Initial deployment for Immich.

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -79,6 +79,13 @@ jobs:
             --check
           requirements: collections/requirements.yml
           vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+          notification_message: 'Ansible dry run completed successfully.'
       - name: Generate .env file for Docker Compose Dry Run
         run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
@@ -97,6 +104,13 @@ jobs:
           up-opts: --dry-run -d --remove-orphans
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
+          notification_message: 'Docker Compose dry run completed successfully.'
   cloudflare-dns-setup:
     name: Cloudflare DNS Setup
     needs: [docker-compose-ansible-lints]
@@ -132,6 +146,13 @@ jobs:
         run: |
           yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt
           flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Cloudflare Setup @ Rinoa'
+          notification_message: 'Starting Cloudflare setup'
       - name: Compare Subdomains
         id: compare-subdomains
         uses: LouisBrunner/diff-action@v2.2.0
@@ -152,6 +173,13 @@ jobs:
             echo "Creating $subdomain.trez.wtf..."
             flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf" --proxy true
           done
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Cloudflare Setup @ Rinoa'
+          notification_message: 'Cloudflare DNS setup completed successfully.'
   regenerate-readme:
     name: Update README
     runs-on: ubuntu-latest
@@ -203,6 +231,14 @@ jobs:
           echo "Merging PR..."
           pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
           tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
+          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Merge Successful'
+          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
   ansible-config-docker-compose-deploy:
     name: Deploy via Ansible & Docker Compose
     runs-on: ubuntu-latest
@@ -245,7 +281,7 @@ jobs:
         with:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'Ansible Config Deployment @ Rinoa'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
           notification_message: 'Deployment completed successfully.'
       - name: Generate .env file for deployment
         run: |
@@ -264,5 +300,5 @@ jobs:
         with:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'Docker Compose Deployment @ Rinoa'
+          notification_title: 'GITEA: Docker Compose Deployment @ Rinoa'
           notification_message: 'Deployment completed successfully.'

.gitignore

@@ -1,2 +1,3 @@
 **/.cache_ggshield
-ansible/collections/ansible_collections/
+ansible/collections/ansible_collections/
+**/.env

README.md

@@ -27,6 +27,7 @@
 | czkawka | jlesage/czkawka |
 | dagu-scheduler | ghcr.io/dagu-org/dagu:latest |
 | dagu-server | ghcr.io/dagu-org/dagu:latest |
+| dbgate | dbgate/dbgate:alpine |
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
 | docuseal | docuseal/docuseal:latest |
@@ -77,7 +78,7 @@
 | mastodon | lscr.io/linuxserver/mastodon:latest |
 | mastodon-pg-db | postgres:17-alpine |
 | minio | minio/minio |
-| mongodb | mongo:7.0 |
+| mongodb | bitnami/mongodb:7.0 |
 | multi-scrobbler | foxxmd/multi-scrobbler |
 | n8n | docker.n8n.io/n8nio/n8n |
 | navidrome | deluan/navidrome:latest |
@@ -98,6 +99,7 @@
 | plausible | ghcr.io/plausible/community-edition:v2.1.0 |
 | plausible_db | postgres:16-alpine |
 | plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
+| portainer | portainer/portainer-ce:alpine-sts |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
 | postal-worker | ghcr.io/postalserver/postal:latest |
@@ -109,6 +111,7 @@
 | readarr | lscr.io/linuxserver/readarr:develop |
 | redis | redis:alpine |
 | redlib | quay.io/redlib/redlib:latest |
+| rocketchat | registry.rocket.chat/rocketchat/rocket.chat:latest |
 | sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
 | scraperr | jpyles0524/scraperr:latest |
 | scraperr-api | jpyles0524/scraperr_api:latest |
@@ -124,11 +127,10 @@
 | sonashow | thewicklowwolf/sonashow:latest |
 | soularr | mrusse08/soularr:latest |
 | soulseek | slskd/slskd |
+| sourcebot | ghcr.io/sourcebot-dev/sourcebot:latest |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
 | spotisub | blastbeng/spotisub:latest |
 | swag | lscr.io/linuxserver/swag:latest |
-| synapse | docker.io/matrixdotorg/synapse:latest |
-| synapse-db | postgres:16-alpine |
 | tandoor | vabene1111/recipes |
 | tandoor-pg | postgres:16-alpine |
 | traccar | traccar/traccar:latest |
@@ -144,7 +146,6 @@
 | wazuh.indexer | wazuh/wazuh-indexer: |
 | wazuh.manager | wazuh/wazuh-manager: |
 | web-check | lissy93/web-check |
-| whodb | clidey/whodb |
 | yacht | selfhostedpro/yacht |
 | your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |

ansible/app-configs/sourcebot_config.json.j2

@@ -0,0 +1,19 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+{
+  "$schema": "../schemas/v2/index.json",
+  "repos": [
+      {
+          "type": "gitea",
+          "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
+          "url": "https://git.trez.wtf",
+          "revisions": {
+              "branches": [
+                  "main",
+                  "*"
+              ]
+          }
+      }
+  ]
+}

docker-compose.yml

@@ -40,7 +40,7 @@ services:
   adguard:
     container_name: adguard
     environment:
-      TZ: America/New_York
+      TZ: ${TZ}
     hostname: Rinoa
     image: adguard/adguardhome:latest
     labels:
@@ -271,9 +271,9 @@ services:
   authelia-pg:
     container_name: authelia-pg
     environment:
-      - POSTGRES_PASSWORD=${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
-      - POSTGRES_USER=authelia
-      - POSTGRES_DB=authelia
+      POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
+      POSTGRES_USER: authelia
+      POSTGRES_DB: authelia
     expose:
       - 5432
     image: postgres:16-alpine
@@ -289,10 +289,10 @@ services:
   bazarr:
     container_name: bazarr
     environment:
-      - PGID=1000
-      - PUID=1000
-      - TZ=America/New_York
-      - DOCKER_MODS=ghcr.io/gilbn/theme.park:bazarr
+      PGID: ${PGID}
+      PUID: ${PUID}
+      TZ: ${TZ}
+      DOCKER_MODS: ghcr.io/gilbn/theme.park:bazarr
     hostname: Rinoa
     image: lscr.io/linuxserver/bazarr:latest
     labels:
@@ -768,7 +768,7 @@ services:
       homepage.group: System Administration
       homepage.name: Czkawka
       homepage.href: https://czkawka.${MY_TLD}
-      homepage.icon: /icons/czkawka.png
+      homepage.icon: sh-czkawka.svg
       homepage.description: Smart file management
       swag: enable
       swag_port: 5800
@@ -848,6 +848,162 @@ services:
         type: volume
         bind:
           create_host_path: true
+  dbgate:
+    container_name: dbgate
+    environment:
+      CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,lobe-chat-pg-db,mariadb,mastodon-pg-db,mongodb,netbox-db,pgbackweb,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,traccar-pg,whodb,zitadel-pg-db
+
+      LOGIN: TrezOne
+      PASSWORD: ${DBGATE_LOGIN_PASSWORD}
+
+      LABEL_mariadb: mariadb
+      SERVER_mariadb: mariadb
+      USER_mariadb: root
+      PASSWORD_mariadb: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
+      PORT_mariadb: 3306
+      ENGINE_mariadb: mariadb@dbgate-plugin-mysql
+
+      LABEL_authelia-pg: authelia-pg
+      SERVER_authelia-pg: authelia-pg
+      USER_authelia-pg: authelia
+      DATABASE_authelia-pg: authelia
+      PASSWORD_authelia-pg: ${BITMAGNET_POSTGRESQL_PASSWORD}
+      PORT_authelia-pg: 5432
+      ENGINE_authelia-pg: postgres@dbgate-plugin-postgres
+
+      LABEL_bitmagnet-pg-db: bitmagnet-pg-db
+      SERVER_bitmagnet-pg-db: bitmagnet-pg-db
+      USER_bitmagnet-pg-db: bitmagnet-pg
+      DATABASE_bitmagnet-pg-db: bitmagnet
+      PASSWORD_bitmagnet-pg-db: ${BITMAGNET_POSTGRESQL_PASSWORD}
+      PORT_bitmagnet-pg-db: 5432
+      ENGINE_bitmagnet-pg-db: postgres@dbgate-plugin-postgres
+
+      LABEL_gitea-db: gitea-db
+      SERVER_gitea-db: gitea-db
+      USER_gitea-db: gitea
+      PASSWORD_gitea-db: ${GITEA_PG_DB_PASSWORD}
+      DATABASE_gitea-db: gitea
+      PORT_gitea-db: 5432
+      ENGINE_gitea-db: postgres@dbgate-plugin-postgres
+
+      LABEL_invidious-db: invidious-db
+      SERVER_invidious-db: invidious-db
+      USER_invidious-db: kemal
+      PASSWORD_invidious-db: ${INVID_PG_DB_PASSWORD}
+      PORT_invidious-db: 5432
+      DATABASE_invidious-db: invidious
+      ENGINE_invidious-db: postgres@dbgate-plugin-postgres
+
+      LABEL_joplin-db: joplin-db
+      SERVER_joplin-db: joplin-db
+      USER_joplin-db: ${JOPLIN_POSTGRES_USER}
+      PASSWORD_joplin-db: ${JOPLIN_POSTGRES_DATABASE}
+      DATABASE_joplin-db: joplin
+      PORT_joplin-db: 5432
+      ENGINE_joplin-db: postgres@dbgate-plugin-postgres
+
+      LABEL_lobe-chat-pg-db: lobe-chat-pg-db
+      SERVER_lobe-chat-pg-db: lobe-chat-pg-db
+      USER_lobe-chat-pg-db: lobe
+      PASSWORD_lobe-chat-pg-db: ${GITEA_PG_DB_PASSWORD}
+      DATABASE_lobe-chat-pg-db: lobe
+      PORT_lobe-chat-pg-db: 5432
+      ENGINE_lobe-chat-pg-db: postgres@dbgate-plugin-postgres
+
+      LABEL_mastodon-pg-db: mastodon-pg-db
+      SERVER_mastodon-pg-db: mastodon-pg-db
+      USER_mastodon-pg-db: mastodon
+      PASSWORD_mastodon-pg-db: ${MASTODON_PG_DB_PASSWORD}
+      DATABASE_mastodon-pg-db: mastodon
+      PORT_mastodon-pg-db: 5432
+      ENGINE_mastodon-pg-db: postgres@dbgate-plugin-postgres
+
+      LABEL_mongodb: mongodb
+      URI_mongodb: mongodb://mongodb:27017
+      ENGINE_mongodb: mongo@dbgate-plugin-mongo
+
+      LABEL_netbox-db: netbox-db
+      SERVER_netbox-db: netbox-db
+      USER_netbox-db: netbox
+      PASSWORD_netbox-db: ${NETBOX_PG_DB_PASSWORD}
+      PORT_netbox-db: 5432
+      DATABASE_netbox-db: netbox
+      ENGINE_netbox-db: postgres@dbgate-plugin-postgres
+
+      LABEL_pgbackweb-db: pgbackweb-db
+      SERVER_pgbackweb-db: pgbackweb-db
+      USER_pgbackweb-db: pgbackweb
+      PASSWORD_pgbackweb-db: ${PGBACKWEB_PG_DB_PASSWD}
+      PORT_pgbackweb-db: 5432
+      ENGINE_pgbackweb-db: postgres@dbgate-plugin-postgres
+
+      LABEL_plausible-db: plausible-db
+      SERVER_plausible-db: plausible-db
+      USER_plausible-db: plausible
+      PASSWORD_plausible-db: ${PLAUSIBLE_PG_PASSWORD}
+      PORT_plausible-db: 5432
+      ENGINE_plausible-db: postgres@dbgate-plugin-postgres
+
+      LABEL_reactive-resume-pg: reactive-resume-pg
+      SERVER_reactive-resume-pg: reactive-resume-pg
+      USER_reactive-resume-pg: reactiveresume
+      PASSWORD_reactive-resume-pg: ${REACTIVE_RESUME_PGSQL_PASSWORD}
+      PORT_reactive-resume-pg: 5432
+      ENGINE_reactive-resume-pg: postgres@dbgate-plugin-postgres
+
+      LABEL_sonarqube-pg-db: sonarqube-pg-db
+      SERVER_sonarqube-pg-db: sonarqube-pg-db
+      USER_sonarqube-pg-db: sonar
+      PASSWORD_sonarqube-pg-db: ${SONARQUBE_POSTGRES_PASSWORD}
+      PORT_sonarqube-pg-db: 5432
+      ENGINE_sonarqube-pg-db: postgres@dbgate-plugin-postgres
+
+      LABEL_synapse-db: synapse-db
+      SERVER_synapse-db: synapse-db
+      USER_synapse-db: synapse
+      PASSWORD_synapse-db: ${SYNAPSE_POSTGRES_PASSWORD}
+      PORT_synapse-db: 5432
+      ENGINE_synapse-db: postgres@dbgate-plugin-postgres
+
+      LABEL_tandoor-pg: tandoor-pg
+      SERVER_tandoor-pg: tandoor-pg
+      USER_tandoor-pg: tandoor
+      PASSWORD_tandoor-pg: ${TANDOOR_POSTGRES_PASSWORD}
+      PORT_tandoor-pg: 5432
+      ENGINE_tandoor-pg: postgres@dbgate-plugin-postgres
+
+      LABEL_traccar-pg: traccar-pg
+      SERVER_traccar-pg: traccar-pg
+      USER_traccar-pg: ${TRACCAR_POSTGRES_USER}
+      PASSWORD_traccar-pg: ${TRACCAR_POSTGRES_PASSWORD}
+      PORT_traccar-pg: 5432
+      ENGINE_traccar-pg: postgres@dbgate-plugin-postgres
+
+      LABEL_zitadel-pg-db: zitadel-pg-db
+      SERVER_zitadel-pg-db: zitadel-pg-db
+      USER_zitadel-pg-db: root
+      PASSWORD_zitadel-pg-db: ${ZITADEL_DB_ADMIN_PASSWORD}
+      PORT_zitadel-pg-db: 5432
+      ENGINE_zitadel-pg-db: postgres@dbgate-plugin-postgres
+    image: dbgate/dbgate:alpine
+    labels:
+      homepage.group: System Administration
+      homepage.name: DbGate
+      homepage.href: https://dbs.${MY_TLD}
+      homepage.icon: sh-dbgate.png
+      homepage.description: Cross-platform database manager
+      swag: enable
+      swag_port: 3000
+      swag_proto: http
+      swag_url: dbs.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
+    ports:
+      - 49054:3000
+    restart: unless-stopped
+    volumes:
+      - dbgate-data:/root/.dbgate
   delugevpn:
     cap_add:
       - NET_ADMIN
@@ -1228,9 +1384,9 @@ services:
   gitea-db:
     container_name: gitea-db
     environment:
-      - POSTGRES_USER=gitea
-      - POSTGRES_PASSWORD=${GITEA_PG_DB_PASSWORD}
-      - POSTGRES_DB=gitea
+      POSTGRES_USER: gitea
+      POSTGRES_PASSWORD: ${GITEA_PG_DB_PASSWORD}
+      POSTGRES_DB: gitea
     expose:
       - 5432
     healthcheck:
@@ -1468,7 +1624,7 @@ services:
     command: run --disable-reporting=true --stability.level=public-preview --server.http.listen-addr=0.0.0.0:12345 /etc/alloy/config.alloy
     container_name: grafana-alloy
     environment:
-      - DOCKER_HOST=tcp://dockerproxy:2375
+      DOCKER_HOST: tcp://dockerproxy:2375
     image: grafana/alloy:latest
     labels:
       homepage.group: Infrastructure/App Performance Monitoring
@@ -1941,22 +2097,22 @@ services:
         target: 8003
     restart: always
     volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/public
+      - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/app/public
         target: /var/www/app/public
         type: bind
         bind:
           create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/app/storage
+      - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/app/storage
         target: /var/www/app/storage
         type: bind
         bind:
           create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php.ini
+      - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/php/php.ini
         target: /usr/local/etc/php/php.ini
         type: bind
         bind:
           create_host_path: true
-      - source: ${DOCKER_VOLUME_CONFIG}/invoice_ninja/php/php-cli.ini
+      - source: ${DOCKER_VOLUME_CONFIG}/invoice-ninja/php/php-cli.ini
         target: /usr/local/etc/php/php-cli.ini
         type: bind
         bind:
@@ -2028,6 +2184,72 @@ services:
         type: bind
         bind:
           create_host_path: true
+  immich-server:
+    container_name: immich_server
+    depends_on:
+      redis:
+        condition: service_started
+        required: true
+      immich-pg-db:
+        condition: service_started
+        required: true
+    environment:
+      DB_DATABASE_NAME: immich
+      DB_USERNAME: immich
+      DB_PASSWORD: ${IMMICH_DB_PASSWORD}
+      IMMICH_TELEMETRY_INCLUDE: all
+    healthcheck:
+      disable: false
+    image: ghcr.io/immich-app/immich-server:release
+    ports:
+      - 2283:2283
+    restart: always
+    volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
+      - ${DOCKER_VOLUME_STORAGE}/Pics:/usr/src/app/upload
+      - /etc/localtime:/etc/localtime:ro
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    depends_on:
+      immich-server:
+        condition: service_started
+        required: true
+    healthcheck:
+      disable: false
+    image: ghcr.io/immich-app/immich-machine-learning:release
+    restart: always
+    volumes:
+      - immich-model-cache:/cache
+  immich-pg-db:
+    command: >-
+      postgres
+      -c shared_preload_libraries=vectors.so
+      -c 'search_path="$$user", public, vectors'
+      -c logging_collector=on
+      -c max_wal_size=2GB
+      -c shared_buffers=512MB
+      -c wal_compression=on
+    container_name: immich-pg-db
+    environment:
+      POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD}
+      POSTGRES_USER: immich
+      POSTGRES_DB: immich
+    expose:
+      - 5432
+    healthcheck:
+      test: >-
+        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
+        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
+        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
+        echo "checksum failure count is $$Chksum";
+        [ "$$Chksum" = '0' ] || exit 1
+      interval: 5m
+      start_interval: 30s
+      start_period: 5m
+    image: tensorchord/pgvecto-rs:pg14-v0.2.1
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/immich/db:/var/lib/postgresql/data
   it-tools:
     container_name: it-tools
     image: ghcr.io/corentinth/it-tools:latest
@@ -2654,9 +2876,9 @@ services:
   joplin-db:
     container_name: joplin-db
     environment:
-      - POSTGRES_PASSWORD=${JOPLIN_POSTGRES_PASSWORD}
-      - POSTGRES_USER=${JOPLIN_POSTGRES_USER}
-      - POSTGRES_DB=${JOPLIN_POSTGRES_DATABASE}
+      POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD}
+      POSTGRES_USER: ${JOPLIN_POSTGRES_USER}
+      POSTGRES_DB: ${JOPLIN_POSTGRES_DATABASE}
     expose:
       - 5432
     image: postgres:17-alpine
@@ -2712,8 +2934,8 @@ services:
   lidarr:
     container_name: lidarr
     environment:
-      PGID: 1000
-      PUID: 1000
+      PGID: ${PGID}
+      PUID: ${PUID}
       TZ: America/New_York
       DOCKER_MODS: ghcr.io/gilbn/theme.park:lidarr
     hostname: Rinoa
@@ -3115,7 +3337,17 @@ services:
           create_host_path: true
   mongodb:
     container_name: mongodb
-    image: mongo:7.0
+    environment:
+      MONGODB_ADVERTISED_HOSTNAME: mongodb
+      MONGODB_ENABLE_DIRECTORY_PER_DB: true
+      MONGODB_SYSTEM_LOG_VERBOSITY: 1
+      MONGODB_ROOT_USER: ${MONGO_INITDB_ROOT_USERNAME}
+      MONGODB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
+      ALLOW_EMPTY_PASSWORD: yes
+      MONGODB_REPLICA_SET_MODE: primary
+      MONGODB_REPLICA_SET_NAME: rinoa
+      MONGODB_REPLICA_SET_KEY: 
+    image: bitnami/mongodb:7.0
     ports:
       - 27017:27017
     restart: unless-stopped
@@ -3426,9 +3658,9 @@ services:
         required: true
         restart: true
     environment:
-      PGID: 1000
-      PUID: 1000
-      TZ: America/New_York
+      PGID: ${PGID}
+      PUID: ${PUID}
+      TZ: ${TZ}
       LOG_LEVEL: debug
     hostname: Rinoa
     image: lscr.io/linuxserver/nextcloud:latest
@@ -3475,8 +3707,6 @@ services:
         type: bind
   ollama:
     container_name: ollama
-    extra_hosts:
-      - host.docker.internal:host-gateway
     image: ollama/ollama
     networks:
       default: null
@@ -3494,8 +3724,8 @@ services:
   ombi:
     container_name: ombi
     environment:
-      PGID: "1000"
-      PUID: "1000"
+      PGID: ${PGID}
+      PUID: ${PUID}
       TZ: America/New_York
     hostname: Rinoa
     image: lscr.io/linuxserver/ombi:latest
@@ -3718,6 +3948,34 @@ services:
       - plausible-event-logs:/var/log/clickhouse-server
       - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
       - ${DOCKER_VOLUME_CONFIG}/plausible/clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
+  portainer:
+    command: -H tcp://dockerproxy:2375
+    container_name: portainer
+    depends_on:
+      docker-socket-proxy:
+        condition: service_started
+        required: true
+    environment:
+      DOCKER_HOST: tcp://dockerproxy:2375
+    expose:
+      - 9000
+      - 9443
+    image: portainer/portainer-ce:alpine-sts
+    labels:
+      swag: enable
+      swag_proto: http
+      swag_port: 9000
+      swag_url: portainer.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://portainer.${MY_TLD}
+      homepage.group: System Administration
+      homepage.name: Portainer
+      homepage.href: https://portainer.${MY_TLD}
+      homepage.icon: portainer.svg
+      homepage.description: Service delivery platform for containerized applications
+    restart: unless-stopped
+    volumes:
+        - portainer-data:/data
   postal-smtp:
     cap_add:
       - NET_BIND_SERVICE
@@ -3787,8 +4045,8 @@ services:
   prowlarr:
     container_name: prowlarr
     environment:
-      PGID: 1000
-      PUID: 1000
+      PGID: ${PGID}
+      PUID: ${PUID}
       TZ: America/New_York
       DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr
       TP_DOMAIN: trez.wtf\/themepark
@@ -3889,9 +4147,9 @@ services:
   radarr:
     container_name: radarr
     environment:
-      PGID: "1000"
-      PUID: "1000"
-      TZ: America/New_York
+      PGID: ${PGID}
+      PUID: ${PUID}
+      TZ: ${TZ}
     hostname: Rinoa
     image: lscr.io/linuxserver/radarr:latest
     labels:
@@ -4002,8 +4260,8 @@ services:
   readarr:
     container_name: readarr
     environment:
-      PGID: 1000
-      PUID: 1000
+      PGID: ${PGID}
+      PUID: ${PUID}
       TZ: America/New_York
       DOCKER_MODS: ghcr.io/gilbn/theme.park:readnarr
     hostname: Rinoa
@@ -4112,6 +4370,36 @@ services:
     security_opt:
       - no-new-privileges=true
     user: nobody
+  rocketchat:
+    container_name: rocketchat
+    depends_on:
+      mongodb:
+        condition: service_started
+        required: true
+    environment:
+      MONGO_URL: mongodb://mongodb:27017/rocketchat?replicaSet=rinoa
+      MONGO_OPLOG_URL: mongodb://mongodb:27017/local?replicaSet=rinoa
+      ROOT_URL: https://chat.trez.wtf
+      PORT: 3000
+      DEPLOY_METHOD: docker
+      DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-}
+      REG_TOKEN: ${REG_TOKEN:-}
+    expose:
+      - 3000
+    image: ${IMAGE:-registry.rocket.chat/rocketchat/rocket.chat}:${RELEASE:-latest}
+    labels:
+      homepage.group: Social
+      homepage.name: Rocket.Chat
+      homepage.href: https://chat.${MY_TLD}
+      homepage.icon: rocket-chat.svg
+      homepage.description: Fully customizable communications platform with high standards of data protection
+      swag: enable
+      swag_proto: http
+      swag_port: 3000
+      swag_url: chat.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://chat.${MY_TLD}
+    restart: always
   sabnzbdvpn:
     cap_add:
       - NET_ADMIN
@@ -4216,15 +4504,13 @@ services:
       LOG_LEVEL: DEBUG
       OLLAMA_URL: http://ollama:11434
       OLLAMA_MODEL: phi3
-      MONGODB_URI: mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/scrapper
+      MONGODB_URI: mongodb://mongodb:27017/scrapper
       SECRET_KEY: ${SCRAPERR_SECRET_KEY}
       ALGORITHM: HS256
       ACCESS_TOKEN_EXPIRE_MINUTES: 600
       DOCKER_HOST: tcp://dockerproxy:2375
     expose:
       - 8000
-    extra_hosts:
-      - host.docker.internal:host-gateway
     image: jpyles0524/scraperr_api:latest
     labels:
       swag: enable
@@ -4446,7 +4732,7 @@ services:
     read_only: true
     restart: unless-stopped
   sonarqube-pg-db:
-    container_name: sonarqube-pg-db    
+    container_name: sonarqube-pg-db
     environment:
       POSTGRES_USER: sonar
       POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD}
@@ -4464,9 +4750,9 @@ services:
   sonarr:
     container_name: sonarr
     environment:
-      PGID: 1000
-      PUID: 1000
-      TZ: America/New_York
+      PGID: ${PGID}
+      PUID: ${PUID}
+      TZ: ${TZ}
       DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr
     hostname: Rinoa
     image: lscr.io/linuxserver/sonarr:latest
@@ -4596,7 +4882,7 @@ services:
       homepage.group: Downloaders
       homepage.description: Modern client-server application for the Soulseek file-sharing network.
       homepage.href: https://slsk.${MY_TLD}
-      homepage.icon: /icons/slskd.png
+      homepage.icon: slskd.svg
       swag: enable
       swag_proto: http
       swag_url: slsk.${MY_TLD}
@@ -4617,6 +4903,28 @@ services:
         type: bind
         bind:
           create_host_path: true
+  sourcebot:
+    container_name: sourcebot
+    environment:
+      CONFIG_PATH: /data/config.json
+    image: ghcr.io/sourcebot-dev/sourcebot:latest
+    labels:
+      homepage.name: Sourcebot
+      homepage.group: Code/DevOps
+      homepage.description: Self-hosted internet performance tracking
+      homepage.href: https://source.${MY_TLD}
+      homepage.icon: /icons/sourcebot.png
+      swag: enable
+      swag_proto: http
+      swag_port: 3000
+      swag_url: source.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://source.${MY_TLD}
+    ports:
+        - 45251:3000
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/sourcebot:/data
   speedtest-tracker:
     container_name: speedtest-tracker
     image: lscr.io/linuxserver/speedtest-tracker:latest
@@ -4743,40 +5051,6 @@ services:
         source: /var/run/docker.sock
         target: /var/run/docker.sock
         type: bind
-  synapse:
-    container_name: synapse
-    depends_on:
-      - synapse-db
-    environment:
-      SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
-      PUID: 1000
-      PGID: 1000
-    image: docker.io/matrixdotorg/synapse:latest
-    labels:
-      swag: enable
-      swag_proto: http
-      swag_url: matrix.${MY_TLD}
-      swag_port: 8008
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://matrix.${MY_TLD}  
-    ports:
-      - 19345:8008
-      - 8448:8448/tcp
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/synapse/:/data
-  synapse-db:
-    container_name: synapse-db
-    image: postgres:16-alpine
-    environment:
-      POSTGRES_USER: synapse
-      POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
-      POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
-    expose:
-      - 5432
-    restart: unless-stopped
-    volumes:
-      - synapse-db:/var/lib/postgresql/data
   tandoor:
     container_name: tandoor-recipes
     depends_on:
@@ -6148,8 +6422,8 @@ services:
   uptimekuma:
     container_name: uptimekuma
     environment:
-      PGID: 1000
-      PUID: 1000
+      PGID: ${PGID}
+      PUID: ${PUID}
       TZ: America/New_York
       UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME}
       UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
@@ -6455,7 +6729,7 @@ services:
   wazuh.indexer:
     container_name: wazuh.indexer
     environment:
-      - OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m
+      OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m
     hostname: wazuh.indexer
     image: wazuh/wazuh-indexer:${WAZUH_VERSION}
     networks:
@@ -6642,32 +6916,6 @@ services:
         published: "3010"
         target: 3000
     restart: unless-stopped
-  whodb:
-    container_name: whodb
-    environment:
-      WHODB_MONGODB_1: null
-      WHODB_MYSQL_1: null
-    image: clidey/whodb
-    labels:
-      homepage.group: System Administration
-      homepage.name: WhoDB
-      homepage.href: https://dbs.${MY_TLD}
-      homepage.icon: /icons/whodb.png
-      homepage.description: Web-based DB management
-      swag: enable
-      swag_proto: http
-      swag_port: 8080
-      swag_url: dbs.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
-    networks:
-      default: null
-    ports:
-      - mode: ingress
-        protocol: tcp
-        published: "8900"
-        target: 8080
-    restart: unless-stopped
   yacht:
     container_name: yacht
     depends_on:
@@ -6697,19 +6945,17 @@ services:
   your_spotify:
     container_name: your_spotify
     environment:
-      PUID: 1000
-      PGID: 1000
+      PUID: ${PUID}
+      PGID: ${PGID}
       TZ: ${TZ}
       APP_URL: https://myspotify.${MY_TLD}
       SPOTIFY_PUBLIC: ${YOUR_SPOTIFY_ID}
       SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET}
       CORS: all
-      MONGO_ENDPOINT: mongodb://host.docker.internal:27017,host.docker.internal:27018,host.docker.internal:27019/your_spotify
+      MONGO_ENDPOINT: mongodb://mongodb:27017/your_spotify
       LOG_LEVEL: debug
     expose:
       - 8080
-    extra_hosts:
-      - host.docker.internal:host-gateway
     image: lscr.io/linuxserver/your_spotify:latest
     labels:
       homepage.group: Media Library
@@ -6731,8 +6977,8 @@ services:
   youtubedl:
     container_name: youtubedl
     environment:
-      PGID: "1000"
-      PUID: "1000"
+      PGID: ${PGID}
+      PUID: ${PUID}
       TZ: America/New_York
       YDL_CONFIG_PATH: /youtube-dl/config.yml
       YDL_DEBUG: "false"
@@ -7192,6 +7438,8 @@ volumes:
     name: dagu_config
   dagu_data:
     name: dagu_data
+  dbgate-data:
+    name: dbgate-data
   fastenhealth-cache:
     name: fastenhealth-cache
   fastenhealth-db:
@@ -7218,6 +7466,8 @@ volumes:
     name: hortusfox_app_themes
   hortusfox_db_data:
     name: hortusfox_db_data
+  immich-model-cache:
+    name: immich-model-cache
   invidious-postgres:
     name: invidious-postgres
   invoice_ninja_public:
@@ -7235,9 +7485,9 @@ volumes:
   mastodon-pg-db:
     name: mastodon-pg-db
   mongodb_config:
-    name: mongo1_config
+    name: mongodb_config
   mongodb_data:
-    name: mongo1_data
+    name: mongodb_data
   n8n-data:
     name: n8n-data
   netbird-mgmt:
@@ -7264,6 +7514,8 @@ volumes:
     name: plausible-event-data
   plausible-event-logs:
     name: plausible-event-logs
+  portainer-data:
+    name: portainer-data
   reactive-resume-pg:
     name: reactive-resume-pg
   sonarqube-data:
@@ -7278,8 +7530,6 @@ volumes:
     name: sonarqube-logs
   sonarqube-temp:
     name: sonarqube-temp
-  synapse-db:
-    name: synapse-db
   tandoor-pg:
     name: tandoor-pg
   traccar-pg: