlockRoomBtn: true,
+            showShortcutsBtn: true,
+        },
+        remote: {
+            showAudioVolume: true,
+            audioBtnClickAllowed: true,
+            videoBtnClickAllowed: true,
+            showVideoPipBtn: true,
+            showKickOutBtn: true,
+            showSnapShotBtn: true,
+            showFileShareBtn: true,
+            showShareVideoAudioBtn: true,
+            showPrivateMessageBtn: true,
+            showZoomInOutBtn: false,
+            showVideoFocusBtn: true,
+        },
+        local: {
+            showVideoPipBtn: true,
+            showSnapShotBtn: true,
+            showVideoCircleBtn: true,
+            showZoomInOutBtn: false,
+        },
+        whiteboard: {
+            whiteboardLockBtn: false,
+        },
+    },
+};

ansible/app-configs/multi-scrobbler_config.json.j2

@@ -75,7 +75,7 @@
     },
     {
       "type": "listenbrainz",
-      "name": ";istenBrainzClient",
+      "name": "ListenBrainzClient",
       "enable": true,
       "data": {
         "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",

ansible/group_vars/all.yml

@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
   $ANSIBLE_VAULT;1.1;AES256
-  61383638616263666539386332333638356662623166393234383666366265346537353533653833
-  3333313230636166663734356261316132393834613737630a386166376365333862383031343838
-  35346338633530636463643165623432353466363230646239656463333263373738663639313136
-  3966633235393937350a343337613061616238323238386332363635623932333230323037353136
-  66616561613038656462636565656361613065373238613862386235623265396133633034326563
-  32663532343137366334366630356232313865666661326337326263613262306637663434646639
-  61623030383963623332333135396363643036646461303438643233313136346139343232353535
-  39356432623161333661333266333937626364643964333839333934306364373234653761326638
-  33396534396163373034666164393039303639643431353662666265666264353062
+  64633862363730303434663261343764323731376539646264333339303234333733306234616462
+  6634333934373065633632376165636432346330396538330a626633666365353362656139643362
+  38636133326633316339346237326438626538613433656364333132333630366135663836396131
+  6132316130623936660a353432653864366539616433356537386633633437626133313262353363
+  65356538666366393934316231313037393061373763313164643331396331326533613132303531
+  39623836313031343034353163353339653330623139663266303836643632323237353335303361
+  66353833643564653666323835613863313232626538626163333231306461393535376338646633
+  64303965653730313565613735386230616137393034613437353261333737313236386530383163
+  65393238623237616135356361353836343532396137323734346136313466663036
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"

docker-compose.yml

@@ -66,11 +66,11 @@ services:
       homepage.widget.password: ${ADGUARD_PASSWORD}
     ports:
       - "192.168.1.254:53:53/udp"
-      - 53:53/tcp
+      - "192.168.1.254:53:53/tcp"
       - 3001:3000
       - 446:443
       - 8008:80
-      - 853:853
+      - "192.168.1.254:853:853/tcp"
       - 67:67
       - 688:68
     restart: unless-stopped
@@ -2119,575 +2119,6 @@ services:
       - ${DOCKER_VOLUME_STORAGE}/Movies:/storage/movies
       - /etc/localtime:/etc/localtime
       - /usr/share/fonts:/usr/local/share/fonts/custom
-  jitsi-etherpad:
-    container_name: jitsi-etherpad
-    environment:
-      TITLE: ${JITSI__ETHERPAD_TITLE}
-      DEFAULT_PAD_TEXT: ${JITSI__ETHERPAD_DEFAULT_PAD_TEXT}
-      SKIN_NAME: ${JITSI__ETHERPAD_SKIN_NAME}
-      SKIN_VARIANTS: ${JITSI__ETHERPAD_SKIN_VARIANTS}
-      SUPPRESS_ERRORS_IN_PAD_TEXT: true
-    image: etherpad/etherpad:1.8.6
-    networks:
-      default: null
-    restart: unless-stopped
-  jitsi-jibri:
-    cap_add:
-      - SYS_ADMIN
-    container_name: jitsi-jibri
-    depends_on:
-      jitsi-jicofo:
-        condition: service_started
-        required: true
-    environment:
-      AUTOSCALER_SIDECAR_KEY_FILE: 
-      AUTOSCALER_SIDECAR_KEY_ID: 
-      AUTOSCALER_SIDECAR_GROUP_NAME: 
-      AUTOSCALER_SIDECAR_HOST_ID: 
-      AUTOSCALER_SIDECAR_INSTANCE_ID: 
-      AUTOSCALER_SIDECAR_PORT: 
-      AUTOSCALER_SIDECAR_REGION: 
-      AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL: 
-      AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL: 
-      AUTOSCALER_URL: 
-      CHROMIUM_FLAGS: 
-      DISPLAY: :0
-      ENABLE_STATS_D: 
-      JIBRI_WEBHOOK_SUBSCRIBERS: 
-      JIBRI_HTTP_API_EXTERNAL_PORT: 
-      JIBRI_HTTP_API_INTERNAL_PORT: 
-      JIBRI_RECORDING_RESOLUTION: 
-      JIBRI_RECORDING_VIDEO_ENCODE_PRESET: 
-      JIBRI_RECORDING_CONSTANT_RATE_FACTOR: 
-      JIBRI_RECORDING_FRAMERATE: 
-      JIBRI_RECORDING_QUEUE_SIZE: 
-      JIBRI_RECORDING_STREAMING_MAX_BITRATE: 
-      JIBRI_USAGE_TIMEOUT: 
-      JIBRI_XMPP_USER: 
-      JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD}
-      JIBRI_BREWERY_MUC: 
-      JIBRI_RECORDER_USER: jibri-recorder
-      JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD}
-      JIBRI_RECORDING_DIR: 
-      JIBRI_FINALIZE_RECORDING_SCRIPT_PATH: 
-      JIBRI_STRIP_DOMAIN_JID: 
-      JIBRI_STATSD_HOST: 
-      JIBRI_STATSD_PORT: 
-      LOCAL_ADDRESS: 
-      PUBLIC_URL: ${JITSI__PUBLIC_URL}
-      TZ: ${JITSI__TZ}
-      XMPP_AUTH_DOMAIN: 
-      XMPP_DOMAIN:
-      XMPP_INTERNAL_MUC_DOMAIN: 
-      XMPP_MUC_DOMAIN: 
-      XMPP_RECORDER_DOMAIN: 
-      XMPP_SERVER:
-      XMPP_PORT: 
-      XMPP_TRUST_ALL_CERTS: 
-    image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable}
-    networks:
-      default: null
-    restart: unless-stopped
-    shm_size: 2gb
-    volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri
-        target: /config
-        type: bind
-        bind:
-          create_host_path: true
-  jitsi-jicofo:
-    container_name: focus.meet.jitsi
-    depends_on:
-      jitsi-prosody:
-        condition: service_started
-        required: true
-    environment:
-      AUTH_TYPE: 
-      BRIDGE_AVG_PARTICIPANT_STRESS: 
-      BRIDGE_STRESS_THRESHOLD: 
-      ENABLE_AUTH: 
-      ENABLE_AUTO_OWNER: 
-      ENABLE_CODEC_VP8: 
-      ENABLE_CODEC_VP9: 
-      ENABLE_CODEC_H264: 
-      ENABLE_CODEC_OPUS_RED: 
-      ENABLE_JVB_XMPP_SERVER: 
-      ENABLE_OCTO: 
-      ENABLE_RECORDING: 1
-      ENABLE_SCTP: 
-      ENABLE_AUTO_LOGIN: 
-      JICOFO_AUTH_LIFETIME: 
-      JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD}
-      JICOFO_AUTH_TYPE: 
-      JICOFO_BRIDGE_REGION_GROUPS: 
-      JICOFO_ENABLE_AUTH: 
-      JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS: 
-      JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT: 
-      JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT: 
-      JICOFO_CONF_SOURCE_SIGNALING_DELAYS: 
-      JICOFO_CONF_MAX_AUDIO_SENDERS: 
-      JICOFO_CONF_MAX_VIDEO_SENDERS: 
-      JICOFO_CONF_STRIP_SIMULCAST: 
-      JICOFO_CONF_SSRC_REWRITING: 
-      JICOFO_ENABLE_HEALTH_CHECKS: 
-      JICOFO_ENABLE_REST: 
-      JICOFO_HEALTH_CHECKS_USE_PRESENCE: 
-      JICOFO_MULTI_STREAM_BACKWARD_COMPAT: 
-      JICOFO_OCTO_REGION: 
-      JIBRI_BREWERY_MUC: 
-      JIBRI_REQUEST_RETRIES: 
-      JIBRI_PENDING_TIMEOUT: 
-      JIGASI_BREWERY_MUC: 
-      JIGASI_SIP_URI: 
-      JVB_BREWERY_MUC: 
-      JVB_XMPP_AUTH_DOMAIN: 
-      JVB_XMPP_INTERNAL_MUC_DOMAIN: 
-      JVB_XMPP_PORT: 
-      JVB_XMPP_SERVER: 
-      MAX_BRIDGE_PARTICIPANTS: 
-      OCTO_BRIDGE_SELECTION_STRATEGY: 
-      SENTRY_DSN: "${JICOFO_SENTRY_DSN:-0}"
-      SENTRY_ENVIRONMENT: 
-      SENTRY_RELEASE: 
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
-      XMPP_DOMAIN: 
-      XMPP_AUTH_DOMAIN: 
-      XMPP_INTERNAL_MUC_DOMAIN: 
-      XMPP_MUC_DOMAIN: 
-      XMPP_RECORDER_DOMAIN: 
-      XMPP_SERVER: 
-      XMPP_PORT: 
-    image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable}
-    networks:
-      default: null
-    ports:
-      - 8889:8888
-    restart: unless-stopped
-    volumes:
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo
-        target: /config
-        type: bind
-  jitsi-jigasi:
-    container_name: jitsi-jigasi
-    depends_on:
-      jitsi-prosody:
-        condition: service_started
-        required: true
-    environment:
-      ENABLE_AUTH: 1
-      ENABLE_GUESTS: 1
-      XMPP_AUTH_DOMAIN:
-      XMPP_GUEST_DOMAIN:
-      XMPP_MUC_DOMAIN:
-      XMPP_INTERNAL_MUC_DOMAIN:
-      XMPP_SERVER:
-      XMPP_PORT:
-      XMPP_DOMAIN:
-      PUBLIC_URL: ${JITSI__PUBLIC_URL}
-      JIGASI_DISABLE_SIP:
-      JIGASI_SIP_URI: ${JITSI__SIP_URI}
-      JIGASI_SIP_PASSWORD: ${JITSI__JIGAGI_SIP_PASSWORD}
-      JIGASI_SIP_SERVER: ${JITSI__JIGAGI_SIP_SERVER}
-      JIGASI_SIP_PORT: ${JITSI__JIGAGI_SIP_PORT}
-      JIGASI_SIP_TRANSPORT: ${JITSI__JIGAGI_SIP_TRANSPORT}
-      JIGASI_SIP_DEFAULT_ROOM:
-      JIGASI_XMPP_USER:
-      JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD}
-      JIGASI_BREWERY_MUC:
-      JIGASI_PORT_MIN:
-      JIGASI_PORT_MAX:
-      JIGASI_HEALTH_CHECK_SIP_URI:
-      JIGASI_HEALTH_CHECK_INTERVAL:
-      JIGASI_SIP_KEEP_ALIVE_METHOD:
-      JIGASI_ENABLE_SDES_SRTP:
-      ENABLE_TRANSCRIPTIONS:
-      JIGASI_TRANSCRIBER_ADVERTISE_URL:
-      JIGASI_TRANSCRIBER_RECORD_AUDIO:
-      JIGASI_TRANSCRIBER_SEND_TXT:
-      GC_PROJECT_ID:
-      GC_PRIVATE_KEY_ID:
-      GC_PRIVATE_KEY:
-      GC_CLIENT_EMAIL:
-      GC_CLIENT_ID:
-      GC_CLIENT_CERT_URL:
-      SHUTDOWN_REST_ENABLED:
-      SENTRY_DSN: "${JIGASI_SENTRY_DSN:-0}"
-      SENTRY_ENVIRONMENT:
-      SENTRY_RELEASE:
-      TZ: ${JITSI__TZ}
-    image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable}
-    networks:
-      default: null
-    ports:
-      - 20000-20050:20000-20050/udp
-    restart: unless-stopped
-    volumes:
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi
-        target: /config
-        type: bind
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
-        target: /tmp/transcripts
-        type: bind
-  jitsi-jvb:
-    container_name: video.meet.jitsi
-    depends_on:
-      jitsi-prosody:
-        condition: service_started
-        required: true
-    environment:
-      DOCKER_HOST_ADDRESS:
-      ENABLE_COLIBRI_WEBSOCKET:
-      ENABLE_JVB_XMPP_SERVER:
-      ENABLE_OCTO:
-      JVB_ADVERTISE_IPS:
-      JVB_ADVERTISE_PRIVATE_CANDIDATES:
-      JVB_AUTH_USER:
-      JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
-      JVB_BREWERY_MUC:
-      JVB_DISABLE_STUN:
-      JVB_PORT:
-      JVB_MUC_NICKNAME:
-      JVB_STUN_SERVERS:
-      JVB_OCTO_BIND_ADDRESS:
-      JVB_OCTO_REGION:
-      JVB_OCTO_RELAY_ID:
-      JVB_WS_DOMAIN:
-      JVB_WS_SERVER_ID:
-      JVB_XMPP_AUTH_DOMAIN:
-      JVB_XMPP_INTERNAL_MUC_DOMAIN:
-      JVB_XMPP_PORT:
-      JVB_XMPP_SERVER:
-      PUBLIC_URL: ${JITSI__PUBLIC_URL}
-      SENTRY_DSN: "${JVB_SENTRY_DSN:-0}"
-      SENTRY_ENVIRONMENT:
-      SENTRY_RELEASE:
-      COLIBRI_REST_ENABLED:
-      SHUTDOWN_REST_ENABLED:
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
-      XMPP_AUTH_DOMAIN:
-      XMPP_INTERNAL_MUC_DOMAIN:
-      XMPP_SERVER:
-      XMPP_PORT:
-    image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable}
-    networks:
-      default: null
-    ports:
-      - 10000:10000/udp
-      - 8091:8080
-    restart: unless-stopped
-    volumes:
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb
-        target: /config
-        type: bind
-  jitsi-prosody:
-    container_name: xmpp.meet.jitsi
-    environment:
-      AUTH_TYPE:
-      DISABLE_POLLS:
-      ENABLE_AUTH:
-      ENABLE_AV_MODERATION:
-      ENABLE_BREAKOUT_ROOMS:
-      ENABLE_END_CONFERENCE:
-      ENABLE_GUESTS: 1
-      ENABLE_IPV6:
-      ENABLE_LOBBY:
-      ENABLE_RECORDING: 1
-      ENABLE_XMPP_WEBSOCKET:
-      ENABLE_JAAS_COMPONENTS:
-      GC_TYPE:
-      GC_INC_TH:
-      GC_INC_SPEED:
-      GC_INC_STEP_SIZE:
-      GC_GEN_MIN_TH:
-      GC_GEN_MAX_TH:
-      GLOBAL_CONFIG:
-      GLOBAL_MODULES:
-      JIBRI_RECORDER_USER:
-      JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD}
-      JIBRI_XMPP_USER:
-      JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD}
-      JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD}
-      JICOFO_COMPONENT_SECRET:
-      JIGASI_XMPP_USER:
-      JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD}
-      JVB_AUTH_USER:
-      JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
-      JWT_APP_ID:
-      JWT_APP_SECRET:
-      JWT_ACCEPTED_ISSUERS:
-      JWT_ACCEPTED_AUDIENCES:
-      JWT_ASAP_KEYSERVER:
-      JWT_ALLOW_EMPTY:
-      JWT_AUTH_TYPE:
-      JWT_ENABLE_DOMAIN_VERIFICATION:
-      JWT_TOKEN_AUTH_MODULE:
-      MATRIX_UVS_URL:
-      MATRIX_UVS_ISSUER:
-      MATRIX_UVS_AUTH_TOKEN:
-      MATRIX_UVS_SYNC_POWER_LEVELS:
-      LOG_LEVEL:
-      LDAP_AUTH_METHOD:
-      LDAP_BASE:
-      LDAP_BINDDN:
-      LDAP_BINDPW:
-      LDAP_FILTER:
-      LDAP_VERSION:
-      LDAP_TLS_CIPHERS:
-      LDAP_TLS_CHECK_PEER:
-      LDAP_TLS_CACERT_FILE:
-      LDAP_TLS_CACERT_DIR:
-      LDAP_START_TLS:
-      LDAP_URL:
-      LDAP_USE_TLS:
-      MAX_PARTICIPANTS:
-      PROSODY_AUTH_TYPE:
-      PROSODY_RESERVATION_ENABLED:
-      PROSODY_RESERVATION_REST_BASE_URL:
-      PROSODY_ENABLE_RATE_LIMITS:
-      PROSODY_RATE_LIMIT_LOGIN_RATE:
-      PROSODY_RATE_LIMIT_SESSION_RATE:
-      PROSODY_RATE_LIMIT_TIMEOUT:
-      PROSODY_RATE_LIMIT_ALLOW_RANGES:
-      PROSODY_RATE_LIMIT_CACHE_SIZE:
-      PUBLIC_URL: ${JITSI__PUBLIC_URL}
-      TURN_CREDENTIALS:
-      TURN_HOST:
-      TURNS_HOST:
-      TURN_PORT:
-      TURNS_PORT:
-      TURN_TRANSPORT:
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
-      XMPP_DOMAIN:
-      XMPP_AUTH_DOMAIN:
-      XMPP_GUEST_DOMAIN:
-      XMPP_MUC_DOMAIN:
-      XMPP_INTERNAL_MUC_DOMAIN:
-      XMPP_MODULES:
-      XMPP_MUC_MODULES:
-      XMPP_MUC_CONFIGURATION:
-      XMPP_INTERNAL_MUC_MODULES:
-      XMPP_RECORDER_DOMAIN:
-      XMPP_PORT:
-    expose:
-      - 5222
-      - "5347"
-      - "5280"
-    image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable}
-    networks:
-      default: null
-    restart: unless-stopped
-    volumes:
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config
-        target: /config
-        type: bind
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom
-        target: /prosody-plugins-custom
-        type: bind
-  jitsi-web:
-    container_name: meet.jitsi
-    environment:
-      AMPLITUDE_ID:
-      ANALYTICS_SCRIPT_URLS:
-      ANALYTICS_WHITELISTED_EVENTS:
-      AUDIO_QUALITY_OPUS_BITRATE:
-      AUTO_CAPTION_ON_RECORD:
-      BRANDING_DATA_URL:
-      CALLSTATS_CUSTOM_SCRIPT_URL:
-      CALLSTATS_ID:
-      CALLSTATS_SECRET:
-      CHROME_EXTENSION_BANNER_JSON:
-      COLIBRI_WEBSOCKET_PORT:
-      CONFCODE_URL:
-      CONFIG_EXTERNAL_CONNECT:
-      DEFAULT_LANGUAGE:
-      DEPLOYMENTINFO_ENVIRONMENT:
-      DEPLOYMENTINFO_ENVIRONMENT_TYPE:
-      DEPLOYMENTINFO_REGION:
-      DEPLOYMENTINFO_SHARD:
