Adding Sourcebot service.

Auto Merge of PR 29 - whodb-removal-dbgate-deploy
Merged by Trez.One
2025-01-23 12:52:56 -05:00 · 2025-01-23 10:57:54 -05:00 · 2025-01-23 15:56:55 +00:00 · 2025-01-23 10:25:35 -05:00 · 2025-01-22 20:17:29 -05:00 · 2025-01-22 20:07:09 -05:00
63 changed files with 7681 additions and 1795 deletions
@@ -1,128 +0,0 @@
 name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow
 on:
  push:
    branches-ignore:
      - main
 jobs:
  # Job 1: Check if PR exists and create one if the branch is new
  check-and-create-pr:
    name: Check and Create PR
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: PR list
        id: list-prs
        run: |
          pr_check=$(curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/main/${{ github.ref_name }} \
            -X 'GET' \
            -H 'Accept: application/json' \
            -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \
            -s | jq '{index: .number, state: .state}')
          pr_state=$(echo ${pr_check} | jq -r '.state')
      - name: Create PR
        if: steps.list-prs.outputs.pr_state != 'open'
        uses: arifer612/Gitea-PR-action@v1.2.0
        with:
          url: ${{ gitea.server_url }}
          token: ${{ secrets.BOT_GITEA_TOKEN }}
          pr-label: 'auto-deploy-pr'
  docker-compose-test:
    name: Docker Compose Test
    needs: [check-and-create-pr]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Generate ephemeral .env compose file
        id: generate-env-file-pr
        run: |
          echo "${{ secrets.RINOA_ENV }}" > .env
      - name: Docker Compose Lint
        uses: yu-ichiro/spin-up-docker-compose-action@v1
        with:
          file: docker-compose.yml
          pull: true
          pull-opts: --dry-run
          up: true
          up-opts: --dry-run -d --remove-orphans
        env:
          DOCKER_HOST: tcp://dockerproxy:2375
  cloudflare-dns-setup:
    name: Cloudflare DNS Setup
    needs: [docker-compose-test]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install jq
        uses: dcarbone/install-jq-action@v3.0.1
      - name: Install yq
        uses: dcarbone/install-yq-action@v1
      - name: Install flarectl
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz'
          name: 'flarectl'
          version: '0.113.0'
      - name: Grab Subdomains from Docker Compose & Cloudflare
        id: grab-subdomains
        env:
          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
        run: |
          echo "Grabbing subdomains from docker-compose.yml..."
          yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt
          echo "Grabbing subdomains from Cloudflare..."
          flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt
      - name: Compare Subdomains
        id: compare-subdomains
        uses: LouisBrunner/diff-action@v2.2.0
        with:
          old: compose_subdomains.txt
          new: cloudflare_subdomains.txt
          mode: addition
          tolerance: mixed-better
          output: domain_compare.txt
      - name: Create Subdomains
        if: steps.compare-subdomains.outputs.output != ''
        env:
          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
        run: |
          cat domain_compare.txt | egrep '^-[a-z]' | sed -e 's|-||g' | while read -r subdomain; do
            echo "Creating $subdomain.trez.wtf..."
            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf"
          done
  merge-pr:
    name: PR Merge
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [cloudflare-dns-setup]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Tea CLI Setup & PR Merge
        run: |
          curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea
          chmod +x /usr/local/bin/tea
          echo "Merging PR..."
          tea login add --name gitea-rinoa --url ${{ vars.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ gitea.ref_name }} | awk -F, '{print $1}' | sed -e 's|"||g')
          tea pr m --repo ${{ github.repository }} --title "${{ github.ref_name }} Auto Merge" --message "Merged by ${{ gitea.actor }}" --output table ${pr_index}
@@ -0,0 +1,268 @@
 name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
 on:
  push:
    branches-ignore:
      - main
    paths:
      - '**.yaml'
      - '**.yml'
      - '**.j2'
 jobs:
  check-and-create-pr:
    name: Check and Create PR
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
      - name: Cache tea CLI
        id: cache-tea
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/tea/0.9.2/x64
          key: tea-${{ runner.os }}-0.9.2
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
          name: 'tea'
          version: '0.9.2'
      - name: Check if open PR exists
        id: check-opened-pr-step
        continue-on-error: true
        run: |
          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
          echo ${pr_exists}
          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
      - name: Create PR
        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
        run: |
          tea login default gitea-rinoa
          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
          pr_index_new=$(expr ${pr_index_old} + 1)
          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }}
  docker-compose-ansible-lints:
    name: Docker Compose & Ansible Lints
    needs: [check-and-create-pr]
    runs-on: ubuntu-latest
    env:
      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Cache Ansible Galaxy Collections
        uses: actions/cache@v3
        with:
          path: ansible/collections
          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
          restore-keys: |
            ${{ runner.os }}-ansible-
      - name: Install Ansible
        uses: alex-oleshkevich/setup-ansible@v1.0.1
        with:
          version: "11.0.0"
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Install hvac
        run: pip install hvac
      - name: Ansible Playbook Dry Run
        uses: dawidd6/action-ansible-playbook@v2
        with:
          directory: ansible/
          playbook: docker_config_deploy.yml
          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
          options: |
            --inventory inventory/hosts.yml
            --check
          requirements: collections/requirements.yml
          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
      - name: Generate .env file for Docker Compose Dry Run
        run: |
          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
      - name: Cache .env Files
        uses: actions/cache@v4
        with:
          path: .env
          key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
      - name: Docker Compose Dry Run
        uses: yu-ichiro/spin-up-docker-compose-action@v1
        with:
          file: docker-compose.yml
          pull: true
          pull-opts: --dry-run
          up: true
          up-opts: --dry-run -d --remove-orphans
        env:
          DOCKER_HOST: tcp://dockerproxy:2375
  cloudflare-dns-setup:
    name: Cloudflare DNS Setup
    needs: [docker-compose-ansible-lints]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
      - name: Cache flarectl CLI
        uses: actions/cache@v4
        with:
          path: ~/.flarectl
          key: flarectl-${{ runner.os }}-${{ hashFiles('workflow-config.yml') }}
      - name: Install flarectl
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://github.com/cloudflare/cloudflare-go/releases/download/v0.113.0/flarectl_0.113.0_linux_amd64.tar.gz'
          name: 'flarectl'
          version: '0.113.0'
      - name: Cache Subdomain Files
        uses: actions/cache@v4
        with:
          path: |
            compose_subdomains.txt
            cloudflare_subdomains.txt
          key: ${{ runner.os }}-subdomains-${{ hashFiles('docker-compose.yml') }}
      - name: Grab Subdomains from Docker Compose & Cloudflare
        id: grab-subdomains
        env:
          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
        run: |
          yq '.services[].labels.swag_url' docker-compose.yml | egrep -v 'null' | sed -e 's|"||g' | awk -F'.' '{print $1}' | sort > compose_subdomains.txt
          flarectl --json dns list --zone "trez.wtf" --type=CNAME --content "trez.wtf" | jq '.[].Name' | sed -e 's|"||g' | awk -F"." '{print $1}' | sort > cloudflare_subdomains.txt
      - name: Compare Subdomains
        id: compare-subdomains
        uses: LouisBrunner/diff-action@v2.2.0
        with:
          old: compose_subdomains.txt
          new: cloudflare_subdomains.txt
          mode: addition
          tolerance: mixed-better
          output: domain_compare.txt
      - name: Create Subdomains
        if: steps.compare-subdomains.outputs.output != ''
        continue-on-error: true
        env:
          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
          CF_API_EMAIL: ${{ secrets.CF_API_EMAIL }}
        run: |
          cat domain_compare.txt | egrep '^-[a-z]' | sed -e 's|-||g' | while read -r subdomain; do
            echo "Creating $subdomain.trez.wtf..."
            flarectl dns create --zone "trez.wtf" --name "${subdomain}" --type=CNAME --content "trez.wtf" --proxy true
          done
  regenerate-readme:
    name: Update README
    runs-on: ubuntu-latest
    needs: [cloudflare-dns-setup]
    outputs:
      pr-pushed: ${{ steps.commit-readme.outputs.pushed }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install yq
        uses: dcarbone/install-yq-action@v1
      - name: Generate service list
        run: |
          yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
      - name: Generate Markdown Table
        uses: gazab/create-markdown-table@v1
        id: service-table
        with:
          file: ./services.yml
      - name: Regenerate README
        run: |
          echo "# List of Services" > README.md
          echo -e "\n\n" >> README.md
          echo "${{ steps.service-table.outputs.table }}" >> README.md
      - name: Add/Commit README.md
        id: commit-readme
        uses: EndBug/add-and-commit@v9
        with:
          message: "chore: Update README"
          add: "README.md"
  pr-merge:
    name: PR Merge
    needs: [regenerate-readme]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install tea
        uses: supplypike/setup-bin@v4
        with:
          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
          name: 'tea'
          version: '0.9.2'
      - name: PR Merge
        id: pr_merge
        run: |
          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
          tea login default gitea-rinoa
          echo "Merging PR..."
          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
  ansible-config-docker-compose-deploy:
    name: Deploy via Ansible & Docker Compose
    runs-on: ubuntu-latest
    needs: [pr-merge]
    env:
      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
      DOCKER_HOST: tcp://dockerproxy:2375
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: main
      - name: Cache Vault install
        id: cache-vault
        uses: actions/cache@v4
        with:
          path: /opt/hostedtoolcache/vault/1.18.0/x64
          key: vault-${{ runner.os }}-1.18.0
      - name: Install Ansible
        uses: alex-oleshkevich/setup-ansible@v1.0.1
        with:
          version: "11.0.0"
      - name: Install Vault
        uses: cpanato/vault-installer@main
      - name: Install hvac
        run: pip install hvac
      - name: Deploy Docker Configs via Ansible
        uses: dawidd6/action-ansible-playbook@v2
        with:
          directory: ansible/
          playbook: docker_config_deploy.yml
          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
          options: |
            --inventory inventory/hosts.yml
          requirements: collections/requirements.yml
          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'Ansible Config Deployment @ Rinoa'
          notification_message: 'Deployment completed successfully.'
      - name: Generate .env file for deployment
        run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
      - name: Docker Compose Deployment
        continue-on-error: true
        uses: keatonLiu/docker-compose-remote-action@v1.2
        with:
          ssh_user: gitea-deploy
          ssh_host: 192.168.1.254
          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
          docker_compose_file: docker-compose.yml
      - name: Gotify Notification
        uses: eikendev/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'Docker Compose Deployment @ Rinoa'
          notification_message: 'Deployment completed successfully.'
@@ -1,2 +1,3 @@
-**/.env*
+**/.cache_ggshield
-**/*env*
+ansible/collections/ansible_collections/
 **/.env
@@ -1,588 +1,163 @@
 # List of Services
 ```json
 ~> yq '.services | to_entries | map({service: .key, image: .value.image})' docker-compose.yml
-[
+
-  {
+| Service | Image |
-    "service": "actual_server",
+| --- | --- |
-    "image": "docker.io/actualbudget/actual-server:latest"
+| actual_server | docker.io/actualbudget/actual-server:latest |
-  },
+| adguard | adguard/adguardhome:latest |
-  {
+| apprise | lscr.io/linuxserver/apprise-api:latest |
-    "service": "adguard",
+| audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
-    "image": "adguard/adguardhome:latest"
+| authelia | authelia/authelia:master |
-  },
+| authelia-pg | postgres:16-alpine |
-  {
+| bazarr | lscr.io/linuxserver/bazarr:latest |
-    "service": "apprise",
+| bitmagnet | ghcr.io/bitmagnet-io/bitmagnet:latest |
-    "image": "lscr.io/linuxserver/apprise-api:latest"
+| bitmagnet-pg-db | postgres:17-alpine |
-  },
+| bitwarden | vaultwarden/server:latest |
-  {
+| bluesky-pds | ghcr.io/bluesky-social/pds:latest |
-    "service": "audiobookshelf",
+| browserless | ghcr.io/browserless/chromium:latest |
-    "image": "ghcr.io/advplyr/audiobookshelf:latest"
+| bunkerweb | bunkerity/bunkerweb:latest |
-  },
+| bunkerweb-scheduler | bunkerity/bunkerweb-scheduler:latest |
-  {
+| bunkerweb-ui | bunkerity/bunkerweb-ui:latest |
-    "service": "authelia",
+| castopod | castopod/castopod:latest |
-    "image": "authelia/authelia:master"
+| cloudflared | cloudflare/cloudflared:latest |
-  },
+| cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
-  {
+| crowdsec | crowdsecurity/crowdsec:latest |
-    "service": "authelia-pg",
+| crowdsec-dashboard | metabase/metabase |
-    "image": "postgres:16-alpine"
+| czkawka | jlesage/czkawka |
-  },
+| dagu-scheduler | ghcr.io/dagu-org/dagu:latest |
-  {
+| dagu-server | ghcr.io/dagu-org/dagu:latest |
-    "service": "bazarr",
+| dbgate | dbgate/dbgate:alpine |
-    "image": "lscr.io/linuxserver/bazarr:latest"
+| delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
-  },
+| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
-  {
+| docuseal | docuseal/docuseal:latest |
-    "service": "bitmagnet",
+| duplicati | lscr.io/linuxserver/duplicati:latest |
-    "image": "ghcr.io/bitmagnet-io/bitmagnet:latest"
+| fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
-  },
+| flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
-  {
+| ghost | ghost:latest |
-    "service": "bitmagnet-pg-db",
+| gitea | gitea/gitea:1.23.1 |
-    "image": "postgres:17-alpine"
+| gitea-db | postgres:14 |
-  },
+| gitea-opengist | ghcr.io/thomiceli/opengist:latest |
-  {
+| gitea-runner | gitea/act_runner:latest |
-    "service": "bitwarden",
+| gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
-    "image": "vaultwarden/server:latest"
+| gluetun | qmcgaw/gluetun:latest |
-  },
+| gotify | gotify/server |
-  {
+| grafana | grafana/grafana-enterprise:latest |
-    "service": "bluesky-pds",
+| grafana-alloy | grafana/alloy:latest |
-    "image": "ghcr.io/bluesky-social/pds:latest"
+| grafana-loki | grafana/loki:latest |
-  },
+| grafana-mimir | grafana/mimir:latest |
-  {
+| grafana-mimir-memcached | memcached |
-    "service": "browserless",
+| grafana-pyroscope | grafana/pyroscope:latest |
-    "image": "ghcr.io/browserless/chromium:latest"
+| grafana-tempo | grafana/tempo:latest |
-  },
+| guacamole | flcontainers/guacamole:latest |
-  {
+| homepage | ghcr.io/gethomepage/homepage:latest |
-    "service": "castopod",
+| hortusfox | ghcr.io/danielbrendel/hortusfox-web:latest |
-    "image": "castopod/castopod:latest"
+| hugo | hugomods/hugo:exts |
-  },
+| invidious | quay.io/invidious/invidious:latest |
-  {
+| invidious-db | docker.io/library/postgres:14 |
-    "service": "cloudflared",
+| invoice_ninja | invoiceninja/invoiceninja:5 |
-    "image": "cloudflare/cloudflared:latest"
+| invoice_ninja_proxy | nginx |
-  },
+| it-tools | ghcr.io/corentinth/it-tools:latest |
-  {
+| jellyfin | jellyfin/jellyfin |
-    "service": "cloudflareddns",
+| jitsi-etherpad | etherpad/etherpad:1.8.6 |
-    "image": "ghcr.io/hotio/cloudflareddns:latest"
+| jitsi-jibri | jitsi/jibri:stable |
-  },
+| jitsi-jicofo | jitsi/jicofo:stable |
-  {
+| jitsi-jigasi | jitsi/jigasi:stable |
-    "service": "crowdsec",
+| jitsi-jvb | jitsi/jvb:stable |
-    "image": "crowdsecurity/crowdsec:latest"
+| jitsi-prosody | jitsi/prosody:stable |
-  },
+| jitsi-web | jitsi/web:stable |
-  {
+| joplin-db | postgres:17-alpine |
-    "service": "crowdsec-dashboard",
+| joplin | joplin/server:latest |
-    "image": "metabase/metabase"
+| lidarr | lscr.io/linuxserver/lidarr:latest |
-  },
+| lidify | thewicklowwolf/lidify:latest |
-  {
+| lldap | lldap/lldap:stable |
-    "service": "czkawka",
+| lobe-chat | lobehub/lobe-chat-database |
-    "image": "jlesage/czkawka"
+| lobe-chat-pg-db | pgvector/pgvector:pg16 |
-  },
+| maloja | krateng/maloja:latest |
-  {
+| mariadb | linuxserver/mariadb |
-    "service": "dagu-scheduler",
+| mastodon | lscr.io/linuxserver/mastodon:latest |
-    "image": "ghcr.io/dagu-org/dagu:latest"
+| mastodon-pg-db | postgres:17-alpine |
-  },
+| minio | minio/minio |
-  {
+| mongodb | mongo:7.0 |
-    "service": "dagu-server",
+| multi-scrobbler | foxxmd/multi-scrobbler |
-    "image": "ghcr.io/dagu-org/dagu:latest"
+| n8n | docker.n8n.io/n8nio/n8n |
-  },
+| navidrome | deluan/navidrome:latest |
-  {
+| netbird-dashboard | netbirdio/dashboard:latest |
-    "service": "delugevpn",
+| netbird-signal | netbirdio/signal:latest |
-    "image": "ghcr.io/binhex/arch-delugevpn:latest"
+| netbird-relay | netbirdio/relay:latest |
-  },
+| netbird-management | netbirdio/management:latest |
-  {
+| netbird-coturn | coturn/coturn:latest |
-    "service": "docker-socket-proxy",
+| netbox | lscr.io/linuxserver/netbox:latest |
-    "image": "ghcr.io/tecnativa/docker-socket-proxy:latest"
+| netbox-db | postgres:17-alpine |
-  },
+| nextcloud | lscr.io/linuxserver/nextcloud:latest |
-  {
+| ollama | ollama/ollama |
-    "service": "docuseal",
+| ombi | lscr.io/linuxserver/ombi:latest |
-    "image": "docuseal/docuseal:latest"
+| paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
-  },
+| pgbackweb | eduardolat/pgbackweb:latest |
-  {
+| pgbackweb-db | postgres:16-alpine |
-    "service": "duplicati",
+| plantuml-server | plantuml/plantuml-server:jetty |
-    "image": "lscr.io/linuxserver/duplicati:latest"
+| plausible | ghcr.io/plausible/community-edition:v2.1.0 |
-  },
+| plausible_db | postgres:16-alpine |
-  {
+| plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
-    "service": "fastenhealth",
+| postal-smtp | ghcr.io/postalserver/postal:latest |
-    "image": "ghcr.io/fastenhealth/fasten-onprem:main"
+| postal-web | ghcr.io/postalserver/postal:latest |
-  },
+| postal-worker | ghcr.io/postalserver/postal:latest |
-  {
+| prowlarr | lscr.io/linuxserver/prowlarr:latest |
-    "service": "flaresolverr",
+| radarec | thewicklowwolf/radarec:latest |
-    "image": "ghcr.io/flaresolverr/flaresolverr:latest"
+| radarr | lscr.io/linuxserver/radarr:latest |
-  },
+| reactive-resume | amruthpillai/reactive-resume:latest |
-  {
+| reactive-resume-pg | postgres:16-alpine |
-    "service": "ghost",
+| readarr | lscr.io/linuxserver/readarr:develop |
-    "image": "ghost:latest"
+| redis | redis:alpine |
-  },
+| redlib | quay.io/redlib/redlib:latest |
-  {
+| sabnzbdvpn | ghcr.io/binhex/arch-sabnzbdvpn:latest |
-    "service": "gitea",
+| scraperr | jpyles0524/scraperr:latest |
-    "image": "gitea/gitea:1.22.2"
+| scraperr-api | jpyles0524/scraperr_api:latest |
-  },
+| scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
-  {
+| searxng | searxng/searxng:latest |
-    "service": "gitea-db",
+| slurpit-portal | slurpit/portal:latest |
-    "image": "postgres:14"
+| slurpit-scanner | slurpit/scanner:latest |
-  },
+| slurpit-scraper | slurpit/scraper:latest |
-  {
+| slurpit-warehouse | slurpit/warehouse:latest |
-    "service": "gitea-opengist",
+| sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
-    "image": "ghcr.io/thomiceli/opengist:latest"
+| sonarqube-pg-db | postgres:17-alpine |
-  },
+| sonarr | lscr.io/linuxserver/sonarr:latest |
-  {
+| sonashow | thewicklowwolf/sonashow:latest |
-    "service": "gitea-runner",
+| soularr | mrusse08/soularr:latest |
-    "image": "gitea/act_runner:latest"
+| soulseek | slskd/slskd |
-  },
+| speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
-  {
+| spotisub | blastbeng/spotisub:latest |
-    "service": "gitea-sonarqube-bot",
+| swag | lscr.io/linuxserver/swag:latest |
-    "image": "justusbunsi/gitea-sonarqube-bot:v0.4.0"
+| synapse | docker.io/matrixdotorg/synapse:latest |
-  },
+| synapse-db | postgres:16-alpine |
-  {
+| tandoor | vabene1111/recipes |
-    "service": "gluetun",
+| tandoor-pg | postgres:16-alpine |
-    "image": "qmcgaw/gluetun:latest"
+| traccar | traccar/traccar:latest |
-  },
+| traccar-pg | postgres:16-alpine |
-  {
+| unmanic | josh5/unmanic:latest |
-    "service": "gotify",
+| uptimekuma | louislam/uptime-kuma:latest |
-    "image": "gotify/server"
+| vault | hashicorp/vault:latest |
-  },
+| wallabag | wallabag/wallabag |
-  {
+| wallos | bellamy/wallos:latest |
-    "service": "grafana",
+| watchtower | ghcr.io/containrrr/watchtower:latest |
-    "image": "grafana/grafana-enterprise:latest"
+| wazuh.agent | opennix/wazuh-agent:latest |
-  },
+| wazuh.dashboard | wazuh/wazuh-dashboard: |
-  {
+| wazuh.indexer | wazuh/wazuh-indexer: |
-    "service": "grafana-alloy",
+| wazuh.manager | wazuh/wazuh-manager: |
-    "image": "grafana/alloy:latest"
+| web-check | lissy93/web-check |
-  },
+| yacht | selfhostedpro/yacht |
-  {
+| your_spotify | lscr.io/linuxserver/your_spotify:latest |
-    "service": "grafana-loki",
+| youtubedl | nbr23/youtube-dl-server:latest |
-    "image": "grafana/loki:latest"
+| zammad-backup | postgres: |
-  },
+| zammad-elasticsearch | bitnami/elasticsearch: |
-  {
+| zammad-init | : |
-    "service": "grafana-mimir",
+| zammad-memcached | memcached: |
-    "image": "grafana/mimir:latest"
+| zammad-nginx | : |
-  },
+| zammad-postgresql | postgres: |
-  {
+| zammad-railsserver | : |
-    "service": "grafana-mimir-memcached",
+| zammad-redis | redis: |
-    "image": "memcached"
+| zammad-scheduler | : |
-  },
+| zammad-websocket | : |
-  {
+| zitadel | ghcr.io/zitadel/zitadel:latest |
-    "service": "grafana-pyroscope",
+| zitadel-pg-db | postgres:16-alpine |
-    "image": "grafana/pyroscope:latest"
+
  },
  {
    "service": "grafana-tempo",
    "image": "grafana/tempo:latest"
  },
  {
    "service": "homepage",
    "image": "ghcr.io/gethomepage/homepage:latest"
  },
  {
    "service": "hortusfox",
    "image": "ghcr.io/danielbrendel/hortusfox-web:latest"
  },
  {
    "service": "hugo",
    "image": "hugomods/hugo:exts"
  },
  {
    "service": "invidious",
    "image": "quay.io/invidious/invidious:latest"
  },
  {
    "service": "invidious-db",
    "image": "docker.io/library/postgres:14"
  },
  {
    "service": "invoice_ninja",
    "image": "invoiceninja/invoiceninja:5"
  },
  {
    "service": "invoice_ninja_proxy",
    "image": "nginx"
  },
  {
    "service": "it-tools",
    "image": "ghcr.io/corentinth/it-tools:latest"
  },
  {
    "service": "jellyfin",
    "image": "jellyfin/jellyfin"
  },
  {
    "service": "jitsi-etherpad",
    "image": "etherpad/etherpad:1.8.6"
  },
  {
    "service": "jitsi-jibri",
    "image": "jitsi/jibri:${JITSI_IMAGE_VERSION:-stable}"
  },
  {
    "service": "jitsi-jicofo",
    "image": "jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable}"
  },
  {
    "service": "jitsi-jigasi",
    "image": "jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable}"
  },
  {
    "service": "jitsi-jvb",
    "image": "jitsi/jvb:${JITSI_IMAGE_VERSION:-stable}"
  },
  {
    "service": "jitsi-prosody",
    "image": "jitsi/prosody:${JITSI_IMAGE_VERSION:-stable}"
  },
  {
    "service": "jitsi-web",
    "image": "jitsi/web:${JITSI_IMAGE_VERSION:-stable}"
  },
  {
    "service": "joplin-db",
    "image": "postgres:17-alpine"
  },
  {
    "service": "joplin",
    "image": "joplin/server:latest"
  },
  {
    "service": "komodo-core",
    "image": "ghcr.io/mbecker20/komodo:latest"
  },
  {
    "service": "komodo-ferretdb",
    "image": "ghcr.io/ferretdb/ferretdb"
  },
  {
    "service": "komodo-periphery",
    "image": "ghcr.io/mbecker20/periphery:latest"
  },
  {
    "service": "komodo-pg-db",
    "image": "postgres:17-alpine"
  },
  {
    "service": "librespeed",
    "image": "lscr.io/linuxserver/librespeed:latest"
  },
  {
    "service": "lidarr",
    "image": "lscr.io/linuxserver/lidarr:latest"
  },
  {
    "service": "lidify",
    "image": "thewicklowwolf/lidify:latest"
  },
  {
    "service": "lldap",
    "image": "lldap/lldap:stable"
  },
  {
    "service": "localai",
    "image": "localai/localai:latest-aio-cpu"
  },
  {
    "service": "maloja",
    "image": "krateng/maloja:latest"
  },
  {
    "service": "mariadb",
    "image": "ghcr.io/linuxserver/mariadb"
  },
  {
    "service": "meshcentral",
    "image": "ghcr.io/ylianst/meshcentral:master"
  },
  {
    "service": "minio",
    "image": "minio/minio"
  },
  {
    "service": "mongodb",
    "image": "mongo:7.0"
  },
  {
    "service": "multi-scrobbler",
    "image": "foxxmd/multi-scrobbler"
  },
  {
    "service": "n8n",
    "image": "docker.n8n.io/n8nio/n8n"
  },
  {
    "service": "navidrome",
    "image": "deluan/navidrome:latest"
  },
  {
    "service": "netbox",
    "image": "lscr.io/linuxserver/netbox:latest"
  },
  {
    "service": "netbox-db",
    "image": "postgres:17-alpine"
  },
  {
    "service": "nextcloud",
    "image": "lscr.io/linuxserver/nextcloud:latest"
  },
  {
    "service": "ollama",
    "image": "ollama/ollama"
  },
  {
    "service": "ombi",
    "image": "lscr.io/linuxserver/ombi:latest"
  },
  {
    "service": "paperless-ngx",
    "image": "ghcr.io/paperless-ngx/paperless-ngx:latest"
  },
  {
    "service": "plausible",
    "image": "ghcr.io/plausible/community-edition:v2.1.0"
  },
  {
    "service": "plausible_db",
    "image": "postgres:16-alpine"
  },
  {
    "service": "plausible_events_db",
    "image": "clickhouse/clickhouse-server:24.3.3.102-alpine"
  },
  {
    "service": "postal-smtp",
    "image": "ghcr.io/postalserver/postal:latest"
  },
  {
    "service": "postal-web",
    "image": "ghcr.io/postalserver/postal:latest"
  },
  {
    "service": "postal-worker",
    "image": "ghcr.io/postalserver/postal:latest"
  },
  {
    "service": "prowlarr",
    "image": "lscr.io/linuxserver/prowlarr:latest"
  },
  {
    "service": "radarec",
    "image": "thewicklowwolf/radarec:latest"
  },
  {
    "service": "radarr",
    "image": "lscr.io/linuxserver/radarr:latest"
  },
  {
    "service": "reactive-resume",
    "image": "amruthpillai/reactive-resume:latest"
  },
  {
    "service": "reactive-resume-pg",
    "image": "postgres:16-alpine"
  },
  {
    "service": "readarr",
    "image": "lscr.io/linuxserver/readarr:develop"
  },
  {
    "service": "redis",
    "image": "redis:alpine"
  },
  {
    "service": "redlib",
    "image": "quay.io/redlib/redlib:latest"
  },
  {
    "service": "sabnzbdvpn",
    "image": "ghcr.io/binhex/arch-sabnzbdvpn:latest"
  },
  {
    "service": "scraperr",
    "image": "jpyles0524/scraperr:latest"
  },
  {
    "service": "scraperr-api",
    "image": "jpyles0524/scraperr_api:latest"
  },
  {
    "service": "scrutiny",
    "image": "ghcr.io/analogj/scrutiny:master-omnibus"
  },
  {
    "service": "searxng",
    "image": "searxng/searxng:latest"
  },
  {
    "service": "semaphore",
    "image": "semaphoreui/semaphore:v2.10.32"
  },
  {
    "service": "slurpit-portal",
    "image": "slurpit/portal:latest"
  },
  {
    "service": "slurpit-scanner",
    "image": "slurpit/scanner:latest"
  },
  {
    "service": "slurpit-scraper",
    "image": "slurpit/scraper:latest"
  },
  {
    "service": "slurpit-warehouse",
    "image": "slurpit/warehouse:latest"
  },
  {
    "service": "sonarqube",
    "image": "mc1arke/sonarqube-with-community-branch-plugin:lts"
  },
  {
    "service": "sonarqube-pg-db",
    "image": "postgres:17-alpine"
  },
  {
    "service": "sonarr",
    "image": "lscr.io/linuxserver/sonarr:latest"
  },
  {
    "service": "sonashow",
    "image": "thewicklowwolf/sonashow:latest"
  },
  {
    "service": "soulseek",
    "image": "slskd/slskd"
  },
  {
    "service": "spotisub",
    "image": "blastbeng/spotisub:latest"
  },
  {
    "service": "swag",
    "image": "lscr.io/linuxserver/swag:latest"
  },
  {
    "service": "synapse",
    "image": "docker.io/matrixdotorg/synapse:latest"
  },
  {
    "service": "synapse-db",
    "image": "postgres:16-alpine"
  },
  {
    "service": "tandoor",
    "image": "vabene1111/recipes"
  },
  {
    "service": "tandoor-pg",
    "image": "postgres:16-alpine"
  },
  {
    "service": "traccar",
    "image": "traccar/traccar:latest"
  },
  {
    "service": "traccar-pg",
    "image": "postgres:16-alpine"
  },
  {
    "service": "unmanic",
    "image": "josh5/unmanic:latest"
  },
  {
    "service": "uptimekuma",
    "image": "louislam/uptime-kuma:latest"
  },
  {
    "service": "vault",
    "image": "hashicorp/vault:latest"
  },
  {
    "service": "wallabag",
    "image": "wallabag/wallabag"
  },
  {
    "service": "wallos",
    "image": "bellamy/wallos:latest"
  },
  {
    "service": "watchtower",
    "image": "ghcr.io/containrrr/watchtower:latest"
  },
  {
    "service": "wazuh.agent",
    "image": "opennix/wazuh-agent:latest"
  },
  {
    "service": "wazuh.dashboard",
    "image": "wazuh/wazuh-dashboard:${WAZUH_VERSION}"
  },
  {
    "service": "wazuh.indexer",
    "image": "wazuh/wazuh-indexer:${WAZUH_VERSION}"
  },
  {
    "service": "wazuh.manager",
    "image": "wazuh/wazuh-manager:${WAZUH_VERSION}"
  },
  {
    "service": "web-check",
    "image": "lissy93/web-check"
  },
  {
    "service": "whodb",
    "image": "clidey/whodb"
  },
  {
    "service": "your_spotify",
    "image": "lscr.io/linuxserver/your_spotify:latest"
  },
  {
    "service": "youtubedl",
    "image": "nbr23/youtube-dl-server:latest"
  },
  {
    "service": "zammad-backup",
    "image": "postgres:${ZAMMAD_POSTGRES_VERSION}"
  },
  {
    "service": "zammad-elasticsearch",
    "image": "bitnami/elasticsearch:${ZAMMAD_ELASTICSEARCH_VERSION}"
  },
  {
    "service": "zammad-init",
    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
  },
  {
    "service": "zammad-memcached",
    "image": "memcached:${ZAMMAD_MEMCACHE_VERSION}"
  },
  {
    "service": "zammad-nginx",
    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
  },
  {
    "service": "zammad-postgresql",
    "image": "postgres:${ZAMMAD_POSTGRES_VERSION}"
  },
  {
    "service": "zammad-railsserver",
    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
  },
  {
    "service": "zammad-redis",
    "image": "redis:${ZAMMAD_REDIS_VERSION}"
  },
  {
    "service": "zammad-scheduler",
    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
  },
  {
    "service": "zammad-websocket",
    "image": "${ZAMMAD_IMAGE_REPO}:${ZAMMAD_VERSION}"
  },
  {
    "service": "zitadel",
    "image": "ghcr.io/zitadel/zitadel:latest"
  },
  {
    "service": "zitadel-pg-db",
    "image": "postgres:16-alpine"
  }
 ]
 ```
@@ -0,0 +1,167 @@
 .logs/*
 *.retry
 *.vault
 # https://raw.githubusercontent.com/github/gitignore/main/Python.gitignore
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
 *$py.class
 .cache_ggshield
 # Ansible Vault Password Files
 *.pass
 # C extensions
 *.so
 # Distribution / packaging
 .Python
 build/
 develop-eggs/
 dist/
 downloads/
 eggs/
 .eggs/
 lib/
 lib64/
 parts/
 sdist/
 var/
 wheels/
 share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
 MANIFEST
 # PyInstaller
 #  Usually these files are written by a python script from a template
 #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 *.manifest
 *.spec
 # Installer logs
 pip-log.txt
 pip-delete-this-directory.txt
 # Unit test / coverage reports
 htmlcov/
 .tox/
 .nox/
 .coverage
 .coverage.*
 .cache
 nosetests.xml
 coverage.xml
 *.cover
 *.py,cover
 .hypothesis/
 .pytest_cache/
 cover/
 # Translations
 *.mo
 *.pot
 # Django stuff:
 *.log
 local_settings.py
 db.sqlite3
 db.sqlite3-journal
 # Flask stuff:
 instance/
 .webassets-cache
 # Scrapy stuff:
 .scrapy
 # Sphinx documentation
 docs/_build/
 # PyBuilder
 .pybuilder/
 target/
 # Jupyter Notebook
 .ipynb_checkpoints
 # IPython
 profile_default/
 ipython_config.py
 # pyenv
 #   For a library or package, you might want to ignore these files since the code is
 #   intended to run in multiple environments; otherwise, check them in:
 # .python-version
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 #   install all needed dependencies.
 #Pipfile.lock
 # poetry
 #   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
 #   This is especially recommended for binary packages to ensure reproducibility, and is more
 #   commonly ignored for libraries.
 #   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
 #poetry.lock
 # pdm
 #   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
 #pdm.lock
 #   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
 #   in version control.
 #   https://pdm.fming.dev/#use-with-ide
 .pdm.toml
 # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
 __pypackages__/
 # Celery stuff
 celerybeat-schedule
 celerybeat.pid
 # SageMath parsed files
 *.sage.py
 # Environments
 .env
 .venv
 env/
 venv/
 ENV/
 env.bak/
 venv.bak/
 # Spyder project settings
 .spyderproject
 .spyproject
 # Rope project settings
 .ropeproject
 # mkdocs documentation
 /site
 # mypy
 .mypy_cache/
 .dmypy.json
 dmypy.json
 # Pyre type checker
 .pyre/
 # pytype static type analyzer
 .pytype/
 # Cython debug symbols
 cython_debug/
 # PyCharm
 #  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
@@ -0,0 +1,45 @@
 # Rinoa Docker_configs Ansible Project
 ## Included content/ Directory Structure
 The directory structure follows best practices recommended by the Ansible community. Feel free to customize this template according to your specific project requirements.
 ```
 ansible-project/
 |── .devcontainer/
 |    └── docker/
 |        └── devcontainer.json
 |    └── podman/
 |        └── devcontainer.json
 |    └── devcontainer.json
 |── .github/
 |    └── workflows/
 |        └── tests.yml
 |    └── ansible-code-bot.yml
 |── .vscode/
 |    └── extensions.json
 |── collections/
 |   └── requirements.yml
 |   └── ansible_collections/
 |       └── project_org/
 |           └── project_repo/
 |               └── README.md
 |               └── roles/sample_role/
 |                         └── README.md
 |                         └── tasks/main.yml
 |── inventory/
 |   └── groups_vars/
 |   └── host_vars/
 |   └── hosts.yml
 |── ansible-navigator.yml
 |── ansible.cfg
 |── devfile.yaml
 |── linux_playbook.yml
 |── network_playbook.yml
 |── README.md
 |── site.yml
 ```
 ## Compatible with Ansible-lint
 Tested with ansible-lint >=24.2.0 releases and the current development version of ansible-core.
@@ -0,0 +1,25 @@
 [defaults]
 # Specify the inventory file
 inventory = inventory/hosts.yml
 collections_path = ./collections
 # Set the logging verbosity level
 verbosity = 2
 # Set the default user for SSH connections
 remote_user = charish
 # Define the default become method
 become_method = sudo
 host_key_checking = false
 [persistent_connection]
 # Controls how long the persistent connection will remain idle before it is destroyed
 connect_timeout=30
 # Controls the amount of time to wait for response from remote device before timing out persistent connection
 command_timeout=30
 [hashi_vault_collection]
 auth_method = token
@@ -0,0 +1,16 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 tunnel: 52bdee6e-8ccb-47be-ba9e-f8010b905e41
 credentials-file: /etc/cloudflared/52bdee6e-8ccb-47be-ba9e-f8010b905e41.json
 warp-routing:
  enabled: true
 ingress:
  - hostname: git-ssh.trez.wtf
    service: ssh://gitea:22
  - hostname: gist-ssh.trez.wtf
    service: ssh://gitea-opengist:2222
  - hostname: ssh.trez.wtf
    service: ssh://192.168.1.254:22
  - service: http_status:404  # Default for unmatched requests
@@ -0,0 +1,15 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 source: journalctl
 journalctl_filter: 
  - "--directory=/var/log/host/"
 labels:
  type: syslog
 ---
 filenames:
  - /var/log/swag/*
 labels:
  type: nginx
 ---
@@ -0,0 +1,17 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 name: default_ip_remediation
 #debug: true
 filters:
 - Alert.Remediation == true && Alert.GetScope() == "Ip"
 decisions:
 - type: ban
   duration: 4h
 #duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
 # notifications:
 #   - slack_default  # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
 #   - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
 #   - http_default   # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
 #   - email_default  # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
 on_success: break
@@ -0,0 +1,125 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 APP_NAME = Gitea: Git with a cup of tea
 RUN_MODE = prod
 RUN_USER = git
 WORK_PATH = /data/gitea
 [repository]
 ROOT = /data/git/repositories
 DEFAULT_PRIVATE = last
 EMABLE_PUSH_CREATE_USER = true
 [repository.local]
 LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
 [repository.upload]
 TEMP_PATH = /data/gitea/uploads
 [server]
 APP_DATA_PATH = /data/gitea
 DOMAIN = git.trez.wtf
 SSH_DOMAIN = git-ssh.trez.wtf
 HTTP_PORT = 3000
 ROOT_URL = https://git.trez.wtf/
 DISABLE_SSH = false
 SSH_PORT = 22
 SSH_LISTEN_PORT = 22
 LFS_START_SERVER = true
 LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_LFS_JWT_SECRET'] }}
 OFFLINE_MODE = true
 [database]
 PATH = /data/gitea/gitea.db
 DB_TYPE = postgres
 HOST = gitea-db:5432
 NAME = gitea
 USER = gitea
 PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }}
 LOG_SQL = false
 SCHEMA =
 SSL_MODE = disable
 [indexer]
 ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
 REPO_INDEXER_ENABLED = true
 REPO_INDEXER_PATH = indexers/repos.bleve
 MAX_FILE_SIZE = 1048576
 REPO_INDEXER_INCLUDE =
 REPO_INDEXER_EXCLUDE = resources/bin/**
 [session]
 PROVIDER_CONFIG = /data/gitea/sessions
 PROVIDER = file
 [picture]
 AVATAR_UPLOAD_PATH = /data/gitea/avatars
 REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
 [attachment]
 PATH = /data/gitea/attachments
 [log]
 MODE = console
 LEVEL = info
 ROOT_PATH = root
 [security]
 INSTALL_LOCK = true
 SECRET_KEY =
 REVERSE_PROXY_LIMIT = 1
 REVERSE_PROXY_TRUSTED_PROXIES = *
 INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }}
 PASSWORD_HASH_ALGO = pbkdf2
 [service]
 DISABLE_REGISTRATION = false
 REQUIRE_SIGNIN_VIEW = false
 REGISTER_EMAIL_CONFIRM = true
 ENABLE_NOTIFY_MAIL = true
 ALLOW_ONLY_EXTERNAL_REGISTRATION = false
 ENABLE_CAPTCHA = true
 DEFAULT_KEEP_EMAIL_PRIVATE = true
 DEFAULT_ALLOW_CREATE_ORGANIZATION = false
 DEFAULT_ENABLE_TIMETRACKING = false
 NO_REPLY_ADDRESS = noreply@trez.wtf
 [lfs]
 PATH = /data/git/lfs
 [mailer]
 PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
 PROTOCOL = smtp
 ENABLED = true
 FROM = '"Gitea" <noreply@trez.wtf>'
 SMTP_PORT = 25
 USER = rinoa/postal-smtp
 SMTP_ADDR = postal-smtp
 IS_TLS_ENABLED = faLse
 [openid]
 ENABLE_OPENID_SIGNIN = true
 ENABLE_OPENID_SIGNUP = true
 [cron.update_checker]
 ENABLED = false
 [repository.pull-request]
 DEFAULT_MERGE_STYLE = merge
 [repository.signing]
 DEFAULT_TRUST_MODEL = committer
 [oauth2]
 JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
 [ui]
 THEMES =
 [actions]
 ENABLED = true
 [webhook]
 ALLOWED_HOST_LIST = private,104.21.1.234,172.67.152.146
 SKIP_TLS_VERIFY = true
@@ -0,0 +1,81 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # Gitea related configuration. Necessary for adding/updating comments on repository pull requests
 gitea:
  # Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
  url: https://git.trez.wtf
  # Created access token for the user that shall be used as bot account.
  # User needs "Read project" permissions with access to "Pull Requests"
  token:
    value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
    # # or path to file containing the plain text secret
    # file: /path/to/gitea/token
  # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
  # request will be ignored.
  # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
  # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
  webhook:
    secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
    # # or path to file containing the plain text secret
    # secretFile: /path/to/gitea/webhook/secret
  # Pull Request status check settings.
  statusCheck:
    # Configure the label/name of the PR status check.
    name: "gitea-sonarqube-bot"
 # SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
 sonarqube:
  # Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
  url: https://sqube.trez.wtf
  # Created access token for the user that shall be used as bot account.
  # User needs "Browse on project" permissions
  token:
    value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
    # # or path to file containing the plain text secret
    # file: /path/to/sonarqube/token
  # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
  # request will be ignored.
  # The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
  # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
  # validated.
  webhook:
    secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
    # # or path to file containing the plain text secret
    # secretFile: /path/to/sonarqube/webhook/secret
  # Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc.
  # By default, the bot will extract "bugs,vulnerabilities,code_smells"
  # Setting this option you can extend that default list by your own metrics.
  # additionalMetrics: []
  # - "new_security_hotspots"
 # List of project mappings to take care of. Webhooks for other projects will be ignored.
 # At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own.
 projects:
  - sonarqube:
      key: rinoa-docker
    # A repository specification contains the owner name and the repository name itself. The owner can be the name of a
    # real account or an organization in which the repository is located.
    gitea:
      owner: Trez.One
      name: rinoa-docker
 # Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema.
 namingPattern:
  # Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR.
  # That integer part is identical to the pull request ID in Gitea.
  regex: "^.*$"
  # Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID.
  # See: https://pkg.go.dev/fmt#hdr-Printing
  template: "%s"
  # Example for integer-only names
  # # regex: "^(\\d+)$"
  # # template: "%d"
@@ -0,0 +1,404 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Agent globals
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 local.file "endpoints" {
    // The endpoints file is used to define the endpoints, credentials and options
    // for the Agent export to.
    filename = "/etc/alloy/endpoints.json"
 }
 discovery.docker "rinoadocker" {
        host = env("DOCKER_HOST")
 }
 tracing {
    write_to = [otelcol.exporter.otlp.tempo.input]
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Metrics
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 prometheus.remote_write "mimir" {
  endpoint {
    url = json_path(local.file.endpoints.content, ".metrics.url")[0]
    basic_auth {
        username = json_path(local.file.endpoints.content, ".metrics.basicAuth.username")[0]
        password = json_path(local.file.endpoints.content, ".metrics.basicAuth.password")[0]
    }
  }
 }
 prometheus.scrape "prometheus" {
        targets = [{
                __address__ = "localhost:12345",
        }]
        forward_to = [prometheus.remote_write.mimir.receiver]
        job_name   = "prometheus"
 }
 prometheus.exporter.unix "rinoa" {
        procfs_path = "/host/proc"
        sysfs_path  = "/host/sys"
        rootfs_path = "/rootfs"
 }
 prometheus.scrape "rinoa" {
        targets    = prometheus.exporter.unix.rinoa.targets
        forward_to = [prometheus.remote_write.mimir.receiver]
        job_name   = "rinoa_host"
 }
 prometheus.exporter.cadvisor "docker" {
        docker_host      = env("DOCKER_HOST")
        storage_duration = "5m"
 }
 prometheus.scrape "docker" {
        targets    = prometheus.exporter.cadvisor.docker.targets
        forward_to = [prometheus.remote_write.mimir.receiver]
        job_name   = "docker_stats"
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Logging
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 loki.write "loki" {
        endpoint {
                url = json_path(local.file.endpoints.content, ".logs.url")[0]
                basic_auth {
                        username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
                        password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
                }
        }
        external_labels = {}
 }
 loki.source.journal "hostjournal" {
        forward_to = [loki.write.loki.receiver]
        max_age = "24h"
        path = "/rootfs/var/log/journal/"
        labels = {
                job = "host-journal",
        }
 }
 local.file_match "system" {
        path_targets = [{
                __address__ = "localhost",
                __path__    = "/rootfs/var/log/*log",
                job         = "varlogs",
        }]
 }
 loki.source.file "system" {
        targets    = local.file_match.system.targets
        forward_to = [loki.write.loki.receiver]
 }
 loki.source.docker "containers" {
        host       = env("DOCKER_HOST")
        targets    = discovery.docker.rinoadocker.targets
        forward_to = [loki.write.loki.receiver]
        labels     = {
                job = "containerlogs",
        }
 }
 loki.process "containers" {
        forward_to = [loki.write.loki.receiver]
        // stage.docker {}
        stage.json {
 		expressions = {
 			attrs  = "",
 			output = "log",
 			stream = "stream",
 		}
 	}
 	stage.json {
 		expressions = {
 			tag = "",
 		}
 		source = "attrs"
 	}
 	stage.regex {
 		expression = "(?P<image_name>(?:[^|]*[^|])).(?P<container_name>(?:[^|]*[^|])).(?P<image_id>(?:[^|]*[^|])).(?P<container_id>(?:[^|]*[^|]))"
 		source     = "tag"
 	}
 	stage.timestamp {
 		source = "time"
 		format = "RFC3339Nano"
 	}
 	stage.labels {
 		values = {
 			container_id   = null,
 			container_name = null,
 			image_id       = null,
 			image_name     = null,
 			stream         = null,
 			tag            = null,
 		}
 	}
 	stage.output {
 		source = "output"
 	}
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Traces
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 beyla.ebpf "rinoadocker" {
    open_port = "80-65535"
    routes {
        unmatched = "heauristic"
    }
    output {
        traces = [
            otelcol.connector.servicegraph.tracemetrics.input,
            otelcol.connector.spanmetrics.tracemetrics.input,
            otelcol.processor.batch.default.input,
            otelcol.connector.spanlogs.autologging.input,
        ]
    }
 }
 prometheus.scrape "beyla" { 
    targets = beyla.ebpf.rinoadocker.targets
    forward_to = [prometheus.remote_write.mimir.receiver]
 }
 otelcol.auth.headers "tempo" {
    header {
        key = "Authorization"
        value = join(["Basic ", json_path(local.file.endpoints.content, ".traces.basicAuthToken")[0]], "")
    }
 }
 otelcol.processor.batch "default" {
    // Wait until we've received 16K of data.
    send_batch_size = 16384
    send_batch_max_size = 16384
    // Or until 2 seconds have elapsed.
    timeout = "2s"
    // When the Agent has enough batched data, send it to the OpenTelemetry exporter named 'tempo'.
    output {
        traces = [otelcol.exporter.otlp.tempo.input]
    }
 }
 otelcol.exporter.otlp "tempo" {
    // Define the client for exporting.
    client {
        // Authentication block.
        auth = otelcol.auth.headers.tempo.handler
        // Send to the locally running Tempo instance, on port 4317 (OTLP gRPC).
        endpoint = json_path(local.file.endpoints.content, ".traces.url")[0]
        // Configure TLS settings for communicating with the endpoint.
        tls {
            // The connection is insecure.
            insecure = json_path(local.file.endpoints.content, ".traces.tls.insecure")[0]
            // Do not verify TLS certificates when connecting.
            insecure_skip_verify = json_path(local.file.endpoints.content, ".traces.tls.insecureSkipVerify")[0]
        }
    }
 }
 otelcol.connector.spanlogs "autologging" {
    // We only want to output a line for each root span (ie. every single trace), and not for every
    // process or span (outputting a line for every span would be extremely verbose).
    spans = false
    roots = true
    processes = false
    // We want to ensure that the following three span attributes are included in the log line, if
    // present.
    span_attributes = [ "http.method", "http.target", "http.status_code" ]
    // Overrides the default key in the log line to be `traceId`, which is then used by Grafana to
    // identify the trace ID for correlation with the Tempo datasource.
    overrides {
        trace_id_key = "traceId"
    }
    // Send to the OpenTelemetry Loki exporter.
    output {
        logs = [otelcol.exporter.loki.autologging.input]
    }
 }
 // Simply forwards the incoming OpenTelemetry log format out as a Loki log.
 // We need this stage to ensure we can then process the logline as a Loki object.
 otelcol.exporter.loki "autologging" {
    forward_to = [loki.process.autologging.receiver]
 }
 // The Loki processor allows us to accept a correctly formatted Loki log and mutate it into
 // a set of fields for output.
 loki.process "autologging" {
    // The JSON stage simply extracts the `body` (the actual logline) from the Loki log, ignoring
    // all other fields.
    stage.json {
        expressions = { "body" = "" }
    }
    // The output stage takes the body (the main logline) and uses this as the source for the output
    // logline. In this case, it essentially turns it into logfmt.
    stage.output {
        source = "body"
    }
    // Finally send the processed logline onto the Loki exporter.
    forward_to = [loki.write.autologging.receiver]
 }
 // The Loki writer receives a processed Loki log and then writes it to a Loki instance.
 loki.write "autologging" {
    // Add the `agent` value to the `job` label, so we can identify it as having been generated
    // by Grafana Agent when querying.
    external_labels = {
        job = "agent",
    }
    // Output the Loki log to the local Loki instance.
    endpoint {
        url = json_path(local.file.endpoints.content, ".logs.url")[0]
        // The basic auth credentials for the Loki instance.
        basic_auth {
            username = json_path(local.file.endpoints.content, ".logs.basicAuth.username")[0]
            password = json_path(local.file.endpoints.content, ".logs.basicAuth.password")[0]
        }
    }
 }
 // The Tail Sampling processor will use a set of policies to determine which received traces to keep
 // and send to Tempo.
 otelcol.processor.tail_sampling "errors" {
    // Total wait time from the start of a trace before making a sampling decision. Note that smaller time
    // periods can potentially cause a decision to be made before the end of a trace has occurred.
    decision_wait = "30s"
    // The following policies follow a logical OR pattern, meaning that if any of the policies match,
    // the trace will be kept. For logical AND, you can use the `and` policy. Every span of a trace is
    // examined by each policy in turn. A match will cause a short-circuit.
    // This policy defines that traces that contain errors should be kept.
    policy {
        // The name of the policy can be used for logging purposes.
        name = "sample-erroring-traces"
        // The type must match the type of policy to be used, in this case examing the status code
        // of every span in the trace.
        type = "status_code"
        // This block determines the error codes that should match in order to keep the trace,
        // in this case the OpenTelemetry 'ERROR' code.
        status_code {
            status_codes = [ "ERROR" ]
        }
    }
    // This policy defines that only traces that are longer than 200ms in total should be kept.
    policy {
        // The name of the policy can be used for logging purposes.
        name = "sample-long-traces"
        // The type must match the policy to be used, in this case the total latency of the trace.
        type = "latency"
        // This block determines the total length of the trace in milliseconds.
        latency {
            threshold_ms = 200
        }
    }
    // The output block forwards the kept traces onto the batch processor, which will marshall them
    // for exporting to Tempo.
    output {
        traces = [otelcol.processor.batch.default.input]
    }
 }
 // The Spanmetrics Connector will generate RED metrics based on the incoming trace span data.
 otelcol.connector.spanmetrics "tracemetrics" {
    // The namespace explicit adds a prefix to all the generated span metrics names.
    // In this case, we'll ensure they match as closely as possible those generated by Tempo.
    namespace = "traces.spanmetrics"
    // Each extra dimension (metrics label) to be added to the generated metrics from matching span attributes. These
    // need to be defined with a name and optionally a default value (in the following cases, we do not want a default
    // value if the span attribute is not present).
    dimension {
        name = "http.method"
    }
    dimension {
        name = "http.target"
    }
    dimension {
        name = "http.status_code"
    }
    dimension {
        name = "service.version"
    }
    // A histogram block must be present, either explicitly defining bucket values or via an exponential block.
    // We do the latter here.
    histogram {
        explicit {
        }
    }
    // The exemplar block is added to ensure we generate exemplars for traces on relevant metric values.
    exemplars {
        enabled = true
    }
    // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
    // it gets transformed into Prometheus format data.
    output {
        metrics = [otelcol.exporter.prometheus.tracemetrics.input]
    }
 }
 // The Servicegraph Connector will generate service graph metrics (edges and nodes) based on incoming trace spans.
 otelcol.connector.servicegraph "tracemetrics" {
    // Extra dimensions (metrics labels) to be added to the generated metrics from matching span attributes.
    // For this component, this is defined as an array. There are no default values and the labels will not be generated
    // for missing span attributes.
    dimensions = [
        "http.method",
        "http.target",
        "http.status_code",
        "service.version",
    ]
    // Generated metrics data is in OTLP format. We send this data to the OpenTelemetry Prometheus exporter to ensure
    // it gets transformed into Prometheus format data.
    output {
        metrics = [otelcol.exporter.prometheus.tracemetrics.input]
    }
 }
 otelcol.exporter.prometheus "tracemetrics" {
    // Forward to our local Prometheus remote writer which will send the metrics to Mimir.
    forward_to = [prometheus.remote_write.mimir.receiver]
 }
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Profiling
 /////////////////////////////////////////////////////////////////////////////////////////////////////////////
 pyroscope.write "pyroscope" {
        endpoint {
                url = json_path(local.file.endpoints.content, ".profiles.url")[0]
                basic_auth {
                        username = json_path(local.file.endpoints.content, ".profiles.basicAuth.username")[0]
                        password = json_path(local.file.endpoints.content, ".profiles.basicAuth.password")[0]
                }
        }
        external_labels = {}
 }
 pyroscope.ebpf "rinoadocker" {
        forward_to = [pyroscope.write.pyroscope.receiver]
        targets = discovery.docker.rinoadocker.targets
 }
@@ -0,0 +1,34 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "metrics": {
        "url": "http://grafana-mimir:9009/api/v1/push",
        "basicAuth": {
            "username": "",
            "password": ""
        }
    },
    "logs": {
        "url": "http://grafana-loki:3100/loki/api/v1/push",
        "basicAuth": {
            "username": "",
            "password": ""
        }
    },
    "traces": {
        "url": "http://grafana-tempo:4317",
        "basicAuthToken": "",
        "tls": {
            "insecure": true,
            "insecureSkipVerify": true
        }
    },
    "profiles": {
        "url": "http://grafana-pyroscope:4040",
        "basicAuth": {
            "username": "",
            "password": ""
        }
    }
 }
@@ -0,0 +1,7 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 routes:
  patterns:
    - /*
  unmatched: heuristic
@@ -0,0 +1,77 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 multitenancy_enabled: false
 no_auth_tenant: rinoa_mimir
 # target: query-frontend
 # api:
 #   prometheus_http_prefix: '/prometheus'
 server:
  http_listen_port: 9009
 # frontend:
 #   split_queries_by_interval: 24h
 #   align_queries_with_step: true
  # cache_results: true
  # results_cache:
  #   backend: "memcached"
  #   memcached:
  #     addresses: "memcached-mimir:11211"
 #   downstream_url: http://grafana-agent:12345
 common:
  storage:
    backend: s3
    s3:
      endpoint: minio:9000
      access_key_id: "Q8KAihuXtGgmretKNh7C"
      secret_access_key: "hOlRODtnvFlNlL26Bj3GizZG6Ys3rlpG8p6Vo3NX"
      bucket_name: "mimir"
      insecure: true
 blocks_storage:
  storage_prefix: rinoa
  tsdb:
    dir: /tmp/mimir/tsdb
 memberlist:
  tls_enabled: false
 compactor:
  # Directory to temporarily store blocks underdoing compaction.
  data_dir: /tmp/mimir/compactor
  # The sharding ring type used to share the hashed ring for the compactor.
  sharding_ring:
    # Use memberlist backend store (the default).
    kvstore:
      store: memberlist
 # The distributor receives incoming metrics data for the system.
 distributor:
  # The ring to share hash ring data across instances.
  ring:
    # The address advertised in the ring. Localhost.
    instance_addr: 127.0.0.1
    # Use memberlist backend store (the default).
    kvstore:
      store: memberlist
 # The ingester receives data from the distributor and processes it into indices and blocks.
 ingester:
  # The ring to share hash ring data across instances.
  ring:
    # The address advertised in the ring. Localhost.
    instance_addr: 127.0.0.1
    # Use memberlist backend store (the default).
    kvstore:
      store: memberlist
    # Only run one instance of the ingesters.
    # Note: It is highly recommended to run more than one ingester in production, the default is an RF of 3.
    replication_factor: 1
 # The store gateway block configures gateway storage.
 store_gateway:
  # Configuration for the hash ring.
  sharding_ring:
    # Only run a single instance. In production setups, the replication factor must
    # be set on the querier and ruler as well.
    replication_factor: 1
@@ -0,0 +1,12 @@
 storage:
  backend: s3
  s3:
    bucket_name: pyroscope
    endpoint: minio:9000
    region: us-east-fh-pln
    access_key_id: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_ACCESS_KEY'] }}
    secret_access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_PYROSCOPE_STORAGE_SECRET_KEY'] }}
    insecure: true
 analytics:
  reporting_enabled: false
@@ -0,0 +1,787 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 target: all
 http_api_prefix: ""
 autocomplete_filtering_enabled: true
 server:
    http_listen_network: tcp
    http_listen_address: ""
    http_listen_port: 80
    http_listen_conn_limit: 0
    grpc_listen_network: tcp
    grpc_listen_address: ""
    grpc_listen_port: 9095
    grpc_listen_conn_limit: 0
    tls_cipher_suites: ""
    tls_min_version: ""
    http_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    grpc_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    register_instrumentation: true
    report_grpc_codes_in_instrumentation_label_enabled: false
    graceful_shutdown_timeout: 30s
    http_server_read_timeout: 30s
    http_server_read_header_timeout: 0s
    http_server_write_timeout: 30s
    http_server_idle_timeout: 2m0s
    http_log_closed_connections_without_response_enabled: false
    grpc_server_max_recv_msg_size: 16777216
    grpc_server_max_send_msg_size: 16777216
    grpc_server_max_concurrent_streams: 100
    grpc_server_max_connection_idle: 2562047h47m16.854775807s
    grpc_server_max_connection_age: 2562047h47m16.854775807s
    grpc_server_max_connection_age_grace: 2562047h47m16.854775807s
    grpc_server_keepalive_time: 2h0m0s
    grpc_server_keepalive_timeout: 20s
    grpc_server_min_time_between_pings: 10s
    grpc_server_ping_without_stream_allowed: true
    grpc_server_num_workers: 0
    log_format: logfmt
    log_level: info
    log_source_ips_enabled: false
    log_source_ips_header: ""
    log_source_ips_regex: ""
    log_request_headers: false
    log_request_at_info_level_enabled: false
    log_request_exclude_headers_list: ""
    http_path_prefix: ""
 internal_server:
    http_listen_network: tcp
    http_listen_address: ""
    http_listen_port: 3101
    http_listen_conn_limit: 0
    grpc_listen_network: ""
    grpc_listen_address: ""
    grpc_listen_port: 0
    grpc_listen_conn_limit: 0
    tls_cipher_suites: ""
    tls_min_version: ""
    http_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    grpc_tls_config:
        cert: ""
        key: null
        client_ca: ""
        cert_file: ""
        key_file: ""
        client_auth_type: ""
        client_ca_file: ""
    register_instrumentation: false
    report_grpc_codes_in_instrumentation_label_enabled: false
    graceful_shutdown_timeout: 30s
    http_server_read_timeout: 30s
    http_server_read_header_timeout: 0s
    http_server_write_timeout: 30s
    http_server_idle_timeout: 2m0s
    http_log_closed_connections_without_response_enabled: false
    grpc_server_max_recv_msg_size: 0
    grpc_server_max_send_msg_size: 0
    grpc_server_max_concurrent_streams: 0
    grpc_server_max_connection_idle: 0s
    grpc_server_max_connection_age: 0s
    grpc_server_max_connection_age_grace: 0s
    grpc_server_keepalive_time: 0s
    grpc_server_keepalive_timeout: 0s
    grpc_server_min_time_between_pings: 0s
    grpc_server_ping_without_stream_allowed: false
    grpc_server_num_workers: 0
    log_format: logfmt
    log_level: info
    log_source_ips_enabled: false
    log_source_ips_header: ""
    log_source_ips_regex: ""
    log_request_headers: false
    log_request_at_info_level_enabled: false
    log_request_exclude_headers_list: ""
    http_path_prefix: ""
    enable: false
 distributor:
    ring:
        kvstore:
            store: memberlist
            prefix: collectors/
            consul:
                host: localhost:8500
                acl_token: ""
                http_client_timeout: 20s
                consistent_reads: false
                watch_rate_limit: 1
                watch_burst_size: 1
                cas_retry_delay: 1s
            etcd:
                endpoints: []
                dial_timeout: 10s
                max_retries: 10
                tls_enabled: false
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: ""
                username: ""
                password: ""
            multi:
                primary: ""
                secondary: ""
                mirror_enabled: false
                mirror_timeout: 2s
        heartbeat_period: 5s
        heartbeat_timeout: 5m0s
        instance_id: local-instance
        instance_interface_names:
            - eth0
            - en0
        instance_port: 0
        instance_addr: ""
    receivers: {}
    override_ring_key: distributor
    forwarders: []
    extend_writes: true
    retry_after_on_resource_exhausted: 0s
 ingester_client:
    pool_config:
        checkinterval: 15s
        healthcheckenabled: true
        healthchecktimeout: 1s
        maxconcurrenthealthchecks: 0
    remote_timeout: 5s
    grpc_client_config:
        max_recv_msg_size: 104857600
        max_send_msg_size: 104857600
        grpc_compression: snappy
        rate_limit: 0
        rate_limit_burst: 0
        backoff_on_ratelimits: false
        backoff_config:
            min_period: 100ms
            max_period: 10s
            max_retries: 10
        initial_stream_window_size: 63KiB1023B
        initial_connection_window_size: 63KiB1023B
        tls_enabled: false
        tls_cert_path: ""
        tls_key_path: ""
        tls_ca_path: ""
        tls_server_name: ""
        tls_insecure_skip_verify: false
        tls_cipher_suites: ""
        tls_min_version: ""
        connect_timeout: 5s
        connect_backoff_base_delay: 1s
        connect_backoff_max_delay: 5s
 metrics_generator_client:
    pool_config:
        checkinterval: 15s
        healthcheckenabled: true
        healthchecktimeout: 1s
        maxconcurrenthealthchecks: 0
    remote_timeout: 5s
    grpc_client_config:
        max_recv_msg_size: 104857600
        max_send_msg_size: 104857600
        grpc_compression: snappy
        rate_limit: 0
        rate_limit_burst: 0
        backoff_on_ratelimits: false
        backoff_config:
            min_period: 100ms
            max_period: 10s
            max_retries: 10
        initial_stream_window_size: 63KiB1023B
        initial_connection_window_size: 63KiB1023B
        tls_enabled: false
        tls_cert_path: ""
        tls_key_path: ""
        tls_ca_path: ""
        tls_server_name: ""
        tls_insecure_skip_verify: false
        tls_cipher_suites: ""
        tls_min_version: ""
        connect_timeout: 5s
        connect_backoff_base_delay: 1s
        connect_backoff_max_delay: 5s
 querier:
    search:
        query_timeout: 30s
        prefer_self: 10
        external_hedge_requests_at: 8s
        external_hedge_requests_up_to: 2
        external_backend: ""
        google_cloud_run: null
        external_endpoints: []
    trace_by_id:
        query_timeout: 10s
    max_concurrent_queries: 20
    frontend_worker:
        frontend_address: 127.0.0.1:9095
        dns_lookup_duration: 10s
        parallelism: 2
        match_max_concurrent: true
        id: ""
        grpc_client_config:
            max_recv_msg_size: 104857600
            max_send_msg_size: 16777216
            grpc_compression: gzip
            rate_limit: 0
            rate_limit_burst: 0
            backoff_on_ratelimits: false
            backoff_config:
                min_period: 100ms
                max_period: 1s
                max_retries: 5
            initial_stream_window_size: 0B
            initial_connection_window_size: 0B
            tls_enabled: false
            tls_cert_path: ""
            tls_key_path: ""
            tls_ca_path: ""
            tls_server_name: ""
            tls_insecure_skip_verify: false
            tls_cipher_suites: ""
            tls_min_version: ""
            connect_timeout: 0s
            connect_backoff_base_delay: 0s
            connect_backoff_max_delay: 0s
    query_relevant_ingesters: false
 query_frontend:
    max_outstanding_per_tenant: 2000
    querier_forget_delay: 0s
    max_batch_size: 5
    max_retries: 2
    search:
        concurrent_jobs: 1000
        target_bytes_per_job: 104857600
        default_result_limit: 20
        max_result_limit: 0
        max_duration: 168h0m0s
        query_backend_after: 15m0s
        query_ingesters_until: 30m0s
    trace_by_id:
        query_shards: 50
        hedge_requests_at: 2s
        hedge_requests_up_to: 2
    metrics:
        concurrent_jobs: 1000
        target_bytes_per_job: 104857600
        max_duration: 0s
        query_backend_after: 1h0m0s
        interval: 5m0s
    multi_tenant_queries_enabled: true
 compactor:
    ring:
        kvstore:
            store: ""
            prefix: collectors/
            consul:
                host: localhost:8500
                acl_token: ""
                http_client_timeout: 20s
                consistent_reads: false
                watch_rate_limit: 1
                watch_burst_size: 1
                cas_retry_delay: 1s
            etcd:
                endpoints: []
                dial_timeout: 10s
                max_retries: 10
                tls_enabled: false
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: ""
                username: ""
                password: ""
            multi:
                primary: ""
                secondary: ""
                mirror_enabled: false
                mirror_timeout: 2s
        heartbeat_period: 5s
        heartbeat_timeout: 1m0s
        wait_stability_min_duration: 1m0s
        wait_stability_max_duration: 5m0s
        instance_id: local-instance
        instance_interface_names:
            - eth0
            - en0
        instance_port: 0
        instance_addr: ""
        enable_inet6: false
        wait_active_instance_timeout: 10m0s
    compaction:
        v2_in_buffer_bytes: 5242880
        v2_out_buffer_bytes: 20971520
        v2_prefetch_traces_count: 1000
        compaction_window: 1h0m0s
        max_compaction_objects: 6000000
        max_block_bytes: 107374182400
        block_retention: 336h0m0s
        compacted_block_retention: 1h0m0s
        retention_concurrency: 10
        max_time_per_tenant: 5m0s
        compaction_cycle: 30s
    override_ring_key: compactor
 ingester:
    lifecycler:
        ring:
            kvstore:
                store: inmemory
                prefix: collectors/
                consul:
                    host: localhost:8500
                    acl_token: ""
                    http_client_timeout: 20s
                    consistent_reads: false
                    watch_rate_limit: 1
                    watch_burst_size: 1
                    cas_retry_delay: 1s
                etcd:
                    endpoints: []
                    dial_timeout: 10s
                    max_retries: 10
                    tls_enabled: false
                    tls_cert_path: ""
                    tls_key_path: ""
                    tls_ca_path: ""
                    tls_server_name: ""
                    tls_insecure_skip_verify: false
                    tls_cipher_suites: ""
                    tls_min_version: ""
                    username: ""
                    password: ""
                multi:
                    primary: ""
                    secondary: ""
                    mirror_enabled: false
                    mirror_timeout: 2s
            heartbeat_timeout: 5m0s
            replication_factor: 1
            zone_awareness_enabled: false
            excluded_zones: ""
        num_tokens: 128
        heartbeat_period: 5s
        heartbeat_timeout: 1m0s
        observe_period: 0s
        join_after: 0s
        min_ready_duration: 15s
        interface_names:
            - en0
            - bridge100
        enable_inet6: false
        final_sleep: 0s
        tokens_file_path: ""
        availability_zone: ""
        unregister_on_shutdown: true
        readiness_check_ring_health: true
        address: 127.0.0.1
        port: 0
        id: local-instance
    concurrent_flushes: 4
    flush_check_period: 10s
    flush_op_timeout: 5m0s
    trace_idle_period: 10s
    max_block_duration: 30m0s
    max_block_bytes: 524288000
    complete_block_timeout: 15m0s
    override_ring_key: ring
    flush_all_on_shutdown: false
 metrics_generator:
    ring:
        kvstore:
            store: inmemory
            prefix: collectors/
            consul:
                host: localhost:8500
                acl_token: ""
                http_client_timeout: 20s
                consistent_reads: false
                watch_rate_limit: 1
                watch_burst_size: 1
                cas_retry_delay: 1s
            etcd:
                endpoints: []
                dial_timeout: 10s
                max_retries: 10
                tls_enabled: false
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: ""
                username: ""
                password: ""
            multi:
                primary: ""
                secondary: ""
                mirror_enabled: false
                mirror_timeout: 2s
        heartbeat_period: 5s
        heartbeat_timeout: 1m0s
        instance_id: local-instance
        instance_interface_names:
            - eth0
            - en0
        instance_addr: 127.0.0.1
        instance_port: 0
        enable_inet6: false
    processor:
        service_graphs:
            wait: 10s
            max_items: 10000
            workers: 10
            histogram_buckets:
                - 0.1
                - 0.2
                - 0.4
                - 0.8
                - 1.6
                - 3.2
                - 6.4
                - 12.8
            dimensions: []
            enable_client_server_prefix: false
            peer_attributes:
                - peer.service
                - db.name
                - db.system
            span_multiplier_key: ""
        span_metrics:
            histogram_buckets:
                - 0.002
                - 0.004
                - 0.008
                - 0.016
                - 0.032
                - 0.064
                - 0.128
                - 0.256
                - 0.512
                - 1.024
                - 2.048
                - 4.096
                - 8.192
                - 16.384
            intrinsic_dimensions:
                service: true
                span_name: true
                span_kind: true
                status_code: true
            dimensions: []
            dimension_mappings: []
            enable_target_info: false
            span_multiplier_key: ""
            subprocessors:
                0: true
                1: true
                2: true
            filter_policies: []
            target_info_excluded_dimensions: []
        local_blocks:
            block:
                bloom_filter_false_positive: 0.01
                bloom_filter_shard_size_bytes: 102400
                version: vParquet3
                search_encoding: snappy
                search_page_size_bytes: 1048576
                v2_index_downsample_bytes: 1048576
                v2_index_page_size_bytes: 256000
                v2_encoding: zstd
                parquet_row_group_size_bytes: 100000000
                parquet_dedicated_columns: []
            search:
                chunk_size_bytes: 1000000
                prefetch_trace_count: 1000
                read_buffer_count: 32
                read_buffer_size_bytes: 1048576
                cache_control:
                    footer: false
                    column_index: false
                    offset_index: false
            flush_check_period: 10s
            trace_idle_period: 10s
            max_block_duration: 1m0s
            max_block_bytes: 500000000
            complete_block_timeout: 1h0m0s
            max_live_traces: 0
            concurrent_blocks: 10
            filter_server_spans: true
    registry:
        collection_interval: 15s
        stale_duration: 15m0s
        max_label_name_length: 1024
        max_label_value_length: 2048
    storage:
        path: ""
        wal:
            wal_segment_size: 134217728
            wal_compression: none
            stripe_size: 16384
            truncate_frequency: 2h0m0s
            min_wal_time: 300000
            max_wal_time: 14400000
            no_lockfile: false
        remote_write_flush_deadline: 1m0s
        remote_write_add_org_id_header: true
    traces_storage:
        path: ""
        completedfilepath: ""
        blocksfilepath: ""
        v2_encoding: none
        search_encoding: none
        ingestion_time_range_slack: 0s
        version: vParquet3
    metrics_ingestion_time_range_slack: 30s
    query_timeout: 30s
    override_ring_key: metrics-generator
 storage:
    trace:
        pool:
            max_workers: 400
            queue_depth: 20000
        wal:
            path: /tmp/tempo/wal
            completedfilepath: /tmp/tempo/wal/completed
            blocksfilepath: /tmp/tempo/wal/blocks
            v2_encoding: snappy
            search_encoding: none
            ingestion_time_range_slack: 2m0s
            version: vParquet3
        block:
            bloom_filter_false_positive: 0.01
            bloom_filter_shard_size_bytes: 102400
            version: vParquet3
            search_encoding: snappy
            search_page_size_bytes: 1048576
            v2_index_downsample_bytes: 1048576
            v2_index_page_size_bytes: 256000
            v2_encoding: zstd
            parquet_row_group_size_bytes: 100000000
            parquet_dedicated_columns: []
        search:
            chunk_size_bytes: 1000000
            prefetch_trace_count: 1000
            read_buffer_count: 32
            read_buffer_size_bytes: 1048576
            cache_control:
                footer: false
                column_index: false
                offset_index: false
        blocklist_poll: 5m0s
        blocklist_poll_concurrency: 50
        blocklist_poll_fallback: true
        blocklist_poll_tenant_index_builders: 2
        blocklist_poll_stale_tenant_index: 0s
        blocklist_poll_jitter_ms: 0
        blocklist_poll_tolerate_consecutive_errors: 1
        backend: local
        local:
            path: /tmp/tempo/traces
        gcs:
            bucket_name: ""
            prefix: ""
            chunk_buffer_size: 10485760
            endpoint: ""
            hedge_requests_at: 0s
            hedge_requests_up_to: 2
            insecure: false
            object_cache_control: ""
            object_metadata: {}
            list_blocks_concurrency: 3
        s3:
            tls_cert_path: ""
            tls_key_path: ""
            tls_ca_path: ""
            tls_server_name: ""
            tls_insecure_skip_verify: false
            tls_cipher_suites: ""
            tls_min_version: VersionTLS12
            bucket: ""
            prefix: ""
            endpoint: ""
            region: ""
            access_key: ""
            secret_key: ""
            session_token: ""
            insecure: false
            part_size: 0
            hedge_requests_at: 0s
            hedge_requests_up_to: 2
            signature_v2: false
            forcepathstyle: false
            bucket_lookup_type: 0
            tags: {}
            storage_class: ""
            metadata: {}
            native_aws_auth_enabled: false
            list_blocks_concurrency: 3
        azure:
            storage_account_name: ""
            storage_account_key: ""
            use_managed_identity: false
            use_federated_token: false
            user_assigned_id: ""
            container_name: ""
            prefix: ""
            endpoint_suffix: blob.core.windows.net
            max_buffers: 4
            buffer_size: 3145728
            hedge_requests_at: 0s
            hedge_requests_up_to: 2
            use_v2_sdk: false
        cache: ""
        background_cache:
            writeback_goroutines: 10
            writeback_buffer: 10000
        memcached: null
        redis: null
        cache_min_compaction_level: 0
        cache_max_block_age: 0s
 overrides:
    defaults:
        ingestion:
            rate_strategy: local
            rate_limit_bytes: 15000000
            burst_size_bytes: 20000000
            max_traces_per_user: 10000
        read:
            max_bytes_per_tag_values_query: 5000000
        global:
            max_bytes_per_trace: 5000000
    per_tenant_override_config: ""
    per_tenant_override_period: 10s
    user_configurable_overrides:
        enabled: false
        poll_interval: 1m0s
        client:
            backend: ""
            confirm_versioning: true
            local:
                path: ""
            gcs:
                bucket_name: ""
                prefix: ""
                chunk_buffer_size: 10485760
                endpoint: ""
                hedge_requests_at: 0s
                hedge_requests_up_to: 2
                insecure: false
                object_cache_control: ""
                object_metadata: {}
                list_blocks_concurrency: 3
            s3:
                tls_cert_path: ""
                tls_key_path: ""
                tls_ca_path: ""
                tls_server_name: ""
                tls_insecure_skip_verify: false
                tls_cipher_suites: ""
                tls_min_version: VersionTLS12
                bucket: ""
                prefix: ""
                endpoint: ""
                region: ""
                access_key: ""
                secret_key: ""
                session_token: ""
                insecure: false
                part_size: 0
                hedge_requests_at: 0s
                hedge_requests_up_to: 2
                signature_v2: false
                forcepathstyle: false
                bucket_lookup_type: 0
                tags: {}
                storage_class: ""
                metadata: {}
                native_aws_auth_enabled: false
                list_blocks_concurrency: 3
            azure:
                storage_account_name: ""
                storage_account_key: ""
                use_managed_identity: false
                use_federated_token: false
                user_assigned_id: ""
                container_name: ""
                prefix: ""
                endpoint_suffix: blob.core.windows.net
                max_buffers: 4
                buffer_size: 3145728
                hedge_requests_at: 0s
                hedge_requests_up_to: 2
                use_v2_sdk: false
        api:
            check_for_conflicting_runtime_overrides: false
 memberlist:
    node_name: ""
    randomize_node_name: true
    stream_timeout: 2s
    retransmit_factor: 2
    pull_push_interval: 30s
    gossip_interval: 1s
    gossip_nodes: 2
    gossip_to_dead_nodes_time: 30s
    dead_node_reclaim_time: 0s
    compression_enabled: false
    advertise_addr: ""
    advertise_port: 7946
    cluster_label: ""
    cluster_label_verification_disabled: false
    join_members: []
    min_join_backoff: 1s
    max_join_backoff: 1m0s
    max_join_retries: 10
    abort_if_cluster_join_fails: false
    rejoin_interval: 0s
    left_ingesters_timeout: 5m0s
    leave_timeout: 20s
    message_history_buffer_bytes: 0
    bind_addr: []
    bind_port: 7946
    packet_dial_timeout: 2s
    packet_write_timeout: 5s
    tls_enabled: false
    tls_cert_path: ""
    tls_key_path: ""
    tls_ca_path: ""
    tls_server_name: ""
    tls_insecure_skip_verify: false
    tls_cipher_suites: ""
    tls_min_version: ""
 usage_report:
    reporting_enabled: true
    backoff:
        min_period: 100ms
        max_period: 10s
        max_retries: 0
 cache:
    background:
        writeback_goroutines: 10
        writeback_buffer: 10000
    caches: []
@@ -0,0 +1,54 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 server:
  http_listen_port: 3200
 distributor:
  receivers:                           # this configuration will listen on all ports and protocols that tempo is capable of.
    jaeger:                            # the receives all come from the OpenTelemetry collector.  more configuration information can
      protocols:                       # be found there: https://github.com/open-telemetry/opentelemetry-collector/tree/main/receiver
        thrift_http:                   #
        grpc:                          # for a production deployment you should only enable the receivers you need!
        thrift_binary:
        thrift_compact:
    zipkin:
    otlp:
      protocols:
        http:
        grpc:
    opencensus:
 ingester:
  max_block_duration: 5m               # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
 compactor:
  compaction:
    block_retention: 1h                # overall Tempo trace retention. set for demo purposes
 # metrics_generator:
 #   registry:
 #     external_labels:
 #       source: tempo
 #       cluster: docker-compose
 #   storage:
 #     path: /tmp/tempo/generator/wal
 #     remote_write:
 #       - url: http://grafana-alloy:12345/api/v1/write
 #         send_exemplars: true
 storage:
  trace:
    backend: s3                        # backend configuration to use
    wal:
      path: /tmp/tempo/wal             # where to store the the wal locally
    s3:
      bucket: tempo                    # how to store data in s3
      endpoint: minio:9000
      access_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_ACCESS_KEY'] }}
      secret_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MINIO_TEMPO_STORAGE_SECRET_KEY'] }}
      insecure: true
 usage_report:
  reporting_enabled: false
@@ -0,0 +1,22 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/bookmarks
 #- Developer:
 #    - Github:
 #        - abbr: GH
 #          href: https://github.com/
 #
 #- Social:
 #    - Reddit:
 #        - abbr: RE
 #          href: https://reddit.com/
 #
 #- Entertainment:
 #    - YouTube:
 #        - abbr: YT
 #          href: https://youtube.com/
@@ -0,0 +1,15 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/docker/
 # my-docker:
 #   host: 127.0.0.1
 #   port: 2375
 my-docker:
   host: dockerproxy
   port: 2375
@@ -0,0 +1,6 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # sample kubernetes config
@@ -0,0 +1,33 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/services
 #- My First Group:
 #    - My First Service:
 #        href: http://localhost/
 #        description: Homepage is awesome
 #
 #- My Second Group:
 #    - My Second Service:
 #        href: http://localhost/
 #        description: Homepage is the best
 #
 #- My Third Group:
 #    - My Third Service:
 #        href: http://localhost/
 #        description: Homepage is 😎
 - Automation:
    - Home Assistant (Rikku):
        href: https://ha.trez.wtf
        description: Smart Home
        icon: home-assistant.png
        weight: 0
        widget:
            type: homeassistant
            url: http://192.168.1.252:8123
            key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_HOME_ASSISTANT_API_KEY'] }}
@@ -0,0 +1,60 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/settings
 providers:
  openweathermap: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}
  # weatherapi: weatherapiapikey
 title: Rinoa Dashboard (trez.WTF)
 headerStyle: underlined
 color: slate
 showStats: true
 statusStyle: "dot"
 favicon: /icons/favicon.ico
 useEqualHeights: false
 hideErrors: false
 searchDescriptions: true
 showSearchSuggestions: true
 provider: duckduckgo
 layout:
  System Administration:
    style: row
    columns: 4
    # fiveColumns: true
  Infrastructure/App Performance Monitoring:
    style: row
    columns: 4
  Automation:
    style: columns
    row: 2
  Code/DevOps:
    style: columms
    row: 2
  Privacy/Security:
    style: columns
    row: 5
  Social:
    style: columns
    row: 4
  Lifestyle:
    style: row
    columns: 4
  Personal Services:
    style: row
    columns: 4
  Professional Services:
    style: row
    columns: 3
  Servarr Stack:
    style: row
    columns: 3
  Downloaders:
    style: row
    columns: 3
  Media Library:
    style: row
    columns: 4
@@ -0,0 +1,33 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/en/configs/widgets
 - resources:
    label: System
    cpu: true
    memory: true
    cputemp: true
    uptime: true
 - resources:
    label: Storage
    expanded: true
    disk:
        - /
        - /rinoa-storage
 - search:
    provider: custom
    url: https://search.trez.wtf/search?q=
    target: _blank
 - openweathermap:
    label: New York
    latitude: 40.72
    longitude: -73.85
    units: imperial
    provider: openweathermap
    cache: 10
@@ -0,0 +1,52 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # IN application vars
 IN_APP_URL=http://in.localhost:8003
 IN_APP_KEY=<insert your generated key in here>
 IN_APP_DEBUG=true
 IN_REQUIRE_HTTPS=false
 IN_PHANTOMJS_PDF_GENERATION=false
 IN_PDF_GENERATOR=snappdf
 IN_TRUSTED_PROXIES='*'
 IN_QUEUE_CONNECTION=database
 # DB connection
 IN_DB_HOST=db
 IN_DB_PORT=3306
 IN_DB_DATABASE=ninja
 IN_DB_USERNAME=ninja
 IN_DB_PASSWORD=ninja
 # Create initial user
 # Default to these values if empty
 # IN_USER_EMAIL=admin@example.com
 # IN_PASSWORD=changeme!
 IN_USER_EMAIL=
 IN_PASSWORD=
 # Mail options
 IN_MAIL_MAILER=log
 IN_MAIL_HOST=smtp.mailtrap.io
 IN_MAIL_PORT=2525
 IN_MAIL_USERNAME=null
 IN_MAIL_PASSWORD=null
 IN_MAIL_ENCRYPTION=null
 IN_MAIL_FROM_ADDRESS='user@example.com'
 IN_MAIL_FROM_NAME='Self Hosted User'
 # MySQL
 IN_MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword
 IN_MYSQL_USER=ninja
 IN_MYSQL_PASSWORD=ninja
 IN_MYSQL_DATABASE=ninja
 # GoCardless/Nordigen API key for banking integration
 NORDIGEN_SECRET_ID=
 NORDIGEN_SECRET_KEY=
 # V4 env vars
 # DB_STRICT=false
 # APP_CIPHER=AES-256-CBC
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <BindAddress>*</BindAddress>
  <Port>8686</Port>
  <SslPort>6868</SslPort>
  <EnableSsl>False</EnableSsl>
  <LaunchBrowser>True</LaunchBrowser>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <Branch>master</Branch>
  <LogLevel>trace</LogLevel>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <UrlBase></UrlBase>
  <InstanceName>Lidarr</InstanceName>
  <UpdateMechanism>Docker</UpdateMechanism>
  <Theme>auto</Theme>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
 </Config>
@@ -0,0 +1,25 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "lidarr_address": "http://lidarr:8686",
    "lidarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}",
    "spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
    "root_folder_path": "/data/media/music",
    "spotify_client_id": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
    "spotify_client_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
    "fallback_to_top_result": false,
    "lidarr_api_timeout": 120.0,
    "quality_profile_id": 1,
    "metadata_profile_id": 1,
    "search_for_missing_albums": false,
    "dry_run_adding_to_lidarr": true,
    "app_name": "lidify",
    "app_rev": "0.09",
    "app_url": "lidify.trez.wtf",
    "last_fm_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
    "last_fm_api_secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
    "mode": "LastFM",
    "auto_start": false,
    "auto_start_delay": 60
 }
@@ -0,0 +1,63 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "sourceDefaults": {
      "maxPollRetries": 0,          // optional, default # of automatic polling restarts on error. can be overridden by property in individual config
      "maxRequestRetries": 1,       // optional, default # of http request retries a source can make before error is thrown. can be overridden by property in individual config
      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
    },
    "clientDefaults": {
      "maxRequestRetries": 1,       // optional, default # of http request retries a client can make before error is thrown. can be overridden by property in individual config
      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
    },
    "clients": [
        {
            "name": "Last.fm Client",
            "enable": true,
            "configureAs": "client",
            "data": {
            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
            "redirectUri": "http://localhost:9078/lastfm/callback"
            }
        },
        {
            "name": "Last.fm Source",
            "enable": true,
            "configureAs": "source",
            "data": {
            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
            "redirectUri": "http://localhost:9078/lastfm/callback"
            }
        },
        {
            "name": "Maloja",
            "enable": true,
            "data": {
            "url": "http://maloja:42010",
            "apiKey": "myMalojaKey"
            }
        },
        {
          "name": "ListenBrainz Client",
          "enable": true,
          "configureAs": "client",
          "data": {
            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
            "username": "Trez.One"
          }
        },
        {
          "name": "ListenBrainz Source",
          "enable": true,
          "configureAs": "source",
          "data": {
            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
            "username": "Trez.One"
          }
        }
      ]
  }
 }
@@ -0,0 +1,106 @@
 {
  "Stuns": [
    {
      "Proto": "udp",
      "URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
      "Username": "",
      "Password": null
    }
  ],
  "TURNConfig": {
    "Turns": [
      {
        "Proto": "udp",
        "URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
        "Username": "self",
        "Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
      }
    ],
    "CredentialsTTL": "12h",
    "Secret": "secret",
    "TimeBasedCredentials": false
  },
  "Relay": {
    "Addresses": [
      "rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
    ],
    "CredentialsTTL": "24h",
    "Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
  },
  "Signal": {
    "Proto": "https",
    "URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
    "Username": "",
    "Password": null
  },
  "ReverseProxy": {
    "TrustedHTTPProxies": [],
    "TrustedHTTPProxiesCount": 0,
    "TrustedPeers": [
      "0.0.0.0/0"
    ]
  },
  "Datadir": "",
  "DataStoreEncryptionKey": "",
  "StoreConfig": {
    "Engine": "sqlite"
  },
  "HttpConfig": {
    "Address": "0.0.0.0:33073",
    "AuthIssuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
    "AuthAudience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
    "AuthKeysLocation": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/keys",
    "AuthUserIDClaim": "",
    "CertFile": "",
    "CertKey": "",
    "IdpSignKeyRefreshEnabled": true,
    "OIDCConfigEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
  },
  "IdpManagerConfig": {
    "ManagerType": "zitadel",
    "ClientConfig": {
      "Issuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
      "ClientID": "netbird",
      "ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_SECRET'] }}",
      "GrantType": "client_credentials"
    },
    "ExtraConfig": {
      "ManagementEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/management/v1"
    },
    "Auth0ClientCredentials": null,
    "AzureClientCredentials": null,
    "KeycloakClientCredentials": null,
    "ZitadelClientCredentials": null
  },
  "DeviceAuthorizationFlow": {
    "Provider": "hosted",
    "ProviderConfig": {
      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
      "AuthorizationEndpoint": "",
      "Domain": "",
      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
      "ClientSecret": "",
      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
      "DeviceAuthEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/device_authorization",
      "Scope": "openid",
      "UseIDToken": false,
      "RedirectURLs": null
    }
  },
  "PKCEAuthorizationFlow": {
    "ProviderConfig": {
      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
      "ClientSecret": "",
      "Domain": "",
      "AuthorizationEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/authorize",
      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
      "Scope": "openid profile email offline_access api",
      "RedirectURLs": [
        "http://localhost:53000"
      ],
      "UseIDToken": false
    }
  }
 }
@@ -0,0 +1,122 @@
 {
    "issuer": "https://id.trez.wtf",
    "authorization_endpoint": "https://id.trez.wtf/oauth/v2/authorize",
    "token_endpoint": "https://id.trez.wtf/oauth/v2/token",
    "introspection_endpoint": "https://id.trez.wtf/oauth/v2/introspect",
    "userinfo_endpoint": "https://id.trez.wtf/oidc/v1/userinfo",
    "revocation_endpoint": "https://id.trez.wtf/oauth/v2/revoke",
    "end_session_endpoint": "https://id.trez.wtf/oidc/v1/end_session",
    "device_authorization_endpoint": "https://id.trez.wtf/oauth/v2/device_authorization",
    "jwks_uri": "https://id.trez.wtf/oauth/v2/keys",
    "scopes_supported": [
        "openid",
        "profile",
        "email",
        "phone",
        "address",
        "offline_access"
    ],
    "response_types_supported": [
        "code",
        "id_token",
        "id_token token"
    ],
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "refresh_token",
        "client_credentials",
        "urn:ietf:params:oauth:grant-type:jwt-bearer",
        "urn:ietf:params:oauth:grant-type:device_code"
    ],
    "subject_types_supported": [
        "public"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "request_object_signing_alg_values_supported": [
        "RS256"
    ],
    "token_endpoint_auth_methods_supported": [
        "none",
        "client_secret_basic",
        "client_secret_post",
        "private_key_jwt"
    ],
    "token_endpoint_auth_signing_alg_values_supported": [
        "RS256"
    ],
    "revocation_endpoint_auth_methods_supported": [
        "none",
        "client_secret_basic",
        "client_secret_post",
        "private_key_jwt"
    ],
    "revocation_endpoint_auth_signing_alg_values_supported": [
        "RS256"
    ],
    "introspection_endpoint_auth_methods_supported": [
        "client_secret_basic",
        "private_key_jwt"
    ],
    "introspection_endpoint_auth_signing_alg_values_supported": [
        "RS256"
    ],
    "claims_supported": [
        "sub",
        "aud",
        "exp",
        "iat",
        "iss",
        "auth_time",
        "nonce",
        "acr",
        "amr",
        "c_hash",
        "at_hash",
        "act",
        "scopes",
        "client_id",
        "azp",
        "preferred_username",
        "name",
        "family_name",
        "given_name",
        "locale",
        "email",
        "email_verified",
        "phone_number",
        "phone_number_verified"
    ],
    "code_challenge_methods_supported": [
        "S256"
    ],
    "ui_locales_supported": [
        "bg",
        "cs",
        "de",
        "en",
        "es",
        "fr",
        "hu",
        "id",
        "it",
        "ja",
        "ko",
        "mk",
        "nl",
        "pl",
        "pt",
        "ru",
        "sv",
        "zh"
    ],
    "request_parameter_supported": true,
    "request_uri_parameter_supported": false
 }
@@ -0,0 +1,725 @@
 # Coturn TURN SERVER configuration file
 #
 # Boolean values note: where a boolean value is supposed to be used,
 # you can use '0', 'off', 'no', 'false', or 'f' as 'false,
 # and you can use '1', 'on', 'yes', 'true', or 't' as 'true'
 # If the value is missing, then it means 'true' by default.
 #
 # Listener interface device (optional, Linux only).
 # NOT RECOMMENDED.
 #
 #listening-device=eth0
 # TURN listener port for UDP and TCP (Default: 3478).
 # Note: actually, TLS & DTLS sessions can connect to the
 # "plain" TCP & UDP port(s), too - if allowed by configuration.
 #
 listening-port=3478
 # TURN listener port for TLS (Default: 5349).
 # Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
 # port(s), too - if allowed by configuration. The TURN server
 # "automatically" recognizes the type of traffic. Actually, two listening
 # endpoints (the "plain" one and the "tls" one) are equivalent in terms of
 # functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs.
 # For secure TCP connections, Coturn currently supports SSL version 3 and
 # TLS version 1.0, 1.1 and 1.2.
 # For secure UDP connections, Coturn supports DTLS version 1.
 #
 tls-listening-port=5349
 # Alternative listening port for UDP and TCP listeners;
 # default (or zero) value means "listening port plus one".
 # This is needed for RFC 5780 support
 # (STUN extension specs, NAT behavior discovery). The TURN Server
 # supports RFC 5780 only if it is started with more than one
 # listening IP address of the same family (IPv4 or IPv6).
 # RFC 5780 is supported only by UDP protocol, other protocols
 # are listening to that endpoint only for "symmetry".
 #
 #alt-listening-port=0
 # Alternative listening port for TLS and DTLS protocols.
 # Default (or zero) value means "TLS listening port plus one".
 #
 #alt-tls-listening-port=0
 # Some network setups will require using a TCP reverse proxy in front
 # of the STUN server. If the proxy port option is set a single listener
 # is started on the given port that accepts connections using the
 # haproxy proxy protocol v2.
 # (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
 #
 #tcp-proxy-port=5555
 # Listener IP address of relay server. Multiple listeners can be specified.
 # If no IP(s) specified in the config file or in the command line options,
 # then all IPv4 and IPv6 system IPs will be used for listening.
 #
 #listening-ip=172.17.19.101
 #listening-ip=10.207.21.238
 #listening-ip=2607:f0d0:1002:51::4
 # Auxiliary STUN/TURN server listening endpoint.
 # Aux servers have almost full TURN and STUN functionality.
 # The (minor) limitations are:
 #
 # 1) Auxiliary servers do not have alternative ports and
 # they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
 #
 # 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
 #
 # Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
 #
 # There may be multiple aux-server options, each will be used for listening
 # to client requests.
 #
 #aux-server=172.17.19.110:33478
 #aux-server=[2607:f0d0:1002:51::4]:33478
 # (recommended for older Linuxes only)
 # Automatically balance UDP traffic over auxiliary servers (if configured).
 # The load balancing is using the ALTERNATE-SERVER mechanism.
 # The TURN client must support 300 ALTERNATE-SERVER response for this
 # functionality.
 #
 #udp-self-balance
 # Relay interface device for relay sockets (optional, Linux only).
 # NOT RECOMMENDED.
 #
 #relay-device=eth1
 # Relay address (the local IP address that will be used to relay the
 # packets to the peer).
 # Multiple relay addresses may be used.
 # The same IP(s) can be used as both listening IP(s) and relay IP(s).
 #
 # If no relay IP(s) specified, then the turnserver will apply the default
 # policy: it will decide itself which relay addresses to be used, and it
 # will always be using the client socket IP address as the relay IP address
 # of the TURN session (if the requested relay address family is the same
 # as the family of the client socket).
 #
 #relay-ip=172.17.19.105
 #relay-ip=2607:f0d0:1002:51::5
 # For Amazon EC2 users:
 #
 # TURN Server public/private address mapping, if the server is behind NAT.
 # In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
 # as relay IP address of all allocations. This scenario works only in a simple case
 # when one single relay address is be used, and no RFC5780 functionality is required.
 # That single relay address must be mapped by NAT to the 'external' IP.
 # The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
 # For that 'external' IP, NAT must forward ports directly (relayed port 12345
 # must be always mapped to the same 'external' port 12345).
 #
 # In more complex case when more than one IP address is involved,
 # that option must be used several times, each entry must
 # have form "-X <public-ip/private-ip>", to map all involved addresses.
 # RFC5780 NAT discovery STUN functionality will work correctly,
 # if the addresses are mapped properly, even when the TURN server itself
 # is behind A NAT.
 #
 # By default, this value is empty, and no address mapping is used.
 #
 # external-ip=193.224.22.37
 #
 #OR:
 #
 #external-ip=60.70.80.91/172.17.19.101
 #external-ip=60.70.80.92/172.17.19.102
 external-ip=108.29.206.17
 # Number of the relay threads to handle the established connections
 # (in addition to authentication thread and the listener thread).
 # If explicitly set to 0 then application runs relay process in a
 # single thread, in the same thread with the listener process
 # (the authentication thread will still be a separate thread).
 #
 # If this parameter is not set, then the default OS-dependent
 # thread pattern algorithm will be employed. Usually the default
 # algorithm is optimal, so you have to change this option
 # if you want to make some fine tweaks.
 #
 # In the older systems (Linux kernel before 3.9),
 # the number of UDP threads is always one thread per network listening
 # endpoint - including the auxiliary endpoints - unless 0 (zero) or
 # 1 (one) value is set.
 #
 #relay-threads=0
 # Lower and upper bounds of the UDP relay endpoints:
 # (default values are 49152 and 65535)
 #
 min-port=49152
 max-port=65535
 # Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
 # By default the verbose mode is off.
 #verbose
 # Uncomment to run TURN server in 'extra' verbose mode.
 # This mode is very annoying and produces lots of output.
 # Not recommended under normal circumstances.
 #
 #Verbose
 # Uncomment to use fingerprints in the TURN messages.
 # By default the fingerprints are off.
 #
 fingerprint
 # Uncomment to use long-term credential mechanism.
 # By default no credentials mechanism is used (any user allowed).
 #
 lt-cred-mech
 # This option is the opposite of lt-cred-mech.
 # (TURN Server with no-auth option allows anonymous access).
 # If neither option is defined, and no users are defined,
 # then no-auth is default. If at least one user is defined,
 # in this file, in command line or in usersdb file, then
 # lt-cred-mech is default.
 #
 #no-auth
 # TURN REST API flag.
 # (Time Limited Long Term Credential)
 # Flag that sets a special authorization option that is based upon authentication secret.
 #
 # This feature's purpose is to support "TURN Server REST API", see
 # "TURN REST API" link in the project's page
 # https://github.com/coturn/coturn/
 #
 # This option is used with timestamp:
 #
 # usercombo -> "timestamp:userid"
 # turn user -> usercombo
 # turn password -> base64(hmac(secret key, usercombo))
 #
 # This allows TURN credentials to be accounted for a specific user id.
 # If you don't have a suitable id, then the timestamp alone can be used.
 # This option is enabled by turning on secret-based authentication.
 # The actual value of the secret is defined either by the option static-auth-secret,
 # or can be found in the turn_secret table in the database (see below).
 #
 # Read more about it:
 #  - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
 #  - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
 #
 # Be aware that use-auth-secret overrides some parts of lt-cred-mech.
 # The use-auth-secret feature depends internally on lt-cred-mech, so if you set
 # this option then it automatically enables lt-cred-mech internally
 # as if you had enabled both.
 #
 # Note that you can use only one auth mechanism at the same time! This is because,
 # both mechanisms conduct username and password validation in different ways.
 #
 # Use either lt-cred-mech or use-auth-secret in the conf
 # to avoid any confusion.
 #
 #use-auth-secret
 # 'Static' authentication secret value (a string) for TURN REST API only.
 # If not set, then the turn server
 # will try to use the 'dynamic' value in the turn_secret table
 # in the user database (if present). The database-stored  value can be changed on-the-fly
 # by a separate program, so this is why that mode is considered 'dynamic'.
 #
 #static-auth-secret=north
 # Server name used for
 # the oAuth authentication purposes.
 # The default value is the realm name.
 #
 # server-name=stun.wiretrustee.com
 # Flag that allows oAuth authentication.
 #
 #oauth
 # 'Static' user accounts for the long term credentials mechanism, only.
 # This option cannot be used with TURN REST API.
 # 'Static' user accounts are NOT dynamically checked by the turnserver process,
 # so they can NOT be changed while the turnserver is running.
 #
 #user=username1:key1
 #user=username2:key2
 # OR:
 user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
 #user=username2:password2
 #
 # Keys must be generated by turnadmin utility. The key value depends
 # on user name, realm, and password:
 #
 # Example:
 # $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
 # Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
 # ('0x' in the beginning of the key is what differentiates the key from
 # password. If it has 0x then it is a key, otherwise it is a password).
 #
 # The corresponding user account entry in the config file will be:
 #
 #user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
 # Or, equivalently, with open clear password (less secure):
 #user=ninefingers:youhavetoberealistic
 #
 # SQLite database file name.
 #
 # The default file name is /var/db/turndb or /usr/local/var/db/turndb or
 # /var/lib/turn/turndb.
 #
 #userdb=/var/db/turndb
 # PostgreSQL database connection string in the case that you are using PostgreSQL
 # as the user database.
 # This database can be used for the long-term credential mechanism
 # and it can store the secret value for secret-based timed authentication in TURN REST API.
 # See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
 # versions connection string format, see
 # http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
 # for 9.x and newer connection string formats.
 #
 #psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
 # MySQL database connection string in the case that you are using MySQL
 # as the user database.
 # This database can be used for the long-term credential mechanism
 # and it can store the secret value for secret-based timed authentication in TURN REST API.
 #
 # Optional connection string parameters for the secure communications (SSL):
 # ca, capath, cert, key, cipher
 # (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
 # command options description).
 #
 # Use the string format below (space separated parameters, all optional):
 #
 # mysql-userdb="host=mysql dbname=coturn user=coturn password=CHANGE_ME port=3306 connect_timeout=10 read_timeout=10"
 # If you want to use an encrypted password in the MySQL connection string,
 # then set the MySQL password encryption secret key file with this option.
 #
 # Warning: If this option is set, then the mysql password must be set in "mysql-userdb" in an encrypted format!
 # If you want to use a cleartext password then do not set this option!
 #
 # This is the file path for the aes encrypted secret key used for password encryption.
 #
 #secret-key-file=/path/
 # MongoDB database connection string in the case that you are using MongoDB
 # as the user database.
 # This database can be used for long-term credential mechanism
 # and it can store the secret value for secret-based timed authentication in TURN REST API.
 # Use the string format described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
 #
 #mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
 # Redis database connection string in the case that you are using Redis
 # as the user database.
 # This database can be used for long-term credential mechanism
 # and it can store the secret value for secret-based timed authentication in TURN REST API.
 # Use the string format below (space separated parameters, all optional):
 #
 #redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
 # Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
 # This database keeps allocations status information, and it can be also used for publishing
 # and delivering traffic and allocation event notifications.
 # The connection string has the same parameters as redis-userdb connection string.
 # Use the string format below (space separated parameters, all optional):
 #
 #redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
 # The default realm to be used for the users when no explicit
 # origin/realm relationship is found in the database, or if the TURN
 # server is not using any database (just the commands-line settings
 # and the userdb file). Must be used with long-term credentials
 # mechanism or with TURN REST API.
 #
 # Note: If the default realm is not specified, then realm falls back to the host domain name.
 #       If the domain name string is empty, or set to '(None)', then it is initialized as an empty string.
 #
 # realm=wiretrustee.com
 # This flag sets the origin consistency
 # check. Across the session, all requests must have the same
 # main ORIGIN attribute value (if the ORIGIN was
 # initially used by the session).
 #
 #check-origin-consistency
 # Per-user allocation quota.
 # default value is 0 (no quota, unlimited number of sessions per user).
 # This option can also be set through the database, for a particular realm.
 #
 #user-quota=0
 # Total allocation quota.
 # default value is 0 (no quota).
 # This option can also be set through the database, for a particular realm.
 #
 #total-quota=0
 # Max bytes-per-second bandwidth a TURN session is allowed to handle
 # (input and output network streams are treated separately). Anything above
 # that limit will be dropped or temporarily suppressed (within
 # the available buffer limits).
 # This option can also be set through the database, for a particular realm.
 #
 #max-bps=0
 #
 # Maximum server capacity.
 # Total bytes-per-second bandwidth the TURN server is allowed to allocate
 # for the sessions, combined (input and output network streams are treated separately).
 #
 # bps-capacity=0
 # Uncomment if no UDP client listener is desired.
 # By default UDP client listener is always started.
 #
 #no-udp
 # Uncomment if no TCP client listener is desired.
 # By default TCP client listener is always started.
 #
 #no-tcp
 # Uncomment if no TLS client listener is desired.
 # By default TLS client listener is always started.
 #
 #no-tls
 # Uncomment if no DTLS client listener is desired.
 # By default DTLS client listener is always started.
 #
 #no-dtls
 # Uncomment if no UDP relay endpoints are allowed.
 # By default UDP relay endpoints are enabled (like in RFC 5766).
 #
 #no-udp-relay
 # Uncomment if no TCP relay endpoints are allowed.
 # By default TCP relay endpoints are enabled (like in RFC 6062).
 #
 #no-tcp-relay
 # Uncomment if extra security is desired,
 # with nonce value having a limited lifetime.
 # The nonce value is unique for a session.
 # Set this option to limit the nonce lifetime.
 # Set it to 0 for unlimited lifetime.
 # It defaults to 600 secs (10 min) if no value is provided. After that delay,
 # the client will get 438 error and will have to re-authenticate itself.
 #
 #stale-nonce=600
 # Uncomment if you want to set the maximum allocation
 # time before it has to be refreshed.
 # Default is 3600s.
 #
 #max-allocate-lifetime=3600
 # Uncomment to set the lifetime for the channel.
 # Default value is 600 secs (10 minutes).
 # This value MUST not be changed for production purposes.
 #
 #channel-lifetime=600
 # Uncomment to set the permission lifetime.
 # Default to 300 secs (5 minutes).
 # In production this value MUST not be changed,
 # however it can be useful for test purposes.
 #
 #permission-lifetime=300
 # Certificate file.
 # Use an absolute path or path relative to the
 # configuration file.
 # Use PEM file format.
 #
 cert=/etc/coturn/certs/cert.pem
 # Private key file.
 # Use an absolute path or path relative to the
 # configuration file.
 # Use PEM file format.
 #
 pkey=/etc/coturn/private/privkey.pem
 # Private key file password, if it is in encoded format.
 # This option has no default value.
 #
 #pkey-pwd=...
 # Allowed OpenSSL cipher list for TLS/DTLS connections.
 # Default value is "DEFAULT".
 #
 #cipher-list="DEFAULT"
 # CA file in OpenSSL format.
 # Forces TURN server to verify the client SSL certificates.
 # By default this is not set: there is no default value and the client
 # certificate is not checked.
 #
 # Example:
 #CA-file=/etc/ssh/id_rsa.cert
 # Curve name for EC ciphers, if supported by OpenSSL
 # library (TLS and DTLS). The default value is prime256v1,
 # if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
 # an optimal curve will be automatically calculated, if not defined
 # by this option.
 #
 #ec-curve-name=prime256v1
 # Use 566 bits predefined DH TLS key. Default size of the key is 2066.
 #
 #dh566
 # Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
 #
 #dh1066
 # Use custom DH TLS key, stored in PEM format in the file.
 # Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
 #
 #dh-file=<DH-PEM-file-name>
 # Flag to prevent stdout log messages.
 # By default, all log messages go to both stdout and to
 # the configured log file. With this option everything will
 # go to the configured log only (unless the log file itself is stdout).
 #
 #no-stdout-log
 # Option to set the log file name.
 # By default, the turnserver tries to open a log file in
 # /var/log, /var/tmp, /tmp and the current directory
 # (Whichever file open operation succeeds first will be used).
 # With this option you can set the definite log file name.
 # The special names are "stdout" and "-" - they will force everything
 # to the stdout. Also, the "syslog" name will force everything to
 # the system log (syslog).
 # In the runtime, the logfile can be reset with the SIGHUP signal
 # to the turnserver process.
 #
 log-file=stdout
 # Option to redirect all log output into system log (syslog).
 #
 # syslog
 # This flag means that no log file rollover will be used, and the log file
 # name will be constructed as-is, without PID and date appendage.
 # This option can be used, for example, together with the logrotate tool.
 #
 #simple-log
 # Option to set the "redirection" mode. The value of this option
 # will be the address of the alternate server for UDP & TCP service in the form of
 # <ip>[:<port>]. The server will send this value in the attribute
 # ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
 # Client will receive only values with the same address family
 # as the client network endpoint address family.
 # See RFC 5389 and RFC 5766 for the description of ALTERNATE-SERVER functionality.
 # The client must use the obtained value for subsequent TURN communications.
 # If more than one --alternate-server option is provided, then the functionality
 # can be more accurately described as "load-balancing" than a mere "redirection".
 # If the port number is omitted, then the default port
 # number 3478 for the UDP/TCP protocols will be used.
 # Colon (:) characters in IPv6 addresses may conflict with the syntax of
 # the option. To alleviate this conflict, literal IPv6 addresses are enclosed
 # in square brackets in such resource identifiers, for example:
 # [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
 # Multiple alternate servers can be set. They will be used in the
 # round-robin manner. All servers in the pool are considered of equal weight and
 # the load will be distributed equally. For example, if you have 4 alternate servers,
 # then each server will receive 25% of ALLOCATE requests. A alternate TURN server
 # address can be used more than one time with the alternate-server option, so this
 # can emulate "weighting" of the servers.
 #
 # Examples:
 #alternate-server=1.2.3.4:5678
 #alternate-server=11.22.33.44:56789
 #alternate-server=5.6.7.8
 #alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
 # Option to set alternative server for TLS & DTLS services in form of
 # <ip>:<port>. If the port number is omitted, then the default port
 # number 5349 for the TLS/DTLS protocols will be used. See the previous
 # option for the functionality description.
 #
 # Examples:
 #tls-alternate-server=1.2.3.4:5678
 #tls-alternate-server=11.22.33.44:56789
 #tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
 # Option to suppress TURN functionality, only STUN requests will be processed.
 # Run as STUN server only, all TURN requests will be ignored.
 # By default, this option is NOT set.
 #
 #stun-only
 # Option to hide software version. Enhance security when used in production.
 # Revealing the specific software version of the agent through the
 # SOFTWARE attribute might allow them to become more vulnerable to
 # attacks against software that is known to contain security holes.
 # Implementers SHOULD make usage of the SOFTWARE attribute a
 # configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
 #
 no-software-attribute
 # Option to suppress STUN functionality, only TURN requests will be processed.
 # Run as TURN server only, all STUN requests will be ignored.
 # By default, this option is NOT set.
 #
 #no-stun
 # This is the timestamp/username separator symbol (character) in TURN REST API.
 # The default value is ':'.
 # rest-api-separator=:
 # Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1).
 # This is an extra security measure.
 #
 # (To avoid any security issue that allowing loopback access may raise,
 # the no-loopback-peers option is replaced by allow-loopback-peers.)
 #
 # Allow it only for testing in a development environment!
 # In production it adds a possible security vulnerability, so for security reasons
 # it is not allowed using it together with empty cli-password.
 #
 #allow-loopback-peers
 # Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
 # This is an extra security measure.
 #
 #no-multicast-peers
 # Option to set the max time, in seconds, allowed for full allocation establishment.
 # Default is 60 seconds.
 #
 #max-allocate-timeout=60
 # Option to allow or ban specific ip addresses or ranges of ip addresses.
 # If an ip address is specified as both allowed and denied, then the ip address is
 # considered to be allowed. This is useful when you wish to ban a range of ip
 # addresses, except for a few specific ips within that range.
 #
 # This can be used when you do not want users of the turn server to be able to access
 # machines reachable by the turn server, but would otherwise be unreachable from the
 # internet (e.g. when the turn server is sitting behind a NAT)
 #
 # Examples:
 # denied-peer-ip=83.166.64.0-83.166.95.255
 # allowed-peer-ip=83.166.68.45
 # File name to store the pid of the process.
 # Default is /var/run/turnserver.pid (if superuser account is used) or
 # /var/tmp/turnserver.pid .
 #
 pidfile="/var/tmp/turnserver.pid"
 # Require authentication of the STUN Binding request.
 # By default, the clients are allowed anonymous access to the STUN Binding functionality.
 #
 #secure-stun
 # Mobility with ICE (MICE) specs support.
 #
 #mobility
 # Allocate Address Family according
 # If enabled then TURN server allocates address family according  the TURN
 # Client <=> Server communication address family.
 # (By default Coturn works according RFC 6156.)
 # !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
 #
 #keep-address-family
 # User name to run the process. After the initialization, the turnserver process
 # will attempt to change the current user ID to that user.
 #
 #proc-user=<user-name>
 # Group name to run the process. After the initialization, the turnserver process
 # will attempt to change the current group ID to that group.
 #
 #proc-group=<group-name>
 # Turn OFF the CLI support.
 # By default it is always ON.
 # See also options cli-ip and cli-port.
 #
 no-cli
 #Local system IP address to be used for CLI server endpoint. Default value
 # is 127.0.0.1.
 #
 # cli-ip=127.0.0.1
 # CLI server port. Default is 5766.
 #
 # cli-port=5766
 # CLI access password. Default is empty (no password).
 # For the security reasons, it is recommended that you use the encrypted
 # form of the password (see the -P command in the turnadmin utility).
 #
 # Secure form for password 'qwerty':
 #
 #cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
 #
 # Or insecure form for the same password:
 #
 # cli-password=CHANGE_ME
 # Enable Web-admin support on https. By default it is Disabled.
 # If it is enabled it also enables a http a simple static banner page
 # with a small reminder that the admin page is available only on https.
 #
 #web-admin
 # Local system IP address to be used for Web-admin server endpoint. Default value is 127.0.0.1.
 #
 #web-admin-ip=127.0.0.1
 # Web-admin server port. Default is 8080.
 #
 #web-admin-port=8080
 # Web-admin server listen on STUN/TURN worker threads
 # By default it is disabled for security reasons! (Not recommended in any production environment!)
 #
 #web-admin-listen-on-workers
 # Server relay. NON-STANDARD AND DANGEROUS OPTION.
 # Only for those applications when you want to run
 # server applications on the relay endpoints.
 # This option eliminates the IP permissions check on
 # the packets incoming to the relay endpoints.
 #
 #server-relay
 # Maximum number of output sessions in ps CLI command.
 # This value can be changed on-the-fly in CLI. The default value is 256.
 #
 #cli-max-output-sessions
 # Set network engine type for the process (for internal purposes).
 #
 #ne=[1|2|3]
 # Do not allow an TLS/DTLS version of protocol
 #
 #no-tlsv1
 #no-tlsv1_1
 #no-tlsv1_2
@@ -0,0 +1,11 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <clickhouse>
    <profiles>
        <default>
            <log_queries>0</log_queries>
            <log_query_threads>0</log_query_threads>
        </default>
    </profiles>
 </clickhouse>
@@ -0,0 +1,59 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 version: 2
 postal:
  web_hostname: post.trez.wtf
  web_protocol: http
  smtp_hostname: post.trez.wtf
  use_ip_pools: false
  signing_key_path: /config/signing.key
  trusted_proxies: [ "172.18.0.0/16" ]
 web_server:
  default_port: 5000
  default_bind_address: 0.0.0.0
 main_db:
  host: mariadb
  username: postal
  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
  database: postal
 message_db:
  host: mariadb
  username: postal
  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_MYSQL_PASSWORD'] }}
  prefix: postal
 smtp_server:
  default_port: 25
  default_bind_address: "::"
 dns:
  # Specify the DNS records that you have configured. Refer to the documentation at
  # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
  # information about these.
  mx_records:
    - mx.post.trez.wtf
  spf_include: spf.post.trez.wtf
  return_path_domain: rp.post.trez.wtf
  route_domain: routes.post.trez.wtf
  track_domain: track.post.trez.wtf
 smtp:
  # Specify an SMTP server that can be used to send messages from the Postal management
  # system to users. You can configure this to use a Postal mail server once the
  # your installation has been set up.
  host: postal-smtp
  port: 25
  username: rinoa/postal-smtp
  password: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
  from_name: Postal @ Rinoa
  from_address: noreply@trez.wtf
 rails:
  # This is generated automatically by the config initialization. It should be a random
  # string unique to your installation.
  secret_key: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_RAILS_SECRET_KEY'] }}"
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <BindAddress>*</BindAddress>
  <Port>9696</Port>
  <SslPort>6969</SslPort>
  <EnableSsl>False</EnableSsl>
  <LaunchBrowser>True</LaunchBrowser>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PROWLARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
  <Branch>master</Branch>
  <LogLevel>info</LogLevel>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <UrlBase></UrlBase>
  <InstanceName>Prowlarr</InstanceName>
  <UpdateMechanism>Docker</UpdateMechanism>
  <Theme>light</Theme>
 </Config>
@@ -0,0 +1,20 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "radarr_address": "http://radarr:7878",
    "radarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}",
    "root_folder_path": "/data/media/movies",
    "tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
    "fallback_to_top_result": false,
    "radarr_api_timeout": 120.0,
    "quality_profile_id": 1,
    "metadata_profile_id": 1,
    "search_for_movie": true,
    "dry_run_adding_to_radarr": false,
    "minimum_rating": 4.5,
    "minimum_votes": 50,
    "language_choice": "all",
    "auto_start": true,
    "auto_start_delay": 60.0
 }
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <LogLevel>info</LogLevel>
  <BindAddress>*</BindAddress>
  <EnableSsl>False</EnableSsl>
  <SslCertPath></SslCertPath>
  <Port>7878</Port>
  <UrlBase></UrlBase>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['RADARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <UpdateMechanism>Docker</UpdateMechanism>
  <SslPort>9898</SslPort>
  <LaunchBrowser>True</LaunchBrowser>
  <Branch>master</Branch>
  <SslCertPassword></SslCertPassword>
  <InstanceName>Radarr</InstanceName>
  <Theme>auto</Theme>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
 </Config>
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <BindAddress>*</BindAddress>
  <Port>8787</Port>
  <SslPort>6868</SslPort>
  <EnableSsl>False</EnableSsl>
  <LaunchBrowser>True</LaunchBrowser>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['READARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <Branch>develop</Branch>
  <LogLevel>info</LogLevel>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <UrlBase></UrlBase>
  <InstanceName>Readarr</InstanceName>
  <UpdateMechanism>Docker</UpdateMechanism>
  <Theme>auto</Theme>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
 </Config>
@@ -0,0 +1,482 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 __version__ = 19
 __encoding__ = utf-8
 [misc]
 pre_script = None
 queue_complete = ""
 queue_complete_pers = 0
 bandwidth_perc = 0
 refresh_rate = 1
 queue_limit = 20
 config_lock = 0
 sched_converted = 2
 notified_new_skin = 2
 direct_unpack_tested = 1
 check_new_rel = 1
 auto_browser = 0
 language = en
 enable_https_verification = 1
 host = 0.0.0.0
 port = 8080
 https_port = 8090
 username = thetrezuredone
 password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_PASSWORD'] }}
 bandwidth_max = 1000M
 cache_limit = 1G
 web_dir = Glitter
 web_color = Auto
 https_cert = server.cert
 https_key = server.key
 https_chain = ""
 enable_https = 1
 inet_exposure = 0
 local_ranges = ,
 api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_API_KEY'] }}
 nzb_key = 3c0fa874bb2748b58c1bd7512e649946
 permissions = 775
 download_dir = /storage/downloads/incomplete
 download_free = ""
 complete_dir = /storage/downloads/completed/nzb
 script_dir = ""
 nzb_backup_dir = ""
 admin_dir = admin
 dirscan_dir = /storage/downloads/watch
 dirscan_speed = 5
 password_file = ""
 log_dir = logs
 max_art_tries = 3
 load_balancing = 2
 top_only = 0
 sfv_check = 1
 quick_check_ext_ignore = nfo, sfv, srr
 script_can_fail = 0
 ssl_ciphers = ""
 enable_recursive = 1
 flat_unpack = 0
 par_option = ""
 pre_check = 1
 nice = ""
 win_process_prio = 3
 ionice = ""
 fail_hopeless_jobs = 1
 fast_fail = 1
 auto_disconnect = 1
 no_dupes = 3
 no_series_dupes = 0
 series_propercheck = 1
 pause_on_pwrar = 2
 ignore_samples = 1
 deobfuscate_final_filenames = 0
 auto_sort = ""
 direct_unpack = 1
 direct_unpack_threads = 3
 propagation_delay = 0
 folder_rename = 1
 replace_spaces = 1
 replace_dots = 1
 safe_postproc = 1
 pause_on_post_processing = 0
 sanitize_safe = 0
 cleanup_list = ,
 unwanted_extensions = ,
 action_on_unwanted_extensions = 0
 new_nzb_on_failure = 1
 history_retention = ""
 enable_meta = 1
 quota_size = ""
 quota_day = ""
 quota_resume = 0
 quota_period = m
 rating_enable = 0
 rating_host = ""
 rating_api_key = ""
 rating_filter_enable = 0
 rating_filter_abort_audio = 0
 rating_filter_abort_video = 0
 rating_filter_abort_encrypted = 0
 rating_filter_abort_encrypted_confirm = 0
 rating_filter_abort_spam = 0
 rating_filter_abort_spam_confirm = 0
 rating_filter_abort_downvoted = 0
 rating_filter_abort_keywords = ""
 rating_filter_pause_audio = 0
 rating_filter_pause_video = 0
 rating_filter_pause_encrypted = 0
 rating_filter_pause_encrypted_confirm = 0
 rating_filter_pause_spam = 0
 rating_filter_pause_spam_confirm = 0
 rating_filter_pause_downvoted = 0
 rating_filter_pause_keywords = ""
 enable_tv_sorting = 1
 tv_sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
 tv_sort_countries = 1
 tv_categories = tv,
 enable_movie_sorting = 0
 movie_sort_string = ""
 movie_sort_extra = -cd%1
 movie_extra_folder = 0
 movie_categories = movies,
 enable_date_sorting = 0
 date_sort_string = ""
 date_categories = tv,
 schedlines = ,
 rss_rate = 60
 ampm = 0
 replace_illegal = 1
 start_paused = 0
 enable_all_par = 1
 enable_par_cleanup = 1
 enable_unrar = 1
 enable_unzip = 1
 enable_7zip = 1
 enable_filejoin = 1
 enable_tsjoin = 1
 overwrite_files = 0
 ignore_unrar_dates = 0
 backup_for_duplicates = 1
 empty_postproc = 0
 wait_for_dfolder = 0
 rss_filenames = 0
 api_logging = 1
 html_login = 1
 osx_menu = 1
 osx_speed = 1
 warn_dupl_jobs = 1
 helpfull_warnings = 1
 keep_awake = 1
 win_menu = 1
 allow_incomplete_nzb = 0
 enable_bonjour = 1
 max_art_opt = 0
 ipv6_hosting = 0
 fixed_ports = 1
 api_warnings = 1
 disable_api_key = 0
 no_penalties = 0
 x_frame_options = 1
 require_modern_tls = 0
 num_decoders = 3
 rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/
 req_completion_rate = 100.2
 selftest_host = self-test.sabnzbd.org
 movie_rename_limit = 100M
 size_limit = 0
 show_sysload = 2
 history_limit = 10
 wait_ext_drive = 5
 max_foldername_length = 246
 nomedia_marker = ""
 ipv6_servers = 1
 url_base = /sabnzbd
 host_whitelist = rinoa, sabnzbd.trez.wtf
 max_url_retries = 10
 email_server = ""
 email_to = ,
 email_from = ""
 email_account = ""
 email_pwd = ""
 email_endjob = 0
 email_full = 0
 email_dir = ""
 email_rss = 0
 email_cats = *,
 interface_settings = '{"dateFormat":"fromNow","extraQueueColumns":["category"],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}'
 complete_free = ""
 fulldisk_autoresume = 0
 enable_broadcast = 1
 downloader_sleep_time = 10
 ssdp_broadcast_interval = 15
 unwanted_extensions_mode = 0
 process_unpacked_par2 = 1
 episode_rename_limit = 20M
 socks5_proxy_url = ""
 preserve_paused_state = 0
 helpful_warnings = 1
 allow_old_ssl_tls = 0
 num_simd_decoders = 2
 ext_rename_ignore = ,
 backup_dir = ""
 replace_underscores = 0
 tray_icon = 1
 sorters_converted = 1
 enable_season_sorting = 1
 receive_threads = 2
 switchinterval = 0.005
 end_queue_script = None
 no_smart_dupes = 1
 dupes_propercheck = 1
 enable_multipar = 1
 verify_xff_header = 0
 history_retention_option = all
 history_retention_number = 1
 ipv6_staging = 0
 disable_archive = 0
 config_conversion_version = 4
 disable_par2cmdline = 0
 [logging]
 log_level = 1
 max_log_size = 5242880
 log_backups = 5
 [ncenter]
 ncenter_enable = 0
 ncenter_cats = *,
 ncenter_prio_startup = 0
 ncenter_prio_download = 0
 ncenter_prio_pause_resume = 0
 ncenter_prio_pp = 0
 ncenter_prio_complete = 0
 ncenter_prio_failed = 0
 ncenter_prio_disk_full = 0
 ncenter_prio_new_login = 0
 ncenter_prio_warning = 0
 ncenter_prio_error = 0
 ncenter_prio_queue_done = 0
 ncenter_prio_other = 0
 [acenter]
 acenter_enable = 0
 acenter_cats = *,
 acenter_prio_startup = 0
 acenter_prio_download = 0
 acenter_prio_pause_resume = 0
 acenter_prio_pp = 0
 acenter_prio_complete = 0
 acenter_prio_failed = 0
 acenter_prio_disk_full = 0
 acenter_prio_new_login = 0
 acenter_prio_warning = 0
 acenter_prio_error = 0
 acenter_prio_queue_done = 0
 acenter_prio_other = 0
 [ntfosd]
 ntfosd_enable = 0
 ntfosd_cats = *,
 ntfosd_prio_startup = 0
 ntfosd_prio_download = 0
 ntfosd_prio_pause_resume = 0
 ntfosd_prio_pp = 0
 ntfosd_prio_complete = 0
 ntfosd_prio_failed = 0
 ntfosd_prio_disk_full = 0
 ntfosd_prio_new_login = 0
 ntfosd_prio_warning = 0
 ntfosd_prio_error = 0
 ntfosd_prio_queue_done = 0
 ntfosd_prio_other = 0
 [prowl]
 prowl_enable = 0
 prowl_cats = *,
 prowl_apikey = ""
 prowl_prio_startup = -3
 prowl_prio_download = -3
 prowl_prio_pause_resume = -3
 prowl_prio_pp = -3
 prowl_prio_complete = 0
 prowl_prio_failed = 1
 prowl_prio_disk_full = 1
 prowl_prio_new_login = -3
 prowl_prio_warning = -3
 prowl_prio_error = -3
 prowl_prio_queue_done = 0
 prowl_prio_other = -3
 [pushover]
 pushover_token = ""
 pushover_userkey = ""
 pushover_device = ""
 pushover_emergency_expire = 3600
 pushover_emergency_retry = 60
 pushover_enable = 0
 pushover_cats = *,
 pushover_prio_startup = -3
 pushover_prio_download = -2
 pushover_prio_pause_resume = -2
 pushover_prio_pp = -3
 pushover_prio_complete = -1
 pushover_prio_failed = -1
 pushover_prio_disk_full = 1
 pushover_prio_new_login = -3
 pushover_prio_warning = 1
 pushover_prio_error = 1
 pushover_prio_queue_done = -1
 pushover_prio_other = -3
 [pushbullet]
 pushbullet_enable = 0
 pushbullet_cats = *,
 pushbullet_apikey = ""
 pushbullet_device = ""
 pushbullet_prio_startup = 0
 pushbullet_prio_download = 0
 pushbullet_prio_pause_resume = 0
 pushbullet_prio_pp = 0
 pushbullet_prio_complete = 1
 pushbullet_prio_failed = 1
 pushbullet_prio_disk_full = 1
 pushbullet_prio_new_login = 0
 pushbullet_prio_warning = 0
 pushbullet_prio_error = 0
 pushbullet_prio_queue_done = 0
 pushbullet_prio_other = 0
 [nscript]
 nscript_enable = 0
 nscript_cats = *,
 nscript_script = None
 nscript_parameters = ""
 nscript_prio_startup = 1
 nscript_prio_download = 0
 nscript_prio_pause_resume = 0
 nscript_prio_pp = 0
 nscript_prio_complete = 1
 nscript_prio_failed = 1
 nscript_prio_disk_full = 1
 nscript_prio_new_login = 0
 nscript_prio_warning = 0
 nscript_prio_error = 0
 nscript_prio_queue_done = 1
 nscript_prio_other = 0
 [servers]
 [[news.newshosting.com]]
 name = news.newshosting.com
 displayname = Newshosting
 host = news.newshosting.com
 port = 563
 timeout = 60
 username = thetrezuredone
 password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_PASSWORD'] }}
 connections = 8
 ssl = 1
 ssl_verify = 3
 ssl_ciphers = ""
 enable = 1
 required = 0
 optional = 0
 retention = 0
 expire_date = ""
 quota = ""
 usage_at_start = 0
 priority = 0
 notes = ""
 [[news.easynews.com]]
 name = news.easynews.com
 displayname = EasyNews
 host = news.easynews.com
 port = 443
 timeout = 60
 username = TrezOne
 password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SABNZBDVPN_EASYNEWS_PASSWORD'] }}
 connections = 60
 ssl = 0
 ssl_verify = 3
 ssl_ciphers = ""
 enable = 1
 required = 0
 optional = 0
 retention = 0
 expire_date = ""
 quota = ""
 usage_at_start = 0
 priority = 0
 notes = ""
 [categories]
 [[software]]
 name = software
 order = 0
 pp = ""
 script = Default
 dir = ""
 newzbin = ""
 priority = -100
 [[*]]
 name = *
 order = 0
 pp = 3
 script = Default
 dir = ""
 newzbin = ""
 priority = 0
 [[tv]]
 name = tv
 order = 0
 pp = ""
 script = Default
 dir = tv
 newzbin = ""
 priority = -100
 [[audio]]
 name = audio
 order = 0
 pp = 2
 script = Default
 dir = music
 newzbin = ""
 priority = 1
 [[movies]]
 name = movies
 order = 0
 pp = ""
 script = Default
 dir = movies
 newzbin = ""
 priority = -100
 [[ebook]]
 name = ebook
 order = 0
 pp = 2
 script = Default
 dir = ebooks
 newzbin = ""
 priority = -100
 [[prowlarr]]
 name = prowlarr
 order = 0
 pp = ""
 script = Default
 dir = ""
 newzbin = ""
 priority = -1
 [[sonarr]]
 name = sonarr
 order = 1
 pp = ""
 script = Default
 dir = tv
 newzbin = ""
 priority = -100
 [sorters]
 [[Series Sorting]]
 name = Series Sorting
 order = 0
 min_size = 20M
 multipart_label = ""
 sort_string = %sn/Season %s/%sn - %sx%0e - %en.%ext
 sort_cats = tv,
 sort_type = 1,
 is_active = 1
 [apprise]
 apprise_enable = 1
 apprise_cats = *,
 apprise_urls = apprise://apprise:8000/aef1ab3765b857585e13340f1f5f879b2babcc47b0eccead98a19e0a93fe1a35
 apprise_target_startup = ""
 apprise_target_startup_enable = 0
 apprise_target_download = ""
 apprise_target_download_enable = 0
 apprise_target_pause_resume = ""
 apprise_target_pause_resume_enable = 1
 apprise_target_pp = ""
 apprise_target_pp_enable = 0
 apprise_target_complete = ""
 apprise_target_complete_enable = 1
 apprise_target_failed = ""
 apprise_target_failed_enable = 1
 apprise_target_disk_full = ""
 apprise_target_disk_full_enable = 0
 apprise_target_new_login = ""
 apprise_target_new_login_enable = 1
 apprise_target_warning = ""
 apprise_target_warning_enable = 1
 apprise_target_error = ""
 apprise_target_error_enable = 1
 apprise_target_queue_done = ""
 apprise_target_queue_done_enable = 0
 apprise_target_other = ""
 apprise_target_other_enable = 1
@@ -0,0 +1,7 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 bolt-path: /opt/scrutiny/influxdb/influxd.bolt
 engine-path: /opt/scrutiny/influxdb/engine
 http-bind-address: ":8086"
 reporting-disabled: true
@@ -0,0 +1,49 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 [uwsgi]
 # Who will run the code
 uid = searxng
 gid = searxng
 # Number of workers (usually CPU count)
 workers = %k
 threads = 4
 # The right granted on the created socket
 chmod-socket = 666
 # Plugin to use and interpreter config
 single-interpreter = true
 master = true
 plugin = python3
 lazy-apps = true
 enable-threads = 4
 # Module to import
 module = searx.webapp
 # Virtualenv and python path
 pythonpath = /usr/local/searxng/
 chdir = /usr/local/searxng/searx/
 # automatically set processes name to something meaningful
 auto-procname = true
 # Disable request logging for privacy
 disable-logging = true
 log-5xx = true
 # Set the max size of a request (request-body excluded)
 buffer-size = 8192
 # No keep alive
 # See https://github.com/searx/searx-docker/issues/24
 add-header = Connection: close
 # uwsgi serves the static files
 static-map = /static=/usr/local/searxng/searx/static
 # expires set to one day
 static-expires = /* 86400
 static-gzip-all = True
 offload-threads = 4
@@ -0,0 +1,22 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <Config>
  <LogLevel>info</LogLevel>
  <EnableSsl>False</EnableSsl>
  <Port>8989</Port>
  <SslPort>9898</SslPort>
  <UrlBase></UrlBase>
  <BindAddress>*</BindAddress>
  <ApiKey>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}</ApiKey>
  <AuthenticationMethod>Forms</AuthenticationMethod>
  <UpdateMechanism>Docker</UpdateMechanism>
  <LaunchBrowser>True</LaunchBrowser>
  <Branch>main</Branch>
  <InstanceName>Sonarr</InstanceName>
  <SyslogPort>514</SyslogPort>
  <AuthenticationRequired>Enabled</AuthenticationRequired>
  <SslCertPath></SslCertPath>
  <SslCertPassword></SslCertPassword>
  <Theme>auto</Theme>
 </Config>
@@ -0,0 +1,21 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "sonarr_address": "http://192.168.1.2:8989",
    "sonarr_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SONARR_API_KEY'] }}",
    "root_folder_path": "/data/media/shows",
    "tvdb_api_key": "",
    "tmdb_api_key": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['TMDB_API_KEY'] }}",
    "fallback_to_top_result": false,
    "sonarr_api_timeout": 120.0,
    "quality_profile_id": 1,
    "metadata_profile_id": 1,
    "search_for_missing_episodes": true,
    "dry_run_adding_to_sonarr": false,
    "minimum_rating": 4.5,
    "minimum_votes": 50,
    "language_choice": "all",
    "auto_start": true,
    "auto_start_delay": 60.0
 }
@@ -0,0 +1,238 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # debug: false
 # remote_configuration: false
 # remote_file_management: false
 # instance_name: default
 # flags:
 #   no_logo: false
 #   no_start: false
 #   no_config_watch: false
 #   no_connect: false
 #   no_share_scan: false
 #   force_share_scan: false
 #   no_version_check: false
 #   log_sql: false
 #   experimental: false
 #   volatile: false
 #   case_sensitive_reg_ex: false
 #   legacy_windows_tcp_keepalive: false
 # relay:
 #   enabled: false
 #   mode: controller # controller (default), agent, or debug (for local development)
 #   # controller config is required when running in 'agent' mode
 #   # this specifies the relay controller that will be controlling this agent
 #   controller:
 #     address: https://some.site.com:5000
 #     ignore_certificate_errors: false
 #     api_key: <a 16-255 character string corresponding to one of the controller's 'readwrite' or 'administrator' API keys>
 #     secret: <a 16-255 character shared secret matching the controller's config for this agent>
 #     downloads: false
 #   # agent config is optional when running in 'controller' mode
 #   # this specifies all of the agents capable of connecting
 #   agents:
 #     my_agent:
 #       instance_name: my_agent # make sure the top-level instance_name of the agent matches!
 #       secret: <a 16-255 character string unique to this agent>
 #       cidr: 0.0.0.0/0,::/0
 # permissions:
 #   file:
 #     mode: ~ # not for Windows, chmod syntax, e.g. 644, 777. can't escalate beyond umask
 # directories:
 #   incomplete: ~
 #   downloads: ~
 # shares:
 #   directories:
 #     - ~
 #   filters:
 #     - \.ini$
 #     - Thumbs.db$
 #     - \.DS_Store$
 #   cache:
 #     storage_mode: memory
 #     workers: 16
 #     retention: ~ # retain indefinitely (do not automatically re-scan)
 # rooms:
 #   - ~
 # global:
 #   upload:
 #     slots: 20
 #     speed_limit: 1000 # in kibibytes
 #   limits:
 #     queued:
 #       files: 500
 #       megabytes: 5000
 #     daily:
 #       files: 1000
 #       megabytes: 10000
 #       failures: 200
 #     weekly:
 #       files: 5000
 #       megabytes: 50000
 #       failures: 1000
 #   download:
 #     slots: 500
 #     speed_limit: 1000
 # groups:
 #   default:
 #     upload:
 #       priority: 500
 #       strategy: roundrobin
 #       slots: 10
 #     limits:
 #       queued:
 #         files: 150
 #         megabytes: 1500
 #       daily: ~ # no daily limits (weekly still apply)
 #       weekly:
 #         files: 1500
 #         megabytes: 15000
 #         failures: 150
 #   leechers:
 #     thresholds:
 #       files: 1
 #       directories: 1
 #     upload:
 #       priority: 999
 #       strategy: roundrobin
 #       slots: 1
 #       speed_limit: 100
 #     limits:
 #       queued:
 #         files: 15
 #         megabytes: 150
 #       daily:
 #         files: 30
 #         megabytes: 300
 #         failures: 10
 #       weekly:
 #         files: 150
 #         megabytes: 1500
 #         failures: 30
 #   blacklisted:
 #     members:
 #       - <username to blacklist>
 #     cidrs:
 #       - <CIDR to blacklist, e.g. 255.255.255.255/32>
 #   user_defined:
 #     my_buddies:
 #       upload:
 #         priority: 250
 #         strategy: firstinfirstout
 #         slots: 10
 #       limits:
 #         queued:
 #           files: 1000 # override global default
 #       members:
 #         - alice
 #         - bob
 # blacklist:
 #   enabled: true
 #   file: <path to file containing CIDRs to blacklist>
 # filters:
 #   search:
 #     request:
 #       - ^.{1,2}$
 # web:
 #   port: 5030
 #   https:
 #     disabled: false
 #     port: 5031
 #     force: false
 #     certificate:
 #       pfx: ~
 #       password: ~
 #   url_base: /
 #   content_path: wwwroot
 #   logging: false
 #   authentication:
 #     disabled: false
 #     username: slskd
 #     password: slskd
 #     jwt:
 #       key: ~
 #       ttl: 604800000
 #     api_keys:
 #       my_api_key:
 #         key: <some example string between 16 and 255 characters>
 #         role: readonly # readonly, readwrite, administrator
 #         cidr: 0.0.0.0/0,::/0
 # retention:
 #   transfers:
 #     upload:
 #       succeeded: 1440 # 1 day
 #       errored: 30
 #       cancelled: 5
 #     download:
 #       succeeded: 1440 # 1 day
 #       errored: 20160 # 2 weeks 
 #       cancelled: 5
 #   files:
 #     complete: 20160 # 2 weeks
 #     incomplete: 43200 # 30 days
 #   logs: 259200 # 180 days
 # logger:
 #   disk: false
 #   no_color: false
 #   loki: ~
 # metrics:
 #   enabled: false
 #   url: /metrics
 #   authentication:
 #     disabled: false
 #     username: slskd
 #     password: slskd
 # feature:
 #   swagger: false
 # soulseek:
 #   address: vps.slsknet.org
 #   port: 2271
 #   username: ~
 #   password: ~
 #   description: |
 #     A slskd user. https://github.com/slskd/slskd
 #   listen_ip_address: 0.0.0.0
 #   listen_port: 50300
 #   diagnostic_level: Info
 #   distributed_network:
 #     disabled: false
 #     disable_children: false
 #     child_limit: 25
 #     logging: false
 #   connection:
 #     timeout:
 #       connect: 10000
 #       inactivity: 15000
 #     buffer:
 #       read: 16384
 #       write: 16384
 #       transfer: 262144
 #       write_queue: 250
 #     proxy:
 #       enabled: false
 #       address: ~
 #       port: ~
 #       username: ~
 #       password: ~
 # integration:
 #   ftp:
 #     enabled: false
 #     address: ~
 #     port: ~
 #     username: ~
 #     password: ~
 #     remote_path: /
 #     encryption_mode: auto
 #     ignore_certificate_errors: false
 #     overwrite_existing: true
 #     connection_timeout: 5000
 #     retry_attempts: 3
 #   pushbullet:
 #     enabled: false
 #     access_token: ~
 #     notification_prefix: "From slskd:"
 #     notify_on_private_message: true
 #     notify_on_room_mention: true
 #     retry_attempts: 3
 #     cooldown_time: 900000
@@ -0,0 +1,19 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
  "$schema": "../schemas/v2/index.json",
  "repos": [
      {
          "type": "gitea",
          "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
          "url": "https://git.trez.wtf",
          "revisions": {
              "branches": [
                  "main",
                  "*"
              ]
          }
      }
  ]
 }
@@ -0,0 +1,29 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 <?xml version='1.0' encoding='UTF-8'?>
 <!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
 <properties>
    <entry key='config.default'>./conf/default.xml</entry>
    <!--
    This is the main configuration file. All your configuration parameters should be placed in this file.
    Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
    with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
    remove "config.default" parameter from this file unless you know what you are doing.
    For list of available parameters see following page: https://www.traccar.org/configuration-file/
    -->
    <entry key='database.driver'>org.postgresql.Driver</entry>
    <entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
    <entry key='database.user'>traccar</entry>
    <entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry>
 </properties>
@@ -0,0 +1,29 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 {
    "always_keep_failed_tasks": true,
    "auto_manage_completed_tasks": false,
    "cache_path": "/tmp/unmanic",
    "clear_pending_tasks_on_restart": false,
    "concurrent_file_testers": 2,
    "config_path": "/config/.unmanic/config",
    "debugging": false,
    "distributed_worker_count_target": 0,
    "enable_library_scanner": false,
    "first_run": false,
    "follow_symlinks": true,
    "installation_name": "Unmanic @ Rinoa",
    "library_path": "/library",
    "log_path": "/config/.unmanic/logs",
    "max_age_of_completed_tasks": 91,
    "number_of_workers": null,
    "plugins_path": "/config/.unmanic/plugins",
    "release_notes_viewed": "0.2.8",
    "remote_installations": [],
    "run_full_scan_on_start": false,
    "schedule_full_scan_minutes": 1440,
    "ui_port": 8888,
    "userdata_path": "/config/.unmanic/userdata",
    "worker_event_schedules": null
 }
@@ -0,0 +1,19 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh.indexer
      ip: wazuh.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.manager
      ip: wazuh.manager
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
@@ -0,0 +1,33 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 http.port: 9200-9299
 transport.tcp.port: 9300-9399
 compatibility.override_main_response_version: true
 plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
 plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false
@@ -0,0 +1,10 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 hosts:
  - 1513629884013:
      url: "https://wazuh.manager"
      port: 55000
      username: wazuh-wui
      password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}
      run_as: false
@@ -0,0 +1,19 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 ydl_server:   # youtube-dl-server specific settings
  port: 8080      # Port youtube-dl-server should listen on
  host: 0.0.0.0   # IP youtube-dl-server should bind to
  debug: False    # Enable/Disable debug mode
  metadata_db_path: '/youtube-dl/.ydl-metadata.db' # Path to metadata DB
  output_playlist: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # Playlist output directory template
  update_poll_delay_min: 1440 # Automatically check for updates every 24h
  max_log_entries: 100 # Maximum number of job log history to keep
  forwarded_allow_ips: None # uvicorn Comma seperated list of IPs to trust with proxy headers.
  proxy_headers: True # uvicorn flag Enable/Disable X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Port to populate remote address info.
 ydl_options:  # youtube-dl options
  output: '/youtube-dl/%(title)s [%(id)s].%(ext)s' # output directory template
  cache-dir: '/youtube-dl/.cache' # youtube-dl cache directory
  ignore-errors: True # instruct youtube-dl to skip errors
  age-limit: 6 # minimal age requirement / parental control setting
@@ -0,0 +1,43 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
 Log:
  Level: 'debug'
 # Make ZITADEL accessible over HTTPs, not HTTP
 ExternalSecure: true
 ExternalDomain: 'id.trez.wtf'
 ExternalPort: 443
 # If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
 Database:
  postgres:
    Host: 'zitadel-pg-db'
    Port: 5432
    Database: zitadel
    User:
      SSL:
        Mode: 'disable'
    Admin:
      SSL:
        Mode: 'disable'
 DefaultInstance:
  DomainPolicy:
    UserLoginMustBeDomain: false
 LogStore:
  Access:
    Stdout:
      Enabled: true
 SMTPConfiguration:
    # Configuration of the host
    SMTP:
      # must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
      Host: 'postal-smtp:25'
      User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
    From: 'noreply@trez.wtf'
    FromName: 'Zitadel @ Rinoa'
@@ -0,0 +1,13 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
 FirstInstance:
  Org:
    Human:
      # use the loginname root@my-org.my.domain
      Username: 'root'
      Password: 'RootPassword1!'
      Email:
        Address: 'charish.patel@trez.wtf'
        Verified: true
@@ -0,0 +1,13 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 # If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
 Database:
  postgres:
    User:
      # If the user doesn't exist already, it is created
      Username: 'zitadel'
      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }}
    Admin:
      Username: 'root'
      Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }}
@@ -0,0 +1,4 @@
 ---
 collections:
  - name: community.hashi_vault
    version: 6.2.0
@@ -0,0 +1,20 @@
 ---
 - name: Deploy Docker Service Configurations
  hosts: rinoa
  vars:
    appdata_base_path: "~/.docker/config/appdata"
  tasks:
    - name: Ensure target directories exist
      ansible.builtin.file:
        path: "{{ appdata_base_path }}/{{ (item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') | regex_replace('/[^/]+$', '')) }}"
        state: directory
        mode: '0755'
      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
    - name: Deploy configuration templates
      ansible.builtin.template:
        src: "{{ item }}"
        dest: "{{ appdata_base_path }}/{{ item | basename | regex_replace('\\.j2$', '') | regex_replace('_', '/') }}"
        mode: '0644'
      loop: "{{ query('fileglob', 'app-configs/*.j2') }}"
@@ -0,0 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  66373236656261373330343233616231386539616566613864306436613635323533336365383232
  6636653139393566643265303135343864363632393035380a643566373137316363626438356431
  64653237313866316537326565386164373564353166346334663638636531353337303937346466
  3539366634393337620a653133336530333963343638643934303336653935363932643665353234
  63343565663632633563396131346139666236313863663332386131633831633566373366613738
  63343634313539336534666632313736343338623538303434316230383764643432646663356238
  61373132633062346436363036333533623931313037306633616662623032616137613734343638
  63633031616161623437623935346366636433653435646333313638376161663237323130636433
  31383031646666626163323966393738386233346137326231366263316532343563
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"
@@ -0,0 +1,13 @@
 rinoa:
        ansible_host: 192.168.1.254
        ansible_python_interpreter: /usr/bin/python3
        ansible_ssh_port: 22
        ansible_ssh_user: charish
        ansible_ssh_pass: !vault |
                $ANSIBLE_VAULT;1.1;AES256
                38346631616139316365316566386362396661323163306339303635646331373061323531626431
                3435373031363739356261656239633835393963636663370a613166653463656337666366633639
                37373637326633363430633336646165343764303063663636313835326130663532323037663331
                6332353339656134370a353435396532663932313535646636333262353238386331313764633635
                63383065623930653134666261353439366535646661383434386261393232373432353937636535
                3432336137393737643735346665303832653630316439333565
@@ -0,0 +1,12 @@
 ---
 all:
  hosts:
    benedikta:
      ansible_host: 192.168.1.241
      ansible_user: charish
    rikku:
      ansible_host: 192.168.1.253
      ansible_user: pi
    rinoa:
      ansible_host: 192.168.1.254
      ansible_user: charish
@@ -0,0 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
 65353131326537376561616630666531353731653835306564323565383332653437633533313932
 6239663065306339366536326432323534303364663862350a353034623936363066303164333434
 32666331326332363463383234316136323031626330366132643034376439616339396662636236
 3633393039376438630a326138653031656465373966356564336463643465613638313838393166
 36626366356266636535613862333631386231626134376264363731353264613261633037646662
 6431393837653564366531316332616232336365636533643036
@@ -1,842 +0,0 @@
 # Global Settings
 COMPOSE_HTTP_TIMEOUT=''
 DOCKER_GID=''
 DOCKER_HOSTNAME=''
 DOCKER_VOLUME_CONFIG=''
 DOCKER_VOLUME_STORAGE=''
 PGID=''
 PUID=''
 TZ=''
 MY_TLD=''
 # END OF DEFAULT SETTINGS
 ##
 ## ADDY
 ##
 ADDY_ANONADDY_ADDITIONAL_USERNAME_LIMIT=''
 ADDY_ANONADDY_ADMIN_USERNAME=''
 ADDY_ANONADDY_ALL_DOMAINS=''
 ADDY_ANONADDY_BANDWIDTH_LIMIT=''
 ADDY_ANONADDY_DKIM_SELECTOR=''
 ADDY_ANONADDY_DKIM_SIGNING_KEY=''
 ADDY_ANONADDY_DNS_RESOLVER=''
 ADDY_ANONADDY_DOMAIN=''
 ADDY_ANONADDY_HOSTNAME=''
 ADDY_ANONADDY_LIMIT=''
 ADDY_ANONADDY_NEW_ALIAS_LIMIT=''
 ADDY_ANONADDY_RETURN_PATH=''
 ADDY_ANONADDY_SECRET=''
 ADDY_ANONADDY_SIGNING_KEY_FINGERPRINT=''
 ADDY_APP_KEY=''
 ADDY_APP_URL=''
 ADDY_DB_PASSWORD=''
 ADDY_MAIL_ENCRYPTION=''
 ADDY_MAIL_FROM_ADDRESS=''
 ADDY_MAIL_FROM_NAME=''
 ADDY_POSTFIX_DEBUG=''
 ADDY_POSTFIX_MESSAGE_SIZE_LIMIT=''
 ADDY_POSTFIX_RELAYHOST=''
 ADDY_POSTFIX_RELAYHOST_AUTH_ENABLE=''
 ADDY_POSTFIX_SMTPD_TLS_CERT_FILE=''
 ADDY_POSTFIX_SMTPD_TLS_KEY_FILE=''
 ADDY_POSTFIX_SPAMHAUS_DQS_KEY=''
 ADDY_REDIS_PASSWORD=''
 ADDY_RSPAMD_NO_LOCAL_ADDRS=''
 ADDY_RSPAMD_WEB_PASSWORD=''
 ##
 ## ADGUARD
 ##
 ADGUARD_CONTAINER_NAME=''
 ADGUARD_ENABLED=''
 ADGUARD_ENVIRONMENT_SERVERIP=''
 ADGUARD_NETWORK_MODE=''
 ADGUARD_PORT_3000=''
 ADGUARD_PORT_443=''
 ADGUARD_PORT_53=''
 ADGUARD_PORT_67=''
 ADGUARD_PORT_68=''
 ADGUARD_PORT_80=''
 ADGUARD_PORT_853=''
 ADGUARD_RESTART=''
 ADGUARD_TAG=''
 ##
 ## ADGUARD
 ##
 ADGUARD_CF_TUNNEL_PASSWORD=''
 ADGUARD_PASSWORD=''
 ##
 ## ANYTHINGLLM
 ##
 ANYTHINGLLM_JWT_SECRET=''
 ##
 ## APPRISE
 ##
 APPRISE_CONTAINER_NAME=''
 APPRISE_ENABLED=''
 APPRISE_NETWORK_MODE=''
 APPRISE_PORT_8000=''
 APPRISE_RESTART=''
 APPRISE_TAG=''
 ##
 ## AUDIOBOOKSHELF
 ##
 AUDIOBOOKSHELF_CONTAINER_NAME=''
 AUDIOBOOKSHELF_ENABLED=''
 AUDIOBOOKSHELF_NETWORK_MODE=''
 AUDIOBOOKSHELF_PORT_80=''
 AUDIOBOOKSHELF_RESTART=''
 AUDIOBOOKSHELF_TAG=''
 ##
 ## AUDIOBOOKSHELF
 ##
 AUDIOBOOKSHELF_ROOT_API_KEY=''
 ##
 ## AUTHELIA
 ##
 AUTHELIA_AUTH_BIND_LDAP_PASSWORD=''
 AUTHELIA_JWT_SECRET=''
 AUTHELIA_SESSION_SECRET=''
 AUTHELIA_STORAGE_ENCRYPTION_KEY=''
 AUTHELIA_STORAGE_POSTGRES_PASSWORD=''
 ##
 ## BAZARR
 ##
 BAZARR_CONTAINER_NAME=''
 BAZARR_ENABLED=''
 BAZARR_NETWORK_MODE=''
 BAZARR_PORT_6767=''
 BAZARR_RESTART=''
 BAZARR_TAG=''
 BAZARR_API_KEY=''
 ##
 ## BITMAGNET
 ##
 BITMAGNET_POSTGRESQL_PASSWORD=''
 ##
 ## BITWARDEN
 ##
 BITWARDEN_CONTAINER_NAME=''
 BITWARDEN_ENABLED=''
 BITWARDEN_ENVIRONMENT_ADMIN_TOKEN=''
 BITWARDEN_ENVIRONMENT_DATABASE_URL=''
 BITWARDEN_ENVIRONMENT_DISABLE_ADMIN_TOKEN=''
 BITWARDEN_ENVIRONMENT_DOMAIN=''
 BITWARDEN_ENVIRONMENT_ENABLE_DB_WAL=''
 BITWARDEN_ENVIRONMENT_INVITATIONS_ALLOWED=''
 BITWARDEN_ENVIRONMENT_SHOW_PASSWORD_HINT=''
 BITWARDEN_ENVIRONMENT_SIGNUPS_ALLOWED=''
 BITWARDEN_ENVIRONMENT_SIGNUPS_VERIFY=''
 BITWARDEN_ENVIRONMENT_WEBSOCKET_ENABLE=''
 BITWARDEN_NETWORK_MODE=''
 BITWARDEN_PORT_3012=''
 BITWARDEN_PORT_80=''
 BITWARDEN_RESTART=''
 BITWARDEN_TAG=''
 ##
 ## CHROMIUM
 ##
 CHROMIUM_TOKEN=''
 ##
 ## CLOUDFLARE
 ##
 CLOUDFLARE_ACCOUNT_ID=''
 CLOUDFLARE_DNS_API_TOKEN=''
 CLOUDFLARE_ZONE_ID=''
 ##
 ## CLOUDFLAREDDNS
 ##
 CLOUDFLAREDDNS_CONTAINER_NAME=''
 CLOUDFLAREDDNS_ENABLED=''
 CLOUDFLAREDDNS_ENVIRONMENT_APIKEY=''
 CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN=''
 CLOUDFLAREDDNS_ENVIRONMENT_ARGS=''
 CLOUDFLAREDDNS_ENVIRONMENT_DETECTION_MODE=''
 CLOUDFLAREDDNS_ENVIRONMENT_HOSTS=''
 CLOUDFLAREDDNS_ENVIRONMENT_INTERVAL=''
 CLOUDFLAREDDNS_ENVIRONMENT_LOG_LEVEL=''
 CLOUDFLAREDDNS_ENVIRONMENT_RECORDTYPES=''
 CLOUDFLAREDDNS_ENVIRONMENT_USER=''
 CLOUDFLAREDDNS_ENVIRONMENT_ZONES=''
 CLOUDFLAREDDNS_RESTART=''
 CLOUDFLAREDDNS_TAG=''
 ##
 ## CROWDSEC
 ##
 CROWDSEC_API_KEY=''
 CROWDSEC_LOCAL_API_KEY=''
 ##
 ## DELUGEVPN
 ##
 DELUGEVPN_CONTAINER_NAME=''
 DELUGEVPN_ENABLED=''
 DELUGEVPN_ENVIRONMENT_ENABLE_PRIVOXY=''
 DELUGEVPN_ENVIRONMENT_LAN_NETWORK=''
 DELUGEVPN_ENVIRONMENT_NAME_SERVERS=''
 DELUGEVPN_ENVIRONMENT_VPN_CLIENT=''
 DELUGEVPN_ENVIRONMENT_VPN_ENABLE=''
 DELUGEVPN_ENVIRONMENT_VPN_INPUT_PORTS=''
 DELUGEVPN_ENVIRONMENT_VPN_OPTIONS=''
 DELUGEVPN_ENVIRONMENT_VPN_OUTPUT_PORTS=''
 DELUGEVPN_ENVIRONMENT_VPN_PASS=''
 DELUGEVPN_ENVIRONMENT_VPN_PROV=''
 DELUGEVPN_ENVIRONMENT_VPN_USER=''
 DELUGEVPN_NETWORK_MODE=''
 DELUGEVPN_PORT_58846=''
 DELUGEVPN_PORT_58946=''
 DELUGEVPN_PORT_8112=''
 DELUGEVPN_PORT_8118=''
 DELUGEVPN_RESTART=''
 DELUGEVPN_TAG=''
 ##
 ## DELUGEVPN
 ##
 DELUGEVPN_PASSWORD=''
 DELUGEVPN_PORT_51413=''
 DELUGEVPN_PORT_6881=''
 ##
 ## DUPLICATI
 ##
 DUPLICATI_CONTAINER_NAME=''
 DUPLICATI_ENABLED=''
 DUPLICATI_NETWORK_MODE=''
 DUPLICATI_PORT_8200=''
 DUPLICATI_RESTART=''
 DUPLICATI_TAG=''
 DUPLICATI_VOLUME_BACKUPSDIR=''
 DUPLICATI_VOLUME_SOURCEDIR=''
 ##
 ## DUPLICATI
 ##
 DUPLICATI_CF_TUNNEL_PASSWORD=''
 ##
 ## EMBY
 ##
 EMBY_CONTAINER_NAME=''
 EMBY_ENABLED=''
 EMBY_NETWORK_MODE=''
 EMBY_PORT_8096=''
 EMBY_PORT_8920=''
 EMBY_RESTART=''
 EMBY_TAG=''
 EMBY_VOLUME_TRANSCODEDIR=''
 ##
 ## EMBY
 ##
 EMBY_HOMEPAGE_API_KEY=''
 ##
 ## FLARESOLVERR
 ##
 FLARESOLVERR_CONTAINER_NAME=''
 FLARESOLVERR_ENABLED=''
 FLARESOLVERR_ENVIRONMENT_CAPTCHA_SOLVER=''
 FLARESOLVERR_ENVIRONMENT_LOG_HTML=''
 FLARESOLVERR_ENVIRONMENT_LOG_LEVEL=''
 FLARESOLVERR_NETWORK_MODE=''
 FLARESOLVERR_PORT_8191=''
 FLARESOLVERR_RESTART=''
 FLARESOLVERR_TAG=''
 ##
 ## GHOST
 ##
 GHOST_DB_PASSWORD=''
 GHOST_DB_USER=''
 ##
 ## GITEA
 ##
 GITEA_HOMEPAGE_API_KEY=''
 GITEA_PG_DB_PASSWORD=''
 GITEA_RUNNER_REGISTRATION_TOKEN=''
 ##
 ## GLUETUN
 ##
 GLUETUN_SERVER_REGIONS=''
 ##
 ## GOTIFY
 ##
 GOTIFY_HOMEPAGE_CLIENT_KEY=''
 GOTIFY_PASSWORD=''
 ##
 ## GRAFANA
 ##
 GRAFANA_CONTAINER_NAME=''
 GRAFANA_ENABLED=''
 GRAFANA_ENVIRONMENT_GF_INSTALL_PLUGINS=''
 GRAFANA_NETWORK_MODE=''
 GRAFANA_PORT_3000=''
 GRAFANA_RESTART=''
 GRAFANA_TAG=''
 ##
 ## GRAFANA
 ##
 GRAFANA_ADMIN_PASSWORD=''
 GRAFANA_MIMIR_HTTP_AUTH_PASSWORD=''
 ##
 ## GUID
 ##
 GUID=''
 ##
 ## HORTUSFOX
 ##
 HORTUSFOX_ADMIN_PASSWORD=''
 HORTUSFOX_DB_PASSWORD=''
 ##
 ## HUGINN
 ##
 HUGINN_CONTAINER_NAME=''
 HUGINN_ENABLED=''
 HUGINN_ENVIRONMENT_DATABASE_HOST=''
 HUGINN_ENVIRONMENT_DATABASE_NAME=''
 HUGINN_ENVIRONMENT_DATABASE_PASSWORD=''
 HUGINN_ENVIRONMENT_DATABASE_PORT=''
 HUGINN_ENVIRONMENT_DATABASE_USERNAME=''
 HUGINN_NETWORK_MODE=''
 HUGINN_PORT_3000=''
 HUGINN_RESTART=''
 HUGINN_TAG=''
 ##
 ## IN
 ##
 IN_APP_KEY=''
 IN_MYSQL_PASSWORD=''
 IN_PASSWORD=''
 ##
 ## JAN
 ##
 JAN_AI_S3_ACCESS_KEY=''
 JAN_AI_S3_SECRET_KEY=''
 ##
 ## JITSI
 ##
 JITSI__ADMIN_DB_PASSWORD=''
 JITSI__ADMIN_JWT_SECRET=''
 JITSI__ETHERPAD_DEFAULT_PAD_TEXT=''
 JITSI__ETHERPAD_SKIN_NAME=''
 JITSI__ETHERPAD_SKIN_VARIANTS=''
 JITSI__ETHERPAD_TITLE=''
 JITSI__ETHERPAD_URL_BASE=''
 JITSI__HTTP_PORT=''
 JITSI__HTTPS_PORT=''
 JITSI__JIBRI_RECORDER_PASSWORD=''
 JITSI__JIBRI_XMPP_PASSWORD=''
 JITSI__JICOFO_AUTH_PASSWORD=''
 JITSI__JIGAGI_SIP_PASSWORD=''
 JITSI__JIGAGI_SIP_PORT=''
 JITSI__JIGAGI_SIP_SERVER=''
 JITSI__JIGAGI_SIP_TRANSPORT=''
 JITSI__JIGAGI_SIP_URI=''
 JITSI__JIGASI_XMPP_PASSWORD=''
 JITSI__JVB_AUTH_PASSWORD=''
 JITSI__PUBLIC_URL=''
 JITSI__SIP_URI=''
 JITSI__TZ=''
 JITSI__WEBSOCKET_SECRET=''
 ##
 ## JOPLIN
 ##
 JOPLIN_APP_BASE_URL=''
 JOPLIN_APP_PORT=''
 JOPLIN_POSTGRES_DATABASE=''
 JOPLIN_POSTGRES_PASSWORD=''
 JOPLIN_POSTGRES_PORT=''
 JOPLIN_POSTGRES_USER=''
 JOPLIN_S3_ACCESS_KEY=''
 JOPLIN_S3_SECRET_KEY=''
 ##
 ## KEYCLOAK
 ##
 KEYCLOAK_ADMIN_PASSWORD=''
 ##
 ## LAN
 ##
 LAN_NETWORK=''
 ##
 ## LASTFM
 ##
 LASTFM_API_KEY=''
 LASTFM_API_SECRET=''
 LASTFM_PASSWORD=''
 LASTFM_USERNAME=''
 ##
 ## LIBRESPEED
 ##
 LIBRESPEED_CONTAINER_NAME=''
 LIBRESPEED_ENABLED=''
 LIBRESPEED_ENVIRONMENT_DB_HOSTNAME=''
 LIBRESPEED_ENVIRONMENT_DB_NAME=''
 LIBRESPEED_ENVIRONMENT_DB_PASSWORD=''
 LIBRESPEED_ENVIRONMENT_DB_TYPE=''
 LIBRESPEED_ENVIRONMENT_DB_USERNAME=''
 LIBRESPEED_ENVIRONMENT_PASSWORD=''
 LIBRESPEED_NETWORK_MODE=''
 LIBRESPEED_PORT_80=''
 LIBRESPEED_RESTART=''
 LIBRESPEED_TAG=''
 ##
 ## LIDARR
 ##
 LIDARR_CONTAINER_NAME=''
 LIDARR_ENABLED=''
 LIDARR_NETWORK_MODE=''
 LIDARR_PORT_8686=''
 LIDARR_RESTART=''
 LIDARR_TAG=''
 ##
 ## LIDARR
 ##
 LIDARR_API_KEY=''
 ##
 ## LLDAP
 ##
 LLDAP_JWT_SECRET=''
 LLDAP_KEY_SEED=''
 ##
 ## LOCALAI
 ##
 LOCALAI_API_KEY=''
 ##
 ## MALOJA
 ##
 MALOJA_FORCE_PASSWORD=''
 ##
 ## MARIADB
 ##
 MARIADB_CONTAINER_NAME=''
 MARIADB_ENABLED=''
 MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD=''
 MARIADB_NETWORK_MODE=''
 MARIADB_PORT_3306=''
 MARIADB_RESTART=''
 MARIADB_TAG=''
 ##
 ## MATTERMOST
 ##
 MATTERMOST_AWS_S3_ACCESSKEY=''
 MATTERMOST_AWS_S3_SECRETKEY=''
 MATTERMOST_POSTGRES_CONNECTION_URI=''
 MATTERMOST_POSTGRES_PASSWORD=''
 ##
 ## MAYBE
 ##
 MAYBE_POSTGRES_PASSWORD=''
 MAYBE_SECRET_KEY_BASE=''
 ##
 ## MEDUSAJS
 ##
 MEDUSAJS_COOKIE_SECRET=''
 MEDUSAJS_JWT_TOKEN=''
 MEDUSAJS_POSTGRES_PASSWORD=''
 MEDUSAJS_S3_ACCESS_KEY=''
 MEDUSAJS_S3_SECRET_KEY=''
 ##
 ## MINIO
 ##
 MINIO_MIMIR_STORAGE_ACCESS_KEY=''
 MINIO_MIMIR_STORAGE_SECRET_KEY=''
 MINIO_ROOT_PASSWORD=''
 ##
 ## MONGO
 ##
 MONGO_INITDB_ROOT_PASSWORD=''
 MONGO_INITDB_ROOT_USERNAME=''
 ##
 ## NAVIDROME
 ##
 NAVIDROME_PASSWORD=''
 NAVIDROME_USERNAME=''
 ##
 ## NEXTCLOUD
 ##
 NEXTCLOUD_CONTAINER_NAME=''
 NEXTCLOUD_ENABLED=''
 NEXTCLOUD_NETWORK_MODE=''
 NEXTCLOUD_PORT_443=''
 NEXTCLOUD_RESTART=''
 NEXTCLOUD_TAG=''
 NEXTCLOUD_VOLUME_DATADIR=''
 ##
 ## OMBI
 ##
 OMBI_CONTAINER_NAME=''
 OMBI_ENABLED=''
 OMBI_NETWORK_MODE=''
 OMBI_PORT_3579=''
 OMBI_RESTART=''
 OMBI_TAG=''
 OMBI_API_KEY=''
 ##
 ## OPENGIST
 ##
 OPENGIST_GITEA_CLIENT_KEY=''
 OPENGIST_GITEA_SECRET=''
 ##
 ## PAPERLESS
 ##
 PAPERLESS_DBPASS=''
 PAPERLESS_SECRET_KEY=''
 ##
 ## PLAUSIBLE
 ##
 PLAUSIBLE_PG_PASSWORD=''
 PLAUSIBLE_SECRET_KEY_BASE=''
 PLAUSIBLE_TOTP_VAULT_KEY=''
 ##
 ## PODINDEX
 ##
 PODINDEX_API_KEY=''
 PODINDEX_API_SECRET=''
 ##
 ## PORTAINER
 ##
 PORTAINER_CONTAINER_NAME=''
 PORTAINER_ENABLED=''
 PORTAINER_NETWORK_MODE=''
 PORTAINER_PORT_9000=''
 PORTAINER_RESTART=''
 PORTAINER_TAG=''
 PORTAINER_VOLUME_DOCKER_SOCKET=''
 PORTAINER_API_KEY=''
 ##
 ## POSTAL
 ##
 POSTAL_MYSQL_PASSWORD=''
 POSTAL_SMTP_AUTH_PASSWORD=''
 POSTAL_SMTP_AUTH_USER=''
 ##
 ## POSTGRES
 ##
 POSTGRES_HOST=''
 POSTGRES_PASSWORD=''
 POSTGRES_USER=''
 ##
 ## PROWLARR
 ##
 PROWLARR_CONTAINER_NAME=''
 PROWLARR_ENABLED=''
 PROWLARR_NETWORK_MODE=''
 PROWLARR_PORT_9696=''
 PROWLARR_RESTART=''
 PROWLARR_TAG=''
 PROWLARR_API_KEY=''
 ##
 ## RADARR
 ##
 RADARR_CONTAINER_NAME=''
 RADARR_ENABLED=''
 RADARR_NETWORK_MODE=''
 RADARR_PORT_7878=''
 RADARR_RESTART=''
 RADARR_TAG=''
 ##
 ## RADARR
 ##
 RADARR_API_KEY=''
 ##
 ## REACTIVE
 ##
 REACTIVE_RESUME_ACCESS_TOKEN_SECRET=''
 REACTIVE_RESUME_PGSQL_PASSWORD=''
 REACTIVE_RESUME_REFRESH_TOKEN_SECRET=''
 REACTIVE_RESUME_S3_ACCESS_KEY=''
 REACTIVE_RESUME_S3_SECRET_KEY=''
 ##
 ## READARR
 ##
 READARR_CONTAINER_NAME=''
 READARR_ENABLED=''
 READARR_NETWORK_MODE=''
 READARR_PORT_8787=''
 READARR_RESTART=''
 READARR_TAG=''
 READARR_API_KEY=''
 ##
 ## REMMINA
 ##
 REMMINA_CF_TUNNEL_ID=''
 REMMINA_CF_TUNNEL_PASSWORD=''
 REMMINA_USER_PASSWORD=''
 ##
 ## RUSTDESK
 ##
 RUSTDESK_CUSTOM_PASSWORD=''
 ##
 ## SABNZBDVPN
 ##
 SABNZBDVPN_CONTAINER_NAME=''
 SABNZBDVPN_ENABLED=''
 SABNZBDVPN_ENVIRONMENT_ENABLE_PRIVOXY=''
 SABNZBDVPN_ENVIRONMENT_LAN_NETWORK=''
 SABNZBDVPN_ENVIRONMENT_NAME_SERVERS=''
 SABNZBDVPN_ENVIRONMENT_VPN_CLIENT=''
 SABNZBDVPN_ENVIRONMENT_VPN_ENABLE=''
 SABNZBDVPN_ENVIRONMENT_VPN_INPUT_PORTS=''
 SABNZBDVPN_ENVIRONMENT_VPN_OPTIONS=''
 SABNZBDVPN_ENVIRONMENT_VPN_OUTPUT_PORTS=''
 SABNZBDVPN_ENVIRONMENT_VPN_PASS=''
 SABNZBDVPN_ENVIRONMENT_VPN_PROV=''
 SABNZBDVPN_ENVIRONMENT_VPN_USER=''
 SABNZBDVPN_NETWORK_MODE=''
 SABNZBDVPN_PORT_8080=''
 SABNZBDVPN_PORT_8090=''
 SABNZBDVPN_PORT_8118=''
 SABNZBDVPN_RESTART=''
 SABNZBDVPN_TAG=''
 SABNZBDVPN_API_KEY=''
 ##
 ## SCRAPERR
 ##
 SCRAPERR_SECRET_KEY=''
 ##
 ## SCRUTINY
 ##
 SCRUTINY_CF_TUNNEL_PASSWORD=''
 ##
 ## SEARXNG
 ##
 SEARXNG_BASE_URL=''
 ##
 ## SLSKD
 ##
 SLSKD_PASSWORD=''
 ##
 ## SONARQUBE
 ##
 SONARQUBE_POSTGRES_PASSWORD=''
 SONARQUBE_LDAP_BIND_PASSWORD=''
 ##
 ## SONARR
 ##
 SONARR_CONTAINER_NAME=''
 SONARR_ENABLED=''
 SONARR_NETWORK_MODE=''
 SONARR_PORT_8989=''
 SONARR_RESTART=''
 SONARR_TAG=''
 SONARR_API_KEY=''
 ##
 ## SWAG
 ##
 SWAG_CONTAINER_NAME=''
 SWAG_ENABLED=''
 SWAG_ENVIRONMENT_DNSPLUGIN=''
 SWAG_ENVIRONMENT_EMAIL=''
 SWAG_ENVIRONMENT_EXTRA_DOMAINS=''
 SWAG_ENVIRONMENT_ONLY_SUBDOMAINS=''
 SWAG_ENVIRONMENT_SUBDOMAINS=''
 SWAG_ENVIRONMENT_URL=''
 SWAG_ENVIRONMENT_VALIDATION=''
 SWAG_NETWORK_MODE=''
 SWAG_PORT_443=''
 SWAG_PORT_80=''
 SWAG_RESTART=''
 SWAG_TAG=''
 ##
 ## SWAG
 ##
 SWAG_CF_TUNNEL_ID=''
 SWAG_CF_TUNNEL_PASSWORD=''
 SWAG_DUCKDNSTOKEN=''
 SWAG_MAXMINDDB_LICENSE_KEY=''
 ##
 ## TANDOOR
 ##
 TANDOOR_API_TOKEN=''
 TANDOOR_POSTGRES_PASSWORD=''
 TANDOOR_SECRET_KEY=''
 ##
 ## TMDB
 ##
 TMDB_API_KEY=''
 ##
 ## TRACCAR
 ##
 TRACCAR_POSTGRES_DATABASE=''
 TRACCAR_POSTGRES_PASSWORD=''
 TRACCAR_POSTGRES_USER=''
 ##
 ## UPTIME
 ##
 UPTIME_KUMA_PASSWORD=''
 UPTIME_KUMA_USERNAME=''
 ##
 ## UPTIMEKUMA
 ##
 UPTIMEKUMA_CONTAINER_NAME=''
 UPTIMEKUMA_ENABLED=''
 UPTIMEKUMA_NETWORK_MODE=''
 UPTIMEKUMA_PORT_3001=''
 UPTIMEKUMA_RESTART=''
 UPTIMEKUMA_TAG=''
 ##
 ## VAULT
 ##
 VAULT_HASHICORP_AWS_ACCESS_KEY_ID=''
 VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY=''
 ##
 ## VIRUS
 ##
 VIRUS_TOTAL_API_KEY=''
 ##
 ## WALLABAG
 ##
 WALLABAG_DB=''
 WALLABAG_DB_PASSWORD=''
 ##
 ## WATCHTOWER
 ##
 WATCHTOWER_CONTAINER_NAME=''
 WATCHTOWER_ENABLED=''
 WATCHTOWER_ENVIRONMENT_CLEANUP=''
 WATCHTOWER_ENVIRONMENT_INCLUDE_STOPPED=''
 WATCHTOWER_ENVIRONMENT_MONITOR_ONLY=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATION_TEMPLATE=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATION_URL=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATIONS=''
 WATCHTOWER_ENVIRONMENT_NOTIFICATIONS_LEVEL=''
 WATCHTOWER_ENVIRONMENT_REPO_PASS=''
 WATCHTOWER_ENVIRONMENT_REPO_USER=''
 WATCHTOWER_ENVIRONMENT_SCHEDULE=''
 WATCHTOWER_ENVIRONMENT_TIMEOUT=''
 WATCHTOWER_NETWORK_MODE=''
 WATCHTOWER_RESTART=''
 WATCHTOWER_TAG=''
 WATCHTOWER_VOLUME_DOCKER_SOCKET=''
 ##
 ## WATCHTOWER
 ##
 WATCHTOWER_HTTP_API_TOKEN=''
 WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=''
 WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=''
 WATCHTOWER_NOTIFICATION_GOTIFY_URL=''
 ##
 ## WAZUH
 ##
 WAZUH_API_PASSWORD=''
 WAZUH_INDEXER_PASSWORD=''
 WAZUH_KIBANA_PASSWORD=''
 WAZUH_VERSION=''
 ##
 ## YOUR
 ##
 YOUR_SPOTIFY_ID=''
 YOUR_SPOTIFY_PORT_443=''
 YOUR_SPOTIFY_PORT_80=''
 YOUR_SPOTIFY_SECRET=''
 ##
 ## YOUTUBEDL
 ##
 YOUTUBEDL_CONTAINER_NAME=''
 YOUTUBEDL_ENABLED=''
 YOUTUBEDL_ENVIRONMENT_CONFIG_PATH=''
 YOUTUBEDL_ENVIRONMENT_DEBUG=''
 YOUTUBEDL_NETWORK_MODE=''
 YOUTUBEDL_PORT_8080=''
 YOUTUBEDL_RESTART=''
 YOUTUBEDL_TAG=''
 ##
 ## ZAMMAD
 ##
 ZAMMAD_ELASTICSEARCH_VERSION=''
 ZAMMAD_IMAGE_REPO=''
 ZAMMAD_MEMCACHE_SERVERS=''
 ZAMMAD_MEMCACHE_VERSION=''
 ZAMMAD_POSTGRES_DB=''
 ZAMMAD_POSTGRES_HOST=''
 ZAMMAD_POSTGRES_PASS=''
 ZAMMAD_POSTGRES_PORT=''
 ZAMMAD_POSTGRES_USER=''
 ZAMMAD_POSTGRES_VERSION=''
 ZAMMAD_POSTGRESQL_OPTIONS=''
 ZAMMAD_REDIS_URL=''
 ZAMMAD_REDIS_VERSION=''
 ZAMMAD_RESTART=''
 ZAMMAD_S3_ACCESS_KEY=''
 ZAMMAD_S3_SECRET_KEY=''
 ZAMMAD_VERSION=''