Label tweaks for Port-Note.

Merged by Trez.One

.gitea/workflows/pr-ansible-config-deployment.yaml

@@ -0,0 +1,192 @@
+name: Gitea Branch PR & Ansible Deployment
+on:
+  push:
+    branches-ignore:
+      - 'main'
+    paths:
+      - '**.j2'
+      - 'ansible/**.yml'
+jobs:
+  check-and-create-pr:
+    if: github.ref != 'refs/heads/main'
+    name: Check and Create PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Cache tea CLI
+        id: cache-tea
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/tea/0.9.2/x64
+          key: tea-${{ runner.os }}-0.9.2
+      - name: Install tea
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
+          name: 'tea'
+          version: '0.9.2'
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'Checking for existing PR... 🔍'
+      - name: Check if open PR exists
+        id: check-opened-pr-step
+        continue-on-error: true
+        run: |
+          tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
+          echo "exists=$pr_exists" >> $GITHUB_OUTPUT
+      - name: Create PR
+        if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
+        run: |
+          tea login default gitea-rinoa
+          pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
+          pr_index_new=$(expr ${pr_index_old} + 1)
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'PR Created 🎟️'
+  ansible-linting:
+    name: Docker Compose & Ansible Lints
+    needs: [check-and-create-pr]
+    runs-on: ubuntu-latest
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      VAULT_NAMESPACE: ""
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${{ github.event.pull_request.base.ref }}
+      - name: Cache Ansible Galaxy Collections
+        uses: actions/cache@v3
+        with:
+          path: ansible/collections
+          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
+          restore-keys: |
+            ${{ runner.os }}-ansible-
+      - name: Install Ansible
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "11.0.0"
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Install hvac
+        run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
+          notification_message: 'Starting Ansible dry run...'
+      - name: Ansible Playbook Dry Run
+        uses: arillso/action.playbook@0.1.0
+        with:
+          check: true
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+          verbose: 0
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
+          notification_message: 'Docker Compose dry run completed successfully.'
+  pr-merge:
+    name: PR Merge
+    needs: [regenerate-readme-modified-services]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install tea
+        uses: supplypike/setup-bin@v4
+        with:
+          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
+          name: 'tea'
+          version: '0.9.2'
+      - name: PR Merge
+        id: pr_merge
+        run: |
+          tea login add --name gitea-rinoa --url ${{ secrets.RINOA_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          tea login default gitea-rinoa
+          echo "Merging PR..."
+          pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
+          tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index}
+          echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Merge Successful'
+          notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
+  ansible-config-docker-compose-deploy:
+    name: Ansible Configs & Docker Compose Deployment
+    runs-on: ubuntu-latest
+    needs: [pr-merge]
+    env:
+      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
+      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+      DOCKER_HOST: tcp://dockerproxy:2375
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Cache Vault install
+        id: cache-vault
+        uses: actions/cache@v4
+        with:
+          path: /opt/hostedtoolcache/vault/1.18.0/x64
+          key: vault-${{ runner.os }}-1.18.0
+      - name: Install Ansible
+        uses: alex-oleshkevich/setup-ansible@v1.0.1
+        with:
+          version: "11.0.0"
+      - name: Install Vault
+        uses: cpanato/vault-installer@main
+      - name: Install hvac
+        run: pip install hvac
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
+          notification_message: 'Starting config deployment with Ansible...'
+      - name: Ansible Playbook Dry Run
+        uses: arillso/action.playbook@0.1.0
+        with:
+          check: false
+          galaxy_collections_path: ansible/collections
+          galaxy_requirements_file: ansible/collections/requirements.yml
+          inventory: ansible/inventory/hosts.yml
+          playbook: ansible/docker_config_deploy.yml
+          private_key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
+          notification_message: 'Deployment completed successfully.'

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -1,8 +1,11 @@
-name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deployment
+name: Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment
 on:
   push:
     branches-ignore:
       - 'main'
+    paths:
+      - '**/docker-compose.yml'
+      - '!ansible/**.yml'
 jobs:
   check-and-create-pr:
     if: github.ref != 'refs/heads/main'
@@ -64,62 +67,72 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-      - name: Cache Ansible Galaxy Collections
-        uses: actions/cache@v3
-        with:
-          path: ansible/collections
-          key: ${{ runner.os }}-ansible-${{ hashFiles('./ansible/collections/requirements.yml') }}
-          restore-keys: |
-            ${{ runner.os }}-ansible-
-      - name: Install Ansible
-        uses: alex-oleshkevich/setup-ansible@v1.0.1
-        with:
-          version: "11.0.0"
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${{ github.event.pull_request.base.ref }}
+      - name: Save both versions of docker-compose.yml
+        run: |
+          git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml
+          cp docker-compose.yml docker-compose-head.yml
+      - name: Detect added, deleted, and modified services
+        id: detect_services
+        run: |
+          echo "Getting services from main and ${{ github.ref_name }}"
+          yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt
+          yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt
+
+          echo "Creating list of modified services..."
+          touch service_changes.txt
+
+          comm -13 services_main.txt services_head.txt | while read service; do
+            echo "$service: added" >> service_changes.txt
+          done
+
+          comm -12 services_main.txt services_head.txt | while read service; do
+            yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml
+            yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml
+            if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then
+              echo "$service: modified" >> service_changes.txt
+            fi
+          done
+
+          echo "Detected service changes:"
+          cat service_changes.txt
+
+          svc_list=$(paste -sd '|' service_changes.txt)
+          echo "classified_services=$svc_list" >> "$GITHUB_OUTPUT"
       - name: Install Vault
         uses: cpanato/vault-installer@main
-      - name: Install hvac
-        run: pip install hvac
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Starting Ansible dry run...'
-      - name: Ansible Playbook Dry Run
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
-          options: |
-            --inventory inventory/hosts.yml
-            --check
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Ansible dry run completed successfully; starting Docker Compose'
-      - name: Generate .env file for Docker Compose Dry Run
-        run: |
-          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
+          notification_title: 'GITEA: Docker Compose Dry Run @ Rinoa'
+          notification_message: 'Starting Docker Compose dry run...'
       - name: Cache .env Files
         uses: actions/cache@v4
         with:
           path: .env
           key: ${{ runner.os }}-env-${{ hashFiles('docker-compose.yml') }}
+      - name: Generate modified services list & .env file for Docker Compose Dry Run
+        id: modded_svcs
+        run: |
+          mod_svcs=$(echo "${{ steps.detect_services.outputs.classified_services }}" | sed -e 's/|//g' -e 's/: \(add\|modifi\|delet\)ed/ /g')
+          echo ${mod_svcs}
+          vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
+          echo "rinoa_svcs=${mod_svcs}" >> "$GITHUB_OUTPUT"
       - name: Docker Compose Dry Run
-        uses: yu-ichiro/spin-up-docker-compose-action@v1
+        timeout-minutes: 360
+        continue-on-error: true
+        uses: keatonLiu/docker-compose-remote-action@v1.2
         with:
-          file: docker-compose.yml
-          pull: true
-          pull-opts: --dry-run
-          up: true
-          up-opts: --dry-run -d --remove-orphans
+          docker_compose_file: docker-compose.yml
+          docker_args: -d --remove-orphans --pull missing --no-recreate ${{ steps.modded_svcs.rinoa_svcs.output }}
+          ssh_user: gitea-deploy
+          ssh_host: 192.168.1.254
+          ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}
+          ssh_private_key: ${{ secrets.RINOA_GITEA_PRIVATE_SSH_KEY }}
         env:
           DOCKER_HOST: tcp://dockerproxy:2375
       - name: Gotify Notification
@@ -202,28 +215,11 @@ jobs:
     name: Update README & Generate List of Modified Services
     runs-on: ubuntu-latest
     needs: [cloudflare-dns-setup]
-    # outputs:
-    #   pr-pushed: ${{ steps.commit-readme.outputs.pushed }}
-    #   modified_services: ${{ steps.compare-services.outputs.modified_services }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Install yq
         uses: dcarbone/install-yq-action@v1
-      # - name: Fetch main branch for comparison
-      #   run: |
-      #     git fetch origin main:main
-      # - name: Compare services using yq
-      #   continue-on-error: true
-      #   id: compare-services
-      #   run: |
-      #     current_services=$(yq '.services | to_entries' docker-compose.yml)
-      #     git show main:docker-compose.yml > main_compose.yml
-      #     main_services=$(yq '.services | to_entries' main_compose.yml)
-      #     modified_services_file=$(comm -13 <(echo "$main_services") <(echo "$current_services") > changes_compose.yml)
-      #     modified_services=${egrep '^  [a-z]' changes.yml | sed -e 's|^  ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'}
-      #     echo "Modified services: $modified_services"
-      #     echo "modified_services=$modified_services" >> $GITHUB_OUTPUT
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -314,35 +310,9 @@ jobs:
       - name: Login to Gitea Container Registry
         uses: docker/login-action@v3
         with:
-          registry: http://192.168.1.254:3013
+          registry: git.trez.wtf
           username: gitea-sonarqube-bot
           password: ${{ secrets.BOT_GITEA_TOKEN }}
-      - name: Install hvac
-        run: pip install hvac
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Starting config deployment with Ansible.'
-      - name: Deploy Docker Configs via Ansible
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          directory: ansible/
-          playbook: docker_config_deploy.yml
-          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_KEY}}
-          options: |
-            --inventory inventory/hosts.yml
-          requirements: collections/requirements.yml
-          vault_password: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Deployment completed successfully.'
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -354,7 +324,6 @@ jobs:
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
-        # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
         timeout-minutes: 360
         continue-on-error: true
         uses: keatonLiu/docker-compose-remote-action@v1.2

.gitea/workflows/vault-auto-unseal-flow.yml

@@ -23,6 +23,6 @@ jobs:
         uses: cpanato/vault-installer@main
       - name: Unseal Vault
         run: |
-          for vault_shard in $(cat ${VAULT_SHARDS}); do
+          for vault_shard in $(echo ${VAULT_SHARDS}); do
             vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
           done

README.md

@@ -19,7 +19,6 @@
 | bitwarden | vaultwarden/server:latest |
 | bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 |
 | browserless | ghcr.io/browserless/chromium:latest |
-| bytebase | bytebase/bytebase:3.5.0 |
 | bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
@@ -33,10 +32,10 @@
 | dawarich-app | freikin/dawarich:latest |
 | dawarich-pg-db | postgis/postgis:17-3.5-alpine |
 | dawarich-sidekiq | freikin/dawarich:latest |
-| delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
+| dead-man-hand | ghcr.io/bkupidura/dead-man-hand:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
-| docker-volume-backup | offen/docker-volume-backup:v2 |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
+| excalidraw | excalidraw/excalidraw:latest |
 | explo | ghcr.io/lumepart/explo:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
@@ -61,6 +60,8 @@
 | invidious | quay.io/invidious/invidious:latest |
 | invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
 | invidious-db | docker.io/library/postgres:14 |
+| invoice-ninja | invoiceninja/invoiceninja-debian:5 |
+| invoice-ninja_proxy | nginx |
 | it-tools | ghcr.io/corentinth/it-tools:latest |
 | jellyfin | jellyfin/jellyfin |
 | jitsi-etherpad | etherpad/etherpad:1.8.6 |
@@ -72,6 +73,7 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
+| languagetool | elestio/languagetool:latest |
 | librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
 | librechat-vectordb | ankane/pgvector:latest |
 | librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
@@ -98,16 +100,20 @@
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
 | omni-tools | iib0011/omni-tools:latest |
+| omnipoly | kweg/omnipoly:latest |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
 | portainer | portainer/portainer-ce:alpine |
-| portall | need4swede/portall:latest |
+| portnote-web | haedlessdev/portnote:latest |
+| portnote-agent | haedlessdev/portnote-agent:latest |
+| portnote-pg-db | postgres:17-alpine |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
 | postal-worker | ghcr.io/postalserver/postal:latest |
 | prowlarr | lscr.io/linuxserver/prowlarr:latest |
+| qbittorrentvpn | ghcr.io/binhex/arch-qbittorrentvpn:latest |
 | radarec | thewicklowwolf/radarec:latest |
 | radarr | lscr.io/linuxserver/radarr:latest |
 | reactive-resume | amruthpillai/reactive-resume:latest |
@@ -140,5 +146,16 @@
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |
+| whodb | clidey/whodb |
 | youtubedl | nbr23/youtube-dl-server:latest |
+| zammad-backup | ghcr.io/zammad/zammad:6.5.0-15 |
+| zammad-elasticsearch | bitnami/elasticsearch:8.17.4 |
+| zammad-init | ghcr.io/zammad/zammad:6.5.0-15 |
+| zammad-memcached | memcached:1.6.38-alpine |
+| zammad-nginx | ghcr.io/zammad/zammad:6.5.0-15 |
+| zammad-postgresql | postgres:17.4-alpine |
+| zammad-railsserver | ghcr.io/zammad/zammad:6.5.0-15 |
+| zammad-redis | redis:7.4.2-alpine |
+| zammad-scheduler | ghcr.io/zammad/zammad:6.5.0-15 |
+| zammad-websocket | ghcr.io/zammad/zammad:6.5.0-15 |
 

ansible/app-configs/gitea_act-runner_config.yaml.j2

@@ -0,0 +1,101 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 3
+  # Extra environment variables to run jobs.
+#   envs:
+#     A_TEST_ENV_NAME_1: a_test_env_value_1
+#     A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+#   env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: "192.168.1.254"
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 63604
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: "compose_default"
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

ansible/app-configs/invidious_config.yml.j2

@@ -1,3 +1,6 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
 #########################################
 #
 #  Database and other external servers

ansible/app-configs/invoice-ninja_invoice-ninja.env.j2

@@ -2,8 +2,8 @@
 {% set secrets_path = 'rinoa-docker/env' %}
 
 # IN application vars
-IN_APP_URL=http://in.localhost:8003
-IN_APP_KEY=<insert your generated key in here>
+IN_APP_URL=https://biz.trez.wtf
+IN_APP_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_APP_KEY'] }}
 IN_APP_DEBUG=true
 IN_REQUIRE_HTTPS=false
 IN_PHANTOMJS_PDF_GENERATION=false
@@ -14,11 +14,11 @@ IN_TRUSTED_PROXIES='*'
 IN_QUEUE_CONNECTION=database
 
 # DB connection
-IN_DB_HOST=db
+IN_DB_HOST=mariadb
 IN_DB_PORT=3306
-IN_DB_DATABASE=ninja
-IN_DB_USERNAME=ninja
-IN_DB_PASSWORD=ninja
+IN_DB_DATABASE=invoice_ninja
+IN_DB_USERNAME=ininja
+IN_DB_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['IN_MYSQL_PASSWORD'] }}
 
 # Create initial user
 # Default to these values if empty
@@ -29,13 +29,13 @@ IN_PASSWORD=
 
 # Mail options
 IN_MAIL_MAILER=log
-IN_MAIL_HOST=smtp.mailtrap.io
-IN_MAIL_PORT=2525
-IN_MAIL_USERNAME=null
-IN_MAIL_PASSWORD=null
+IN_MAIL_HOST=postal-smtp
+IN_MAIL_PORT=25
+IN_MAIL_USERNAME={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
+IN_MAIL_PASSWORD={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
 IN_MAIL_ENCRYPTION=null
-IN_MAIL_FROM_ADDRESS='user@example.com'
-IN_MAIL_FROM_NAME='Self Hosted User'
+IN_MAIL_FROM_ADDRESS='noreply@trez.wtf'
+IN_MAIL_FROM_NAME='Treasured IT'
 
 # MySQL
 IN_MYSQL_ROOT_PASSWORD=ninjaAdm1nPassword

ansible/group_vars/all.yml

@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
   $ANSIBLE_VAULT;1.1;AES256
-  64633862363730303434663261343764323731376539646264333339303234333733306234616462
-  6634333934373065633632376165636432346330396538330a626633666365353362656139643362
-  38636133326633316339346237326438626538613433656364333132333630366135663836396131
-  6132316130623936660a353432653864366539616433356537386633633437626133313262353363
-  65356538666366393934316231313037393061373763313164643331396331326533613132303531
-  39623836313031343034353163353339653330623139663266303836643632323237353335303361
-  66353833643564653666323835613863313232626538626163333231306461393535376338646633
-  64303965653730313565613735386230616137393034613437353261333737313236386530383163
-  65393238623237616135356361353836343532396137323734346136313466663036
+  39306238386563313462666238333237346239326636633731326263653639646235363937386333
+  6138653434613437643134653463363230303038373765380a636162663734393632396638313261
+  39613730633935373063663030616131653731376461333762633131633066366165343536323031
+  3539373461383138310a383734313237313231363539383632323130336536656662313861336261
+  65393033633461363837366462656134386430353236343136616161663364376261623834366466
+  30303765393039376666303937663839663630623063666135313636353432396161333434653435
+  32623634313531343466613966663139333234616137646636636134373264333263343533393331
+  32313530373164653730656662383837626139643364376134376634613237323063343731663734
+  36306335303936633334353564306239663563366435316464343039373965383032
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"

ansible/inventory/host_vars.yml

@@ -1,13 +1,13 @@
 rinoa:
-        ansible_host: 192.168.1.254
-        ansible_python_interpreter: /usr/bin/python3
-        ansible_ssh_port: 22
-        ansible_ssh_user: charish
-        ansible_ssh_pass: !vault |
-                $ANSIBLE_VAULT;1.1;AES256
-                38346631616139316365316566386362396661323163306339303635646331373061323531626431
-                3435373031363739356261656239633835393963636663370a613166653463656337666366633639
-                37373637326633363430633336646165343764303063663636313835326130663532323037663331
-                6332353339656134370a353435396532663932313535646636333262353238386331313764633635
-                63383065623930653134666261353439366535646661383434386261393232373432353937636535
-                3432336137393737643735346665303832653630316439333565
+  ansible_host: 192.168.1.254
+  ansible_python_interpreter: /usr/bin/python3
+  ansible_ssh_port: 22
+  ansible_ssh_user: charish
+  ansible_ssh_pass: !vault |
+    $ANSIBLE_VAULT;1.1;AES256
+    32303262303733356636343163363062383539623938383439373166623236366664333830653163
+    3134323461373461663638333265643631666437306362350a353632313337316535633838343137
+    37353139396531613763393139653231333666363935613462343831303866363863653161636138
+    3438316261363139650a313161643039366438356462383730663839366562333464636130346132
+    31363235326362396630313966303064373532306638383739373739336661346438336534366537
+    6565643866333964353563346433323861346262323933333732