-      DEPLOYMENTINFO_USERREGION:
-      DESKTOP_SHARING_FRAMERATE_MIN:
-      DESKTOP_SHARING_FRAMERATE_MAX:
-      DIALIN_NUMBERS_URL:
-      DIALOUT_AUTH_URL:
-      DIALOUT_CODES_URL:
-      DISABLE_AUDIO_LEVELS:
-      DISABLE_DEEP_LINKING:
-      DISABLE_GRANT_MODERATOR:
-      DISABLE_HTTPS:
-      DISABLE_KICKOUT:
-      DISABLE_LOCAL_RECORDING:
-      DISABLE_POLLS:
-      DISABLE_PRIVATE_CHAT:
-      DISABLE_PROFILE:
-      DISABLE_REACTIONS:
-      DISABLE_REMOTE_VIDEO_MENU:
-      DISABLE_START_FOR_ALL:
-      DROPBOX_APPKEY:
-      DROPBOX_REDIRECT_URI:
-      DYNAMIC_BRANDING_URL:
-      ENABLE_AUDIO_PROCESSING:
-      ENABLE_AUTH:
-      ENABLE_BREAKOUT_ROOMS:
-      ENABLE_CALENDAR:
-      ENABLE_COLIBRI_WEBSOCKET:
-      ENABLE_E2EPING:
-      ENABLE_FILE_RECORDING_SHARING:
-      ENABLE_GUESTS: 1
-      ENABLE_HSTS:
-      ENABLE_HTTP_REDIRECT:
-      ENABLE_IPV6:
-      ENABLE_LETSENCRYPT:
-      ENABLE_LIPSYNC:
-      ENABLE_NO_AUDIO_DETECTION:
-      ENABLE_NOISY_MIC_DETECTION:
-      ENABLE_OCTO:
-      ENABLE_OPUS_RED:
-      ENABLE_PREJOIN_PAGE:
-      ENABLE_P2P:
-      ENABLE_WELCOME_PAGE:
-      ENABLE_CLOSE_PAGE:
-      ENABLE_LIVESTREAMING:
-      ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK:
-      ENABLE_LIVESTREAMING_HELP_LINK:
-      ENABLE_LIVESTREAMING_TERMS_LINK:
-      ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING:
-      ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT:
-      ENABLE_LOCAL_RECORDING_SELF_START:
-      ENABLE_RECORDING: 1
-      ENABLE_REMB:
-      ENABLE_REQUIRE_DISPLAY_NAME:
-      ENABLE_SERVICE_RECORDING:
-      ENABLE_SIMULCAST:
-      ENABLE_STATS_ID:
-      ENABLE_STEREO:
-      ENABLE_SUBDOMAINS:
-      ENABLE_TALK_WHILE_MUTED:
-      ENABLE_TCC:
-      ENABLE_TRANSCRIPTIONS:
-      ENABLE_XMPP_WEBSOCKET:
-      ENABLE_JAAS_COMPONENTS:
-      ETHERPAD_PUBLIC_URL:
-      ETHERPAD_URL_BASE: ${JITSI__ETHERPAD_URL_BASE}
-      E2EPING_NUM_REQUESTS:
-      E2EPING_MAX_CONFERENCE_SIZE:
-      E2EPING_MAX_MESSAGE_PER_SECOND:
-      GOOGLE_ANALYTICS_ID:
-      GOOGLE_API_APP_CLIENT_ID:
-      HIDE_PREMEETING_BUTTONS:
-      HIDE_PREJOIN_DISPLAY_NAME:
-      HIDE_PREJOIN_EXTRA_BUTTONS:
-      INVITE_SERVICE_URL:
-      LETSENCRYPT_DOMAIN:
-      LETSENCRYPT_EMAIL:
-      LETSENCRYPT_USE_STAGING:
-      MATOMO_ENDPOINT:
-      MATOMO_SITE_ID:
-      MICROSOFT_API_APP_CLIENT_ID:
-      NGINX_RESOLVER:
-      NGINX_WORKER_PROCESSES:
-      NGINX_WORKER_CONNECTIONS:
-      PEOPLE_SEARCH_URL:
-      PREFERRED_LANGUAGE:
-      PUBLIC_URL: ${JITSI__PUBLIC_URL}
-      P2P_PREFERRED_CODEC:
-      RESOLUTION:
-      RESOLUTION_MIN:
-      RESOLUTION_WIDTH:
-      RESOLUTION_WIDTH_MIN:
-      START_AUDIO_MUTED:
-      START_AUDIO_ONLY:
-      START_BITRATE:
-      START_SILENT:
-      START_WITH_AUDIO_MUTED:
-      START_VIDEO_MUTED:
-      START_WITH_VIDEO_MUTED:
-      TESTING_CAP_SCREENSHARE_BITRATE:
-      TESTING_OCTO_PROBABILITY:
-      TOKEN_AUTH_URL:
-      TOOLBAR_BUTTONS:
-      TRANSLATION_LANGUAGES:
-      TRANSLATION_LANGUAGES_HEAD:
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
-      USE_APP_LANGUAGE:
-      VIDEOQUALITY_BITRATE_H264_LOW:
-      VIDEOQUALITY_BITRATE_H264_STANDARD:
-      VIDEOQUALITY_BITRATE_H264_HIGH:
-      VIDEOQUALITY_BITRATE_VP8_LOW:
-      VIDEOQUALITY_BITRATE_VP8_STANDARD:
-      VIDEOQUALITY_BITRATE_VP8_HIGH:
-      VIDEOQUALITY_BITRATE_VP9_LOW:
-      VIDEOQUALITY_BITRATE_VP9_STANDARD:
-      VIDEOQUALITY_BITRATE_VP9_HIGH:
-      VIDEOQUALITY_ENFORCE_PREFERRED_CODEC:
-      VIDEOQUALITY_PREFERRED_CODEC:
-      XMPP_AUTH_DOMAIN:
-      XMPP_BOSH_URL_BASE:
-      XMPP_DOMAIN:
-      XMPP_GUEST_DOMAIN:
-      XMPP_MUC_DOMAIN:
-      XMPP_RECORDER_DOMAIN:
-      XMPP_PORT:
-      WHITEBOARD_ENABLED:
-      WHITEBOARD_COLLAB_SERVER_PUBLIC_URL:
-    image: jitsi/web:${JITSI_IMAGE_VERSION:-stable}
-    labels:
-      swag: enable
-      swag_proto: https
-      swag_url: meet.${MY_TLD}
-      swag_server_custom_directive: |
-        access_log /config/log/$$host_access.log ;
-        error_log /config/log/$$host_error.log ;
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://meet.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-      homepage.group: Social
-      homepage.name: Jitsi
-      homepage.href: https://meet.${MY_TLD}
-      homepage.icon: jitsi.png
-      homepage.description: Web Conferencing
-    networks:
-      default: null
-    ports:
-      - 8001:80
-      - 8002:443
-    restart: unless-stopped
-    volumes:
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/web
-        target: /config
-        type: bind
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs
-        target: /var/spool/cron/crontabs
-        type: bind
-      - bind:
-          create_host_path: true
-          selinux: Z
-        source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
-        target: /usr/share/jitsi-meet/transcripts
-        type: bind
   joplin-db:
     container_name: joplin-db
     environment:
@@ -3234,7 +2665,7 @@ services:
     image: postgres:17-alpine
     restart: always
     volumes:
-      - mastodon-pg-db:/var/lib/postgresql/data    
+      - mastodon-pg-db:/var/lib/postgresql/data
   meilisearch:
     container_name: meilisearch
     environment:
@@ -3289,6 +2720,81 @@ services:
         type: bind
         bind:
           create_host_path: true
+  mirotalk:
+    container_name: mirotalk
+    environment:
+      NODE_ENV: production #development or production
+      PORT: 3000
+      TRUST_PROXY: false #true or false
+      TZ: ${TZ}
+      LOGS_DEBUG: true # true or false
+      LOGS_COLORS: true # true or false
+      CORS_ORIGIN: '*'
+      CORS_METHODS: '["GET", "POST"]'
+      IP_WHITELIST_ENABLED: false # true or false
+      IP_WHITELIST_ALLOWED: '["127.0.0.1", "::1"]'
+      OIDC_ENABLED: false # true or false
+      HOST_PROTECTED: false # true or false
+      HOST_USER_AUTH: false # true or false
+      JWT_KEY: ${MIROTALK_JWT_KEY}
+      JWT_EXP: 1h
+      PRESENTERS: '["Mirotalk Rinoa", "noreply@trez.wtf"]'
+      NGROK_ENABLED: true
+      NGROK_AUTH_TOKEN: ${NGROK_AUTH_TOKEN}
+      STUN_SERVER_ENABLED: true # true or false
+      STUN_SERVER_URL: stun:stun.l.google.com:19302
+      TURN_SERVER_ENABLED: true # true or false
+      TURN_SERVER_URL: turn:a.relay.metered.ca:443
+      TURN_SERVER_USERNAME: ${MIROTALK_METERED_TURNSERVER_USER}
+      TURN_SERVER_CREDENTIAL: ${MIROTALK_METERED_TURNSERVER_PASSWORD}
+      IP_LOOKUP_ENABLED: false # true or false
+      API_KEY_SECRET: ${MIROTALK_API_KEY_SECRET}
+      API_DISABLED: '["token", "meetings"]'
+      SURVEY_ENABLED: false
+      REDIRECT_ENABLED: false # true or false
+      SENTRY_ENABLED: false # true or false
+      SLACK_ENABLED: false # true or false
+      MATTERMOST_ENABLED: false # true or false
+      CHATGPT_ENABLED: false # true or false
+      CHATGPT_BASE_PATH: https://api.openai.com/v1/
+      CHATGPT_APIKEY: ${LIBRECHAT_OPENAI_API_KEY}
+      CHATGPT_MODEL: gpt-3.5-turbo
+      CHATGPT_MAX_TOKENS: 1000
+      CHATGPT_TEMPERATURE: 0
+      EMAIL_ALERT: true # true or false
+      EMAIL_HOST: postal-smtp
+      EMAIL_PORT: 25
+      EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
+      EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      EMAIL_SEND_TO: noreply@${MY_TLD}
+      STATS_ENABLED: true # true or false
+      STATS_SCR: https://stats.mirotalk.com/script.js
+      STATS_ID: c7615aa7-ceec-464a-baba-54cb605d7261
+    expose:
+      - 3000
+    hostname: mirotalk
+    image: mirotalk/p2p:latest
+    labels:
+      swag: enable
+      swag_port: 3000
+      swag_proto: http
+      swag_url: meet.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://social.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+      homepage.group: Social
+      homepage.name: MiroTalk
+      homepage.href: https://meet.${MY_TLD}
+      homepage.icon: sh-mirotalk.svg
+      homepage.description: Simple, secure, and fast real-time video conferences
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/mirotalk/app/src/config.js:/src/app/src/config.js:ro
+      - ${DOCKER_VOLUME_CONFIG}/mirotalk/app/:/src/app/:ro
+      - ${DOCKER_VOLUME_CONFIG}/mirotalk/public/:/src/public/:ro
   mixpost:
     container_name: mixpost
     image: inovector/mixpost:latest
@@ -3592,6 +3098,25 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
+  omni-tools:
+    container_name: omni-tools
+    image: iib0011/omni-tools:latest
+    labels:
+      homepage.group: Personal Services
+      homepage.name: OmniTools
+      homepage.href: https://ombi.${MY_TLD}
+      homepage.icon: sh-omnitools.svg
+      homepage.description: Tools for common tasks
+      swag: enable
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://otools.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 23693:80
+    restart: unless-stopped
   paperless-ngx:
     container_name: paperless-ngx
     depends_on: