Removing deleted services from container arguments.

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -3,6 +3,9 @@ on:
   push:
     branches-ignore:
       - 'main'
+    paths:
+      - '**.yml'
+      - '!ansible/**.yml'
 jobs:
   check-and-create-pr:
     if: github.ref != 'refs/heads/main'
@@ -64,62 +67,107 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Cache Ansible Galaxy Collections
+      - name: Fetch base branch
-        uses: actions/cache@v3
+        run: |
-        with:
+          git fetch origin ${{ github.event.pull_request.base.ref }}
-          path: ansible/collections
+      - name: Save both versions of docker-compose.yml
-          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
+        run: |
-          restore-keys: |
+          git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
-            ${{ runner.os }}-ansible-
+          cp docker-compose.yml docker-compose-head.yml
-      - name: Install Ansible
+      # - name: Compare Docker Compose changes
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
+      #  run: |
-        with:
+      #    git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
-          version: "11.0.0"
+      #    cp docker-compose.yml docker-compose-head.yml
+      - name: Detect added, deleted, and modified services
+        id: detect_services
+        run: |
+          echo "Getting services from main and ${{ github.ref_name }}"
+          yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt
+          yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt
+
+          echo "Creating list of modified services..."
+          touch service_changes.txt
+
+          comm -13 services_main.txt services_head.txt | while read service; do
+            echo "$service: added" >> service_changes.txt
+          done
+
+          comm -12 services_main.txt services_head.txt | while read service; do
+            yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml
+            yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml
+            if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then
+              echo "$service: modified" >> service_changes.txt
+            fi
+          done
+
+          echo "Detected service changes:"
+          cat service_changes.txt
+
+          svc_list=$(paste -sd '|' service_changes.txt)
+          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
+      # - name: Cache Ansible Galaxy Collections
+      #   uses: actions/cache@v3
+      #   with:
+      #     path: ansible/collections
+      #     key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
+      #     restore-keys: |
+      #       ${{ runner.os }}-ansible-
+      # - name: Install Ansible
+      #   uses: alex-oleshkevich/setup-ansible@v1.0.1
+      #   with:
+      #     version: "11.0.0"
       - name: Install Vault
         uses: cpanato/vault-installer@main
-      - name: Install hvac
+      # - name: Install hvac
-        run: pip install hvac
+      #   run: pip install hvac
+      # - name: Gotify Notification
+      #   uses: eikendev/gotify-action@master
+      #   with:
+      #     gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+      #     gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+      #     notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+      #     notification_message: 'Starting Ansible dry run...'
+      # - name: Ansible Playbook Dry Run
+      #   uses: arillso/action.playbook@0.1.0
+      #   with:
+      #     check: true
+      #     galaxy_collections_path: ansible/collections
+      #     galaxy_requirements_file: ansible/collections/requirements.yml
+      #     inventory: ansible/inventory/hosts.yml
+      #     playbook: ansible/docker_config_deploy.yml
+      #     private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+      #     vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+      #     verbose: 0
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
-          notification_message: 'Starting Ansible dry run...'
+          notification_message: 'Starting Docker Compose dry run...'
-      - name: Ansible Playbook Dry Run
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
-          options: |
-            --inventory inventory/hosts.yml
-            --check
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Ansible dry run completed successfully; starting Docker Compose'
-      - name: Generate .env file for Docker Compose Dry Run
-        run: |
-          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Cache .env Files
         uses: actions/cache@v4
         with:
           path: .env
           key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
+      - name: Generate modified services list & .env file for Docker Compose Dry Run
+        id: modded_svcs
+        run: |
+          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
+          echo ${mod_svcs}
+          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
+          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
       - name: Docker Compose Dry Run
-        uses: yu-ichiro/spin-up-docker-compose-action@v1
+        timeout-minutes: 360
+        continue-on-error: true
+        uses: keatonLiu/docker-compose-remote-action@v1.2
         with:
-          file: docker-compose.yml
+          docker_compose_file: docker-compose.yml
-          pull: true
+          docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }}
-          pull-opts: --dry-run
+          ssh_user: gitea-deploy
-          up: true
+          ssh_host: 192.168.1.254
-          up-opts: --dry-run -d --remove-orphans
+          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
+          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
       - name: Gotify Notification
@@ -354,7 +402,6 @@ jobs:
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
-        # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
         timeout-minutes: 360
         continue-on-error: true
         uses: keatonLiu/docker-compose-remote-action@v1.2

docker-compose.yml

@@ -806,7 +806,7 @@ services:
       DOCKER_HOST: tcp://dockerproxy:2375
       GID: 1000
       BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
-      COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables
+      COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
     image: crowdsecurity/crowdsec:latest
     networks:
       default: null
@@ -1086,6 +1086,15 @@ services:
       - dawarich_public:/var/app/public
       - dawarich_watched:/var/app/tmp/imports/watched
       - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
+  dead-man-hand:
+    container_name: dead-man-hand
+    environment:
+      DMH_CONFIG_FILE: /data/config.yaml
+    image: 'ghcr.io/bkupidura/dead-man-hand:latest'
+    ports:
+      - '8080:8080'
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/dead-man-hand/data:/data
   delugevpn:
     cap_add:
       - NET_ADMIN
@@ -1193,87 +1202,6 @@ services:
         source: /var/run/docker.sock
         target: /var/run/docker.sock
         type: bind
-  docker-volume-backup:
-    container_name: docker-volume-backup
-    image: offen/docker-volume-backup:v2
-    environment:
-      BACKUP_ARCHIVE: /archive
-      BACKUP_CRON_EXPRESSION: '@weekly'
-      BACKUP_COMPRESSION: zst
-      BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}
-      BACKUP_FILENAME_EXPAND: true
-      BACKUP_RETENTION_DAYS: 14
-      DOCKER_HOST: tcp://dockerproxy:2375
-      NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN}
-    restart: always
-    volumes:
-      - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
-      - authelia-pg-db:/backup/authelia-pg-db:ro
-      - bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro
-      - bunkerweb-storage:/backup/bunkerweb-storage:ro
-      - castopod-media:/backup/castopod-media:ro
-      - crowdsec-config:/backup/crowdsec-config:ro
-      - crowdsec-db:/backup/crowdsec-db:ro
-      - dawarich_db_data:/backup/dawarich_db_data:ro
-      - dawarich_shared:/backup/dawarich_shared:ro
-      - dawarich_public:/backup/dawarich_public:ro
-      - dawarich_watched:/backup/dawarich_watched:ro
-      - docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro
-      - fastenhealth-cache:/backup/fastenhealth-cache:ro
-      - fastenhealth-db:/backup/fastenhealth-db:ro
-      - gitea-pg-db:/backup/gitea-pg-db:ro
-      - hortusfox_app_backup:/backup/hortusfox_app_backup:ro
-      - hortusfox_app_images:/backup/hortusfox_app_images:ro
-      - hortusfox_app_logs:/backup/hortusfox_app_logs:ro
-      - hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro
-      - hortusfox_app_themes:/backup/hortusfox_app_themes:ro
-      - hortusfox_db_data:/backup/hortusfox_db_data:ro
-      - immich-model-cache:/backup/immich-model-cache:ro
-      - influxdb2-data:/backup/influxdb2-data:ro
-      - influxdb2-config:/backup/influxdb2-config:ro
-      - invidious-postgres:/backup/invidious-postgres:ro
-      - invoice-ninja_cache:/backup/invoice-ninja_cache:ro
-      - invoice-ninja_public:/backup/invoice-ninja_public:ro
-      - invoice-ninja_storage:/backup/invoice-ninja_storage:ro
-      - jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro
-      - jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro
-      - joplin_data:/backup/joplin_data:ro
-      - librechat-pg-data:/backup/librechat-pg-data:ro
-      - libretranslate_models:/backup/libretranslate_models:ro
-      - lldap_data:/backup/lldap_data:ro
-      - mastodon-pg-db:/backup/mastodon-pg-db:ro
-      - mixpost-storage:/backup/mixpost-storage:ro
-      - mixpost-logs:/backup/mixpost-logs:ro
-      - mongodb_config:/backup/mongodb_config:ro
-      - mongodb_data:/backup/mongodb_data:ro
-      - n8n-data:/backup/n8n-data:ro
-      - netbird-mgmt:/backup/netbird-mgmt:ro
-      - netbird-signal:/backup/netbird-signal:ro
-      - netbird-letsencrypt:/backup/netbird-letsencrypt:ro
-      - nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro
-      - ollama:/backup/ollama:ro
-      - paperless-ngx-data:/backup/paperless-ngx-data:ro
-      - paperless-ngx-media:/backup/paperless-ngx-media:ro
-      - paperless-ngx-pg:/backup/paperless-ngx-pg:ro
-      - pgbackweb-data:/backup/pgbackweb-data:ro
-      - plausible-db-data:/backup/plausible-db-data:ro
-      - plausible-event-data:/backup/plausible-event-data:ro
-      - plausible-event-logs:/backup/plausible-event-logs:ro
-      - portainer-data:/backup/portainer-data:ro
-      - reactive-resume-pg:/backup/reactive-resume-pg:ro
-      - semaphore_config:/backup/semaphore_config:ro
-      - semaphore_data:/backup/semaphore_data:ro
-      - semaphore_tmp:/backup/semaphore_tmp:ro
-      - sonarqube-data:/backup/sonarqube-data:ro
-      - sonarqube-db:/backup/sonarqube-db:ro
-      - sonarqube-db-data:/backup/sonarqube-db-data:ro
-      - sonarqube-extensions:/backup/sonarqube-extensions:ro
-      - sonarqube-logs:/backup/sonarqube-logs:ro
-      - sonarqube-temp:/backup/sonarqube-temp:ro
-      - tandoor-pg:/backup/tandoor-pg:ro
-      - unmanic-cache:/backup/unmanic-cache:ro
-      - wallos-db:/backup/wallos-db:ro
-      - wallos-logos:/backup/wallos-logos:ro
   duplicati:
     container_name: duplicati
     environment:
@@ -2155,6 +2083,7 @@ services:
     image: invoiceninja/invoiceninja-debian:5
     restart: always
     volumes:
+      - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/invoice-ninja.env:/var/www/html/.env
       - invoice-ninja_cache:/var/www/html/bootstrap/cache
       - invoice-ninja_public:/var/www/html/public
       - invoice-ninja_storage:/var/www/html/storage
@@ -2200,7 +2129,7 @@ services:
       swag_url: biz.${MY_TLD}
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
-      homepage.group: Professional Services
+      homepage.group: Personal/Professional Services
       homepage.name: Invoice Ninja
       homepage.href: https://biz.${MY_TLD}
       homepage.icon: invoice-ninja.svg
@@ -2907,6 +2836,18 @@ services:
     ports:
       - 22300:22300
     restart: unless-stopped
+  languagetool:
+    container_name: languagetool
+    environment:
+      langtool_languageModel: /opt/languagetool/langModel
+      Java_Xms: 512m
+      Java_Xmx: 1g
+    expose:
+      - 8010
+    image: elestio/languagetool:latest
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/languagetool/:/opt/languagetool/langModel
   librechat-api:
     container_name: librechat-api
     depends_on:
@@ -2984,24 +2925,11 @@ services:
       test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
     environment:
       LT_UPDATE_MODELS: true
-    labels:
-      homepage.group: Personal/Professional Services
-      homepage.name: LibreTranslate
-      homepage.href: https://translate.${MY_TLD}
-      homepage.icon: sh-libretranslate.svg
-      homepage.description: Open-source language translation
-      swag: enable
-      swag_port: 5000
-      swag_url: translate.${MY_TLD}
-      swag_server_custom_directive: |
-        access_log /config/log/$$host_access.log ;
-        error_log /config/log/$$host_error.log ;
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
     ports:
       - 5000:5000
     restart: unless-stopped
+    tty: true
+    stdin_open: true
     volumes:
     #   - libretranslate_api_keys:/app/db
       - libretranslate_models:/home/libretranslate/.local:rw
@@ -3773,6 +3701,40 @@ services:
     ports:
       - 23693:80
     restart: unless-stopped
+  omnipoly:
+    container_name: omnipoly
+    depends_on:
+      languagetool:
+        condition: service_started
+        required: true
+      libretranslate:
+        condition: service_started
+        required: true
+    environment:
+      LANGUAGE_TOOL: http://languagetool:8010
+      LIBRETRANSLATE: http://libretranslate:5000
+      OLLAMA: http://ollama:11434
+      OLLAMA_MODEL: smollm2:1.7b
+      THEME: 'pole'
+      DISABLE_DICTIONARY: false
+    expose:
+      - 80
+    image: kweg/omnipoly:latest
+    labels:
+      homepage.group: Personal/Professional Services
+      homepage.name: OmniPoly
+      homepage.href: https://translate.${MY_TLD}
+      homepage.icon: sh-omnipoly.svg
+      homepage.description: Open-source language translation with LanguageTool, LibreTranslate, & Ollama
+      swag: enable
+      swag_url: translate.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    restart: unless-stopped
   paperless-ngx:
     container_name: paperless-ngx
     depends_on:
@@ -3920,17 +3882,25 @@ services:
     restart: unless-stopped
     volumes:
         - portainer-data:/data
-  portall:
+  portnote-web:
-    container_name: portall
+    container_name: portnote
-    image: need4swede/portall:latest
+    depends_on:
+      portnote-pg-db:
+        condition: service_started
+        required: true
+        restart: true
     environment:
-      SECRET_KEY: ${PORTALL_SECRET_KEY}
+      JWT_SECRET: ${PORTNOTE_JWT_SECRET} # Replace with a secure random string
+      USER_SECRET:  ${PORTNOTE_USER_SECRET} # Replace with a secure random string
+      LOGIN_USERNAME: portnote # Replace with a username
+      LOGIN_PASSWORD: ${PORTNOTE_LOGIN_PASSWORD} # Replace with a custom password
+      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
+    image: haedlessdev/portnote:latest
     labels:
       swag: enable
-      swag_auth: authelia
       swag_proto: http
-      swag_port: 8080
+      swag_port: 3000
-      swag_url: portall.${MY_TLD}
+      swag_url: ports.${MY_TLD}
       swag_server_custom_directive: |
         access_log /config/log/$$host_access.log ;
         error_log /config/log/$$host_error.log ;
@@ -3938,15 +3908,35 @@ services:
       swag.uptime-kuma.monitor.url: https://portall.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
       homepage.group: System Administration
-      homepage.name: Portall
+      homepage.name: PortNote
       homepage.href: https://portall.${MY_TLD}
-      homepage.icon: sh-portall.png
+      homepage.icon: /icons/portnote.png
       homepage.description: Management for container ports
     ports:
-      - 8000:8080
+      - 23186:3000
-    restart: unless-stopped
+    restart: always
+  portnote-agent:
+    container_name: portnote-agent
+    depends_on:
+      portnote-pg-db:
+        condition: service_started
+        required: true
+    image: haedlessdev/portnote-agent:latest
+    environment:
+      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
+    restart: always
+  portnote-pg-db:
+    container_name: portnote-pg-db
+    image: postgres:17-alpine
+    environment:
+      POSTGRES_USER: portnote
+      POSTGRES_PASSWORD: ${PORTNOTE_POSTGRES_PASSWORD}
+      POSTGRES_DB: portnote
+    expose:
+      - 5432
+    restart: always
     volumes:
-      - ${DOCKER_VOLUME_CONFIG}/portall:/app/instance
+      - portnote-db-data:/var/lib/postgresql/data
   postal-smtp:
     cap_add:
       - NET_BIND_SERVICE
@@ -5371,6 +5361,7 @@ services:
       swag.uptime-kuma.enabled: true
       swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
+    restart: unless-stopped
   youtubedl:
     container_name: youtubedl
     environment:
@@ -5611,14 +5602,10 @@ volumes:
     name: paperless-ngx-pg
   pgbackweb-data:
     name: pgbackweb-data
-  plausible-db-data:
-    name: plausible-db-data
-  plausible-event-data:
-    name: plausible-event-data
-  plausible-event-logs:
-    name: plausible-event-logs
   portainer-data:
     name: portainer-data
+  portnote-db-data:
+    name: portnote-db-data
   reactive-resume-pg:
     name: reactive-resume-pg
   semaphore_config: