Deployment of Stirling-PDF.

Merged by Trez.One

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -25,6 +25,13 @@ jobs:
           uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
           name: 'tea'
           version: '0.9.2'
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'Checking for existing PR... 🔍'
       - name: Check if open PR exists
         id: check-opened-pr-step
         continue-on-error: true
@@ -39,6 +46,13 @@ jobs:
           pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
           pr_index_new=$(expr ${pr_index_old} + 1)
           tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'PR Created 🎟️'
   docker-compose-ansible-lints:
     name: Docker Compose & Ansible Lints
     needs: [check-and-create-pr]
@@ -65,6 +79,13 @@ jobs:
         uses: cpanato/vault-installer@main
       - name: Install hvac
         run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+          notification_message: 'Starting Ansible dry run...'
       - name: Ansible Playbook Dry Run
         uses: dawidd6/action-ansible-playbook@v2
         with:
@@ -82,7 +103,7 @@ jobs:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Ansible dry run completed successfully.'
+          notification_message: 'Ansible dry run completed successfully; starting Docker Compose'
       - name: Generate .env file for Docker Compose Dry Run
         run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
@@ -149,7 +170,7 @@ jobs:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Cloudflare Setup @ Rinoa'
-          notification_message: 'Starting Cloudflare setup'
+          notification_message: 'Starting Cloudflare DNS setup...'
       - name: Compare Subdomains
         id: compare-subdomains
         uses: LouisBrunner/diff-action@v2.2.0
@@ -203,6 +224,13 @@ jobs:
       #     modified_services=${egrep '^  [a-z]' changes.yml | sed -e 's|^  ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'}
       #     echo "Modified services: $modified_services"
       #     echo "modified_services=$modified_services" >> $GITHUB_OUTPUT
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: README Update'
+          notification_message: 'Updating README...'
       - name: Generate service list
         run: |
           yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
@@ -222,6 +250,13 @@ jobs:
         with:
           message: "chore: Update README"
           add: "README.md"
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: README Update'
+          notification_message: 'README updated'
   pr-merge:
     name: PR Merge
     needs: [regenerate-readme-modified-services]
@@ -278,6 +313,13 @@ jobs:
         uses: cpanato/vault-installer@main
       - name: Install hvac
         run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
+          notification_message: 'Starting config deployment with Ansible.'
       - name: Deploy Docker Configs via Ansible
         uses: dawidd6/action-ansible-playbook@v2
         with:
@@ -295,6 +337,13 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
           notification_message: 'Deployment completed successfully.'
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Docker Compose Deployment @ Rinoa'
+          notification_message: 'Starting Docker Compose run...'
       - name: Generate .env file for deployment
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env

.gitignore

@@ -1,3 +1,4 @@
 **/.cache_ggshield
 ansible/collections/ansible_collections/
-**/.env
+**/.env
+**/netbird_openid-configuration.json.j2

README.md

@@ -22,6 +22,7 @@
 | bunkerweb-scheduler | bunkerity/bunkerweb-scheduler:1.6.0 |
 | bunkerweb-autoconf | bunkerity/bunkerweb-autoconf:1.6.0 |
 | bunkerweb-ui | bunkerity/bunkerweb-ui:1.6.0 |
+| bytebase | bytebase/bytebase:3.5.0 |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
@@ -35,7 +36,6 @@
 | dawarich-app | freikin/dawarich:latest |
 | dawarich-pg-db | postgis/postgis:17-3.5-alpine |
 | dawarich-sidekiq | freikin/dawarich:latest |
-| dbgate | dbgate/dbgate:alpine |
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
 | docker-volume-backup | offen/docker-volume-backup:v2 |
@@ -50,6 +50,8 @@
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
 | gluetun | qmcgaw/gluetun:latest |
 | gotify | gotify/server |
+| graylog | graylog/graylog:6.1 |
+| graylog-datanode | graylog/graylog-datanode:6.1 |
 | guacamole | flcontainers/guacamole:latest |
 | homepage | ghcr.io/gethomepage/homepage:latest |
 | hugo | hugomods/hugo:exts |
@@ -94,11 +96,15 @@
 | n8n | docker.n8n.io/n8nio/n8n |
 | navidrome | deluan/navidrome:latest |
 | netalertx | jokobsk/netalertx:latest |
+| netbird-dashboard | netbirdio/dashboard:latest |
+| netbird-signal | netbirdio/signal:latest |
+| netbird-relay | netbirdio/relay:latest |
+| netbird-management | netbirdio/management:latest |
+| netbird-coturn | coturn/coturn:latest |
 | nextcloud | nextcloud/all-in-one:latest |
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
-| parseable | containers.parseable.com/parseable/parseable:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
@@ -132,14 +138,13 @@
 | sourcebot | ghcr.io/sourcebot-dev/sourcebot:latest |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
 | stable-diffusion-download | git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0 |
-| stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.0 |
+| stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.1 |
 | swag | lscr.io/linuxserver/swag:latest |
 | tandoor | vabene1111/recipes |
 | tandoor-pg | postgres:16-alpine |
 | unmanic | josh5/unmanic:latest |
 | uptimekuma | louislam/uptime-kuma:latest |
 | vault | hashicorp/vault:latest |
-| vector | timberio/vector:0.44.0-alpine |
 | wallabag | wallabag/wallabag |
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |

ansible/app-configs/authelia_configuration.yml.j2

@@ -0,0 +1,174 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
+---
+theme: auto
+default_2fa_method: "totp"
+server:
+  address: '0.0.0.0:9091'
+  endpoints:
+    enable_pprof: false
+    enable_expvars: false
+  disable_healthcheck: false
+  tls:
+    key: ""
+    certificate: ""
+    client_certificates: []
+  headers:
+    csp_template: ""
+log:
+  level: debug
+telemetry:
+  metrics:
+    enabled: true
+    address: tcp://0.0.0.0:9959
+totp:
+  disable: false
+  issuer: authelia.com
+  algorithm: sha256
+  digits: 6
+  period: 30
+  skew: 1
+  secret_size: 32
+webauthn:
+  disable: false
+  timeout: 60s
+  display_name: Authelia
+  attestation_conveyance_preference: indirect
+  user_verification: preferred
+ntp:
+  address: "time.cloudflare.com:123"
+  version: 4
+  max_desync: 3s
+  disable_startup_check: false
+  disable_failure: false
+authentication_backend:
+  password_reset:
+    disable: false
+    custom_url: ""
+  ldap:
+    implementation: custom
+    address: ldap://lldap:3890
+    timeout: 5s
+    start_tls: false
+    base_dn: dc=trez,dc=wtf
+    additional_users_dn: ou=people
+    users_filter: "(&({username_attribute}={input})(objectClass=person))"
+    additional_groups_dn: ou=groups
+    groups_filter: "(member={dn})"
+    attributes:
+      username: uid
+      group_name: cn
+      mail: mail
+      display_name: displayName
+    user: uid=authelia,ou=people,dc=trez,dc=wtf
+    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
+  refresh_interval: 5m
+identity_validation:
+  reset_password:
+    jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}'
+password_policy:
+  standard:
+    enabled: true
+    min_length: 8
+    max_length: 0
+    require_uppercase: true
+    require_lowercase: true
+    require_number: true
+    require_special: false
+  zxcvbn:
+    enabled: false
+    min_score: 3
+access_control:
+  default_policy: deny
+  networks:
+    - name: 'internal'
+      networks:
+        - '172.17.0.0/16'
+        - '172.18.0.0/16'
+        - '192.168.1.0/24'
+  rules:
+    - domain_regex:
+      - '^trez.wtf$'
+      - ^www.trez.wtf$''
+      policy: bypass
+    - domain: '*.trez.wtf'
+      policy: bypass
+      networks:
+        - 'internal'
+    - domain: '*.trez.wtf'
+      policy: one_factor
+      subject:
+      - ['user:the.trezured.one']
+session:
+  name: authelia_session
+  secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
+  expiration: 1h
+  inactivity: 5m
+  remember_me: 1M
+  cookies:
+    - domain: 'trez.wtf'
+      authelia_url: 'https://auth.trez.wtf'
+  redis:
+    host: redis
+    port: 6379
+storage:
+  encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
+  postgres:
+    address: 'tcp://authelia-pg:5432'
+    database: authelia
+    username: authelia
+    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
+    timeout: '5s'
+regulation:
+  max_retries: 3
+  find_time: 2m
+  ban_time: 5m
+notifier:
+  disable_startup_check: true
+  smtp:
+    address: 'smtp://postal-smtp:25'
+    timeout: '5s'
+    username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
+    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
+    sender: "Authelia <noreply@trez.wtf>"
+    identifier: 'localhost'
+    subject: "[Authelia] {title}"
+    startup_check_address: 'test@authelia.com'
+    disable_require_tls: true
+    disable_starttls: true
+    disable_html_emails: false
+identity_providers:
+  oidc:
+    hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
+    jwks:
+      key_id: 'netbird'
+      key: |
+        {{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(8) }}
+      certificate_chain: |
+        {{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_CERT_CHAIN"] | replace("\\n", "\n") | indent(8) }}
+    cors:
+      allowed_origins_from_client_redirect_uris: true
+      endpoints:
+        - 'userinfo'
+        - 'authorization'
+        - 'token'
+        - 'revocation'
+        - 'introspection'
+    clients:
+      - client_id: 'netbird'
+        client_name: 'NetBird'
+        client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
+        public: false
+        authorization_policy: 'two_factor'
+        redirect_uris:
+          - 'https://vpn.trez.wtf/peers'
+          - 'https://vpn.trez.wtf/add-peers'
+          - 'http://localhost'
+        scopes:
+          - 'openid'
+          - 'email'
+          - 'profile'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_post'

ansible/app-configs/multi-scrobbler_config.json.j2

@@ -2,62 +2,107 @@
 {% set secrets_path = 'rinoa-docker/env' %}
 
 {
-    "sourceDefaults": {
+  "debugMode": false,
-      "maxPollRetries": 0,          // optional, default # of automatic polling restarts on error. can be overridden by property in individual config
+  "disableWeb": false,
-      "maxRequestRetries": 1,       // optional, default # of http request retries a source can make before error is thrown. can be overridden by property in individual config
+  "sourceDefaults": {
-      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
+    "logPayload": false,
+    "logFilterFailure": "warn",
+    "logPlayerState": false,
+    "scrobbleThresholds": {
+      "duration": 30,
+      "percent": 20
     },
-    "clientDefaults": {
+    "maxPollRetries": 1,
-      "maxRequestRetries": 1,       // optional, default # of http request retries a client can make before error is thrown. can be overridden by property in individual config
+    "maxRequestRetries": 1,
-      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
+    "retryMultiplier": 1.5
+  },
+  "clientDefaults": {
+    "maxRequestRetries": 1,
+    "retryMultiplier": 1.5
+  },
+  "sources": [
+    {
+      "type": "spotify",
+      "enable": true,
+      "clients": [],
+      "name": "Spotify",
+      "data": {
+        "clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
+        "clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
+        "redirectUri": "http://localhost:9078/callback"
+      }
     },
-    "clients": [
+    {
-        {
+      "type:": "lastfm",
-            "name": "Last.fm Client",
+      "name": "Last.fm",
-            "enable": true,
+      "enable": true,
-            "configureAs": "client",
+      "data": {
-            "data": {
+        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
-            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
+        "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
-            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
+        "redirectUri": "http://localhost:9078/lastfm/callback"
-            "redirectUri": "http://localhost:9078/lastfm/callback"
+      }
-            }
+    },
-        },
+    {
-        {
+      "type": "listenbrainz",
-            "name": "Last.fm Source",
+      "name": "ListenBrainz",
-            "enable": true,
+      "enable": true,
-            "configureAs": "source",
+      "data": {
-            "data": {
+        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
-            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
+        "username": "Trez.One"
-            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
+      }
-            "redirectUri": "http://localhost:9078/lastfm/callback"
+    },
-            }
+    {
-        },
+      "type": "subsonic",
-        {
+      "name": "Navidrome",
-            "name": "Maloja",
+      "enable": true,
-            "enable": true,
+      "data": {
-            "data": {
+        "url": "http://navidrome:4533",
-            "url": "http://maloja:42010",
+        "user": "admin",
-            "apiKey": "myMalojaKey"
+        "password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_PASSWORD'] }}"
-            }
+      }
-        },
+    }
-        {
+  ],
-          "name": "ListenBrainz Client",
+  "clients": [
-          "enable": true,
+    {
-          "configureAs": "client",
+      "type": "lastfm",
-          "data": {
+      "name": "Last.fm Client",
-            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
+      "enable": true,
-            "username": "Trez.One"
+      "data": {
-          }
+        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
-        },
+        "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
-        {
+        "redirectUri": "http://localhost:9078/lastfm/callback"
-          "name": "ListenBrainz Source",
+      }
-          "enable": true,
+    },
-          "configureAs": "source",
+    {
-          "data": {
+      "type": "listenbrainz",
-            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
+      "name": "ListenBrainz Client",
-            "username": "Trez.One"
+      "enable": true,
-          }
+      "data": {
-        }
+        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
-      ]
+        "username": "Trez.One"
-  }
+      }
+    },
+    {
+      "type": "maloja",
+      "enable": true,
+      "name": "Maloja",
+      "data": {
+        "url": "http://maloja:42010",
+        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
+      }
+    }
+  ],
+  "webhooks": [
+    {
+      "name": "Gotify",
+      "type": "gotify",
+      "url": "http://gotify",
+      "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
+      "priorities": {
+        "info": 5,
+        "warn": 7,
+        "error": 10
+      }
+    }
+  ]
 }

ansible/app-configs/netbird_management.json.j2

@@ -47,60 +47,30 @@
   },
   "HttpConfig": {
     "Address": "0.0.0.0:33073",
-    "AuthIssuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
+    "AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
-    "AuthAudience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+    "AuthAudience": "netbird",
-    "AuthKeysLocation": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/keys",
+    "AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
     "AuthUserIDClaim": "",
     "CertFile": "",
     "CertKey": "",
     "IdpSignKeyRefreshEnabled": true,
-    "OIDCConfigEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
+    "OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
-  },
-  "IdpManagerConfig": {
-    "ManagerType": "zitadel",
-    "ClientConfig": {
-      "Issuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
-      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
-      "ClientID": "netbird",
-      "ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_SECRET'] }}",
-      "GrantType": "client_credentials"
-    },
-    "ExtraConfig": {
-      "ManagementEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/management/v1"
-    },
-    "Auth0ClientCredentials": null,
-    "AzureClientCredentials": null,
-    "KeycloakClientCredentials": null,
-    "ZitadelClientCredentials": null
-  },
-  "DeviceAuthorizationFlow": {
-    "Provider": "hosted",
-    "ProviderConfig": {
-      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
-      "AuthorizationEndpoint": "",
-      "Domain": "",
-      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
-      "ClientSecret": "",
-      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
-      "DeviceAuthEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/device_authorization",
-      "Scope": "openid",
-      "UseIDToken": false,
-      "RedirectURLs": null
-    }
   },
+  "IdpManagerConfig": {},
+  "DeviceAuthorizationFlow": {},
   "PKCEAuthorizationFlow": {
     "ProviderConfig": {
-      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+      "Audience": "netbird",
-      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+      "ClientID": "netbird",
-      "ClientSecret": "",
+      "ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
       "Domain": "",
-      "AuthorizationEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/authorize",
+      "AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
-      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
+      "TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
       "Scope": "openid profile email offline_access api",
       "RedirectURLs": [
         "http://localhost:53000"
       ],
-      "UseIDToken": false
+      "UseIDToken": true
     }
   }
 }