ansible/ssh_pass.yml

@@ -1,7 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-65353131326537376561616630666531353731653835306564323565383332653437633533313932
-6239663065306339366536326432323534303364663862350a353034623936363066303164333434
-32666331326332363463383234316136323031626330366132643034376439616339396662636236
-3633393039376438630a326138653031656465373966356564336463643465613638313838393166
-36626366356266636535613862333631386231626134376264363731353264613261633037646662
-6431393837653564366531316332616232336365636533643036
+32303262303733356636343163363062383539623938383439373166623236366664333830653163
+3134323461373461663638333265643631666437306362350a353632313337316535633838343137
+37353139396531613763393139653231333666363935613462343831303866363863653161636138
+3438316261363139650a313161643039366438356462383730663839366562333464636130346132
+31363235326362396630313966303064373532306638383739373739336661346438336534366537
+6565643866333964353563346433323861346262323933333732

docker-compose.yml

@@ -616,30 +616,6 @@ services:
     networks:
       default: null
     restart: unless-stopped
-  bytebase:
-    container_name: bytebase
-    image: bytebase/bytebase:3.5.0
-    labels:
-      homepage.group: System Administration
-      homepage.name: Bytebase
-      homepage.href: https://dbs.${MY_TLD}
-      homepage.icon: /icons/bytebase.png
-      homepage.description: Database-as-Code CI/CD
-      swag: enable
-      swag_port: 8080
-      swag_proto: http
-      swag_url: dbs.${MY_TLD}
-      swag_server_custom_directive: |
-        access_log /config/log/$$host_access.log ;
-        error_log /config/log/$$host_error.log ;
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
-    ports:
-      - 49054:8080
-    restart: unless-stopped
-    volumes:
-      - ${DOCKER_VOLUME_CONFIG}/bytebase:/var/opt/bytebase
   bytestash:
     container_name: bytestash
     environment:
@@ -830,7 +806,7 @@ services:
       DOCKER_HOST: tcp://dockerproxy:2375
       GID: 1000
       BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY}
-      COLLECTIONS: crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/linux crowdsecurity/iptables
+      COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server
     image: crowdsecurity/crowdsec:latest
     networks:
       default: null
@@ -1110,76 +1086,31 @@ services:
       - dawarich_public:/var/app/public
       - dawarich_watched:/var/app/tmp/imports/watched
       - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
-  delugevpn:
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    container_name: delugevpn
+  dead-man-hand:
+    container_name: dead-man-hand
+    image: ghcr.io/bkupidura/dead-man-hand:latest
     environment:
-      ENABLE_PRIVOXY: "no"
-      LAN_NETWORK: 192.168.1.0/24
-      NAME_SERVERS: 192.168.1.254,1.1.1.1
-      PGID: "1000"
-      PUID: "1000"
-      TZ: America/New_York
-      VPN_CLIENT: openvpn
-      VPN_ENABLED: "yes"
-      VPN_INPUT_PORTS: ""
-      VPN_OPTIONS: ""
-      VPN_OUTPUT_PORTS: ""
-      VPN_PASS: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
-      VPN_PROV: pia
-      VPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
-    hostname: Rinoa
-    image: ghcr.io/binhex/arch-delugevpn:latest
+      DMH_CONFIG_FILE: /data/config.yaml
     labels:
-      homepage.group: Downloaders
-      homepage.name: DelugeVPN
-      homepage.href: https://deluge.${MY_TLD}
-      homepage.icon: deluge.png
-      homepage.description: Torrent over VPN
-      homepage.widget.type: deluge
-      homepage.widget.url: http://delugevpn:8112
-      homepage.widget.password: ${DELUGEVPN_PASSWORD}
+      # homepage.group: Personal/Professional Services
+      # homepage.name: Dawarich
+      # homepage.href: https://loc.${MY_TLD}
+      # homepage.icon: dawarich.svg
+      # homepage.description: Self-hosted alternative to Google Location History
       swag: enable
-      swag_port: 8112
+      swag_port: 8080
       swag_proto: http
-      swag_url: deluge.${MY_TLD}
+      swag_url: dms.${MY_TLD}
       swag_server_custom_directive: |
         access_log /config/log/$$host_access.log ;
         error_log /config/log/$$host_error.log ;
       swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://deluge.${MY_TLD}
+      swag.uptime-kuma.monitor.url: https://dms.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
-    networks:
-      default: null
     ports:
-      - 58846:58846
-      - 58946:58946
-      - 6881:6881
-      - 8112:8112
-      - 8118:8118
-    privileged: true
-    restart: unless-stopped
-    sysctls:
-      net.ipv4.conf.all.src_valid_mark: "1"
+      - 25807:8080
     volumes:
-      - bind:
-          create_host_path: true
-        read_only: true
-        source: /etc/localtime
-        target: /etc/localtime
-        type: bind
-      - bind:
-          create_host_path: true
-        source: ${DOCKER_VOLUME_CONFIG}/delugevpn
-        target: /config
-        type: bind
-      - bind:
-          create_host_path: true
-        source: /rinoa-storage
-        target: /storage
-        type: bind
+      - ${DOCKER_VOLUME_CONFIG}/dead-man-hand:/data
   docker-socket-proxy:
     container_name: dockerproxy
     environment:
@@ -1217,87 +1148,6 @@ services:
         source: /var/run/docker.sock
         target: /var/run/docker.sock
         type: bind
-  docker-volume-backup:
-    container_name: docker-volume-backup
-    image: offen/docker-volume-backup:v2
-    environment:
-      BACKUP_ARCHIVE: /archive
-      BACKUP_CRON_EXPRESSION: '@weekly'
-      BACKUP_COMPRESSION: zst
-      BACKUP_FILENAME: rinoa-docker-backup-%Y-%m-%dT%H-%M-%S.{{ .Extension }}
-      BACKUP_FILENAME_EXPAND: true
-      BACKUP_RETENTION_DAYS: 14
-      DOCKER_HOST: tcp://dockerproxy:2375
-      NOTIFICATION_URLS: gotify://gotify/${DV_BKUP_GOTIFY_TOKEN}
-    restart: always
-    volumes:
-      - ${DOCKER_VOLUME_STORAGE}/backups/docker_volume_bkups:/archive
-      - authelia-pg-db:/backup/authelia-pg-db:ro
-      - bitmagnet-pg-db:/backup/bitmagnet-pg-db:ro
-      - bunkerweb-storage:/backup/bunkerweb-storage:ro
-      - castopod-media:/backup/castopod-media:ro
-      - crowdsec-config:/backup/crowdsec-config:ro
-      - crowdsec-db:/backup/crowdsec-db:ro
-      - dawarich_db_data:/backup/dawarich_db_data:ro
-      - dawarich_shared:/backup/dawarich_shared:ro
-      - dawarich_public:/backup/dawarich_public:ro
-      - dawarich_watched:/backup/dawarich_watched:ro
-      - docker-volume-bkup-data:/backup/docker-volume-bkup-data:ro
-      - fastenhealth-cache:/backup/fastenhealth-cache:ro
-      - fastenhealth-db:/backup/fastenhealth-db:ro
-      - gitea-pg-db:/backup/gitea-pg-db:ro
-      - hortusfox_app_backup:/backup/hortusfox_app_backup:ro
-      - hortusfox_app_images:/backup/hortusfox_app_images:ro
-      - hortusfox_app_logs:/backup/hortusfox_app_logs:ro
-      - hortusfox_app_migrate:/backup/hortusfox_app_migrate:ro
-      - hortusfox_app_themes:/backup/hortusfox_app_themes:ro
-      - hortusfox_db_data:/backup/hortusfox_db_data:ro
-      - immich-model-cache:/backup/immich-model-cache:ro
-      - influxdb2-data:/backup/influxdb2-data:ro
-      - influxdb2-config:/backup/influxdb2-config:ro
-      - invidious-postgres:/backup/invidious-postgres:ro
-      - invoice-ninja_cache:/backup/invoice-ninja_cache:ro
-      - invoice-ninja_public:/backup/invoice-ninja_public:ro
-      - invoice-ninja_storage:/backup/invoice-ninja_storage:ro
-      - jitsi-web-admin-theme:/backup/jitsi-web-admin-theme:ro
-      - jitsi-web-admin-upload:/backup/jitsi-web-admin-upload:ro
-      - joplin_data:/backup/joplin_data:ro
-      - librechat-pg-data:/backup/librechat-pg-data:ro
-      - libretranslate_models:/backup/libretranslate_models:ro
-      - lldap_data:/backup/lldap_data:ro
-      - mastodon-pg-db:/backup/mastodon-pg-db:ro
-      - mixpost-storage:/backup/mixpost-storage:ro
-      - mixpost-logs:/backup/mixpost-logs:ro
-      - mongodb_config:/backup/mongodb_config:ro
-      - mongodb_data:/backup/mongodb_data:ro
-      - n8n-data:/backup/n8n-data:ro
-      - netbird-mgmt:/backup/netbird-mgmt:ro
-      - netbird-signal:/backup/netbird-signal:ro
-      - netbird-letsencrypt:/backup/netbird-letsencrypt:ro
-      - nextcloud_aio_mastercontainer:/backup/nextcloud_aio_mastercontainer:ro
-      - ollama:/backup/ollama:ro
-      - paperless-ngx-data:/backup/paperless-ngx-data:ro
-      - paperless-ngx-media:/backup/paperless-ngx-media:ro
-      - paperless-ngx-pg:/backup/paperless-ngx-pg:ro
-      - pgbackweb-data:/backup/pgbackweb-data:ro
-      - plausible-db-data:/backup/plausible-db-data:ro
-      - plausible-event-data:/backup/plausible-event-data:ro
-      - plausible-event-logs:/backup/plausible-event-logs:ro
-      - portainer-data:/backup/portainer-data:ro
-      - reactive-resume-pg:/backup/reactive-resume-pg:ro
-      - semaphore_config:/backup/semaphore_config:ro
-      - semaphore_data:/backup/semaphore_data:ro
-      - semaphore_tmp:/backup/semaphore_tmp:ro
-      - sonarqube-data:/backup/sonarqube-data:ro
-      - sonarqube-db:/backup/sonarqube-db:ro
-      - sonarqube-db-data:/backup/sonarqube-db-data:ro
-      - sonarqube-extensions:/backup/sonarqube-extensions:ro
-      - sonarqube-logs:/backup/sonarqube-logs:ro
-      - sonarqube-temp:/backup/sonarqube-temp:ro
-      - tandoor-pg:/backup/tandoor-pg:ro
-      - unmanic-cache:/backup/unmanic-cache:ro
-      - wallos-db:/backup/wallos-db:ro
-      - wallos-logos:/backup/wallos-logos:ro
   duplicati:
     container_name: duplicati
     environment:
@@ -1351,10 +1201,31 @@ services:
         source: /home/charish/.config/appdata
         target: /source
         type: bind
+  excalidraw:
+    container_name: excalidraw
+    image: 'excalidraw/excalidraw:latest'
+    labels:
+      homepage.group: Personal/Professional Services
+      homepage.name: Excalidraw
+      homepage.href: https://draw.${MY_TLD}
+      homepage.icon: excalidraw.svg
+      homepage.description: Virtual whiteboard for sketching hand-drawn like diagrams
+      swag: enable
+      swag_proto: http
+      swag_url: draw.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://draw.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 53721:80
+    restart: unless-stopped
   explo:
     container_name: explo
     environment:
-      CRON_SCHEDULE: 15 00 * * 2 # Runs weekly, every Tuesday 15 minutes past midnight (UTC time)
+      CRON_SCHEDULE: 0 8 * * 2 # Runs weekly, every Tuesday 15 minutes past midnight (UTC time)
       # Music system you use (emby, jellyfin, mpd, plex or subsonic)
       EXPLO_SYSTEM: subsonic
       SYSTEM_URL: http://navidrome:4533
@@ -1375,9 +1246,9 @@ services:
       # 'playlist' to get tracks from Weekly Exploration playlist, anything else gets it from API (not the best recommendations). 'test' will download 1 song
       LISTENBRAINZ_DISCOVERY: playlist
       # Time to sleep (in minutes) between scanning and querying tracks from your system (If using Subsonic, Jellyfin)
-      # SLEEP=2
+      SLEEP: 5
       # Whether to provide additional info for debugging
-      # DEBUG=false
+      DEBUG: true
       SINGLE_ARTIST: true
     image: ghcr.io/lumepart/explo:latest
     restart: unless-stopped
@@ -2001,12 +1872,6 @@ services:
       IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY}
       IMMICH_URL: http://immich-server:2283
     image: ghcr.io/varun-raj/immich-power-tools:latest
-    labels:
-      homepage.group: Lifestyle
-      homepage.name: Immich Power Tools
-      homepage.href: https://pics.${MY_TLD}/tools
-      homepage.icon: sh-immich-power-tools.png
-      homepage.description: Tools for Immich
     ports:
       - 54018:3000
     restart: unless-stopped
@@ -2123,6 +1988,105 @@ services:
         type: bind
         bind:
           create_host_path: true
+  invoice-ninja:
+    container_name: invoice-ninja
+    depends_on:
+      mariadb:
+        condition: service_started
+        required: true
+        restart: true
+    environment:
+      APP_DEBUG: true
+      APP_KEY: ${IN_APP_KEY}
+      APP_URL: http://invoice_ninja:8003
+      APP_ENV: /var/www/html/.env
+      DB_DATABASE: invoice_ninja
+      DB_HOST: mariadb
+      DB_PASSWORD: ${IN_MYSQL_PASSWORD}
+      DB_PORT: 3306
+      DB_USERNAME: ininja
+      IN_PASSWORD: ${IN_PASSWORD}
+      IN_USER_EMAIL: charish.patel@${MY_TLD}
+      MAIL_ENCRYPTION: null
+      MAIL_FROM_ADDRESS: noreply@${MY_TLD}
+      MAIL_FROM_NAME: null
+      MAIL_HOST: postal-smtp
+      MAIL_MAILER: log
+      MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      MAIL_PORT: 25
+      MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
+      MYSQL_DATABASE: invoice_ninja
+      MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
+      MYSQL_USER: ininja
+      PDF_GENERATOR: snappdf
+      PHANTOMJS_PDF_GENERATION: false
+      QUEUE_CONNECTION: database
+      REQUIRE_HTTPS: false
+      TRUSTED_PROXIES: 172.18.0.0/16
+    expose:
+      - 9000
+    image: invoiceninja/invoiceninja-debian:5
+    restart: always
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/invoice-ninja.env:/var/www/html/.env
+      - invoice-ninja_cache:/var/www/html/bootstrap/cache
+      - invoice-ninja_public:/var/www/html/public
+      - invoice-ninja_storage:/var/www/html/storage
+  invoice-ninja_proxy:
+    container_name: invoice-ninja_proxy
+    depends_on:
+      invoice-ninja:
+        condition: service_started
+        required: true
+        restart: true
+    environment:
+      APP_DEBUG: true
+      APP_KEY: ${IN_APP_KEY}
+      APP_URL: http://invoice_ninja:9000
+      DB_DATABASE: invoice_ninja
+      DB_HOST: mariadb
+      DB_PASSWORD: ${IN_MYSQL_PASSWORD}
+      DB_PORT: 3306
+      DB_USERNAME: ininja
+      IN_PASSWORD: ${IN_PASSWORD}
+      IN_USER_EMAIL: charish.patel@trez.wtf
+      MAIL_ENCRYPTION: null
+      MAIL_FROM_ADDRESS: noreply@trez.wtf
+      MAIL_FROM_NAME: null
+      MAIL_HOST: postal-smtp
+      MAIL_MAILER: log
+      MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
+      MAIL_PORT: 25
+      MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
+      MYSQL_DATABASE: invoice_ninja
+      MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
+      MYSQL_USER: ininja
+      PDF_GENERATOR: snappdf
+      PHANTOMJS_PDF_GENERATION: false
+      QUEUE_CONNECTION: database
+      REQUIRE_HTTPS: false
+      TRUSTED_PROXIES: 172.18.0.0/16
+    image: nginx
+    labels:
+      swag: enable
+      swag_proto: http
+      swag_url: biz.${MY_TLD}
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
+      homepage.group: Personal/Professional Services
+      homepage.name: Invoice Ninja
+      homepage.href: https://biz.${MY_TLD}
+      homepage.icon: invoice-ninja.svg
+      homepage.description: Simple invoicing, multiple payment options, expense and vendor management, and more!
+    ports:
+      - 8005:80
+    restart: always
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/nginx:/etc/nginx/conf.d:ro
+      - invoice-ninja_public:/var/www/html/public
+      - invoice-ninja_storage:/var/www/html/storage
   it-tools:
     container_name: it-tools
     image: ghcr.io/corentinth/it-tools:latest
@@ -2818,6 +2782,18 @@ services:
     ports:
       - 22300:22300
     restart: unless-stopped
+  languagetool:
+    container_name: languagetool
+    environment:
+      langtool_languageModel: /opt/languagetool/langModel
+      Java_Xms: 512m
+      Java_Xmx: 1g
+    expose:
+      - 8010
+    image: elestio/languagetool:latest
+    restart: unless-stopped
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/languagetool/:/opt/languagetool/langModel
   librechat-api:
     container_name: librechat-api
     depends_on:
@@ -2895,24 +2871,11 @@ services:
       test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
     environment:
       LT_UPDATE_MODELS: true
-    labels:
-      homepage.group: Personal/Professional Services
-      homepage.name: LibreTranslate
-      homepage.href: https://translate.${MY_TLD}
-      homepage.icon: sh-libretranslate.svg
-      homepage.description: Open-source language translation
-      swag: enable
-      swag_port: 5000
-      swag_url: translate.${MY_TLD}
-      swag_server_custom_directive: |
-        access_log /config/log/$$host_access.log ;
-        error_log /config/log/$$host_error.log ;
-      swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
-      swag.uptime-kuma.monitor.interval: 300
     ports:
       - 5000:5000
     restart: unless-stopped
+    tty: true
+    stdin_open: true
     volumes:
     #   - libretranslate_api_keys:/app/db
       - libretranslate_models:/home/libretranslate/.local:rw
@@ -3684,6 +3647,40 @@ services:
     ports:
       - 23693:80
     restart: unless-stopped
+  omnipoly:
+    container_name: omnipoly
+    depends_on:
+      languagetool:
+        condition: service_started
+        required: true
+      libretranslate:
+        condition: service_started
+        required: true
+    environment:
+      LANGUAGE_TOOL: http://languagetool:8010
+      LIBRETRANSLATE: http://libretranslate:5000
+      OLLAMA: http://ollama:11434
+      OLLAMA_MODEL: smollm2:1.7b
+      THEME: 'pole'
+      DISABLE_DICTIONARY: false
+    expose:
+      - 80
+    image: kweg/omnipoly:latest
+    labels:
+      homepage.group: Personal/Professional Services
+      homepage.name: OmniPoly
+      homepage.href: https://translate.${MY_TLD}
+      homepage.icon: sh-omnipoly.svg
+      homepage.description: Open-source language translation with LanguageTool, LibreTranslate, & Ollama
+      swag: enable
+      swag_url: translate.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    restart: unless-stopped
   paperless-ngx:
     container_name: paperless-ngx
     depends_on:
@@ -3831,33 +3828,61 @@ services:
     restart: unless-stopped
     volumes:
         - portainer-data:/data
-  portall:
-    container_name: portall
-    image: need4swede/portall:latest
+  portnote-web:
+    container_name: portnote
+    depends_on:
+      portnote-pg-db:
+        condition: service_started
+        required: true
+        restart: true
     environment:
-      SECRET_KEY: ${PORTALL_SECRET_KEY}
+      JWT_SECRET: ${PORTNOTE_JWT_SECRET} # Replace with a secure random string
+      USER_SECRET:  ${PORTNOTE_USER_SECRET} # Replace with a secure random string
+      LOGIN_USERNAME: portnote # Replace with a username
+      LOGIN_PASSWORD: ${PORTNOTE_LOGIN_PASSWORD} # Replace with a custom password
+      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
+    image: haedlessdev/portnote:latest
     labels:
       swag: enable
-      swag_auth: authelia
       swag_proto: http
-      swag_port: 8080
-      swag_url: portall.${MY_TLD}
+      swag_port: 3000
+      swag_url: ports.${MY_TLD}
       swag_server_custom_directive: |
         access_log /config/log/$$host_access.log ;
         error_log /config/log/$$host_error.log ;
       swag.uptime-kuma.enabled: true
-      swag.uptime-kuma.monitor.url: https://portall.${MY_TLD}
+      swag.uptime-kuma.monitor.url: https://ports.${MY_TLD}
       swag.uptime-kuma.monitor.interval: 300
       homepage.group: System Administration
-      homepage.name: Portall
-      homepage.href: https://portall.${MY_TLD}
-      homepage.icon: sh-portall.png
+      homepage.name: PortNote
+      homepage.href: https://ports.${MY_TLD}
+      homepage.icon: port-note.png
       homepage.description: Management for container ports
     ports:
-      - 8000:8080
-    restart: unless-stopped
+      - 23186:3000
+    restart: always
+  portnote-agent:
+    container_name: portnote-agent
+    depends_on:
+      portnote-pg-db:
+        condition: service_started
+        required: true
+    image: haedlessdev/portnote-agent:latest
+    environment:
+      DATABASE_URL: "postgresql://portnote:${PORTNOTE_POSTGRES_PASSWORD}@portnote-pg-db:5432/portnote"
+    restart: always
+  portnote-pg-db:
+    container_name: portnote-pg-db
+    image: postgres:17-alpine
+    environment:
+      POSTGRES_USER: portnote
+      POSTGRES_PASSWORD: ${PORTNOTE_POSTGRES_PASSWORD}
+      POSTGRES_DB: portnote
+    expose:
+      - 5432
+    restart: always
     volumes:
-      - ${DOCKER_VOLUME_CONFIG}/portall:/app/instance
+      - portnote-db-data:/var/lib/postgresql/data
   postal-smtp:
     cap_add:
       - NET_BIND_SERVICE
@@ -3969,6 +3994,64 @@ services:
         source: /rinoa-storage
         target: /storage
         type: bind
+  qbittorrentvpn:
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    container_name: qbittorrentvpn
+    environment:
+      ENABLE_PRIVOXY: yes
+      ENABLE_SOCKS: yes
+      LAN_NETWORK: 192.168.1.0/24
+      NAME_SERVERS: 192.168.1.254,1.1.1.1
+      PGID: ${PGID}
+      PUID: ${PUID}
+      SOCKS_USER: admin
+      SOCKS_PASS: socks
+      TZ: ${TZ}
+      VPN_CLIENT: openvpn
+      VPN_ENABLED: "yes"
+      VPN_INPUT_PORTS: ""
+      VPN_OPTIONS: ""
+      VPN_OUTPUT_PORTS: ""
+      VPN_PASS: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
+      VPN_PROV: pia
+      VPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
+      WEBUI_PORT: 8080
+    image: ghcr.io/binhex/arch-qbittorrentvpn:latest
+    labels:
+      homepage.group: Downloaders
+      homepage.name: qBittorrent
+      homepage.href: https://qbit.${MY_TLD}
+      homepage.icon: qBittorrent.svg
+      homepage.description: qbittorrentvpn over VPN
+      homepage.widget.type: qbittorrent
+      homepage.widget.url: http://qbittorrentvpn:8080
+      homepage.widget.user: admin
+      homepage.widget.password: ${DELUGEVPN_PASSWORD}
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_url: qbit.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://qbit.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    ports:
+      - 58846:58846
+      - 58946:58946/udp
+      - 8118:8118
+      - 9118:9118
+      - 38927:8080
+    restart: unless-stopped
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${DOCKER_VOLUME_CONFIG}/.openvpn:/config/openvpn
+      - ${DOCKER_VOLUME_CONFIG}/qbittorent/config:/config
+      - ${DOCKER_VOLUME_CONFIG}/qbittorrent/data:/data
+      - ${DOCKER_VOLUME_STORAGE}/downloads:/storage
   radarec:
     container_name: radarec
     environment:
@@ -5253,6 +5336,36 @@ services:
     ports:
       - 3010:3000
     restart: unless-stopped
+  whodb:
+    container_name: whodb
+    image: clidey/whodb
+    environment:
+      WHODB_POSTGRES_1: '[{"host":"authelia-pg","user":"authelia","password":"${AUTHELIA_STORAGE_POSTGRES_PASSWORD}","database":"authelia"},{"host":"bitmagnet-pg-db","user":"bitmagnet","password":"${BITMAGNET_POSTGRESQL_PASSWORD}","database":"bitmagnet"},{"host":"dawarich-pg-db","user":"dawarich","password":"${DAWARICH_PG_PASSWORD}","database":"dawarich"},{"host":"gitea-db","user":"gitea","password":"${GITEA_PG_DB_PASSWORD}","database":"gitea"},{"host":"immich-pg-db","user":"immich","password":"${IMMICH_DB_PASSWORD}","database":"immich"},{"host":"invidious-db","user":"kemal","password":"${INVID_PG_DB_PASSWORD}","database":"invidious"},{"host":"librechat-vectordb","user":"librechat","password":"${LIBRECHAT_PG_DB_PASSWD}","database":"librechat"},{"host":"mastodon-pg-db","user":"mastodon","password":"${MASTODON_PG_DB_PASSWORD}","database":"mastodon"},{"host":"reactive-resume-pg","user":"reactiveresume","password":"${REACTIVE_RESUME_PGSQL_PASSWORD}","database":"reactiveresume"},{"host":"sonarqube-pg-db","user":"sonar","password":"${SONARQUBE_POSTGRES_PASSWORD}","database":"sonar"},{"host":"tandoor-pg","user":"tandoor","password":"${TANDOOR_POSTGRES_PASSWORD}","database":"tandoor"},{"host":"zammad-postgresql","user":"zammad","password":"${ZAMMAD_POSTGRES_PASS}","database":"zammad_production"}]'
+      WHODB_MARIADB_1: '[{"host":"mariadb","user":"root","password":"${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}","database":"mysql"}]'
+      WHODB_MONGODB_1: '{"host":"mongodb:27017/admin?replicaSet=rinoa","user":"root","password":"${MONGO_INITDB_ROOT_PASSWORD}"}'
+      WHODB_OLLAMA_HOST: ollama
+      WHODB_OLLAMA_PORT: 11434
+      WHODB_ANTHROPIC_API_KEY: ${LIBRECHAT_ANTHROPIC_API_KEY}
+      WHODB_OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
+    expose:
+      - 8080
+    labels:
+      homepage.group: System Administration
+      homepage.name: WhoDB
+      homepage.href: https://dbs.${MY_TLD}
+      homepage.icon: whodb.png
+      homepage.description: Database-as-Code CI/CD
+      swag: enable
+      swag_port: 8080
+      swag_proto: http
+      swag_url: dbs.${MY_TLD}
+      swag_server_custom_directive: |
+        access_log /config/log/$$host_access.log ;
+        error_log /config/log/$$host_error.log ;
+      swag.uptime-kuma.enabled: true
+      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
+      swag.uptime-kuma.monitor.interval: 300
+    restart: unless-stopped
   youtubedl:
     container_name: youtubedl
     environment:
@@ -5303,12 +5416,14 @@ services:
         type: bind
   zammad-backup:
     <<: *zammad-service
+    container_name: zammad-backup
     command: ["zammad-backup"]
     volumes:
       - zammad-backup:/var/tmp/zammad
       - zammad-storage:/opt/zammad/storage:ro
     user: 0:0
   zammad-elasticsearch:
+    container_name: zammad-elasticsearch
     image: bitnami/elasticsearch:${ELASTICSEARCH_VERSION:-8.17.4}
     restart: ${RESTART:-always}
     profiles:
@@ -5325,22 +5440,25 @@ services:
       ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASS:-zammad}
   zammad-init:
     <<: *zammad-service
+    container_name: zammad-init
     command: ["zammad-init"]
     depends_on:
       - zammad-postgresql
     restart: on-failure
     user: 0:0
   zammad-memcached:
+    container_name: zammad-memcached
     command: memcached -m 256M
     image: memcached:${MEMCACHE_VERSION:-1.6.38-alpine}
     restart: ${RESTART:-always}
   zammad-nginx:
     <<: *zammad-service
+    container_name: zammad-nginx
     command: ["zammad-nginx"]
     expose:
-      - "${NGINX_PORT:-8080}"
+      - 8080
     ports:
-      - "${NGINX_EXPOSE_PORT:-8080}:${NGINX_PORT:-8080}"
+      - 15257:8080
     labels:
       swag: enable
       swag_proto: http
@@ -5356,6 +5474,7 @@ services:
     depends_on:
       - zammad-railsserver
   zammad-postgresql:
+    container_name: zammad-postgresql
     environment:
       POSTGRES_DB: ${ZAMMAD_POSTGRES_DB:-zammad_production}
       POSTGRES_USER: ${ZAMMAD_POSTGRES_USER:-zammad}
@@ -5366,17 +5485,23 @@ services:
       - zammad-postgresql-data:/var/lib/postgresql/data
   zammad-railsserver:
     <<: *zammad-service
+    container_name: zammad-railsserver
     command: ["zammad-railsserver"]
+    expose:
+      - 3000
   zammad-redis:
+    container_name: zammad-redis
     image: redis:${REDIS_VERSION:-7.4.2-alpine}
     restart: ${RESTART:-always}
     volumes:
       - zammad-redis-data:/data
   zammad-scheduler:
     <<: *zammad-service
+    container_name: zammad-scheduler
     command: ["zammad-scheduler"]
   zammad-websocket:
     <<: *zammad-service
+    container_name: zammad-websocket
     command: ["zammad-websocket"]
 volumes:
   authelia-pg-db:
@@ -5481,14 +5606,10 @@ volumes:
     name: paperless-ngx-pg
   pgbackweb-data:
     name: pgbackweb-data
-  plausible-db-data:
-    name: plausible-db-data
-  plausible-event-data:
-    name: plausible-event-data
-  plausible-event-logs:
-    name: plausible-event-logs
   portainer-data:
     name: portainer-data
+  portnote-db-data:
+    name: portnote-db-data
   reactive-resume-pg:
     name: reactive-resume-pg
   semaphore_config: