Removing deleted services from container arguments.

Docker Compose dry run action change.
....
2025-05-18 07:58:56 -04:00 · 2025-05-18 07:20:47 -04:00 · 2025-05-16 14:59:22 -04:00 · 2025-05-16 14:02:12 -04:00 · 2025-05-16 13:59:31 -04:00 · 2025-05-16 13:55:03 -04:00
16 changed files with 930 additions and 361 deletions
@@ -3,6 +3,9 @@ on:
  push:
    branches-ignore:
      - 'main'
    paths:
      - '**.yml'
      - '!ansible/**.yml'
 jobs:
  check-and-create-pr:
    if: github.ref != 'refs/heads/main'
@@ -64,62 +67,107 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-      - name: Cache Ansible Galaxy Collections
+      - name: Fetch base branch
-        uses: actions/cache@v3
+        run: |
-        with:
+          git fetch origin ${{ github.event.pull_request.base.ref }}
-          path: ansible/collections
+      - name: Save both versions of docker-compose.yml
-          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
+        run: |
-          restore-keys: |
+          git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
-            ${{ runner.os }}-ansible-
+          cp docker-compose.yml docker-compose-head.yml
-      - name: Install Ansible
+      # - name: Compare Docker Compose changes
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
+      #  run: |
-        with:
+      #    git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
-          version: "11.0.0"
+      #    cp docker-compose.yml docker-compose-head.yml
      - name: Detect added, deleted, and modified services
        id: detect_services
        run: |
          echo "Getting services from main and ${{ github.ref_name }}"
          yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt
          yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt
          echo "Creating list of modified services..."
          touch service_changes.txt
          comm -13 services_main.txt services_head.txt | while read service; do
            echo "$service: added" >> service_changes.txt
          done
          comm -12 services_main.txt services_head.txt | while read service; do
            yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml
            yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml
            if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then
              echo "$service: modified" >> service_changes.txt
            fi
          done
          echo "Detected service changes:"
          cat service_changes.txt
          svc_list=$(paste -sd '|' service_changes.txt)
          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
      # - name: Cache Ansible Galaxy Collections
      #   uses: actions/cache@v3
      #   with:
      #     path: ansible/collections
      #     key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
      #     restore-keys: |
      #       ${{ runner.os }}-ansible-
      # - name: Install Ansible
      #   uses: alex-oleshkevich/setup-ansible@v1.0.1
      #   with:
      #     version: "11.0.0"
      - name: Install Vault
        uses: cpanato/vault-installer@main
-      - name: Install hvac
+      # - name: Install hvac
-        run: pip install hvac
+      #   run: pip install hvac
      # - name: Gotify Notification
      #   uses: eikendev/gotify-action@master
      #   with:
      #     gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
      #     gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
      #     notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
      #     notification_message: 'Starting Ansible dry run...'
      # - name: Ansible Playbook Dry Run
      #   uses: arillso/action.playbook@0.1.0
      #   with:
      #     check: true
      #     galaxy_collections_path: ansible/collections
      #     galaxy_requirements_file: ansible/collections/requirements.yml
      #     inventory: ansible/inventory/hosts.yml
      #     playbook: ansible/docker_config_deploy.yml
      #     private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
      #     vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
      #     verbose: 0
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
-          notification_message: 'Starting Ansible dry run...'
+          notification_message: 'Starting Docker Compose dry run...'
      - name: Ansible Playbook Dry Run
        uses: dawidd6/action-ansible-playbook@v2
        with:
          directory: ansible/
          playbook: docker_config_deploy.yml
          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
          options: |
            --inventory inventory/hosts.yml
            --check
          requirements: collections/requirements.yml
          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
          notification_message: 'Ansible dry run completed successfully; starting Docker Compose'
      - name: Generate .env file for Docker Compose Dry Run
        run: |
          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
      - name: Cache .env Files
        uses: actions/cache@v4
        with:
          path: .env
          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
      - name: Generate modified services list & .env file for Docker Compose Dry Run
        id: modded_svcs
        run: |
          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
          echo ${mod_svcs}
          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
      - name: Docker Compose Dry Run
-        uses: yu-ichiro/spin-up-docker-compose-action@v1
+        timeout-minutes: 360
        continue-on-error: true
        uses: keatonLiu/docker-compose-remote-action@v1.2
        with:
-          file: docker-compose.yml
+          docker_compose_file: docker-compose.yml
-          pull: true
+          docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }}
-          pull-opts: --dry-run
+          ssh_user: gitea-deploy
-          up: true
+          ssh_host: 192.168.1.254
-          up-opts: --dry-run -d --remove-orphans
+          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
        env:
          DOCKER_HOST: tcp://dockerproxy:2375
      - name: Gotify Notification
@@ -311,6 +359,12 @@ jobs:
          version: "11.0.0"
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Login to Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: git.trez.wtf
          username: gitea-sonarqube-bot
          password: ${{ secrets.BOT_GITEA_TOKEN }}
      - name: Install hvac
        run: pip install hvac
      - name: Gotify Notification
@@ -348,7 +402,6 @@ jobs:
        run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
      - name: Docker Compose Deployment
        # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
        timeout-minutes: 360
        continue-on-error: true
        uses: keatonLiu/docker-compose-remote-action@v1.2
@@ -0,0 +1,28 @@
 name: Auto-Unseal for Vault
 on:
  schedule:
    - cron: "30 2 * * *"
 jobs:
  auto-unseal:
    name: Unseal Vault
    runs-on: ubuntu-latest
    env:
      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
      VAULT_SHARDS: |
        ${{ secrets.VAULT_UNSEAL_SHARDS }}
      VAULT_NAMESPACE: ""
    steps:
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/vault/1.18.0/x64
          key: vault-${{ runner.os }}-1.18.0
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Unseal Vault
        run: |
          for vault_shard in $(cat ${VAULT_SHARDS}); do
            vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
          done
@@ -51,7 +51,7 @@
 | graylog-datanode | graylog/graylog-datanode:6.1 |
 | guacamole | flcontainers/guacamole:latest |
 | homepage | ghcr.io/gethomepage/homepage:latest |
-| hugo | hugomods/hugo:exts |
+| hugo | hugomods/hugo:exts-0.145.0 |
 | immich-server | ghcr.io/immich-app/immich-server:release |
 | immich-machine-learning | ghcr.io/immich-app/immich-machine-learning:release |
 | immich-pg-db | tensorchord/pgvecto-rs:pg14-v0.2.1 |
@@ -97,6 +97,7 @@
 | nextcloud | nextcloud/all-in-one:latest |
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
 | omni-tools | iib0011/omni-tools:latest |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
@@ -140,4 +141,14 @@
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |
 | youtubedl | nbr23/youtube-dl-server:latest |
 | zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |
 | zammad-init | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-memcached | memcached:1.6.38-alpine |
 | zammad-nginx | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-postgresql | postgres:17.4-alpine |
 | zammad-railsserver | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-redis | redis:7.4.2-alpine |
 | zammad-scheduler | ghcr.io/zammad/zammad:6.5.0-15 |
 | zammad-websocket | ghcr.io/zammad/zammad:6.5.0-15 |
@@ -1,3 +1,6 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 urls:
  - gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
  - mailtos://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf
@@ -7,13 +7,14 @@
    "client": "mysql",
    "connection": {
      "host"     : "mariadb",
      "port"     : 3306,
      "user"     : "ghost",
      "password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GHOST_DB_PASSWORD'] }}",
      "database" : "ghost_db"
    }
  },
  "mail": {
-    "from": "'Ghost @ Rinoa' <noreply@trez.wtf>"
+    "from": "'Ghost @ Rinoa' <noreply@trez.wtf>",
    "transport": "SMTP",
    "options": {
      "host": "postal-smtp",
@@ -1,3 +1,6 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 #########################################
 #
 #  Database and other external servers
@@ -2,8 +2,8 @@
 {% set secrets_path = 'rinoa-docker/env' %}
 # IN application vars
-IN_APP_URL=http://in.localhost:8003
+IN_APP_URL=https://biz.trez.wtf
-IN_APP_KEY=<insert your generated key in here>
+IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_APP_KEY'] }}
 IN_APP_DEBUG=true
 IN_REQUIRE_HTTPS=false
 IN_PHANTOMJS_PDF_GENERATION=false
@@ -14,11 +14,11 @@ IN_TRUSTED_PROXIES='*'
 IN_QUEUE_CONNECTION=database
 # DB connection
-IN_DB_HOST=db
+IN_DB_HOST=mariadb
 IN_DB_PORT=3306
-IN_DB_DATABASE=ninja
+IN_DB_DATABASE=invoice_ninja
-IN_DB_USERNAME=ninja
+IN_DB_USERNAME=ininja
-IN_DB_PASSWORD=ninja
+IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_MYSQL_PASSWORD'] }}
 # Create initial user
 # Default to these values if empty
@@ -29,13 +29,13 @@ IN_PASSWORD=
 # Mail options
 IN_MAIL_MAILER=log
-IN_MAIL_HOST=smtp.mailtrap.io
+IN_MAIL_HOST=postal-smtp
-IN_MAIL_PORT=2525
+IN_MAIL_PORT=25
-IN_MAIL_USERNAME=null
+IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
-IN_MAIL_PASSWORD=null
+IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
 IN_MAIL_ENCRYPTION=null
-IN_MAIL_FROM_ADDRESS='user@example.com'
+IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
-IN_MAIL_FROM_NAME='Self Hosted User'
+IN_MAIL_FROM_NAME='Treasured IT'
 # MySQL
 IN_MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
@@ -1,8 +1,18 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 containers:
  ghost_blog:
    action_keywords:
      - restart:
          regex: ':[0-9]{2}\] ERROR.*$'
  immich-server:
    action_keywords:
      - restart:
          regex: 'ADVICE:.*error'
  invidious:
    keywords:
      - regex: 'Error reading.*Connection reset by peer trying to reconnect...'
 global_keywords:
  keywords:
    - panic
@@ -0,0 +1,159 @@
 'use strict';
 const packageJson = require('../../package.json');
 module.exports = {
    // Branding and customizations require a license: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
    brand: {
        app: {
            language: 'en', // https://en.wikipedia.org/wiki/List_of_ISO_639_language_codes
            name: 'MiroTalk',
            title: '<h1>MiroTalk</h1/>Free browser based Real-time video calls.<br />Simple, Secure, Fast.',
            description:
                'Start your next video call with a single click. No download, plug-in, or login is required. Just get straight to talking, messaging, and sharing your screen.',
            joinDescription: 'Pick a room name.<br />How about this one?',
            joinButtonLabel: 'JOIN ROOM',
            joinLastLabel: 'Your recent room:',
        },
        og: {
            type: 'app-webrtc',
            siteName: 'MiroTalk',
            title: 'Click the link to make a call.',
            description:
                'MiroTalk calling provides real-time HD quality and latency simply not available with traditional technology.',
            image: 'https://p2p.mirotalk.com/images/preview.png',
            url: 'https://p2p.mirotalk.com',
        },
        site: {
            shortcutIcon: '../images/logo.svg',
            appleTouchIcon: '../images/logo.svg',
            landingTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
            newCallTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
            newCallRoomTitle: 'Pick name. <br />Share URL. <br />Start conference.',
            newCallRoomDescription:
                "Each room has its disposable URL. Just pick a room name and share your custom URL. It's that easy.",
            loginTitle: 'MiroTalk - Host Protected login required.',
            clientTitle: 'MiroTalk WebRTC Video call, Chat Room & Screen Sharing.',
            privacyPolicyTitle: 'MiroTalk - privacy and policy.',
            stunTurnTitle: 'Test Stun/Turn Servers.',
            notFoundTitle: 'MiroTalk - 404 Page not found.',
        },
        html: {
            features: true,
            browsers: true,
            teams: true, // please keep me always true ;)
            tryEasier: true,
            poweredBy: true,
            sponsors: true,
            advertisers: true,
            footer: true,
        },
        about: {
            imageUrl: '../images/mirotalk-logo.gif',
            title: `WebRTC P2P v${packageJson.version}`,
            html: `
                <button
                    id="support-button"
                    data-umami-event="Support button"
                    onclick="window.open('https://codecanyon.net/user/miroslavpejic85')">
                    <i class="fas fa-heart" ></i>&nbsp;Support
                </button>
                <br /><br /><br />
                Author:<a
                    id="linkedin-button"
                    data-umami-event="Linkedin button"
                    href="https://www.linkedin.com/in/miroslav-pejic-976a07101/" target="_blank">
                    Miroslav Pejic
                </a>
                <br /><br />
                Email:<a
                    id="email-button"
                    data-umami-event="Email button"
                    href="mailto:miroslav.pejic.85@gmail.com?subject=MiroTalk P2P info">
                    miroslav.pejic.85@gmail.com
                </a>
                <br /><br />
                <hr />
                <span>&copy; 2025 MiroTalk P2P, all rights reserved</span>
                <hr />
            `,
        },
        //...
    },
    /**
     * Configuration for controlling the visibility of buttons in the MiroTalk P2P client.
     * Set properties to true to show the corresponding buttons, or false to hide them.
     * captionBtn, showSwapCameraBtn, showScreenShareBtn, showFullScreenBtn, showVideoPipBtn, showDocumentPipBtn -> (auto-detected).
     */
    buttons: {
        main: {
            showShareQr: true,
            showShareRoomBtn: true, // For guests
            showHideMeBtn: true,
            showAudioBtn: true,
            showVideoBtn: true,
            showScreenBtn: true, // autodetected
            showRecordStreamBtn: true,
            showChatRoomBtn: true,
            showCaptionRoomBtn: true,
            showRoomEmojiPickerBtn: true,
            showMyHandBtn: true,
            showWhiteboardBtn: true,
            showSnapshotRoomBtn: true,
            showFileShareBtn: true,
            showDocumentPipBtn: true,
            showMySettingsBtn: true,
            showAboutBtn: true, // Please keep me always true, Thank you!
        },
        chat: {
            showTogglePinBtn: true,
            showMaxBtn: true,
            showSaveMessageBtn: true,
            showMarkDownBtn: true,
            showChatGPTBtn: true,
            showFileShareBtn: true,
            showShareVideoAudioBtn: true,
            showParticipantsBtn: true,
        },
        caption: {
            showTogglePinBtn: true,
            showMaxBtn: true,
        },
        settings: {
            showMicOptionsBtn: true,
            showTabRoomPeerName: true,
            showTabRoomParticipants: true,
            showTabRoomSecurity: true,
            showTabEmailInvitation: true,
            showCaptionEveryoneBtn: true,
            showMuteEveryoneBtn: true,
            showHideEveryoneBtn: true,
            showEjectEveryoneBtn: true,
            showLockRoomBtn: true,
            showUnlockRoomBtn: true,
            showShortcutsBtn: true,
        },
        remote: {
            showAudioVolume: true,
            audioBtnClickAllowed: true,
            videoBtnClickAllowed: true,
            showVideoPipBtn: true,
            showKickOutBtn: true,
            showSnapShotBtn: true,
            showFileShareBtn: true,
            showShareVideoAudioBtn: true,
            showPrivateMessageBtn: true,
            showZoomInOutBtn: false,
            showVideoFocusBtn: true,
        },
        local: {
            showVideoPipBtn: true,
            showSnapShotBtn: true,
            showVideoCircleBtn: true,
            showZoomInOutBtn: false,
        },
        whiteboard: {
            whiteboardLockBtn: false,
        },
    },
 };
@@ -33,9 +33,10 @@
      }
    },
    {
-      "type:": "lastfm",
+      "type": "lastfm",
      "name": "lastfm",
      "enable": true,
      "clients": [],
      "name": "lastfm",
      "data": {
        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
        "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
@@ -44,8 +45,9 @@
    },
    {
      "type": "listenbrainz",
      "name": "listenBrainz",
      "enable": true,
      "clients": [],
      "name": "listenBrainz",
      "data": {
        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
        "username": "Trez.One"
@@ -53,8 +55,9 @@
    },
    {
      "type": "subsonic",
      "name": "navidrome",
      "enable": true,
      "clients": [],
      "name": "navidrome",
      "data": {
        "url": "http://navidrome:4533",
        "user": "admin",
@@ -65,8 +68,8 @@
  "clients": [
    {
      "type": "lastfm",
      "name": "lastFmClient",
      "enable": true,
      "name": "lastFmClient",
      "data": {
        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
        "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
@@ -75,8 +78,8 @@
    },
    {
      "type": "listenbrainz",
      "name": ";istenBrainzClient",
      "enable": true,
      "name": "ListenBrainzClient",
      "data": {
        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
        "username": "Trez.One"
@@ -211,11 +211,13 @@ outgoing:
 # Comment or un-comment plugin to activate / deactivate by default.
 #
-# enabled_plugins:
+enabled_plugins:
 #   # these plugins are enabled if nothing is configured ..
-#   - 'Hash plugin'
+  - 'Hash plugin'
-#   - 'Self Information'
+  - 'Self Information'
-#   - 'Tracker URL remover'
+  - 'Tracker URL remover'
  - 'Basic Calculator'
  - 'Unit converter plugin'
 #   - 'Ahmia blacklist'  # activation depends on outgoing.using_tor_proxy
 #   # these plugins are disabled if nothing is configured ..
 #   - 'Hostname replace'  # see hostname_replace configuration below
@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
  $ANSIBLE_VAULT;1.1;AES256
-  61383638616263666539386332333638356662623166393234383666366265346537353533653833
+  39306238386563313462666238333237346239326636633731326263653639646235363937386333
-  3333313230636166663734356261316132393834613737630a386166376365333862383031343838
+  6138653434613437643134653463363230303038373765380a636162663734393632396638313261
-  35346338633530636463643165623432353466363230646239656463333263373738663639313136
+  39613730633935373063663030616131653731376461333762633131633066366165343536323031
-  3966633235393937350a343337613061616238323238386332363635623932333230323037353136
+  3539373461383138310a383734313237313231363539383632323130336536656662313861336261
-  66616561613038656462636565656361613065373238613862386235623265396133633034326563
+  65393033633461363837366462656134386430353236343136616161663364376261623834366466
-  32663532343137366334366630356232313865666661326337326263613262306637663434646639
+  30303765393039376666303937663839663630623063666135313636353432396161333434653435
-  61623030383963623332333135396363643036646461303438643233313136346139343232353535
+  32623634313531343466613966663139333234616137646636636134373264333263343533393331
-  39356432623161333661333266333937626364643964333839333934306364373234653761326638
+  32313530373164653730656662383837626139643364376134376634613237323063343731663734
-  33396534396163373034666164393039303639643431353662666265666264353062
+  36306335303936633334353564306239663563366435316464343039373965383032
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"
@@ -1,13 +1,13 @@
 rinoa:
-        ansible_host: 192.168.1.254
+  ansible_host: 192.168.1.254
-        ansible_python_interpreter: /usr/bin/python3
+  ansible_python_interpreter: /usr/bin/python3
-        ansible_ssh_port: 22
+  ansible_ssh_port: 22
-        ansible_ssh_user: charish
+  ansible_ssh_user: charish
-        ansible_ssh_pass: !vault |
+  ansible_ssh_pass: !vault |
-                $ANSIBLE_VAULT;1.1;AES256
+    $ANSIBLE_VAULT;1.1;AES256
-                38346631616139316365316566386362396661323163306339303635646331373061323531626431
+    32303262303733356636343163363062383539623938383439373166623236366664333830653163
-                3435373031363739356261656239633835393963636663370a613166653463656337666366633639
+    3134323461373461663638333265643631666437306362350a353632313337316535633838343137
-                37373637326633363430633336646165343764303063663636313835326130663532323037663331
+    37353139396531613763393139653231333666363935613462343831303866363863653161636138
-                6332353339656134370a353435396532663932313535646636333262353238386331313764633635
+    3438316261363139650a313161643039366438356462383730663839366562333464636130346132
-                63383065623930653134666261353439366535646661383434386261393232373432353937636535
+    31363235326362396630313966303064373532306638383739373739336661346438336534366537
-                3432336137393737643735346665303832653630316439333565
+    6565643866333964353563346433323861346262323933333732
@@ -1,7 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-65353131326537376561616630666531353731653835306564323565383332653437633533313932
+32303262303733356636343163363062383539623938383439373166623236366664333830653163
-6239663065306339366536326432323534303364663862350a353034623936363066303164333434
+3134323461373461663638333265643631666437306362350a353632313337316535633838343137
-32666331326332363463383234316136323031626330366132643034376439616339396662636236
+37353139396531613763393139653231333666363935613462343831303866363863653161636138
-3633393039376438630a326138653031656465373966356564336463643465613638313838393166
+3438316261363139650a313161643039366438356462383730663839366562333464636130346132
-36626366356266636535613862333631386231626134376264363731353264613261633037646662
+31363235326362396630313966303064373532306638383739373739336661346438336534366537
-6431393837653564366531316332616232336365636533643036
+6565643866333964353563346433323861346262323933333732
@@ -12,6 +12,74 @@ networks:
    name: compose_default
  nextcloud-aio:
    external: true
 x-app-common: &jitsi_admin_app
  image: h2invent/jitsi-admin-main:latest
  #build: .
  environment:
    APACHE_DOCUMENT_ROOT: "public/"
    PHP_EXTENSION_XDEBUG: "1"
    PHP_INI_MEMORY_LIMIT: "1G"
    PHP_EXTENSION_LDAP: 1
    PHP_EXTENSION_INTL: 1
 x-shared:
  zammad-service: &zammad-service
    environment: &zammad-environment
      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS:-zammad-memcached:11211}
      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB:-zammad_production}
      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST:-zammad-postgresql}
      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER:-zammad}
      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS:-zammad}
      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT:-5432}
      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS:-?pool=50}
      POSTGRESQL_DB_CREATE:
      REDIS_URL: ${ZAMMAD_REDIS_URL:-redis://zammad-redis:6379}
      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad-storage-bucket?region=us-east-fh-pln&force_path_style=true
      # Backup settings
      BACKUP_DIR: "${BACKUP_DIR:-/var/tmp/zammad}"
      BACKUP_TIME: "${BACKUP_TIME:-03:00}"
      HOLD_DAYS: "${HOLD_DAYS:-7}"
      TZ: "${TZ:-Europe/Berlin}"
      # Allow passing in these variables via .env:
      AUTOWIZARD_JSON:
      AUTOWIZARD_RELATIVE_PATH:
      ELASTICSEARCH_ENABLED: false
      ELASTICSEARCH_SCHEMA:
      ELASTICSEARCH_HOST:
      ELASTICSEARCH_PORT:
      ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-elastic}
      ELASTICSEARCH_PASS: ${ELASTICSEARCH_PASS:-zammad}
      ELASTICSEARCH_NAMESPACE:
      ELASTICSEARCH_REINDEX:
      NGINX_PORT:
      NGINX_EXPOSE_PORT: 15257
      NGINX_CLIENT_MAX_BODY_SIZE:
      NGINX_SERVER_NAME:
      NGINX_SERVER_SCHEME:
      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
      ZAMMAD_HTTP_TYPE:
      ZAMMAD_FQDN:
      ZAMMAD_WEB_CONCURRENCY:
      ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS:
      ZAMMAD_PROCESS_SCHEDULED_JOBS_WORKERS:
      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
      # ZAMMAD_SESSION_JOBS_CONCURRENT is deprecated, please use ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS instead.
      ZAMMAD_SESSION_JOBS_CONCURRENT:
      # Variables used by ngingx-proxy container for reverse proxy creations
      # for docs refer to https://github.com/nginx-proxy/nginx-proxy
      VIRTUAL_HOST:
      VIRTUAL_PORT:
      # Variables used by acme-companion for retrieval of LetsEncrypt certificate
      # for docs refer to https://github.com/nginx-proxy/acme-companion
      LETSENCRYPT_HOST:
      LETSENCRYPT_EMAIL:
    image: ${IMAGE_REPO:-ghcr.io/zammad/zammad}:${VERSION:-6.5.0-15}
    restart: ${RESTART:-always}
    volumes:
      - zammad-storage:/opt/zammad/storage
    depends_on:
      - zammad-memcached
      - zammad-postgresql
      - zammad-redis
 services:
  actual_server:
    container_name: actualbudget
@@ -46,7 +114,6 @@ services:
    container_name: adguard
    environment:
      TZ: ${TZ}
    hostname: Rinoa
    image: adguard/adguardhome:latest
    labels:
      swag: enable
@@ -66,19 +133,20 @@ services:
      homepage.widget.password: ${ADGUARD_PASSWORD}
    ports:
      - "192.168.1.254:53:53/udp"
-      - 53:53/tcp
+      - "192.168.1.254:53:53/tcp"
      - 3001:3000
-      - 446:443
+      - "192.168.1.254:446:443/tcp"
      - 8008:80
-      - 853:853
+      - "192.168.1.254:853:853/tcp"
      - 67:67
      - 688:68
    restart: unless-stopped
    user: 1000:1000
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/adguard/work:/opt/adguardhome/work
      - ${DOCKER_VOLUME_CONFIG}/adguard/conf:/opt/adguardhome/conf
-      - ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/:/etc/ssl/certs
+      - ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/:/opt/adguardhome/certs
  apprise-api:
    container_name: apprise-api
    environment:
@@ -92,7 +160,7 @@ services:
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Apprise
      homepage.icon: apprise.png
-      homepage.href: https://adgh.${MY_TLD}
+      homepage.href: http://192.168.1.254:54995
      homepage.description: Multi-channel notification API
    ports:
      - 54995:8000
@@ -548,30 +616,6 @@ services:
    networks:
      default: null
    restart: unless-stopped
  bytebase:
    container_name: bytebase
    image: bytebase/bytebase:3.5.0
    labels:
      homepage.group: System Administration
      homepage.name: Bytebase
      homepage.href: https://dbs.${MY_TLD}
      homepage.icon: /icons/bytebase.png
      homepage.description: Database-as-Code CI/CD
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: dbs.${MY_TLD}
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
    ports:
      - 49054:8080
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/bytebase:/var/opt/bytebase
  bytestash:
    container_name: bytestash
    environment:
@@ -762,7 +806,7 @@ services:
      DOCKER_HOST: tcp://dockerproxy:2375
      GID: 1000
      BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
-      COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables
+      COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
    image: crowdsecurity/crowdsec:latest
    networks:
      default: null
@@ -1042,6 +1086,15 @@ services:
      - dawarich_public:/var/app/public
      - dawarich_watched:/var/app/tmp/imports/watched
      - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
  dead-man-hand:
    container_name: dead-man-hand
    environment:
      DMH_CONFIG_FILE: /data/config.yaml
    image: 'ghcr.io/bkupidura/dead-man-hand:latest'
    ports:
      - '8080:8080'
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/dead-man-hand/data:/data
  delugevpn:
    cap_add:
      - NET_ADMIN
@@ -1149,87 +1202,6 @@ services:
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        type: bind
  docker-volume-backup:
    container_name: docker-volume-backup
    image: offen/docker-volume-backup:v2
    environment:
      BACKUP_ARCHIVE: /archive
      BACKUP_CRON_EXPRESSION: '@weekly'
      BACKUP_COMPRESSION: zst
      BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}
      BACKUP_FILENAME_EXPAND: true
      BACKUP_RETENTION_DAYS: 14
      DOCKER_HOST: tcp://dockerproxy:2375
      NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN}
    restart: always
    volumes:
      - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
      - authelia-pg-db:/backup/authelia-pg-db:ro
      - bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro
      - bunkerweb-storage:/backup/bunkerweb-storage:ro
      - castopod-media:/backup/castopod-media:ro
      - crowdsec-config:/backup/crowdsec-config:ro
      - crowdsec-db:/backup/crowdsec-db:ro
      - dawarich_db_data:/backup/dawarich_db_data:ro
      - dawarich_shared:/backup/dawarich_shared:ro
      - dawarich_public:/backup/dawarich_public:ro
      - dawarich_watched:/backup/dawarich_watched:ro
      - docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro
      - fastenhealth-cache:/backup/fastenhealth-cache:ro
      - fastenhealth-db:/backup/fastenhealth-db:ro
      - gitea-pg-db:/backup/gitea-pg-db:ro
      - hortusfox_app_backup:/backup/hortusfox_app_backup:ro
      - hortusfox_app_images:/backup/hortusfox_app_images:ro
      - hortusfox_app_logs:/backup/hortusfox_app_logs:ro
      - hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro
      - hortusfox_app_themes:/backup/hortusfox_app_themes:ro
      - hortusfox_db_data:/backup/hortusfox_db_data:ro
      - immich-model-cache:/backup/immich-model-cache:ro
      - influxdb2-data:/backup/influxdb2-data:ro
      - influxdb2-config:/backup/influxdb2-config:ro
      - invidious-postgres:/backup/invidious-postgres:ro
      - invoice-ninja_cache:/backup/invoice-ninja_cache:ro
      - invoice-ninja_public:/backup/invoice-ninja_public:ro
      - invoice-ninja_storage:/backup/invoice-ninja_storage:ro
      - jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro
      - jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro
      - joplin_data:/backup/joplin_data:ro
      - librechat-pg-data:/backup/librechat-pg-data:ro
      - libretranslate_models:/backup/libretranslate_models:ro
      - lldap_data:/backup/lldap_data:ro
      - mastodon-pg-db:/backup/mastodon-pg-db:ro
      - mixpost-storage:/backup/mixpost-storage:ro
      - mixpost-logs:/backup/mixpost-logs:ro
      - mongodb_config:/backup/mongodb_config:ro
      - mongodb_data:/backup/mongodb_data:ro
      - n8n-data:/backup/n8n-data:ro
      - netbird-mgmt:/backup/netbird-mgmt:ro
      - netbird-signal:/backup/netbird-signal:ro
      - netbird-letsencrypt:/backup/netbird-letsencrypt:ro
      - nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro
      - ollama:/backup/ollama:ro
      - paperless-ngx-data:/backup/paperless-ngx-data:ro
      - paperless-ngx-media:/backup/paperless-ngx-media:ro
      - paperless-ngx-pg:/backup/paperless-ngx-pg:ro
      - pgbackweb-data:/backup/pgbackweb-data:ro
      - plausible-db-data:/backup/plausible-db-data:ro
      - plausible-event-data:/backup/plausible-event-data:ro
      - plausible-event-logs:/backup/plausible-event-logs:ro
      - portainer-data:/backup/portainer-data:ro
      - reactive-resume-pg:/backup/reactive-resume-pg:ro
      - semaphore_config:/backup/semaphore_config:ro
      - semaphore_data:/backup/semaphore_data:ro
      - semaphore_tmp:/backup/semaphore_tmp:ro
      - sonarqube-data:/backup/sonarqube-data:ro
      - sonarqube-db:/backup/sonarqube-db:ro
      - sonarqube-db-data:/backup/sonarqube-db-data:ro
      - sonarqube-extensions:/backup/sonarqube-extensions:ro
      - sonarqube-logs:/backup/sonarqube-logs:ro
      - sonarqube-temp:/backup/sonarqube-temp:ro
      - tandoor-pg:/backup/tandoor-pg:ro
      - unmanic-cache:/backup/unmanic-cache:ro
      - wallos-db:/backup/wallos-db:ro
      - wallos-logos:/backup/wallos-logos:ro
  duplicati:
    container_name: duplicati
    environment:
@@ -1283,6 +1255,27 @@ services:
        source: /home/charish/.config/appdata
        target: /source
        type: bind
  excalidraw:
    container_name: excalidraw
    image: 'excalidraw/excalidraw:latest'
    labels:
      homepage.group: Personal/Professional Services
      homepage.name: Excalidraw
      homepage.href: https://draw.${MY_TLD}
      homepage.icon: excalidraw.svg
      homepage.description: Virtual whiteboard for sketching hand-drawn like diagrams
      swag: enable
      swag_proto: http
      swag_url: draw.${MY_TLD}
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://draw.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
    ports:
      - 53721:80
    restart: unless-stopped
  explo:
    container_name: explo
    environment:
@@ -1424,7 +1417,7 @@ services:
      - 2368:2368
    restart: always
    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/ghost:/home/ghost
+      - ${DOCKER_VOLUME_CONFIG}/ghost:/var/lib/ghost/content
  gitea:
    container_name: gitea
    depends_on:
@@ -1775,7 +1768,7 @@ services:
  hugo:
    command: hugo server --baseURL "it-services.trez.wtf" --bind 0.0.0.0 --appendPort=false --source=/src/it-services --configDir=/src/it-services/config/ -e production --logLevel debug
    container_name: hugo
-    image: hugomods/hugo:exts
+    image: hugomods/hugo:exts-0.145.0
    labels:
      swag: enable
      swag_proto: http
@@ -1933,12 +1926,6 @@ services:
      IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY}
      IMMICH_URL: http://immich-server:2283
    image: ghcr.io/varun-raj/immich-power-tools:latest
    labels:
      homepage.group: Lifestyle
      homepage.name: Immich Power Tools
      homepage.href: https://pics.${MY_TLD}/tools
      homepage.icon: sh-immich-power-tools.png
      homepage.description: Tools for Immich
    ports:
      - 54018:3000
    restart: unless-stopped
@@ -2055,6 +2042,105 @@ services:
        type: bind
        bind:
          create_host_path: true
  invoice-ninja:
    container_name: invoice-ninja
    depends_on:
      mariadb:
        condition: service_started
        required: true
        restart: true
    environment:
      APP_DEBUG: true
      APP_KEY: ${IN_APP_KEY}
      APP_URL: http://invoice_ninja:8003
      APP_ENV: /var/www/html/.env
      DB_DATABASE: invoice_ninja
      DB_HOST: mariadb
      DB_PASSWORD: ${IN_MYSQL_PASSWORD}
      DB_PORT: 3306
      DB_USERNAME: ininja
      IN_PASSWORD: ${IN_PASSWORD}
      IN_USER_EMAIL: charish.patel@${MY_TLD}
      MAIL_ENCRYPTION: null
      MAIL_FROM_ADDRESS: noreply@${MY_TLD}
      MAIL_FROM_NAME: null
      MAIL_HOST: postal-smtp
      MAIL_MAILER: log
      MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      MAIL_PORT: 25
      MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      MYSQL_DATABASE: invoice_ninja
      MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
      MYSQL_USER: ininja
      PDF_GENERATOR: snappdf
      PHANTOMJS_PDF_GENERATION: false
      QUEUE_CONNECTION: database
      REQUIRE_HTTPS: false
      TRUSTED_PROXIES: 172.18.0.0/16
    expose:
      - 9000
    image: invoiceninja/invoiceninja-debian:5
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/invoice-ninja.env:/var/www/html/.env
      - invoice-ninja_cache:/var/www/html/bootstrap/cache
      - invoice-ninja_public:/var/www/html/public
      - invoice-ninja_storage:/var/www/html/storage
  invoice-ninja_proxy:
    container_name: invoice-ninja_proxy
    depends_on:
      invoice-ninja:
        condition: service_started
        required: true
        restart: true
    environment:
      APP_DEBUG: true
      APP_KEY: ${IN_APP_KEY}
      APP_URL: http://invoice_ninja:9000
      DB_DATABASE: invoice_ninja
      DB_HOST: mariadb
      DB_PASSWORD: ${IN_MYSQL_PASSWORD}
      DB_PORT: 3306
      DB_USERNAME: ininja
      IN_PASSWORD: ${IN_PASSWORD}
      IN_USER_EMAIL: charish.patel@trez.wtf
      MAIL_ENCRYPTION: null
      MAIL_FROM_ADDRESS: noreply@trez.wtf
      MAIL_FROM_NAME: null
      MAIL_HOST: postal-smtp
      MAIL_MAILER: log
      MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      MAIL_PORT: 25
      MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      MYSQL_DATABASE: invoice_ninja
      MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
      MYSQL_USER: ininja
      PDF_GENERATOR: snappdf
      PHANTOMJS_PDF_GENERATION: false
      QUEUE_CONNECTION: database
      REQUIRE_HTTPS: false
      TRUSTED_PROXIES: 172.18.0.0/16
    image: nginx
    labels:
      swag: enable
      swag_proto: http
      swag_url: biz.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
      homepage.group: Personal/Professional Services
      homepage.name: Invoice Ninja
      homepage.href: https://biz.${MY_TLD}
      homepage.icon: invoice-ninja.svg
      homepage.description: Simple invoicing, multiple payment options, expense and vendor management, and more!
    ports:
      - 8005:80
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/nginx:/etc/nginx/conf.d:ro
      - invoice-ninja_public:/var/www/html/public
      - invoice-ninja_storage:/var/www/html/storage
  it-tools:
    container_name: it-tools
    image: ghcr.io/corentinth/it-tools:latest
@@ -2127,6 +2213,7 @@ services:
      SKIN_NAME: ${JITSI__ETHERPAD_SKIN_NAME}
      SKIN_VARIANTS: ${JITSI__ETHERPAD_SKIN_VARIANTS}
      SUPPRESS_ERRORS_IN_PAD_TEXT: true
    hostname: etherpad.meet.jitsi
    image: etherpad/etherpad:1.8.6
    networks:
      default: null
@@ -2175,7 +2262,7 @@ services:
      JIBRI_STATSD_PORT:
      LOCAL_ADDRESS:
      PUBLIC_URL: ${JITSI__PUBLIC_URL}
-      TZ: ${JITSI__TZ}
+      TZ: ${TZ}
      XMPP_AUTH_DOMAIN:
      XMPP_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
@@ -2196,7 +2283,7 @@ services:
        bind:
          create_host_path: true
  jitsi-jicofo:
-    container_name: focus.meet.jitsi
+    container_name: jitsi-jicofo
    depends_on:
      jitsi-prosody:
        condition: service_started
@@ -2249,7 +2336,7 @@ services:
      SENTRY_DSN: "${JICOFO_SENTRY_DSN:-0}"
      SENTRY_ENVIRONMENT:
      SENTRY_RELEASE:
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
+      TZ: ${TZ}
      XMPP_DOMAIN:
      XMPP_AUTH_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
@@ -2303,7 +2390,7 @@ services:
      JIGASI_HEALTH_CHECK_INTERVAL:
      JIGASI_SIP_KEEP_ALIVE_METHOD:
      JIGASI_ENABLE_SDES_SRTP:
-      ENABLE_TRANSCRIPTIONS:
+      ENABLE_TRANSCRIPTIONS: 1
      JIGASI_TRANSCRIBER_ADVERTISE_URL:
      JIGASI_TRANSCRIBER_RECORD_AUDIO:
      JIGASI_TRANSCRIBER_SEND_TXT:
@@ -2317,7 +2404,7 @@ services:
      SENTRY_DSN: "${JIGASI_SENTRY_DSN:-0}"
      SENTRY_ENVIRONMENT:
      SENTRY_RELEASE:
-      TZ: ${JITSI__TZ}
+      TZ: ${TZ}
    image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable}
    networks:
      default: null
@@ -2348,7 +2435,7 @@ services:
      ENABLE_COLIBRI_WEBSOCKET:
      ENABLE_JVB_XMPP_SERVER:
      ENABLE_OCTO:
-      JVB_ADVERTISE_IPS:
+      JVB_ADVERTISE_IPS: 192.168.1.254
      JVB_ADVERTISE_PRIVATE_CANDIDATES:
      JVB_AUTH_USER:
      JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
@@ -2372,7 +2459,7 @@ services:
      SENTRY_RELEASE:
      COLIBRI_REST_ENABLED:
      SHUTDOWN_REST_ENABLED:
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
+      TZ: ${TZ}
      XMPP_AUTH_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
      XMPP_SERVER:
@@ -2402,7 +2489,7 @@ services:
      ENABLE_END_CONFERENCE:
      ENABLE_GUESTS: 1
      ENABLE_IPV6:
-      ENABLE_LOBBY:
+      ENABLE_LOBBY: 1
      ENABLE_RECORDING: 1
      ENABLE_XMPP_WEBSOCKET:
      ENABLE_JAAS_COMPONENTS:
@@ -2422,6 +2509,7 @@ services:
      JICOFO_COMPONENT_SECRET:
      JIGASI_XMPP_USER:
      JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD}
      JIGASI_TRANSCRIBER_PASSWORD: ${JITSI__JIGASI_TRANSCRIBER_PASSWORD}
      JVB_AUTH_USER:
      JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
      JWT_APP_ID:
@@ -2468,7 +2556,7 @@ services:
      TURN_PORT:
      TURNS_PORT:
      TURN_TRANSPORT:
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
+      TZ: ${TZ}
      XMPP_DOMAIN:
      XMPP_AUTH_DOMAIN:
      XMPP_GUEST_DOMAIN:
@@ -2502,7 +2590,7 @@ services:
        target: /prosody-plugins-custom
        type: bind
  jitsi-web:
-    container_name: meet.jitsi
+    container_name: jitsi-web
    environment:
      AMPLITUDE_ID:
      ANALYTICS_SCRIPT_URLS:
@@ -2531,7 +2619,7 @@ services:
      DISABLE_AUDIO_LEVELS:
      DISABLE_DEEP_LINKING:
      DISABLE_GRANT_MODERATOR:
-      DISABLE_HTTPS:
+      DISABLE_HTTPS: 1
      DISABLE_KICKOUT:
      DISABLE_LOCAL_RECORDING:
      DISABLE_POLLS:
@@ -2552,9 +2640,9 @@ services:
      ENABLE_FILE_RECORDING_SHARING:
      ENABLE_GUESTS: 1
      ENABLE_HSTS:
-      ENABLE_HTTP_REDIRECT:
+      ENABLE_HTTP_REDIRECT: 0
      ENABLE_IPV6:
-      ENABLE_LETSENCRYPT:
+      ENABLE_LETSENCRYPT: 0
      ENABLE_LIPSYNC:
      ENABLE_NO_AUDIO_DETECTION:
      ENABLE_NOISY_MIC_DETECTION:
@@ -2581,7 +2669,7 @@ services:
      ENABLE_SUBDOMAINS:
      ENABLE_TALK_WHILE_MUTED:
      ENABLE_TCC:
-      ENABLE_TRANSCRIPTIONS:
+      ENABLE_TRANSCRIPTIONS: 1
      ENABLE_XMPP_WEBSOCKET:
      ENABLE_JAAS_COMPONENTS:
      ETHERPAD_PUBLIC_URL:
@@ -2625,7 +2713,7 @@ services:
      TOOLBAR_BUTTONS:
      TRANSLATION_LANGUAGES:
      TRANSLATION_LANGUAGES_HEAD:
-      TZ: ${JITSI__JIGAGI_SIP_SERVER}
+      TZ: ${TZ}
      USE_APP_LANGUAGE:
      VIDEOQUALITY_BITRATE_H264_LOW:
      VIDEOQUALITY_BITRATE_H264_STANDARD:
@@ -2647,6 +2735,7 @@ services:
      XMPP_PORT:
      WHITEBOARD_ENABLED:
      WHITEBOARD_COLLAB_SERVER_PUBLIC_URL:
    hostname: meet.jitsi
    image: jitsi/web:${JITSI_IMAGE_VERSION:-stable}
    labels:
      swag: enable
@@ -2747,6 +2836,18 @@ services:
    ports:
      - 22300:22300
    restart: unless-stopped
  languagetool:
    container_name: languagetool
    environment:
      langtool_languageModel: /opt/languagetool/langModel
      Java_Xms: 512m
      Java_Xmx: 1g
    expose:
      - 8010
    image: elestio/languagetool:latest
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/languagetool/:/opt/languagetool/langModel
  librechat-api:
    container_name: librechat-api
    depends_on:
@@ -2824,24 +2925,11 @@ services:
      test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
    environment:
      LT_UPDATE_MODELS: true
    labels:
      homepage.group: Personal/Professional Services
      homepage.name: LibreTranslate
      homepage.href: https://translate.${MY_TLD}
      homepage.icon: sh-libretranslate.svg
      homepage.description: Open-source language translation
      swag: enable
      swag_port: 5000
      swag_url: translate.${MY_TLD}
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
    ports:
      - 5000:5000
    restart: unless-stopped
    tty: true
    stdin_open: true
    volumes:
    #   - libretranslate_api_keys:/app/db
      - libretranslate_models:/home/libretranslate/.local:rw
@@ -3091,6 +3179,7 @@ services:
      DATABASE_URL: sqlite3:/config/manyfold.sqlite3
      REDIS_URL: redis://redis:6379/2
      SECRET_KEY_BASE: ${MANYFOLD_SECRET_KEY_BASE}
      MUTLIUSER: enabled
    image: lscr.io/linuxserver/manyfold:latest
    labels:
      homepage.group: Lifestyle
@@ -3592,6 +3681,60 @@ services:
        source: /rinoa-storage
        target: /storage
        type: bind
  omni-tools:
    container_name: omni-tools
    image: iib0011/omni-tools:latest
    labels:
      homepage.group: Personal/Professional Services
      homepage.name: OmniTools
      homepage.href: https://otools.${MY_TLD}
      homepage.icon: sh-omnitools.svg
      homepage.description: Tools for common tasks
      swag: enable
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
      swag_url: otools.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://otools.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
    ports:
      - 23693:80
    restart: unless-stopped
  omnipoly:
    container_name: omnipoly
    depends_on:
      languagetool:
        condition: service_started
        required: true
      libretranslate:
        condition: service_started
        required: true
    environment:
      LANGUAGE_TOOL: http://languagetool:8010
      LIBRETRANSLATE: http://libretranslate:5000
      OLLAMA: http://ollama:11434
      OLLAMA_MODEL: smollm2:1.7b
      THEME: 'pole'
      DISABLE_DICTIONARY: false
    expose:
      - 80
    image: kweg/omnipoly:latest
    labels:
      homepage.group: Personal/Professional Services
      homepage.name: OmniPoly
      homepage.href: https://translate.${MY_TLD}
      homepage.icon: sh-omnipoly.svg
      homepage.description: Open-source language translation with LanguageTool, LibreTranslate, & Ollama
      swag: enable
      swag_url: translate.${MY_TLD}
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
    restart: unless-stopped
  paperless-ngx:
    container_name: paperless-ngx
    depends_on:
@@ -3739,17 +3882,25 @@ services:
    restart: unless-stopped
    volumes:
        - portainer-data:/data
-  portall:
+  portnote-web:
-    container_name: portall
+    container_name: portnote
-    image: need4swede/portall:latest
+    depends_on:
      portnote-pg-db:
        condition: service_started
        required: true
        restart: true
    environment:
-      SECRET_KEY: ${PORTALL_SECRET_KEY}
+      JWT_SECRET: ${PORTNOTE_JWT_SECRET} # Replace with a secure random string
      USER_SECRET:  ${PORTNOTE_USER_SECRET} # Replace with a secure random string
      LOGIN_USERNAME: portnote # Replace with a username
      LOGIN_PASSWORD: ${PORTNOTE_LOGIN_PASSWORD} # Replace with a custom password
      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
    image: haedlessdev/portnote:latest
    labels:
      swag: enable
      swag_auth: authelia
      swag_proto: http
-      swag_port: 8080
+      swag_port: 3000
-      swag_url: portall.${MY_TLD}
+      swag_url: ports.${MY_TLD}
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
@@ -3757,15 +3908,35 @@ services:
      swag.uptime-kuma.monitor.url: https://portall.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      homepage.group: System Administration
-      homepage.name: Portall
+      homepage.name: PortNote
      homepage.href: https://portall.${MY_TLD}
-      homepage.icon: sh-portall.png
+      homepage.icon: /icons/portnote.png
      homepage.description: Management for container ports
    ports:
-      - 8000:8080
+      - 23186:3000
-    restart: unless-stopped
+    restart: always
  portnote-agent:
    container_name: portnote-agent
    depends_on:
      portnote-pg-db:
        condition: service_started
        required: true
    image: haedlessdev/portnote-agent:latest
    environment:
      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
    restart: always
  portnote-pg-db:
    container_name: portnote-pg-db
    image: postgres:17-alpine
    environment:
      POSTGRES_USER: portnote
      POSTGRES_PASSWORD: ${PORTNOTE_POSTGRES_PASSWORD}
      POSTGRES_DB: portnote
    expose:
      - 5432
    restart: always
    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/portall:/app/instance
+      - portnote-db-data:/var/lib/postgresql/data
  postal-smtp:
    cap_add:
      - NET_BIND_SERVICE
@@ -4383,7 +4554,7 @@ services:
      - ALL
    container_name: searxng
    environment:
-      SEARXNG_BASE_URL: https://${SEARXNG_BASE_URL:-localhost}/
+      SEARXNG_BASE_URL: https://search.${MY_TLD}
    image: searxng/searxng:latest
    labels:
      homepage.group: Personal/Professional Services
@@ -5161,6 +5332,36 @@ services:
    ports:
      - 3010:3000
    restart: unless-stopped
  whodb:
    container_name: whodb
    image: clidey/whodb
    environment:
      WHODB_POSTGRES_1: '[{"host":"authelia-pg","user":"authelia","password":"${AUTHELIA_STORAGE_POSTGRES_PASSWORD}","database":"authelia"},{"host":"bitmagnet-pg-db","user":"bitmagnet","password":"${BITMAGNET_POSTGRESQL_PASSWORD}","database":"bitmagnet"},{"host":"dawarich-pg-db","user":"dawarich","password":"${DAWARICH_PG_PASSWORD}","database":"dawarich"},{"host":"gitea-db","user":"gitea","password":"${GITEA_PG_DB_PASSWORD}","database":"gitea"},{"host":"immich-pg-db","user":"immich","password":"${IMMICH_DB_PASSWORD}","database":"immich"},{"host":"invidious-db","user":"kemal","password":"${INVID_PG_DB_PASSWORD}","database":"invidious"},{"host":"librechat-vectordb","user":"librechat","password":"${LIBRECHAT_PG_DB_PASSWD}","database":"librechat"},{"host":"mastodon-pg-db","user":"mastodon","password":"${MASTODON_PG_DB_PASSWORD}","database":"mastodon"},{"host":"reactive-resume-pg","user":"reactiveresume","password":"${REACTIVE_RESUME_PGSQL_PASSWORD}","database":"reactiveresume"},{"host":"sonarqube-pg-db","user":"sonar","password":"${SONARQUBE_POSTGRES_PASSWORD}","database":"sonar"},{"host":"tandoor-pg","user":"tandoor","password":"${TANDOOR_POSTGRES_PASSWORD}","database":"tandoor"},{"host":"zammad-postgresql","user":"zammad","password":"${ZAMMAD_POSTGRES_PASS}","database":"zammad_production"}]'
      WHODB_MARIADB_1: '[{"host":"mariadb","user":"root","password":"${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}","database":"mysql"}]'
      WHODB_MONGODB_1: '{"host":"mongodb:27017/admin?replicaSet=rinoa","user":"root","password":"${MONGO_INITDB_ROOT_PASSWORD}"}'
      WHODB_OLLAMA_HOST: ollama
      WHODB_OLLAMA_PORT: 11434
      WHODB_ANTHROPIC_API_KEY: ${LIBRECHAT_ANTHROPIC_API_KEY}
      WHODB_OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
    expose:
      - 8080
    labels:
      homepage.group: System Administration
      homepage.name: WhoDB
      homepage.href: https://dbs.${MY_TLD}
      homepage.icon: whodb.png
      homepage.description: Database-as-Code CI/CD
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: dbs.${MY_TLD}
      swag_server_custom_directive: |
        access_log /config/log/$$host_access.log ;
        error_log /config/log/$$host_error.log ;
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
    restart: unless-stopped
  youtubedl:
    container_name: youtubedl
    environment:
@@ -5209,6 +5410,95 @@ services:
        source: /rinoa-storage
        target: /storage
        type: bind
  zammad-backup:
    <<: *zammad-service
    container_name: zammad-backup
    command: ["zammad-backup"]
    volumes:
      - zammad-backup:/var/tmp/zammad
      - zammad-storage:/opt/zammad/storage:ro
    user: 0:0
  zammad-elasticsearch:
    container_name: zammad-elasticsearch
    image: bitnami/elasticsearch:${ELASTICSEARCH_VERSION:-8.17.4}
    restart: ${RESTART:-always}
    profiles:
      - do-not-start
    volumes:
      - zammad-elasticsearch-data:/bitnami/elasticsearch/data
    environment:
      # Enable authorization without HTTPS. For external access with
      #   SSL termination, use solutions like nginx-proxy-manager.
      ELASTICSEARCH_ENABLE_SECURITY: 'true'
      ELASTICSEARCH_SKIP_TRANSPORT_TLS: 'true'
      ELASTICSEARCH_ENABLE_REST_TLS: 'false'
      # ELASTICSEARCH_USER is hardcoded to 'elastic' in the container.
      ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASS:-zammad}
  zammad-init:
    <<: *zammad-service
    container_name: zammad-init
    command: ["zammad-init"]
    depends_on:
      - zammad-postgresql
    restart: on-failure
    user: 0:0
  zammad-memcached:
    container_name: zammad-memcached
    command: memcached -m 256M
    image: memcached:${MEMCACHE_VERSION:-1.6.38-alpine}
    restart: ${RESTART:-always}
  zammad-nginx:
    <<: *zammad-service
    container_name: zammad-nginx
    command: ["zammad-nginx"]
    expose:
      - 8080
    ports:
      - 15257:8080
    labels:
      swag: enable
      swag_proto: http
      swag_port: 8080
      swag_url: support.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
      homepage.group: Personal/Professional Services
      homepage.name: Zammad
      homepage.href: https://support.${MY_TLD}
      homepage.icon: zammad.svg
      homepage.description: Open-source helpdesk/customer support system
    depends_on:
      - zammad-railsserver
  zammad-postgresql:
    container_name: zammad-postgresql
    environment:
      POSTGRES_DB: ${ZAMMAD_POSTGRES_DB:-zammad_production}
      POSTGRES_USER: ${ZAMMAD_POSTGRES_USER:-zammad}
      POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS:-zammad}
    image: postgres:${ZAMMAD_POSTGRES_VERSION:-17.4-alpine}
    restart: ${RESTART:-always}
    volumes:
      - zammad-postgresql-data:/var/lib/postgresql/data
  zammad-railsserver:
    <<: *zammad-service
    container_name: zammad-railsserver
    command: ["zammad-railsserver"]
    expose:
      - 3000
  zammad-redis:
    container_name: zammad-redis
    image: redis:${REDIS_VERSION:-7.4.2-alpine}
    restart: ${RESTART:-always}
    volumes:
      - zammad-redis-data:/data
  zammad-scheduler:
    <<: *zammad-service
    container_name: zammad-scheduler
    command: ["zammad-scheduler"]
  zammad-websocket:
    <<: *zammad-service
    container_name: zammad-websocket
    command: ["zammad-websocket"]
 volumes:
  authelia-pg-db:
    name: authelia-pg-db
@@ -5312,14 +5602,10 @@ volumes:
    name: paperless-ngx-pg
  pgbackweb-data:
    name: pgbackweb-data
  plausible-db-data:
    name: plausible-db-data
  plausible-event-data:
    name: plausible-event-data
  plausible-event-logs:
    name: plausible-event-logs
  portainer-data:
    name: portainer-data
  portnote-db-data:
    name: portnote-db-data
  reactive-resume-pg:
    name: reactive-resume-pg
  semaphore_config:
@@ -5348,3 +5634,13 @@ volumes:
    name: wallos-db
  wallos-logos:
    name: wallos-logos
  zammad-backup:
    name: zammad-backup
  zammad-storage:
    name: zammad-storage
  zammad-elasticsearch-data:
    name: zammad-elasticsearch-data
  zammad-postgresql-data:
    name: zammad-postgresql-data
  zammad-redis-data:
    name: zammad-redis-data