docker-compose.yml

@@ -202,9 +202,10 @@ services:
       AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
       AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
       AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
-      # PGID: ${PGID}
+      PGID: ${PGID}
-      # PUID: ${PUID}
+      PUID: ${PUID}
       TZ: ${TZ}
+      X_AUTHELIA_CONFIG_FILTERS: template
     expose:
       - 9091
     image: authelia/authelia:master
@@ -505,6 +506,8 @@ services:
       TZ: ${TZ}
     expose:
       - 3000
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     image: ghcr.io/browserless/chromium:latest
     labels:
       swag: enable
@@ -575,6 +578,26 @@ services:
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://bunker.${MY_TLD}
     restart: unless-stopped
+  bytebase:
+    container_name: bytebase
+    image: bytebase/bytebase:3.5.0
+    labels:
+      homepage.group: System Administration
+      homepage.name: Bytebase
+      homepage.href: https://dbs.${MY_TLD}
+      homepage.icon: /icons/bytebase.png
+      homepage.description: Database-as-Code CI/CD
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_url: dbs.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
+    ports:
+      - 49054:8080
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/bytebase:/var/opt/bytebase
   bytestash:
     container_name: bytestash
     environment:
@@ -1011,141 +1034,6 @@ services:
       - dawarich_public:/var/app/public
       - dawarich_watched:/var/app/tmp/imports/watched
       - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
-  dbgate:
-    container_name: dbgate
-    environment:
-      CONNECTIONS: authelia-pg,bitmagnet-pg-db,gitea-db,invidious-db,joplin-db,mariadb,mastodon-pg-db,mongodb,peppermint-db,pgbackweb-db,plausible-db,plausible-events-db,reactive-resume-pg,sonarqube-pg-db,synapse-db,tandoor-pg,redis
-      LOGIN: TrezOne
-      PASSWORD: ${DBGATE_LOGIN_PASSWORD}
-
-      LABEL_mariadb: mariadb
-      SERVER_mariadb: mariadb
-      USER_mariadb: root
-      PASSWORD_mariadb: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
-      PORT_mariadb: 3306
-      ENGINE_mariadb: mariadb@dbgate-plugin-mysql
-
-      LABEL_authelia-pg: authelia-pg
-      SERVER_authelia-pg: authelia-pg
-      USER_authelia-pg: authelia
-      DATABASE_authelia-pg: authelia
-      PASSWORD_authelia-pg: ${BITMAGNET_POSTGRESQL_PASSWORD}
-      PORT_authelia-pg: 5432
-      ENGINE_authelia-pg: postgres@dbgate-plugin-postgres
-
-      LABEL_bitmagnet-pg-db: bitmagnet-pg-db
-      SERVER_bitmagnet-pg-db: bitmagnet-pg-db
-      USER_bitmagnet-pg-db: bitmagnet-pg
-      DATABASE_bitmagnet-pg-db: bitmagnet
-      PASSWORD_bitmagnet-pg-db: ${BITMAGNET_POSTGRESQL_PASSWORD}
-      PORT_bitmagnet-pg-db: 5432
-      ENGINE_bitmagnet-pg-db: postgres@dbgate-plugin-postgres
-
-      LABEL_gitea-db: gitea-db
-      SERVER_gitea-db: gitea-db
-      USER_gitea-db: gitea
-      PASSWORD_gitea-db: ${GITEA_PG_DB_PASSWORD}
-      DATABASE_gitea-db: gitea
-      PORT_gitea-db: 5432
-      ENGINE_gitea-db: postgres@dbgate-plugin-postgres
-
-      LABEL_invidious-db: invidious-db
-      SERVER_invidious-db: invidious-db
-      USER_invidious-db: kemal
-      PASSWORD_invidious-db: ${INVID_PG_DB_PASSWORD}
-      PORT_invidious-db: 5432
-      DATABASE_invidious-db: invidious
-      ENGINE_invidious-db: postgres@dbgate-plugin-postgres
-
-      LABEL_joplin-db: joplin-db
-      SERVER_joplin-db: joplin-db
-      USER_joplin-db: ${JOPLIN_POSTGRES_USER}
-      PASSWORD_joplin-db: ${JOPLIN_POSTGRES_DATABASE}
-      DATABASE_joplin-db: joplin
-      PORT_joplin-db: 5432
-      ENGINE_joplin-db: postgres@dbgate-plugin-postgres
-
-      LABEL_mastodon-pg-db: mastodon-pg-db
-      SERVER_mastodon-pg-db: mastodon-pg-db
-      USER_mastodon-pg-db: mastodon
-      PASSWORD_mastodon-pg-db: ${MASTODON_PG_DB_PASSWORD}
-      DATABASE_mastodon-pg-db: mastodon
-      PORT_mastodon-pg-db: 5432
-      ENGINE_mastodon-pg-db: postgres@dbgate-plugin-postgres
-
-      LABEL_mongodb: mongodb
-      SERVER_mongodb: mongodb
-      USER_mongodb: root
-      PASSWORD_mongodb: ${MONGO_INITDB_ROOT_PASSWORD}
-      PORT_mongodb: 27017
-      DATABSE_mongodb: admin
-      # URI_mongodb: mongodb://root:${MONGO_INITDB_ROOT_PASSWORD}@mongodb:27017/admin?replicaSet=rinoa
-      ENGINE_mongodb: mongo@dbgate-plugin-mongo-v2
-
-      LABEL_peppermint-db: peppermint-pg-db
-      SERVER_peppermint-db: peppermint-pg-db
-      USER_peppermint-db: peppermint
-      PASSWORD_peppermint-db: ${PEPPERMINT_PG_PASSWORD}
-      PORT_peppermint-db: 5432
-      ENGINE_peppermint-db: postgres@dbgate-plugin-postgres
-
-      LABEL_pgbackweb-db: pgbackweb-db
-      SERVER_pgbackweb-db: pgbackweb-db
-      USER_pgbackweb-db: pgbackweb
-      PASSWORD_pgbackweb-db: ${PGBACKWEB_PG_DB_PASSWD}
-      PORT_pgbackweb-db: 5432
-      ENGINE_pgbackweb-db: postgres@dbgate-plugin-postgres
-
-      LABEL_plausible-db: plausible-db
-      SERVER_plausible-db: plausible-db
-      USER_plausible-db: plausible
-      PASSWORD_plausible-db: ${PLAUSIBLE_PG_PASSWORD}
-      PORT_plausible-db: 5432
-      ENGINE_plausible-db: postgres@dbgate-plugin-postgres
-
-      LABEL_reactive-resume-pg: reactive-resume-pg
-      SERVER_reactive-resume-pg: reactive-resume-pg
-      USER_reactive-resume-pg: reactiveresume
-      PASSWORD_reactive-resume-pg: ${REACTIVE_RESUME_PGSQL_PASSWORD}
-      PORT_reactive-resume-pg: 5432
-      ENGINE_reactive-resume-pg: postgres@dbgate-plugin-postgres
-
-      LABEL_sonarqube-pg-db: sonarqube-pg-db
-      SERVER_sonarqube-pg-db: sonarqube-pg-db
-      USER_sonarqube-pg-db: sonar
-      PASSWORD_sonarqube-pg-db: ${SONARQUBE_POSTGRES_PASSWORD}
-      PORT_sonarqube-pg-db: 5432
-      ENGINE_sonarqube-pg-db: postgres@dbgate-plugin-postgres
-
-      LABEL_tandoor-pg: tandoor-pg
-      SERVER_tandoor-pg: tandoor-pg
-      USER_tandoor-pg: tandoor
-      PASSWORD_tandoor-pg: ${TANDOOR_POSTGRES_PASSWORD}
-      PORT_tandoor-pg: 5432
-      ENGINE_tandoor-pg: postgres@dbgate-plugin-postgres
-
-      LABEL_redis: redis
-      SERVER_redis: redis
-      PORT_redis: 6379
-      ENGINE_redis: redis@dbgate-plugin-redis
-    image: dbgate/dbgate:alpine
-    labels:
-      homepage.group: System Administration
-      homepage.name: DbGate
-      homepage.href: https://dbs.${MY_TLD}
-      homepage.icon: sh-dbgate.png
-      homepage.description: Cross-platform database manager
-      swag: enable
-      swag_port: 3000
-      swag_proto: http
-      swag_url: dbs.${MY_TLD}
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
-    ports:
-      - 49054:3000
-    restart: unless-stopped
-    volumes:
-      - dbgate-data:/root/.dbgate
   delugevpn:
     cap_add:
       - NET_ADMIN
@@ -1266,77 +1154,74 @@ services:
     restart: always
     volumes:
       - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
-      - authelia-pg-db:/data/authelia-pg-db:ro
+      - authelia-pg-db:/backup/authelia-pg-db:ro
-      - bitmagnet-pg-db:/data/bitmagnet-pg-db:ro
+      - bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro
-      - bunkerweb-storage:/data/bunkerweb-storage:ro
+      - bunkerweb-storage:/backup/bunkerweb-storage:ro
-      - castopod-media:/data/castopod-media:ro
+      - castopod-media:/backup/castopod-media:ro
-      - crowdsec-config:/data/crowdsec-config:ro
+      - crowdsec-config:/backup/crowdsec-config:ro
-      - crowdsec-db:/data/crowdsec-db:ro
+      - crowdsec-db:/backup/crowdsec-db:ro
-      - dawarich_db_data:/data/dawarich_db_data:ro
+      - dawarich_db_data:/backup/dawarich_db_data:ro
-      - dawarich_shared:/data/dawarich_shared:ro
+      - dawarich_shared:/backup/dawarich_shared:ro
-      - dawarich_public:/data/dawarich_public:ro
+      - dawarich_public:/backup/dawarich_public:ro
-      - dawarich_watched:/data/dawarich_watched:ro
+      - dawarich_watched:/backup/dawarich_watched:ro
-      - dbgate-data:/data/dbgate-data:ro
+      - docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro
-      - docker-volume-bkup-data:/data/docker-volume-bkup-data:ro
+      - fastenhealth-cache:/backup/fastenhealth-cache:ro
-      - fastenhealth-cache:/data/fastenhealth-cache:ro
+      - fastenhealth-db:/backup/fastenhealth-db:ro
-      - fastenhealth-db:/data/fastenhealth-db:ro
+      - gitea-pg-db:/backup/gitea-pg-db:ro
-      - filebeat_etc:/data/filebeat_etc:ro
+      - hortusfox_app_backup:/backup/hortusfox_app_backup:ro
-      - filebeat_var:/data/filebeat_var:ro
+      - hortusfox_app_images:/backup/hortusfox_app_images:ro
-      - gitea-pg-db:/data/gitea-pg-db:ro
+      - hortusfox_app_logs:/backup/hortusfox_app_logs:ro
-      - hortusfox_app_backup:/data/hortusfox_app_backup:ro
+      - hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro
-      - hortusfox_app_images:/data/hortusfox_app_images:ro
+      - hortusfox_app_themes:/backup/hortusfox_app_themes:ro
-      - hortusfox_app_logs:/data/hortusfox_app_logs:ro
+      - hortusfox_db_data:/backup/hortusfox_db_data:ro
-      - hortusfox_app_migrate:/data/hortusfox_app_migrate:ro
+      - immich-model-cache:/backup/immich-model-cache:ro
-      - hortusfox_app_themes:/data/hortusfox_app_themes:ro
+      - influxdb2-data:/backup/influxdb2-data:ro
-      - hortusfox_db_data:/data/hortusfox_db_data:ro
+      - influxdb2-config:/backup/influxdb2-config:ro
-      - immich-model-cache:/data/immich-model-cache:ro
+      - invidious-postgres:/backup/invidious-postgres:ro
-      - influxdb2-data:/data/influxdb2-data:ro
+      - invoice-ninja_cache:/backup/invoice-ninja_cache:ro
-      - influxdb2-config:/data/influxdb2-config:ro
+      - invoice-ninja_public:/backup/invoice-ninja_public:ro
-      - invidious-postgres:/data/invidious-postgres:ro
+      - invoice-ninja_storage:/backup/invoice-ninja_storage:ro
-      - invoice-ninja_cache:/data/invoice-ninja_cache:ro
+      - jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro
-      - invoice-ninja_public:/data/invoice-ninja_public:ro
+      - jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro
-      - invoice-ninja_storage:/data/invoice-ninja_storage:ro
+      - joplin_data:/backup/joplin_data:ro
-      - jitsi-web-admin-theme:/data/jitsi-web-admin-theme:ro
+      - librechat-pg-data:/backup/librechat-pg-data:ro
-      - jitsi-web-admin-upload:/data/jitsi-web-admin-upload:ro
+      - libretranslate_models:/backup/libretranslate_models:ro
-      - joplin_data:/data/joplin_data:ro
+      - lldap_data:/backup/lldap_data:ro
-      - librechat-pg-data:/data/librechat-pg-data:ro
+      - mastodon-pg-db:/backup/mastodon-pg-db:ro
-      - libretranslate_models:/data/libretranslate_models:ro
+      - mixpost-storage:/backup/mixpost-storage:ro
-      - lldap_data:/data/lldap_data:ro
+      - mixpost-logs:/backup/mixpost-logs:ro
-      - mastodon-pg-db:/data/mastodon-pg-db:ro
+      - mongodb_config:/backup/mongodb_config:ro
-      - mixpost-storage:/data/mixpost-storage:ro
+      - mongodb_data:/backup/mongodb_data:ro
-      - mixpost-logs:/data/mixpost-logs:ro
+      - n8n-data:/backup/n8n-data:ro
-      - mongodb_config:/data/mongodb_config:ro
+      - netbird-mgmt:/backup/netbird-mgmt:ro
-      - mongodb_data:/data/mongodb_data:ro
+      - netbird-signal:/backup/netbird-signal:ro
-      - n8n-data:/data/n8n-data:ro
+      - netbird-letsencrypt:/backup/netbird-letsencrypt:ro
-      - netbird-mgmt:/data/netbird-mgmt:ro
+      - nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro
-      - netbird-signal:/data/netbird-signal:ro
+      - ollama:/backup/ollama:ro
-      - netbird-letsencrypt:/data/netbird-letsencrypt:ro
+      - open-webui:/backup/open-webui:ro
-      - nextcloud_aio_mastercontainer:/data/nextcloud_aio_mastercontainer:ro
+      - paperless-ngx-data:/backup/paperless-ngx-data:ro
-      - ollama:/data/ollama:ro
+      - paperless-ngx-media:/backup/paperless-ngx-media:ro
-      - open-webui:/data/open-webui:ro
+      - paperless-ngx-pg:/backup/paperless-ngx-pg:ro
-      - paperless-ngx-data:/data/paperless-ngx-data:ro
+      - peppermint-pg-data:/backup/peppermint-pg-data:ro
-      - paperless-ngx-media:/data/paperless-ngx-media:ro
+      - pgbackweb-data:/backup/pgbackweb-data:ro
-      - paperless-ngx-pg:/data/paperless-ngx-pg:ro
+      - plausible-db-data:/backup/plausible-db-data:ro
-      - peppermint-pg-data:/data/peppermint-pg-data:ro
+      - plausible-event-data:/backup/plausible-event-data:ro
-      - pgbackweb-data:/data/pgbackweb-data:ro
+      - plausible-event-logs:/backup/plausible-event-logs:ro
-      - plausible-db-data:/data/plausible-db-data:ro
+      - portainer-data:/backup/portainer-data:ro
-      - plausible-event-data:/data/plausible-event-data:ro
+      - reactive-resume-pg:/backup/reactive-resume-pg:ro
-      - plausible-event-logs:/data/plausible-event-logs:ro
+      - semaphore_config:/backup/semaphore_config:ro
-      - portainer-data:/data/portainer-data:ro
+      - semaphore_data:/backup/semaphore_data:ro
-      - reactive-resume-pg:/data/reactive-resume-pg:ro
+      - semaphore_tmp:/backup/semaphore_tmp:ro
-      - semaphore_config:/data/semaphore_config:ro
+      - sonarqube-data:/backup/sonarqube-data:ro
-      - semaphore_data:/data/semaphore_data:ro
+      - sonarqube-db:/backup/sonarqube-db:ro
-      - semaphore_tmp:/data/semaphore_tmp:ro
+      - sonarqube-db-data:/backup/sonarqube-db-data:ro
-      - sonarqube-data:/data/sonarqube-data:ro
+      - sonarqube-extensions:/backup/sonarqube-extensions:ro
-      - sonarqube-db:/data/sonarqube-db:ro
+      - sonarqube-logs:/backup/sonarqube-logs:ro
-      - sonarqube-db-data:/data/sonarqube-db-data:ro
+      - sonarqube-temp:/backup/sonarqube-temp:ro
-      - sonarqube-extensions:/data/sonarqube-extensions:ro
+      - tandoor-pg:/backup/tandoor-pg:ro
-      - sonarqube-logs:/data/sonarqube-logs:ro
+      - unmanic-cache:/backup/unmanic-cache:ro
-      - sonarqube-temp:/data/sonarqube-temp:ro
+      - wallos-db:/backup/wallos-db:ro
-      - tandoor-pg:/data/tandoor-pg:ro
+      - wallos-logos:/backup/wallos-logos:ro
-      - unmanic-cache:/data/unmanic-cache:ro
-      - wallos-db:/data/wallos-db:ro
-      - wallos-logos:/data/wallos-logos:ro
   docuseal:
     container_name: docuseal
     image: docuseal/docuseal:latest
@@ -1702,6 +1587,86 @@ services:
         type: bind
         bind:
           create_host_path: true
+  graylog:
+    container_name: graylog
+    image: ${GRAYLOG_IMAGE:-graylog/graylog:6.1}
+    depends_on:
+      graylog-datanode:
+        condition: service_started
+        required: true
+      mongodb:
+        condition: service_started
+        required: true
+    entrypoint: /usr/bin/tini --  /docker-entrypoint.sh
+    environment:
+      GRAYLOG_NODE_ID_FILE: /usr/share/graylog/data/data/node-id
+      GRAYLOG_PASSWORD_SECRET: ${GRAYLOG_PASSWORD_SECRET}
+      GRAYLOG_ROOT_PASSWORD_SHA2: ${GRAYLOG_ROOT_PASSWORD_SHA2}
+      GRAYLOG_HTTP_BIND_ADDRESS: 0.0.0.0:9000
+      GRAYLOG_HTTP_EXTERNAL_URI: http://localhost:9000/
+      GRAYLOG_MONGODB_URI: mongodb://graylog:${GRAYLOG_MONGODB_PASSWORD}@mongodb:27017/graylog?replicaSet=rinoa
+      GRAYLOG_ROOT_EMAIL: charish.patel@${MY_TLD}
+      GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: ${POSTAL_SMTP_AUTH_USER}
+      GRAYLOG_TRANSPORT_EMAIL_ENABLED: true
+      GRAYLOG_TRANSPORT_EMAIL_FROM_EMAIL: noreply@${MY_TLD}
+      GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: postal-smtp
+      GRAYLOG_TRANSPORT_EMAIL_PORT: 25
+      GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: true
+    labels:
+      homepage.group: Infrastructure/App Performance Monitoring
+      homepage.name: Graylog
+      homepage.href: https://logs.${MY_TLD}
+      homepage.icon: sh-graylog.svg
+      homepage.description: Log Management
+      swag: enable
+      swag_port: 9000
+      swag_proto: http
+      swag.uptime-kuma.enabled: true
+    ports:
+    - 5044:5044/tcp   # Beats
+    - 5140:5140/udp   # Syslog
+    - 5140:5140/tcp   # Syslog
+    - 5555:5555/tcp   # RAW TCP
+    - 5555:5555/udp   # RAW UDP
+    - 13457:9000/tcp   # Server API
+    - 12201:12201/tcp # GELF TCP
+    - 12201:12201/udp # GELF UDP
+    #- 10000:10000/tcp # Custom TCP port
+    #- 10000:10000/udp # Custom UDP port
+    - 13301:13301/tcp # Forwarder data
+    - 13302:13302/tcp # Forwarder config
+    restart: on-failure
+    volumes:
+      - graylog-data:/usr/share/graylog/data/data
+  graylog-datanode:
+    container_name: graylog-datanode
+    image: ${DATANODE_IMAGE:-graylog/graylog-datanode:6.1}
+    environment:
+      GRAYLOG_DATANODE_NODE_ID_FILE: /var/lib/graylog-datanode/node-id
+      GRAYLOG_DATANODE_PASSWORD_SECRET: ${GRAYLOG_PASSWORD_SECRET}
+      GRAYLOG_DATANODE_MONGODB_URI: mongodb://graylog:${GRAYLOG_MONGODB_PASSWORD}@mongodb:27017/graylog?replicaSet=rinoa
+      GRAYLOG_PATH_REPO: graylog
+      GRAYLOG_S3_CLIENT_DEFAULT_ACCESS_KEY: ${GRAYLOG_S3_ACCESS_KEY}
+      GRAYLOG_S3_CLIENT_DEFAULT_ENDPOINT: minio:9000
+      GRAYLOG_S3_CLIENT_DEFAULT_PATH_STYLE_ACCESS: 1
+      GRAYLOG_S3_CLIENT_DEFAULT_PROTOCOL: http
+      GRAYLOG_S3_CLIENT_DEFAULT_REGION: us-east-fh-pln
+      GRAYLOG_S3_CLIENT_DEFAULT_SECRET_KEY: ${GRAYLOG_S3_SECRET_KEY}
+    ports:
+      - 8999:8999
+      - 9200:9200
+      - 9300:9300
+    restart: on-failure
+    ulimits:
+      memlock:
+        hard: -1
+        soft: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - graylog-datanode:/var/lib/graylog-datanode
   guacamole:
     container_name: guacamole
     environment:
@@ -1729,11 +1694,11 @@ services:
       - /etc/localtime:/etc/localtime:ro
   homepage:
     container_name: homepage
+    environment:
+      HOMEPAGE_ALLOWED_HOSTS: ${MY_TLD}
     image: ghcr.io/gethomepage/homepage:latest
     labels:
       swag_server_custom_directive: access_log /config/log/$$host_access.log ; error_log /config/log/$$host_error.log ;
-    networks:
-      default: null
     ports:
       - 3004:3000
     restart: unless-stopped
@@ -1788,8 +1753,12 @@ services:
         condition: service_started
         required: true
       immich-pg-db:
-        condition: service_started
+        condition: service_healthy
         required: true
+      immich-machine-learning:
+        condition: service_healthy
+        required: true
+        restart: true
     environment:
       DB_DATABASE_NAME: immich
       DB_HOSTNAME: immich-pg-db
@@ -1833,10 +1802,6 @@ services:
       - /etc/localtime:/etc/localtime:ro
   immich-machine-learning:
     container_name: immich-machine-learning
-    depends_on:
-      immich-server:
-        condition: service_started
-        required: true
     healthcheck:
       disable: false
     image: ghcr.io/immich-app/immich-machine-learning:release
@@ -2966,15 +2931,15 @@ services:
     labels:
       homepage.group: Media Library
       homepage.name: Maloja
-      homepage.href: https://scrobble.${MY_TLD}
+      homepage.href: https://maloja.${MY_TLD}
       homepage.icon: maloja.png
       homepage.description: Simple self-hosted music scrobble database to create personal listening statistics
       swag: enable
       swag_proto: http
       swag_port: 42010
-      swag_url: scrobble.${MY_TLD}
+      swag_url: maloja.${MY_TLD}
       swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://scrobble.${MY_TLD}
+      swag.uptime-kuma.monitor.url: https://maloja.${MY_TLD}
     networks:
       default: null
     ports:
@@ -3249,6 +3214,7 @@ services:
   multi-scrobbler:
     container_name: multi-scrobbler
     environment:
+      BASE_URL: https://scrobble.trez.wtf
       TZ: ${TZ}
       PUID: ${PUID}
       PGID: ${PGID}
@@ -3256,7 +3222,7 @@ services:
       MALOJA_API_KEY: ${MALOJA_API_KEY}
       LASTFM_API_KEY: ${LASTFM_API_KEY}
       LASTFM_API_SECRET: ${LASTFM_API_SECRET}
-      LZ_USER: Trez.on
+      LZ_USER: Trez.One
       LZ_TOKEN: ${MALOJA_LISTENBRAINZ_TOKEN}
       SPOTIFY_CLIENT_ID: ${YOUR_SPOTIFY_ID}
       SPOTIFY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET}
@@ -3264,9 +3230,15 @@ services:
     labels:
       homepage.group: Media Library
       homepage.name: Multi-Scrobbler
-      homepage.href: http://192.168.1.254:9078
+      homepage.href: https://scrobble.trez.wtf
       homepage.icon: sh-multi-scrobbler.svg
       homepage.description: JS App for scrobbling/recording play history from/to multiple sources
+      swag: enable
+      swag_proto: http
+      swag_port: 9078
+      swag_url: scrobble.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://scrobble.${MY_TLD}
     networks:
       default: null
     ports:
@@ -3308,13 +3280,20 @@ services:
   navidrome:
     container_name: navidrome
     environment:
-      ND_AUTOIMPORTPLAYLISTS: false
+      ND_AUTOIMPORTPLAYLISTS: true
       ND_BASEURL: ""
+      ND_BACKUP_PATH: /backups
+      ND_BACKUP_SCHEDULE: '@every 6h'
+      ND_BACKUP_COUNT: 7
+      ND_ENABLEGRAVATAR: true
+      ND_ENABLESHARING: true
       ND_LASTFM_APIKEY: ${LASTFM_API_KEY}
       ND_LASTFM_ENABLED: true
       ND_LASTFM_SECRET: ${LASTFM_API_SECRET}
+      ND_LISTENBRAINZ_ENABLED: true
       ND_LOGLEVEL: info
       ND_MUSICFOLDER: /music
+      ND_PLAYLISTPATH: /playlists
       ND_SCANNER_GROUPALBUMRELEASES: true
       ND_SCANSCHEDULE: '@every 6h'
       ND_SESSIONTIMEOUT: 24h
@@ -3331,8 +3310,8 @@ services:
       homepage.widget.type: navidrome
       homepage.widget.url: http://navidrome:4533
       homepage.widget.user: admin
-      homepage.widget.token: e8a9e97b29aa963fa4729c633289d232
+      homepage.widget.token: ${NAVIDROME_HOMEPAGE_TOKEN}
-      homepage.widget.salt: v5Z93Z
+      homepage.widget.salt: ${NAVIDROME_HOMEPAGE_SALT}
       swag: enable
       swag_port: 4533
       swag_proto: http
@@ -3346,16 +3325,10 @@ services:
     restart: unless-stopped
     user: 1000:1000
     volumes:
-      - source: ${DOCKER_VOLUME_CONFIG}/navidrome
+      - ${DOCKER_VOLUME_CONFIG}/navidrome:/data
-        target: /data
+      - ${DOCKER_VOLUME_STORAGE}/Audio/Music:/music
-        type: bind
+      - ${DOCKER_VOLUME_STORAGE}/Audio/Playlists:/playlists
-        bind:
+      - ${DOCKER_VOLUME_STORAGE}/backups/navidrome:/backups
-          create_host_path: true
-      - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
-        target: /music
-        type: bind
-        bind:
-          create_host_path: true
   netalertx:
     container_name: netalertx
     environment:
@@ -3383,123 +3356,124 @@ services:
         target: /app/api
       # (API: OPTION 2) use when debugging issues
       # - ${DOCKER_VOLUME_CONFIG}/netalertx/api:/app/api
-  # netbird-dashboard:
+  netbird-dashboard:
-  #   container_name: netbird-dashboard
+    container_name: netbird-dashboard
-  #   environment:
+    environment:
-  #     # Endpoints
+      # Endpoints
-  #     NETBIRD_MGMT_API_ENDPOINT: https://netbird.${MY_TLD}:33073
+      NETBIRD_MGMT_API_ENDPOINT: https://vpn.${MY_TLD}
-  #     NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.${MY_TLD}:33073
+      NETBIRD_MGMT_GRPC_API_ENDPOINT: https://vpn.${MY_TLD}
-  #     # OIDC
+      # OIDC
-  #     AUTH_AUDIENCE: ${NETBIRD_ZITADEL_CLIENT_ID}
+      AUTH_AUDIENCE: none
-  #     AUTH_CLIENT_ID: ${NETBIRD_ZITADEL_CLIENT_ID}
+      AUTH_CLIENT_ID: netbird
-  #     AUTH_CLIENT_SECRET: ${NETBIRD_ZITADEL_CLIENT_SECRET}
+      AUTH_CLIENT_SECRET: ${AUTHELIA_NETBIRD_CLIENT_SECRET}
-  #     AUTH_AUTHORITY: https://id.${MY_TLD}
+      AUTH_AUTHORITY: https://auth.${MY_TLD}
-  #     USE_AUTH0: false
+      USE_AUTH0: false
-  #     AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
+      AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
-  #     AUTH_REDIRECT_URI: /auth
+      AUTH_REDIRECT_URI: /peers
-  #     AUTH_SILENT_REDIRECT_URI: /silent-auth
+      AUTH_SILENT_REDIRECT_URI: /add-peers
-  #     NETBIRD_TOKEN_SOURCE: accessToken
+      NETBIRD_TOKEN_SOURCE: idToken
-  #     # SSL
+      # SSL
-  #     NGINX_SSL_PORT: 443
+      NGINX_SSL_PORT: 443
-  #     # Letsencrypt
+      # Letsencrypt
-  #     LETSENCRYPT_DOMAIN:
+      LETSENCRYPT_DOMAIN:
-  #     LETSENCRYPT_EMAIL:
+      LETSENCRYPT_EMAIL:
-  #   image: netbirdio/dashboard:latest
+    image: netbirdio/dashboard:latest
-  #   labels:
+    labels:
-  #     homepage.group: Privacy/Security
+      homepage.group: Privacy/Security
-  #     homepage.name: Netbird
+      homepage.name: Netbird
-  #     homepage.href: https://netbird.${MY_TLD}
+      homepage.href: https://vpn.${MY_TLD}
-  #     homepage.icon: netbird.svg
+      homepage.icon: netbird.svg
-  #     homepage.description: Peer-to-peer private network and centralized access control system
+      homepage.description: Peer-to-peer private network and centralized access control system
-  #     swag: enable
+      swag: enable
-  #     swag_proto: http
+      swag_proto: http
-  #     swag_port: 80
+      swag_port: 80
-  #     swag_auth: authelia
+      swag_auth: authelia
-  #     swag_url: netbird.${MY_TLD}
+      swag_url: vpn.${MY_TLD}
-  #     swag_server_custom_directive: |
+      swag_server_custom_directive: |
-  #       location /signalexchange.SignalExchange/ {
+        location /signalexchange.SignalExchange/ {
-  #           grpc_pass grpc://netbird-signal:80;
+            grpc_pass grpc://netbird-signal:10000;
-  #           #grpc_ssl_verify off;
+            #grpc_ssl_verify off;
-  #           grpc_read_timeout 1d;
+            grpc_read_timeout 1d;
-  #           grpc_send_timeout 1d;
+            grpc_send_timeout 1d;
-  #           grpc_socket_keepalive on;
+            grpc_socket_keepalive on;
-  #       }
+        }
-  #       # Proxy Management http endpoint
+        # Proxy Management http endpoint
-  #       location /api {
+        location /api {
-  #           proxy_pass http://netbird-management:443;
+            proxy_pass http://netbird-management;
-  #       }
+        }
-  #       # Proxy Management grpc endpoint
+        # Proxy Management grpc endpoint
-  #       location /management.ManagementService/ {
+        location /management.ManagementService/ {
-  #           grpc_pass grpc://netbird-management:443;
+            grpc_pass grpc://netbird-management;
-  #           #grpc_ssl_verify off;
+            #grpc_ssl_verify off;
-  #           grpc_read_timeout 1d;
+            grpc_read_timeout 1d;
-  #           grpc_send_timeout 1d;
+            grpc_send_timeout 1d;
-  #           grpc_socket_keepalive on;
+            grpc_socket_keepalive on;
-  #       }
+        }
-  #     swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.enabled: true
-  #     swag.uptime-kuma.monitor.url: https://netbird.${MY_TLD}
+      swag.uptime-kuma.monitor.url: https://vpn.${MY_TLD}
-  #   ports:
+    ports:
-  #     - 32908:80
+      - 32908:80
-  #     - 36610:443
+      - 36610:443
-  #   restart: unless-stopped
+    restart: unless-stopped
-  #   volumes:
+    volumes:
-  #     - netbird-letsencrypt:/etc/letsencrypt/
+      - netbird-letsencrypt:/etc/letsencrypt/
-  # netbird-signal:
+  netbird-signal:
-  #   container_name: netbird-signal
+    container_name: netbird-signal
-  #   image: netbirdio/signal:latest
+    expose:
-  #   ports:
+      - 10000
-  #     - 10001:80
+    image: netbirdio/signal:latest
-  #   restart: unless-stopped
+    ports:
-  #   volumes:
+      - 10001:80
-  #     - netbird-signal:/var/lib/netbird
+    restart: unless-stopped
-  # netbird-relay:
+    volumes:
-  #   container_name: netbird-relay
+      - netbird-signal:/var/lib/netbird
-  #   image: netbirdio/relay:latest
+  netbird-relay:
-  #   restart: unless-stopped
+    container_name: netbird-relay
-  #   environment:
+    image: netbirdio/relay:latest
-  #     NB_LOG_LEVEL: info
+    restart: unless-stopped
-  #     NB_LISTEN_ADDRESS: :33080
+    environment:
-  #     NB_EXPOSED_ADDRESS: netbird.${MY_TLD}:33080
+      NB_LOG_LEVEL: info
-  #     # todo: change to a secure secret
+      NB_LISTEN_ADDRESS: :33080
-  #     NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET}
+      NB_EXPOSED_ADDRESS: vpn.${MY_TLD}:33080
-  #   ports:
+      # todo: change to a secure secret
-  #     - 33080:33080
+      NB_AUTH_SECRET: ${NETBIRD_RELAY_AUTH_SECRET}
-  # netbird-management:
+    ports:
-  #   command: [
+      - 33080:33080
-  #     "--port", "443",
+  netbird-management:
-  #     "--log-file", "console",
+    command: [
-  #     "--log-level", "info",
+      "--port", "443",
-  #     "--disable-anonymous-metrics=false",
+      "--log-file", "console",
-  #     "--single-account-mode-domain=netbird.${MY_TLD}",
+      "--log-level", "info",
-  #     "--dns-domain=netbird.selfhosted"
+      "--disable-anonymous-metrics=false",
-  #     ]
+      "--single-account-mode-domain=vpn.${MY_TLD}",
-  #   container_name: netbird-management
+      "--dns-domain=vpn.trez.wtf"
-  #   depends_on:
+    ]
-  #     netbird-dashboard:
+    container_name: netbird-management
-  #       condition: service_started
+    depends_on:
-  #   environment:
+      netbird-dashboard:
-  #     NETBIRD_STORE_ENGINE_POSTGRES_DSN:
+        condition: service_started
-  #     NETBIRD_STORE_ENGINE_MYSQL_DSN:
+    environment:
-  #   image: netbirdio/management:latest
+      NETBIRD_STORE_ENGINE_POSTGRES_DSN:
-  #   restart: unless-stopped
+      NETBIRD_STORE_ENGINE_MYSQL_DSN:
-  #   volumes:
+    image: netbirdio/management:latest
-  #     - netbird-mgmt:/var/lib/netbird
+    restart: unless-stopped
-  #     - netbird-letsencrypt:/etc/letsencrypt:ro
+    volumes:
-  #     - ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json
+      - netbird-mgmt:/var/lib/netbird
-  #   ports:
+      - netbird-letsencrypt:/etc/letsencrypt:ro
-  #     - 23833:443 #API port
+      - ${DOCKER_VOLUME_CONFIG}/netbird/management.json:/etc/netbird/management.json
-  # netbird-coturn:
+    ports:
-  #   command:
+      - 33073:443 #API port
-  #     - -c /etc/turnserver.conf
+  netbird-coturn:
-  #   container_name: netbird-coturn
+    command:
-  #   image: coturn/coturn:latest
+      - -c /etc/turnserver.conf
-  #   restart: unless-stopped
+    container_name: netbird-coturn
-  #   #domainname: netbird.${MY_TLD} # only needed when TLS is enabled
+    image: coturn/coturn:latest
-  #   volumes:
+    restart: unless-stopped
-  #     - ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro
+    #domainname: vpn.${MY_TLD} # only needed when TLS is enabled
-  #        - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro
+    volumes:
-  #        - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro
+      - ${DOCKER_VOLUME_CONFIG}/netbird/turnserver.conf:/etc/turnserver.conf:ro
-  #   network_mode: host
+    #      - ${DOCKER_VOLUME_CONFIG}/netbird/privkey.pem:/etc/coturn/private/privkey.pem:ro
+    #      - ${DOCKER_VOLUME_CONFIG}/netbird/cert.pem:/etc/coturn/certs/cert.pem:ro
   nextcloud:
     container_name: nextcloud-aio-mastercontainer
     environment:
@@ -3639,37 +3613,6 @@ services:
         type: bind
         bind:
           create_host_path: true
-  parseable:
-    container_name: parseable
-    command: [ "parseable", "s3-store" ]
-    depends_on:
-      - minio
-    environment:
-      P_STAGING_DIR: /staging
-      P_ADDR: 0.0.0.0:8000
-      P_USERNAME: admin
-      P_PASSWORD: ${PARSEABLE_PASSWORD}
-      P_S3_URL: http://minio:9000
-      P_S3_BUCKET: parseable
-      P_S3_ACCESS_KEY: ${PARSEABLE_S3_ACCESS_KEY}
-      P_S3_SECRET_KEY: ${PARSEABLE_S3_SECRET_KEY}
-      P_S3_REGION: us-east-fh-pln
-    image: containers.parseable.com/parseable/parseable:latest
-    labels:
-      homepage.group: Infrastructure/App Performance Monitoring
-      homepage.name: Parseable
-      homepage.href: https://logs.${MY_TLD}
-      homepage.icon: parseable.svg
-      homepage.description: Log analytics system for high throughput log ingestion
-      swag: enable
-      swag_proto: http
-      swag_port: 8000
-      swag_url: logs.${MY_TLD}
-    ports:
-      - 14453:8000
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/parseable/staging:/staging
   pgbackweb:
     container_name: pgbackweb
     depends_on:
@@ -3989,7 +3932,7 @@ services:
       MAIL_FROM: noreply@trez.wtf
       NODE_ENV: production
       PORT: 3000
-      PUBLIC_URL: https://resume.${MY_TLD}
+      PUBLIC_URL: http://reactive-resume:3000
       REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET}
       SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
       STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY}
@@ -4717,6 +4660,36 @@ services:
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
       - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/output:/output
+  stirling-pdf:
+    container_name: stirling-pdf
+    environment:
+      DOCKER_ENABLE_SECURITY: true
+      LANGS: en_US
+      SECURITY_ENABLE_LOGIN: true
+      SYSTEM_SHOW_UPDATE: false
+      SYSTEM_SHOW_UPDATE_ONLY_ADMIN: true
+    image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
+    labels:
+      homepage.name: Stirling-PDF
+      homepage.group: Personal/Professional Services
+      homepage.description: PDF Operations
+      homepage.href: https://pdf.${MY_TLD}
+      homepage.icon: stirling-pdf.svg
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_url: pdf.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://pdf.${MY_TLD}
+    ports:
+      - 58931:8080
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/training-data:/usr/share/tessdata # Required for extra OCR languages
+      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/extra-configs:/configs
+      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/custom-files:/customFiles/
+      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/logs:/logs/
+      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/pipeline:/pipeline/
   swag:
     cap_add:
       - NET_ADMIN
@@ -4734,7 +4707,7 @@ services:
       VALIDATION: dns
       CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
       CROWDSEC_LAPI_URL: http://crowdsec:8080
-      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-auto-uptime-kuma
+      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs #|ghcr.io/linuxserver/mods:swag-crowdsec#|linuxserver/mods:swag-auto-uptime-kuma
       PROPAGATION: 30
       UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
       UPTIME_KUMA_URL: http://uptimekuma:3001
@@ -4895,6 +4868,10 @@ services:
         volume: {}
   uptimekuma:
     container_name: uptimekuma
+    depends_on:
+      swag:
+        condition: service_started
+        required: true
     environment:
       PGID: ${PGID}
       PUID: ${PUID}
@@ -4967,16 +4944,6 @@ services:
     volumes:
       - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
       - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
-  vector:
-    image: timberio/vector:0.44.0-alpine
-    container_name: vector
-    environment:
-      DOCKER_HOST: tcp://dockerproxy:2375
-    ports:
-      - 60157:8686
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/vector/vector.yaml:/etc/vector/vector.yaml:ro
   wallabag:
     container_name: wallabag
     depends_on:
@@ -5227,20 +5194,18 @@ volumes:
     name: dawarich_public
   dawarich_watched:
     name: dawarich_watched
-  dbgate-data:
-    name: dbgate-data
   docker-volume-bkup-data:
     name: docker-volume-bkup-data
   fastenhealth-cache:
     name: fastenhealth-cache
   fastenhealth-db:
     name: fastenhealth-db
-  filebeat_etc:
-    name: filebeat_etc
-  filebeat_var:
-    name: filebeat_var
   gitea-pg-db:
     name: gitea-pg-db
+  graylog-data:
+    name: graylog-data
+  graylog-datanode:
+    name: graylog-datanode
   hortusfox_app_backup:
     name: hortusfox_app_backup
   hortusfox_app_images:
@@ -5350,4 +5315,4 @@ volumes:
   wallos-db:
     name: wallos-db
   wallos-logos:
-    name: wallos-logos
+    name: wallos-logos