docker-compose.yml

name: compose
networks:
  default:
    name: compose_default
  nextcloud-aio:
    external: true
x-jitsi-admin: &jitsi_admin_app
  image: h2invent/jitsi-admin-main:latest@sha256:dcebcc7eab4b95f97751a3ced9d11cd3b65b41297652bac40aea405e8efe4694
  #build: .
  environment:
    APACHE_DOCUMENT_ROOT: "public/"
    PHP_EXTENSION_XDEBUG: "1"
    PHP_INI_MEMORY_LIMIT: "1G"
    PHP_EXTENSION_LDAP: 1
    PHP_EXTENSION_INTL: 1
x-maxun: &maxun-env
  environment:
    NODE_ENV: production
    JWT_SECRET: ${MAXUN_JWT_SECRET}
    DB_NAME: maxun
    DB_USER: maxun
    DB_PASSWORD: ${MAXUN_DB_PASSWORD}
    DB_HOST: maxun-pg-db
    DB_PORT: 5432
    ENCRYPTION_KEY: ${MAXUN_ENCRYPTION_KEY}
    SESSION_SECRET: ${MAXUN_SESSION_SECRET}
    MINIO_ENDPOINT: minio
    MINIO_PORT: 9000
    MINIO_CONSOLE_PORT: 9001
    MINIO_ACCESS_KEY: ${MAXUN_MINIO_ACCESS_KEY}
    MINIO_SECRET_KEY: ${MAXUN_MINIO_SECRET_KEY}
    REDIS_HOST: maxun-valkey
    REDIS_PORT: 6379
    BACKEND_PORT: 8080
    FRONTEND_PORT: 5173
    BACKEND_URL: https://scrape.${MY_TLD}
    PUBLIC_URL: https://scrape.${MY_TLD}
    VITE_BACKEND_URL: https://scrape.${MY_TLD}
    VITE_PUBLIC_URL: https://scrape.${MY_TLD}
    MAXUN_TELEMETRY: true
    PLAYWRIGHT_BROWSERS_PATH: /ms-playwright
    PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 0
    CHROMIUM_FLAGS: "--disable-gpu --no-sandbox --headless=new"
    #DEBUG: pw:api
    #PWDEBUG: 1
x-penpot-flags: &penpot-flags
  PENPOT_FLAGS: enable-smtp enable-prepl-server login-with-password webhooks
x-penpot-uri: &penpot-public-uri
  PENPOT_PUBLIC_URI: https://penpot.${MY_TLD}
x-penpot-body-size: &penpot-http-body-size
  # Max body size (30MiB); Used for plain requests, should never be
  # greater than multi-part size
  PENPOT_HTTP_SERVER_MAX_BODY_SIZE: 31457280
  # Max multipart body size (350MiB)
  PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE: 367001600
x-signoz-common: &signoz-common
  profiles: ["rinoa-apps"]
  restart: unless-stopped
x-signoz-clickhouse-defaults: &signoz-clickhouse-defaults
  <<: *signoz-common
  # adding non LTS version due to this fix https://github.com/ClickHouse/ClickHouse/commit/32caf8716352f45c1b617274c7508c86b7d1afab
  image: clickhouse/clickhouse-server:25.5.6-alpine
  tty: true
  labels:
    signoz.io/scrape: "true"
    signoz.io/port: "9363"
    signoz.io/path: "/metrics"
  depends_on:
    signoz-init-clickhouse:
      condition: service_completed_successfully
    signoz-zookeeper-1:
      condition: service_healthy
  healthcheck:
    test:
      - CMD
      - wget
      - --spider
      - -q
      - 0.0.0.0:8123/ping
    interval: 30s
    timeout: 5s
    retries: 3
  ulimits:
    nproc: 65535
    nofile:
      soft: 262144
      hard: 262144
  environment:
    - CLICKHOUSE_SKIP_USER_SETUP=1
x-signoz-zookeeper-defaults: &signoz-zookeeper-defaults
  <<: *signoz-common
  image: bitnami/zookeeper:3.7.1
  user: root
  labels:
    signoz.io/scrape: "true"
    signoz.io/port: "9141"
    signoz.io/path: "/metrics"
  healthcheck:
    test:
      - CMD-SHELL
      - curl -s -m 2 http://localhost:8080/commands/ruok | grep error | grep null
    interval: 30s
    timeout: 5s
    retries: 3
x-signoz-db-depend: &signoz-db-depend
  <<: *signoz-common
  depends_on:
    signoz-clickhouse:
      condition: service_healthy
    signoz-schema-migrator-sync:
      condition: service_completed_successfully
x-valkey-params: &valkey-params
  healthcheck:
    test: redis-cli ping || exit 1
  image: docker.io/valkey/valkey:8-alpine@sha256:e706d1213aaba6896c162bb6a3a9e1894e1a435f28f8f856d14fab2e10aa098b
  environment:
    ALLOW_EMPTY_PASSWORD: yes
    VALKEY_DATA_DIR: /data/valkey
    VALKEY_DATABASE: 0
  expose:
    - 6379
  profiles: ["rinoa-apps"]
  restart: unless-stopped
x-zammad:
  zammad-service: &zammad-service
    environment: &zammad-environment
      MEMCACHE_SERVERS: ${ZAMMAD_MEMCACHE_SERVERS:-zammad-memcached:11211}
      POSTGRESQL_DB: ${ZAMMAD_POSTGRES_DB:-zammad_production}
      POSTGRESQL_HOST: ${ZAMMAD_POSTGRES_HOST:-zammad-postgresql}
      POSTGRESQL_USER: ${ZAMMAD_POSTGRES_USER:-zammad}
      POSTGRESQL_PASS: ${ZAMMAD_POSTGRES_PASS:-zammad}
      POSTGRESQL_PORT: ${ZAMMAD_POSTGRES_PORT:-5432}
      POSTGRESQL_OPTIONS: ${ZAMMAD_POSTGRESQL_OPTIONS:-?pool=50}
      POSTGRESQL_DB_CREATE:
      REDIS_URL: ${ZAMMAD_REDIS_URL:-redis://zammad-redis:6379}
      S3_URL: http://${ZAMMAD_S3_ACCESS_KEY}:${ZAMMAD_S3_SECRET_KEY}@minio:9000/zammad-storage-bucket?region=us-east-fh-pln&force_path_style=true
      # Backup settings
      BACKUP_DIR: "${BACKUP_DIR:-/var/tmp/zammad}"
      BACKUP_TIME: "${BACKUP_TIME:-03:00}"
      HOLD_DAYS: "${HOLD_DAYS:-7}"
      TZ: "${TZ:-Europe/Berlin}"
      # Allow passing in these variables via .env:
      AUTOWIZARD_JSON:
      AUTOWIZARD_RELATIVE_PATH:
      ELASTICSEARCH_ENABLED: false
      ELASTICSEARCH_SCHEMA:
      ELASTICSEARCH_HOST:
      ELASTICSEARCH_PORT:
      ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-elastic}
      ELASTICSEARCH_PASS: ${ELASTICSEARCH_PASS:-zammad}
      ELASTICSEARCH_NAMESPACE:
      ELASTICSEARCH_REINDEX:
      NGINX_PORT:
      NGINX_EXPOSE_PORT: 15257
      NGINX_CLIENT_MAX_BODY_SIZE:
      NGINX_SERVER_NAME:
      NGINX_SERVER_SCHEME:
      RAILS_TRUSTED_PROXIES: 172.18.0.0/16
      ZAMMAD_HTTP_TYPE:
      ZAMMAD_FQDN:
      ZAMMAD_WEB_CONCURRENCY:
      ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS:
      ZAMMAD_PROCESS_SCHEDULED_JOBS_WORKERS:
      ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS:
      # ZAMMAD_SESSION_JOBS_CONCURRENT is deprecated, please use ZAMMAD_PROCESS_SESSIONS_JOBS_WORKERS instead.
      ZAMMAD_SESSION_JOBS_CONCURRENT:
      # Variables used by ngingx-proxy container for reverse proxy creations
      # for docs refer to https://github.com/nginx-proxy/nginx-proxy
      VIRTUAL_HOST:
      VIRTUAL_PORT:
      # Variables used by acme-companion for retrieval of LetsEncrypt certificate
      # for docs refer to https://github.com/nginx-proxy/acme-companion
      LETSENCRYPT_HOST:
      LETSENCRYPT_EMAIL:
    image: ${IMAGE_REPO:-ghcr.io/zammad/zammad}:${VERSION:-6.5.0-15}
    profiles: ["rinoa-apps"]
    restart: ${RESTART:-always}
    volumes:
      - zammad-storage:/opt/zammad/storage
    depends_on:
      - zammad-memcached
      - zammad-postgresql
      - zammad-redis
services:
  13ft:
    container_name: 13ft
    image: ghcr.io/wasi-master/13ft:latest@sha256:563ce7794a7173250c25c9162495bf2f510dd714067d74363c9ab2bd0e5a994f
    labels:
      swag: enable
      swag_port: 5000
      swag_proto: http
      swag_url: 13ft.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: 13ft Ladder
      swag.uptime-kuma.monitor.url: https://13ft.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Personal Tools
      homepage.name: 13ft Ladder
      homepage.icon: 13ft.svg
      homepage.href: https://13ft.${MY_TLD}
      homepage.description: Web interface for blocking ads and paywalls
    ports:
      - 10633:5000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  actual_server:
    container_name: actualbudget
    environment:
      ACTUAL_LOGIN_METHOD: "password"
      ACTUAL_PORT: 5006
      # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
      # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
      # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
      # See all options and more details at https://actualbudget.github.io/docs/Installing/Configuration
      # !! If you are not using any of these options, remove the 'environment:' tag entirely.
    image: docker.io/actualbudget/actual-server:latest@sha256:32dceb536149fcfe6e5292a6a568403c363e9fd59a41596da002b994a0b2216e
    labels:
      swag: enable
      swag_port: 5006
      swag_proto: http
      swag_url: fin.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Actual Budget
      swag.uptime-kuma.monitor.url: https://13ft.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Lifestyle
      homepage.name: Actual Budget
      homepage.icon: actual-budget.svg
      homepage.href: https://fin.${MY_TLD}
      homepage.description: Privacy-focused app for managing finances
    ports:
      - 5006:5006
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/actual-budget:/data
  adguard:
    cap_add:
      - NET_BIND_SERVICE
      - NET_RAW
    container_name: adguard
    environment:
      TZ: ${TZ}
    image: adguard/adguardhome:v0.107.67@sha256:927dc14b3e3cbd359e84658914590270a77d54446a6565e9498bef3444c286a4
    labels:
      swag: enable
      swag_proto: http
      swag_port: 8008
      swag_address: 192.168.1.254
      swag_url: adgh.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: AdGuard Home
      swag.uptime-kuma.monitor.url: https://adgh.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: System Administration
      homepage.name: AdGuard Home
      homepage.icon: adguard-home.png
      homepage.href: https://adgh.${MY_TLD}
      homepage.description: Ad-blocking/DNS
      homepage.widget.type: adguard
      homepage.widget.url: http://192.168.1.254:8008
      homepage.widget.username: admin
      homepage.widget.password: ${ADGUARD_PASSWORD}
    network_mode: host
    privileged: true
    # ports:
    #   - "192.168.1.254:53:53/udp"
    #   - "192.168.1.254:53:53/tcp"
    #   - 3001:3000
    #   - "192.168.1.254:446:443/tcp"
    #   - 8008:80
    #   - "192.168.1.254:853:853/tcp"
    #   - 67:67
    #   - 688:68
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/adguard/work:/opt/adguardhome/work
      - ${DOCKER_VOLUME_CONFIG}/adguard/conf:/opt/adguardhome/conf
      - ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/:/opt/adguardhome/certs
  apcupsd-cgi:
    container_name: apcupsd-cgi
    environment:
      UPSHOSTS: 192.168.1.254
      UPSNAMES: Rinoa
      TZ: ${TZ}
      DASHBOARD_PROVISION: false
    image: bnhf/apcupsd-cgi:latest@sha256:e8733930739719aca608fd97aecfb0aa5f53aaf7681bf4bbccd49dbf67132bf8
    labels:
      swag: enable
      swag_proto: http
      swag_auth: authelia
      swag_url: apc.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: APC UPS Web
      swag.uptime-kuma.monitor.url: https://apc.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: APC UPS Web
      homepage.icon: apc.svg
      homepage.href: https://apc.${MY_TLD}
      homepage.description: Web interface for apcupsd
      homepage.widget.type: apcups
      homepage.widget.url: tcp://192.168.1.254:3551
    ports:
      - 3552:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/apcupsd:/etc/apcupsd
  apprise-api:
    container_name: apprise-api
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      APPRISE_ATTACH_DIR: /attach
      APPRISE_ATTACH_SIZE: 500
      APPRISE_CONFIG_DIR: /config
      APPRISE_STATEFUL_MODE: simple
    image: lscr.io/linuxserver/apprise-api:latest@sha256:31fc75e049546a808fb287af2d26b934c6417d1961c739e8fb583066de99bfca
    labels:
      cloudflare.tunnel.enable: true
      cloudflare.tunnel.hostname: apprise.${MY_TLD}
      cloudflare.tunnel.service: http://apprise:8000
      cloudflare.tunnel.zonename: ${MY_TLD}
      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Apprise
      homepage.icon: apprise.png
      homepage.href: http://192.168.1.254:54995
      homepage.description: Multi-channel notification API
      homepage.widget.type: customapi
      homepage.widget.headers: "Accept: application/json"
      homepage.widget.url: http://apprise-api:8000/status
      homepage.widget.method: GET
      homepage.widget.mappings[0].label: Status
      homepage.widget.mappings[0].field: status.details
      # homepage.widget[1].type: customapi
      # homepage.widget[1].headers: 'Accept: application/json'
      # homepage.widget[1].url: http://apprise-api:8111/json/urls/apprise?privacy=1
      # homepage.widget[1].method: GET
      # homepage.widget[1].mappings[0].label: URLS
      # homepage.widget[1].mappings[0].field: urls
      # homepage.widget[1].mappings[0].format: size
    ports:
      - 54995:8000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/apprise/conf:/config
      - ${DOCKER_VOLUME_CONFIG}/apprise/attachments:/attach #optional
  archivebox:
    container_name: archivebox
    environment:
      ADMIN_USERNAME: admin # creates an admin user on first run with the given user/pass combo
      ADMIN_PASSWORD: ${ARCHIVEBOX_ADMIN_PASSWORD}
      ALLOWED_HOSTS: "*" # set this to the hostname(s) you're going to serve the site from!
      CSRF_TRUSTED_ORIGINS: http://localhost:8000 # you MUST set this to the server's URL for admin login and the REST API to work
      PUBLIC_INDEX: false # set to False to prevent anonymous users from viewing snapshot list
      PUBLIC_SNAPSHOTS: false # set to False to prevent anonymous users from viewing snapshot content
      PUBLIC_ADD_VIEW: false # set to True to allow anonymous users to submit new URLs to archive
      SEARCH_BACKEND_ENGINE: ripgrep # tells ArchiveBox to use sonic container below for fast full-text search
    image: archivebox/archivebox:latest@sha256:fdf2936192aa1e909b0c3f286f60174efa24078555be4b6b90a07f2cef1d4909
    labels:
      homepage.group: Personal Tools
      homepage.name: ArchiveBox
      homepage.href: https://archive.${MY_TLD}
      homepage.icon: archivebox.png
      homepage.description: Open-source and self-hosted web archiving
      swag: enable
      swag_port: 8000
      swag_proto: http
      swag_url: archive.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: ArchiveBox
      swag.uptime-kuma.monitor.url: https://archive.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 21324:8000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/archivebox:/data
      # ./data/personas/Default/chrome_profile/Default:/data/personas/Default/chrome_profile/Default
  asciinema:
    container_name: asciinema
    depends_on:
      asciinema-pg-db:
        condition: service_healthy
        required: true
    environment:
      DATABASE_URL: postgresql://asciinema:${ASCIINEMA_PG_DB_PASSWORD}@asciinema-pg-db:5432/asciinema
      DEFAULT_AVATAR: gravatar
      MAIL_FROM_ADDRESS: noreply@${MY_TLD}
      SECRET_KEY_BASE: ${ASCIINEMA_SECRET_KEY_BASE}
      SIGN_UP_DISABLED: true
      SMTP_HOST: postal-smtp
      SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      SMTP_PORT: 25
      UPLOAD_AUTH_REQUIRED: true
      URL_HOST: asciinema.trez.wtf
      URL_PORT: 4000
      URL_SCHEME: https
    image: ghcr.io/asciinema/asciinema-server:latest@sha256:8da830a6eb0b6715becf31b2495877aa5d661674f29c52a3a3363110847c5598
    labels:
      homepage.group: Code/DevOps
      homepage.name: Asciinema
      homepage.href: https://asciinema.${MY_TLD}
      homepage.icon: asciinema.svg
      homepage.description: Platform for hosting and sharing terminal session recordings
      swag: enable
      swag_port: 4000
      swag_proto: http
      swag_url: asciinema.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Asciinema
      swag.uptime-kuma.monitor.url: https://asciinema.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 4000:4000
      - 4002:4002
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - asciinema-data:/var/opt/asciinema
  asciinema-pg-db:
    container_name: asciinema-pg-db
    environment:
      POSTGRES_PASSWORD: ${ASCIINEMA_PG_DB_PASSWORD}
      POSTGRES_USER: asciinema
      POSTGRES_DB: asciinema
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U asciinema"]
      interval: 2s
      timeout: 5s
      retries: 10
    image: postgres:14-alpine@sha256:49f7dcce1efddd8d86ae3f37dcba206b5655d9fac3d3872d2823177fd6c1e7fa
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - asciinema-pg-data:/var/lib/postgresql/data
  audiobookshelf:
    container_name: audiobookshelf
    environment:
      CONFIG_PATH: /config
      HOME: /config/.home
      LOG_LEVEL: info
      METADATA_PATH: /metadata
      TZ: America/New_York
    hostname: Rinoa
    image: ghcr.io/advplyr/audiobookshelf:latest@sha256:dd4a3079d26bfe9f0ea63de3e3eff483dfa25fef05ef850a5a9d121dca3794b2
    labels:
      homepage.group: Media Library
      homepage.name: Audiobookshelf
      homepage.href: https://abs.${MY_TLD}
      homepage.icon: audiobookshelf.png
      homepage.description: Podcasts, eBooks, & Audiobooks
      homepage.widget.type: audiobookshelf
      homepage.widget.url: http://audiobookshelf:80
      homepage.widget.key: ${AUDIOBOOKSHELF_ROOT_API_KEY}
      swag: enable
      swag_address: audiobookshelf
      swag_proto: http
      swag_url: abs.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Audiobookshelf
      swag.uptime-kuma.monitor.url: https://abs.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 13378:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    user: 1000:1000
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata
        target: /metadata
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  authelia:
    container_name: authelia
    depends_on:
      authelia-pg:
        condition: service_started
        required: true
      lldap:
        condition: service_started
        required: true
    environment:
      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${AUTHELIA_AUTH_BIND_LDAP_PASSWORD}
      AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
      AUTHELIA_NOTIFIER_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      AUTHELIA_NOTIFIER_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
      AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
      AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
      X_AUTHELIA_CONFIG_FILTERS: template
    expose:
      - 9091
    image: authelia/authelia:master@sha256:80323064bab83a8e8b383dedcb335908cec3009f36e836a7d4d9efdc4eb92833
    labels:
      homepage.group: Privacy/Security
      homepage.name: Authelia
      homepage.href: https://auth.${MY_TLD}
      homepage.icon: authelia.svg
      homepage.description: Authentication/authorization server with MFA & SSO
      swag: enable
      swag_proto: http
      swag_port: 9091
      swag_url: auth.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Authelia
      swag.uptime-kuma.monitor.url: https://auth.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/authelia/
        target: /config
        type: bind
        bind:
          create_host_path: true
  authelia-pg:
    container_name: authelia-pg
    environment:
      POSTGRES_PASSWORD: ${AUTHELIA_STORAGE_POSTGRES_PASSWORD}
      POSTGRES_USER: authelia
      POSTGRES_DB: authelia
    expose:
      - 5432
    image: postgres:16-alpine@sha256:84fb5d5bdd7d47f1889f325e534f3ce643f853f460832c8a61949f5391b8dc42
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: authelia-pg-db
        target: /var/lib/postgresql/data
        type: volume
        bind:
          create_host_path: true
  authelia-valkey:
    container_name: authelia-valkey
    <<: *valkey-params
    volumes:
      - authelia-valkey-data:/data/valkey
  bazarr:
    container_name: bazarr
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
      DOCKER_MODS: ghcr.io/gilbn/theme.park:bazarr
    hostname: Rinoa
    image: lscr.io/linuxserver/bazarr:latest@sha256:cf7a02a46d37899eeafd1d96b81984168f771f89c554a52a2fd35437fdc16cb6
    labels:
      homepage.group: Servarr Stack
      homepage.name: Bazarr
      homepage.href: https://bazarr.${MY_TLD}
      homepage.icon: bazarr.png
      homepage.description: Subtitle automation for TV shows/movies
      homepage.widget.type: bazarr
      homepage.widget.url: http://bazarr:6767
      homepage.widget.key: ${BAZARR_API_KEY}
      swag: enable
      swag_proto: http
      swag_port: 6767
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Bazarr
      swag.uptime-kuma.monitor.url: https://bazaar.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 6767:6767
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/bazarr
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  beszel:
    container_name: beszel
    extra_hosts:
      - host.docker.internal:host-gateway
    image: henrygd/beszel:latest@sha256:4a7aeba2e1ee2b4b9391c362cbbb6c2b3c5eb7de996d966d4e968f51dc080ef6
    labels:
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Beszel
      homepage.href: https://beszel.${MY_TLD}
      homepage.icon: beszel.svg
      homepage.description: Lightweight server monitoring hub
      homepage.widget.type: beszel
      homepage.widget.url: http://beszel:8090
      homepage.widget.username: ${SWAG_ENVIRONMENT_EMAIL}
      homepage.widget.password: ${BESZEL_ADMIN_PASSWORD}
      homepage.widget.version: 2
      swag: enable
      swag_proto: http
      swag_port: 8090
      swag_url: beszel.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Beszel
      swag.uptime-kuma.monitor.url: https://beszel.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 22220:8090
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/beszel:/beszel_data
  beszel-agent:
    container_name: beszel-agent
    depends_on:
      - beszel
    environment:
      PORT: 45876
      # Do not remove quotes around the key
      KEY: "${BESZEL_RINOA_AGENT_KEY}"
    expose:
      - 45876
    image: henrygd/beszel-agent:latest@sha256:ad1fe17fb4cc1dfca9ace15505ab7dddebb8d17ca8f8b95bdd84593a8415b6d1
    network_mode: host
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /rinoa-storage:/extra-filesystems/rinoa-storage:ro
      - /dev/nvme0n1:/extra-filesystems/nvme0n1:ro
  bitwarden:
    container_name: bitwarden
    environment:
      ADMIN_TOKEN: ${BITWARDEN_ENVIRONMENT_ADMIN_TOKEN}
      DATABASE_URL: data/db.sqlite3
      DISABLE_ADMIN_TOKEN: "false"
      DOMAIN: https://bitwarden.${MY_TLD}
      ENABLE_DB_WAL: "true"
      INVITATIONS_ALLOWED: "false"
      SHOW_PASSWORD_HINT: "false"
      SIGNUPS_ALLOWED: "true"
      SIGNUPS_VERIFY: "true"
      TZ: America/New_York
      WEBSOCKET_ENABLED: "true"
    hostname: Rinoa
    image: vaultwarden/server:latest@sha256:84fd8a47f58d79a1ad824c27be0a9492750c0fa5216b35c749863093bfa3c3d7
    labels:
      homepage.group: Privacy/Security
      homepage.name: Vaultwarden
      homepage.icon: vaultwarden.svg
      homepage.href: https://bitwarden.${MY_TLD}
      homepage.description: Credential/Information Vault
      swag: enable
      swag_url: bitwarden.${MY_TLD}
      swag_proto: http
      swag_port: 80
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Vaultwarden
      swag.uptime-kuma.monitor.url: https://bitwarden.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 3012:3012
      - 8013:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/bitwarden
        target: /data
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  bluesky-pds:
    container_name: bluesky-pds
    environment:
      PDS_ADMIN_EMAIL: charish.patel@${MY_TLD}
      PDS_HOSTNAME: bsky.${MY_TLD}
      PDS_JWT_SECRET: ${BLUESKY_PDS_JWT_SECRET}
      PDS_ADMIN_PASSWORD: ${BLUESKY_PDS_ADMIN_PASSWORD}
      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${BLUESKY_PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}
      PDS_DATA_DIRECTORY: /pds
      PDS_EMAIL_SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
      PDS_EMAIL_FROM_ADDRESS: noreply@${MY_TLD}
      PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks
      PDS_BLOB_UPLOAD_LIMIT: 52428800
      PDS_DID_PLC_URL: ${PDS_DID_PLC_URL}
      PDS_BSKY_APP_VIEW_URL: ${PDS_BSKY_APP_VIEW_URL}
      PDS_BSKY_APP_VIEW_DID: ${PDS_BSKY_APP_VIEW_DID}
      PDS_REPORT_SERVICE_URL: ${PDS_REPORT_SERVICE_URL}
      PDS_REPORT_SERVICE_DID: ${PDS_REPORT_SERVICE_DID}
      PDS_CRAWLERS: ${PDS_CRAWLERS}
      LOG_ENABLED: true
    expose:
      - 3000
    image: code.modernleft.org/gravityfargo/bluesky-pds:v0.4.158@sha256:44810dc5cf9c78135d20dfd60e0999e2db0dfc5fd56dc7e45e8844d1b57c54bd
    labels:
      swag: enable
      swag_port: 3000
      swag_url: bsky.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: BlueSky PDS
      swag.uptime-kuma.monitor.url: https://bsky.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - type: bind
        source: ${DOCKER_VOLUME_CONFIG}/bluesky-pds
        target: /pds
  browserless:
    container_name: browserless
    environment:
      ALLOW_FILE_PROTOCOL: true
      CONCURRENT: 20
      HEALTH: false
      PROXY_HOST: browserless
      PROXY_PORT: 3000
      PROXY_SSL: false
      QUEUED: 20
      TIMEOUT: 300000
      TOKEN: ${CHROMIUM_TOKEN}
      TZ: ${TZ}
    expose:
      - 3000
    extra_hosts:
      - "host.docker.internal:host-gateway"
    image: ghcr.io/browserless/chromium:latest@sha256:8021eadd6ab7d8a5cdd25a6d7b539680bf4a71a1ad9bf6637ee65e891193140c
    labels:
      swag: enable
      swag_proto: http
      swag_port: 3000
      swag_url: browse.${MY_TLD}
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  bytestash:
    container_name: bytestash
    environment:
      BASE_PATH:
      JWT_SECRET: ${BYTESTASH_JWT_SECRET}
      TOKEN_EXPIRY: 24h
      ALLOW_NEW_ACCOUNTS: true
      DEBUG: true
      DISABLE_ACCOUNTS: false
      DISABLE_INTERNAL_ACCOUNTS: false
    image: ghcr.io/jordan-dalby/bytestash:latest@sha256:f57d694a727bfbe1daf72acd3d98620b2ff9b1e4f4aafbacc5cda89c31da3512
    labels:
      homepage.description: Code Gists/Snippets
      homepage.group: Code/DevOps
      homepage.href: https://gist.${MY_TLD}
      homepage.icon: bytestash.svg
      homepage.name: ByteStash
      swag: enable
      swag_port: 5000
      swag_proto: http
      swag_url: gist.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: ByteStash
      swag.uptime-kuma.monitor.url: https://gist.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 62139:5000
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/bytestash:/data/snippets
  castopod:
    container_name: castopod
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
        restart: true
      castopod-valkey:
        condition: service_healthy
        required: true
    environment:
      MYSQL_DATABASE: castopod
      MYSQL_USER: castopod
      MYSQL_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD}
      CP_DATABASE_HOSTNAME: mariadb
      CP_DATABASE_NAME: castopod
      CP_DATABASE_USERNAME: castopod
      CP_DATABASE_PASSWORD: ${CASTOPOD_MYSQL_PASSWORD}
      CP_BASEURL: "https://pod.${MY_TLD}"
      CP_ANALYTICS_SALT: ${CASTOPOD_ANALYTICS_SALT}
      CP_CACHE_HANDLER: redis
      CP_DISABLE_HTTPS: 0
      CP_REDIS_HOST: castopod-valkey
      CP_EMAIL_SMTP_HOST: postal-smtp
      CP_EMAIL_FROM: noreply@${MY_TLD}
      CP_EMAIL_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      CP_EMAIL_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
    expose:
      - 8000
    image: castopod/castopod:latest@sha256:e59262a89b035d1cb7decd7dcc387670c5ba81e31b67c7e0e89ef827d7f58ea9
    labels:
      homepage.group: Social
      homepage.name: Castopod
      homepage.href: https://pod.${MY_TLD}
      homepage.icon: castopod.png
      homepage.description: Podcast self-hosting
      swag: enable
      swag_address: castopod
      swag_port: 8000
      swag_url: pod.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Castopod
      swag.uptime-kuma.monitor.url: https://pod.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - castopod-media:/var/www/castopod/public/media
  castopod-valkey:
    container_name: castopod-valkey
    <<: *valkey-params
    volumes:
      - castopod-valkey-data:/data/valkey
  changedetection:
    container_name: changedetection
    depends_on:
      changedetection-chrome:
        condition: service_started
    environment:
      PORT: 5000
      LOGGER_LEVEL: TRACE
      PLAYWRIGHT_DRIVER_URL: ws://browser-sockpuppet-chrome:3000
      BASE_URL: https://chdt.${MY_TLD}
      USE_X_SETTINGS: 1
      HIDE_REFERER: true
      ALLOW_FILE_URI: False
      TZ: ${TZ}
      LC_ALL: en_US.UTF-8
      LISTEN_HOST: 0.0.0.0
    image: ghcr.io/dgtlmoon/changedetection.io@sha256:d8113bf66f47895d29c6935000bbac4c0f33d79588ae37d9ed6000ed328c5833
    labels:
      homepage.description: Page change monitoring with alerts
      homepage.group: System Administration
      homepage.href: https://chdt.${MY_TLD}
      homepage.icon: changedetection.svg
      homepage.name: ChangeDetection
      homepage.widget.type: changedetectionio
      homepage.widget.url: http://changedetection:5000
      homepage.widget.key: ${CHANGEDETECTION_HOMEPAGE_API_KEY}
      swag: enable
      swag_port: 5000
      swag_proto: http
      swag_url: chdt.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: ChangeDetection
      swag.uptime-kuma.monitor.url: https://chdt.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 15827:5000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - changedetection-data:/datastore
  changedetection-chrome:
    cap_add:
      - SYS_ADMIN
    container_name: changedetection-chrome
    image: dgtlmoon/sockpuppetbrowser:latest@sha256:9f2df6791a4cd9b2c3138cb62b5a8de7f27953cab84729fe09d28cbd341a8973
    environment:
      SCREEN_WIDTH: 1920
      SCREEN_HEIGHT: 1024
      SCREEN_DEPTH: 16
      MAX_CONCURRENT_CHROME_PROCESSES: 10
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  chrome:
    container_name: chrome
    command:
      - --no-sandbox
      - --disable-gpu
      - --disable-dev-shm-usage
      - --remote-debugging-address=0.0.0.0
      - --remote-debugging-port=9222
      - --hide-scrollbars
    image: gcr.io/zenika-hub/alpine-chrome:123@sha256:e38563d4475a3d791e986500a2e4125c9afd13798067138881cf770b1f6f3980
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  clipcascade:
    container_name: clipcascade
    environment:
      CC_MAX_MESSAGE_SIZE_IN_MiB: 25 # Maximum message size in MiB (ignored if P2P mode is enabled)
      CC_P2P_ENABLED: false # Enables or disables peer-to-peer(P2P) mode
      # CC_ALLOWED_ORIGINS: https://clipcascade.example.com  # Defines allowed CORS origins for security
      CC_SIGNUP_ENABLED: false # Enables or disables user self-registration
    image: sathvikrao/clipcascade:latest@sha256:0f7aadec03af6b22a157466ade3ed1730dfd3b390d2989e55c0180e1d12d736f
    labels:
      homepage.group: Personal Tools
      homepage.name: ClipCascade
      homepage.href: https://clip.${MY_TLD}
      homepage.icon: sh-clipcascade.svg
      homepage.description: Online file converter
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: clip.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: ClipCascade
      swag.uptime-kuma.monitor.url: https://clip.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 64048:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/clipcascade:/database # Persistent storage for user data
  cloudflareddns:
    container_name: cloudflareddns
    environment:
      ARGS: --dns-cloudflare-propagation-seconds 60
      CF_APIKEY: ${CLOUDFLAREDDNS_ENVIRONMENT_APIKEY}
      CF_APITOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN}
      CF_HOSTS: ${MY_TLD}
      CF_RECORDTYPES: A
      CF_USER: charish.patel@${MY_TLD}
      CF_ZONES: ${MY_TLD}
      DETECTION_MODE: dig-google.com
      INTERVAL: "300"
      LOG_LEVEL: "3"
      PGID: "1000"
      PUID: "1000"
      TZ: America/New_York
    hostname: Rinoa
    image: ghcr.io/hotio/cloudflareddns:latest@sha256:5c3d73dec0b80e712ac3fefa660f403875e78ba643fd97563fc39531e403e281
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/cloudflareddns
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  convertx:
    container_name: convertx
    environment:
      JWT_SECRET: ${CONVERTX_JWT_SECRET}
    image: ghcr.io/c4illin/convertx@sha256:346589f154332997329fdc888417d4b24c49cc9140eab80e637a68cfbdd8041b
    labels:
      homepage.group: System Administration
      homepage.name: ConvertX
      homepage.href: https://convert.${MY_TLD}
      homepage.icon: sh-convertx.png
      homepage.description: Online file converter
      swag: enable
      swag_port: 3000
      swag_proto: http
      swag_url: convert.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: ConvertX
      swag.uptime-kuma.monitor.url: https://convert.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 38946:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/convertx:/app/data
  crowdsec:
    container_name: crowdsec
    depends_on:
      - swag
    environment:
      DOCKER_HOST: tcp://dockerproxy:2375
      GID: 1000
      BOUNCER_KEY_SWAG: ${CROWDSEC_SWAG_API_KEY}
      COLLECTIONS: >-
        corvese/apache-guacamole
        crowdsecurity/home-assistant
        crowdsecurity/http-cve
        crowdsecurity/iptables
        crowdsecurity/linux
        crowdsecurity/mariadb
        crowdsecurity/nextcloud
        crowdsecurity/nginx
        crowdsecurity/whitelist-good-actors
        Dominic-Wagner/vaultwarden
        gauth-fr/immich
        LePresidente/adguardhome
        LePresidente/authelia
        LePresidente/gitea
        LePresidente/jellyfin
        LePresidente/ombi
        plague-doctor/audiobookshelf
        schiz0phr3ne/sonarr
        sdwilsh/navidrome
        timokoessler/mongodb
        timokoessler/uptime-kuma
        xs539/joplin-server
    image: crowdsecurity/crowdsec:latest@sha256:26841bec239f53c74f5ac35ca89166b0566c511a449c4852d3187c8a62faf4ed
    networks:
      default: null
    ports:
      - 8101:8080
    profiles: ["rinoa-infra"]
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true
    volumes:
      # - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml
      - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG
      - ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB
      - ${DOCKER_VOLUME_CONFIG}/audiobookshelf/.metadata/logs:/var/log/audiobookself:ro # Audiobookshelf
      - crowdsec-config:/etc/crowdsec
      - crowdsec-db:/var/lib/crowdsec/data
      - /var/log/journal:/var/log/host/journal:ro
      - /var/log/auth.log:/var/log/host/auth.log:ro
  crowdsec-dashboard:
    container_name: crowdsec-dashboard
    depends_on:
      crowdsec:
        condition: service_started
        required: true
    environment:
      MB_DB_FILE: /data/metabase.db
      MGID: ${GID-1000}
    image: metabase/metabase@sha256:f8a99822a7d3e2ee0874412b1835c99996addeb2101a183de7b6d55e5f6018cb
    labels:
      homepage.group: Privacy/Security
      homepage.name: CrowdSec Dashboard
      homepage.href: https://csec.${MY_TLD}
      homepage.icon: crowdsec.svg
      homepage.description: Real-time & crowdsourced protection against aggressive IPs
      homepage.widget.type: crowdsec
      homepage.widget.url: http://crowdsec:8080
      homepage.widget.username: localhost
      homepage.widget.password: ${CROWDSEC_LOCAL_API_KEY}
      swag: enable
      swag_port: 3000
      swag_proto: http
      swag_url: csec.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Crowdsec
      swag.uptime-kuma.monitor.url: https://csec.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8908:3000
    profiles: ["rinoa-infra"]
    restart: always
    volumes:
      - crowdsec-db:/data/
  cyber-chef:
    container_name: cyber-chef
    image: mpepping/cyberchef:latest@sha256:1772a04fd261f971da89cf6212147afe55a37b4a93421db928a78e01de3d65ea
    labels:
      homepage.description: Web app for encryption, encoding, compression, and data analysis
      homepage.group: Privacy/Security
      homepage.href: https://cchef.${MY_TLD}
      homepage.icon: cyberchef.svg
      homepage.name: CyberChef
      swag: enable
      swag_port: 8000
      swag_proto: http
      swag_url: cchef.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: CyberChef
      swag.uptime-kuma.monitor.url: https://cchef.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 20992:8000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  czkawka:
    container_name: czkawka
    environment:
      KEEP_APP_RUNNING: 1
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
      UMASK: 1
      WEB_LISTENING_PORT: 5800
    image: jlesage/czkawka@sha256:03109f40d1bc41ebe24c2fd3ee81429950338591bbb64c4cf39ec6160fee75a4
    labels:
      homepage.group: System Administration
      homepage.name: Czkawka
      homepage.href: https://czkawka.${MY_TLD}
      homepage.icon: sh-czkawka.svg
      homepage.description: Smart file management
      swag: enable
      swag_port: 5800
      swag_proto: http
      swag_url: czkawka.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Czkawka
      swag.uptime-kuma.monitor.url: https://czkawka.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 5800:5800
    privileged: true
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/czkawka
        target: /config
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_STORAGE}
        target: /storage
        type: bind
        bind:
          create_host_path: true
  dagu:
    container_name: dagu
    environment:
      DAGU_PORT: 8080
      DAGU_TZ: ${TZ} # optional. default is local timezone
      DAGU_BASE_PATH: /
      DAGU_HOME: /dagu
      DAGU_AUTH_BASIC_USERNAME: admin
      DAGU_AUTH_BASIC_PASSWORD: ${DAGU_AUTH_BASIC_PASSWORD}
      DAGU_AUTH_TOKEN: ${DAGU_AUTH_TOKEN}
      PUID: ${PUID}
      PGID: ${PGID}
    image: ghcr.io/dagu-org/dagu:alpine@sha256:89d0dbc4b2950939fcde3b517aaa2814a9b020488dbebefa6150482985fd2c95
    labels:
      homepage.group: Automation
      homepage.name: Dagu
      homepage.href: https://cron.${MY_TLD}
      homepage.icon: sh-dagu.svg
      homepage.description: Cron alternative with a web UI
      homepage.widget.type: customapi
      homepage.widget.headers: "Authorization: Bearer ${DAGU_AUTH_TOKEN}"
      homepage.widget.url: http://dagu:8080/api/v2/health
      homepage.widget.method: GET
      homepage.widget.mappings[0].label: Status
      homepage.widget.mappings[0].field: status
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: cron.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Dagu
      swag.uptime-kuma.monitor.url: https://cron.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 31037:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/dagu/:/dagu
      - ${DOCKER_VOLUME_STORAGE}/backups/:/backups
      - /var/run/docker.sock:/var/run/docker.sock
  dawarich-app:
    command: ["bin/rails", "server", "-p", "3000", "-b", "::"]
    container_name: dawarich-app
    depends_on:
      dawarich-pg-db:
        condition: service_healthy
        restart: true
      dawarich-valkey:
        condition: service_started
        restart: true
    deploy:
      resources:
        limits:
          cpus: "0.50" # Limit CPU usage to 50% of one core
          memory: "4G" # Limit memory usage to 4GB
    entrypoint: web-entrypoint.sh
    environment:
      RAILS_ENV: production
      REDIS_URL: redis://dawarich-valkey:6379
      DATABASE_HOST: dawarich-pg-db
      DATABASE_USERNAME: dawarich
      DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
      DATABASE_NAME: dawarich
      MIN_MINUTES_SPENT_IN_CITY: 60
      APPLICATION_HOSTS: localhost,loc.${MY_TLD},192.168.1.254
      TIME_ZONE: ${TZ}
      APPLICATION_PROTOCOL: http
      DISTANCE_UNIT: km
      SECRET_KEY_BASE: ${DAWARICH_SECRET_KEY_BASE}
      PROMETHEUS_EXPORTER_ENABLED: false
      PROMETHEUS_EXPORTER_HOST: 0.0.0.0
      PROMETHEUS_EXPORTER_PORT: 9394
      ENABLE_TELEMETRY: false # More on telemetry: https://dawarich.app/docs/tutorials/telemetry
      SELF_HOSTED: true
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'",
        ]
      interval: 10s
      retries: 30
      start_period: 30s
      timeout: 10s
    image: freikin/dawarich:latest@sha256:ea1bcc61d7fd94e59ecee710f6850230d11593a54128cfd1309a14c61cb32fd6
    labels:
      homepage.group: Privacy/Security
      homepage.name: Dawarich
      homepage.href: https://loc.${MY_TLD}
      homepage.icon: dawarich.svg
      homepage.description: Self-hosted alternative to Google Location History
      swag: enable
      swag_port: 3000
      swag_proto: http
      swag_url: loc.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Dawarich
      swag.uptime-kuma.monitor.url: https://loc.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 63561:3000
      - 9394:9394 # Prometheus exporter, uncomment if needed
    profiles: ["rinoa-apps"]
    restart: on-failure
    stdin_open: true
    tty: true
    volumes:
      - dawarich_public:/var/app/public
      - dawarich_watched:/var/app/tmp/imports/watched
      - ${DOCKER_VOLUME_CONFIG}/dawarich/web-entrypoint.sh:/usr/local/bin/web-entrypoint.sh
  dawarich-pg-db:
    container_name: dawarich-pg-db
    environment:
      POSTGRES_DB: dawarich
      POSTGRES_USER: dawarich
      POSTGRES_PASSWORD: ${DAWARICH_PG_PASSWORD}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U dawarich -d dawarich"]
      interval: 10s
      retries: 5
      start_period: 30s
      timeout: 10s
    image: postgis/postgis:17-3.5-alpine@sha256:6ebb2b32a6d5315c8fc2b00427356eebd4778bfaf7211d4b28eac481f3d194ec
    profiles: ["rinoa-apps"]
    restart: always
    shm_size: 1G
    volumes:
      - dawarich_db_data:/var/lib/postgresql/data
      - dawarich_shared:/var/shared
  dawarich-sidekiq:
    command: ["sidekiq"]
    container_name: dawarich-sidekiq
    depends_on:
      dawarich-app:
        condition: service_healthy
        restart: true
      dawarich-pg-db:
        condition: service_healthy
        restart: true
      dawarich-valkey:
        condition: service_healthy
        restart: true
    deploy:
      resources:
        limits:
          cpus: "0.50" # Limit CPU usage to 50% of one core
          memory: "4G" # Limit memory usage to 4GB
    entrypoint: sidekiq-entrypoint.sh
    environment:
      APPLICATION_HOSTS: localhost,loc.${MY_TLD}
      APPLICATION_PROTOCOL: http
      BACKGROUND_PROCESSING_CONCURRENCY: 10
      DATABASE_HOST: dawarich-pg-db
      DATABASE_NAME: dawarich
      DATABASE_PASSWORD: ${DAWARICH_PG_PASSWORD}
      DATABASE_USERNAME: dawarich
      DISTANCE_UNIT: km
      ENABLE_TELEMETRY: false # More on telemetry: https://dawarich.app/docs/tutorials/telemetry
      PROMETHEUS_EXPORTER_ENABLED: false
      PROMETHEUS_EXPORTER_HOST: dawarich-app
      PROMETHEUS_EXPORTER_PORT: 9394
      RAILS_ENV: production
      RAILS_LOG_TO_STDOUT: true
      REDIS_URL: "redis://dawarich-valkey:6379"
      SECRET_KEY_BASE: ${DAWARICH_SECRET_KEY_BASE}
      SELF_HOSTED: true
      STORE_GEODATA: true
    healthcheck:
      test: ["CMD-SHELL", "pgrep -f sidekiq"]
      interval: 10s
      retries: 30
      start_period: 30s
      timeout: 10s
    image: freikin/dawarich:latest@sha256:ea1bcc61d7fd94e59ecee710f6850230d11593a54128cfd1309a14c61cb32fd6
    profiles: ["rinoa-apps"]
    restart: on-failure
    stdin_open: true
    tty: true
    volumes:
      - dawarich_public:/var/app/public
      - dawarich_watched:/var/app/tmp/imports/watched
      - ${DOCKER_VOLUME_CONFIG}/dawarich/sidekiq-entrypoint.sh:/usr/local/bin/sidekiq-entrypoint.sh
  dawarich-valkey:
    container_name: dawarich-valkey
    <<: *valkey-params
    volumes:
      - dawarich-valkey-data:/data/valkey
  dead-man-hand:
    container_name: dead-man-hand
    image: ghcr.io/bkupidura/dead-man-hand:latest@sha256:31905f19678f60d55ecdfa63dad009c07e2055cb5db0c608c8cab5de4467050e
    environment:
      DMH_CONFIG_FILE: /data/config.yaml
    labels:
      # homepage.group: Personal/Professional Services
      # homepage.name: Dawarich
      # homepage.href: https://loc.${MY_TLD}
      # homepage.icon: dawarich.svg
      # homepage.description: Self-hosted alternative to Google Location History
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: dms.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.monitor.url: https://dms.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 25807:8080
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/dead-man-hand:/data
  docker-socket-proxy:
    container_name: dockerproxy
    environment:
      AUTH: 1
      BUILD: 1
      COMMIT: 1
      CONFIGS: 1
      CONTAINERS: 1
      DISTRIBUTION: 1
      EVENTS: 1
      EXEC: 1
      GPRC: 1
      IMAGES: 1
      INFO: 1
      NETWORKS: 1
      NODES: 1
      POST: 1
      PLUGINS: 1
      SERVICES: 1
      SESSION: 1
      SYSTEM: 1
      TASKS: 1
      VOLUMES: 1
      LOG_LEVEL: debug
    image: ghcr.io/tecnativa/docker-socket-proxy:latest@sha256:3400c429c5f9e1b21d62130fb93b16e2e772d4fb7695bd52fc2b743800b9fe9e
    networks:
      default: null
    ports:
      - 2375:2375
    privileged: true
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
  dockflare:
    container_name: dockflare
    environment:
      AGENT_STATUS_UPDATE_INTERVAL_SECONDS: 10
      CF_ACCOUNT_ID: ${CLOUDFLARE_ACCOUNT_ID}
      CF_API_TOKEN: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN}
      CF_ZONE_ID: ${CLOUDFLARE_ZONE_ID}
      CLEANUP_INTERVAL_SECONDS: 300
      CLOUDFLARED_METRICS_PORT: 20119
      CLOUDFLARED_NETWORK_NAME: compose_default
      DEFAULT_NO_TLS_VERIFY: false
      GRACE_PERIOD_SECONDS: 600
      LABEL_PREFIX: cloudflare.tunnel
      MAX_CONCURRENT_DNS_OPS: 3
      RECONCILIATION_BATCH_SIZE: 3
      SCAN_ALL_NETWORKS: false
      STATE_FILE_PATH: /app/data/state.json
      TRUSTED_PROXIES: 192.168.1.0/24,172.18.0.0/16
      TUNNEL_DNS_SCAN_ZONE_NAMES:
      TUNNEL_NAME: dockflared-tunnel
      TZ: ${TZ}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "wget -qO- --server-response http://localhost:5000/ping 2>&1 | awk '/^  HTTP/{code=$2} /^[^{]/{next} {print; fflush()} END{exit (code>=400 || code==0)}' >/dev/null",
        ]
      interval: 1m30s
      timeout: 30s
      retries: 5
      start_period: 30s
    image: alplat/dockflare:stable@sha256:8c419e698cdf4160b7043197b1d674cdf82910fdc4e249ff52da3cf86f5b5383 # Or :unstable for the latest features
    labels:
      homepage.group: Privacy/Security
      homepage.name: DockFlare
      homepage.href: https://cftunn.${MY_TLD}
      homepage.icon: sh-dockflare.svg
      homepage.description: Cloudflare Tunnel controller
      homepage.widget.type: cloudflared
      homepage.widget.accountid: ${CLOUDFLARE_ACCOUNT_ID}
      homepage.widget.tunnelid: ${DOCKFLARE_CLOUDFLARE_TUNNEL_ID}
      homepage.widget.key: ${CLOUDFLAREDDNS_ENVIRONMENT_APITOKEN}
      swag: enable
      swag_proto: http
      swag_url: cftunn.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: DockFlare
      swag.uptime-kuma.monitor.url: https://cftunn.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      ### EXAMPLE CF TUNNEL LABELS ###
      # Enable DockFlare management for this container
      # - "cloudflare.tunnel.enable=true"
      # The public hostname to expose
      # - "cloudflare.tunnel.hostname=my-service.example.com"
      # The internal service address (protocol://container_name_or_ip:port)
      # Service type (http, https, tcp, ssh, rdp, http_status) is inferred from the prefix.
      # - "cloudflare.tunnel.service=http://my-service:80"
      # Optional: Specify a URL path. Only requests to hostname/path will match.
      # - "cloudflare.tunnel.path=/app"
      # Optional: Specify a different Cloudflare Zone for this hostname
      # - "cloudflare.tunnel.zonename=another.example.com"
      # Optional: Disable TLS verification if your internal service uses HTTP or a self-signed cert
      # - "cloudflare.tunnel.no_tls_verify=true"
      # Optional: Specify Origin Server Name (SNI) for TLS connection to origin
      # - "cloudflare.tunnel.originsrvname=internal.service.local"
    ports:
      - 20756:5000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - dockflare_data:/app/data
  dockpeek:
    container_name: dockpeek
    image: ghcr.io/dockpeek/dockpeek:v1.6.5@sha256:6807298f51c5eedf34c6f44dc7cbdaecd6bd2d789cea9f50489d0786539abd4c
    depends_on:
      docker-socket-proxy:
        condition: service_started
        required: true
    environment:
      SECRET_KEY: ${DOCKPEEK_SECRET_KEY}
      USERNAME: admin
      PASSWORD: ${DOCKPEEK_PASSWORD}
      DOCKER_HOST: tcp://192.168.1.254:2375
      DOCKER_HOST_NAME: Rinoa
      DOCKER_HOST_PUBLIC_HOSTNAME: 192.168.1.254
      DOCKER_HOST_1_URL: tcp://192.168.1.250:2375
      DOCKER_HOST_1_NAME: Benedikta
      DOCKER_HOST_1_PUBLIC_NAME: 192.168.1.250
      DOCKER_HOST_2_URL: tcp://192.168.1.252:2375
      DOCKER_HOST_2_NAME: Rikku
      DOCKER_HOST_2_PUBLIC_NAME: 192.168.1.252
    labels:
      swag: enable
      swag_proto: http
      swag_port: 8000
      swag_url: ports.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Dockpeek
      swag.uptime-kuma.monitor.url: https://ports.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: System Administration
      homepage.name: Dockpeek
      homepage.href: https://ports.${MY_TLD}
      homepage.icon: sh-dockpeek.svg
      homepage.description: Real-time port monitoring and discovery
    ports:
      - 3420:8000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  duplicati:
    container_name: duplicati
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
    hostname: Rinoa
    image: lscr.io/linuxserver/duplicati:latest@sha256:6f9d58c8183dcfee25f0a36077b14ef278f06e51c47aa4d44c51f1d5360f44a9
    labels:
      swag: enable
      swag_port: 8200
      swag_proto: http
      swag_url: dup.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Duplicati
      swag.uptime-kuma.monitor.url: https://dup.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Automation
      homepage.name: Duplicati
      homepage.href: https://dup.${MY_TLD}
      homepage.icon: duplicati.png
      homepage.description: Data backup
    networks:
      default: null
    ports:
      - 8282:8200
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/duplicati
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
      - bind:
          create_host_path: true
        source: /home/charish/.config/appdata/backups
        target: /backups
        type: bind
      - bind:
          create_host_path: true
        source: /home/charish/.config/appdata
        target: /source
        type: bind
  easyappointments:
    container_name: easyappointments
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
    image: alextselegidis/easyappointments:1.5.2@sha256:484f183a7f5bcc9c0486674de4af01c785ab73fc2ee962dc35db7d0ba69d2825
    environment:
      BASE_URL: http://localhost
      DEBUG_MODE: TRUE
      DB_HOST: mariadb:3306
      DB_NAME: easyappointments
      DB_USERNAME: easyappt
      DB_PASSWORD: ${EASYAPPOINTMENTS_DB_PASSWORD}
      MAIL_PROTOCOL: mail
      MAIL_SMTP_DEBUG: 0
      MAIL_SMTP_AUTH: 0
      MAIL_SMTP_HOST: postal-smtp
      MAIL_SMTP_USER: ${POSTAL_SMTP_AUTH_USER}
      MAIL_SMTP_PASS: ${POSTAL_SMTP_AUTH_PASSWORD}
      MAIL_SMTP_CRYPTO: tls
      MAIL_SMTP_PORT: 25
      MAIL_FROM_ADDRESS: noreply@${MY_TLD}
      MAIL_FROM_NAME: "Trez"
      MAIL_REPLY_TO_ADDRESS: it-services@${MY_TLD}
    labels:
      homepage.group: Professional Services
      homepage.name: "Easy!Appointments"
      homepage.href: https://appt.${MY_TLD}
      homepage.icon: sh-easy-appointments.png
      homepage.description: Highly customizable appointment scheduler
      swag: enable
      swag_proto: http
      swag_url: appt.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: "Easy!Appointments"
      swag.uptime-kuma.monitor.url: https://appt.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 8362:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    # volumes:
    #   - easyappointments:/var/www/html
  excalidraw:
    container_name: excalidraw
    image: "excalidraw/excalidraw:latest@sha256:b5b9454af5f9c4403ea3b8ef06f2a3e29ac68e79e7d457f373f4d4a4b603d4bc"
    labels:
      homepage.group: Personal Tools
      homepage.name: Excalidraw
      homepage.href: https://draw.${MY_TLD}
      homepage.icon: excalidraw.svg
      homepage.description: Virtual whiteboard for sketching hand-drawn like diagrams
      swag: enable
      swag_proto: http
      swag_url: draw.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Excalidraw
      swag.uptime-kuma.monitor.url: https://draw.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 53721:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  explo:
    container_name: explo
    environment:
      TZ: ${TZ}
      WEEKLY_EXPLORATION_SCHEDULE: 0 8 * * 2
      WEEKLY_EXPLORATION_FLAGS:
      WEEKLY_JAMS_SCHEDULE: 30 00 * * 1
      WEEKLY_JAMS_FLAGS: --playlist=weekly-jams --download-mode=skip
      DAILY_JAMS_SCHEDULE: 30 2 * * *
      DAILY_JAMS_FLAGS: --playlist=daily-jams --download-mode=skip
    image: ghcr.io/lumepart/explo:latest@sha256:2c6fe1e5fbe0ceb17c653191001e7cb96eff0ae82539b44f61b024caa0fbfd14
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/explo/local.env:/opt/explo/.env
      - ${DOCKER_VOLUME_STORAGE}/Audio/Explo:/downloads # has to be in the same path you have your music system pointed to (it's recommended to put explo under a subfolder)
      - ${DOCKER_VOLUME_STORAGE}/Audio/Playlists:/playlists
  fastenhealth:
    container_name: fastenhealth
    image: ghcr.io/fastenhealth/fasten-onprem:main@sha256:992a3fe0096500475cc29f5a83234481a6079652d064bc6e2c4e660860af7fba
    labels:
      homepage.group: Lifestyle
      homepage.name: Fasten Health
      homepage.icon: sh-fasten-health.svg
      homepage.href: http://health.${MY_TLD}
      homepage.description: Open-source, self-hosted, personal/family electronic medical record aggregator
      swag: enable
      swag_proto: http
      swag_port: 8080
      swag_url: health.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Fasten Health
      swag.uptime-kuma.monitor.url: https://health.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8105:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: fastenhealth-cache
        target: /opt/fasten/cache
        type: volume
        volume: {}
      - source: fastenhealth-db
        target: /opt/fasten/db
        type: volume
        volume: {}
  flaresolverr:
    container_name: flaresolverr
    environment:
      CAPTCHA_SOLVER: none
      LOG_HTML: false
      LOG_LEVEL: info
      PORT: 8191
      TZ: America/New_York
      BROWSER_TIMEOUT: 40000
      TEST_URL: https://duckduckgo.com
    hostname: Rinoa
    image: ghcr.io/flaresolverr/flaresolverr:latest@sha256:5379a9209c86870558d77c8cdf7efdf300aecf0447617a05dc77e0491d53f34c
    networks:
      default: null
    ports:
      - 8191:8191
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  garage:
    container_name: garage
    image: dxflrs/garage:v2.1.0@sha256:4c9b34c113e61358466e83fd6e7d66e6d18657ede14b776eb78a93ee8da7cf6a
    ports:
      - 3900:3900
      - 3901:3901
      - 3902:3902
      - 3903:3903
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/garage/garage.toml:/etc/garage.toml
      - ${DOCKER_VOLUME_CONFIG}/garage/meta:/var/lib/garage/meta
      - ${DOCKER_VOLUME_STORAGE}/garage_data:/var/lib/garage/data
  garage-webui:
    container_name: garage-webui
    depends_on:
      garage:
        condition: service_started
        required: true
    environment:
      API_BASE_URL: http://garage:3903
      S3_ENDPOINT_URL: http://garage:3900
    image: khairul169/garage-webui:latest@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c
    labels:
      homepage.group: System Administration
      homepage.name: Garage
      homepage.href: http://192.168.1.254:3909
      homepage.icon: garage.svg
      homepage.description: S3-compatible storage backend
    ports:
      - 3909:3909
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/garage/garage.toml:/etc/garage.toml:ro
  ghost:
    container_name: ghost_blog
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
        restart: true
    environment:
      database__client: mysql
      database__connection__host: mariadb
      database__connection__port: 3306
      database__connection__user: ${GHOST_DB_USER}
      database__connection__password: ${GHOST_DB_PASSWORD}
      database__connection__database: ghost_db
      mail__transport: SMTP
      mail__options__host: postal-smtp
      mail__options__port: 25
      mail__options__secure: false
      mail__options__auth__user: ${POSTAL_SMTP_AUTH_USER}
      mail__options__auth__pass: ${POSTAL_SMTP_AUTH_PASSWORD}
      mail__from: "'Ghost @ Rinoa' <noreply@${MY_TLD}>"
      url: https://blog.${MY_TLD}
    image: ghost:latest@sha256:ffc213a6f2db7210b69396dc4330b4a9c5e27c8b044ae453854d53bd3937a6ec
    labels:
      homepage.group: Lifestyle
      homepage.name: Ghost
      homepage.href: https://blog.${MY_TLD}
      homepage.icon: ghost.png
      homepage.description: Personal blog
      swag: enable
      swag_port: 2368
      swag_proto: http
      swag_url: blog.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Ghost
      swag.uptime-kuma.monitor.url: https://blog.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 2368:2368
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/ghost:/var/lib/ghost/content
  gitea:
    container_name: gitea
    depends_on:
      gitea-db:
        condition: service_healthy
        required: true
    environment:
      USER_UID: ${PUID}
      USER_GID: ${PGID}
      GITEA__database__DB_TYPE: postgres
      GITEA__database__HOST: gitea-db:5432
      GITEA__database__NAME: gitea
      GITEA__database__USER: gitea
      GITEA__database__PASSWD: ${GITEA_PG_DB_PASSWORD}
      GITEA__mailer__ENABLED: true
      GITEA__mailer__FROM: '"Gitea" <noreply@${MY_TLD}>'
      GITEA__mailer__PROTOCOL: smtp
      GITEA__mailer__SMTP_ADDR: postal-smtp
      GITEA__mailer__SMTP_PORT: 25
      GITEA__mailer__USER: ${POSTAL_SMTP_AUTH_USER}
      GITEA__mailer__PASSWD: ${POSTAL_SMTP_AUTH_PASSWORD}
    image: gitea/gitea:1.24.6@sha256:2edc102cbb636ae1ddac5fa0c715aa5b03079dee13ac6800b2cef6d4e912e718
    labels:
      cloudflare.tunnel.enable: true
      cloudflare.tunnel.hostname: git-ssh.${MY_TLD}
      cloudflare.tunnel.service: http://gitea:22
      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Code/DevOps
      homepage.name: Gitea
      homepage.href: https://git.${MY_TLD}
      homepage.icon: gitea.svg
      homepage.description: Private Code Repo
      homepage.widget.type: gitea
      homepage.widget.url: http://gitea:3000
      homepage.widget.key: ${GITEA_HOMEPAGE_API_KEY}
      swag: enable
      swag_url: git.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Gitea
      swag.uptime-kuma.monitor.url: https://git.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 3013:3000
      - 222:22
    profiles: ["rinoa-infra"]
    restart: always
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/gitea
        target: /data/gitea
        type: bind
        bind:
          create_host_path: true
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/timezone
        target: /etc/timezone
        type: bind
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
  gitea-db:
    container_name: gitea-db
    environment:
      POSTGRES_USER: gitea
      POSTGRES_PASSWORD: ${GITEA_PG_DB_PASSWORD}
      POSTGRES_DB: gitea
    expose:
      - 5432
    healthcheck:
      interval: 10s
      start_period: 20s
      test: ["CMD-SHELL", "pg_isready -U gitea -d gitea"]
    image: postgres:14@sha256:fbd63b8e1eb2b318d342e8ad279891f622aa5ff69bd95e5683cc915301218bcf
    networks:
      default: null
    profiles: ["rinoa-infra"]
    restart: always
    volumes:
      - source: gitea-pg-db
        target: /var/lib/postgresql/data
        type: volume
        volume: {}
  gitea-runner:
    container_name: gitea-runner
    depends_on:
      gitea:
        condition: service_started
    environment:
      CONFIG_FILE: /config.yaml
      GITEA_INSTANCE_URL: http://gitea:3000
      GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
      GITEA_RUNNER_NAME: "gitea-runner-1"
    image: gitea/act_runner:latest@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944
    ports:
      - 63604:63604
    profiles: ["rinoa-infra"]
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/gitea/act-runner/config.yaml:/config.yaml
      - /var/run/docker.sock:/var/run/docker.sock
  gitea-sonarqube-bot:
    container_name: gitea-sonarqube-bot
    depends_on:
      gitea:
        condition: service_started
      sonarqube:
        condition: service_started
    image: justusbunsi/gitea-sonarqube-bot:v0.4.0@sha256:18dd43b470d9a470e27d5999dd7dcbb44423d5c4466ae56dd7c1722f23115673
    environment:
      GITEA_SQ_BOT_PORT: 58525
      GITEA_SQ_BOT_CONFIG_PATH: /home/bot/config/config.yaml
    ports:
      - 58525:58525
    profiles: ["rinoa-infra"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/gitea/sonarqube-bot/:/home/bot/config/
  gitignore-io:
    container_name: gitignore-io
    image: guog/gitignore.io:latest@sha256:27b0bc3e9eb81adaee39fb6f77169ea9cbef164bcab049d29bcab68d154013ad
    labels:
      homepage.group: Code/DevOps
      homepage.name: gitignore-io
      homepage.href: https://gitignore.${MY_TLD}
      homepage.icon: /icons/gitignore-io.svg
      homepage.description: .gitignore generator
      swag: enable
      swag_url: gitignore.${MY_TLD}
      swag_address: gitignore-io
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: gitignore-io
      swag.uptime-kuma.monitor.url: https://gitignore.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 14822:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  gluetun:
    cap_add:
      - NET_ADMIN
    container_name: gluetun
    environment:
      OPENVPN_PASSWORD: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
      OPENVPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
      PORT_FORWARD_ONLY: true
      SERVER_REGIONS: Bahamas,Belgium,Cyprus,Estonia,FI Helsinki,Iceland,Latvia,Lithuania,Luxembourg,Montenegro,Netherlands,Portugal,DK Copenhagen,Ukraine,Uruguay
      VPN_SERVICE_PROVIDER: private internet access
    expose:
      - 8000
    image: qmcgaw/gluetun:latest@sha256:14cc0004058f148c4b97a7f0afdfa9b2bf76bd3fd18633db94864e2c7834efad
    ports:
      - 3333:3333
      - 3334:3334
      - 5030:5030
      - 5031:5031
      - 50300:50300
    profiles: ["rinoa-apps"]
    restart: always
  gotify:
    container_name: gotify
    environment:
      GOTIFY_SERVER_PORT: 80
      GOTIFY_SERVER_KEEPALIVEPERIODSECONDS: 0
      GOTIFY_SERVER_LISTENADDR:
      GOTIFY_SERVER_SSL_ENABLED: false
      GOTIFY_SERVER_SSL_REDIRECTTOHTTPS: true
      GOTIFY_SERVER_SSL_LISTENADDR:
      GOTIFY_SERVER_SSL_PORT: 443
      GOTIFY_SERVER_SSL_CERTFILE:
      GOTIFY_SERVER_SSL_CERTKEY:
      GOTIFY_SERVER_SSL_LETSENCRYPT_ENABLED: false
      GOTIFY_SERVER_SSL_LETSENCRYPT_ACCEPTTOS: false
      GOTIFY_SERVER_SSL_LETSENCRYPT_CACHE: certs
      GOTIFY_SERVER_STREAM_PINGPERIODSECONDS: 45
      GOTIFY_DATABASE_DIALECT: sqlite3
      GOTIFY_DATABASE_CONNECTION: data/gotify.db
      GOTIFY_DEFAULTUSER_NAME: admin
      GOTIFY_DEFAULTUSER_PASS: ${GOTIFY_PASSWORD}
      GOTIFY_PASSSTRENGTH: 10
      GOTIFY_UPLOADEDIMAGESDIR: data/images
      GOTIFY_PLUGINSDIR: data/plugins
      GOTIFY_REGISTRATION: false
    image: gotify/server@sha256:2ae0e4e689f183137c8247884382fcb174d5a72253ce1897e7e5267090093fc8
    labels:
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Gotify
      homepage.href: https://gotify.${MY_TLD}
      homepage.icon: gotify.png
      homepage.description: Notification System
      homepage.widget.type: gotify
      homepage.widget.url: http://gotify
      homepage.widget.key: ${GOTIFY_HOMEPAGE_CLIENT_KEY}
      swag: enable
      swag_proto: http
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Gotify
      swag.uptime-kuma.monitor.url: https://gotify.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8097:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/gotify
        target: /app/data
        type: bind
        bind:
          create_host_path: true
  guacamole:
    container_name: guacamole
    environment:
      DOCKER_HOST: tcp://dockerproxy:2375
      EXTENSIONS: "auth-totp"
      TZ: ${TZ}
    image: flcontainers/guacamole:latest@sha256:81a420f386ef8cbb4697208e13ea90f6a10a54619981241bed672e4a41b5f77f
    labels:
      homepage.group: System Administration
      homepage.name: Guacamole
      homepage.description: Client-less remote desktop gateway
      homepage.href: https://guac.${MY_TLD}
      homepage.icon: guacamole.svg
      swag: enable
      swag_proto: http
      swag_port: 8080
      swag_url: guac.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Guacamole
      swag.uptime-kuma.monitor.url: https://guac.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 62173:8080
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/guacamole/:/config
      - /etc/localtime:/etc/localtime:ro
  homepage:
    container_name: homepage
    environment:
      HOMEPAGE_ALLOWED_HOSTS: ${MY_TLD}
      PUID: ${PUID}
      PGID: ${PGID}
    image: ghcr.io/gethomepage/homepage:latest@sha256:e7fc26f914cf5e7dcd6c566e24ca218addb879aa76478ad4a553b1f9ae48b1d7
    labels:
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Homepage
      swag.uptime-kuma.monitor.url: https://${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 3004:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/homepage:/app/config
      - ${DOCKER_VOLUME_CONFIG}/homepage/images:/app/public/images
      - ${DOCKER_VOLUME_CONFIG}/homepage/icons:/app/public/icons
      - ${DOCKER_VOLUME_STORAGE}:/rinoa-storage:ro
  hugo:
    command: hugo server --baseURL "it-services.${MY_TLD}" --bind 0.0.0.0 --appendPort=false --source=/src/ --configDir=/src/config/ -e production --logLevel debug
    container_name: hugo
    image: hugomods/hugo:exts@sha256:89c0472bdfc5f9ff051ae9f54942428c62edb1d2ec3527bf1a4e63e24aa48356
    labels:
      swag: enable
      swag_proto: http
      swag_port: 1313
      swag_url: it-services.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Hugo
      swag.uptime-kuma.monitor.url: https://it-services.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Professional Services
      homepage.name: Hugo
      homepage.href: https://it-services.${MY_TLD}
      homepage.icon: hugo.svg
      homepage.description: Static site
    ports:
      - 1313:1313
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/hugo/:/src
      - ${DOCKER_VOLUME_CONFIG}/hugo/cache:/tmp/hugo_cache
  immich-server:
    container_name: immich-server
    depends_on:
      immich-valkey:
        condition: service_healthy
        required: true
      immich-pg-db:
        condition: service_healthy
        required: true
        restart: true
      immich-machine-learning:
        condition: service_healthy
        required: true
        restart: true
    environment:
      DB_DATABASE_NAME: immich
      DB_HOSTNAME: immich-pg-db
      DB_PORT: 5432
      DB_USERNAME: immich
      DB_PASSWORD: ${IMMICH_DB_PASSWORD}
      IMMICH_LOG_LEVEL: error
      IMMICH_TELEMETRY_INCLUDE: all
      REDIS_HOSTNAME: immich-valkey
      REDIS_PORT: 6379
      REDIS_DBINDEX: 0
    healthcheck:
      disable: false
    image: ghcr.io/immich-app/immich-server:release@sha256:8286638680f0a38a7cb380be64ed77d1d1cfe6d0e0b843f64bff92b24289078d
    labels:
      swag: enable
      swag_proto: http
      swag_port: 2283
      swag_url: pics.${MY_TLD}
      swag_server_custom_directive: |
        location /share {
          proxy_pass http://immich-public-proxy:3000;
        }
        location /tools {
          proxy_pass http://immich-power-tools:3000;
        }
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Immich
      swag.uptime-kuma.monitor.url: https://pics.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Media Library
      homepage.name: Immich
      homepage.href: https://pics.${MY_TLD}
      homepage.icon: immich.svg
      homepage.description: High performance self-hosted photo and video management solution
      homepage.widget.type: immich
      homepage.widget.url: http://immich-server:2283
      homepage.widget.key: ${IMMICH_POWER_TOOLS_KEY}
      homepage.widget.version: 2
    ports:
      - 2283:2283
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
      - ${DOCKER_VOLUME_STORAGE}/Pics:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
  immich-machine-learning:
    container_name: immich-machine-learning
    healthcheck:
      disable: false
    image: ghcr.io/immich-app/immich-machine-learning:release@sha256:45626a33361ef7ed361de41b0d2dc19e5949442cdf0a8eb64b157dc8a04e9855
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - immich-model-cache:/cache
  immich-pg-db:
    command: >-
      postgres
      -c shared_preload_libraries=vectors.so
      -c 'search_path="$$user", public, vectors'
      -c logging_collector=on
      -c max_wal_size=2GB
      -c shared_buffers=512MB
      -c wal_compression=on
    container_name: immich-pg-db
    environment:
      POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD}
      POSTGRES_USER: immich
      POSTGRES_DB: immich
    expose:
      - 5432
    healthcheck:
      test: >-
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    image: tensorchord/pgvecto-rs:pg14-v0.2.1@sha256:9172feae86a211bc502db4ec2d3309a57329060b031d91796d39f45d1d698ef3
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/immich/db:/var/lib/postgresql/data
  immich-public-proxy:
    container_name: immich-public-proxy
    depends_on:
      immich-server:
        condition: service_healthy
        required: true
    environment:
      IMMICH_URL: http://immich-server:2283
    expose:
      - 3000
    healthcheck:
      test: wget -q --spider http://localhost:3000/share/healthcheck || exit 1
      start_period: 10s
      timeout: 5s
    image: alangrainger/immich-public-proxy:latest@sha256:bf9ae2b60f9cd69867789a2a492510443aa61cf01ab085475a08496ef35e67d0
    labels:
      homepage.group: Lifestyle
      homepage.name: Immich Public Proxy
      homepage.href: https://pics.${MY_TLD}/share
      homepage.icon: sh-immich-public-proxy.svg
      homepage.description: Immich Proxy for public sharing
      homepage.widget.type: immich
      homepage.widget.url: http://immich-server:2283
      homepage.widget.key: ${IMMICH_POWER_TOOLS_KEY}
      homepage.widget.version: 2
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Immich Public Proxy
      swag.uptime-kuma.monitor.url: https://pics.${MY_TLD}/share
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    profiles: ["rinoa-apps"]
    restart: always
  immich-power-tools:
    container_name: immich-power-tools
    environment:
      DB_DATABASE_NAME: immich
      DB_HOSTNAME: immich-pg-db
      DB_PORT: 5432
      DB_USERNAME: immich
      DB_PASSWORD: ${IMMICH_DB_PASSWORD}
      EXTERNAL_IMMICH_URL: https://pics.${MY_TLD}
      IMMICH_API_KEY: ${IMMICH_POWER_TOOLS_KEY}
      IMMICH_URL: http://immich-server:2283
    image: ghcr.io/varun-raj/immich-power-tools:latest@sha256:abfe87c08d6c08575649d7f4af04bd61ab2e5d3d54bdba693700595f70c92d0a
    ports:
      - 54018:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  immich-valkey:
    container_name: immich-valkey
    <<: *valkey-params
    volumes:
      - immich-valkey-data:/data/valkey
  influxdb2:
    container_name: influxdb2
    environment:
      DOCKER_INFLUXDB_INIT_MODE: setup
      DOCKER_INFLUXDB_INIT_USERNAME: admin
      DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB2_ADMIN_PASSWORD}
      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: /run/secrets/influxdb2-admin-token
      DOCKER_INFLUXDB_INIT_ORG: rinoa
      DOCKER_INFLUXDB_INIT_BUCKET: rinoa
    image: influxdb:2-alpine@sha256:fa166d3bdf6beeecf57791b70e558f6ef54e1e6cea95fb7728b45314bc48543b
    labels:
      swag: enable
      swag_proto: http
      swag_port: 8086
      swag_url: influxdb.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.monitor.url: https://influxdb.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      homepage.group: System Administration
      homepage.name: InfluxDBv2
      homepage.href: https://influxdb.${MY_TLD}
      homepage.icon: influxdb.svg
      homepage.description: Scalable datastore for metrics, events, and real-time analytics
    ports:
      - 8086:8086
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - influxdb2-data:/var/lib/influxdb2
      - influxdb2-config:/etc/influxdb2
  invidious:
    container_name: invidious
    depends_on:
      invidious-db:
        condition: service_started
        required: true
    environment:
      INVIDIOUS_CONFIG_FILE: /config.yml
    healthcheck:
      interval: 30s
      retries: 2
      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1
      timeout: 5s
    image: quay.io/invidious/invidious:latest@sha256:2836b5b8226a53a9cc2afdbd5f5fe6bccdd200f2e17cd92a828b4dc8d8b5cc06
    labels:
      swag: enable
      swag_proto: http
      swag_port: 3000
      swag_url: invid.${MY_TLD}
      swag_server_custom_directive: |
        location /companion {
          proxy_pass http://invidious-companion:8282;
        }
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Invidious
      swag.uptime-kuma.monitor.url: https://invid.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Social
      homepage.name: Invidious
      homepage.href: https://invid.${MY_TLD}
      homepage.icon: invidious.svg
      homepage.description: Alternative YouTube frontend (privacy-focused, ad-blocking)
    networks:
      default: null
    ports:
      - 3007:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/invidious/config.yml:/config.yml
  invidious-companion:
    cap_drop:
      - ALL
    container_name: invidious-companion
    environment:
      SERVER_SECRET_KEY: ${INVID_COMPANION_KEY}
    image: quay.io/invidious/invidious-companion:latest@sha256:6e50b4291b4bc4aa37a6425d2e059481216b7ab73ef2828b78ad82a9c3c70568
    logging:
      options:
        max-size: "1G"
        max-file: "4"
    ports:
      - 16290:8282
    profiles: ["rinoa-apps"]
    read_only: true
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    volumes:
      - invidious-companion-cache:/var/tmp/youtubei.js:rw
  invidious-db:
    container_name: invidious-db
    environment:
      POSTGRES_DB: invidious
      POSTGRES_PASSWORD: ${INVID_PG_DB_PASSWORD}
      POSTGRES_USER: kemal
    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB
    image: docker.io/library/postgres:14@sha256:fbd63b8e1eb2b318d342e8ad279891f622aa5ff69bd95e5683cc915301218bcf
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: invidious-postgres
        target: /var/lib/postgresql/data
        type: volume
        volume: {}
      - source: ${DOCKER_VOLUME_CONFIG}/invidious/sql
        target: /config/sql
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/invidious/entrypoint/init-invidious-db.sh
        target: /docker-entrypoint-initdb.d/init-invidious-db.sh
        type: bind
        bind:
          create_host_path: true
  invoice-ninja:
    container_name: invoice-ninja
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
        restart: true
    environment:
      APP_DEBUG: true
      APP_KEY: ${IN_APP_KEY}
      APP_URL: http://invoice-ninja:8005
      APP_ENV: production
      DB_DATABASE: invoice_ninja
      DB_HOST: mariadb
      DB_PASSWORD: ${IN_MYSQL_PASSWORD}
      DB_PORT: 3306
      DB_USERNAME: ininja
      IN_PASSWORD: ${IN_PASSWORD}
      IN_USER_EMAIL: charish.patel@${MY_TLD}
      IS_DOCKER: true
      MAIL_ENCRYPTION: null
      MAIL_FROM_ADDRESS: noreply@${MY_TLD}
      MAIL_FROM_NAME: null
      MAIL_HOST: postal-smtp
      MAIL_MAILER: log
      MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      MAIL_PORT: 25
      MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      MYSQL_DATABASE: invoice_ninja
      MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
      MYSQL_USER: ininja
      PDF_GENERATOR: snappdf
      PHANTOMJS_PDF_GENERATION: false
      QUEUE_CONNECTION: database
      REQUIRE_HTTPS: false
      TRUSTED_PROXIES: 172.18.0.0/16
    expose:
      - 9000
    image: invoiceninja/invoiceninja-debian:5@sha256:5505dffeb378e4ea926c761177025881f251b049dc1dba15af3384e5ca5568b4
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - invoice-ninja_cache:/var/www/html/bootstrap/cache
      - invoice-ninja_public:/var/www/html/public
      - invoice-ninja_storage:/var/www/html/storage
  invoice-ninja_proxy:
    container_name: invoice-ninja_proxy
    depends_on:
      invoice-ninja:
        condition: service_started
        required: true
        restart: true
    environment:
      APP_DEBUG: true
      APP_KEY: ${IN_APP_KEY}
      APP_URL: http://invoice-ninja:9000
      DB_DATABASE: invoice_ninja
      DB_HOST: mariadb
      DB_PASSWORD: ${IN_MYSQL_PASSWORD}
      DB_PORT: 3306
      DB_USERNAME: ininja
      IN_PASSWORD: ${IN_PASSWORD}
      IN_USER_EMAIL: charish.patel@${MY_TLD}
      MAIL_ENCRYPTION: null
      MAIL_FROM_ADDRESS: noreply@${MY_TLD}
      MAIL_FROM_NAME: null
      MAIL_HOST: postal-smtp
      MAIL_MAILER: log
      MAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      MAIL_PORT: 25
      MAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      MYSQL_DATABASE: invoice_ninja
      MYSQL_PASSWORD: ${IN_MYSQL_PASSWORD}
      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
      MYSQL_USER: ininja
      PDF_GENERATOR: snappdf
      PHANTOMJS_PDF_GENERATION: false
      QUEUE_CONNECTION: database
      REQUIRE_HTTPS: false
      TRUSTED_PROXIES: 172.18.0.0/16
    image: nginx@sha256:8adbdcb969e2676478ee2c7ad333956f0c8e0e4c5a7463f4611d7a2e7a7ff5dc
    labels:
      swag: enable
      swag_proto: http
      swag_url: biz.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Invoice Ninja
      swag.uptime-kuma.monitor.url: https://biz.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Professional Services
      homepage.name: Invoice Ninja
      homepage.href: https://biz.${MY_TLD}
      homepage.icon: invoice-ninja.svg
      homepage.description: Simple invoicing, multiple payment options, expense and vendor management, and more!
    ports:
      - 8005:80
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/invoice-ninja/nginx:/etc/nginx/conf.d:ro
      - invoice-ninja_public:/var/www/html/public
      - invoice-ninja_storage:/var/www/html/storage
  it-tools:
    container_name: it-tools
    image: ghcr.io/corentinth/it-tools:latest@sha256:8b8128748339583ca951af03dfe02a9a4d7363f61a216226fc28030731a5a61f
    labels:
      swag: enable
      swag_proto: http
      swag_url: itt.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: IT-Tools
      swag.uptime-kuma.monitor.url: https://itt.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Code/DevOps
      homepage.name: IT-Tools
      homepage.href: https://itt.${MY_TLD}
      homepage.icon: it-tools.svg
      homepage.description: Useful tools for developers and people working in IT
    networks:
      default: null
    ports:
      - 8104:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  jellyfin:
    container_name: jellyfin
    environment:
      JELLYFIN_PublishedServerUrl: https://jf.${MY_TLD}
    image: jellyfin/jellyfin@sha256:7ae36aab93ef9b6aaff02b37f8bb23df84bb2d7a3f6054ec8fc466072a648ce2
    labels:
      homepage.group: Media Library
      homepage.name: Jellyfin
      homepage.icon: jellyfin.svg
      homepage.href: https://jf.${MY_TLD}
      homepage.description: Movie/TV Streaming
      homepage.widget.type: jellyfin
      homepage.widget.url: http://jellyfin:8096
      homepage.widget.key: ${JELLYFIN_API_KEY}
      homepage.widget.enableBlocks: true
      homepage.widget.enableNowPlaying: true
      homepage.widget.enableUser: true
      homepage.widget.showEpisodeNumber: true
      homepage.widget.expandOneStreamToTwoRows: false
      swag: enable
      swag_url: jf.${MY_TLD}
      swag_port: 8096
      swag_proto: http
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Jellyfin
      swag.uptime-kuma.monitor.url: https://jf.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 8487:8096
      - 7359:7359
      - 1900:1900
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/jellyfin:/config
      - ${DOCKER_VOLUME_CONFIG}/jellyfin/cache:/cache
      - ${DOCKER_VOLUME_STORAGE}/TV_Shows:/storage/tv
      - ${DOCKER_VOLUME_STORAGE}/Movies:/storage/movies
      - /etc/localtime:/etc/localtime
      - /usr/share/fonts:/usr/local/share/fonts/custom
  jitsi-etherpad:
    container_name: jitsi-etherpad
    environment:
      TITLE: ${JITSI__ETHERPAD_TITLE}
      DEFAULT_PAD_TEXT: ${JITSI__ETHERPAD_DEFAULT_PAD_TEXT}
      SKIN_NAME: ${JITSI__ETHERPAD_SKIN_NAME}
      SKIN_VARIANTS: ${JITSI__ETHERPAD_SKIN_VARIANTS}
      SUPPRESS_ERRORS_IN_PAD_TEXT: true
    hostname: etherpad.meet.jitsi
    image: etherpad/etherpad:1.9.7@sha256:d1d6a772dd49e2d920fda874cdae2d4a43f24ba5713a1e330b6342fbab3eb5ec
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  jitsi-jibri:
    cap_add:
      - SYS_ADMIN
    container_name: jitsi-jibri
    depends_on:
      jitsi-jicofo:
        condition: service_started
        required: true
    environment:
      AUTOSCALER_SIDECAR_KEY_FILE:
      AUTOSCALER_SIDECAR_KEY_ID:
      AUTOSCALER_SIDECAR_GROUP_NAME:
      AUTOSCALER_SIDECAR_HOST_ID:
      AUTOSCALER_SIDECAR_INSTANCE_ID:
      AUTOSCALER_SIDECAR_PORT:
      AUTOSCALER_SIDECAR_REGION:
      AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL:
      AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL:
      AUTOSCALER_URL:
      CHROMIUM_FLAGS:
      DISPLAY: :0
      ENABLE_STATS_D:
      JIBRI_WEBHOOK_SUBSCRIBERS:
      JIBRI_HTTP_API_EXTERNAL_PORT:
      JIBRI_HTTP_API_INTERNAL_PORT:
      JIBRI_RECORDING_RESOLUTION:
      JIBRI_RECORDING_VIDEO_ENCODE_PRESET:
      JIBRI_RECORDING_CONSTANT_RATE_FACTOR:
      JIBRI_RECORDING_FRAMERATE:
      JIBRI_RECORDING_QUEUE_SIZE:
      JIBRI_RECORDING_STREAMING_MAX_BITRATE:
      JIBRI_USAGE_TIMEOUT:
      JIBRI_XMPP_USER:
      JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD}
      JIBRI_BREWERY_MUC:
      JIBRI_RECORDER_USER: jibri-recorder
      JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD}
      JIBRI_RECORDING_DIR:
      JIBRI_FINALIZE_RECORDING_SCRIPT_PATH:
      JIBRI_STRIP_DOMAIN_JID:
      JIBRI_STATSD_HOST:
      JIBRI_STATSD_PORT:
      LOCAL_ADDRESS:
      PUBLIC_URL: ${JITSI__PUBLIC_URL}
      TZ: ${TZ}
      XMPP_AUTH_DOMAIN:
      XMPP_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
      XMPP_MUC_DOMAIN:
      XMPP_RECORDER_DOMAIN:
      XMPP_SERVER:
      XMPP_PORT:
      XMPP_TRUST_ALL_CERTS:
    image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable}
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    shm_size: 2gb
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/jitsi/jibri
        target: /config
        type: bind
        bind:
          create_host_path: true
  jitsi-jicofo:
    container_name: jitsi-jicofo
    depends_on:
      jitsi-prosody:
        condition: service_started
        required: true
    environment:
      AUTH_TYPE:
      BRIDGE_AVG_PARTICIPANT_STRESS:
      BRIDGE_STRESS_THRESHOLD:
      ENABLE_AUTH:
      ENABLE_AUTO_OWNER:
      ENABLE_CODEC_VP8:
      ENABLE_CODEC_VP9:
      ENABLE_CODEC_H264:
      ENABLE_CODEC_OPUS_RED:
      ENABLE_JVB_XMPP_SERVER:
      ENABLE_OCTO:
      ENABLE_RECORDING: 1
      ENABLE_SCTP:
      ENABLE_AUTO_LOGIN:
      JICOFO_AUTH_LIFETIME:
      JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD}
      JICOFO_AUTH_TYPE:
      JICOFO_BRIDGE_REGION_GROUPS:
      JICOFO_ENABLE_AUTH:
      JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS:
      JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT:
      JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT:
      JICOFO_CONF_SOURCE_SIGNALING_DELAYS:
      JICOFO_CONF_MAX_AUDIO_SENDERS:
      JICOFO_CONF_MAX_VIDEO_SENDERS:
      JICOFO_CONF_STRIP_SIMULCAST:
      JICOFO_CONF_SSRC_REWRITING:
      JICOFO_ENABLE_HEALTH_CHECKS:
      JICOFO_ENABLE_REST:
      JICOFO_HEALTH_CHECKS_USE_PRESENCE:
      JICOFO_MULTI_STREAM_BACKWARD_COMPAT:
      JICOFO_OCTO_REGION:
      JIBRI_BREWERY_MUC:
      JIBRI_REQUEST_RETRIES:
      JIBRI_PENDING_TIMEOUT:
      JIGASI_BREWERY_MUC:
      JIGASI_SIP_URI:
      JVB_BREWERY_MUC:
      JVB_XMPP_AUTH_DOMAIN:
      JVB_XMPP_INTERNAL_MUC_DOMAIN:
      JVB_XMPP_PORT:
      JVB_XMPP_SERVER:
      MAX_BRIDGE_PARTICIPANTS:
      OCTO_BRIDGE_SELECTION_STRATEGY:
      SENTRY_DSN: "${JICOFO_SENTRY_DSN:-0}"
      SENTRY_ENVIRONMENT:
      SENTRY_RELEASE:
      TZ: ${TZ}
      XMPP_DOMAIN:
      XMPP_AUTH_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
      XMPP_MUC_DOMAIN:
      XMPP_RECORDER_DOMAIN:
      XMPP_SERVER:
      XMPP_PORT:
    image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable}
    networks:
      default: null
    ports:
      - 8889:8888
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/jicofo
        target: /config
        type: bind
  jitsi-jigasi:
    container_name: jitsi-jigasi
    depends_on:
      jitsi-prosody:
        condition: service_started
        required: true
    environment:
      ENABLE_AUTH: 1
      ENABLE_GUESTS: 1
      XMPP_AUTH_DOMAIN:
      XMPP_GUEST_DOMAIN:
      XMPP_MUC_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
      XMPP_SERVER:
      XMPP_PORT:
      XMPP_DOMAIN:
      PUBLIC_URL: ${JITSI__PUBLIC_URL}
      JIGASI_DISABLE_SIP:
      JIGASI_SIP_URI: ${JITSI__SIP_URI}
      JIGASI_SIP_PASSWORD: ${JITSI__JIGAGI_SIP_PASSWORD}
      JIGASI_SIP_SERVER: ${JITSI__JIGAGI_SIP_SERVER}
      JIGASI_SIP_PORT: ${JITSI__JIGAGI_SIP_PORT}
      JIGASI_SIP_TRANSPORT: ${JITSI__JIGAGI_SIP_TRANSPORT}
      JIGASI_SIP_DEFAULT_ROOM:
      JIGASI_XMPP_USER:
      JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD}
      JIGASI_BREWERY_MUC:
      JIGASI_PORT_MIN:
      JIGASI_PORT_MAX:
      JIGASI_HEALTH_CHECK_SIP_URI:
      JIGASI_HEALTH_CHECK_INTERVAL:
      JIGASI_SIP_KEEP_ALIVE_METHOD:
      JIGASI_ENABLE_SDES_SRTP:
      ENABLE_TRANSCRIPTIONS: 1
      JIGASI_TRANSCRIBER_ADVERTISE_URL:
      JIGASI_TRANSCRIBER_RECORD_AUDIO:
      JIGASI_TRANSCRIBER_SEND_TXT:
      GC_PROJECT_ID:
      GC_PRIVATE_KEY_ID:
      GC_PRIVATE_KEY:
      GC_CLIENT_EMAIL:
      GC_CLIENT_ID:
      GC_CLIENT_CERT_URL:
      SHUTDOWN_REST_ENABLED:
      SENTRY_DSN: "${JIGASI_SENTRY_DSN:-0}"
      SENTRY_ENVIRONMENT:
      SENTRY_RELEASE:
      TZ: ${TZ}
    image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable}
    networks:
      default: null
    ports:
      - 20000-20050:20000-20050/udp
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/jigasi
        target: /config
        type: bind
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
        target: /tmp/transcripts
        type: bind
  jitsi-jvb:
    container_name: video.meet.jitsi
    depends_on:
      jitsi-prosody:
        condition: service_started
        required: true
    environment:
      DOCKER_HOST_ADDRESS:
      ENABLE_COLIBRI_WEBSOCKET:
      ENABLE_JVB_XMPP_SERVER:
      ENABLE_OCTO:
      JVB_ADVERTISE_IPS: 192.168.1.254
      JVB_ADVERTISE_PRIVATE_CANDIDATES:
      JVB_AUTH_USER:
      JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
      JVB_BREWERY_MUC:
      JVB_DISABLE_STUN:
      JVB_PORT:
      JVB_MUC_NICKNAME:
      JVB_STUN_SERVERS:
      JVB_OCTO_BIND_ADDRESS:
      JVB_OCTO_REGION:
      JVB_OCTO_RELAY_ID:
      JVB_WS_DOMAIN:
      JVB_WS_SERVER_ID:
      JVB_XMPP_AUTH_DOMAIN:
      JVB_XMPP_INTERNAL_MUC_DOMAIN:
      JVB_XMPP_PORT:
      JVB_XMPP_SERVER:
      PUBLIC_URL: ${JITSI__PUBLIC_URL}
      SENTRY_DSN: "${JVB_SENTRY_DSN:-0}"
      SENTRY_ENVIRONMENT:
      SENTRY_RELEASE:
      COLIBRI_REST_ENABLED:
      SHUTDOWN_REST_ENABLED:
      TZ: ${TZ}
      XMPP_AUTH_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
      XMPP_SERVER:
      XMPP_PORT:
    image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable}
    networks:
      default: null
    ports:
      - 10000:10000/udp
      - 8091:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/jvb
        target: /config
        type: bind
  jitsi-prosody:
    container_name: xmpp.meet.jitsi
    environment:
      AUTH_TYPE:
      DISABLE_POLLS:
      ENABLE_AUTH:
      ENABLE_AV_MODERATION:
      ENABLE_BREAKOUT_ROOMS:
      ENABLE_END_CONFERENCE:
      ENABLE_GUESTS: 1
      ENABLE_IPV6:
      ENABLE_LOBBY: 1
      ENABLE_RECORDING: 1
      ENABLE_XMPP_WEBSOCKET:
      ENABLE_JAAS_COMPONENTS:
      GC_TYPE:
      GC_INC_TH:
      GC_INC_SPEED:
      GC_INC_STEP_SIZE:
      GC_GEN_MIN_TH:
      GC_GEN_MAX_TH:
      GLOBAL_CONFIG:
      GLOBAL_MODULES:
      JIBRI_RECORDER_USER:
      JIBRI_RECORDER_PASSWORD: ${JITSI__JIBRI_RECORDER_PASSWORD}
      JIBRI_XMPP_USER:
      JIBRI_XMPP_PASSWORD: ${JITSI__JIBRI_XMPP_PASSWORD}
      JICOFO_AUTH_PASSWORD: ${JITSI__JICOFO_AUTH_PASSWORD}
      JICOFO_COMPONENT_SECRET:
      JIGASI_XMPP_USER:
      JIGASI_XMPP_PASSWORD: ${JITSI__JIGASI_XMPP_PASSWORD}
      JIGASI_TRANSCRIBER_PASSWORD: ${JITSI__JIGASI_TRANSCRIBER_PASSWORD}
      JVB_AUTH_USER:
      JVB_AUTH_PASSWORD: ${JITSI__JVB_AUTH_PASSWORD}
      JWT_APP_ID:
      JWT_APP_SECRET:
      JWT_ACCEPTED_ISSUERS:
      JWT_ACCEPTED_AUDIENCES:
      JWT_ASAP_KEYSERVER:
      JWT_ALLOW_EMPTY:
      JWT_AUTH_TYPE:
      JWT_ENABLE_DOMAIN_VERIFICATION:
      JWT_TOKEN_AUTH_MODULE:
      MATRIX_UVS_URL:
      MATRIX_UVS_ISSUER:
      MATRIX_UVS_AUTH_TOKEN:
      MATRIX_UVS_SYNC_POWER_LEVELS:
      LOG_LEVEL:
      LDAP_AUTH_METHOD:
      LDAP_BASE:
      LDAP_BINDDN:
      LDAP_BINDPW:
      LDAP_FILTER:
      LDAP_VERSION:
      LDAP_TLS_CIPHERS:
      LDAP_TLS_CHECK_PEER:
      LDAP_TLS_CACERT_FILE:
      LDAP_TLS_CACERT_DIR:
      LDAP_START_TLS:
      LDAP_URL:
      LDAP_USE_TLS:
      MAX_PARTICIPANTS:
      PROSODY_AUTH_TYPE:
      PROSODY_RESERVATION_ENABLED:
      PROSODY_RESERVATION_REST_BASE_URL:
      PROSODY_ENABLE_RATE_LIMITS:
      PROSODY_RATE_LIMIT_LOGIN_RATE:
      PROSODY_RATE_LIMIT_SESSION_RATE:
      PROSODY_RATE_LIMIT_TIMEOUT:
      PROSODY_RATE_LIMIT_ALLOW_RANGES:
      PROSODY_RATE_LIMIT_CACHE_SIZE:
      PUBLIC_URL: ${JITSI__PUBLIC_URL}
      TURN_CREDENTIALS:
      TURN_HOST:
      TURNS_HOST:
      TURN_PORT:
      TURNS_PORT:
      TURN_TRANSPORT:
      TZ: ${TZ}
      XMPP_DOMAIN:
      XMPP_AUTH_DOMAIN:
      XMPP_GUEST_DOMAIN:
      XMPP_MUC_DOMAIN:
      XMPP_INTERNAL_MUC_DOMAIN:
      XMPP_MODULES:
      XMPP_MUC_MODULES:
      XMPP_MUC_CONFIGURATION:
      XMPP_INTERNAL_MUC_MODULES:
      XMPP_RECORDER_DOMAIN:
      XMPP_PORT:
    expose:
      - 5222
      - "5347"
      - "5280"
    image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable}
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/config
        target: /config
        type: bind
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/prosody/prosody-plugins-custom
        target: /prosody-plugins-custom
        type: bind
  jitsi-web:
    container_name: jitsi-web
    environment:
      AMPLITUDE_ID:
      ANALYTICS_SCRIPT_URLS:
      ANALYTICS_WHITELISTED_EVENTS:
      AUDIO_QUALITY_OPUS_BITRATE:
      AUTO_CAPTION_ON_RECORD:
      BRANDING_DATA_URL:
      CALLSTATS_CUSTOM_SCRIPT_URL:
      CALLSTATS_ID:
      CALLSTATS_SECRET:
      CHROME_EXTENSION_BANNER_JSON:
      COLIBRI_WEBSOCKET_PORT:
      CONFCODE_URL:
      CONFIG_EXTERNAL_CONNECT:
      DEFAULT_LANGUAGE:
      DEPLOYMENTINFO_ENVIRONMENT:
      DEPLOYMENTINFO_ENVIRONMENT_TYPE:
      DEPLOYMENTINFO_REGION:
      DEPLOYMENTINFO_SHARD:
      DEPLOYMENTINFO_USERREGION:
      DESKTOP_SHARING_FRAMERATE_MIN:
      DESKTOP_SHARING_FRAMERATE_MAX:
      DIALIN_NUMBERS_URL:
      DIALOUT_AUTH_URL:
      DIALOUT_CODES_URL:
      DISABLE_AUDIO_LEVELS:
      DISABLE_DEEP_LINKING:
      DISABLE_GRANT_MODERATOR:
      DISABLE_HTTPS: 1
      DISABLE_KICKOUT:
      DISABLE_LOCAL_RECORDING:
      DISABLE_POLLS:
      DISABLE_PRIVATE_CHAT:
      DISABLE_PROFILE:
      DISABLE_REACTIONS:
      DISABLE_REMOTE_VIDEO_MENU:
      DISABLE_START_FOR_ALL:
      DROPBOX_APPKEY:
      DROPBOX_REDIRECT_URI:
      DYNAMIC_BRANDING_URL:
      ENABLE_AUDIO_PROCESSING:
      ENABLE_AUTH:
      ENABLE_BREAKOUT_ROOMS:
      ENABLE_CALENDAR:
      ENABLE_COLIBRI_WEBSOCKET:
      ENABLE_E2EPING:
      ENABLE_FILE_RECORDING_SHARING:
      ENABLE_GUESTS: 1
      ENABLE_HSTS:
      ENABLE_HTTP_REDIRECT: 0
      ENABLE_IPV6:
      ENABLE_LETSENCRYPT: 0
      ENABLE_LIPSYNC:
      ENABLE_NO_AUDIO_DETECTION:
      ENABLE_NOISY_MIC_DETECTION:
      ENABLE_OCTO:
      ENABLE_OPUS_RED:
      ENABLE_PREJOIN_PAGE:
      ENABLE_P2P:
      ENABLE_WELCOME_PAGE:
      ENABLE_CLOSE_PAGE:
      ENABLE_LIVESTREAMING:
      ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK:
      ENABLE_LIVESTREAMING_HELP_LINK:
      ENABLE_LIVESTREAMING_TERMS_LINK:
      ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING:
      ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT:
      ENABLE_LOCAL_RECORDING_SELF_START:
      ENABLE_RECORDING: 1
      ENABLE_REMB:
      ENABLE_REQUIRE_DISPLAY_NAME:
      ENABLE_SERVICE_RECORDING:
      ENABLE_SIMULCAST:
      ENABLE_STATS_ID:
      ENABLE_STEREO:
      ENABLE_SUBDOMAINS:
      ENABLE_TALK_WHILE_MUTED:
      ENABLE_TCC:
      ENABLE_TRANSCRIPTIONS: 1
      ENABLE_XMPP_WEBSOCKET:
      ENABLE_JAAS_COMPONENTS:
      ETHERPAD_PUBLIC_URL:
      ETHERPAD_URL_BASE: ${JITSI__ETHERPAD_URL_BASE}
      E2EPING_NUM_REQUESTS:
      E2EPING_MAX_CONFERENCE_SIZE:
      E2EPING_MAX_MESSAGE_PER_SECOND:
      GOOGLE_ANALYTICS_ID:
      GOOGLE_API_APP_CLIENT_ID:
      HIDE_PREMEETING_BUTTONS:
      HIDE_PREJOIN_DISPLAY_NAME:
      HIDE_PREJOIN_EXTRA_BUTTONS:
      INVITE_SERVICE_URL:
      LETSENCRYPT_DOMAIN:
      LETSENCRYPT_EMAIL:
      LETSENCRYPT_USE_STAGING:
      MATOMO_ENDPOINT:
      MATOMO_SITE_ID:
      MICROSOFT_API_APP_CLIENT_ID:
      NGINX_RESOLVER:
      NGINX_WORKER_PROCESSES:
      NGINX_WORKER_CONNECTIONS:
      PEOPLE_SEARCH_URL:
      PREFERRED_LANGUAGE:
      PUBLIC_URL: ${JITSI__PUBLIC_URL}
      P2P_PREFERRED_CODEC:
      RESOLUTION:
      RESOLUTION_MIN:
      RESOLUTION_WIDTH:
      RESOLUTION_WIDTH_MIN:
      START_AUDIO_MUTED:
      START_AUDIO_ONLY:
      START_BITRATE:
      START_SILENT:
      START_WITH_AUDIO_MUTED:
      START_VIDEO_MUTED:
      START_WITH_VIDEO_MUTED:
      TESTING_CAP_SCREENSHARE_BITRATE:
      TESTING_OCTO_PROBABILITY:
      TOKEN_AUTH_URL:
      TOOLBAR_BUTTONS:
      TRANSLATION_LANGUAGES:
      TRANSLATION_LANGUAGES_HEAD:
      TZ: ${TZ}
      USE_APP_LANGUAGE:
      VIDEOQUALITY_BITRATE_H264_LOW:
      VIDEOQUALITY_BITRATE_H264_STANDARD:
      VIDEOQUALITY_BITRATE_H264_HIGH:
      VIDEOQUALITY_BITRATE_VP8_LOW:
      VIDEOQUALITY_BITRATE_VP8_STANDARD:
      VIDEOQUALITY_BITRATE_VP8_HIGH:
      VIDEOQUALITY_BITRATE_VP9_LOW:
      VIDEOQUALITY_BITRATE_VP9_STANDARD:
      VIDEOQUALITY_BITRATE_VP9_HIGH:
      VIDEOQUALITY_ENFORCE_PREFERRED_CODEC:
      VIDEOQUALITY_PREFERRED_CODEC:
      XMPP_AUTH_DOMAIN:
      XMPP_BOSH_URL_BASE:
      XMPP_DOMAIN:
      XMPP_GUEST_DOMAIN:
      XMPP_MUC_DOMAIN:
      XMPP_RECORDER_DOMAIN:
      XMPP_PORT:
      WHITEBOARD_ENABLED:
      WHITEBOARD_COLLAB_SERVER_PUBLIC_URL:
    hostname: meet.jitsi
    image: jitsi/web:${JITSI_IMAGE_VERSION:-stable}
    labels:
      swag: enable
      swag_proto: https
      swag_url: meet.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Jitsi
      swag.uptime-kuma.monitor.url: https://meet.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Professional Services
      homepage.name: Jitsi
      homepage.href: https://meet.${MY_TLD}
      homepage.icon: jitsi.png
      homepage.description: Web Conferencing
    networks:
      default: null
    ports:
      - 8001:80
      - 8002:443
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/web
        target: /config
        type: bind
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/web/crontabs
        target: /var/spool/cron/crontabs
        type: bind
      - bind:
          create_host_path: true
          selinux: Z
        source: ${DOCKER_VOLUME_CONFIG}/jitsi/transcripts
        target: /usr/share/jitsi-meet/transcripts
        type: bind
  joplin-db:
    container_name: joplin-db
    environment:
      POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD}
      POSTGRES_USER: ${JOPLIN_POSTGRES_USER}
      POSTGRES_DB: ${JOPLIN_POSTGRES_DATABASE}
    expose:
      - 5432
    image: postgres:17-alpine@sha256:5d14c08a257610d8e27c52ce0f10de5d9cce4c232e1277d44d7d6fb628b3d1a7
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: joplin_data
        target: /var/lib/postgresql/data
        type: volume
        volume: {}
  joplin:
    container_name: joplin
    environment:
      ACCOUNT_TYPES_ENABLED: true
      APP_PORT: ${JOPLIN_APP_PORT}
      APP_BASE_URL: ${JOPLIN_APP_BASE_URL}
      DB_CLIENT: pg
      INSTANCE_NAME: "Joplin @ Rinoa"
      IS_ADMIN_INSTANCE: true
      MAILER_ENABLED: 1
      MAILER_HOST: postal-SMTP
      MAILER_PORT: 25
      MAILER_SECURITY: none
      MAILER_AUTH_USER: ${POSTAL_SMTP_AUTH_USER}
      MAILER_AUTH_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      MAILER_NOREPLY_NAME: Joplin @ Rinoa
      MAILER_NOREPLY_EMAIL: noreply@${MY_TLD}
      POSTGRES_PASSWORD: ${JOPLIN_POSTGRES_PASSWORD}
      POSTGRES_DATABASE: ${JOPLIN_POSTGRES_DATABASE}
      POSTGRES_USER: ${JOPLIN_POSTGRES_USER}
      POSTGRES_PORT: 5432
      POSTGRES_HOST: joplin-db
    image: joplin/server:latest@sha256:95b67dc6a4e77a974ac2bcc86818cbbfe5495e7b62d06a66f848a877878dce53
    labels:
      homepage.group: Personal Tools
      homepage.name: Joplin
      homepage.href: https://notes.${MY_TLD}
      homepage.icon: joplin.svg
      homepage.description: Open-source note taking & to-do
      swag: enable
      swag_url: notes.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Joplin
      swag.uptime-kuma.monitor.url: https://notes.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 22300:22300
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  karakeep:
    container_name: karakeep
    image: ghcr.io/karakeep-app/karakeep:release@sha256:abd7d6b11b1b8fa3593d1971f886a74850ba8d6a99291218b150207d5a60378e
    environment:
      BROWSER_WEB_URL: http://chrome:9222
      DATA_DIR: /data
      INFERENCE_TEXT_MODEL: llama3.3:latest
      INFERENCE_IMAGE_MODEL: llava:latest
      MEILI_ADDR: http://meilisearch:7700
      NEXTAUTH_SECRET: ${KARAKEEP_NEXTAUTH_SECRET}
      NEXTAUTH_URL: https://kkeep.${MY_TLD}
      OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
      OLLAMA_BASE_URL: http://ollama:11434
    labels:
      homepage.group: Lifestyle
      homepage.name: Karakeep
      homepage.href: https://kkeep.${MY_TLD}
      homepage.icon: karakeep-dark.svg
      homepage.description: Self-hosted bookmark-everything app with a touch of AI for data hoarders
      homepage.widget.type: karakeep
      homepage.widget.url: http://karakeep:3000
      homepage.widget.key: ${KARAKEEP_HOMEPAGE_WIDGET_KEY}
      swag: enable
      swag_url: kkeep.${MY_TLD}
      swag_port: 3000
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Karakeep
      swag.uptime-kuma.monitor.url: https://kkeep.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 24977:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - karakeep-data:/data
  languagetool:
    container_name: languagetool
    environment:
      langtool_languageModel: /opt/languagetool/langModel
      Java_Xms: 512m
      Java_Xmx: 1g
    expose:
      - 8010
    image: elestio/languagetool:latest@sha256:85a32bdef9e7d87125977a201bfe7aa4310e67cab8abfa370157a9fc67cda4cd
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/languagetool/:/opt/languagetool/langModel
  libretranslate:
    container_name: libretranslate
    environment:
      LT_UPDATE_MODELS: true
    healthcheck:
      test: ["CMD-SHELL", "./venv/bin/python scripts/healthcheck.py"]
    image: libretranslate/libretranslate@sha256:3727db3ce8224fb6afddd5227739ac6e58f060bcc59f12ae24a351dba47dd4f6
    labels:
      homepage.group: Personal Tools
      homepage.name: LibreTranslate
      homepage.href: https://translate.${MY_TLD}
      homepage.icon: sh-libretranslate.svg
      homepage.description: Open-source machine translation API
      swag: enable
      swag_port: 5000
      swag_url: translate.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: LibreTranslate
      swag.uptime-kuma.monitor.url: https://translate.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 5000:5000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    stdin_open: true
    tty: true
    volumes:
      - libretranslate_api_keys:/app/db
      - libretranslate_models:/home/libretranslate/.local:rw
  lidarr:
    container_name: lidarr
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: America/New_York
      DOCKER_MODS: ghcr.io/gilbn/theme.park:lidarr
    hostname: Rinoa
    image: lscr.io/linuxserver/lidarr:latest@sha256:2452f5df3b6e3a267c419382a1e492c6831a5e46a01c3aec11c61a7810e15d6f
    labels:
      homepage.group: Servarr Stack
      homepage.name: Lidarr
      homepage.href: https://lidarr.${MY_TLD}
      homepage.icon: lidarr.png
      homepage.description: Music Automation
      homepage.widget.type: lidarr
      homepage.widget.url: http://lidarr:8686
      homepage.widget.key: ${LIDARR_API_KEY}
      swag: enable
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Lidarr
      swag.uptime-kuma.monitor.url: https://lidarr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8686:8686
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/lidarr:/config
      - /rinoa-storage:/storage
      - ${DOCKER_VOLUME_STORAGE}/downloads/:/downloads
  lidify:
    container_name: lidify
    environment:
      app_name: lidify
      app_rev: 0.09
      app_url: lidify.${MY_TLD}
      dry_run_adding_to_lidarr: true
      fallback_to_top_result: false
      last_fm_api_key: ${LASTFM_API_KEY}
      last_fm_api_secret: ${LASTFM_API_SECRET}
      lidarr_address: http://lidarr:8686
      lidarr_api_key: ${LIDARR_API_KEY}
      lidarr_api_timeout: 120
      metadata_profile_id: 1
      mode: LastFM
      quality_profile_id: 1
      root_folder_path: /data/media/music
      search_for_missing_albums: false
      spotify_client_id: ${YOUR_SPOTIFY_ID}
      spotify_client_secret: ${YOUR_SPOTIFY_SECRET}
    expose:
      - 5000
    image: thewicklowwolf/lidify:latest@sha256:958eaddeef8195470b974ee03512d9a5c31ad2af3167f7824448fb026fa9c94a
    labels:
      homepage.group: Servarr Stack
      homepage.name: Lidify
      homepage.href: https://lidify.${MY_TLD}
      homepage.icon: sh-lidify.png
      homepage.description: Music Discovery a la Last.fm, Spotify, Pandora, etc.
      swag: enable
      swag_auth: authelia
      swag_proto: http
      swag_port: 5000
      swag_url: lidify.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Lidify
      swag.uptime-kuma.monitor.url: https://lidify.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/lidify
        target: /lidify/config
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_STORAGE}/Audio/Music
        target: /data/media/music
        type: bind
        bind:
          create_host_path: true
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
  linkstack:
    container_name: linkstack
    image: linkstackorg/linkstack:latest@sha256:abd691b4293b020a317de8794737671e0315159efcb868e8a4124d6f0611f7ae
    environment:
      TZ: ${TZ}
      SERVER_ADMIN: noreply@${MY_TLD}
      HTTP_SERVER_NAME: profile.${MY_TLD}
      HTTPS_SERVER_NAME: profile.${MY_TLD}
      LOG_LEVEL: info
      PHP_MEMORY_LIMIT: 256M
      UPLOAD_MAX_FILESIZE: 64M
    labels:
      homepage.group: Social
      homepage.name: LinkStack
      homepage.href: https://profile.${MY_TLD}
      homepage.icon: linkstack.svg
      homepage.description: Personal profile
      swag: enable
      swag_proto: https
      swag_url: profile.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: LinkStack
      swag.uptime-kuma.monitor.url: "https://profile.${MY_TLD}/@Trez.One"
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 8190:443
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - linkstack_data:/htdocs
  lldap:
    container_name: lldap
    environment:
      UID: ${PUID}
      GID: ${PGID}
      TZ: ${TZ}
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
      LLDAP_LDAP_BASE_DN: dc=trez,dc=wtf
    image: lldap/lldap:stable@sha256:9e605a66c02514bfcffd1b67cafb1e98d50992216bb2871d7ae44622047dd09d
    labels:
      homepage.group: Privacy/Security
      homepage.name: LLDAP
      homepage.href: https://ldap.${MY_TLD}
      homepage.icon: /icons/lldap.png
      homepage.description: LDAP made easy
      swag: enable
      swag_proto: http
      swag_port: 17170
      swag_url: ldap.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: LLDAP
      swag.uptime-kuma.monitor.url: https://ldap.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 17170:17170
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/lldap
        target: /data
        type: bind
        bind:
          create_host_path: true
  loggifly:
    image: ghcr.io/clemcer/loggifly:latest@sha256:cf1968ac30dc34dd85a8358a48d0f9bb959cbbfe6b3beef6e7732ab703518812
    container_name: loggifly
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${DOCKER_VOLUME_CONFIG}/loggifly/config.yaml:/app/config.yaml # Path to your config file (ignore if you are only using environment variables)
  maloja:
    container_name: maloja
    environment:
      MALOJA_CLEAN_OUTPUT: true
      MALOJA_DEV_MODE: false
      MALOJA_FORCE_PASSWORD: ${MALOJA_FORCE_PASSWORD}
      MALOJA_LASTFM_API_KEY: ${LASTFM_API_KEY}
      MALOJA_LASTFM_API_SECRET: ${LASTFM_API_SECRET}
      MALOJA_LASTFM_PASSWORD: ${LASTFM_PASSWORD}
      MALOJA_LASTFM_USERNAME: ${LASTFM_USERNAME}
      MALOJA_LOGGING: true
      MALOJA_PARSE_REMIX_ARTISTS: true
      MALOJA_SCROBBLE_LASTFM: true
      MALOJA_SKIP_SETUP: true
      MALOJA_SPOTIFY_API_ID: ${YOUR_SPOTIFY_ID}
      MALOJA_SPOTIFY_API_SECRET: ${YOUR_SPOTIFY_SECRET}
      MALOJA_TIMEZONE: ${TZ}
    image: krateng/maloja:latest@sha256:4ecea26058d2ca5168a8d53820279942d28f0606664cea6425f42371d5d88f95
    labels:
      homepage.group: Media Library
      homepage.name: Maloja
      homepage.href: https://maloja.${MY_TLD}
      homepage.icon: maloja.png
      homepage.description: Simple self-hosted music scrobble database to create personal listening statistics
      swag: enable
      swag_proto: http
      swag_port: 42010
      swag_url: maloja.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Maloja
      swag.uptime-kuma.monitor.url: https://maloja.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 42010:42010
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/maloja/config
        target: /etc/maloja
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/maloja/data
        target: /var/lib/maloja
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/maloja/logs
        target: /var/log/maloja
        type: bind
        bind:
          create_host_path: true
  manyfold:
    container_name: manyfold
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      DATABASE_URL: sqlite3:/config/manyfold.sqlite3
      REDIS_URL: redis://manyfold-valkey:6379/2
      SECRET_KEY_BASE: ${MANYFOLD_SECRET_KEY_BASE}
      MUTLIUSER: enabled
    image: lscr.io/linuxserver/manyfold:latest@sha256:b8f40d6f0b4bdd59d13d97c97c21d1e24b0276c8c4b8341855d2ca50bc9df25e
    labels:
      homepage.group: Lifestyle
      homepage.name: Manyfold
      homepage.href: https://3dprint.${MY_TLD}
      homepage.icon: manyfold.svg
      homepage.description: Self-hosted digital asset manager for 3D print files
      swag: enable
      swag_proto: http
      swag_port: 3214
      swag_url: 3dprint.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.monitor.url: https://3dprint.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 3214:3214
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/manyfold/config:/config
      - ${DOCKER_VOLUME_CONFIG}/manyfold/library:/libraries #optional
  manyfold-valkey:
    container_name: manyfold-valkey
    <<: *valkey-params
    volumes:
      - manyfold-valkey-data:/data/valkey
  mariadb:
    container_name: mariadb
    environment:
      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "mariadb-admin ping -h localhost -p${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}|| exit 1",
        ]
      interval: 1m30s
      timeout: 10s
      retries: 5
    hostname: Rinoa
    image: linuxserver/mariadb@sha256:c7ca780abe5aba6d6a7643570ea30679aa0705da21c392355138660d8a5b6def
    networks:
      default: null
    ports:
      - 3306:3306
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/mariadb:/config
      - ${DOCKER_VOLUME_STORAGE}:/storage
      - ${DOCKER_VOLUME_CONFIG}/mariadb:/var/lib/mysql
  mastodon:
    container_name: mastodon
    depends_on:
      mastodon-pg-db:
        condition: service_healthy
        required: true
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      LOCAL_DOMAIN: mastodon.${MY_TLD}
      WEB_DOMAIN: mastodon.${MY_TLD}
      REDIS_HOST: mastodon-valkey
      REDIS_PORT: 6379
      DB_HOST: mastodon-pg-db
      DB_USER: mastodon
      DB_NAME: mastodon
      DB_PASS: ${MASTODON_PG_DB_PASSWORD}
      DB_PORT: 5432
      ES_ENABLED: false
      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY}
      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY}
      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: ${MASTODON_ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT}
      SECRET_KEY_BASE: ${MASTODON_SECRET_KEY_BASE}
      OTP_SECRET: ${MASTODON_OTP_SECRET}
      VAPID_PRIVATE_KEY: ${MASTODON_VAPID_PRIVATE_KEY}
      VAPID_PUBLIC_KEY: ${MASTODON_VAPID_PUBLIC_KEY}
      SMTP_SERVER: postal-smtp
      SMTP_PORT: 25
      SMTP_LOGIN: ${POSTAL_SMTP_AUTH_USER}
      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      SMTP_FROM_ADDRESS: noreply@${MY_TLD}
      S3_ENABLED: true
      S3_ENDPOINT: http://minio:9000
      S3_REGION: us-east-fh-pln
      S3_HOST: s3.${MY_TLD}
      S3_PROTOCOL: https
      S3_BUCKET: mastodon
      AWS_ACCESS_KEY_ID: ${MASTODON_MINIO_ACCESS_KEY}
      AWS_SECRET_ACCESS_KEY: ${MASTODON_MINIO_SECRET_KEY}
    expose:
      - 3000
    image: lscr.io/linuxserver/mastodon:latest@sha256:9cd791ad033e9a3c4bc8ab191b2b56d80c07b72fe632f8b2e215888eba22009e
    labels:
      swag: enable
      swag_proto: http
      swag_port: 80
      swag_url: mastodon.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Mastodon
      swag.uptime-kuma.monitor.url: https://mastodon.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Social
      homepage.name: Mastodon
      homepage.href: https://mastodon.${MY_TLD}
      homepage.icon: mastodon.svg
      homepage.description: Open-source social network
      homepage.widget.type: mastodon
      homepage.widget.url: https://mastodon.${MY_TLD}
    ports:
      - 9044:80
      - 3444:443
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/mastodon:/config
  mastodon-pg-db:
    container_name: mastodon-pg-db
    environment:
      POSTGRES_USER: mastodon
      POSTGRES_PASSWORD: ${MASTODON_PG_DB_PASSWORD}
      POSTGRES_DB: mastodon
    expose:
      - 5432
    healthcheck:
      test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
      start_period: 20s
      timeout: 30s
      interval: 10s
      retries: 5
    image: postgres:17-alpine@sha256:5d14c08a257610d8e27c52ce0f10de5d9cce4c232e1277d44d7d6fb628b3d1a7
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - mastodon-pg-db:/var/lib/postgresql/data
  mastodon-valkey:
    container_name: mastodon-valkey
    <<: *valkey-params
    volumes:
      - mastodon-valkey-data:/data/valkey
  maxun-backend:
    container_name: maxun-backend
    depends_on:
      maxun-pg-db:
        condition: service_healthy
        required: true
      minio:
        condition: service_started
        required: true
    <<: *maxun-env
    expose:
      - 8080
    image: getmaxun/maxun-backend:latest@sha256:a5a5df99e2f5aed1838336b0b4aa75c083b949da96c8e1b3a2820b8cf44b459c
    mem_limit: 2g # Set a 2GB memory limit
    ports:
      - 8369:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    security_opt:
      - seccomp=unconfined # This might help with browser sandbox issues
    shm_size: "2gb" # Increase shared memory size for Chromium
    volumes:
      - /var/run/dbus:/var/run/dbus
  maxun-frontend:
    container_name: maxun-frontend
    depends_on:
      - maxun-backend
    <<: *maxun-env
    image: getmaxun/maxun-frontend:latest@sha256:e5c889a2b8176646f0dc25662d6eb29e5b7b507b90c4250b0d18e3598b4636c5
    labels:
      swag: enable
      swag_proto: http
      swag_port: 5173
      swag_url: scrape.${MY_TLD}
      swag_server_custom_directive: |
        location ~ ^/(auth|storage|record|workflow|robot|proxy|api-docs|api|webhook|socket.io)(/|$) {
          proxy_pass http://maxun-backend:8080;
        }
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Maxun (Frontend)
      swag.uptime-kuma.monitor.url: https://scrape.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Personal Tools
      homepage.name: Maxun
      homepage.href: https://scrape.${MY_TLD}
      homepage.icon: sh-maxun.svg
      homepage.description: No-code web data extraction platform
    ports:
      - 5173:5173
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  maxun-pg-db:
    container_name: maxun-pg-db
    image: postgres:17-alpine@sha256:5d14c08a257610d8e27c52ce0f10de5d9cce4c232e1277d44d7d6fb628b3d1a7
    environment:
      POSTGRES_USER: maxun
      POSTGRES_PASSWORD: ${MAXUN_DB_PASSWORD}
      POSTGRES_DB: maxun
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U maxun"]
      interval: 10s
      timeout: 5s
      retries: 5
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - maxun-pg-data:/var/lib/postgresql/data
  maxun-valkey:
    container_name: maxun-valkey
    <<: *valkey-params
    volumes:
      - maxun-valkey-data:/data/valkey
  meilisearch:
    container_name: meilisearch
    environment:
      MEILI_HOST: http://meilisearch:7700
      MEILI_NO_ANALYTICS: true
      MEILI_MASTER_KEY: ${MEILISEARCH_MASTER_KEY}
    image: getmeili/meilisearch:v1.22@sha256:328dc1698cc6f54bb811b8030ff864c6345144cded5ac89b6ab23fe9f747d723
    ports:
      - 7700:7700
    profiles: ["rinoa-apps"]
    restart: always
    user: ${PUID}:${PGID}
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/meilisearch:/meili_data
  meme-search-pro:
    container_name: meme-search-pro
    depends_on:
      meme-search-db:
        condition: service_healthy
    environment:
      DATABASE_URL: postgres://meme-search:${MEME_SEARCH_PG_PASSWORD}@meme-search-db:5432/meme-search
    image: ghcr.io/neonwatty/meme_search_pro:latest@sha256:bf3c20a6a0407ffa594d3e2fe8611073c0499659c90f44a28decd5e701e9e1f6
    labels:
      swag: enable
      swag_proto: http
      swag_port: 3000
      swag_url: memes.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Meme Search Pro
      swag.uptime-kuma.monitor.url: https://memes.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Social
      homepage.name: Meme Search Pro
      homepage.href: https://memes.${MY_TLD}
      homepage.icon: sh-meme-search.svg
      homepage.description: Meme search engine built with Python and Ruby
    ports:
      - 14058:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/meme_search_pro/memes/:/rails/public/memes
  meme-search-pro-img2txt-gen:
    image: ghcr.io/neonwatty/image_to_text_generator:latest@sha256:e8445afab38e2eae1fcb95101dd26cf66708ef72127b291cab748050b4700cb8
    container_name: meme-search-pro-img2txt-gen
    deploy:
      resources:
        limits:
          memory: 12GB
    environment:
      APP_PORT: 3000
    expose:
      - 8000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/meme_search_pro/memes/:/app/public/memes
      - ${DOCKER_VOLUME_CONFIG}/meme_search_pro/db-data/image_to_text_generator:/app/db
      - ${DOCKER_VOLUME_CONFIG}/meme_search_pro/models:/root/.cache/huggingface
  meme-search-db:
    container_name: meme-search-db
    environment:
      POSTGRES_DB: meme-search
      POSTGRES_USER: meme-search
      POSTGRES_PASSWORD: ${MEME_SEARCH_PG_PASSWORD}
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U meme-search"]
      interval: 10s
      timeout: 5s
      retries: 5
    image: pgvector/pgvector:pg17@sha256:9ae02a756ba16a2d69dd78058e25915e36e189bb36ddf01ceae86390d7ed786a
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/meme_search_pro/db-data/meme-search-db:/var/lib/postgresql/data
  mini-qr:
    container_name: mini-qr
    image: ghcr.io/lyqht/mini-qr:latest@sha256:af6b47968cb2c400d701eb3f6defe06c79a75a2af7a423bf272df3e3ccbbacd8
    labels:
      swag: enable
      swag_auth: authelia
      swag_proto: http
      swag_port: 8080
      swag_url: qr.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Mini-QR
      swag.uptime-kuma.monitor.url: https://qr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Lifestyle
      homepage.name: Mini-QR
      homepage.href: https://qr.${MY_TLD}
      homepage.icon: sh-mini-qr.svg
      homepage.description: Scan and generate customized QR codes easily
    ports:
      - 14815:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  minio:
    command: server --console-address ":9090" /mnt/data
    container_name: minio
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
      MINIO_ACCESS_KEY: ${MINIO_MIMIR_STORAGE_ACCESS_KEY}
      MINIO_SECRET_KEY: ${MINIO_MIMIR_STORAGE_SECRET_KEY}
    hostname: minio
    image: minio/minio:RELEASE.2025-04-22T22-12-26Z@sha256:a1ea29fa28355559ef137d71fc570e508a214ec84ff8083e39bc5428980b015e
    labels:
      swag: enable
      swag_proto: http
      swag_port: 9090
      swag_url: s3.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: MinIO
      swag.uptime-kuma.monitor.url: https://s3.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: System Administration
      homepage.name: MinIO
      homepage.href: https://s3.${MY_TLD}
      homepage.icon: minio.png
      homepage.description: S3-compatible storage backend
    networks:
      default: null
    ports:
      - 9001:9000
      - 9092:9090
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/minio/data
        target: /mnt/data
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/minio/minio
        target: /etc/config.env
        type: bind
        bind:
          create_host_path: true
  mixpost:
    container_name: mixpost
    image: inovector/mixpost:latest@sha256:088a0eed84289e9a408294acea969c1eebf80dff803d165629fe20c3442b0f8c
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
      mixpost-valkey:
        condition: service_healthy
    environment:
      APP_NAME: Mixpost
      APP_KEY: ${MIXPOST_APP_KEY}
      APP_DEBUG: true
      APP_DOMAIN: social.${MY_TLD}
      APP_URL: https://social.${MY_TLD}
      DB_HOST: mariadb
      DB_DATABASE: mixpost
      DB_USERNAME: mixpost
      DB_PASSWORD: ${MIXPOST_DB_PASSWORD}
      REDIS_HOST: mixpost-valkey
      REDIS_PORT: 6379
    labels:
      swag: enable
      swag_port: 80
      swag_proto: http
      swag_url: social.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Mixpost
      swag.uptime-kuma.monitor.url: https://social.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Social
      homepage.name: Mixpost
      homepage.href: https://social.${MY_TLD}
      homepage.icon: mixpost.svg
      homepage.description: Multi-channel social media manager
    ports:
      - 61757:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - mixpost-storage:/var/www/html/storage/app
      - mixpost-logs:/var/www/html/storage/logs
  mixpost-valkey:
    container_name: mixpost-valkey
    <<: *valkey-params
    volumes:
      - mixpost-valkey-data:/data/valkey
  mgob:
    command: "-LogLevel=info"
    container_name: mgob
    image: stefanprodan/mgob@sha256:d089c6d105d7d0f9db5222786cb93d85b1bf61e28b21ad717cea90f92570c8f3
    labels:
      homepage.group: System Administration
      homepage.name: mgob
      homepage.icon: mongodb.svg
      homepage.description: Headless Automated MongoDB Backups
      homepage.widget.type: customapi
      homepage.widget.url: http://mgob:8090/status
      homepage.widget.mappings[0].label: Plan Name
      homepage.widget.mappings[0].field: plan
      homepage.widget.mappings[1].label: Last Run Status
      homepage.widget.mappings[1].field: last_run_status
    ports:
      - 48606:8090
    restart: unless-stopped
    volumes:
      - mgob-data:/data
      - mgob-tmp:/tmp
      - ${DOCKER_VOLUME_STORAGE}/backups/dbs/mongodb:/storage
      - ${DOCKER_VOLUME_CONFIG}/mgob/config:/config
  mongodb:
    command: "--config /etc/mongodb/mongod.conf"
    container_name: mongodb
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
    image: mongo:7@sha256:6a27f932a0784bd2b4a9d7ae6fa983a661f96abcc193331a98f5ce7134693135
    ports:
      - 27017:27017
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/mongodb/config:/etc/mongodb
      - ${DOCKER_VOLUME_CONFIG}/mongodb/db:/data/db
  multi-scrobbler:
    container_name: multi-scrobbler
    environment:
      BASE_URL: https://scrobble.${MY_TLD}
      TZ: ${TZ}
      PUID: ${PUID}
      PGID: ${PGID}
      MALOJA_URL: http://maloja:42010
      MALOJA_API_KEY: ${MALOJA_API_KEY}
      LASTFM_API_KEY: ${LASTFM_API_KEY}
      LASTFM_API_SECRET: ${LASTFM_API_SECRET}
      LZ_USER: Trez.One
      LZ_TOKEN: ${MALOJA_LISTENBRAINZ_TOKEN}
      SPOTIFY_CLIENT_ID: ${YOUR_SPOTIFY_ID}
      SPOTIFY_CLIENT_SECRET: ${YOUR_SPOTIFY_SECRET}
    image: foxxmd/multi-scrobbler@sha256:e23ddda129ea2a8e9a009ef73d62af910ac25e6213c833680886b7002c5bb6fa
    labels:
      homepage.group: Media Library
      homepage.name: Multi-Scrobbler
      homepage.href: https://scrobble.${MY_TLD}
      homepage.icon: sh-multi-scrobbler.svg
      homepage.description: JS App for scrobbling/recording play history from/to multiple sources
      swag: enable
      swag_auth: authelia
      swag_proto: http
      swag_port: 9078
      swag_url: scrobble.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Multi-Scrobbler
      swag.uptime-kuma.monitor.url: https://scrobble.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 9078:9078
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/multi-scrobbler
        target: /config
        type: bind
        bind:
          create_host_path: true
  n8n:
    container_name: n8n
    environment:
      N8N_HOST: n8n.${MY_TLD}
      N8N_PORT: 5678
      N8N_PROTOCOL: https
      NODE_ENV: production
      WEBHOOK_URL: https://n8n.${MY_TLD}/
      GENERIC_TIMEZONE: ${TZ}
    image: docker.n8n.io/n8nio/n8n@sha256:57f95a26b1b28527053fba6316d9d046395d9b4da9d0da486e838384a38fcf37
    labels:
      swag: enable
      swag_proto: http
      swag_port: 5678
      swag_url: n8n.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: n8n
      swag.uptime-kuma.monitor.url: https://n8n.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Automation
      homepage.name: n8n
      homepage.href: https://n8n.${MY_TLD}
      homepage.icon: n8n.svg
      homepage.description: Extendable workflow automation tool to easily automate tasks
    ports:
      - 5678:5678
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - n8n-data:/home/node/.n8n
  navidrome:
    container_name: navidrome
    environment:
      ND_AUTOIMPORTPLAYLISTS: true
      ND_BASEURL: ""
      ND_BACKUP_PATH: /backups
      ND_BACKUP_SCHEDULE: "@every 6h"
      ND_BACKUP_COUNT: 7
      ND_ENABLEGRAVATAR: true
      ND_ENABLESHARING: true
      ND_LASTFM_APIKEY: ${LASTFM_API_KEY}
      ND_LASTFM_ENABLED: true
      ND_LASTFM_SECRET: ${LASTFM_API_SECRET}
      ND_LISTENBRAINZ_ENABLED: true
      ND_LOGLEVEL: info
      ND_MUSICFOLDER: /music
      ND_PLAYLISTPATH: /playlists
      ND_SCANNER_GROUPALBUMRELEASES: true
      ND_SCANSCHEDULE: "@every 6h"
      ND_SESSIONTIMEOUT: 24h
      ND_SPOTIFY_ID: ${YOUR_SPOTIFY_ID}
      ND_SPOTIFY_SECRET: ${YOUR_SPOTIFY_SECRET}
      ND_SUBSONICARTISTPARTICIPATIONS: true
    image: deluan/navidrome:latest@sha256:2ae037d464de9f802d047165a13b1c9dc2bdbb14920a317ae4aef1233adc0a3c
    labels:
      homepage.group: Media Library
      homepage.name: Navidrome
      homepage.href: https://navi.${MY_TLD}
      homepage.icon: navidrome.png
      homepage.description: Music Streaming
      homepage.widget.type: navidrome
      homepage.widget.url: http://navidrome:4533
      homepage.widget.user: admin
      homepage.widget.token: ${NAVIDROME_HOMEPAGE_TOKEN}
      homepage.widget.salt: ${NAVIDROME_HOMEPAGE_SALT}
      swag: enable
      swag_port: 4533
      swag_proto: http
      swag_url: navi.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Navidrome
      swag.uptime-kuma.monitor.url: https://navi.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 4533:4533
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    user: 1000:1000
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/navidrome:/data
      - ${DOCKER_VOLUME_STORAGE}/Audio/Music:/music
      - ${DOCKER_VOLUME_STORAGE}/Audio/Playlists:/playlists
      - ${DOCKER_VOLUME_STORAGE}/backups/navidrome:/backups
  netalertx:
    container_name: netalertx
    environment:
      TZ: ${TZ}
      PORT: 20211
    image: jokobsk/netalertx:latest@sha256:9304e29cd71bf9ddc9f33d6a7ddb3d71bab71815e077ab330f86bcc081598a79
    labels:
      cloudflare.tunnel.enable: true
      cloudflare.tunnel.hostname: net.${MY_TLD}
      cloudflare.tunnel.service: http://192.168.1.254:20211
      cloudflare.tunnel.zonename: ${MY_TLD}
      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: NetAlertX
      homepage.href: http://192.168.1.254:20211
      homepage.icon: netalertx.svg
      homepage.description: Network Monitoring
      homepage.widget.type: netalertx
      homepage.widget.url: http://192.168.1.254:20211
      homepage.widget.key: ${NETALERTX_API_TOKEN}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: NetAlertX
      swag.uptime-kuma.monitor.url: https://pics.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    network_mode: host
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/netalertx/config:/app/config
      - ${DOCKER_VOLUME_CONFIG}/netalertx/db:/app/db
      # (optional) useful for debugging if you have issues setting up the container
      # - ${DOCKER_VOLUME_CONFIG}/netalertx/logs:/app/log
      # (API: OPTION 1) use for performance
      - type: tmpfs
        target: /app/api
      # (API: OPTION 2) use when debugging issues
      # - ${DOCKER_VOLUME_CONFIG}/netalertx/api:/app/api
  nextcloud:
    container_name: nextcloud-aio-mastercontainer
    environment:
      SKIP_DOMAIN_VALIDATION: false
      APACHE_ADDITIONAL_NETWORK: compose_default
      APACHE_IP_BINDING: 0.0.0.0
      APACHE_PORT: 11000
    expose:
      - 11000
    image: nextcloud/all-in-one:latest@sha256:9be7362a88a21bb1c11d6d5085317685d57ea8b28b7375be39fd71e66340cbf3
    labels:
      homepage.group: Privacy/Security
      homepage.name: NextCloud
      homepage.href: https://cloud.${MY_TLD}
      homepage.icon: nextcloud.svg
      homepage.description: Private Cloud
      homepage.widget.type: nextcloud
      homepage.widget.url: http://nextcloud-aio-apache:11000
      homepage.widget.key: ${NEXTCLOUD_HOMEPAGE_TOKEN}
      swag: enable
      swag_port: 11000
      swag_proto: http
      swag_address: nextcloud-aio-apache
      swag_url: cloud.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: NextCloud
      swag.uptime-kuma.monitor.url: https://cloud.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 56713:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
  nocodb:
    container_name: nocodb
    depends_on:
      nocodb-pg-db:
        condition: service_healthy
        required: true
      nocodb-valkey:
        condition: service_healthy
        required: true
    environment:
      NC_DB: pg://nocodb-pg-db:5432?u=nocodb&p=${NOCODB_PG_PASSWORD}&d=nocodb
      NC_ADMIN_EMAIL: noreply@${MY_TLD}
      NC_ADMIN_PASSWORD: ${NOCODB_ADMIN_PASSWORD}
      NC_PUBLIC_URL: https://nocodb.${MY_TLD}
      NC_AUTH_JWT_SECRET: ${NOCODB_AUTH_JWT_SECRET}
      NC_REDIS_URL: redis://nocodb-valkey:6379
      NC_SMTP_HOST: postal-smtp
      NC_SMTP_PORT: 25
      NC_SMTP_SECURE: true
      NC_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      NC_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      NC_SMTP_FROM: noreply@${MY_TLD}
    image: "nocodb/nocodb:latest@sha256:8fd57018accf775fb5390392910e4b0ef6bb154f17c5732b478eb76c40ee8d1e"
    labels:
      homepage.group: Code/DevOps
      homepage.name: NocoDB
      homepage.href: https://nocodb.${MY_TLD}
      homepage.icon: nocodb.svg
      homepage.description: Turn any SQL-based database into a smart spreadsheet
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: nocodb.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: NocoDB
      swag.uptime-kuma.monitor.url: https://nocodb.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 8946:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - nocodb_data:/usr/app/data
  nocodb-pg-db:
    container_name: nocodb-pg-db
    environment:
      POSTGRES_DB: nocodb
      POSTGRES_PASSWORD: ${NOCODB_PG_PASSWORD}
      POSTGRES_USER: nocodb
    expose:
      - 5432
    healthcheck:
      interval: 10s
      retries: 10
      test: 'pg_isready -U "$$POSTGRES_USER" -d "$$POSTGRES_DB"'
      timeout: 2s
    image: postgres:16-alpine@sha256:84fb5d5bdd7d47f1889f325e534f3ce643f853f460832c8a61949f5391b8dc42
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - nocodb_pg_data:/var/lib/postgresql/data
  nocodb-valkey:
    container_name: nocodb-valkey
    <<: *valkey-params
    volumes:
      - nocodb_valkey_data:/data/valkey
  ollama:
    container_name: ollama
    image: ollama/ollama:latest@sha256:c622a7adec67cf5bd7fe1802b7e26aa583a955a54e91d132889301f50c3e0bd0
    ports:
      - 11434:11434
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ollama:/root/.ollama
  ombi:
    container_name: ombi
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: America/New_York
    hostname: Rinoa
    image: lscr.io/linuxserver/ombi:latest@sha256:c4ed349ce5fe893c522ee8c5760ca1522c90e628c85c2c1752070cb0f6f2067f
    labels:
      homepage.group: Media Library
      homepage.name: Ombi
      homepage.href: https://ombi.${MY_TLD}
      homepage.icon: ombi.png
      homepage.description: Media Requests
      homepage.widget.type: ombi
      homepage.widget.url: http://ombi:3579
      homepage.widget.key: ${OMBI_API_KEY}
      swag: enable
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Ombi
      swag.uptime-kuma.monitor.url: https://ombi.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 3579:3579
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/ombi
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  omnitools:
    container_name: omnitools
    image: iib0011/omni-tools:latest@sha256:a59959d929e5ff0e89c20f5d78ab008c919b5dda05f9e20ee7c0d0229b374d03
    labels:
      homepage.group: Personal Tools
      homepage.name: OmniTools
      homepage.href: https://otools.${MY_TLD}
      homepage.icon: sh-omnitools.png
      homepage.description: Tools for common tasks
      swag: enable
      swag_url: otools.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: OmniTools
      swag.uptime-kuma.monitor.url: https://otools.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 23693:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  omnipoly:
    container_name: omnipoly
    depends_on:
      languagetool:
        condition: service_started
        required: true
      libretranslate:
        condition: service_healthy
        required: true
    environment:
      LANGUAGE_TOOL: http://languagetool:8010
      LIBRETRANSLATE: http://libretranslate:5000
      OLLAMA: http://ollama:11434
      OLLAMA_MODEL: smollm2:1.7b
      THEME: "pole"
      DISABLE_DICTIONARY: false
    image: kweg/omnipoly:latest@sha256:6739c1b665859493bbdc49269e39ff6c8e9a7de8e8a884e44e6579512adf5bcd
    labels:
      homepage.group: Personal Tools
      homepage.name: OmniPoly
      homepage.href: https://poly.${MY_TLD}
      homepage.icon: sh-omnipoly.svg
      homepage.description: Open-source language translation with LanguageTool, LibreTranslate, & Ollama
      swag: enable
      swag_url: poly.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: OmniPoly
      swag.uptime-kuma.monitor.url: https://poly.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 3734:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  open-webui:
    container_name: open-webui
    depends_on:
      ollama:
        condition: service_started
        required: true
      stable-diffusion-webui:
        condition: service_started
        required: true
    environment:
      OLLAMA_BASE_URLS: http://ollama:11434;http://192.168.1.250:11434;http://192.168.1.252:11434
      WEBUI_AUTH: false
      ENABLE_IMAGE_GENERATION: "true"
      AUTOMATIC1111_BASE_URL: http://stable-diffusion-webui:7860
      IMAGE_SIZE: "1024x1024"
      IMAGE_STEPS: "3"
      ENABLE_OTEL: true
      ENABLE_OTEL_METRICS: true
      OTEL_EXPORTER_OTLP_INSECURE: true # Use insecure connection for OTLP, remove in production
      OTEL_EXPORTER_OTLP_ENDPOINT: http://signoz-otel-collector:4317
      OTEL_SERVICE_NAME: open-webui
      ENABLE_RAG_WEB_SEARCH: True
      RAG_WEB_SEARCH_ENGINE: searxng
      RAG_WEB_SEARCH_RESULT_COUNT: 3
      RAG_WEB_SEARCH_CONCURRENT_REQUESTS: 10
      SEARXNG_QUERY_URL: "http://searxng:8080/search?q=<query>"
      # LibreTranslate
      LT_DEBUG: false
      LT_UPDATE_MODELS: true
      LT_SSL: false
      LT_SUGGESTIONS: false
      LT_METRICS: false
      LT_HOST: http://libretranslate:5000
      LT_API_KEYS: false
      LT_THREADS: 12
      LT_FRONTEND_TIMEOUT: 2000
      # Redis Websocket
      ENABLE_WEBSOCKET_SUPPORT: true
      WEBSOCKET_MANAGER: redis
      WEBSOCKET_REDIS_URL: redis://open-webui-valkey:6379/0
      REDIS_KEY_PREFIX: open-webui
    image: ghcr.io/open-webui/open-webui:main@sha256:c77fa8da6d702ed064b36d414a9493e0bc5242d9a5a3ea0828c5013cbf35b1d5
    labels:
      homepage.group: Personal Tools
      homepage.name: Open WebUI
      homepage.href: https://ai.${MY_TLD}
      homepage.icon: open-webui.svg
      homepage.description: User-friendly and extensible AI interface
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_auth: authelia
      swag_url: ai.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Open WebUI
      swag.uptime-kuma.monitor.url: https://ai.${MY_TLD}/health
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      swag.uptime-kuma.monitor.type: https
    ports:
      - 3080:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - open-webui-data:/app/backend/data
  open-webui-valkey:
    container_name: open-webui-valkey
    <<: *valkey-params
    volumes:
      - open-webui-valkey-data:/data/valkey
  paperless-ngx:
    container_name: paperless-ngx
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
        restart: true
    environment:
      PAPERLESS_DBENGINE: mariadb
      PAPERLESS_DBHOST: mariadb
      PAPERLESS_DBPASS: ${PAPERLESS_DBPASS}
      PAPERLESS_DBPORT: 3306
      PAPERLESS_DBUSER: paperless
      PAPERLESS_OCR_LANGUAGE: eng
      PAPERLESS_OCR_LANGUAGES: all
      PAPERLESS_REDIS: redis://paperless-valkey:6379
      PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY}
      PAPERLESS_TIME_ZONE: ${TZ}
      PAPERLESS_URL: https://docs.${MY_TLD}
      USERMAP_GID: ${PGID}
      USERMAP_UID: ${PUID}
    image: ghcr.io/paperless-ngx/paperless-ngx:latest@sha256:3421ebe06ed27662d014046cf5089e612de853aae0c676a2bc72f73b38080e57
    labels:
      swag: enable
      swag_proto: http
      swag_port: 8000
      swag_url: docs.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Paperless-ngx
      swag.uptime-kuma.monitor.url: https://docs.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Personal Tools
      homepage.name: Paperless-ngx
      homepage.href: https://docs.${MY_TLD}
      homepage.icon: paperless-ngx.svg
      homepage.description: Document indexer & archiver with OCR
    networks:
      default: null
    ports:
      - 8004:8000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: paperless-ngx-data
        target: /usr/src/paperless/data
        type: volume
        volume: {}
      - source: paperless-ngx-media
        target: /usr/src/paperless/media
        type: volume
        volume: {}
      - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/export
        target: /usr/src/paperless/export
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/paperless-ngx/consume
        target: /usr/src/paperless/consume
        type: bind
        bind:
          create_host_path: true
  paperless-valkey:
    container_name: paperless-valkey
    <<: *valkey-params
    volumes:
      - paperless-valkey-data:/data/valkey
  penpot-frontend:
    container_name: penpot-frontend
    depends_on:
      - penpot-backend
      - penpot-exporter
    image: penpotapp/frontend:latest@sha256:91b80791f37b44c9aba3490720ae90fc01c691562c0862abeebcb8bc0a7198d2
    environment:
      <<: [*penpot-flags, *penpot-http-body-size]
    labels:
      homepage.group: Professional Services
      homepage.name: Penpot
      homepage.href: https://penpot.${MY_TLD}
      homepage.icon: penpot.svg
      homepage.description: Open-source design and prototyping platform
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: penpot.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Penpot
      swag.uptime-kuma.monitor.url: https://penpot.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 17503:8080
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - penpot-assets:/opt/data/assets
  penpot-backend:
    container_name: penpot-backend
    depends_on:
      penpot-pg-db:
        condition: service_healthy
      penpot-redis:
        condition: service_healthy
    environment:
      <<: [*penpot-flags, *penpot-public-uri, *penpot-http-body-size]
      PENPOT_SECRET_KEY: ${PENPOT_SECRET_KEY}
      PENPOT_PREPL_HOST: 0.0.0.0
      PENPOT_DATABASE_URI: postgresql://penpot-pg-db/penpot
      PENPOT_DATABASE_USERNAME: penpot
      PENPOT_DATABASE_PASSWORD: ${PENPOT_PG_DB_PASSWORD}
      PENPOT_REDIS_URI: redis://penpot-redis/0
      PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
      PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets
      PENPOT_TELEMETRY_ENABLED: true
      PENPOT_TELEMETRY_REFERER: compose
      PENPOT_SMTP_DEFAULT_FROM: noreply@${MY_TLD}
      PENPOT_SMTP_DEFAULT_REPLY_TO: noreply@${MY_TLD}
      PENPOT_SMTP_HOST: postal-smtp
      PENPOT_SMTP_PORT: 25
      PENPOT_SMTP_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      PENPOT_SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      PENPOT_SMTP_TLS: false
      PENPOT_SMTP_SSL: false
    image: penpotapp/backend:latest@sha256:cfae17cff120a73c80e2237b7f664b44765b859a874896a377f09d8083463514
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - penpot-assets:/opt/data/assets
  penpot-exporter:
    container_name: penpot-exporter
    depends_on:
      penpot-redis:
        condition: service_healthy
    environment:
      PENPOT_PUBLIC_URI: http://penpot-frontend:8080
      PENPOT_REDIS_URI: redis://penpot-redis/0
    image: penpotapp/exporter:latest@sha256:79c4988d0ac1986e3e8a7a1e1041d54869bcf1b17779f0cc6553795666f685e4
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  penpot-pg-db:
    container_name: penpot-pg-db
    environment:
      POSTGRES_INITDB_ARGS: --data-checksums
      POSTGRES_DB: penpot
      POSTGRES_USER: penpot
      POSTGRES_PASSWORD: ${PENPOT_PG_DB_PASSWORD}
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U penpot"]
      interval: 2s
      timeout: 10s
      retries: 5
      start_period: 2s
    image: postgres:15-alpine@sha256:52af010baaeb34a287e7b5ea9696720727bd5bace64f9c18068ee187a6d6a4b2
    profiles: ["rinoa-apps"]
    restart: always
    stop_signal: SIGINT
    volumes:
      - penpot-pg-data:/var/lib/postgresql/data
  penpot-redis:
    container_name: penpot-redis
    image: redis:7.4@sha256:d7432711a2a5c99c2e9dd0e006061cd274d7cb7a9e77f07ffe2ea99e21244677
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      interval: 1s
      timeout: 3s
      retries: 5
      start_period: 3s
    profiles: ["rinoa-apps"]
    restart: always
  pgbackweb:
    container_name: pgbackweb
    depends_on:
      pgbackweb-db:
        condition: service_healthy
    environment:
      PBW_ENCRYPTION_KEY: ${PGBACKWEB_ENCRYPTION_KEY}
      PBW_POSTGRES_CONN_STRING: "postgresql://pgbackweb:${PGBACKWEB_PG_DB_PASSWD}@pgbackweb-db:5432/pgbackweb?sslmode=disable"
      TZ: ${TZ}
    image: eduardolat/pgbackweb:latest@sha256:78112d94d212a8714cb97dc82ca86d14e2f3e763484e66a335f0fe60be084b05
    labels:
      homepage.group: System Administration
      homepage.name: PG Back Web
      homepage.href: https://pg.${MY_TLD}
      homepage.icon: sh-pg-back-web.svg
      homepage.description: Backups for PostgreSQL
      swag: enable
      swag_proto: http
      swag_port: 8085
      swag_url: pg.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.name: PG Back Web
      swag.uptime-kuma.monitor.url: https://pg.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - "8085:8085" # Access the web interface at http://localhost:8085
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_STORAGE}/backups/dbs/:/backups
  pgbackweb-db:
    container_name: pgbackweb-db
    environment:
      POSTGRES_USER: pgbackweb
      POSTGRES_DB: pgbackweb
      POSTGRES_PASSWORD: ${PGBACKWEB_PG_DB_PASSWD}
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U pgbackweb -d pgbackweb"]
      interval: 5s
      timeout: 5s
      retries: 5
    image: postgres:17-alpine@sha256:5d14c08a257610d8e27c52ce0f10de5d9cce4c232e1277d44d7d6fb628b3d1a7
    restart: unless-stopped
    volumes:
      - pgbackweb-data:/var/lib/postgresql/data
  planka:
    container_name: planka
    depends_on:
      planka-pg-db:
        condition: service_healthy
    environment:
      BASE_URL: https://kanban.${MY_TLD}
      DATABASE_URL: postgresql://planka:${PLANKA_PG_PASSWORD}@planka-pg-db/planka
      SECRET_KEY: ${PLANKA_SECRET_KEY}
      LOG_LEVEL: warn
      TRUST_PROXY: true
      TOKEN_EXPIRES_IN: 365 # In days
      # KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE: false
      DEFAULT_LANGUAGE: en-US
      DEFAULT_ADMIN_EMAIL: noreply@${MY_TLD}
      DEFAULT_ADMIN_PASSWORD: ${PLANKA_ADMIN_PASSWORD}
      DEFAULT_ADMIN_NAME: Planka Rinoa
      DEFAULT_ADMIN_USERNAME: admin
      S3_ENDPOINT: http://minio:9000
      S3_REGION: us-east-fh-pln
      S3_ACCESS_KEY_ID: ${PLANKA_MINIO_ACCESS_KEY}
      S3_SECRET_ACCESS_KEY: ${PLANKA_MINIO_SECRET_KEY}
      S3_BUCKET: planka
      S3_FORCE_PATH_STYLE: true
      SMTP_HOST: postal-smtp
      SMTP_PORT: 25
      SMTP_NAME: noreply@${MY_TLD}
      SMTP_SECURE: true
      SMTP_USER: ${POSTAL_SMTP_AUTH_USER}
      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      SMTP_FROM: '"Planka @ Rinoa" <noreply@${MY_TLD}>'
      SMTP_TLS_REJECT_UNAUTHORIZED: false
    image: ghcr.io/plankanban/planka:2.0.0-rc.3@sha256:5a2a69ec7159a2f9c6679c31698e4b5b17ccf254d5bfc6e9be43e411b6de0c3d
    labels:
      homepage.group: Professional Services
      homepage.name: Planka
      homepage.href: https://kanban.${MY_TLD}
      homepage.icon: planka.svg
      homepage.description: Kanban board
      swag: enable
      swag_url: kanban.${MY_TLD}
      swag_address: planka
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.monitor.url: https://kanban.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 54476:1337
    profiles: ["rinoa-apps"]
    restart: on-failure
    volumes:
      - planka-favicons:/app/public/favicons
      - planka-user-avatars:/app/public/user-avatars
      - planka-background-images:/app/public/background-images
      - planka-attachments:/app/private/attachments
  planka-pg-db:
    container_name: planka-pg-db
    environment:
      POSTGRES_DB: planka
      POSTGRES_USER: planka
      POSTGRES_PASSWORD: ${PLANKA_PG_PASSWORD}
      POSTGRES_HOST_AUTH_METHOD: trust
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U planka -d planka"]
      interval: 10s
      timeout: 5s
      retries: 5
    image: postgres:16-alpine@sha256:84fb5d5bdd7d47f1889f325e534f3ce643f853f460832c8a61949f5391b8dc42
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - planka-db-data:/var/lib/postgresql/data
  plant-it:
    container_name: plant-it
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
      plant-it-valkey:
        condition: service_healthy
        required: true
    environment:
      MYSQL_HOST: mariadb
      MYSQL_PORT: 3306
      MYSQL_USERNAME: plantit
      MYSQL_PSW: ${PLANTIT_DB_PASSWORD}
      MYSQL_DATABASE: plantit
      MYSQL_ROOT_PASSWORD: ${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}
      HTTPS_METHOD: noredirect
      JWT_SECRET: ${PLANTIT_JWT_SECRET}
      JWT_EXP: 1
      USERS_LIMIT: -1 # less then 0 means no limit
      UPLOAD_DIR: /upload-dir # path to the directory used to store uploaded images, if on docker deployment leave as it is and change the volume binding in the docker-compose file if needed
      API_PORT: 8080
      FLORACODEX_URL: https://api.floracodex.com
      FLORACODEX_KEY: ${PLANTIT_FLORACODEX_APP_KEY}
      ALLOWED_ORIGINS: "*" # CORS allowed origins (comma separated list)
      LOG_LEVEL: DEBUG # could be: DEBUG, INFO, WARN, ERROR
      CONTACT_MAIL: noreply@${MY_TLD} # address used as "contact" for template email
      REMINDER_NOTIFY_CHECK: 0 30 7 * * * # 6-values crontab expression to set the check time for reminders
      MAX_REQUESTS_PER_MINUTE: 100 # rate limiting of the upcoming requests
      NTFY_ENABLED: false # if "false" ntfy service won't be available as notification dispatcher
      GOTIFY_ENABLED: true # if "false" ntfy service won't be available as notification dispatcher
      CACHE_TYPE: redis # Cache type. By default, it's "redis" but can also be "none"
      CACHE_TTL: 86400
      CACHE_HOST: plant-it-valkey
      CACHE_PORT: 6379
      SMTP_HOST: postal-smtp
      SMTP_PORT: 25
      SMTP_EMAIL: noreply@${MY_TLD}
      SMTP_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      SMTP_AUTH: true
      SMTP_START_TTL: false
    image: msdeluise/plant-it-server:latest@sha256:23ddf8660087d6b9f5dbdca2ca09817b84db45cb2d9d6e2e0176e70f514629e7
    labels:
      swag: enable
      swag_proto: http
      swag_port: 3000
      swag_url: plants.${MY_TLD}
      swag_server_custom_directive: |
        location /api {
          proxy_pass http://plant-it:8080;
        }
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Plant-It
      swag.uptime-kuma.monitor.url: https://plants.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Lifestyle
      homepage.name: Plant-It
      homepage.href: https://plants.${MY_TLD}
      homepage.icon: plant-it.png
      homepage.description: 🪴 Self-hosted, open source gardening companion app
      homepage.widget.type: plantit
      homepage.widget.url: http://plant-it:3000
      homepage.widget.key: ${PLANTIT_API_KEY}
    ports:
      - 64067:8080
      - 3460:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/plant-it:/upload-dir
  plant-it-valkey:
    container_name: plant-it-valkey
    <<: *valkey-params
    volumes:
      - plant-it-valkey-data:/data/valkey
  plantuml-server:
    container_name: plantuml-server
    image: plantuml/plantuml-server:jetty@sha256:cd55fe13c6645253fbeb52665fc88a8d7e5c660e2bbff9b9ac045b0c136a1426
    labels:
      homepage.group: Personal Tools
      homepage.name: PlantUML
      homepage.href: https://plantuml.${MY_TLD}
      homepage.icon: plantuml.svg
      homepage.description: Textual diagram generator for UML & other visualizations.
      swag: enable
      swag_port: 8080
      swag_url: plantuml.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.monitor.url: https://plantuml.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 42262:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  portainer:
    container_name: portainer
    depends_on:
      docker-socket-proxy:
        condition: service_started
        required: true
    expose:
      - 9000
      - 9443
    image: portainer/portainer-ce:alpine@sha256:c6908c1a2d036668799d51fb4d5ba5a5b3905509c7ac1b832c0fc0ef4c152f0e
    labels:
      swag: enable
      swag_proto: http
      swag_port: 9000
      swag_url: portainer.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Portainer
      swag.uptime-kuma.monitor.url: https://portainer.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: System Administration
      homepage.name: Portainer
      homepage.href: https://portainer.${MY_TLD}
      homepage.icon: portainer.svg
      homepage.description: Service delivery platform for containerized applications
      homepage.widgets[0].type: portainer
      homepage.widgets[0].url: http://portainer:9000
      homepage.widgets[0].env: 7
      homepage.widgets[0.key: ${PORTAINER_HOMEPAGE_TOKEN}
      homepage.widgets[1].type: portainer
      homepage.widgets[1].url: http://portainer:9000
      homepage.widgets[1].env: 12
      homepage.widgets[1.key: ${PORTAINER_HOMEPAGE_TOKEN}
      homepage.widgets[2].type: portainer
      homepage.widgets[2].url: http://portainer:9000
      homepage.widgets[2].env: 13
      homepage.widgets[2].key: ${PORTAINER_HOMEPAGE_TOKEN}
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - portainer-data:/data
      - /var/run/docker.sock:/var/run/docker.sock
  portchecker-web:
    container_name: portchecker-web
    depends_on:
      portchecker-api:
        required: true
        condition: service_healthy
    environment:
      DEFAULT_HOST: # Optional, Populates a default host address value to be populataed in the in the UI input. Defaults to external/WAN IP.
      DEFAULT_PORT: 443 # Optional, Populates a default port value to be populataed in the in the UI input
      API_URL: http://portchecker-api:8000 # Optional, the URL of the API service. The scheme and port is required. Defaults to http://api:8000 if not set.
      # GOOGLE_ANALYTICS:   # Optional, set for Google Analytics integration
    healthcheck:
      test: ["CMD", "wget", "--spider", "-S", "http://127.0.0.1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 5s
    image: ghcr.io/dsgnr/portcheckerio-web:latest@sha256:8bea203e8785541c0acac7860de9f70849b05806e0c6db1d83dfc1b8407a6077
    labels:
      swag: enable
      swag_auth: authelia
      swag_proto: http
      swag_url: portc.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: PortChecker
      swag.uptime-kuma.monitor.url: https://portc.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: System Administration
      homepage.name: PortChecker
      homepage.href: https://portc.${MY_TLD}
      homepage.icon: mdi-check-network-outline
      homepage.description: Service delivery platform for containerized applications
    ports:
      - 31131:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  portchecker-api:
    container_name: portchecker-api
    environment:
      ALLOW_PRIVATE: true # Prevent usage of private IP addresses
    healthcheck:
      test: ["CMD", "wget", "--spider", "-S", "http://127.0.0.1:8000/healthz"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 5s
    image: ghcr.io/dsgnr/portcheckerio-api:latest@sha256:7783796d791c3e10aedba9d5f7fc2b934bb0e7afa75bc89054b70b886ed39e5c
    ports:
      - 36102:8000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  postal-smtp:
    cap_add:
      - NET_BIND_SERVICE
    command: postal smtp-server
    container_name: postal-smtp
    image: ghcr.io/postalserver/postal:latest@sha256:ff9a42deeda9b236ac36df012dab843b14726da8f3c2464c18c371f23107d986
    networks:
      default: null
    ports:
      - 25:25
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/postal:/config
      - ${DOCKER_VOLUME_CONFIG}/swag/etc/letsencrypt/live/${MY_TLD}:/config/certs
  postal-web:
    command: postal web-server
    container_name: postal-web
    image: ghcr.io/postalserver/postal:latest@sha256:ff9a42deeda9b236ac36df012dab843b14726da8f3c2464c18c371f23107d986
    labels:
      swag: enable
      swag_proto: http
      swag_port: 5000
      swag_address: postal-web
      swag_url: post.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Postal
      swag.uptime-kuma.monitor.url: https://post.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: System Administration
      homepage.name: Postal
      homepage.href: https://post.${MY_TLD}
      homepage.icon: sh-postal.svg
      homepage.description: OSS Mail delivery platform
    networks:
      default: null
    ports:
      - 5001:5000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/postal
        target: /config
        type: bind
        bind:
          create_host_path: true
  postal-worker:
    command: postal worker
    container_name: postal-worker
    environment:
      LOG_LEVEL: debug
    image: ghcr.io/postalserver/postal:latest@sha256:ff9a42deeda9b236ac36df012dab843b14726da8f3c2464c18c371f23107d986
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/postal
        target: /config
        type: bind
        bind:
          create_host_path: true
  protonmail-bridge:
    container_name: protonmail-bridge
    image: shenxn/protonmail-bridge@sha256:3717b4441130675dc9131196de9f9c5287d2ea21b138d83b0486429e1737638a
    ports:
      - 1025:25/tcp
      - 1143:143/tcp
    restart: unless-stopped
    volumes:
      - protonmail-data:/root
  prowlarr:
    container_name: prowlarr
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: America/New_York
      DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr
      TP_DOMAIN: ${MY_TLD}\/themepark
      TP_COMMUNITY_THEME: false
      TP_THEME: space-gray
    hostname: Rinoa
    image: lscr.io/linuxserver/prowlarr:latest@sha256:fa81e471a7e46a24b121838563a10d468cf82eecd1587a464c6df4927ecc3248
    labels:
      homepage.group: Servarr Stack
      homepage.name: Prowlarr
      homepage.href: https://prowlarr.${MY_TLD}
      homepage.icon: prowlarr.png
      homepage.description: Index aggregator
      homepage.widget.type: prowlarr
      homepage.widget.url: http://prowlarr:9696
      homepage.widget.key: ${PROWLARR_API_KEY}
      swag: enable
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Prowlarr
      swag.uptime-kuma.monitor.url: https://prowlarr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 9696:9696
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/prowlarr
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  qbit-manage:
    container_name: qbit-manage
    depends_on:
      qbittorrentvpn:
        required: true
        condition: service_started
    image: ghcr.io/stuffanthings/qbit_manage:latest@sha256:64f749b97604d607747fc8b790821cf0317d8107385ea111afe1ed1c9d1d5b11
    environment:
      # Web API Configuration
      QBT_WEB_SERVER: true # Set to true to enable web API
      QBT_PORT: 8080 # Web API port (default: 8080)
      # Scheduler Configuration
      QBT_RUN: false
      QBT_SCHEDULE: 1440
      QBT_CONFIG: /config/config.yml
      QBT_LOGFILE: activity.log
      # Command Flags
      QBT_RECHECK: false
      QBT_CAT_UPDATE: false
      QBT_TAG_UPDATE: false
      QBT_REM_UNREGISTERED: false
      QBT_REM_ORPHANED: false
      QBT_TAG_TRACKER_ERROR: false
      QBT_TAG_NOHARDLINKS: false
      QBT_SHARE_LIMITS: false
      QBT_SKIP_CLEANUP: false
      QBT_DRY_RUN: false
      # Logging Configuration
      QBT_LOG_LEVEL: INFO
      QBT_DIVIDER: "="
      QBT_WIDTH: 100
    ports:
      - 5965:8080
    profiles: ["rinoa-apps"]
    restart: on-failure
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/qbittorrent/qbit_manage/:/config:rw
      - ${DOCKER_VOLUME_STORAGE}/downloads/:/downloads:rw
      - ${DOCKER_VOLUME_CONFIG}/qbittorrent/qBittorrent:/qbittorrent/:ro
  qbittorrentvpn:
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    container_name: qbittorrentvpn
    environment:
      DEBUG: true
      ENABLE_PRIVOXY: yes
      ENABLE_SOCKS: yes
      LAN_NETWORK: 192.168.1.0/24
      NAME_SERVERS: 1.1.1.1,1.0.0.1,94.140.14.14,94.140.15.15
      PGID: ${PGID}
      PUID: ${PUID}
      SOCKS_USER: admin
      SOCKS_PASS: socks
      TZ: ${TZ}
      VPN_CLIENT: openvpn
      VPN_ENABLED: yes
      VPN_INPUT_PORTS: ""
      VPN_OPTIONS: ""
      VPN_OUTPUT_PORTS: ""
      VPN_USER: ${DELUGEVPN_ENVIRONMENT_VPN_USER}
      VPN_PASS: ${DELUGEVPN_ENVIRONMENT_VPN_PASS}
      VPN_PROV: pia
      WEBUI_PORT: 8080
    image: ghcr.io/binhex/arch-qbittorrentvpn:latest@sha256:e6556875ffa483ff603c0ed76c0c10122efad1edee2d9f5e4a94244accd5b3a3
    labels:
      homepage.group: Downloaders
      homepage.name: qBittorrent
      homepage.href: https://qbit.${MY_TLD}
      homepage.icon: qbittorrent.svg
      homepage.description: Fast and stable torrent client
      homepage.widget.type: qbittorrent
      homepage.widget.url: http://qbittorrentvpn:8080
      homepage.widget.user: admin
      homepage.widget.password: "${DELUGEVPN_PASSWORD}"
      swag: enable
      swag_server_custom_directive: |
        location /mgmt {
          proxy_pass http://qbit-manage:8080;
        }
      swag_port: 8080
      swag_proto: http
      swag_url: qbit.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: qBittorrent
      swag.uptime-kuma.monitor.url: https://qbit.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 58846:58846
      - 58946:58946/udp
      - 8118:8118
      - 9118:9118
      - 38927:8080
    privileged: true
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    sysctls:
      net.ipv4.conf.all.src_valid_mark: 1
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/.openvpn:/config/openvpn
      - ${DOCKER_VOLUME_CONFIG}/.wireguard:/config/wireguard
      - ${DOCKER_VOLUME_CONFIG}/qbittorrent/:/config
      - ${DOCKER_VOLUME_CONFIG}/qbittorrent/data:/data
      - ${DOCKER_VOLUME_STORAGE}/downloads:/downloads
  radarec:
    container_name: radarec
    environment:
      auto_start: true
      auto_start_delay: 60
      dry_run_adding_to_radarr: false
      fallback_to_top_result: false
      language_choice: all
      metadata_profile_id: 1
      minimum_rating: 4.5
      minimum_votes: 50
      quality_profile_id: 1
      radarr_address: http://radarr:7878
      radarr_api_key: ${RADARR_API_KEY}
      radarr_api_timeout: 120
      root_folder_path: /data/media/movies
      search_for_movie: true
      tmdb_api_key: ${TMDB_API_KEY}
    expose:
      - 5000
    image: thewicklowwolf/radarec:latest@sha256:df726f35e3a1ef2f0cd482a6cf993bac8782804efd38ee8004c8694f7e8f526e
    labels:
      homepage.group: Servarr Stack
      homepage.name: RadaRec
      homepage.href: https://radarec.${MY_TLD}
      homepage.icon: sh-radarec.png
      homepage.description: Movie discovery based on library/tastes
      swag: enable
      swag_proto: http
      swag_port: 5000
      swag_auth: authelia
      swag_url: radarec.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: RadaRec
      swag.uptime-kuma.monitor.url: https://radarec.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_STORAGE}/Movies
        target: /data/media/movies
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/radarec
        target: /radarec/config
        type: bind
        bind:
          create_host_path: true
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
  radarr:
    container_name: radarr
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
    hostname: Rinoa
    image: lscr.io/linuxserver/radarr:latest@sha256:19474a623b278f558c9696a19b84640ad4aff3b2959f08904a77ffbad73ed7bd
    labels:
      homepage.group: Servarr Stack
      homepage.name: Radarr
      homepage.href: https://radarr.${MY_TLD}
      homepage.icon: radarr.png
      homepage.description: Movie Automation
      homepage.widget.type: radarr
      homepage.widget.url: http://radarr:7878
      homepage.widget.key: ${RADARR_API_KEY}
      swag: enable
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Radarr
      swag.uptime-kuma.monitor.url: https://radarr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 7878:7878
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/radarr:/config
      - /rinoa-storage:/storage
      - ${DOCKER_VOLUME_STORAGE}/downloads/:/downloads
  reactive-resume:
    container_name: reactive-resume
    depends_on:
      browserless:
        condition: service_started
        required: true
      minio:
        condition: service_started
        required: true
      reactive-resume-pg:
        condition: service_started
        required: true
    environment:
      ACCESS_TOKEN_SECRET: ${REACTIVE_RESUME_ACCESS_TOKEN_SECRET}
      CHROME_PORT: 443
      CHROME_TOKEN: ${CHROMIUM_TOKEN}
      CHROME_URL: wss://browserless:3000
      DATABASE_URL: postgresql://reactiveresume:${REACTIVE_RESUME_PGSQL_PASSWORD}@reactive-resume-pg:5432/reactiveresume
      MAIL_FROM: noreply@${MY_TLD}
      NODE_ENV: production
      PORT: 3000
      PUBLIC_URL: http://reactive-resume:3000
      REFRESH_TOKEN_SECRET: ${REACTIVE_RESUME_REFRESH_TOKEN_SECRET}
      SMTP_URL: smtp://${POSTAL_SMTP_AUTH_USER}:${POSTAL_SMTP_AUTH_PASSWORD}@postal-smtp:25
      STORAGE_ACCESS_KEY: ${REACTIVE_RESUME_S3_ACCESS_KEY}
      STORAGE_BUCKET: reactive-resume
      STORAGE_ENDPOINT: minio
      STORAGE_PORT: 9000
      STORAGE_REGION: us-east-fh-pln
      STORAGE_SECRET_KEY: ${REACTIVE_RESUME_S3_SECRET_KEY}
      STORAGE_URL: https://s3.${MY_TLD}/reactive-resume
      STORAGE_USE_SSL: false
      TZ: ${TZ}
    image: amruthpillai/reactive-resume:latest@sha256:46999abe24b0d41fb8b3c32e479f06035fa755db8c3243d03335e74fa6a2e74f
    labels:
      homepage.group: Professional Services
      homepage.name: Reactive Resume
      homepage.href: https://resume.${MY_TLD}
      homepage.icon: reactive-resume.svg
      homepage.description: Open-source resume builder
      swag: enable
      swag_proto: http
      swag_port: 3000
      swag_url: resume.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Reactive Resume
      swag.uptime-kuma.monitor.url: https://resume.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 3011:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  reactive-resume-pg:
    container_name: reactive-resume-pg
    environment:
      TZ: ${TZ}
      POSTGRES_DB: reactiveresume
      POSTGRES_USER: reactiveresume
      POSTGRES_PASSWORD: ${REACTIVE_RESUME_PGSQL_PASSWORD}
    expose:
      - 5432
    image: postgres:16-alpine@sha256:84fb5d5bdd7d47f1889f325e534f3ce643f853f460832c8a61949f5391b8dc42
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - reactive-resume-pg:/var/lib/postgresql/data
  readarr:
    container_name: readarr
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: America/New_York
      DOCKER_MODS: ghcr.io/gilbn/theme.park:readnarr
    hostname: Rinoa
    image: lscr.io/linuxserver/readarr:develop@sha256:eb37f58646a901dc7727cf448cae36daaefaba79de33b5058dab79aa4c04aefb
    labels:
      homepage.group: Servarr Stack
      homepage.name: Readarr
      homepage.href: https://readarr.${MY_TLD}
      homepage.icon: readarr.png
      homepage.description: eBook/Audiobook Automation
      homepage.widget.type: readarr
      homepage.widget.url: http://readarr:8787
      homepage.widget.key: ${READARR_API_KEY}
      swag: enable
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Readarr
      swag.uptime-kuma.monitor.url: https://readarr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8787:8787
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/readarr:/config
      - /rinoa-storage:/storage
      - ${DOCKER_VOLUME_STORAGE}/downloads/:/downloads
  redlib:
    cap_drop:
      - ALL
    container_name: redlib
    environment:
      REDLIB_SFW_ONLY: off
      REDLIB_BANNER:
      REDLIB_ROBOTS_DISABLE_INDEXING: off
      REDLIB_PUSHSHIFT_FRONTEND: undelete.pullpush.io
      REDLIB_DEFAULT_THEME: nord
      REDLIB_DEFAULT_FRONT_PAGE: default
      REDLIB_DEFAULT_LAYOUT: clean
      REDLIB_DEFAULT_WIDE: on
      REDLIB_DEFAULT_POST_SORT: hot
      REDLIB_DEFAULT_COMMENT_SORT: confidence
      REDLIB_DEFAULT_SHOW_NSFW: off
      REDLIB_DEFAULT_BLUR_NSFW: on
      REDLIB_DEFAULT_USE_HLS: off
      REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION: off
      REDLIB_DEFAULT_AUTOPLAY_VIDEOS: off
      REDLIB_DEFAULT_SUBSCRIPTIONS:
      REDLIB_DEFAULT_HIDE_AWARDS: off
      REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION: off
      REDLIB_DEFAULT_HIDE_SCORE: off
      REDLIB_DEFAULT_FIXED_NAVBAR: on
    image: quay.io/redlib/redlib:latest@sha256:c1fcda90dca9447d4aa7e18fd3ef85cc2044c29263490159e1ae4b472d0f285c
    labels:
      homepage.group: Social
      homepage.name: Redlib
      homepage.href: https://rlib.${MY_TLD}
      homepage.icon: libreddit.svg
      homepage.description: Redlib is a private front-end like Invidious but for Reddit
      swag: enable
      swag_auth: authelia
      swag_proto: http
      swag_port: 8080
      swag_url: rlib.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Redlib
      swag.uptime-kuma.monitor.url: https://rlib.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8103:8080
    read_only: true
    profiles: ["rinoa-apps"]
    restart: always
    security_opt:
      - no-new-privileges=true
    user: nobody
  rocketchat:
    container_name: rocketchat
    depends_on:
      mongodb:
        condition: service_started
        required: true
    environment:
      ADMIN_USERNAME: Trez.One
      ADMIN_NAME: Charish Patel
      ADMIN_PASS: ${ROCKETCHAT_ADMIN_PASSWORD}
      ADMIN_EMAIL: charish.patel@${MY_TLD}
      MONGO_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/rocketchat?replicaSet=rinoa
      MONGO_OPLOG_URL: mongodb://rocketchat:${ROCKETCHAT_MONGODB_PASSWORD}@mongodb:27017/local?replicaSet=rinoa
      ROOT_URL: https://chat.${MY_TLD}
      PORT: 3000
      DEPLOY_METHOD: docker
      DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-}
      REG_TOKEN: ${REG_TOKEN:-}
    expose:
      - 3000
    image: ${IMAGE:-registry.rocket.chat/rocketchat/rocket.chat}:${RELEASE:-latest}
    labels:
      homepage.group: Social
      homepage.name: Rocket.Chat
      homepage.href: https://chat.${MY_TLD}
      homepage.icon: rocket-chat.svg
      homepage.description: Fully customizable communications platform with high standards of data protection
      swag: enable
      swag_proto: http
      swag_port: 3000
      swag_url: chat.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Rocket.Chat
      swag.uptime-kuma.monitor.url: https://chat.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    profiles: ["rinoa-apps"]
    restart: always
  romm:
    container_name: romm
    depends_on:
      mariadb:
        condition: service_healthy
        required: true
        restart: true
    image: rommapp/romm:latest@sha256:f9a66d759f255ddbc5cd635bf6b66efe17f75babda5863aad318ade1845d7d68
    environment:
      ROMM_DB_DRIVER: mariadb # mariadb | sqlite (default: sqlite)
      ROMM_HOST: https://localhost:3000 # [Optional] your host ip or domain name (including http(s)://, subdomain and port if needed). Being used only for webRcade feed for now.
      # [Optional] Only required if using MariaDB as the database
      DB_HOST: mariadb
      DB_PORT: 3306
      DB_USER: romm
      DB_NAME: romm # Should match the MYSQL_DATABASE value in the mariadb container
      DB_PASSWD: ${ROMM_MARIADB_PASSWORD}
      # [Optional WIP] Use SteamGridDB as a source for covers
      # STEAMGRIDDB_API_KEY: <SteamGridDB api key>
      # [Optional] Will enable user management and require authentication to access the interface (disabled by default)
      ROMM_AUTH_ENABLED: true # default: false
      ROMM_AUTH_SECRET_KEY: ${ROMM_AUTH_SECRET_KEY} # Generate a key with `openssl rand -hex 32`
      ROMM_AUTH_USERNAME: admin # default: admin
      ROMM_AUTH_PASSWORD: ${ROMM_AUTH_PASSWORD} # default: admin
      # [Optional] Only required if authentication is enabled
      ENABLE_EXPERIMENTAL_REDIS: true # default: false
      REDIS_HOST: romm-valkey # default: localhost
      REDIS_PORT: 6379 # default: 6379
      REDIS_DB: 0
      # REDIS_PASSWORD: # [Optional] Support for secured redis
      # [Optional] Will enable asynchronous tasks (all disabled by default)
      # Important: Do NOT wrap the cron expression in quotes
      ENABLE_RESCAN_ON_FILESYSTEM_CHANGE: true # Runs a quick scan on the library when a file is added or removed
      RESCAN_ON_FILESYSTEM_CHANGE_DELAY: 5 # Delay in seconds before running the quick scan (default: 5)
      ENABLE_SCHEDULED_RESCAN: true # Runs a quick scan on the library at a given time
      SCHEDULED_RESCAN_CRON: 0 3 * * * # Cron expression for the scheduled scan (default: 0 3 * * * At 3:00 AM every day)
      ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB: true # Updates the Switch TitleDB database at a given time
      SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON: 0 4 * * * # Cron expression for the scheduled update (default: 0 4 * * * At 4:00 AM every day)
      ENABLE_SCHEDULED_UPDATE_MAME_XML: true # Updates the MAME XML database at a given time
      SCHEDULED_UPDATE_MAME_XML_CRON: 0 5 * * * # Cron expression for the scheduled update (default: 0 5 * * * At 5:00 AM every day)
      IGDB_CLIENT_ID: ${ROMM_IGDB_CLIENT_ID} # Generate an ID and SECRET in IGDB
      IGDB_CLIENT_SECRET: ${ROMM_IGDB_CLIENT_SECRET} # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#igdb
      MOBYGAMES_API_KEY: # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#mobygames
      STEAMGRIDDB_API_KEY: ${ROMM_STEAMGRIDDB_API_KEY} # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#steamgriddb
      SCREENSCRAPER_USER: ${ROMM_SCREENSCRAPER_USERNAME} # Use your ScreenScraper username and password
      SCREENSCRAPER_PASSWORD: ${ROMM_SCREENSCRAPER_PASSWORD} # https://docs.romm.app/latest/Getting-Started/Generate-API-Keys/#screenscraper
    labels:
      homepage.group: Media Library
      homepage.name: RomM
      homepage.href: https://romm.${MY_TLD}
      homepage.icon: romm.svg
      homepage.description: Beautiful, powerful, self-hosted ROM manager
      homepage.widget.type: romm
      homepage.widget.url: http://romm:8080
      swag: enable
      swag_proto: http
      swag_url: romm.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: RomM
      swag.uptime-kuma.monitor.url: https://romm.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 30229:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - romm_resources:/romm/resources # Resources fetched from IGDB (covers, screenshots, etc.)
      - ${DOCKER_VOLUME_STORAGE}/roms:/romm/library # Your game library. Check https://github.com/rommapp/romm?tab=readme-ov-file#folder-structure for more details.
      - ${DOCKER_VOLUME_STORAGE}/roms/assets:/romm/assets # Uploaded saves, states, etc.
      - ${DOCKER_VOLUME_CONFIG}/romm:/romm/config # Path where config.yml is stored
  romm-valkey:
    container_name: romm-valkey
    <<: *valkey-params
    volumes:
      - romm-valkey-data:/data/valkey
  sabnzbdvpn:
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    container_name: sabnzbdvpn
    environment:
      ENABLE_PRIVOXY: no
      LAN_NETWORK: 192.168.1.0/24
      NAME_SERVERS: 192.168.1.254,1.1.1.1
      PGID: 1000
      PUID: 1000
      TZ: America/New_York
      VPN_CLIENT: openvpn
      VPN_ENABLED: yes
      VPN_INPUT_PORTS:
      VPN_OPTIONS:
      VPN_OUTPUT_PORTS:
      VPN_PASS: ${SABNZBDVPN_ENVIRONMENT_VPN_PASS}
      VPN_PROV: pia
      VPN_USER: ${SABNZBDVPN_ENVIRONMENT_VPN_USER}
      DEBUG: true
    hostname: Rinoa
    image: ghcr.io/binhex/arch-sabnzbdvpn:latest@sha256:bbd64cb8343589f027a69e6174ab96f1bf31f4328fd75351b44330aa146cd7fd
    labels:
      homepage.group: Downloaders
      homepage.name: SABnzbd
      homepage.href: https://sabnzbd.${MY_TLD}
      homepage.icon: sabnzbd.png
      homepage.description: NZB Downloader over VPN
      homepage.widget.type: sabnzbd
      homepage.widget.url: http://sabnzbdvpn:8080
      homepage.widget.env: 1
      homepage.widget.key: ${SABNZBDVPN_API_KEY}
      swag: enable
      swag_proto: http
      swag_url: sabnzbd.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: SABnzbd
      swag.uptime-kuma.monitor.url: https://sabnzbd.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8080:8080
      - 8090:8090
      - 8119:8118
    privileged: true
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    sysctls:
      net.ipv4.conf.all.src_valid_mark: "1"
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/sabnzbdvpn
        target: /config
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  sablier:
    container_name: sablier
    environment:
      PROVIDER_NAME: docker
      SERVER_PORT: 10000
      SERVER_BASE_PATH: /
      STORAGE_FILE: /opt/sablier/state
      SESSIONS_DEFAULT_DURATION: 5m
      SESSIONS_EXPIRATION_INTERVAL: 20s
      LOGGING_LEVEL: trace
      STRATEGY_DYNAMIC_CUSTOM_THEMES_PATH: /opt/sablier/custom_themes
      STRATEGY_DYNAMIC_SHOW_DETAILS_BY_DEFAULT: false
      STRATEGY_DYNAMIC_DEFAULT_THEME: hacker-terminal
      STRATEGY_DYNAMIC_DEFAULT_REFRESH_FREQUENCY: 5s
      STRATEGY_BLOCKING_DEFAULT_TIMEOUT: 1m
    image: sablierapp/sablier:latest@sha256:4d4096b59a6e1496bd3106c1a90a7fdd161aafb73d58539b8c749c69380dedae
    ports:
      - 19311:10000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/sablier/state:/opt/sablier/state
      - ${DOCKER_VOLUME_CONFIG}/sablier/custom_themes:/opt/sablier/custom_themes
      - /var/run/docker.sock:/var/run/docker.sock
  scraparr:
    container_name: scraparr
    depends_on:
      bazarr:
        condition: service_started
        required: true
      prowlarr:
        condition: service_started
        required: true
      radarr:
        condition: service_started
        required: true
      readarr:
        condition: service_started
        required: true
      sonarr:
        condition: service_started
        required: true
    environment:
      BAZARR_API_KEY: ${BAZARR_API_KEY}
      BAZARR_URL: http://bazarr:6767
      PROWLARR_API_KEY: ${PROWLARR_API_KEY}
      PROWLARR_URL: http://prowlarr:9696
      RADARR_API_KEY: ${RADARR_API_KEY}
      RADARR_URL: http://radarr:7878
      READARR_API_KEY: ${READARR_API_KEY}
      READARR_URL: http://readarr:8787
      SONARR_API_KEY: ${SONARR_API_KEY}
      SONARR_URL: http://sonarr:8989
    image: ghcr.io/thecfu/scraparr:2@sha256:4aa7e22f7a632082dbfe6e4be694068b08e5764b83c95339220ff2b33bf43be2
    ports:
      - 7100:7100
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  scrutiny:
    cap_add:
      - SYS_RAWIO
    container_name: scrutiny
    devices:
      - "/dev/nvme0n1:/dev/nvme0n1:rwm"
      - "/dev/sda:/dev/sda:rwm"
      - "/dev/sdb:/dev/sdb:rwm"
      - "/dev/sdc:/dev/sdc:rwm"
      - "/dev/sdd:/dev/sdd:rwm"
      - "/dev/sde:/dev/sde:rwm"
      - "/dev/sdf:/dev/sdf:rwm"
    image: ghcr.io/analogj/scrutiny:master-omnibus@sha256:cc88f7babededd75ec01a631bf53671d8be0acbe0c8a80f7ba4d41454a5fc52b
    labels:
      cloudflare.tunnel.enable: true
      cloudflare.tunnel.hostname: smartd.${MY_TLD}
      cloudflare.tunnel.service: http://scrutiny:8080
      cloudflare.tunnel.zonename: ${MY_TLD}
      cloudflare.tunnel.no_tls_verify: true
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Scrutiny
      homepage.href: https://smartd.${MY_TLD}
      homepage.icon: scrutiny.png
      homepage.description: WebUI for smartd S.M.A.R.T monitoring
      homepage.widget.type: scrutiny
      homepage.widget.url: http://scrutiny:8080
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Scrutiny
      swag.uptime-kuma.monitor.url: https://smartd.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8909:8080
      - 8910:8086
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /run/udev
        target: /run/udev
        type: bind
      - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/config
        target: /opt/scrutiny/config
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/scrutiny/influxdb
        target: /opt/scrutiny/influxdb
        type: bind
        bind:
          create_host_path: true
  searxng:
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    cap_drop:
      - ALL
    container_name: searxng
    environment:
      SEARXNG_BASE_URL: https://search.${MY_TLD}
    image: searxng/searxng:latest@sha256:9438a9be3df82652ebc804a2ace2ab335704d92a6dc0e5b29d771acd404e9f6c
    labels:
      homepage.group: Privacy/Security
      homepage.name: SearxNG
      homepage.href: https://search.${MY_TLD}
      homepage.icon: searxng.png
      homepage.description: Anonymized Meta-Search Engine
      swag: enable
      swag_address: searxng
      swag_proto: http
      swag_url: search.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: SearxNG
      swag.uptime-kuma.monitor.url: https://search.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    logging:
      driver: json-file
      options:
        max-file: "1"
        max-size: 1m
    networks:
      default: null
    ports:
      - 8095:8080
    privileged: true
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/searxng
        target: /etc/searxng
        type: bind
        bind:
          create_host_path: true
  searxng-valkey:
    container_name: searxng-valkey
    <<: *valkey-params
    volumes:
      - searxng-valkey-data:/data/valkey
  semaphore-ui:
    container_name: semaphore-ui
    environment:
      ANSIBLE_HOST_KEY_CHECKING: false
      SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD}
      SEMAPHORE_ADMIN_NAME: admin
      SEMAPHORE_ADMIN_EMAIL: charish.patel@${MY_TLD}
      SEMAPHORE_ADMIN: admin
      SEMAPHORE_DB_DIALECT: bolt
      SEMAPHORE_EMAIL_ALERT: true
      SEMAPHORE_EMAIL_SENDER: noreply@${MY_TLD}
      SEMAPHORE_EMAIL_HOST: postal-smtp
      SEMAPHORE_EMAIL_PORT: 25
      SEMAPHORE_EMAIL_USERNAME: ${POSTAL_SMTP_AUTH_USER}
      SEMAPHORE_EMAIL_PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      SEMAPHORE_EMAIL_SECURE: false
      SEMAPHORE_USE_REMOTE_RUNNER: true
    image: semaphoreui/semaphore:v2.16.31@sha256:7c9617ecd6233a019c85f52b122108c1113458c3cf91554145f3c56d4dbc25b3
    labels:
      homepage.group: Code/DevOps
      homepage.name: Semaphore UI
      homepage.href: https://devops.${MY_TLD}
      homepage.icon: semaphore.svg
      homepage.description: Modern UI for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools
      swag: enable
      swag_port: 3000
      swag_proto: http
      swag_url: devops.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Semaphore UI
      swag.uptime-kuma.monitor.url: https://devops.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 3015:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - semaphore_config:/etc/semaphore
      - semaphore_data:/var/lib/semaphore
      - semaphore_tmp:/tmp/semaphore
  signoz-app:
    <<: *signoz-db-depend
    container_name: signoz-app
    environment:
      SIGNOZ_ALERTMANAGER_PROVIDER: signoz
      SIGNOZ_ANALYTICS_ENABLED: true
      SIGNOZ_JWT_SECRET: ${SIGNOZ_JWT_SECRET}
      SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN: tcp://signoz-clickhouse:9000
      SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_CLUSTER: cluser
      SIGNOZ_QUERIER_FLUX__INTERVAL: 5m
      SIGNOZ_TELEMETRYSTORE_PROVIDER: clickhouse
      SIGNOZ_SQLSTORE_SQLITE_PATH: /var/lib/signoz/signoz.db
      SIGNOZ_ALERTMANAGER_SIGNOZ_EXTERNAL__URL: https://apm.${MY_TLD}
      SIGNOZ_ALERTMANAGER_SIGNOZ_GLOBAL_SMTP__FROM: noreply@${MY_TLD}
      SIGNOZ_ALERTMANAGER_SIGNOZ_GLOBAL_SMTP__SMARTHOST: postal-smtp:25
      SIGNOZ_ALERTMANAGER_SIGNOZ_GLOBAL_SMTP__AUTH__USERNAME: ${POSTAL_SMTP_AUTH_USER}
      SIGNOZ_ALERTMANAGER_SIGNOZ_GLOBAL_SMTP__AUTH__PASSWORD: ${POSTAL_SMTP_AUTH_PASSWORD}
      SIGNOZ_ALERTMANAGER_SIGNOZ_GLOBAL_SMTP__REQUIRE__TLS: true
      SIGNOZ_ALERTMANAGER_SIGNOZ_GLOBAL_SMTP__TLS__CONFIG_INSECURE__SKIP__VERIFY: true
      SIGNOZ_PROMETHEUS_CONFIG: /root/config/prometheus.yml
      DASHBOARDS_PATH: /root/config/dashboards
      GODEBUG: netdns=go
      DEPLOYMENT_TYPE: docker-standalone-amd
    healthcheck:
      test:
        - CMD
        - wget
        - --spider
        - -q
        - localhost:8080/api/v1/health
      interval: 30s
      timeout: 5s
      retries: 3
    image: signoz/signoz:v0.96.1@sha256:e2cded000c87adb0366c9ae4f292e034515458552d151879195071ba4f078b4e
    labels:
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Signoz
      homepage.href: https://apm.${MY_TLD}
      homepage.icon: signoz.svg
      homepage.description: Logs, metrics, and traces in a single pane
      swag: enable
      swag_proto: http
      swag_port: 8080
      swag_url: apm.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Signoz
      swag.uptime-kuma.monitor.url: https://apm.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 36113:8080 # signoz port
      # - "6060:6060"     # pprof port
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/prometheus.yml:/root/config/prometheus.yml
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/dashboards:/root/config/dashboards
      - signoz-sqlite:/var/lib/signoz/
  signoz-clickhouse:
    <<: *signoz-clickhouse-defaults
    container_name: signoz-clickhouse
    expose:
      - 9000
    ports:
      #   - "9000:9000"
      - "8123:8123"
      - "9181:9181"
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
      - signoz-clickhouse:/var/lib/clickhouse/
      # - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz-init-clickhouse:
    <<: *signoz-common
    container_name: signoz-init-clickhouse
    command:
      - bash
      - -c
      - |
        version="v0.0.1"
        node_os=$$(uname -s | tr '[:upper:]' '[:lower:]')
        node_arch=$$(uname -m | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)
        echo "Fetching histogram-binary for $${node_os}/$${node_arch}"
        cd /tmp
        wget -O histogram-quantile.tar.gz "https://github.com/SigNoz/signoz/releases/download/histogram-quantile%2F$${version}/histogram-quantile_$${node_os}_$${node_arch}.tar.gz"
        tar -xvzf histogram-quantile.tar.gz
        mv histogram-quantile /var/lib/clickhouse/user_scripts/histogramQuantile
    image: clickhouse/clickhouse-server:25.5.6-alpine
    restart: on-failure
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
  signoz-logspout:
    command: signoz://signoz-otel-collector:8082
    container_name: signoz-logspout
    depends_on:
      signoz-otel-collector:
        required: true
        condition: service_started
    environment:
      ENV: prod
      SIGNOZ_LOG_ENDPOINT: http://signoz-otel-collector:8082
    image: pavanputhra/logspout-signoz@sha256:6da8ce12279a5262de8b2d5c083ce82d4c878c4eab702b4d328afe147ed7553b
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
  signoz-otel-collector:
    <<: *signoz-db-depend
    command:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
      - --copy-path=/var/tmp/collector-config.yaml
      - --feature-gates=-pkg.translator.prometheus.NormalizeName
    container_name: signoz-otel-collector
    depends_on:
      signoz-app:
        condition: service_healthy
    environment:
      NGINX_ACCESS_LOG_FILE: /swag/log/nginx/access.log
      NGINX_ERROR_LOG_FILE: /swag/log/nginx/error.log
      OTEL_RESOURCE_ATTRIBUTES: host.name=signoz-host,os.type=linux
      LOW_CARDINAL_EXCEPTION_GROUPING: false
    image: signoz/signoz-otel-collector:v0.129.7@sha256:618523c986658f5677b6fd44ab4dc3487bab03582ce9e92760e50d83246f7034
    ports:
      # - "1777:1777"     # pprof extension
      - "4317:4317" # OTLP gRPC receiver
      - "4318:4318" # OTLP HTTP receiver
      - 8082:8082 # Logspout collection (https://signoz.io/blog/logspout-signoz-setup/)
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-config.yaml:/etc/otel-collector-config.yaml
      - ${DOCKER_VOLUME_CONFIG}/signoz/common/otel/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
      - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx/access.log:/swag/log/nginx/access.log:ro
      - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx/error.log:/swag/log/nginx/error.log:ro
  signoz-schema-migrator-async:
    <<: *signoz-db-depend
    image: signoz/signoz-schema-migrator:v0.129.7@sha256:721c55284b32da6af8932d1fe6939410b6f0d10da74fc666f9856fa1e1f5763b
    container_name: signoz-schema-migrator-async
    command:
      - async
      - --dsn=tcp://signoz-clickhouse:9000
      - --up=
    profiles: ["rinoa-apps"]
    restart: on-failure
  signoz-schema-migrator-sync:
    <<: *signoz-common
    image: signoz/signoz-schema-migrator:v0.129.7@sha256:721c55284b32da6af8932d1fe6939410b6f0d10da74fc666f9856fa1e1f5763b
    container_name: signoz-schema-migrator-sync
    command:
      - sync
      - --dsn=tcp://signoz-clickhouse:9000
      - --up=
    depends_on:
      signoz-clickhouse:
        condition: service_healthy
    profiles: ["rinoa-apps"]
    restart: on-failure
  signoz-zookeeper-1:
    <<: *signoz-zookeeper-defaults
    container_name: signoz-zookeeper-1
    environment:
      ZOO_SERVER_ID: 1
      ALLOW_ANONYMOUS_LOGIN: yes
      ZOO_AUTOPURGE_INTERVAL: 1
      ZOO_ENABLE_PROMETHEUS_METRICS: yes
      ZOO_PROMETHEUS_METRICS_PORT_NUMBER: 9141
    # ports:
    #   - "2181:2181"
    #   - "2888:2888"
    #   - "3888:3888"
    volumes:
      - signoz-zookeeper-1:/bitnami/zookeeper
  sonarqube:
    container_name: sonarqube
    depends_on:
      sonarqube-pg-db:
        condition: service_healthy
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://sonarqube-pg-db:5432/sonar
      SONAR_JDBC_USERNAME: sonar
      SONAR_JDBC_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD}
      SONAR_SECURITY_REALM: LDAP
      LDAP_URL: ldap://lldap:3890
      LDAP_BINDDN: cn=sonarqube,ou=people,dc=trez,dc=wtf
      LDAP_BINDPASSWORD: ${SONARQUBE_LDAP_BIND_PASSWORD}
      LDAP_AUTHENTICATION: simple
      LDAP_USER_BASEDN: ou=people,dc=trez,dc=wtf
      LDAP_USER_REQUEST: (&(objectClass=inetOrgPerson)(uid={login})(memberof=cn=sonarqube_users,ou=groups,dc=example,dc=com))
      LDAP_USER_REALNAMEATTRIBUTE: cn
      LDAP_USER_EMAILATTRIBUTE: mail
    hostname: sonarqube
    image: mc1arke/sonarqube-with-community-branch-plugin:lts@sha256:70b055c294a2a751357ee65d5d55139c93f87faed436d0075034da38b2edafa1
    labels:
      homepage.group: Code/DevOps
      homepage.name: SonarQube
      homepage.href: https://sqube.${MY_TLD}
      homepage.icon: sonarqube.svg
      homepage.description: Code/DevOps quality/security
      swag: enable
      swag_proto: http
      swag_port: 9000
      swag_url: sqube.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: SonarQube
      swag.uptime-kuma.monitor.url: https://sqube.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    volumes:
      - sonarqube-data:/opt/sonarqube/data
      - sonarqube-extensions:/opt/sonarqube/extensions
      - sonarqube-logs:/opt/sonarqube/logs
      - sonarqube-temp:/opt/sonarqube/temp
    ports:
      - 9003:9000
    read_only: true
    profiles: ["rinoa-infra"]
    restart: unless-stopped
  sonarqube-pg-db:
    container_name: sonarqube-pg-db
    environment:
      POSTGRES_USER: sonar
      POSTGRES_PASSWORD: ${SONARQUBE_POSTGRES_PASSWORD}
      POSTGRES_DB: sonar
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U sonar -d sonar"]
      interval: 10s
      timeout: 5s
      retries: 5
    image: postgres:17-alpine@sha256:5d14c08a257610d8e27c52ce0f10de5d9cce4c232e1277d44d7d6fb628b3d1a7
    profiles: ["rinoa-infra"]
    restart: unless-stopped
    volumes:
      - sonarqube-db:/var/lib/postgresql
      - sonarqube-db-data:/var/lib/postgresql/data
  sonarr:
    container_name: sonarr
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
      DOCKER_MODS: ghcr.io/gilbn/theme.park:sonarr
    hostname: Rinoa
    image: lscr.io/linuxserver/sonarr:latest@sha256:328d322af2bb8d7211a9c43a26ff5e658ba3e6f47a695e8fb9ff806bfeab0f04
    labels:
      homepage.group: Servarr Stack
      homepage.name: Sonarr
      homepage.href: https://sonarr.${MY_TLD}
      homepage.icon: sonarr.png
      homepage.description: TV Show Automation
      homepage.widget.type: sonarr
      homepage.widget.url: http://sonarr:8989
      homepage.widget.key: ${SONARR_API_KEY}
      swag: enable
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Sonarr
      swag.uptime-kuma.monitor.url: https://sonarr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8989:8989
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/sonarr:/config
      - /rinoa-storage:/storage
      - ${DOCKER_VOLUME_STORAGE}/downloads/:/downloads
  sonashow:
    container_name: sonashow
    environment:
      auto_start: true
      auto_start_delay: 60
      dry_run_adding_to_sonarr: false
      fallback_to_top_result: false
      language_choice: all
      metadata_profile_id: 1
      minimum_rating: 4.5
      minimum_votes: 50
      quality_profile_id: 1
      sonarr_address: http://sonarr:8989
      sonarr_api_key: ${SONARR_API_KEY}
      root_folder_path: /data/media/shows
      search_for_missing_episodes: true
      sonarr_api_timeout: 120
      tmdb_api_key: ${TMDB_API_KEY}
    expose:
      - 5000
    image: thewicklowwolf/sonashow:latest@sha256:4b40df407bf31577668bfb3191e007ac78c349d81bfde7463ec8433d417ebd3d
    labels:
      homepage.group: Servarr Stack
      homepage.name: SonaShow
      homepage.href: https://sonashow.${MY_TLD}
      homepage.icon: sh-sonashow.png
      homepage.description: TV show discovery based on library/tastes
      swag: enable
      swag_auth: authelia
      swag_proto: http
      swag_port: 5000
      swag_url: sonashow.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: SonaShow
      swag.uptime-kuma.monitor.url: https://sonashow.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_STORAGE}/TV_Shows
        target: /data/media/shows
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/sonashow
        target: /sonashow/config
        type: bind
        bind:
          create_host_path: true
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
  soularr:
    container_name: soularr
    depends_on:
      - lidarr
      - soulseek
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
      #Script interval in seconds
      SCRIPT_INTERVAL: 300
    image: mrusse08/soularr:latest@sha256:71a0b9e5a522d76bb0ffdb6d720d681fde22417b3a5acc9ecae61c89d05d8afc
    network_mode: service:gluetun
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      #"You can set /downloads to whatever you want but will then need to change the Slskd download dir in your config file"
      - ${DOCKER_VOLUME_STORAGE}/downloads:/downloads
      #Select where you are storing your config file. Leave "/data" since thats where the script expects the config file to be
      - ${DOCKER_VOLUME_CONFIG}/soularr:/data
  soularr-dashboard:
    container_name: soularr-dashboard
    depends_on:
      - soularr
    environment:
      DOCKER_HOST: tcp://dockerproxy:2375
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TZ}
    image: ghcr.io/mrusse/soularr:main@sha256:61181c5809845d2c49c8c3c182c0280c5c91069cd2e5d7c341ddd8bfa2c01598
    labels:
      homepage.name: Soularr
      homepage.group: Downloaders
      homepage.description: Dashboard for monitoring Soularr
      homepage.href: https://soularr.${MY_TLD}
      homepage.icon: /icons/soularr.png
      swag: enable
      swag_proto: http
      swag_url: soularr.${MY_TLD}
      swag_port: 8080
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Soularr
      swag.uptime-kuma.monitor.url: https://soularr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 18364:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/soularr/dashboard:/app
      - ${DOCKER_VOLUME_CONFIG}/soularr:/data
      - ${DOCKER_VOLUME_CONFIG}/soularr/logs:/data/logs
      - /var/run/docker.sock:/var/run/docker.sock:ro
    working_dir: /app
  soulseek:
    container_name: soulseek
    depends_on:
      gluetun:
        condition: service_started
        required: true
        restart: true
    image: slskd/slskd@sha256:28df5325f301537ea8669b2ef90112a30cc9f2efd3eb714c9a778460b5dc6288
    labels:
      homepage.name: Soulseek
      homepage.group: Downloaders
      homepage.description: Modern client-server application for the Soulseek file-sharing network.
      homepage.href: https://slsk.${MY_TLD}
      homepage.icon: slskd.svg
      swag: enable
      swag_proto: http
      swag_url: slsk.${MY_TLD}
      swag_address: gluetun
      swag_port: 5030
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: SoulSeek
      swag.uptime-kuma.monitor.url: https://slsk.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    network_mode: service:gluetun
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/soulseek:/app
      - ${DOCKER_VOLUME_STORAGE}/Audio/Music:/music
      - ${DOCKER_VOLUME_STORAGE}/downloads/completed/slsk:/app/downloads/
      - ${DOCKER_VOLUME_STORAGE}/downloads/incomplete/slsk:/app/incomplete
  speedtest-tracker:
    container_name: speedtest-tracker
    image: lscr.io/linuxserver/speedtest-tracker:latest@sha256:99b5a8ac3b6c04e0560676a39d6f346cb523fabc08039ed1f1ab34cabbefcd84
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      APP_KEY: ${SPEEDTEST_TRACKER_APP_KEY}
      DB_CONNECTION: sqlite
      SPEEDTEST_SCHEDULE: 15 */3 * * *
    labels:
      homepage.name: Speedtest Tracker
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.description: Self-hosted internet performance tracking
      homepage.href: https://speed.${MY_TLD}
      homepage.icon: speedtest-tracker.png
      homepage.widget.type: speedtest
      homepage.widget.url: http://speedtest-tracker
      swag: enable
      swag_proto: http
      swag_url: speed.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Speedtest Tracker
      swag.uptime-kuma.monitor.url: https://speed.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 47512:80
      - 62777:443
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/speedtest-tracker:/config
  stable-diffusion-webui:
    container_name: stable-diffusion-webui
    image: ghcr.io/neggles/sd-webui-docker:latest@sha256:1795fe796e1dad0d8d3baa9ef7c38a255b69c0878b76869feecc617bfd015e53
    environment:
      CLI_ARGS: "--api --use-cpu all --precision full --no-half --skip-torch-cuda-test --ckpt /empty.pt --do-not-download-clip --disable-nan-check --disable-opt-split-attention"
      PYTHONUNBUFFERED: "1"
      TERM: "vt100"
      SD_WEBUI_VARIANT: "default"
    ports:
      - 7860:7860
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/data:/data
      - ${DOCKER_VOLUME_CONFIG}/stable-diffusion-webui/output:/output
  stirling-pdf:
    container_name: stirling-pdf
    environment:
      DOCKER_ENABLE_SECURITY: true
      LANGS: en_US
      SECURITY_ENABLE_LOGIN: true
      SYSTEM_SHOW_UPDATE: false
      SYSTEM_SHOW_UPDATE_ONLY_ADMIN: true
    image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest@sha256:ae74a9f00f374e628c484c2f4bb96c08406a3e8b8cb3825ea821df9dd8a7fdd7
    labels:
      homepage.name: Stirling-PDF
      homepage.group: Professional Services
      homepage.description: PDF Operations
      homepage.href: https://pdf.${MY_TLD}
      homepage.icon: stirling-pdf.svg
      swag: enable
      swag_port: 8080
      swag_proto: http
      swag_url: pdf.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Stirling-PDF
      swag.uptime-kuma.monitor.url: https://pdf.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 58931:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/training-data:/usr/share/tessdata # Required for extra OCR languages
      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/extra-configs:/configs
      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/custom-files:/customFiles/
      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/logs:/logs/
      - ${DOCKER_VOLUME_CONFIG}/stirling-pdf/pipeline:/pipeline/
  swag:
    cap_add:
      - NET_ADMIN
    container_name: swag
    environment:
      DNSPLUGIN: cloudflare
      EMAIL: charish.patel@${MY_TLD}
      EXTRA_DOMAINS:
      ONLY_SUBDOMAINS: false
      PGID: 1000
      PUID: 1000
      SUBDOMAINS: etherpad,ha,www
      TZ: America/New_York
      URL: ${MY_TLD}
      VALIDATION: dns
      CROWDSEC_API_KEY: ${CROWDSEC_SWAG_API_KEY}
      CROWDSEC_LAPI_URL: http://crowdsec:8080
      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|linuxserver/mods:universal-package-install|ghcr.io/linuxserver/mods:swag-crowdsec|ghcr.io/trezone/swag-auto-uptime-kuma:d84284c8fbec305e94a6c2f6b825e8e3430d9569 #linuxserver/mods:swag-auto-uptime-kuma
      INSTALL_PACKAGES: nginx-mod-http-js
      PROPAGATION: 30
      UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
      UPTIME_KUMA_URL: http://uptimekuma:3001
      UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME}
    hostname: Rinoa
    image: lscr.io/linuxserver/swag:latest@sha256:08af17ae67c12e9b42a17d33fe538f67853020294c1f89c8e9d5b213c89c47ae
    labels:
      swag: enable
      swag_proto: http
      swag_port: 81
      swag_url: swag.${MY_TLD}
      swag_auth: authelia
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.monitor.url: https://swag.${MY_TLD}
      swag.uptime-kuma.name: SWAG Dashboard
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: SWAG Dashboard
      homepage.href: https://swag.${MY_TLD}
      homepage.icon: linuxserver-io.png
      homepage.description: SWAG Dashboard for proxies
      homepage.widget.type: swagdashboard
      homepage.widget.url: http://swag:81
    networks:
      - default
      # - nextcloud-aio
    ports:
      - 443:443
      - 80:80
      - 81:81
    profiles: ["rinoa-infra"]
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKER_VOLUME_CONFIG}/swag:/config
      - ${DOCKER_VOLUME_CONFIG}/sablier/sablier.js:/etc/nginx/conf.d/sablier.js
      # - ${DOCKER_VOLUME_CONFIG}/swag/otel_ngx_module.so:/usr/lib/nginx/modules/otel_ngx_module.so
      # - ${DOCKER_VOLUME_CONFIG}/swag/30_http_otel.conf:/etc/nginx/modules/30_http_otel.conf
      # - ${DOCKER_VOLUME_CONFIG}/swag/opentelemetry_config.toml:/etc/nginx/opentelemetry_config.toml
      - /rinoa-storage:/storage
      - /var/run/docker.sock:/var/run/docker.sock:ro
  tandoor:
    container_name: tandoor-recipes
    depends_on:
      tandoor-pg:
        condition: service_started
        required: true
    environment:
      DB_ENGINE: django.db.backends.postgresql
      GID: 1000
      GUNICORN_MEDIA: 1
      POSTGRES_DB: tandoor
      POSTGRES_HOST: tandoor-pg
      POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
      POSTGRES_USER: tandoor
      SECRET_KEY: ${TANDOOR_SECRET_KEY}
      TZ: ${TZ}
      UID: 1000
    image: vabene1111/recipes@sha256:94a048d2ca34209654ecb984e29de1f621625b632925b28243735f1de4187d58
    labels:
      homepage.group: Lifestyle
      homepage.name: Tandoor Recipes
      homepage.href: https://recipes.${MY_TLD}
      homepage.icon: tandoor-recipes.svg
      homepage.description: Recipes, cookbooks, meal-planning, & grocery lists
      homepage.widget.type: tandoor
      homepage.widget.url: http://tandoor-recipes:8080
      homepage.widget.key: ${TANDOOR_API_TOKEN}
      swag: enable
      swag_proto: http
      swag_address: tandoor-recipes
      swag_url: recipes.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Tandoor Recipes
      swag.uptime-kuma.monitor.url: https://recipes.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8106:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/tandoor/static
        target: /opt/recipes/staticfiles
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_CONFIG}/tandoor/media
        target: /opt/recipes/mediafiles
        type: bind
        bind:
          create_host_path: true
  tandoor-pg:
    container_name: tandoor-pg
    environment:
      POSTGRES_DB: tandoor
      POSTGRES_PASSWORD: ${TANDOOR_POSTGRES_PASSWORD}
      POSTGRES_USER: tandoor
    expose:
      - 5432
    image: postgres:16-alpine@sha256:84fb5d5bdd7d47f1889f325e534f3ce643f853f460832c8a61949f5391b8dc42
    networks:
      default: null
    profiles: ["rinoa-apps"]
    restart: always
    volumes:
      - source: tandoor-pg
        target: /var/lib/postgresql/data
        type: volume
        volume: {}
  umami:
    container_name: umami
    depends_on:
      umami-pg-db:
        required: true
        condition: service_healthy
    environment:
      DATABASE_URL: postgresql://umami:${UMAMI_PG_DB_PASSWORD}@umami-pg-db:5432/umami
      DATABASE_TYPE: postgresql
      APP_SECRET: ${UMAMI_APP_SECRET}
    healthcheck:
      test: ["CMD-SHELL", "curl http://localhost:3000/api/heartbeat"]
      interval: 5s
      timeout: 5s
      retries: 5
    image: ghcr.io/umami-software/umami:postgresql-latest@sha256:77264ce6951c6b131a91d99f1cfd720d9efac1eaaa12e104f21cf49408dd77e0
    init: true
    labels:
      homepage.group: Professional Services
      homepage.name: Umami
      homepage.href: https://analytics.${MY_TLD}
      homepage.icon: umami.svg
      homepage.description: Simple, fast, privacy-focused alternative to Google Analytics
      swag: enable
      swag_port: 3000
      swag_proto: http
      swag_url: analytics.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Umami
      swag.uptime-kuma.monitor.url: https://analytics.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 17382:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  umami-pg-db:
    container_name: umami-pg-db
    environment:
      POSTGRES_DB: umami
      POSTGRES_USER: umami
      POSTGRES_PASSWORD: ${UMAMI_PG_DB_PASSWORD}
    expose:
      - 5432
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
      interval: 5s
      timeout: 5s
      retries: 5
    image: postgres:15-alpine@sha256:52af010baaeb34a287e7b5ea9696720727bd5bace64f9c18068ee187a6d6a4b2
    volumes:
      - umami-db-data:/var/lib/postgresql/data
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  unmanic:
    container_name: unmanic
    environment:
      DOCKER_MODS: linuxserver/mods:universal-docker|linuxserver/mods:universal-stdout-logs
      PUID: ${PUID}
      PGID: ${PGID}
      LOGS_TO_STDOUT: /config/.unmanic/logs/unmanic.log
    image: josh5/unmanic:latest@sha256:c01264beede4bb9f4c7e86fa9874377ae898f22122a28c642654b20f1b600b46
    labels:
      homepage.group: Media Library
      homepage.name: Unmanic
      homepage.href: https://unmanic.${MY_TLD}
      homepage.icon: unmanic.png
      homepage.description: Library Optimizer
      homepage.widget.type: unmanic
      homepage.widget.url: http://unmanic:8888
      swag: enable
      swag_port: 8888
      swag_url: unmanic.${MY_TLD}
      swag_proto: http
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.monitor.url: https://unmanic.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8911:8888
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - source: ${DOCKER_VOLUME_CONFIG}/unmanic
        target: /config
        type: bind
        bind:
          create_host_path: true
      - source: ${DOCKER_VOLUME_STORAGE}
        target: /library
        type: bind
        bind:
          create_host_path: true
      - source: unmanic-cache
        target: /tmp/unmanic
        type: volume
        volume: {}
  uptimekuma:
    container_name: uptimekuma
    depends_on:
      swag:
        condition: service_started
        required: true
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
      UPTIME_KUMA_USERNAME: ${UPTIME_KUMA_USERNAME}
      UPTIME_KUMA_PASSWORD: ${UPTIME_KUMA_PASSWORD}
      DOCKER_HOST: tcp://dockerproxy:2375
    hostname: Rinoa
    image: louislam/uptime-kuma:latest@sha256:431fee3be822b04861cf0e35daf4beef6b7cb37391c5f26c3ad6e12ce280fe18
    labels:
      homepage.group: Infrastructure/App Performance Monitoring
      homepage.name: Uptime Kuma
      homepage.href: https://uptime.${MY_TLD}
      homepage.icon: uptime-kuma.png
      homepage.description: HTTP Endpoint Monitoring
      homepage.widget.type: uptimekuma
      homepage.widget.url: http://uptimekuma:3001
      homepage.widget.slug: rinoa-services
      swag: enable
      swag_proto: http
      swag_url: uptime.${MY_TLD}
    networks:
      default: null
    ports:
      - 3003:3001
    profiles: ["rinoa-infra"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/uptimekuma
        target: /app/data
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
  vault:
    cap_add:
      - IPC_LOCK
    command:
      - server
    container_name: hc-vault
    environment:
      AWS_ACCESS_KEY_ID: ${VAULT_HASHICORP_AWS_ACCESS_KEY_ID}
      AWS_SECRET_ACCESS_KEY: ${VAULT_HASHICORP_AWS_SECRET_ACCESS_KEY}
    image: hashicorp/vault:latest@sha256:268bb80aa9c6d13d65fcfa05c0c268caca068952240a8087291a6ce0b66e3a10
    labels:
      homepage.group: Code/DevOps
      homepage.name: HashiCorp Vault
      homepage.icon: vault.png
      homepage.href: https://vault.${MY_TLD}
      homepage.description: HashiCorp Vault for secrets, key/value stores, etc.
      swag: enable
      swag_proto: http
      swag_port: 8200
      swag_url: vault.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: HashiCorp Vault
      swag.uptime-kuma.monitor.url: https://vault.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 8200:8200
      - 8250:8250
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/config/:/vault/config
      - ${DOCKER_VOLUME_CONFIG}/hashicorp-vault/logs/:/vault/logs
  wallos:
    container_name: wallos
    environment:
      TZ: ${TZ}
    image: bellamy/wallos:latest@sha256:f7489083991465b8b24a919b87f5c325d9ec57f7208fa40746578efadde3db3f
    labels:
      homepage.group: Lifestyle
      homepage.name: wallos
      homepage.href: https://subs.${MY_TLD}
      homepage.icon: wallos.png
      homepage.description: Subscription Tracking
      sablier.enable: false
      sablier.group: rinoa
      swag: enable
      swag_proto: http
      swag_url: subs.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Wallos
      swag.uptime-kuma.monitor.url: https://subs.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8283:80
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - wallos-db:/var/www/html/db
      - wallos-logos:/var/www/html/images/uploads/logos
  web-check:
    container_name: web-check
    image: lissy93/web-check@sha256:f2d1dc726958c1d79ac459cac84eb26eb4f203a4d27447f336695a8c1884f1e3
    labels:
      homepage.group: Privacy/Security
      homepage.name: Web-Check
      homepage.icon: web-check.png
      homepage.href: https://scan.${MY_TLD}
      homepage.description: Site scanner for attack vectors, architecture, security configs, and more
      swag: enable
      swag_proto: http
      swag_url: scan.${MY_TLD}
      swag_port: 3000
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Web-Check
      swag.uptime-kuma.monitor.url: https://scan.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 3010:3000
    profiles: ["rinoa-apps"]
    restart: unless-stopped
  whodb:
    container_name: whodb
    image: clidey/whodb@sha256:ee5324a4bf95a6d8cfe62cc949c5f39a7f8b66f905b05681ce7a367298fe329b
    environment:
      WHODB_CLICKHOUSE_1: '{
        "host": "signoz-clickhouse"
        }'
      WHODB_MARIADB_1: '{
        "host": "mariadb",
        "user": "root",
        "password": "${MARIADB_ENVIRONMENT_MYSQL_ROOT_PASSWORD}"
        }'
      WHODB_MONGODB_1: '{
        "host": "mongodb:27017/admin?replicaSet=rinoa",
        "user": "root",
        "password": "${MONGO_INITDB_ROOT_PASSWORD}"
        }'
      WHODB_POSTGRES_1: '{
        "host": "authelia-pg",
        "user": "authelia",
        "password": "${AUTHELIA_STORAGE_POSTGRES_PASSWORD}",
        "database": "authelia"
        }'
      WHODB_POSTGRES_2: '{
        "host": "dawarich-pg-db",
        "user": "dawarich",
        "password": "${DAWARICH_PG_PASSWORD}",
        "database": "authelia"
        }'
      WHODB_POSTGRES_3: '{
        "host": "gitea-db",
        "user": "gitea",
        "password": "${GITEA_PG_DB_PASSWORD}",
        "database": "gitea"
        }'
      WHODB_POSTGRES_4: '{
        "host": "immich-pg-db",
        "user": "immich",
        "password": "${IMMICH_DB_PASSWORD}",
        "database": "immich"
        }'
      WHODB_POSTGRES_5: '{
        "host": "invidious-db",
        "user": "kemal",
        "password": "${INVID_PG_DB_PASSWORD}",
        "database": "invidious"
        }'
      WHODB_POSTGRES_6: '{
        "host": "joplin-db",
        "user": "joplin",
        "password": "${JOPLIN_POSTGRES_PASSWORD}",
        "database": "joplin"
        }'
      WHODB_POSTGRES_7: '{
        "host": "librechat-vectordb",
        "user": "librechat",
        "password": "${LIBRECHAT_PG_DB_PASSWD}",
        "database": "librechat"
        }'
      WHODB_POSTGRES_8: '{
        "host": "mastodon-pg-db",
        "user": "mastodon",
        "password": "${MASTODON_PG_DB_PASSWORD}",
        "database": "mastodon"
        }'
      WHODB_POSTGRES_9: '{
        "host": "penpot-pg-db",
        "user": "penpot",
        "password": "${PENPOT_PG_DB_PASSWORD}",
        "database": "penpot"
        }'
      WHODB_POSTGRES_10: '{
        "host": "planka-pg-db",
        "user": "planka",
        "password": "${PLANKA_PG_PASSWORD}",
        "database": "planka"
        }'
      WHODB_POSTGRES_11: '{
        "host": "portnote-pg-db",
        "user": "portnote",
        "password": "${PORTNOTE_POSTGRES_PASSWORD}",
        "database": "portnote"
        }'
      WHODB_POSTGRES_12: '{
        "host": "reactive-resume-pg",
        "user": "reactiveresume",
        "password": "${REACTIVE_RESUME_PGSQL_PASSWORD}",
        "database": "reactiveresume"
        }'
      WHODB_POSTGRES_13: '{
        "host": "sonarqube-pg-db",
        "user": "sonar",
        "password": "${SONARQUBE_POSTGRES_PASSWORD}",
        "database": "sonar"
        }'
      WHODB_POSTGRES_14: '{
        "host": "tandoor-pg",
        "user": "tandoor",
        "password": "${TANDOOR_POSTGRES_PASSWORD}",
        "database": "tandoor"
        }'
      WHODB_POSTGRES_15: '{
        "host": "asciinema-pg-db",
        "user": "asciinema",
        "password": "${ASCIINEMA_PG_DB_PASSWORD}",
        "database": "asciinema"
        }'
      WHODB_REDIS_1: '{
        "host": "castopod-valkey"
        }'
      WHODB_REDIS_2: '{
        "host": "dawarich-valkey"
        }'
      WHODB_REDIS_3: '{
        "host": "immich-valkey"
        }'
      WHODB_REDIS_4: '{
        "host": "librechat-valkey"
        }'
      WHODB_REDIS_5: '{
        "host": "manyfold-valkey"
        }'
      WHODB_REDIS_6: '{
        "host": "mastodon-valkey"
        }'
      WHODB_REDIS_7: '{
        "host": "maxun-valkey"
        }'
      WHODB_REDIS_8: '{
        "host": "mixpost-valkey"
        }'
      WHODB_REDIS_9: '{
        "host": "paperless-valkey"
        }'
      WHODB_REDIS_10: '{
        "host": "plant-it-valkey"
        }'
      WHODB_SQLITE3_1: '{"database":"kuma.db"}'
      WHODB_OLLAMA_HOST: ollama
      WHODB_OLLAMA_PORT: 11434
      WHODB_ANTHROPIC_API_KEY: ${LIBRECHAT_ANTHROPIC_API_KEY}
      WHODB_OPENAI_API_KEY: ${LIBRECHAT_OPENAI_API_KEY}
    expose:
      - 8080
    labels:
      homepage.group: System Administration
      homepage.name: WhoDB
      homepage.href: https://dbs.${MY_TLD}
      homepage.icon: whodb.png
      homepage.description: Lightweight next-gen database explorer
      swag: enable
      swag_auth: authelia
      swag_port: 8080
      swag_proto: http
      swag_url: dbs.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: WhoDB
      swag.uptime-kuma.monitor.url: https://dbs.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/uptimekuma/:/db
  wizarr:
    container_name: wizarr
    depends_on:
      authelia:
        condition: service_started
        required: true
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      DISABLE_BUILTIN_AUTH: true
      TZ: ${TZ}
    image: ghcr.io/wizarrrr/wizarr@sha256:0681c279ebe80e73d0536a791d7ea2bcacaa4e6b865fbc026481d76315bf8e0a
    labels:
      homepage.group: Servarr Stack
      homepage.name: Wizarr
      homepage.href: https://wizarr.${MY_TLD}
      homepage.icon: wizarr.svg
      homepage.description: User invitation management system for Jellyfin, Plex, and Emby
      swag: enable
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Wizarr
      swag.uptime-kuma.monitor.url: https://wizarr.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    ports:
      - 5690:5690
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - ${DOCKER_VOLUME_CONFIG}/wizarr/database:/data/database
      - ${DOCKER_VOLUME_CONFIG}/wizarr/wizard:/data/wizard_steps
  youtubedl:
    container_name: youtubedl
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: America/New_York
      YDL_CONFIG_PATH: /youtube-dl/config.yml
      YDL_DEBUG: "false"
    hostname: Rinoa
    image: nbr23/youtube-dl-server:latest@sha256:af3dfd77a9aa03f3d8f9b18264780562c3bf9302a6bbf7f8e52f1b5c46a076b7
    labels:
      homepage.group: Downloaders
      homepage.name: YoutubeDL
      homepage.icon: youtube-dl.svg
      homepage.href: https://ytdl.${MY_TLD}
      homepage.description: YouTube Downloader
      swag: enable
      swag_proto: http
      swag_url: ytdl.${MY_TLD}
      swag_port: 8080
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: YoutubeDL
      swag.uptime-kuma.monitor.url: https://ytdl.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
    networks:
      default: null
    ports:
      - 8089:8080
    profiles: ["rinoa-apps"]
    restart: unless-stopped
    volumes:
      - bind:
          create_host_path: true
        read_only: true
        source: /etc/localtime
        target: /etc/localtime
        type: bind
      - bind:
          create_host_path: true
        source: ${DOCKER_VOLUME_CONFIG}/youtubedl
        target: /youtube-dl
        type: bind
      - bind:
          create_host_path: true
        source: /rinoa-storage
        target: /storage
        type: bind
  zammad-backup:
    <<: *zammad-service
    command: ["zammad-backup"]
    container_name: zammad-backup
    volumes:
      - zammad-backup:/var/tmp/zammad
      - zammad-storage:/opt/zammad/storage:ro
    user: 0:0
  zammad-elasticsearch:
    container_name: zammad-elasticsearch
    image: elasticsearch:${ELASTICSEARCH_VERSION:-8.18.0}
    restart: ${RESTART:-always}
    profiles:
      - do-not-start
    volumes:
      - zammad-elasticsearch-data:/usr/share/elasticsearch/data
    environment:
      # Enable authorization without HTTPS. For external access with
      #   SSL termination, use solutions like nginx-proxy-manager.
      ELASTICSEARCH_ENABLE_SECURITY: "true"
      ELASTICSEARCH_SKIP_TRANSPORT_TLS: "true"
      ELASTICSEARCH_ENABLE_REST_TLS: "false"
      # ELASTICSEARCH_USER is hardcoded to 'elastic' in the container.
      ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASS:-zammad}
  zammad-init:
    <<: *zammad-service
    command: ["zammad-init"]
    container_name: zammad-init
    depends_on:
      - zammad-postgresql
    restart: on-failure
    user: 0:0
  zammad-memcached:
    command: memcached -m 256M
    container_name: zammad-memcached
    image: memcached:${MEMCACHE_VERSION:-1.6.38-alpine}
    profiles: ["rinoa-apps"]
    restart: ${RESTART:-always}
  zammad-nginx:
    <<: *zammad-service
    command: ["zammad-nginx"]
    container_name: zammad-nginx
    expose:
      - 8080
    ports:
      - 15257:8080
    labels:
      swag: enable
      swag_proto: http
      swag_port: 8080
      swag_url: support.${MY_TLD}
      swag.uptime-kuma.enabled: true
      swag.uptime-kuma.monitor.parent: Rinoa
      swag.uptime-kuma.name: Zammad
      swag.uptime-kuma.monitor.url: https://support.${MY_TLD}
      swag.uptime-kuma.monitor.interval: 300
      swag.uptime-kuma.monitor.retryInterval: 60
      swag.uptime-kuma.monitor.maxretries: 5
      homepage.group: Professional Services
      homepage.name: Zammad
      homepage.href: https://support.${MY_TLD}
      homepage.icon: zammad.svg
      homepage.description: Open-source helpdesk/customer support system
    depends_on:
      - zammad-railsserver
  zammad-postgresql:
    container_name: zammad-postgresql
    environment:
      POSTGRES_DB: ${ZAMMAD_POSTGRES_DB:-zammad_production}
      POSTGRES_USER: ${ZAMMAD_POSTGRES_USER:-zammad}
      POSTGRES_PASSWORD: ${ZAMMAD_POSTGRES_PASS:-zammad}
    image: postgres:${ZAMMAD_POSTGRES_VERSION:-17.5-alpine}
    profiles: ["rinoa-apps"]
    restart: ${RESTART:-always}
    volumes:
      - zammad-postgresql-data:/var/lib/postgresql/data
  zammad-railsserver:
    <<: *zammad-service
    command: ["zammad-railsserver"]
    container_name: zammad-railsserver
  zammad-redis:
    container_name: zammad-redis
    image: redis:${REDIS_VERSION:-7.4.2-alpine}
    profiles: ["rinoa-apps"]
    restart: ${RESTART:-always}
    volumes:
      - zammad-redis-data:/data
  zammad-scheduler:
    <<: *zammad-service
    command: ["zammad-scheduler"]
    container_name: zammad-scheduler
  zammad-websocket:
    <<: *zammad-service
    command: ["zammad-websocket"]
    container_name: zammad-websocket
volumes:
  asciinema-data:
    name: asciinema-data
  asciinema-pg-data:
    name: asciinema-pg-data
  authelia-pg-db:
    name: authelia-pg-db
  authelia-valkey-data:
    name: authelia-valkey-data
  castopod-media:
    name: castopod-media
  castopod-valkey-data:
    name: castopod-valkey-data
  changedetection-data:
    name: changedetection-data
  crowdsec-config:
    name: crowdsec-config
  crowdsec-db:
    name: crowdsec-db
  dagu-data:
    name: dagu-data
  dawarich_db_data:
    name: dawarich_db_data
  dawarich_shared:
    name: dawarich_shared
  dawarich_public:
    name: dawarich_public
  dawarich-valkey-data:
    name: dawarich-valkey-data
  dawarich_watched:
    name: dawarich_watched
  dockflare_data:
    name: dockflare_data
  easyappointments:
    name: easyappointments
  fastenhealth-cache:
    name: fastenhealth-cache
  fastenhealth-db:
    name: fastenhealth-db
  gitea-pg-db:
    name: gitea-pg-db
  immich-model-cache:
    name: immich-model-cache
  immich-valkey-data:
    name: immich-valkey-data
  influxdb2-data:
    name: influxdb2-data
  influxdb2-config:
    name: influxdb2-config
  invidious-companion-cache:
    name: invidious-companion-cache
  invidious-postgres:
    name: invidious-postgres
  invoice-ninja_cache:
    name: invoice-ninja_cache
  invoice-ninja_public:
    name: invoice-ninja_public
  invoice-ninja_storage:
    name: invoice-ninja_storage
  jitsi-web-admin-theme:
    name: jitsi-web-admin-theme
  jitsi-web-admin-upload:
    name: jitsi-web-admin-upload
  joplin_data:
    name: joplin_data
  karakeep-data:
    name: karakeep-data
  linkstack_data:
    name: linkstack_data
  libretranslate_api_keys:
    name: libretranslate_api_keys
  libretranslate_models:
    name: libretranslate_models
  lldap_data:
    name: lldap_data
  manyfold-valkey-data:
    name: manyfold-valkey-data
  mastodon-pg-db:
    name: mastodon-pg-db
  mastodon-valkey-data:
    name: mastodon-valkey-data
  maxun-pg-data:
    name: maxun-pg-data
  maxun-valkey-data:
    name: maxun-valkey-data
  mixpost-storage:
    name: mixpost-storage
  mixpost-logs:
    name: mixpost-logs
  mixpost-valkey-data:
    name: mixpost-valkey-data
  mgob-data:
    name: mgob-data
  mgob-tmp:
    name: mgob-tmp
  mongodb_config:
    name: mongodb_config
  mongodb_data:
    name: mongodb_data
  n8n-data:
    name: n8n-data
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
  nocodb_data:
    name: nocodb_data
  nocodb_pg_data:
    name: nocodb_pg_data
  nocodb_valkey_data:
    name: nocodb_valkey_data
  ollama:
    name: ollama
  open-webui-data:
    name: open-webui-data
  open-webui-valkey-data:
    name: open-webui-valkey-data
  paperless-ngx-data:
    name: paperless-ngx-data
  paperless-ngx-media:
    name: paperless-ngx-media
  paperless-ngx-pg:
    name: paperless-ngx-pg
  paperless-valkey-data:
    name: paperless-valkey-data
  patchman-valkey-data:
    name: patchman-valkey-data
  penpot-assets:
    name: penpot-assets
  penpot-pg-data:
    name: penpot-pg-data
  pgbackweb-data:
    name: pgbackweb-data
  planka-favicons:
    name: planka-favicons
  planka-user-avatars:
    name: planka-user-avatars
  planka-background-images:
    name: planka-background-images
  planka-attachments:
    name: planka-attachments
  planka-db-data:
    name: planka-db-data
  plant-it-valkey-data:
    name: plant-it-valkey-data
  portainer-data:
    name: portainer-data
  protonmail-data:
    name: protonmail-data
  reactive-resume-pg:
    name: reactive-resume-pg
  romm_resources:
    name: romm_resources
  romm-valkey-data:
    name: romm-valkey-data
  searxng-valkey-data:
    name: searxng-valkey-data
  semaphore_config:
    name: semaphore_config
  semaphore_data:
    name: semaphore_data
  semaphore_tmp:
    name: semaphore_tmp
  signoz-clickhouse:
    name: signoz-clickhouse
  signoz-sqlite:
    name: signoz-sqlite
  signoz-zookeeper-1:
    name: signoz-zookeeper-1
  sonarqube-data:
    name: sonarqube-data
  sonarqube-db:
    name: sonarqube-db
  sonarqube-db-data:
    name: sonarqube-db-data
  sonarqube-extensions:
    name: sonarqube-extensions
  sonarqube-logs:
    name: sonarqube-logs
  sonarqube-temp:
    name: sonarqube-temp
  tandoor-pg:
    name: tandoor-pg
  umami-db-data:
    name: umami-db-data
  unmanic-cache:
    name: unmanic-cache
  wallos-db:
    name: wallos-db
  wallos-logos:
    name: wallos-logos
  zammad-backup:
    name: zammad-backup
  zammad-storage:
    name: zammad-storage
  zammad-elasticsearch-data:
    name: zammad-elasticsearch-data
  zammad-postgresql-data:
    name: zammad-postgresql-data
  zammad-redis-data:
    name: zammad-redis-data