diff --git a/__swarm/bitwarden/bitwarden-swarm.yml b/__swarm/bitwarden/bitwarden-swarm.yml
new file mode 100644
index 0000000..3b72804
--- /dev/null
+++ b/__swarm/bitwarden/bitwarden-swarm.yml
@@ -0,0 +1,39 @@
+version: '3.9'
+services:
+  bitwarden:
+    environment:
+    - WEBSOCKET_ENABLED=true
+    - SIGNUPS_ALLOWED=true
+    - DOMAIN=https://pw.sectorq.eu
+    - SMTP_HOST=mail.sectorq.eu
+    - SMTP_FROM=jaydee@sectorq.eu
+    - SMTP_PORT=465
+    - SMTP_SSL=true
+    - SMTP_USERNAME=jaydee@sectorq.eu
+    - SMTP_PASSWORD=$SMTP_PASSWORD
+    - ADMIN_TOKEN=$ADMIN_PASSWORD
+    image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
+    ports:
+    - 8181:80
+    volumes:
+    - /share/docker_data/bitwarden/bw-data:/data
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.container: vaultwarden
+        homepage.description: Password manager
+        homepage.group: Utilities
+        homepage.href: https://pw.sectorq.eu
+        homepage.icon: bitwarden.png
+        homepage.name: Bitwarden
+        homepage.server: my-docker
+        homepage.weight: 1
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
diff --git a/__swarm/bookstack/.env b/__swarm/bookstack/.env
new file mode 100755
index 0000000..d068d50
--- /dev/null
+++ b/__swarm/bookstack/.env
@@ -0,0 +1,2 @@
+APPNAME=bookstack
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/bookstack/bookstack-swarm.yml b/__swarm/bookstack/bookstack-swarm.yml
new file mode 100644
index 0000000..d42bacf
--- /dev/null
+++ b/__swarm/bookstack/bookstack-swarm.yml
@@ -0,0 +1,50 @@
+version: '3.9'
+services:
+  app:
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
+    ports:
+    - 6875:80
+    volumes:
+    - /share/docker_data/bookstack/bookstack_app_data:/config
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.container: bookstack-app-1
+        homepage.description: Books
+        homepage.group: Utilities
+        homepage.href: https://bookstack.sectorq.eu
+        homepage.icon: bookstack.png
+        homepage.name: Bookstack
+        homepage.server: my-docker-swarm
+        homepage.weight: 1
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  db:
+    env_file:
+    - stack.env
+    environment:
+      PGID: 0
+      PUID: 0
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
+    volumes:
+    - /share/docker_data/bookstack/bookstack_db_data:/config
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
diff --git a/__swarm/bookstack/docker-compose copy.yml b/__swarm/bookstack/docker-compose copy.yml
new file mode 100755
index 0000000..f125544
--- /dev/null
+++ b/__swarm/bookstack/docker-compose copy.yml	
@@ -0,0 +1,88 @@
+---
+version: "2"
+services:
+  app:
+    image: lscr.io/linuxserver/bookstack:latest
+    environment:
+      PUID: 1000
+      PGID: 1000
+      APP_URL: https://bookstack.sectorq.eu
+      DB_HOST: db
+      DB_PORT: 3306
+      DB_USER: bookstack
+      DB_PASS: l4c1j4yd33Du5lo
+      DB_DATABASE: bookstackapp
+      # Set authentication method to be saml2
+      AUTH_METHOD: saml2
+      # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
+      # Prevents the need for the user to click the "Login with x" button on the login page.
+      # Setting this to true enables auto-initiation.
+      AUTH_AUTO_INITIATE: false
+      # Set the display name to be shown on the login button.
+      # (Login with <name>)
+      SAML2_NAME: authentik
+      # Name of the attribute which provides the user's email address
+      SAML2_EMAIL_ATTRIBUTE: email
+      # Name of the attribute to use as an ID for the SAML user.
+      SAML2_EXTERNAL_ID_ATTRIBUTE: uid
+      # Enable SAML group sync.
+      SAML2_USER_TO_GROUPS: true
+      # Set the attribute from which BookStack will read groups names from.
+      # You will need to rename your roles in Bookstack to match your groups in authentik.
+      SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
+      # Name of the attribute(s) to use for the user's display name
+      # Can have multiple attributes listed, separated with a '|' in which
+      # case those values will be joined with a space.
+      # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
+      # Defaults to the ID value if not found.
+      ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
+      SAML2_DISPLAY_NAME_ATTRIBUTES: username
+
+      # Identity Provider entityID URL
+      SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
+      
+      # Auto-load metadata from the IDP
+      # Setting this to true negates the need to specify the next three options
+      SAML2_AUTOLOAD_METADATA: true
+
+
+
+
+
+
+      
+    volumes:
+      - /share/docker_data/bookstack/bookstack_app_data:/config
+    ports:
+      - 6875:80
+    restart: ${RESTART:-unless-stopped}
+    depends_on:
+      - db
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.group: Utilities
+      homepage.name: Bookstack
+      homepage.weight: 1
+      homepage.icon: bookstack.png
+      homepage.href: https://bookstack.sectorq.eu
+      homepage.description: Books
+      homepage.server: my-docker
+      homepage.container: bookstack-app-1
+      # homepage.widget.type: ${APPNAME}
+      # homepage.widget.url: https://${APPNAME}.sectorq.eu
+      # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666
+      # homepage.widget.version: 2
+  db:
+    image: lscr.io/linuxserver/mariadb
+    environment:
+      PUID: 0
+      PGID: 0
+      MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
+      TZ: Europe/Bratislava
+      MYSQL_DATABASE: bookstackapp
+      MYSQL_USER: bookstack
+      MYSQL_PASSWORD: l4c1j4yd33Du5lo
+    
+    volumes:
+      - /share/docker_data/bookstack/bookstack_db_data:/config
+    restart: ${RESTART:-unless-stopped}
diff --git a/__swarm/bookstack/docker-compose.yml b/__swarm/bookstack/docker-compose.yml
new file mode 100755
index 0000000..83e96f3
--- /dev/null
+++ b/__swarm/bookstack/docker-compose.yml
@@ -0,0 +1,38 @@
+services:
+  app:
+    depends_on:
+    - db
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.container: bookstack-app-1
+      homepage.description: Books
+      homepage.group: Utilities
+      homepage.href: https://bookstack.sectorq.eu
+      homepage.icon: bookstack.png
+      homepage.name: Bookstack
+      homepage.server: my-docker
+      homepage.weight: 1
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 6875:80
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/bookstack/bookstack_app_data:/config
+  db:
+    env_file:
+    - stack.env
+    environment:
+      PGID: 0
+      PUID: 0
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/bookstack/bookstack_db_data:/config
+version: '2'
diff --git a/__swarm/bookstack/stack.env b/__swarm/bookstack/stack.env
new file mode 100755
index 0000000..96c4f98
--- /dev/null
+++ b/__swarm/bookstack/stack.env
@@ -0,0 +1,86 @@
+PUID: 1000
+PGID: 1000
+APP_URL: https://bookstack.sectorq.eu
+DB_HOST: db
+DB_PORT: 3306
+DB_USER: bookstack
+DB_PASS: l4c1j4yd33Du5lo
+DB_DATABASE: bookstackapp
+MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
+TZ: Europe/Bratislava
+MYSQL_DATABASE: bookstackapp
+MYSQL_USER: bookstack
+MYSQL_PASSWORD: l4c1j4yd33Du5lo
+# # Set authentication method to be saml2
+# AUTH_METHOD: saml2
+# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
+# # Prevents the need for the user to click the "Login with x" button on the login page.
+# # Setting this to true enables auto-initiation.
+# AUTH_AUTO_INITIATE: false
+# # Set the display name to be shown on the login button.
+# # (Login with <name>)
+# SAML2_NAME: authentik
+# # Name of the attribute which provides the user's email address
+# SAML2_EMAIL_ATTRIBUTE: email
+# # Name of the attribute to use as an ID for the SAML user.
+# SAML2_EXTERNAL_ID_ATTRIBUTE: uid
+# # Enable SAML group sync.
+# SAML2_USER_TO_GROUPS: true
+# # Set the attribute from which BookStack will read groups names from.
+# # You will need to rename your roles in Bookstack to match your groups in authentik.
+# SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
+# # Name of the attribute(s) to use for the user's display name
+# # Can have multiple attributes listed, separated with a '|' in which
+# # case those values will be joined with a space.
+# # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
+# # Defaults to the ID value if not found.
+# ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
+# SAML2_DISPLAY_NAME_ATTRIBUTES: username
+
+# # Identity Provider entityID URL
+# SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
+
+# # Auto-load metadata from the IDP
+# # Setting this to true negates the need to specify the next three options
+# SAML2_AUTOLOAD_METADATA: true
+
+
+# Set OIDC to be the authentication method
+AUTH_METHOD: oidc
+#AUTH_METHOD: standard 
+# Control if BookStack automatically initiates login via your OIDC system 
+# if it's the only authentication method. Prevents the need for the
+# user to click the "Login with x" button on the login page.
+# Setting this to true enables auto-initiation.
+AUTH_AUTO_INITIATE: true
+
+# Set the display name to be shown on the login button.
+# (Login with <name>)
+OIDC_NAME: SSO
+
+# Name of the claims(s) to use for the user's display name.
+# Can have multiple attributes listed, separated with a '|' in which 
+# case those values will be joined with a space.
+# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
+OIDC_DISPLAY_NAME_CLAIMS: name
+
+# OAuth Client ID to access the identity provider
+OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
+
+# OAuth Client Secret to access the identity provider
+OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
+
+# Issuer URL
+# Must start with 'https://'
+OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
+
+# The "end session" (RP-initiated logout) URL to call during BookStack logout.
+# By default this is false which disables RP-initiated logout.
+# Setting to "true" will enable logout if found as supported by auto-discovery.
+# Otherwise, this can be set as a specific URL endpoint.
+OIDC_END_SESSION_ENDPOINT: false
+
+# Enable auto-discovery of endpoints and token keys.
+# As per the standard, expects the service to serve a 
+# `<issuer>/.well-known/openid-configuration` endpoint.
+OIDC_ISSUER_DISCOVER: true
\ No newline at end of file
diff --git a/__swarm/dockermon/.env b/__swarm/dockermon/.env
new file mode 100755
index 0000000..afd82c8
--- /dev/null
+++ b/__swarm/dockermon/.env
@@ -0,0 +1,2 @@
+APPNAME=dockermon
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/dockermon/docker-compose.yml b/__swarm/dockermon/docker-compose.yml
new file mode 100755
index 0000000..fb8d5a1
--- /dev/null
+++ b/__swarm/dockermon/docker-compose.yml
@@ -0,0 +1,14 @@
+services:
+  docker_mon:
+    image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 8126:8126
+    restart: unless-stopped
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /share/docker_data/dockermon/config:/config
+version: '2'
diff --git a/__swarm/fail2ban/.env b/__swarm/fail2ban/.env
new file mode 100755
index 0000000..8728665
--- /dev/null
+++ b/__swarm/fail2ban/.env
@@ -0,0 +1,2 @@
+APPNAME=fail2ban
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/fail2ban/.gitkeep b/__swarm/fail2ban/.gitkeep
new file mode 100755
index 0000000..e69de29
diff --git a/__swarm/fail2ban/docker-compose.yaml b/__swarm/fail2ban/docker-compose.yaml
new file mode 100755
index 0000000..84cd1e8
--- /dev/null
+++ b/__swarm/fail2ban/docker-compose.yaml
@@ -0,0 +1,49 @@
+---
+services:
+  # fail2ban:
+  #   image: lscr.io/linuxserver/fail2ban:latest
+  #   container_name: fail2ban
+  #   cap_add:
+  #     - NET_ADMIN
+  #     - NET_RAW
+  #   network_mode: host
+  #   environment:
+  #     - PUID=1000
+  #     - PGID=1000
+  #     - TZ=Europe/Bratislava
+  #     - VERBOSITY=-vvv #optional
+  #   volumes:
+  #     - /share/docker_data/fail2ban/config:/config
+  #     - /share/docker_data/fail2ban/log:/var/log:ro
+  #     # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
+  #     # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
+  #     # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
+  #     # - /path/to/emby/log:/remotelogs/emby:ro #optional
+  #     # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
+  #     - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
+  #     # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
+  #     # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
+  #     # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
+  #     # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
+  #     # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
+  #     # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
+  #     # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
+  #     # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
+  #     # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
+  #     # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
+  #     # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
+  #   restart: unless-stopped
+  blockips-unifi:
+    stdin_open: true
+    tty: true
+    container_name: blockips-unifi
+    restart: always
+    environment:
+        - TZ=Europe/Bratislava
+    volumes:
+        - /share/docker_data/unify_block/config.php:/config.php
+        - /share/docker_data/unify_block/ban.sh:/ban.sh
+        - /share/docker_data/unify_block/crontab:/etc/crontabs/root
+        - /share/docker_data/fail2ban/ban:/ban
+        - /share/docker_data/fail2ban/unban:/unban
+    image: ${DOCKER_REGISTRY:-}tusc/blockips-unifi:latest
\ No newline at end of file
diff --git a/__swarm/fail2ban/fail2ban.env b/__swarm/fail2ban/fail2ban.env
new file mode 100755
index 0000000..9ea241b
--- /dev/null
+++ b/__swarm/fail2ban/fail2ban.env
@@ -0,0 +1,12 @@
+TZ=Europe/Bratislava
+
+F2B_LOG_TARGET=/log/fail2ban.log
+F2B_LOG_LEVEL=INFO
+F2B_DB_PURGE_AGE=1d
+
+SSMTP_HOST=mail.sectorq.eu
+SSMTP_PORT=465
+SSMTP_HOSTNAME=mail.sectorq.eu
+SSMTP_USER=fail2ban@sectorq.eu
+SSMTP_PASSWORD=l4c1j4yd33Du5lo
+SSMTP_TLS=YES
diff --git a/__swarm/gitea/docker-compose.yml b/__swarm/gitea/docker-compose.yml
index 1adf623..8398a31 100755
--- a/__swarm/gitea/docker-compose.yml
+++ b/__swarm/gitea/docker-compose.yml
@@ -3,33 +3,30 @@ networks:
     external: false
 services:
   server:
+    container_name: gitea
     environment:
       USER_UID: 1000
       USER_GID: 1000
       ROOT_URL: https://gitea.sectorq.eu
-      ENABLE_PASSWORD_SIGNIN_FORM: "false"
-      DISABLE_REGISTRATION: "true"
+      ENABLE_PASSWORD_SIGNIN_FORM: false
+      DISABLE_REGISTRATION: true
     image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
-    deploy:
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == manager
-      labels:
-        homepage.container: gitea_server
-        homepage.description: Version control server
-        homepage.group: Utilities
-        homepage.href: https://${APPNAME}.sectorq.eu
-        homepage.icon: ${APPNAME}.png
-        homepage.name: Gitea
-        homepage.server: my-docker1
-        homepage.weight: 1
-        homepage.widget.key: b486c53526c26093a255227bc0165c0d329fd638
-        homepage.widget.type: ${APPNAME}
-        homepage.widget.url: https://${APPNAME}.sectorq.eu
-        homepage.widget.version: 2
-        wud.watch: "true"
-        wud.watch.digest: "true"
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.container: gitea
+      homepage.description: Version control server
+      homepage.group: Utilities
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Gitea
+      homepage.server: my-docker
+      homepage.weight: 1
+      homepage.widget.key: ${TOKEN}
+      homepage.widget.type: ${APPNAME}
+      homepage.widget.url: https://${APPNAME}.sectorq.eu
+      homepage.widget.version: 2
+      wud.watch: true
+      wud.watch.digest: true
     networks:
     - gitea
     ports:
@@ -53,8 +50,6 @@ services:
       - /share/docker_data/gitea-runner/data:/data
       - /var/run/docker.sock:/var/run/docker.sock
     restart: ${RESTART:-unless-stopped}
-    deploy:
-      replicas: 1
-      labels:
-        wud.watch: "true"
-        wud.watch.digest: "true"
\ No newline at end of file
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
\ No newline at end of file
diff --git a/__swarm/gitea/gitea-swarm.yml b/__swarm/gitea/gitea-swarm.yml
new file mode 100644
index 0000000..8e89633
--- /dev/null
+++ b/__swarm/gitea/gitea-swarm.yml
@@ -0,0 +1,69 @@
+version: '3.9'
+services:
+  server:
+    environment:
+      USER_UID: 1000
+      USER_GID: 1000
+      ROOT_URL: https://gitea.sectorq.eu
+      ENABLE_PASSWORD_SIGNIN_FORM: false
+      DISABLE_REGISTRATION: true
+    image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
+    networks:
+    - gitea
+    ports:
+    - 3000:3000
+    - '222:22'
+    volumes:
+    - /share/docker_data/gitea:/data
+    - /etc/timezone:/etc/timezone:ro
+    - /etc/localtime:/etc/localtime:ro
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.container: gitea
+        homepage.description: Version control server
+        homepage.group: Utilities
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Gitea
+        homepage.server: my-docker
+        homepage.weight: 1
+        homepage.widget.key: ${TOKEN}
+        homepage.widget.type: ${APPNAME}
+        homepage.widget.url: https://${APPNAME}.sectorq.eu
+        homepage.widget.version: 2
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  runner:
+    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
+    environment:
+      CONFIG_FILE: /config/config.yaml
+      GITEA_INSTANCE_URL: https://gitea.sectorq.eu/
+      GITEA_RUNNER_REGISTRATION_TOKEN: 8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb
+      GITEA_RUNNER_NAME: jaydee
+      GITEA_RUNNER_LABELS: jaydee
+    volumes:
+    - /share/docker_data/gitea-runner/config:/config
+    - /share/docker_data/gitea-runner/data:/data
+    - /var/run/docker.sock:/var/run/docker.sock
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+networks:
+  gitea:
+    external: false
diff --git a/__swarm/gitlab/docker-compose.yml b/__swarm/gitlab/docker-compose.yml
new file mode 100755
index 0000000..9ba87fb
--- /dev/null
+++ b/__swarm/gitlab/docker-compose.yml
@@ -0,0 +1,54 @@
+services:
+  web:
+    container_name: gitlab
+    environment:
+      GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\
+        \ = 80\nnginx['listen_https'] = false\nweb_server['username'] = 'git'\ngitlab_rails['time_zone']\
+        \ = 'Europe/Bratislava'\ngitlab_rails['omniauth_enabled'] = true\ngitlab_rails['omniauth_allow_single_sign_on']\
+        \ = ['saml']\ngitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n\
+        gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\ngitlab_rails['omniauth_sync_profile_attributes']\
+        \ = ['email']\ngitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n\
+        gitlab_rails['omniauth_block_auto_created_users'] = false\ngitlab_rails['omniauth_auto_link_saml_user']\
+        \ = true\ngitlab_rails['omniauth_providers'] = [\n  {\n    name: 'saml',\n\
+        \    args: {\n      assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',\n\
+        \      # Shown when navigating to certificates in authentik1\n      idp_cert_fingerprint:\
+        \ 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',\n      idp_sso_target_url:\
+        \ 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',\n\
+        \      issuer: 'https://gitlab.sectorq.eu',\n      name_identifier_format:\
+        \ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',\n      attribute_statements:\
+        \ {\n        email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],\n\
+        \        first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],\n\
+        \        nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']\n\
+        \      }\n    },\n    label: 'authentik'\n  }\n]\n"
+      TZ: Europe/Bratislava
+    hostname: gitlab.sectorq.eu
+    image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: gitlab
+      homepage.description: Version control
+      homepage.group: Infrastructure
+      homepage.href: https://gitlab.sectorq.eu
+      homepage.icon: gitlab.png
+      homepage.name: Gitlab
+      homepage.server: my-docker
+      homepage.weight: '1'
+      homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
+      homepage.widget.type: gitlab
+      homepage.widget.url: https://gitlab.sectorq.eu
+      homepage.widget.user_id: '2'
+      wud.watch: true
+      wud.watch.digest: true
+    network_mode: bridge
+    ports:
+    - 8785:80
+    - 8743:443
+    - '8722:22'
+    restart: unless-stopped
+    shm_size: 4gb
+    volumes:
+    - /share/docker_data/gitlab/config:/etc/gitlab
+    - /share/docker_data/gitlab/logs:/var/log/gitlab
+    - /share/docker_data/gitlab/data:/var/opt/gitlab
+    - /etc/localtime:/etc/localtime:ro
+version: '3.6'
diff --git a/__swarm/gotify/.env b/__swarm/gotify/.env
new file mode 100755
index 0000000..5422c17
--- /dev/null
+++ b/__swarm/gotify/.env
@@ -0,0 +1,3 @@
+APPNAME=gotify
+DOCKER_REGISTRY=r.sectorq.eu/library/
+CLIENT_TOKEN=CowKqc8UU5Xn-EA
\ No newline at end of file
diff --git a/__swarm/gotify/docker-compose copy.yml b/__swarm/gotify/docker-compose copy.yml
new file mode 100755
index 0000000..2c80a25
--- /dev/null
+++ b/__swarm/gotify/docker-compose copy.yml	
@@ -0,0 +1,22 @@
+name: gotify
+services:
+    server:
+        ports:
+            - 8010:80
+        environment:
+            - TZ=Europe/Berlin
+            - GOTIFY_DEFAULTUSER_PASS='admin'
+        volumes:
+            - /share/docker_data/gotify/data:/app/data
+        image: ${DOCKER_REGISTRY:-}gotify/server
+        labels:
+          - com.centurylinklabs.watchtower.enable=true
+          - homepage.group=Utilities
+          - homepage.name=Gotify
+          - homepage.weight=1
+          - homepage.icon=gotify.png
+          - homepage.href=https://gotify.sectorq.eu
+          - homepage.description=Notification Server
+          - homepage.widget.type=gotify
+          - homepage.widget.url=https://gotify.sectorq.eu
+          - homepage.widget.key=C3Fy8AQym_sc1zS
diff --git a/__swarm/gotify/docker-compose.yml b/__swarm/gotify/docker-compose.yml
new file mode 100755
index 0000000..ce8ea16
--- /dev/null
+++ b/__swarm/gotify/docker-compose.yml
@@ -0,0 +1,46 @@
+version: '3.8'
+
+services:
+  gotify:
+    container_name: gotify
+    hostname: gotify
+    image: gotify/server
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - net
+    ports:
+      - "8680:80"
+    volumes:
+      - data:/app/data
+    environment:
+      GOTIFY_DEFAULTUSER_PASS:  'l4c1j4yd33Du5lo'   # Change me!!!!!
+
+
+  igotify:
+    container_name: igotify
+    hostname: igotify
+    image: ghcr.io/androidseb25/igotify-notification-assist:latest
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    pull_policy: always
+    networks:
+      - net
+    ports:
+      - "8681:8080"
+    volumes:
+      - api-data:/app/data
+    environment:                 # option environment see above note
+      GOTIFY_URLS: 'https://gotify.sectorq.eu'
+      GOTIFY_CLIENT_TOKENS: ${CLIENT_TOKEN}
+      SECNTFY_TOKENS: 'NTFY-DEVICE-nmE8MaAk1PX9wCRSkqKatiKzD4LCvDTENi3LTPwcn5cckXtkwQQ'
+      GOTIFY_DEFAULTUSER_PASS:  'l4c1j4yd33Du5lo' 
+
+networks:
+  net:
+
+volumes:
+  data:
+  api-data:
\ No newline at end of file
diff --git a/__swarm/gotify/stack.env b/__swarm/gotify/stack.env
new file mode 100755
index 0000000..bfc175d
--- /dev/null
+++ b/__swarm/gotify/stack.env
@@ -0,0 +1,4 @@
+GOTIFY_URLS=https://gotify.sectorq.eu
+GOTIFY_CLIENT_TOKENS=CfYatBoIszgIr07
+SECNTFY_TOKENS=NTFY-DEVICE-CIrIeIoagAdUFwI8uOZlo6Qd9b3OF1x1NSpdns6mlImvzb4X0kI
+GOTIFY_DEFAULTUSER_PASS=l4c1j4yd33Du5lo
\ No newline at end of file
diff --git a/__swarm/grafana/.env b/__swarm/grafana/.env
new file mode 100755
index 0000000..b405f54
--- /dev/null
+++ b/__swarm/grafana/.env
@@ -0,0 +1,2 @@
+APPNAME=grafana
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/grafana/docker-compose.yml b/__swarm/grafana/docker-compose.yml
new file mode 100755
index 0000000..abf7447
--- /dev/null
+++ b/__swarm/grafana/docker-compose.yml
@@ -0,0 +1,88 @@
+name: grafana
+networks:
+  loki: null
+services:
+  grafana:
+    container_name: grafana
+    entrypoint:
+    - sh
+    - -euc
+    - "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
+      apiVersion: 1\ndatasources:\n- name: Loki\n  type: loki\n  access: proxy\n \
+      \ orgId: 1\n  url: http://loki:3100\n  basicAuth: false\n  isDefault: true\n\
+      \  version: 1\n  editable: false\nEOF\n/run.sh\n"
+    environment:
+      GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
+      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
+      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
+      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
+      GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
+      GF_AUTH_GENERIC_OAUTH_NAME: authentik
+      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
+        && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
+      GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
+      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
+      GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
+      GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
+      GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
+      GF_LOG_FILTERS: rendering:debug
+      GF_RENDERING_CALLBACK_URL: http://grafana:3000/
+      GF_RENDERING_SERVER_URL: http://renderer:8092/render
+      GF_SERVER_ROOT_URL: https://g.sectorq.eu/
+    image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: grafana
+      homepage.description: Graphs
+      homepage.group: Smarthome
+      homepage.href: https://g.sectorq.eu
+      homepage.icon: grafana.png
+      homepage.name: Grafana
+      homepage.server: my-docker
+      homepage.weight: '1'
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - loki
+    ports:
+    - 3007:3000
+    restart: ${RESTART:-unless-stopped}
+    user: 0:0
+    volumes:
+    - /share/docker_data/grafana/data:/var/lib/grafana
+    - /share/docker_data/grafana/certs:/certs
+  loki:
+    command: -config.file=/etc/loki/local-config.yaml
+    image: ${DOCKER_REGISTRY:-}grafana/loki:latest
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - loki
+    ports:
+      - 3100:3100
+    restart: ${RESTART:-unless-stopped}
+  promtail:
+    command: -config.file=/etc/promtail/config.yml
+    image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - loki
+    volumes:
+      - /var/log:/var/log
+      - /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
+      - /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
+    restart: ${RESTART:-unless-stopped}
+  renderer:
+    image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 8092
+    networks:
+    - loki
+    restart: ${RESTART:-unless-stopped}
diff --git a/__swarm/home-assistant-swarm.yml b/__swarm/home-assistant-swarm.yml
new file mode 100644
index 0000000..5b11153
--- /dev/null
+++ b/__swarm/home-assistant-swarm.yml
@@ -0,0 +1,230 @@
+version: '3.9'
+services:
+  homeassistant:
+    network_mode: host
+    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
+    volumes:
+    - /share/docker_data/ha/:/config
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /run/dbus:/run/dbus:ro
+    privileged: true
+    environment:
+    - DISABLE_JEMALLOC=value
+    - TZ=Europe/Bratislava
+    dns:
+    - 192.168.77.101
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.group: Smarthome
+        homepage.name: Home Assistant
+        homepage.weight: 1
+        homepage.icon: home-assistant.png
+        homepage.href: https://ha.sectorq.eu
+        homepage.description: 3D Printing
+        homepage.server: my-docker
+        homepage.container: HomeAssistant
+        homepage.widget.type: homeassistant
+        homepage.widget.url: https://ha.sectorq.eu
+        homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  esphome:
+    image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
+    volumes:
+    - /share/docker_data/esphome/config:/config
+    - /etc/localtime:/etc/localtime:ro
+    privileged: true
+    network_mode: host
+    environment:
+    - USERNAME=jaydee
+    - PASSWORD=jaydee1
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.group: Smarthome
+        homepage.name: ESPHome
+        homepage.weight: 1
+        homepage.icon: esphome.png
+        homepage.href: https://esphome.sectorq.eu
+        homepage.description: 3D Printing
+        homepage.server: my-docker
+        homepage.container: esphome
+        homepage.widget.type: esphome
+        homepage.widget.url: https://esphome.sectorq.eu
+        homepage.widget.username: jaydee
+        homepage.widget.password: jaydee1
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  wyoming-piper-en:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
+    ports:
+    - 10200:10200
+    volumes:
+    - /share/docker_data/piper/english:/data
+    command: --data-dir /data --voice en_US-lessac-medium
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  wyoming-whisper-en:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
+    ports:
+    - 10300:10300
+    volumes:
+    - /share/docker_data/whisper/english:/data
+    command: --data-dir /data --model tiny-int8 --language en
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  openwakeword:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
+    command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
+      --model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
+      2 --debug
+    volumes:
+    - /share/docker_data/openwakeword-data:/data
+    - /share/docker_data/openwakeword-data:/custom
+    environment:
+    - TZ=Europe/Bratislava
+    ports:
+    - 10400:10400
+    - 10400:10400/udp
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  matter-server:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
+    security_opt:
+    - apparmor=unconfined
+    volumes:
+    - /share/docker_data/matter-server:/data
+    - /run/dbus:/run/dbus:ro
+    network_mode: host
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  music-assistant-server:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
+    network_mode: host
+    volumes:
+    - /share/docker_data/music-assistant-server/data:/data/
+    cap_add:
+    - SYS_ADMIN
+    - DAC_READ_SEARCH
+    security_opt:
+    - apparmor:unconfined
+    environment:
+    - LOG_LEVEL=info
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+        homepage.group: Smarthome
+        homepage.name: music-assistant
+        homepage.weight: 1
+        homepage.icon: music-assistant.png
+        homepage.href: https://music.sectorq.eu
+        homepage.description: Music
+        homepage.server: my-docker
+        homepage.container: music-assistant-server
+      placement:
+        constraints:
+        - node.role == manager
+  influxdb:
+    ports:
+    - 8086:8086
+    volumes:
+    - /share/docker_data/influxdb/data:/var/lib/influxdb2
+    - /share/docker_data/influxdb/config:/etc/influxdb2
+    secrets:
+    - influxdb2-admin-username
+    - influxdb2-admin-password
+    - influxdb2-admin-token
+    environment:
+    - DOCKER_INFLUXDB_INIT_MODE=setup
+    - DOCKER_INFLUXDB_INIT_USERNAME=ha
+    - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
+    - DOCKER_INFLUXDB_INIT_ORG=ha
+    - DOCKER_INFLUXDB_INIT_BUCKET=ha
+    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
+    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
+    image: ${DOCKER_REGISTRY:-}influxdb:2
+    healthcheck:
+      test: echo  test > /var/lib/influxdb2/hc || exit 1
+      interval: 10s
+      timeout: 3s
+      retries: 2
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+secrets:
+  influxdb2-admin-username:
+    file: .env.influxdb2-admin-username
+  influxdb2-admin-password:
+    file: .env.influxdb2-admin-password
+  influxdb2-admin-token:
+    file: .env.influxdb2-admin-token
diff --git a/__swarm/home-assistant/.env b/__swarm/home-assistant/.env
new file mode 100755
index 0000000..7982f2e
--- /dev/null
+++ b/__swarm/home-assistant/.env
@@ -0,0 +1,3 @@
+APPNAME=home-assistant
+DOCKER_REGISTRY=r.sectorq.eu/library/
+RESTART=always
\ No newline at end of file
diff --git a/__swarm/home-assistant/.env.influxdb2-admin-password b/__swarm/home-assistant/.env.influxdb2-admin-password
new file mode 100644
index 0000000..e69de29
diff --git a/__swarm/home-assistant/.env.influxdb2-admin-token b/__swarm/home-assistant/.env.influxdb2-admin-token
new file mode 100644
index 0000000..2adc89a
--- /dev/null
+++ b/__swarm/home-assistant/.env.influxdb2-admin-token
@@ -0,0 +1 @@
+l4c1j4yd33Du5lo
\ No newline at end of file
diff --git a/__swarm/home-assistant/.env.influxdb2-admin-username b/__swarm/home-assistant/.env.influxdb2-admin-username
new file mode 100644
index 0000000..e69de29
diff --git a/__swarm/home-assistant/docker-compose.yml b/__swarm/home-assistant/docker-compose.yml
new file mode 100755
index 0000000..abe33f7
--- /dev/null
+++ b/__swarm/home-assistant/docker-compose.yml
@@ -0,0 +1,214 @@
+version: '3'
+services:
+  homeassistant:
+    container_name: HomeAssistant
+    network_mode: host
+    image: "${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest"
+    volumes:
+      - /share/docker_data/ha/:/config
+      #- /dev/skyconnect:/dev/ttyUSB1 
+      # - /dev/ttyUSB1:/dev/ttyUSB1
+      #- /var/log:/logging
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /run/dbus:/run/dbus:ro
+    privileged: true
+    environment:
+      - DISABLE_JEMALLOC=value
+      - TZ=Europe/Bratislava
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.group: Smarthome
+      homepage.name: Home Assistant
+      homepage.weight: 1
+      homepage.icon: home-assistant.png
+      homepage.href: https://ha.sectorq.eu
+      homepage.description: 3D Printing
+      homepage.server: my-docker
+      homepage.container: HomeAssistant
+      homepage.widget.type: homeassistant
+      homepage.widget.url: https://ha.sectorq.eu
+      homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
+      #homepage.widget.custom: [{"state","sensor.sonoff_1001555a27_power"}]
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    dns:
+      - 192.168.77.101
+  # ollama:
+  #   volumes:
+  #       - /share/docker_data/ollama:/root/.ollama
+  #   ports:
+  #       - 11434:11434
+  #   container_name: ollama
+  #   # image: ollama/ollama:0.1.27-rocm
+  #   image: ollama/ollama
+  #   # environment:
+  #   #    - HSA_OVERRIDE_GFX_VERSION=9.0.0
+  #   # devices:
+  #   #   - /dev/dri/renderD128
+  #   #   - /dev/dri/card1
+  #   #   - /dev/kfd
+  #   labels:
+  #     com.centurylinklabs.watchtower.enable: true
+  esphome:
+    container_name: esphome
+    image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
+    volumes:
+      - /share/docker_data/esphome/config:/config
+      - /etc/localtime:/etc/localtime:ro
+    restart: ${RESTART:-unless-stopped}
+    privileged: true
+    network_mode: host
+    environment:
+      - USERNAME=jaydee
+      - PASSWORD=jaydee1
+
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      homepage.group: Smarthome
+      homepage.name: ESPHome
+      homepage.weight: 1
+      homepage.icon: esphome.png
+      homepage.href: https://esphome.sectorq.eu
+      homepage.description: 3D Printing
+      homepage.server: my-docker
+      homepage.container: esphome
+      homepage.widget.type: esphome
+      homepage.widget.url: https://esphome.sectorq.eu
+      homepage.widget.username: jaydee
+      homepage.widget.password: jaydee1
+      wud.watch: true
+      wud.watch.digest: true
+  wyoming-piper-en:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
+    container_name: piper-en
+    ports:
+      - 10200:10200
+    volumes:
+      - /share/docker_data/piper/english:/data
+    command: --data-dir /data --voice en_US-lessac-medium
+
+    restart: ${RESTART:-unless-stopped}
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+  wyoming-whisper-en:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
+    container_name: whisper-en
+    ports:
+      - 10300:10300
+    volumes:
+      - /share/docker_data/whisper/english:/data
+    command: --data-dir /data --model tiny-int8 --language en
+    restart: ${RESTART:-unless-stopped}
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+  openwakeword:
+    container_name: openwakeword
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
+    command: 
+      --preload-model 'ok_nabu'
+      --custom-model-dir /custom
+      --model 'ok nabu'
+      --model 'ok_nabu'
+      --uri 'tcp://0.0.0.0:10400'
+      --threshold 0.7
+      --trigger-level 2
+      --debug
+    volumes:
+      - /share/docker_data/openwakeword-data:/data
+      - /share/docker_data/openwakeword-data:/custom  # Place my custom wakewords here
+    environment:
+      - TZ=Europe/Bratislava
+    restart: ${RESTART:-unless-stopped}
+    ports:
+      - 10400:10400
+      - 10400:10400/udp
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+  matter-server:
+    container_name: matter-server
+    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
+    restart: ${RESTART:-unless-stopped}
+    security_opt:
+      - apparmor=unconfined
+    volumes:
+      - /share/docker_data/matter-server:/data
+      - /run/dbus:/run/dbus:ro
+    network_mode: host
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+
+  music-assistant-server:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest # <<< Desired release version here (or use beta to get the latest beta version)
+    container_name: music-assistant-server
+    restart: ${RESTART:-unless-stopped}
+    # Network mode must be set to host for MA to work correctly
+    network_mode: host
+    volumes:
+      - /share/docker_data/music-assistant-server/data:/data/
+    # privileged caps (and security-opt) needed to mount smb folders within the container
+    cap_add:
+      - SYS_ADMIN
+      - DAC_READ_SEARCH
+    security_opt:
+      - apparmor:unconfined
+    environment:
+      # Provide logging level as environment variable.
+      # default=info, possible=(critical, error, warning, info, debug)
+      - LOG_LEVEL=info
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+      homepage.group: Smarthome
+      homepage.name: music-assistant
+      homepage.weight: 1
+      homepage.icon: music-assistant.png
+      homepage.href: https://music.sectorq.eu
+      homepage.description: Music
+      homepage.server: my-docker
+      homepage.container: music-assistant-server
+  influxdb:
+    ports:
+      - 8086:8086
+    volumes:
+      - /share/docker_data/influxdb/data:/var/lib/influxdb2
+      - /share/docker_data/influxdb/config:/etc/influxdb2
+    secrets:
+      - influxdb2-admin-username
+      - influxdb2-admin-password
+      - influxdb2-admin-token
+    environment:
+      - DOCKER_INFLUXDB_INIT_MODE=setup
+      - DOCKER_INFLUXDB_INIT_USERNAME=ha
+      - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
+      - DOCKER_INFLUXDB_INIT_ORG=ha
+      - DOCKER_INFLUXDB_INIT_BUCKET=ha
+      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
+      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
+    image: ${DOCKER_REGISTRY:-}influxdb:2
+    restart: ${RESTART:-unless-stopped}
+    healthcheck:
+      test: "echo  test > /var/lib/influxdb2/hc || exit 1"
+      interval: 10s
+      timeout: 3s
+      retries: 2
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+secrets:
+  influxdb2-admin-username:
+    file: .env.influxdb2-admin-username
+  influxdb2-admin-password:
+    file: .env.influxdb2-admin-password
+  influxdb2-admin-token:
+    file: .env.influxdb2-admin-token      
\ No newline at end of file
diff --git a/__swarm/home-assistant/home-assistant-swarm.yml b/__swarm/home-assistant/home-assistant-swarm.yml
new file mode 100644
index 0000000..5b11153
--- /dev/null
+++ b/__swarm/home-assistant/home-assistant-swarm.yml
@@ -0,0 +1,230 @@
+version: '3.9'
+services:
+  homeassistant:
+    network_mode: host
+    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
+    volumes:
+    - /share/docker_data/ha/:/config
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /run/dbus:/run/dbus:ro
+    privileged: true
+    environment:
+    - DISABLE_JEMALLOC=value
+    - TZ=Europe/Bratislava
+    dns:
+    - 192.168.77.101
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.group: Smarthome
+        homepage.name: Home Assistant
+        homepage.weight: 1
+        homepage.icon: home-assistant.png
+        homepage.href: https://ha.sectorq.eu
+        homepage.description: 3D Printing
+        homepage.server: my-docker
+        homepage.container: HomeAssistant
+        homepage.widget.type: homeassistant
+        homepage.widget.url: https://ha.sectorq.eu
+        homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  esphome:
+    image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
+    volumes:
+    - /share/docker_data/esphome/config:/config
+    - /etc/localtime:/etc/localtime:ro
+    privileged: true
+    network_mode: host
+    environment:
+    - USERNAME=jaydee
+    - PASSWORD=jaydee1
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        homepage.group: Smarthome
+        homepage.name: ESPHome
+        homepage.weight: 1
+        homepage.icon: esphome.png
+        homepage.href: https://esphome.sectorq.eu
+        homepage.description: 3D Printing
+        homepage.server: my-docker
+        homepage.container: esphome
+        homepage.widget.type: esphome
+        homepage.widget.url: https://esphome.sectorq.eu
+        homepage.widget.username: jaydee
+        homepage.widget.password: jaydee1
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  wyoming-piper-en:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
+    ports:
+    - 10200:10200
+    volumes:
+    - /share/docker_data/piper/english:/data
+    command: --data-dir /data --voice en_US-lessac-medium
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  wyoming-whisper-en:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
+    ports:
+    - 10300:10300
+    volumes:
+    - /share/docker_data/whisper/english:/data
+    command: --data-dir /data --model tiny-int8 --language en
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  openwakeword:
+    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
+    command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
+      --model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
+      2 --debug
+    volumes:
+    - /share/docker_data/openwakeword-data:/data
+    - /share/docker_data/openwakeword-data:/custom
+    environment:
+    - TZ=Europe/Bratislava
+    ports:
+    - 10400:10400
+    - 10400:10400/udp
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  matter-server:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
+    security_opt:
+    - apparmor=unconfined
+    volumes:
+    - /share/docker_data/matter-server:/data
+    - /run/dbus:/run/dbus:ro
+    network_mode: host
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  music-assistant-server:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
+    network_mode: host
+    volumes:
+    - /share/docker_data/music-assistant-server/data:/data/
+    cap_add:
+    - SYS_ADMIN
+    - DAC_READ_SEARCH
+    security_opt:
+    - apparmor:unconfined
+    environment:
+    - LOG_LEVEL=info
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+        homepage.group: Smarthome
+        homepage.name: music-assistant
+        homepage.weight: 1
+        homepage.icon: music-assistant.png
+        homepage.href: https://music.sectorq.eu
+        homepage.description: Music
+        homepage.server: my-docker
+        homepage.container: music-assistant-server
+      placement:
+        constraints:
+        - node.role == manager
+  influxdb:
+    ports:
+    - 8086:8086
+    volumes:
+    - /share/docker_data/influxdb/data:/var/lib/influxdb2
+    - /share/docker_data/influxdb/config:/etc/influxdb2
+    secrets:
+    - influxdb2-admin-username
+    - influxdb2-admin-password
+    - influxdb2-admin-token
+    environment:
+    - DOCKER_INFLUXDB_INIT_MODE=setup
+    - DOCKER_INFLUXDB_INIT_USERNAME=ha
+    - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
+    - DOCKER_INFLUXDB_INIT_ORG=ha
+    - DOCKER_INFLUXDB_INIT_BUCKET=ha
+    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
+    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
+    image: ${DOCKER_REGISTRY:-}influxdb:2
+    healthcheck:
+      test: echo  test > /var/lib/influxdb2/hc || exit 1
+      interval: 10s
+      timeout: 3s
+      retries: 2
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+secrets:
+  influxdb2-admin-username:
+    file: .env.influxdb2-admin-username
+  influxdb2-admin-password:
+    file: .env.influxdb2-admin-password
+  influxdb2-admin-token:
+    file: .env.influxdb2-admin-token
diff --git a/__swarm/homepage/.env b/__swarm/homepage/.env
new file mode 100755
index 0000000..c532c12
--- /dev/null
+++ b/__swarm/homepage/.env
@@ -0,0 +1,2 @@
+APPNAME=homepage
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/homepage/docker-compose.yml b/__swarm/homepage/docker-compose.yml
new file mode 100755
index 0000000..a6f1aa9
--- /dev/null
+++ b/__swarm/homepage/docker-compose.yml
@@ -0,0 +1,26 @@
+networks:
+  pihole_pihole:
+    external: true
+services:
+  homepage:
+    container_name: homepage
+    dns:
+    - 192.168.78.254
+    environment:
+      HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - pihole_pihole
+    ports:
+    - 3003:3000
+    restart: unless-stopped
+    volumes:
+    - /share/docker_data/homepage/config:/app/config
+    - /var/run/docker.sock:/var/run/docker.sock:ro
+    - /share/docker_data/homepage/images:/app/public/images
+    - /share/docker_data/homepage/icons:/app/public/icons
\ No newline at end of file
diff --git a/__swarm/immich/.env b/__swarm/immich/.env
new file mode 100755
index 0000000..57e8051
--- /dev/null
+++ b/__swarm/immich/.env
@@ -0,0 +1,24 @@
+# You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
+
+# The location where your uploaded files are stored
+UPLOAD_LOCATION=/media/nas/qda_1/immich/library
+
+# The location where your database files are stored. Network shares are not supported for the database
+DB_DATA_LOCATION=/share/docker_data/immich/db
+
+# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
+# TZ=Etc/UTC
+
+# The Immich version to use. You can pin this to a specific version like "v1.71.0"
+IMMICH_VERSION=release
+
+# Connection secret for postgres. You should change it to a random password
+# Please use only the characters `A-Za-z0-9`, without special characters or spaces
+DB_PASSWORD=postgres
+
+# The values below this line do not need to be changed
+###################################################################################
+DB_USERNAME=postgres
+DB_DATABASE_NAME=immich
+HW_MODE1=vaapi
+HW_MODE2=openvino
\ No newline at end of file
diff --git a/__swarm/immich/docker-compose copy.yml b/__swarm/immich/docker-compose copy.yml
new file mode 100755
index 0000000..f1d0adc
--- /dev/null
+++ b/__swarm/immich/docker-compose copy.yml	
@@ -0,0 +1,88 @@
+name: immich
+services:
+  database:
+    command: postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user",
+      public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB
+      -c wal_compression=on
+    container_name: immich_postgres
+    env_file:
+    - stack.env
+    environment:
+      POSTGRES_INITDB_ARGS: --data-checksums
+    healthcheck:
+      interval: 5m
+      start_interval: 30s
+      start_period: 5m
+      test: pg_isready --dbname="$${DB_PASSWORD}" --username="$${DB_USERNAME}" ||
+        exit 1; Chksum="$$(psql --dbname="$${DB_DATABASE_NAME}" --username="$${DB_USERNAME}"
+        --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures),
+        0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [
+        "$$Chksum" = '0' ] || exit 1
+    image: ${DOCKER_REGISTRY:-}docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/immich/db:/var/lib/postgresql/data
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    env_file:
+    - stack.env
+    extends:
+      file: hwaccel.ml.yml
+      service: ${HW_MODE2:-cpu}
+    healthcheck:
+      disable: false
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - model-cache:/cache
+  immich-server:
+    container_name: immich_server
+    depends_on:
+    - redis
+    - database
+    env_file:
+    - stack.env
+    extends:
+      file: hwaccel.transcoding.yml
+      service: ${HW_MODE1:-cpu}
+    healthcheck:
+      disable: false
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    labels:
+      homepage.container: immich_server
+      homepage.description: Photo server
+      homepage.group: Media
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Immich
+      homepage.server: my-docker
+      homepage.widget.key: wVxjlztA8MpeuzKkNGCSUPK2WjAY55qq4cfs9Zr5opU
+      homepage.widget.type: ${APPNAME}
+      homepage.widget.url: https://${APPNAME}.sectorq.eu
+      homepage.widget.version: '2'
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 2283:2283
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/immich/library:/usr/src/app/upload
+    - /media/nas/nas-photo:/mnt/photos2
+    - /etc/localtime:/etc/localtime:ro
+  redis:
+    container_name: immich_redis
+    healthcheck:
+      test: redis-cli ping || exit 1
+    image: ${DOCKER_REGISTRY:-}docker.io/redis:6.2-alpine
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+volumes:
+  model-cache: null
diff --git a/__swarm/immich/docker-compose.yml b/__swarm/immich/docker-compose.yml
new file mode 100755
index 0000000..b27fb5a
--- /dev/null
+++ b/__swarm/immich/docker-compose.yml
@@ -0,0 +1,88 @@
+#
+# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+#
+# Make sure to use the docker-compose.yml of the current release:
+#
+# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
+#
+# The compose file on main may not be compatible with the latest release.
+
+name: immich
+
+services:
+  immich-server:
+    container_name: immich_server
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    extends:
+      file: hwaccel.transcoding.yml
+      service: ${HW_MODE1:-vaapi} # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
+    volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
+      - ${UPLOAD_LOCATION}:/data
+      - /etc/localtime:/etc/localtime:ro
+      - /media/nas/photo:/mnt/photos2
+    env_file:
+      - .env
+    ports:
+      - '2283:2283'
+    depends_on:
+      - redis
+      - database
+    restart: ${RESTART:-unless-stopped}
+    healthcheck:
+      disable: false
+    labels:
+      homepage.container: immich_server
+      homepage.description: Photo server
+      homepage.group: Media
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Immich
+      homepage.server: my-docker
+      homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
+      homepage.widget.type: ${APPNAME}
+      homepage.widget.url: https://${APPNAME}.sectorq.eu
+      homepage.widget.version: '2'
+      wud.watch: true
+      wud.watch.digest: true
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
+    # Example tag: ${IMMICH_VERSION:-release}-cuda
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
+      file: hwaccel.ml.yml
+      service: ${HW_MODE2:-openvino} # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
+    volumes:
+      - model-cache:/cache
+    env_file:
+      - .env
+    restart: ${RESTART:-unless-stopped}
+    healthcheck:
+      disable: false
+
+  redis:
+    container_name: immich_redis
+    image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: ${RESTART:-unless-stopped}
+
+  database:
+    container_name: immich_postgres
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
+      # DB_STORAGE_TYPE: 'HDD'
+    volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+    shm_size: 128mb
+    restart: ${RESTART:-unless-stopped}
+
+volumes:
+  model-cache:
\ No newline at end of file
diff --git a/__swarm/immich/hwaccel.ml.yml b/__swarm/immich/hwaccel.ml.yml
new file mode 100755
index 0000000..d9455d2
--- /dev/null
+++ b/__swarm/immich/hwaccel.ml.yml
@@ -0,0 +1,43 @@
+# Configurations for hardware-accelerated machine learning
+
+# If using Unraid or another platform that doesn't allow multiple Compose files,
+# you can inline the config for a backend by copying its contents
+# into the immich-machine-learning service in the docker-compose.yml file.
+
+# See https://immich.app/docs/features/ml-hardware-acceleration for info on usage.
+
+services:
+  armnn:
+    devices:
+      - /dev/mali0:/dev/mali0
+    volumes:
+      - /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
+      - /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)
+
+  cpu: {}
+
+  cuda:
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities:
+                - gpu
+
+  openvino:
+    device_cgroup_rules:
+      - 'c 189:* rmw'
+    devices:
+      - /dev/dri:/dev/dri
+    volumes:
+      - /dev/bus/usb:/dev/bus/usb
+
+  openvino-wsl:
+    devices:
+      - /dev/dri:/dev/dri
+      - /dev/dxg:/dev/dxg
+    volumes:
+      - /dev/bus/usb:/dev/bus/usb
+      - /usr/lib/wsl:/usr/lib/wsl
diff --git a/__swarm/immich/hwaccel.transcoding.yml b/__swarm/immich/hwaccel.transcoding.yml
new file mode 100755
index 0000000..1df8027
--- /dev/null
+++ b/__swarm/immich/hwaccel.transcoding.yml
@@ -0,0 +1,57 @@
+# Configurations for hardware-accelerated transcoding
+
+# If using Unraid or another platform that doesn't allow multiple Compose files,
+# you can inline the config for a backend by copying its contents
+# into the immich-microservices service in the docker-compose.yml file.
+
+# See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.
+
+services:
+  cpu: {}
+
+  nvenc:
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities:
+                - gpu
+                - compute
+                - video
+
+  quicksync:
+    devices:
+      - /dev/dri:/dev/dri
+
+  rkmpp:
+    security_opt: # enables full access to /sys and /proc, still far better than privileged: true
+      - systempaths=unconfined
+      - apparmor=unconfined
+    group_add:
+      - video
+    devices:
+      - /dev/rga:/dev/rga
+      - /dev/dri:/dev/dri
+      - /dev/dma_heap:/dev/dma_heap
+      - /dev/mpp_service:/dev/mpp_service
+      #- /dev/mali0:/dev/mali0 # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
+    volumes:
+      #- /etc/OpenCL:/etc/OpenCL:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
+      #- /usr/lib/aarch64-linux-gnu/libmali.so.1:/usr/lib/aarch64-linux-gnu/libmali.so.1:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
+
+  vaapi:
+    devices:
+      - /dev/dri:/dev/dri
+    group_add:
+      - video
+      - 993
+  vaapi-wsl: # use this for VAAPI if you're running Immich in WSL2
+    devices:
+      - /dev/dri:/dev/dri
+      - /dev/dxg:/dev/dxg
+    volumes:
+      - /usr/lib/wsl:/usr/lib/wsl
+    environment:
+      - LIBVA_DRIVER_NAME=d3d12
diff --git a/__swarm/immich/stack.env b/__swarm/immich/stack.env
new file mode 100755
index 0000000..c996496
--- /dev/null
+++ b/__swarm/immich/stack.env
@@ -0,0 +1,23 @@
+# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
+
+# The location where your uploaded files are stored
+UPLOAD_LOCATION=/media/nas/qda_1/immich/library
+#UPLOAD_LOCATION=/share/docker_data/immich/library
+# The location where your database files are stored
+DB_DATA_LOCATION=/share/docker_data/immich/db
+
+# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
+# TZ=Etc/UTC
+TZ=Europe/Bratislava
+# The Immich version to use. You can pin this to a specific version like "v1.71.0"
+IMMICH_VERSION=release
+
+# Connection secret for postgres. You should change it to a random password
+# Please use only the characters `A-Za-z0-9`, without special characters or spaces
+DB_PASSWORD=postgres
+
+# The values below this line do not need to be changed
+###################################################################################
+DB_USERNAME=postgres
+DB_DATABASE_NAME=immich
+POSTGRES_PASSWORD=postgres
\ No newline at end of file
diff --git a/__swarm/influxdb/.env b/__swarm/influxdb/.env
new file mode 100755
index 0000000..1b486f7
--- /dev/null
+++ b/__swarm/influxdb/.env
@@ -0,0 +1,3 @@
+APPNAME=influxdb
+DOCKER_REGISTRY=r.sectorq.eu/library/
+RESTART=always
\ No newline at end of file
diff --git a/__swarm/influxdb/.env.influxdb2-admin-password b/__swarm/influxdb/.env.influxdb2-admin-password
new file mode 100644
index 0000000..cca3261
--- /dev/null
+++ b/__swarm/influxdb/.env.influxdb2-admin-password
@@ -0,0 +1 @@
+ha
\ No newline at end of file
diff --git a/__swarm/influxdb/.env.influxdb2-admin-token b/__swarm/influxdb/.env.influxdb2-admin-token
new file mode 100644
index 0000000..2adc89a
--- /dev/null
+++ b/__swarm/influxdb/.env.influxdb2-admin-token
@@ -0,0 +1 @@
+l4c1j4yd33Du5lo
\ No newline at end of file
diff --git a/__swarm/influxdb/.env.influxdb2-admin-username b/__swarm/influxdb/.env.influxdb2-admin-username
new file mode 100644
index 0000000..cca3261
--- /dev/null
+++ b/__swarm/influxdb/.env.influxdb2-admin-username
@@ -0,0 +1 @@
+ha
\ No newline at end of file
diff --git a/__swarm/influxdb/docker-compose.yml b/__swarm/influxdb/docker-compose.yml
new file mode 100755
index 0000000..11a83b8
--- /dev/null
+++ b/__swarm/influxdb/docker-compose.yml
@@ -0,0 +1,37 @@
+version: '3'
+services:
+  influxdb:
+    ports:
+      - 8087:8086
+    volumes:
+      - /share/docker_data/influxdb2/data:/var/lib/influxdb2
+      - /share/docker_data/influxdb2/config:/etc/influxdb2
+    secrets:
+      - influxdb2-admin-username
+      - influxdb2-admin-password
+      - influxdb2-admin-token
+    environment:
+      - DOCKER_INFLUXDB_INIT_MODE=setup
+      - DOCKER_INFLUXDB_INIT_USERNAME=ha
+      - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
+      - DOCKER_INFLUXDB_INIT_ORG=ha
+      - DOCKER_INFLUXDB_INIT_BUCKET=ha
+      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
+    image: ${DOCKER_REGISTRY:-}influxdb:2
+    restart: ${RESTART:-unless-stopped}
+    healthcheck:
+      test: "echo  test > /var/lib/influxdb2/hc || exit 1"
+      interval: 10s
+      timeout: 3s
+      retries: 2
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+secrets:
+  influxdb2-admin-username:
+    file: .env.influxdb2-admin-username
+  influxdb2-admin-password:
+    file: .env.influxdb2-admin-password
+  influxdb2-admin-token:
+    file: .env.influxdb2-admin-token      
\ No newline at end of file
diff --git a/__swarm/jupyter/.env b/__swarm/jupyter/.env
new file mode 100755
index 0000000..a7dcdd9
--- /dev/null
+++ b/__swarm/jupyter/.env
@@ -0,0 +1,2 @@
+APPNAME=jupyter
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/jupyter/docker-compose.yml b/__swarm/jupyter/docker-compose.yml
new file mode 100755
index 0000000..c273fd6
--- /dev/null
+++ b/__swarm/jupyter/docker-compose.yml
@@ -0,0 +1,20 @@
+name: jupyter
+services:
+    base-notebook:
+        ports:
+            - 8888:8888
+        volumes:
+            - /share/docker_data/jupyter:/home/jovyan/work
+        image: ${DOCKER_REGISTRY:-}jupyter/base-notebook:latest
+        restart: ${RESTART:-unless-stopped}
+        labels:
+            homepage.container: jupyter-base-notebook-1
+            homepage.description: Python server
+            homepage.group: Utils
+            homepage.href: http://m-server.home.lan:8888/
+            homepage.icon: ${APPNAME}.png
+            homepage.name: Jupyter Notebook
+            homepage.server: my-docker
+            wud.watch: true
+            wud.watch.digest: true
+            
\ No newline at end of file
diff --git a/__swarm/kestra/.env b/__swarm/kestra/.env
new file mode 100755
index 0000000..5a7fe92
--- /dev/null
+++ b/__swarm/kestra/.env
@@ -0,0 +1,2 @@
+APPNAME=kestra
+PASSWORD=l4c1j4yd33Du5lo
\ No newline at end of file
diff --git a/__swarm/kestra/docker-compose.yml b/__swarm/kestra/docker-compose.yml
new file mode 100755
index 0000000..c4c5821
--- /dev/null
+++ b/__swarm/kestra/docker-compose.yml
@@ -0,0 +1,89 @@
+services:
+  kestra:
+    command: server standalone --worker-thread=128
+    depends_on:
+      postgres:
+        condition: service_started
+    environment:
+      SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
+      SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
+      KESTRA_CONFIGURATION: |
+        datasources:
+          postgres:
+            url: jdbc:postgresql://postgres:5432/kestra
+            driverClassName: org.postgresql.Driver
+            username: kestra
+            password: k3str4
+        kestra:
+          server:
+            basicAuth:
+              enabled: false
+              username: "jaydee@sectorq.eu" # it must be a valid email address
+              password: ${PASSWORD}
+          repository:
+            type: postgres
+          storage:
+            type: local
+            local:
+              basePath: "/app/storage"
+          queue:
+            type: postgres
+          tasks:
+            tmpDir:
+              path: /tmp/kestra-wd/tmp
+          url: http://localhost:8080/
+          tutorial-flows:
+            enabled: false
+        micronaut:
+          server:
+            cors:
+              enabled: true
+
+    image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: kestra-kestra-1
+      homepage.description: Automation
+      homepage.group: Infrastructure
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Kestra
+      homepage.server: my-docker
+      homepage.weight: '1'
+      wud.display.icon: mdi:evernote
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 8980:8080
+    - 8981:8081
+    pull_policy: always
+    restart: ${RESTART:-unless-stopped}
+    user: root
+    volumes:
+    - /etc/localtime:/etc/localtime:ro
+    - /share/docker_data/kestra/kestra-data:/app/storage
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /tmp/kestra-wd:/tmp/kestra-wd
+  postgres:
+    environment:
+      POSTGRES_DB: kestra
+      POSTGRES_PASSWORD: k3str4
+      POSTGRES_USER: kestra
+    healthcheck:
+      interval: 30s
+      retries: 10
+      test:
+      - CMD-SHELL
+      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 10s
+    image: ${DOCKER_REGISTRY:-}postgres:16
+    labels:
+      wud.watch: false
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/kestra/postgres-data:/var/lib/postgresql/data
+volumes:
+  kestra-data:
+    driver: local
+  postgres-data:
+    driver: local
diff --git a/__swarm/kestra/stack.env b/__swarm/kestra/stack.env
new file mode 100755
index 0000000..62475e3
--- /dev/null
+++ b/__swarm/kestra/stack.env
@@ -0,0 +1 @@
+APPNAME=kestra
diff --git a/__swarm/mailu/.env b/__swarm/mailu/.env
new file mode 100755
index 0000000..3dc1f65
--- /dev/null
+++ b/__swarm/mailu/.env
@@ -0,0 +1,4 @@
+APPNAME=mailu
+DOCKER_REGISTRY=r.sectorq.eu/library/
+MAILU_VERSION=2024.06
+LOGGING=syslog
\ No newline at end of file
diff --git a/__swarm/mailu/docker-compose.yml b/__swarm/mailu/docker-compose.yml
new file mode 100755
index 0000000..a3cc5f1
--- /dev/null
+++ b/__swarm/mailu/docker-compose.yml
@@ -0,0 +1,247 @@
+networks:
+  clamav:
+    driver: bridge
+  default:
+    driver: bridge
+    ipam:
+      config:
+      - subnet: 192.168.205.0/24
+      driver: default
+  fts_attachments:
+    driver: bridge
+    internal: true
+  oletools:
+    driver: bridge
+    internal: true
+  radicale:
+    driver: bridge
+  webmail:
+    driver: bridge
+services:
+  admin:
+    depends_on:
+      - redis
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/data:/data
+      - /share/docker_data/mailu3/dkim:/dkim
+  antispam:
+    depends_on:
+      - front
+      - redis
+      - oletools
+      - antivirus
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    hostname: antispam
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - default
+      - oletools
+      - clamav
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/filter:/var/lib/rspamd
+      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
+  antivirus:
+    healthcheck:
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      test:
+        - CMD-SHELL
+        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
+      timeout: 5s
+    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - clamav
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
+  fetchmail:
+    depends_on:
+      - admin
+      - smtp
+      - imap
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/mailu3/data/fetchmail:/data
+  front:
+    depends_on:
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    extends:
+      file: logging.yml
+      service: ${LOGGING:-syslog}
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+      homepage.container: mailu3-front-1
+      homepage.description: eMail server
+      homepage.group: Utilities
+      homepage.href: https://mail.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Mailu
+      homepage.server: my-docker
+      homepage.weight: 1
+
+    networks:
+      - default
+      - webmail
+      - radicale
+    ports:
+      - 0.0.0.0:8880:80
+      - 0.0.0.0:8443:443
+      - 0.0.0.0:25:25
+      - 0.0.0.0:465:465
+      - 0.0.0.0:587:587
+      - 0.0.0.0:110:110
+      - 0.0.0.0:995:995
+      - 0.0.0.0:143:143
+      - 0.0.0.0:993:993
+      - 0.0.0.0:4190:4190
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/certs:/certs
+      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
+  fts_attachments:
+    depends_on:
+     - resolver
+    dns:
+      - 192.168.205.254
+    healthcheck:
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      test:
+        - CMD-SHELL
+        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
+      timeout: 5s
+    hostname: tika
+    image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - fts_attachments
+    restart: ${RESTART:-unless-stopped}
+  imap:
+    depends_on:
+      - front
+      - fts_attachments
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - default
+      - fts_attachments
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/mail:/mail
+      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
+  oletools:
+    depends_on:
+      - resolver
+    dns:
+      - 192.168.205.254
+    hostname: oletools
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - oletools
+    restart: ${RESTART:-unless-stopped}
+  redis:
+    depends_on:
+      - resolver
+    dns:
+      - 192.168.205.254
+    image: ${DOCKER_REGISTRY:-}redis:alpine
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: unless-stopped
+    volumes:
+    - /share/docker_data/mailu3/redis:/data
+  resolver:
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      default:
+        ipv4_address: 192.168.205.254
+    restart: ${RESTART:-unless-stopped}
+  smtp:
+    depends_on:
+      - front
+      - resolver
+    dns:
+     - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+     - /share/docker_data/mailu3/mailqueue:/queue
+     - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
+  webdav:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - radicale
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/dav:/data
+  webmail:
+    depends_on:
+      - front
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - webmail
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/webmail:/data
+      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
diff --git a/__swarm/mailu/logging.yml b/__swarm/mailu/logging.yml
new file mode 100755
index 0000000..3a9701d
--- /dev/null
+++ b/__swarm/mailu/logging.yml
@@ -0,0 +1,18 @@
+---
+services:
+  syslog:
+    logging:
+      driver: syslog
+      options:
+        tag: mailu-front
+  journald:
+    logging:
+      driver: journald
+      options:
+        tag: mailu-front
+  loki:
+    logging:
+      driver: loki
+      options:
+        loki-url: "http://192.168.77.101:3100/loki/api/v1/push"
+
diff --git a/__swarm/mailu/stack.env b/__swarm/mailu/stack.env
new file mode 100755
index 0000000..d2966a7
--- /dev/null
+++ b/__swarm/mailu/stack.env
@@ -0,0 +1,167 @@
+# Mailu main configuration file
+#
+# This file is autogenerated by the configuration management wizard for compose flavor.
+# For a detailed list of configuration variables, see the documentation at
+# https://mailu.io
+
+###################################
+# Common configuration variables
+###################################
+
+# Set to a randomly generated 16 bytes string
+SECRET_KEY=T1GSGDDBVRYF7UR7
+
+# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
+SUBNET=192.168.205.0/24
+
+# Main mail domain
+DOMAIN=mail.sectorq.eu
+
+# Hostnames for this server, separated with commas
+HOSTNAMES=mail.sectorq.eu,sectorq.eu
+
+# Postmaster local part (will append the main mail domain)
+POSTMASTER=admin
+
+# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
+#TLS_FLAVOR=cert
+TLS_FLAVOR=letsencrypt
+# Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
+AUTH_RATELIMIT_IP=5/hour
+
+# Authentication rate limit per user (regardless of the source-IP)
+AUTH_RATELIMIT_USER=50/day
+
+# Opt-out of statistics, replace with "True" to opt out
+DISABLE_STATISTICS=True
+
+###################################
+# Optional features
+###################################
+
+# Expose the admin interface (value: true, false)
+ADMIN=true
+
+# Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
+WEBMAIL=roundcube
+
+# Expose the API interface (value: true, false)
+API=true
+
+# Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
+WEBDAV=radicale
+
+# Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
+ANTIVIRUS=clamav
+
+# Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
+SCAN_MACROS=true
+
+###################################
+# Mail settings
+###################################
+
+# Message size limit in bytes
+# Default: accept messages up to 50MB
+# Max attachment size will be 33% smaller
+MESSAGE_SIZE_LIMIT=50000000
+
+# Message rate limit (per user)
+MESSAGE_RATELIMIT=200/day
+
+# Networks granted relay permissions
+# Use this with care, all hosts in this networks will be able to send mail without authentication!
+RELAYNETS=
+
+# Will relay all outgoing mails if configured
+RELAYHOST=
+
+# Enable fetchmail
+FETCHMAIL_ENABLED=true
+
+# Fetchmail delay
+FETCHMAIL_DELAY=600
+
+# Recipient delimiter, character used to delimiter localpart from custom address part
+RECIPIENT_DELIMITER=+
+
+# DMARC rua and ruf email
+DMARC_RUA=admin
+DMARC_RUF=admin
+
+# Welcome email, enable and set a topic and body if you wish to send welcome
+# emails to all users.
+WELCOME=false
+WELCOME_SUBJECT=Welcome to your new email account
+WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
+
+# Maildir Compression
+# choose compression-method, default: none (value: gz, bz2, zstd)
+COMPRESSION=
+# change compression-level, default: 6 (value: 1-9)
+COMPRESSION_LEVEL=
+
+# IMAP full-text search is enabled by default.
+# Set the following variable to off in order to disable the feature
+# or a comma separated list of language codes to support
+FULL_TEXT_SEARCH=en
+
+###################################
+# Web settings
+###################################
+
+# Path to redirect / to
+WEBROOT_REDIRECT=/webmail
+
+# Path to the admin interface if enabled
+WEB_ADMIN=/admin
+
+# Path to the webmail if enabled
+WEB_WEBMAIL=/webmail
+
+# Path to the API interface if enabled
+WEB_API=/api
+
+# Website name
+SITENAME=sectorq
+
+# Linked Website URL
+WEBSITE=https://mail.sectorq.eu
+
+
+
+###################################
+# Advanced settings
+###################################
+
+# Docker-compose project name, this will prepended to containers names.
+COMPOSE_PROJECT_NAME=mailu
+
+# Number of rounds used by the password hashing scheme
+CREDENTIAL_ROUNDS=12
+
+# Header to take the real ip from
+REAL_IP_HEADER=X-Real-IP
+
+# IPs for nginx set_real_ip_from (CIDR list separated by commas)
+REAL_IP_FROM=192.168.77.101
+
+# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
+REJECT_UNLISTED_RECIPIENT=
+
+# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
+LOG_LEVEL=INFO
+
+# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TZ=EU/Bratislava
+
+# Default spam threshold used for new users
+DEFAULT_SPAM_THRESHOLD=80
+
+# API token required for authenticating to the RESTful API.
+# This is a mandatory setting for using the RESTful API.
+API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
+
+# Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
+FULL_TEXT_SEARCH_ATTACHMENTS=true
+LD_PRELOAD=/usr/lib/libhardened_malloc.so
\ No newline at end of file
diff --git a/__swarm/mailu3/.env b/__swarm/mailu3/.env
new file mode 100755
index 0000000..3dc1f65
--- /dev/null
+++ b/__swarm/mailu3/.env
@@ -0,0 +1,4 @@
+APPNAME=mailu
+DOCKER_REGISTRY=r.sectorq.eu/library/
+MAILU_VERSION=2024.06
+LOGGING=syslog
\ No newline at end of file
diff --git a/__swarm/mailu3/docker-compose.yml b/__swarm/mailu3/docker-compose.yml
new file mode 100755
index 0000000..a3cc5f1
--- /dev/null
+++ b/__swarm/mailu3/docker-compose.yml
@@ -0,0 +1,247 @@
+networks:
+  clamav:
+    driver: bridge
+  default:
+    driver: bridge
+    ipam:
+      config:
+      - subnet: 192.168.205.0/24
+      driver: default
+  fts_attachments:
+    driver: bridge
+    internal: true
+  oletools:
+    driver: bridge
+    internal: true
+  radicale:
+    driver: bridge
+  webmail:
+    driver: bridge
+services:
+  admin:
+    depends_on:
+      - redis
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/data:/data
+      - /share/docker_data/mailu3/dkim:/dkim
+  antispam:
+    depends_on:
+      - front
+      - redis
+      - oletools
+      - antivirus
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    hostname: antispam
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - default
+      - oletools
+      - clamav
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/filter:/var/lib/rspamd
+      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
+  antivirus:
+    healthcheck:
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      test:
+        - CMD-SHELL
+        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
+      timeout: 5s
+    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - clamav
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
+  fetchmail:
+    depends_on:
+      - admin
+      - smtp
+      - imap
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/mailu3/data/fetchmail:/data
+  front:
+    depends_on:
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    extends:
+      file: logging.yml
+      service: ${LOGGING:-syslog}
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+      homepage.container: mailu3-front-1
+      homepage.description: eMail server
+      homepage.group: Utilities
+      homepage.href: https://mail.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Mailu
+      homepage.server: my-docker
+      homepage.weight: 1
+
+    networks:
+      - default
+      - webmail
+      - radicale
+    ports:
+      - 0.0.0.0:8880:80
+      - 0.0.0.0:8443:443
+      - 0.0.0.0:25:25
+      - 0.0.0.0:465:465
+      - 0.0.0.0:587:587
+      - 0.0.0.0:110:110
+      - 0.0.0.0:995:995
+      - 0.0.0.0:143:143
+      - 0.0.0.0:993:993
+      - 0.0.0.0:4190:4190
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/certs:/certs
+      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
+  fts_attachments:
+    depends_on:
+     - resolver
+    dns:
+      - 192.168.205.254
+    healthcheck:
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      test:
+        - CMD-SHELL
+        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
+      timeout: 5s
+    hostname: tika
+    image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - fts_attachments
+    restart: ${RESTART:-unless-stopped}
+  imap:
+    depends_on:
+      - front
+      - fts_attachments
+      - resolver
+    dns:
+      - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - default
+      - fts_attachments
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/mail:/mail
+      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
+  oletools:
+    depends_on:
+      - resolver
+    dns:
+      - 192.168.205.254
+    hostname: oletools
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - oletools
+    restart: ${RESTART:-unless-stopped}
+  redis:
+    depends_on:
+      - resolver
+    dns:
+      - 192.168.205.254
+    image: ${DOCKER_REGISTRY:-}redis:alpine
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: unless-stopped
+    volumes:
+    - /share/docker_data/mailu3/redis:/data
+  resolver:
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      default:
+        ipv4_address: 192.168.205.254
+    restart: ${RESTART:-unless-stopped}
+  smtp:
+    depends_on:
+      - front
+      - resolver
+    dns:
+     - 192.168.205.254
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+     - /share/docker_data/mailu3/mailqueue:/queue
+     - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
+  webdav:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - radicale
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/dav:/data
+  webmail:
+    depends_on:
+      - front
+    env_file: stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - webmail
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/mailu3/webmail:/data
+      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
diff --git a/__swarm/mailu3/logging.yml b/__swarm/mailu3/logging.yml
new file mode 100755
index 0000000..3a9701d
--- /dev/null
+++ b/__swarm/mailu3/logging.yml
@@ -0,0 +1,18 @@
+---
+services:
+  syslog:
+    logging:
+      driver: syslog
+      options:
+        tag: mailu-front
+  journald:
+    logging:
+      driver: journald
+      options:
+        tag: mailu-front
+  loki:
+    logging:
+      driver: loki
+      options:
+        loki-url: "http://192.168.77.101:3100/loki/api/v1/push"
+
diff --git a/__swarm/mailu3/stack.env b/__swarm/mailu3/stack.env
new file mode 100755
index 0000000..d2966a7
--- /dev/null
+++ b/__swarm/mailu3/stack.env
@@ -0,0 +1,167 @@
+# Mailu main configuration file
+#
+# This file is autogenerated by the configuration management wizard for compose flavor.
+# For a detailed list of configuration variables, see the documentation at
+# https://mailu.io
+
+###################################
+# Common configuration variables
+###################################
+
+# Set to a randomly generated 16 bytes string
+SECRET_KEY=T1GSGDDBVRYF7UR7
+
+# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
+SUBNET=192.168.205.0/24
+
+# Main mail domain
+DOMAIN=mail.sectorq.eu
+
+# Hostnames for this server, separated with commas
+HOSTNAMES=mail.sectorq.eu,sectorq.eu
+
+# Postmaster local part (will append the main mail domain)
+POSTMASTER=admin
+
+# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
+#TLS_FLAVOR=cert
+TLS_FLAVOR=letsencrypt
+# Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
+AUTH_RATELIMIT_IP=5/hour
+
+# Authentication rate limit per user (regardless of the source-IP)
+AUTH_RATELIMIT_USER=50/day
+
+# Opt-out of statistics, replace with "True" to opt out
+DISABLE_STATISTICS=True
+
+###################################
+# Optional features
+###################################
+
+# Expose the admin interface (value: true, false)
+ADMIN=true
+
+# Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
+WEBMAIL=roundcube
+
+# Expose the API interface (value: true, false)
+API=true
+
+# Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
+WEBDAV=radicale
+
+# Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
+ANTIVIRUS=clamav
+
+# Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
+SCAN_MACROS=true
+
+###################################
+# Mail settings
+###################################
+
+# Message size limit in bytes
+# Default: accept messages up to 50MB
+# Max attachment size will be 33% smaller
+MESSAGE_SIZE_LIMIT=50000000
+
+# Message rate limit (per user)
+MESSAGE_RATELIMIT=200/day
+
+# Networks granted relay permissions
+# Use this with care, all hosts in this networks will be able to send mail without authentication!
+RELAYNETS=
+
+# Will relay all outgoing mails if configured
+RELAYHOST=
+
+# Enable fetchmail
+FETCHMAIL_ENABLED=true
+
+# Fetchmail delay
+FETCHMAIL_DELAY=600
+
+# Recipient delimiter, character used to delimiter localpart from custom address part
+RECIPIENT_DELIMITER=+
+
+# DMARC rua and ruf email
+DMARC_RUA=admin
+DMARC_RUF=admin
+
+# Welcome email, enable and set a topic and body if you wish to send welcome
+# emails to all users.
+WELCOME=false
+WELCOME_SUBJECT=Welcome to your new email account
+WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
+
+# Maildir Compression
+# choose compression-method, default: none (value: gz, bz2, zstd)
+COMPRESSION=
+# change compression-level, default: 6 (value: 1-9)
+COMPRESSION_LEVEL=
+
+# IMAP full-text search is enabled by default.
+# Set the following variable to off in order to disable the feature
+# or a comma separated list of language codes to support
+FULL_TEXT_SEARCH=en
+
+###################################
+# Web settings
+###################################
+
+# Path to redirect / to
+WEBROOT_REDIRECT=/webmail
+
+# Path to the admin interface if enabled
+WEB_ADMIN=/admin
+
+# Path to the webmail if enabled
+WEB_WEBMAIL=/webmail
+
+# Path to the API interface if enabled
+WEB_API=/api
+
+# Website name
+SITENAME=sectorq
+
+# Linked Website URL
+WEBSITE=https://mail.sectorq.eu
+
+
+
+###################################
+# Advanced settings
+###################################
+
+# Docker-compose project name, this will prepended to containers names.
+COMPOSE_PROJECT_NAME=mailu
+
+# Number of rounds used by the password hashing scheme
+CREDENTIAL_ROUNDS=12
+
+# Header to take the real ip from
+REAL_IP_HEADER=X-Real-IP
+
+# IPs for nginx set_real_ip_from (CIDR list separated by commas)
+REAL_IP_FROM=192.168.77.101
+
+# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
+REJECT_UNLISTED_RECIPIENT=
+
+# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
+LOG_LEVEL=INFO
+
+# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TZ=EU/Bratislava
+
+# Default spam threshold used for new users
+DEFAULT_SPAM_THRESHOLD=80
+
+# API token required for authenticating to the RESTful API.
+# This is a mandatory setting for using the RESTful API.
+API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
+
+# Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
+FULL_TEXT_SEARCH_ATTACHMENTS=true
+LD_PRELOAD=/usr/lib/libhardened_malloc.so
\ No newline at end of file
diff --git a/__swarm/mealie/.env b/__swarm/mealie/.env
new file mode 100755
index 0000000..16d6351
--- /dev/null
+++ b/__swarm/mealie/.env
@@ -0,0 +1,4 @@
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
+APPNAME=mealie
+
diff --git a/__swarm/mealie/docker-compose.yml b/__swarm/mealie/docker-compose.yml
new file mode 100755
index 0000000..6d31baa
--- /dev/null
+++ b/__swarm/mealie/docker-compose.yml
@@ -0,0 +1,42 @@
+services:
+  mealie:
+    image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0 # 
+    container_name: mealie
+    restart: always
+    ports:
+        - "9925:9000" # 
+    deploy:
+      resources:
+        limits:
+          memory: 1000M # 
+    volumes:
+      - /share/docker_data/mealie/data:/app/data/
+    environment:
+      # Set Backend ENV Variables Here
+      ALLOW_SIGNUP: "false"
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Bratislava
+      BASE_URL: https://mealie.sectorq.eu
+      OIDC_AUTH_ENABLED: true
+      OIDC_PROVIDER_NAME: authentik
+      OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
+      OIDC_CLIENT_ID: "QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b"
+      OIDC_CLIENT_SECRET: "SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV"
+      OIDC_SIGNUP_ENABLED: true
+      OIDC_USER_GROUP: mealie-users
+      OIDC_ADMIN_GROUP: mealie-admins
+      OIDC_AUTO_REDIRECT: true   # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
+      OIDC_REMEMBER_ME: true
+    labels:      
+      homepage.container: mealie
+      homepage.description: Recipe server
+      homepage.group: Utils
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Mealie
+      homepage.server: my-docker
+      wud.watch: true
+      wud.watch.digest: true     
+volumes:
+  mealie-data:
\ No newline at end of file
diff --git a/__swarm/mealie/stack.env b/__swarm/mealie/stack.env
new file mode 100755
index 0000000..6595e82
--- /dev/null
+++ b/__swarm/mealie/stack.env
@@ -0,0 +1,37 @@
+###############################################################################
+# Paperless-ngx settings                                                      #
+###############################################################################
+
+# See http://docs.paperless-ngx.com/configuration/ for all available options.
+
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# See the documentation linked above for all options. A few commonly adjusted settings
+# are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+#PAPERLESS_SECRET_KEY=change-me
+
+# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
+#PAPERLESS_TIME_ZONE=America/Los_Angeles
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+#PAPERLESS_OCR_LANGUAGE=eng
+
+# Additional languages to install for text recognition, separated by a whitespace.
+# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
+# the language used for OCR.
+# The container installs English, German, Italian, Spanish and French by default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+#PAPERLESS_OCR_LANGUAGES=tur ces
\ No newline at end of file
diff --git a/__swarm/mediacenter/.env b/__swarm/mediacenter/.env
new file mode 100755
index 0000000..5071733
--- /dev/null
+++ b/__swarm/mediacenter/.env
@@ -0,0 +1,12 @@
+APPNAME=mediacenter
+DOCKER_REGISTRY=r.sectorq.eu/library/
+LOGGING=syslog
+JELLYSEER_TOKEN=MTczMTY1NTk3ODUwOTY3NmJiOTM0LTY1MDctNGI2NS1hMmEyLTE3MjQ1MmI3OTI0Yg==
+JELLYFIN_TOKEN=0b0247d8030b46a0afe71be194311521
+JACKET_TOKEN=l4c1j4yd33Du5lo
+BAZARR_TOKEN=be4265d373929be3672ac813154baf6a
+LIDARR_TOKEN=a9d7379966bd467aa0ad226848575e03
+QBIT_TOKEN=l4c1j4yd33Du5lo
+RADARR_TOKEN=671f20f9518b4ab3a977cc00f95b0427
+SONARR_TOKEN=325b15a81c544ed2a1cd2bb16e95a129
+HW_MODE=cpu
\ No newline at end of file
diff --git a/__swarm/mediacenter/docker-compose.yml b/__swarm/mediacenter/docker-compose.yml
new file mode 100755
index 0000000..b776ddd
--- /dev/null
+++ b/__swarm/mediacenter/docker-compose.yml
@@ -0,0 +1,326 @@
+networks:
+  duplicati:
+    driver: bridge
+  mediarr:
+    driver: bridge
+services:
+  bazarr:
+    container_name: bazarr
+    depends_on:
+      - sonarr
+      - radarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
+    hostname: bazarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: bazarr
+      homepage.description: Subtitles
+      homepage.group: Media
+      homepage.href: https://bazarr.sectorq.eu
+      homepage.icon: bazarr.png
+      homepage.name: bazarr
+      homepage.server: my-docker
+      homepage.weight: '90'
+      homepage.widget.key: ${BAZARR_TOKEN}
+      homepage.widget.type: bazarr
+      homepage.widget.url: https://bazarr.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - mediarr
+    ports:
+      - 6767:6767
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /share/docker_data/bazarr/config:/config
+      - /media/m-server/movies:/movies/m-server
+      - /media/m-server/shows:/tv/m-server
+      - /media/nas/movies:/movies/nas
+      - /media/nas/shows:/tv/nas
+  flaresolverr:
+    container_name: flaresolverr
+    environment:
+    - LOG_LEVEL=info
+    - TZ=Europe/Bratislava
+    hostname: flaresolverr
+    image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - mediarr
+    ports:
+      - 8191:8191
+    restart: ${RESTART:-unless-stopped}
+  homarr:
+    container_name: homarr
+    hostname: homarr
+    image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      - mediarr
+    ports:
+      - 7575:7575
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/docker_data/homarr/configs:/app/data/configs
+      - /share/docker_data/homarr/icons:/app/public/icons
+      - /share/docker_data/homarr/data:/data
+  jackett:
+    container_name: jackett
+    dns:
+      - 192.168.77.101
+    depends_on:
+      - sonarr
+      - radarr
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
+      - AUTO_UPDATE=true
+      - RUN_OPTS=
+    hostname: jackett
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: jackett
+      homepage.description: Subtitles
+      homepage.group: Media
+      homepage.href: https://jackett.sectorq.eu
+      homepage.icon: jackett.png
+      homepage.name: Jackett
+      homepage.server: my-docker
+      homepage.weight: '80'
+      homepage.widget.password: ${JACKET_TOKEN}
+      homepage.widget.type: jackett
+      homepage.widget.url: https://jackett.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - mediarr
+    ports:
+    - 9117:9117
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/jackett/config:/config
+    - /share/docker_data/jackett/downloads:/downloads
+  jellyfin:
+    container_name: jellyfin
+    environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=Europe/Bratislava
+    - JELLYFIN_PublishedServerUrl=https://jf.sectorq.eu
+    extends:
+      file: hwaccel.yml
+      service: ${HW_MODE:-cpu}
+    hostname: jellyfin
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: jellyfin
+      homepage.description: Subtitles
+      homepage.group: Media
+      homepage.href: https://jf.sectorq.eu
+      homepage.icon: jellyfin.png
+      homepage.name: Jellyfin
+      homepage.server: my-docker
+      homepage.weight: '10'
+      homepage.widget.key: ${JELLYFIN_TOKEN}
+      homepage.widget.type: jellyfin
+      homepage.widget.url: https://jf.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    network_mode: host
+    ports:
+    - 8096:8096
+    - 8920:8920
+    - 7359:7359/udp
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/jellyfin:/config
+    - /media/m-server/movies:/data/movies/m-server
+    - /media/m-server/music:/data/music/m-server
+    - /media/m-server/shows:/data/shows/m-server
+    - /media/nas/movies:/data/movies/nas
+    - /media/nas/music:/data/music/nas
+    - /media/nas/shows:/data/shows/nas
+    - /media/nas/xxx:/data/xxx/nas
+  jellyseerr:
+    container_name: jellyseerr
+    environment:
+    - LOG_LEVEL=debug
+    - TZ=Europe/Bratislava
+    hostname: jellyseerr
+    image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
+    labels:
+      com.centurylinklabs.watchtower.enabl: 'true'
+      homepage.container: jellyseerr
+      homepage.description: Subtitles
+      homepage.group: Media
+      homepage.href: https://js.sectorq.eu
+      homepage.icon: jellyseerr.png
+      homepage.name: Jellyseerr
+      homepage.server: my-docker
+      homepage.weight: '20'
+      homepage.widget.key: ${JELLYSEER_TOKEN}
+      homepage.widget.type: jellyseerr
+      homepage.widget.url: https://js.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - mediarr
+    ports:
+    - 5055:5055
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/jellyseerr/config:/app/config
+  lidarr:
+    container_name: lidarr
+    environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=Europe/Bratislava
+    hostname: lidarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: lidarr
+      homepage.description: Subtitles
+      homepage.group: Media
+      homepage.href: https://lidarr.sectorq.eu
+      homepage.icon: lidarr.png
+      homepage.name: Lidarr
+      homepage.server: my-docker
+      homepage.weight: '60'
+      homepage.widget.key: ${LIDARR_TOKEN}
+      homepage.widget.type: lidarr
+      homepage.widget.url: https://lidarr.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - mediarr
+    ports:
+    - 8686:8686
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/lidarr/config:/config
+    - /media/m-server/music:/music
+    - /media/m-server/downloads:/downloads
+  qbittorrent:
+    container_name: qbittorrent
+    environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=Europe/Bratislava
+    - WEBUI_PORT=8085
+    - FILE__PASSWORD=/run/secrets/mysecretpassword
+    hostname: qbittorrent
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: qbittorrent
+      homepage.description: Subtitles
+      homepage.group: Utilities
+      homepage.href: https://qbit.sectorq.eu
+      homepage.icon: qbittorrent.png
+      homepage.name: Qbittorrent
+      homepage.server: my-docker
+      homepage.weight: '95'
+      homepage.widget.enableLeechProgress: 'true'
+      homepage.widget.password: ${QBIT_TOKEN}
+      homepage.widget.type: qbittorrent
+      homepage.widget.url: https://qbit.sectorq.eu
+      homepage.widget.username: admin
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - mediarr
+    ports:
+    - 8085:8085
+    - 6881:6881
+    - 6881:6881/udp
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/qbittorrent/config:/config
+    - /media/m-server/downloads:/downloads
+  radarr:
+    container_name: radarr
+    dns:
+    - 192.168.77.101
+    environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=Europe/Bratislava
+    hostname: radarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: radarr
+      homepage.description: Subtitles
+      homepage.group: Media
+      homepage.href: https://radarr.sectorq.eu
+      homepage.icon: radarr.png
+      homepage.name: Radarr
+      homepage.server: my-docker
+      homepage.weight: '20'
+      homepage.widget.key: ${RADARR_TOKEN}
+      homepage.widget.type: radarr
+      homepage.widget.url: https://radarr.sectorq.eu
+      wud.display.icon: mdi:radarr
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - mediarr
+    ports:
+    - 7878:7878
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/radarr/config:/config
+    - /media/m-server/movies/:/movies-m-server
+    - /media/nas/movies/:/movies-nas
+    - /media/m-server/downloads:/downloads
+  sonarr:
+    container_name: sonarr
+    dns:
+      - 192.168.77.101
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
+    hostname: sonarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: sonarr
+      homepage.description: Subtitles
+      homepage.group: Media
+      homepage.href: https://sonarr.sectorq.eu
+      homepage.icon: sonarr.png
+      homepage.name: Sonarr
+      homepage.server: my-docker
+      homepage.weight: '30'
+      homepage.widget.key: ${SONARR_TOKEN}
+      homepage.widget.type: sonarr
+      homepage.widget.url: https://sonarr.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - mediarr
+    ports:
+    - 8989:8989
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/sonarr/config:/config
+    - /media/m-server/shows:/tv-m-server
+    - /media/nas/shows:/tv-nas
+    - /media/m-server/downloads:/downloads
diff --git a/__swarm/mediacenter/hwaccel.yml b/__swarm/mediacenter/hwaccel.yml
new file mode 100755
index 0000000..6a38685
--- /dev/null
+++ b/__swarm/mediacenter/hwaccel.yml
@@ -0,0 +1,8 @@
+---
+services:
+  cpu: {}
+
+  hw:
+    devices:
+      - /dev/dri/renderD128
+      - /dev/dri/card1
\ No newline at end of file
diff --git a/__swarm/mosquitto/.env b/__swarm/mosquitto/.env
new file mode 100755
index 0000000..864f133
--- /dev/null
+++ b/__swarm/mosquitto/.env
@@ -0,0 +1,2 @@
+APPNAME=mosquitto
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/mosquitto/docker-compose.yml b/__swarm/mosquitto/docker-compose.yml
new file mode 100755
index 0000000..420fd32
--- /dev/null
+++ b/__swarm/mosquitto/docker-compose.yml
@@ -0,0 +1,15 @@
+name: mosquitto
+services:
+  mosquitto:
+    image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      wud.watch: true
+      wud.watch.digest: true
+    mem_limit: 1g
+    network_mode: host
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/mosquitto/conf:/mosquitto/config
+    - /share/docker_data/mosquitto/data:/mosquitto/data
+    - /share/docker_data/mosquitto/log:/mosquitto/log
diff --git a/__swarm/motioneye/.env b/__swarm/motioneye/.env
new file mode 100755
index 0000000..b1c9e52
--- /dev/null
+++ b/__swarm/motioneye/.env
@@ -0,0 +1,3 @@
+APPNAME=motioneye
+DOCKER_REGISTRY=r.sectorq.eu/library/
+RESTART=always
\ No newline at end of file
diff --git a/__swarm/motioneye/docker-compose.yml b/__swarm/motioneye/docker-compose.yml
new file mode 100755
index 0000000..dda7fef
--- /dev/null
+++ b/__swarm/motioneye/docker-compose.yml
@@ -0,0 +1,28 @@
+services:
+  motioneye:
+    container_name: motioneye
+    dns:
+      - 192.168.77.101
+    environment:
+      - TZ=Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: motioneye
+      homepage.description: Video manager
+      homepage.group: Media
+      homepage.href: http://m-server.home.lan:8765/
+      homepage.icon: /images/motioneye.webp
+      homepage.name: MotionEye
+      homepage.server: my-docker
+      homepage.weight: '1'
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+      - 8081:8081
+      - 8765:8765
+    restart: unless-stopped
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /share/docker_data/motioneye/etc_motioneye:/etc/motioneye
+      - /share/docker_data/motioneye/var_lib_motioneye:/var/lib/motioneye
diff --git a/__swarm/n8n/.env b/__swarm/n8n/.env
new file mode 100755
index 0000000..c6671ed
--- /dev/null
+++ b/__swarm/n8n/.env
@@ -0,0 +1,2 @@
+APPNAME=n8n
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/n8n/docker-compose.yml b/__swarm/n8n/docker-compose.yml
new file mode 100755
index 0000000..b556ff0
--- /dev/null
+++ b/__swarm/n8n/docker-compose.yml
@@ -0,0 +1,33 @@
+version: "3"
+services:
+  n8n:
+    image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
+    container_name: n8n
+    ports:
+      - "5679:5678"
+    environment:
+      - N8N_HOST=n8n.sectorq.eu
+      - N8N_PORT=5678
+      - N8N_PROTOCOL=https
+      - N8N_BASIC_AUTH_ACTIVE=true
+      - N8N_BASIC_AUTH_USER=sth
+      - N8N_BASIC_AUTH_PASSWORD=pwd
+      - N8N_RUNNERS_ENABLED=true
+      - N8N_RUNNERS_MODE=internal
+      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
+      - N8N_SECURE_COOKIE=false
+      - WEBHOOK_URL=https://n8n.sectorq.eu
+    volumes:
+      - /share/docker_data/n8n/n8n-data:/home/node/.n8n
+    restart: ${RESTART:-unless-stopped}
+    stop_grace_period: 60s
+    labels:      
+      homepage.container: n8n
+      homepage.description: Workflow management
+      homepage.group: Utils
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: /icons/n8n.svg
+      homepage.name: n8n
+      homepage.server: my-docker
+      wud.watch: true
+      wud.watch.digest: true   
\ No newline at end of file
diff --git a/__swarm/nebula/.env b/__swarm/nebula/.env
new file mode 100755
index 0000000..5eab787
--- /dev/null
+++ b/__swarm/nebula/.env
@@ -0,0 +1,2 @@
+APPNAME=nebula
+PASSWORD=l4c1j4yd33Du5lo
\ No newline at end of file
diff --git a/__swarm/nebula/docker-compose copy.yml b/__swarm/nebula/docker-compose copy.yml
new file mode 100755
index 0000000..420b058
--- /dev/null
+++ b/__swarm/nebula/docker-compose copy.yml	
@@ -0,0 +1,17 @@
+services:
+  nebula-sync:
+    image: ghcr.io/lovelaze/nebula-sync:latest
+    container_name: nebula-sync
+    environment:
+    - PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
+    - REPLICAS=http://192.168.77.238:9380|l4c1j4yd33Du5lo,http://192.168.77.106:9380|l4c1j4yd33Du5lo
+    - CLIENT_SKIP_TLS_VERIFICATION=true
+
+    - FULL_SYNC=true
+    - RUN_GRAVITY=true
+    - CRON=0 * * * *      
+    labels:
+
+      wud.watch: true
+      wud.watch.digest: true
+    restart: always
\ No newline at end of file
diff --git a/__swarm/nebula/docker-compose.yml b/__swarm/nebula/docker-compose.yml
new file mode 100755
index 0000000..e082407
--- /dev/null
+++ b/__swarm/nebula/docker-compose.yml
@@ -0,0 +1,11 @@
+services:
+  nebula-sync:
+    image: ghcr.io/lovelaze/nebula-sync:latest
+    environment:
+    - PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
+    - REPLICAS=http://192.168.77.106:9380|l4c1j4yd33Du5lo
+    - CLIENT_SKIP_TLS_VERIFICATION=true
+
+    - FULL_SYNC=true
+    - RUN_GRAVITY=true
+    - CRON=0 * * * *      
diff --git a/__swarm/nextcloud/.env b/__swarm/nextcloud/.env
new file mode 100755
index 0000000..2d0c4ab
--- /dev/null
+++ b/__swarm/nextcloud/.env
@@ -0,0 +1,2 @@
+APPNAME=nextcloud
+#RESTART=always
\ No newline at end of file
diff --git a/__swarm/nextcloud/docker-compose.yml b/__swarm/nextcloud/docker-compose.yml
new file mode 100755
index 0000000..7123467
--- /dev/null
+++ b/__swarm/nextcloud/docker-compose.yml
@@ -0,0 +1,94 @@
+networks:
+  nextcloud_network:
+    ipam:
+      config:
+      - subnet: 192.168.80.0/28
+      driver: default
+  pihole_pihole:
+    external: true
+services:
+  app:
+    depends_on:
+    - db
+    dns:
+    - 192.168.78.254
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}nextcloud:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
+        -y smbclient;chown -R www-data:www-data /var/www/html
+      homepage.container: nextcloud-app-1
+      homepage.description: Cloud server
+      homepage.group: Infrastructure
+      homepage.href: https://nc.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Nextcloud
+      homepage.server: my-docker
+      homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
+      homepage.widget.type: ${APPNAME}
+      homepage.widget.url: https://nc.sectorq.eu
+      homepage.widget.username: jaydee
+      wud.watch: true
+      wud.watch.digest: true
+    links:
+    - db
+    networks:
+    - nextcloud_network
+    - pihole_pihole
+    ports:
+    - 8134:80
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/nextcloud/app:/var/www/html
+    - /share/docker_data/nextcloud/app-hooks/pre-installation:/docker-entrypoint-hooks.d/pre-installation
+    - /share/docker_data/nextcloud/app-hooks/post-installation:/docker-entrypoint-hooks.d/post-installation
+    - /share/docker_data/nextcloud/app-hooks/pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
+    - /share/docker_data/nextcloud/app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
+    - /share/docker_data/nextcloud/app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting
+  db:
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
+      --skip-innodb-read-only-compressed
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - nextcloud_network
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/nextcloud/mariadb:/var/lib/mysql
+    - /etc/localtime:/etc/localtime
+  redis:
+    image: ${DOCKER_REGISTRY:-}redis:alpine
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - nextcloud_network
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/nextcloud/redis:/data
+  appapi-harp:
+    environment:
+      - HP_SHARED_KEY=l4c1j4yd33Du5lo
+      - NC_INSTANCE_URL=https://nc.sectorq.eu
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/docker_data/nextcloud/certs:/certs
+    container_name: appapi-harp
+    hostname: appapi-harp
+    restart: unless-stopped
+    ports:
+      - 8780:8780
+      - 8782:8782
+    image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
+    networks:
+    - nextcloud_network
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
\ No newline at end of file
diff --git a/__swarm/nextcloud/stack.env b/__swarm/nextcloud/stack.env
new file mode 100755
index 0000000..15f52ba
--- /dev/null
+++ b/__swarm/nextcloud/stack.env
@@ -0,0 +1,10 @@
+TZ=Europe/Bratislava
+MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
+MYSQL_PASSWORD=l4c1j4yd33Du5lo
+MYSQL_DATABASE=nextcloud
+MYSQL_USER=nextcloud
+MYSQL_HOST=db
+REDIS_HOST=redis
+PHP_MEMORY_LIMIT=1024M
+PHP_UPLOAD_LIMIT=1024M
+NEXTCLOUD_MEMORY_LIMIT=1024M
\ No newline at end of file
diff --git a/__swarm/nginx/.env b/__swarm/nginx/.env
new file mode 100755
index 0000000..135fd32
--- /dev/null
+++ b/__swarm/nginx/.env
@@ -0,0 +1 @@
+APPNAME=nginx
diff --git a/__swarm/nginx/docker-compose.yml b/__swarm/nginx/docker-compose.yml
new file mode 100755
index 0000000..b6cb779
--- /dev/null
+++ b/__swarm/nginx/docker-compose.yml
@@ -0,0 +1,40 @@
+networks:
+  pihole_pihole:
+    external: true
+services:
+  app:
+    dns:
+    - 192.168.78.254
+    healthcheck:
+      interval: 10s
+      test:
+      - CMD
+      - /usr/bin/check-health
+      timeout: 3s
+    image: jc21/nginx-proxy-manager:latest
+    labels:
+      homepage.container: nginx-app-1
+      homepage.description: Reverse Proxy
+      homepage.group: Infrastructure
+      homepage.href: http://active.home.lan:81
+      homepage.icon: nginx-proxy-manager.png
+      homepage.name: Nginx
+      homepage.server: my-docker
+      homepage.weight: '25'
+      homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
+      homepage.widget.type: npm
+      homepage.widget.url: http://active.home.lan:81
+      homepage.widget.username: monitoring@sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+    - pihole_pihole
+    ports:
+    - 8099:80
+    - 4439:443
+    - 81:81
+    restart: unless-stopped
+    volumes:
+    - /share/docker_data/nginx/data:/data
+    - /share/docker_data/nginx/letsencrypt:/etc/letsencrypt
+version: '3.8'
diff --git a/__swarm/node-red/.env b/__swarm/node-red/.env
new file mode 100755
index 0000000..be786ee
--- /dev/null
+++ b/__swarm/node-red/.env
@@ -0,0 +1,2 @@
+APPNAME=node-red
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/node-red/docker-compose.yml b/__swarm/node-red/docker-compose.yml
new file mode 100755
index 0000000..e536ba4
--- /dev/null
+++ b/__swarm/node-red/docker-compose.yml
@@ -0,0 +1,28 @@
+networks:
+  node-red-net: null
+services:
+  node-red:
+    dns:
+    - 192.168.77.101
+    environment:
+    - TZ=Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      wud.watch: true
+      wud.watch.digest: true
+      homepage.container: node-red-node-red-1
+      homepage.description:  Node red
+      homepage.group: Infrastructure
+      homepage.href: http://active.home.lan:1880
+      homepage.icon: node-red.png
+      homepage.name: Node-red
+      homepage.server: my-docker
+    mem_limit: 1g
+    networks:
+    - node-red-net
+    ports:
+    - 1880:1880
+    restart: always
+    volumes:
+    - /share/docker_data/node-red:/data
diff --git a/__swarm/octoprint/docker-compose.yml b/__swarm/octoprint/docker-compose.yml
new file mode 100755
index 0000000..3f2e03b
--- /dev/null
+++ b/__swarm/octoprint/docker-compose.yml
@@ -0,0 +1,56 @@
+services:
+  octoprint1:
+    container_name: octoprint1
+    devices:
+      - /dev/ttyUSB0:/dev/ttyUSB0
+      - /dev/video0:/dev/video0
+      - /dev/video1:/dev/video1
+    environment:
+    - ENABLE_MJPG_STREAMER=true
+    image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: octoprint1
+      homepage.description: 3D Printing
+      homepage.group: Utilities
+      homepage.href: http://m-server.home.lan:85/
+      homepage.icon: octoprint.png
+      homepage.name: Octoprint1
+      homepage.server: my-docker
+      homepage.weight: '98'
+      homepage.widget.fields: '["printer_state", "temp_tool", "temp_bed", "job_completion"]'
+      homepage.widget.key: 0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk
+      homepage.widget.type: octoprint
+      homepage.widget.url: http://m-server.home.lan:85/
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 85:80
+    volumes:
+      - /share/docker_data/octoprint1:/octoprint
+  octoprint2:
+    container_name: octoprint2
+    environment:
+    - ENABLE_MJPG_STREAMER=true
+    image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: octoprint2
+      homepage.description: 3D Printing
+      homepage.group: Utilities
+      homepage.href: http://m-server.home.lan:86/
+      homepage.icon: octoprint.png
+      homepage.name: Octoprint2
+      homepage.server: my-docker
+      homepage.weight: '99'
+      homepage.widget.fields: '["printer_state", "temp_tool", "temp_bed", "job_completion"]'
+      homepage.widget.key: 0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk
+      homepage.widget.type: octoprint
+      homepage.widget.url: http://m-server.home.lan:86/
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 86:80
+    volumes:
+      - /share/docker_data/octoprint2:/octoprint
+      - /dev:/dev
diff --git a/__swarm/ollama/.env b/__swarm/ollama/.env
new file mode 100755
index 0000000..718679f
--- /dev/null
+++ b/__swarm/ollama/.env
@@ -0,0 +1,3 @@
+APPNAME=nextcloud
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/ollama/docker-compose.yml b/__swarm/ollama/docker-compose.yml
new file mode 100755
index 0000000..289b0c1
--- /dev/null
+++ b/__swarm/ollama/docker-compose.yml
@@ -0,0 +1,19 @@
+services:
+  ollama:
+    image: ${DOCKER_REGISTRY:-}ollama/ollama:rocm
+    container_name: ollama
+    restart: ${RESTART:-unless-stopped}
+    devices:
+      - "/dev/kfd"
+      - "/dev/dri"
+    volumes:
+      - ollama_models:/root/.ollama
+    environment:
+      - HSA_OVERRIDE_GFX_VERSION=11.0.0
+    ports:
+      - "11434:11434"
+    dns:
+      - "8.8.8.8"
+      
+volumes:
+  ollama_models:
\ No newline at end of file
diff --git a/__swarm/onlyoffice/.env b/__swarm/onlyoffice/.env
new file mode 100755
index 0000000..5fff86b
--- /dev/null
+++ b/__swarm/onlyoffice/.env
@@ -0,0 +1,3 @@
+APPNAME=onlyoffice
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/onlyoffice/docker-compose.yml b/__swarm/onlyoffice/docker-compose.yml
new file mode 100755
index 0000000..dd80723
--- /dev/null
+++ b/__swarm/onlyoffice/docker-compose.yml
@@ -0,0 +1,85 @@
+services:
+  onlyoffice-documentserver:
+    build:
+      context: .
+    image: onlyoffice/documentserver #[-de,-ee]
+    container_name: onlyoffice-documentserver
+    depends_on:
+      - onlyoffice-postgresql
+      - onlyoffice-rabbitmq
+    environment:
+      - DB_TYPE=postgres
+      - DB_HOST=onlyoffice-postgresql
+      - DB_PORT=5432
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      # Uncomment strings below to enable the JSON Web Token validation.
+      #- JWT_ENABLED=true
+      #- JWT_SECRET=secret
+      #- JWT_HEADER=Authorization
+      #- JWT_IN_BODY=true
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      wud.watch: true
+      wud.watch.digest: true
+      homepage.container: onlyoffice-documentserver
+      homepage.description:  OnlyOffice Document Server
+      homepage.group: Infrastructure
+      homepage.href: http://active.home.lan:8280/example
+      homepage.icon: onlyoffice.png
+      homepage.name: OnlyOffice Document Server
+      homepage.server: my-docker
+    ports:
+      - '8280:80'
+      - '22443:443'
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"]
+      interval: 30s
+      retries: 5
+      start_period: 60s
+      timeout: 10s
+    stdin_open: true
+    restart: always
+    stop_grace_period: 60s
+    volumes:
+       - /var/www/onlyoffice/Data
+       - /var/log/onlyoffice
+       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - /var/www/onlyoffice/documentserver-example/public/files
+       - /usr/share/fonts
+       
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq:3
+    restart: always
+    expose:
+      - '5672'
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "status"]
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:15
+    environment:
+      - POSTGRES_DB=onlyoffice
+      - POSTGRES_USER=onlyoffice
+      - POSTGRES_HOST_AUTH_METHOD=trust
+    restart: always
+    expose:
+      - '5432'
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+
+volumes:
+  postgresql_data:
\ No newline at end of file
diff --git a/__swarm/openldap/docker-compose.yml b/__swarm/openldap/docker-compose.yml
new file mode 100755
index 0000000..6678121
--- /dev/null
+++ b/__swarm/openldap/docker-compose.yml
@@ -0,0 +1,26 @@
+services:
+  openldap:
+    environment:
+    - LDAP_SKIP_DEFAULT_TREE=yes
+    - LDAP_ROOT=dc=sectorq,dc=eu
+    - LDAP_ADMIN_USERNAME=admin
+    - LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD
+    - LDAP_USERS=test
+    - LDAP_PASSWORDS=q
+    - LDAP_GROUP=group
+    - LDAP_USER_DC=people
+    - LDAP_CONFIG_ADMIN_ENABLED=yes
+    - LDAP_CONFIG_ADMIN_USERNAME=admin
+    - LDAP_CONFIG_ADMIN_PASSWORD=$LDAP_CONFIG_ADMIN_PASSWORD
+    image: bitnami/openldap:latest
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 1389:1389
+    - 1636:1636
+    volumes:
+    - /share/docker_data/openldap/data:/bitnami/openldap
+    - /share/docker_data/openldap/ldifs:/ldifs
+    - /share/docker_data/openldap/custom:/custom
+version: '2'
diff --git a/__swarm/paperless-ngx/.env b/__swarm/paperless-ngx/.env
new file mode 100755
index 0000000..0f648cc
--- /dev/null
+++ b/__swarm/paperless-ngx/.env
@@ -0,0 +1,3 @@
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
+APPNAME=paperless-ngx
diff --git a/__swarm/paperless-ngx/docker-compose.yml b/__swarm/paperless-ngx/docker-compose.yml
new file mode 100755
index 0000000..75389a1
--- /dev/null
+++ b/__swarm/paperless-ngx/docker-compose.yml
@@ -0,0 +1,53 @@
+services:
+  broker:
+    image: ${DOCKER_REGISTRY:-}docker.io/library/redis:8
+    restart: unless-stopped
+    volumes:
+      - /share/docker_data/paperless/redisdata:/data
+  webserver:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - broker
+    ports:
+      - "8001:8000"
+    volumes:
+      - /share/docker_data/paperless/data:/usr/src/paperless/data
+      - /share/docker_data/paperless/media:/usr/src/paperless/media
+      - /share/docker_data/paperless/export:/usr/src/paperless/export
+      - /share/docker_data/paperless/consume:/usr/src/paperless/consume
+      - /share/docker_data/paperless/scripts:/opt/scripts
+    env_file: stack.env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_URL: https://paperless.sectorq.eu
+      PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.sectorq.eu
+      PAPERLESS_POST_CONSUME_SCRIPT: /opt/scripts/post-consumption.sh
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
+          {
+            "openid_connect": {
+              "APPS": [
+                {
+                  "provider_id": "authentik",
+                  "name": "Authentik",
+                  "client_id": "B4NM614bqWkvDqGDAmR823qUm8n4ZNlG3XtvkI51",
+                  "secret": "7FFRdLWOUHlDxkhc86xR2yhxRn8BmDfTtfX9aTVY1XbRY197zy3UXPs51IMIkIjwjp6uijtpIQDDJDpR7LNInJt0F5hEXGMEcTfJxYyfNv2ytKFO58tCN5UD2EnzbCmN",
+                  "settings": {
+                    "server_url": "https://auth.sectorq.eu/application/o/paperless/.well-known/openid-configuration"
+                  }
+                }
+              ],
+              "OAUTH_PKCE_ENABLED": "True"
+            }
+          }
+    labels:
+      homepage.container: paperless-ngx_webserver
+      homepage.description: PDF server
+      homepage.group: Utils
+      homepage.href: https://paperless.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Paperless
+      homepage.server: my-docker
+      wud.watch: "true"
+      wud.watch.digest: "true"          
\ No newline at end of file
diff --git a/__swarm/paperless-ngx/stack.env b/__swarm/paperless-ngx/stack.env
new file mode 100755
index 0000000..6595e82
--- /dev/null
+++ b/__swarm/paperless-ngx/stack.env
@@ -0,0 +1,37 @@
+###############################################################################
+# Paperless-ngx settings                                                      #
+###############################################################################
+
+# See http://docs.paperless-ngx.com/configuration/ for all available options.
+
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# See the documentation linked above for all options. A few commonly adjusted settings
+# are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+#PAPERLESS_URL=https://paperless.example.com
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+#PAPERLESS_SECRET_KEY=change-me
+
+# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
+#PAPERLESS_TIME_ZONE=America/Los_Angeles
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+#PAPERLESS_OCR_LANGUAGE=eng
+
+# Additional languages to install for text recognition, separated by a whitespace.
+# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
+# the language used for OCR.
+# The container installs English, German, Italian, Spanish and French by default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+#PAPERLESS_OCR_LANGUAGES=tur ces
\ No newline at end of file
diff --git a/__swarm/pihole/.env b/__swarm/pihole/.env
new file mode 100755
index 0000000..23038d3
--- /dev/null
+++ b/__swarm/pihole/.env
@@ -0,0 +1,2 @@
+APPNAME=pihole
+PASSWORD=l4c1j4yd33Du5lo
\ No newline at end of file
diff --git a/__swarm/pihole/docker-compose.yml b/__swarm/pihole/docker-compose.yml
new file mode 100755
index 0000000..2a2fe7f
--- /dev/null
+++ b/__swarm/pihole/docker-compose.yml
@@ -0,0 +1,63 @@
+networks:
+  pihole:
+    driver: bridge
+    ipam:
+      config:
+      - subnet: 192.168.78.0/24
+      driver: default
+services:
+  # orbital-sync:
+  #   environment:
+  #     INTERVAL_MINUTES: 60
+  #     PRIMARY_HOST_BASE_URL: http://192.168.77.101:9380
+  #     PRIMARY_HOST_PASSWORD: l4c1j4yd33Du5lo
+  #     SECONDARY_HOST_1_BASE_URL: http://192.168.77.106:9380
+  #     SECONDARY_HOST_1_PASSWORD: ${PASSWORD}
+  #     # SECONDARY_HOST_1_PATH: /admin
+  #     SECONDARY_HOST_2_BASE_URL: http://192.168.77.238:9380
+  #     SECONDARY_HOST_2_PASSWORD: ${PASSWORD}
+  #   image: mattwebbio/orbital-sync:1
+  #   labels:
+  #     wud.watch: true
+  #     wud.watch.digest: true
+  pihole:
+    cap_add:
+    - NET_ADMIN
+    - SYS_TIME
+    - SYS_NICE
+    container_name: pihole
+    environment:
+      FTLCONF_dns_listeningMode: all
+      FTLCONF_dns_upstreams: 8.8.8.8;8.8.4.4
+      FTLCONF_webserver_api_password: ${PASSWORD}
+      TZ: Europe/Bratislava
+    hostname: m-server
+    image: pihole/pihole:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: pihole
+      homepage.description: Add blocker
+      homepage.group: Infrastructure
+      homepage.href: https://active.home.lan:9343/admin
+      homepage.icon: /images/pihole.png
+      homepage.name: Pihole
+      homepage.server: my-docker
+      homepage.weight: '1'
+      homepage.widget.key: ${PASSWORD}
+      homepage.widget.type: pihole
+      homepage.widget.url: https://active.home.lan:9343
+      homepage.widget.version: '6'
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      pihole:
+        ipv4_address: 192.168.78.254
+    ports:
+    - 53:53/tcp
+    - 53:53/udp
+    - 9380:80/tcp
+    - 9343:443/tcp
+    restart: always
+    volumes:
+    - /share/docker_data/pihole/etc-pihole:/etc/pihole
+    - /share/docker_data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
diff --git a/__swarm/portainer/docker-compose.yml b/__swarm/portainer/docker-compose.yml
new file mode 100755
index 0000000..6382468
--- /dev/null
+++ b/__swarm/portainer/docker-compose.yml
@@ -0,0 +1,33 @@
+services:
+  portainer:
+    container_name: portainer
+    environment:
+    - DOCKER_CONFIG=/data/docker_config/
+    image: portainer/portainer-ee:lts
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: portainer
+      homepage.description: Docker container manager
+      homepage.group: Infrastructure
+      homepage.href: https://portainer.sectorq.eu
+      homepage.icon: portainer.png
+      homepage.name: Portainer
+      homepage.server: my-docker
+      homepage.weight: '10'
+      homepage.widget.env: '25'
+      homepage.widget.key: ptr_gfwpbP4AUDhZ4uoPmSfNUGqZq+gescoele8reP/l/GU
+      homepage.widget.type: portainer
+      homepage.widget.url: https://portainer.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+    ports:
+    - 9009:9000
+    restart: always
+    volumes:
+    - /etc/localtime:/etc/localtime
+    - /share/docker_data/portainer/portainer-data/:/data
+    - /var/run/docker.sock:/var/run/docker.sock
diff --git a/__swarm/rancher/.env b/__swarm/rancher/.env
new file mode 100755
index 0000000..b2e5dd3
--- /dev/null
+++ b/__swarm/rancher/.env
@@ -0,0 +1,2 @@
+APPNAME=rancher
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/rancher/docker-compose.yml b/__swarm/rancher/docker-compose.yml
new file mode 100755
index 0000000..bd62e83
--- /dev/null
+++ b/__swarm/rancher/docker-compose.yml
@@ -0,0 +1,15 @@
+name: rancher
+services:
+  rancher:
+    command: --acme-domain rancher.sectorq.eu
+    image: ${DOCKER_REGISTRY:-}rancher/rancher:latest
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 7080:80
+    - 7443:443
+    privileged: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/rancher:/var/lib/rancher
diff --git a/__swarm/registry/.env b/__swarm/registry/.env
new file mode 100755
index 0000000..e69de29
diff --git a/__swarm/registry/docker-compose.yml b/__swarm/registry/docker-compose.yml
new file mode 100755
index 0000000..af49cc0
--- /dev/null
+++ b/__swarm/registry/docker-compose.yml
@@ -0,0 +1,23 @@
+name: registry
+services:
+  registry:
+    container_name: registry
+    environment:
+    - REGISTRY_STORAGE_DELETE_ENABLED=true
+    - REGISTRY_AUTH=htpasswd
+    - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
+    - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
+    image: registry:2
+    labels:
+      wud.watch: false
+      wud.watch.digest: false
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+    ports:
+    - 5000:5000
+    restart: always
+    volumes:
+    - /share/docker_data/registry/auth:/auth
+    - /share/docker_registry/data:/var/lib/registry
diff --git a/__swarm/regsync/.env b/__swarm/regsync/.env
new file mode 100755
index 0000000..5313004
--- /dev/null
+++ b/__swarm/regsync/.env
@@ -0,0 +1,3 @@
+APPNAME: regsync
+DOCKER_REGISTRY: r.sectorq.eu/library/
+RESTART: always
\ No newline at end of file
diff --git a/__swarm/regsync/docker-compose.yml b/__swarm/regsync/docker-compose.yml
new file mode 100755
index 0000000..9867024
--- /dev/null
+++ b/__swarm/regsync/docker-compose.yml
@@ -0,0 +1,20 @@
+name: regsync
+services:
+  regsync:
+    command: -c /home/appuser/regsync.yml server
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/regclient/regsync:latest
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+    network_mode: host
+    restart: ${RESTART:-unless-stopped}
+    stdin_open: true
+    volumes:
+    - /share/docker_data/regsync/regsync.yml:/home/appuser/regsync.yml
+    - /etc/localtime:/etc/localtime
diff --git a/__swarm/regsync/stack.env b/__swarm/regsync/stack.env
new file mode 100755
index 0000000..6296966
--- /dev/null
+++ b/__swarm/regsync/stack.env
@@ -0,0 +1,6 @@
+# HUB_USER=jaydee77
+# HUB_PASS=dckr_pat_WUfjkuEEYYEFDI95myphANR7AUU
+HUB_USER=sectorq
+HUB_PASS=dckr_pat_7XN8zNgj8JRPq1mlS5IvMcxJDUA
+LOCAL_USER=jaydee
+LOCAL_PASS=l4c1j4yd33Du5lo
diff --git a/__swarm/semaphore/.env b/__swarm/semaphore/.env
new file mode 100755
index 0000000..220548c
--- /dev/null
+++ b/__swarm/semaphore/.env
@@ -0,0 +1,3 @@
+APPNAME=semaphore
+DOCKER_REGISTRY=r.sectorq.eu/library/
+RESTART=always
\ No newline at end of file
diff --git a/__swarm/semaphore/config.conf b/__swarm/semaphore/config.conf
new file mode 100755
index 0000000..96e9b89
--- /dev/null
+++ b/__swarm/semaphore/config.conf
@@ -0,0 +1,29 @@
+{
+        "mysql": {
+                "host": "db:3306",
+                "user": "semaphore_user",
+                "pass": "StrongPassw0rd",
+                "name": "semaphore_db"
+        },
+        "dialect": "mysql",
+        "tmp_path": "/tmp/semaphore",
+        "cookie_hash": "mWjb9iAV2NMjvwyeS02kZysD/mEAX3pSiKLFQnrT7Z0=",
+        "cookie_encryption": "nnNaB+gZtrjr1z5xPfsq58zGtwcvtIHVm4g5LUeOEEY=",
+        "access_key_encryption": "bdEQwjNhSqXOtdd5eLG/BMn7hpIVftaobmyCQDyyQNE=",
+
+  "oidc_providers": {
+    "authentik": {
+      "display_name": "Sign in with MySSO",
+      "color": "orange",
+      "icon": "login",
+      "provider_url": "https://auth.sectorq.eu/application/o/semaphore/",
+      "client_id": "qQ377Vp5RZ7kGsaYOvKVJE7gFGozip7vwwsD5Kgg",
+      "client_secret": "Tf5h54NnevOwo9QvlhOTAeo7xpsrQjrXYCqMLZwiAhQ6bthX9qydUNsrEMWVOTQ7uBfQw2piHmmYmm5uYSTLa4SGi8TkT03OvsMeAotwXo3me9gYMgIAMk464lVGA2XM",
+      "redirect_url": "https://semaphore.sectorq.eu/api/auth/oidc/authentik/redirect/",
+      "scopes": ["openid", "profile", "email"],
+      "username_claim": "preferred_username",
+      "name_claim": "preferred_username"
+    }
+  }
+
+ }
\ No newline at end of file
diff --git a/__swarm/semaphore/docker-compose.yml b/__swarm/semaphore/docker-compose.yml
new file mode 100755
index 0000000..73d8720
--- /dev/null
+++ b/__swarm/semaphore/docker-compose.yml
@@ -0,0 +1,53 @@
+services:
+  app:
+    depends_on:
+    - db
+    dns:
+    - 192.168.77.101
+    - 192.168.77.1
+    environment:
+      SEMAPHORE_ACCESS_KEY_ENCRYPTION: MflCLIUF5bn6Lgkuwy4BoAdIFhoZ4Ief2oocXmuZSjs=
+      SEMAPHORE_ADMIN: administrator
+      SEMAPHORE_ADMIN_EMAIL: administrator@sectorq.eu
+      SEMAPHORE_ADMIN_NAME: administrator
+      SEMAPHORE_ADMIN_PASSWORD: $SEMAPHORE_ADMIN_PASSWORD
+      SEMAPHORE_DB: semaphore_db
+      SEMAPHORE_DB_HOST: db
+      SEMAPHORE_DB_PASS: StrongPassw0rd
+      SEMAPHORE_DB_PORT: 3306
+      SEMAPHORE_DB_USER: semaphore_user
+      SEMAPHORE_LDAP_ACTIVATED: 'no'
+      SEMAPHORE_LDAP_DN_BIND: cn=jaydee,ou=users,dc=sectorq,dc=eu
+      SEMAPHORE_LDAP_DN_SEARCH: dc=sectorq,dc=eu
+      SEMAPHORE_LDAP_HOST: 192.168.77.101
+      SEMAPHORE_LDAP_NEEDTLS: 'no'
+      SEMAPHORE_LDAP_PASSWORD: $LDAP_ADMIN_PASSWORD
+      SEMAPHORE_LDAP_PORT: '2389'
+      SEMAPHORE_LDAP_SEARCH_FILTER: (&(objectClass=inetOrgPerson)(uid=%s))
+      SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}semaphoreui/semaphore:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    mem_limit: 1g
+    ports:
+    - 3002:3000
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /etc/localtime:/etc/localtime:ro
+    - /share/docker_data/semaphore/app/:/etc/semaphore/
+  db:
+    environment:
+      MYSQL_DATABASE: semaphore_db
+      MYSQL_PASSWORD: StrongPassw0rd
+      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+      MYSQL_USER: semaphore_user
+    image: ${DOCKER_REGISTRY:-}mysql:8.0
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/semaphore/mysql/data:/var/lib/mysql
diff --git a/__swarm/uptime-kuma/.env b/__swarm/uptime-kuma/.env
new file mode 100755
index 0000000..f2c3981
--- /dev/null
+++ b/__swarm/uptime-kuma/.env
@@ -0,0 +1,3 @@
+APPNAME=uptime-kuma
+DOCKER_REGISTRY=r.sectorq.eu/library/
+RESTART=always
\ No newline at end of file
diff --git a/__swarm/uptime-kuma/docker-compose.yml b/__swarm/uptime-kuma/docker-compose.yml
new file mode 100755
index 0000000..3d75630
--- /dev/null
+++ b/__swarm/uptime-kuma/docker-compose.yml
@@ -0,0 +1,14 @@
+services:
+  uptime-kuma:
+    container_name: uptime-kuma
+    image: ${DOCKER_REGISTRY:-}louislam/uptime-kuma:nightly2
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 3001:3001
+    restart: always
+    volumes:
+    - /share/docker_data/uptime-kuma:/app/data
+    - /var/run/docker.sock:/var/run/docker.sock
diff --git a/__swarm/watchtower/.env b/__swarm/watchtower/.env
new file mode 100755
index 0000000..978e724
--- /dev/null
+++ b/__swarm/watchtower/.env
@@ -0,0 +1,4 @@
+APPNAME=watchtower
+DOCKER_REGISTRY=r.sectorq.eu/library/
+#RESTART=always
+WT_HOSTNAME=M-SERVER
\ No newline at end of file
diff --git a/__swarm/watchtower/docker-compose.yml b/__swarm/watchtower/docker-compose.yml
new file mode 100755
index 0000000..55bc577
--- /dev/null
+++ b/__swarm/watchtower/docker-compose.yml
@@ -0,0 +1,50 @@
+---
+services:
+  watchtower:
+    #command: --cleanup --label-enable --http-api-periodic-polls --http-api-metrics
+    command: --cleanup --label-enable --http-api-update --http-api-metrics
+    env_file: stack.env 
+    environment:
+      WATCHTOWER_HTTP_API_TOKEN: l4c1j4yd33Du5lo
+      WATCHTOWER_LABEL_ENABLE: 'true'
+      WATCHTOWER_LIFECYCLE_HOOKS: 'true'
+      WATCHTOWER_NOTIFICATIONS: email shoutrrr
+      WATCHTOWER_NOTIFICATIONS_HOSTNAME: ${WT_HOSTNAME:-M-SERVER}
+      WATCHTOWER_NOTIFICATIONS_LEVEL: debug
+      WATCHTOWER_NOTIFICATION_EMAIL_DELAY: '2'
+      WATCHTOWER_NOTIFICATION_EMAIL_FROM: sectorq77@gmail.com
+      WATCHTOWER_NOTIFICATION_EMAIL_SERVER: smtp.gmail.com
+      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: uuhmmedfsjddmgbg
+      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: '465'
+      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: sectorq77
+      WATCHTOWER_NOTIFICATION_EMAIL_SUBJECTTAG: NewUpdates
+      WATCHTOWER_NOTIFICATION_EMAIL_TO: jaydee@sectorq.eu
+      WATCHTOWER_POLL_INTERVAL: 43200
+    extends:
+      file: logging.yml
+      service: ${LOGGING:-syslog}
+    image: ${DOCKER_REGISTRY:-}containrrr/watchtower:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: watchtower-watchtower-1
+      homepage.description: Docker container monitoring
+      homepage.group: Infrastructure
+      homepage.href: http://192.168.77.101:8094
+      homepage.icon: watchtower.png
+      homepage.name: Watchtower
+      homepage.server: my-docker
+      homepage.weight: '100'
+      homepage.widget.key: l4c1j4yd33Du5lo
+      homepage.widget.type: watchtower
+      homepage.widget.url: http://192.168.77.101:8094
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 8094:8080
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /etc/timezone:/etc/timezone:ro
+    - /etc/localtime:/etc/localtime:ro
+    - /share/docker_data/watchtower/.docker/config.json:/config.json
+
diff --git a/__swarm/watchtower/logging.yml b/__swarm/watchtower/logging.yml
new file mode 100755
index 0000000..fc485ff
--- /dev/null
+++ b/__swarm/watchtower/logging.yml
@@ -0,0 +1,14 @@
+---
+services:
+  syslog:
+    logging:
+      driver: syslog
+      options:
+        tag: mailu-front
+
+  loki:
+    logging:
+      driver: loki
+      options:
+        loki-url: "http://192.168.77.101:3100/loki/api/v1/push"
+
diff --git a/__swarm/watchtower/stack.env b/__swarm/watchtower/stack.env
new file mode 100755
index 0000000..2a47ad9
--- /dev/null
+++ b/__swarm/watchtower/stack.env
@@ -0,0 +1,8 @@
+WATCHTOWER_NOTIFICATIONS=email
+WATCHTOWER_NOTIFICATION_EMAIL_FROM=jaydee@sectorq.eu
+WATCHTOWER_NOTIFICATION_EMAIL_TO=jaydee@sectorq.eu
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.sectorq.eu
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=jaydee@sectorq.eu
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=l4c1j4yd33Du5lo
+WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2
diff --git a/__swarm/wazuh/.env b/__swarm/wazuh/.env
new file mode 100755
index 0000000..727b514
--- /dev/null
+++ b/__swarm/wazuh/.env
@@ -0,0 +1,2 @@
+VERSION=4.11.0
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/wazuh/docker-compose.yml b/__swarm/wazuh/docker-compose.yml
new file mode 100755
index 0000000..d211fcb
--- /dev/null
+++ b/__swarm/wazuh/docker-compose.yml
@@ -0,0 +1,136 @@
+services:
+  wazuh.dashboard:
+    depends_on:
+    - wazuh.indexer
+    dns:
+    - 192.168.77.101
+    environment:
+    - INDEXER_USERNAME=admin
+    - INDEXER_PASSWORD=SecretPassword
+    - WAZUH_API_URL=https://wazuh.manager
+    - DASHBOARD_USERNAME=kibanaserver
+    - DASHBOARD_PASSWORD=kibanaserver
+    - API_USERNAME=wazuh-wui
+    - API_PASSWORD=MyS3cr37P450r.*-
+    hostname: wazuh.dashboard
+    image: ${DOCKER_REGISTRY:-}wazuh/wazuh-dashboard:${VERSION:-4.10.1}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    links:
+    - wazuh.indexer:wazuh.indexer
+    - wazuh.manager:wazuh.manager
+    ports:
+    - 5601:5601
+    restart: always
+    volumes:
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+    - /share/docker_data/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+    - /share/docker_data/wazuh/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+    - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+    - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+  wazuh.indexer:
+    dns:
+    - 192.168.77.101
+    environment:
+    - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
+    hostname: wazuh.indexer
+    image: ${DOCKER_REGISTRY:-}wazuh/wazuh-indexer:${VERSION:-4.10.1}
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 9200:9200
+    restart: always
+    ulimits:
+      memlock:
+        hard: -1
+        soft: -1
+      nofile:
+        hard: 65536
+        soft: 65536
+    volumes:
+    - wazuh-indexer-data:/var/lib/wazuh-indexer
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+    - /share/docker_data/wazuh/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+    - /share/docker_data/wazuh/config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
+    - /share/docker_data/wazuh/config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml
+    - /share/docker_data/wazuh/config/wazuh_indexer/idp-metadata.xml:/usr/share/wazuh-indexer/opensearch-security/idp-metadata.xml
+  wazuh.manager:
+    dns:
+    - 192.168.77.101
+    environment:
+    - INDEXER_URL=https://wazuh.indexer:9200
+    - INDEXER_USERNAME=admin
+    - INDEXER_PASSWORD=SecretPassword
+    - FILEBEAT_SSL_VERIFICATION_MODE=full
+    - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+    - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+    - SSL_KEY=/etc/ssl/filebeat.key
+    - API_USERNAME=wazuh-wui
+    - API_PASSWORD=MyS3cr37P450r.*-
+    hostname: wazuh.manager
+    image: ${DOCKER_REGISTRY:-}wazuh/wazuh-manager:${VERSION:-4.10.1}
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: wazuh-wazuh.manager-1
+      homepage.description: Security monitoring
+      homepage.group: Utilities
+      homepage.href: https://wazuh.sectorq.eu
+      homepage.icon: wazuh.png
+      homepage.name: Wazuh
+      homepage.server: my-docker
+      homepage.weight: '1'
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 1514:1514
+    - 1515:1515
+    - 514:514/udp
+    - 55000:55000
+    restart: always
+    ulimits:
+      memlock:
+        hard: -1
+        soft: -1
+      nofile:
+        hard: 655360
+        soft: 655360
+    volumes:
+    - wazuh_api_configuration:/var/ossec/api/configuration
+    - wazuh_etc:/var/ossec/etc
+    - wazuh_logs:/var/ossec/logs
+    - wazuh_queue:/var/ossec/queue
+    - wazuh_var_multigroups:/var/ossec/var/multigroups
+    - wazuh_integrations:/var/ossec/integrations
+    - wazuh_active_response:/var/ossec/active-response/bin
+    - wazuh_agentless:/var/ossec/agentless
+    - wazuh_wodles:/var/ossec/wodles
+    - filebeat_etc:/etc/filebeat
+    - filebeat_var:/var/lib/filebeat
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
+    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
+    - /share/docker_data/wazuh/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+volumes:
+  filebeat_etc: null
+  filebeat_var: null
+  wazuh-dashboard-config: null
+  wazuh-dashboard-custom: null
+  wazuh-indexer-data: null
+  wazuh_active_response: null
+  wazuh_agentless: null
+  wazuh_api_configuration: null
+  wazuh_etc: null
+  wazuh_integrations: null
+  wazuh_logs: null
+  wazuh_queue: null
+  wazuh_var_multigroups: null
+  wazuh_wodles: null
diff --git a/__swarm/webhub/.env b/__swarm/webhub/.env
new file mode 100755
index 0000000..99cf26c
--- /dev/null
+++ b/__swarm/webhub/.env
@@ -0,0 +1,3 @@
+APPNAME=webhub
+DOCKER_REGISTRY=r.sectorq.eu/library/
+#RESTART=always
\ No newline at end of file
diff --git a/__swarm/webhub/docker-compose.yml b/__swarm/webhub/docker-compose.yml
new file mode 100755
index 0000000..dd53012
--- /dev/null
+++ b/__swarm/webhub/docker-compose.yml
@@ -0,0 +1,31 @@
+services:
+  heimdall:
+    container_name: heimdall
+    environment:
+    - PUID=1000
+    - PGID=1000
+    - TZ=Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/heimdall:latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 8084:80
+    - 4437:443
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/heimdall/config:/config
+  web:
+    environment:
+    - NGINX_HOST=sectorq.eu
+    - NGINX_PORT=80
+    image: ${DOCKER_REGISTRY:-}nginx:latest
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+    ports:
+    - 48000:80
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /share/docker_data/webhub:/usr/share/nginx/html
diff --git a/__swarm/wordpress/.env b/__swarm/wordpress/.env
new file mode 100755
index 0000000..c2c470c
--- /dev/null
+++ b/__swarm/wordpress/.env
@@ -0,0 +1,2 @@
+APPNAME=wordpress
+DOCKER_REGISTRY=r.sectorq.eu/library/
\ No newline at end of file
diff --git a/__swarm/wordpress/docker-compose.yml b/__swarm/wordpress/docker-compose.yml
new file mode 100755
index 0000000..9a0a24a
--- /dev/null
+++ b/__swarm/wordpress/docker-compose.yml
@@ -0,0 +1,47 @@
+services:
+  db:
+    # We use a mariadb image which supports both amd64 & arm64 architecture
+    image: ${DOCKER_REGISTRY:-}mariadb:10.6.4-focal
+    # If you really want to use MySQL, uncomment the following line
+    #image: mysql:8.0.27
+    command: '--default-authentication-plugin=mysql_native_password'
+    volumes:
+      - db_data:/var/lib/mysql
+    restart: always
+    secrets:
+      - wordpress_db_password
+      - wordpress_root_db_password
+    environment:
+     # - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/wordpress_root_db_password
+      - MYSQL_ROOT_PASSWORD=wordpress
+      - MYSQL_DATABASE=wordpress
+      - MYSQL_USER=wordpress
+      - MYSQL_PASSWORD_FILE=/run/secrets/wordpress_db_password
+     #- MYSQL_PASSWORD=wordpress
+      - MYSQL_HOST=%
+    expose:
+      - 3306
+      - 33060
+  wordpress:
+    image: ${DOCKER_REGISTRY:-}wordpress:latest
+    volumes:
+      - wp_data:/var/www/html
+    ports:
+      - 8098:80
+    restart: always
+    secrets:
+      - wordpress_db_password
+    environment:
+      - WORDPRESS_DB_HOST=db
+      - WORDPRESS_DB_USER=wordpress
+      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/wordpress_db_password
+      #- WORDPRESS_DB_PASSWORD=wordpress
+      - WORDPRESS_DB_NAME=wordpress
+volumes:
+  db_data:
+  wp_data:
+secrets:
+  wordpress_db_password:
+    external: true
+  wordpress_root_db_password:
+    external: true  
\ No newline at end of file
diff --git a/__swarm/wordpress/stack.env b/__swarm/wordpress/stack.env
new file mode 100755
index 0000000..e69de29
diff --git a/__swarm/wud/.env b/__swarm/wud/.env
new file mode 100755
index 0000000..4b7c474
--- /dev/null
+++ b/__swarm/wud/.env
@@ -0,0 +1,3 @@
+RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
+APPNAME=wud
diff --git a/__swarm/wud/docker-compose.yml b/__swarm/wud/docker-compose.yml
new file mode 100755
index 0000000..e5dbb90
--- /dev/null
+++ b/__swarm/wud/docker-compose.yml
@@ -0,0 +1,33 @@
+services:
+  whatsupdocker:
+    container_name: wud
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}getwud/wud
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: wud
+      homepage.description: Docker container management
+      homepage.group: Infrastructure
+      homepage.href: https://wud.sectorq.eu
+      homepage.icon: /images/wud-logo.png
+      homepage.name: What's Up Docker
+      homepage.server: my-docker
+      homepage.weight: '1'
+      homepage.widget.password: l4c1j4yd33Du5lo
+      homepage.widget.type: whatsupdocker
+      homepage.widget.url: https://wud.sectorq.eu
+      homepage.widget.username: homepage
+      wud.watch: true
+      wud.watch.digest: true
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+    ports:
+    - 3008:3000
+    restart: ${RESTART:-unless-stopped}
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /share/docker_data/wud/data:/store
+    - /share/docker_data/wud/certs:/certs
diff --git a/__swarm/wud/stack.env b/__swarm/wud/stack.env
new file mode 100755
index 0000000..11829eb
--- /dev/null
+++ b/__swarm/wud/stack.env
@@ -0,0 +1,95 @@
+TZ=Europe/Bratislava
+WUD_REGISTRY_HUB_PUBLIC_LOGIN=jaydee77
+WUD_REGISTRY_HUB_PUBLIC_PASSWORD=dckr_pat_WUfjkuEEYYEFDI95myphANR7AUU
+
+WUD_REGISTRY_CUSTOM_JAYDEE_URL=https://r.sectorq.eu
+WUD_REGISTRY_CUSTOM_JAYDEE_LOGIN=jaydee
+WUD_REGISTRY_CUSTOM_JAYDEE_PASSWORD=l4c1j4yd33Du5lo
+#WUD_REGISTRY_CUSTOM_JAYDEE_AUTH="$2y$05$KM.AT7zX5BseO0HnXG4ds.a01XHLPBmrEFYt4ZjD.v6pUZw3xmCkq"
+
+# AUTHENTIK
+WUD_AUTH_OIDC_AUTHENTIK_CLIENTID=p8WUIAWMMx2mRdsnjZdkMl5XXerZQfZFo6ZadAvH
+WUD_AUTH_OIDC_AUTHENTIK_CLIENTSECRET=ApAQrTyl2qVIsxhHY1MYJkxCS5tHjQz2gKnmDTOgGALeVCxiN9upQP1h28VqqAaOtc6WEDsczhsk1hKFvit1WUe8mbk0BkGQc2Mnh0Hf2MRybXd1vDcTRWL6pqICywBs
+WUD_AUTH_OIDC_AUTHENTIK_DISCOVERY=https://auth.sectorq.eu/application/o/wud/.well-known/openid-configuration
+WUD_AUTH_OIDC_AUTHENTIK_REDIRECT=false
+WUD_AUTH_OIDC_AUTHENTIK_TIMEOUT=2000
+
+# BASIC
+WUD_AUTH_BASIC_JAYDEE_USER=homepage
+WUD_AUTH_BASIC_JAYDEE_HASH=$$apr1$$pGMz1QxU$$y6XuTscvGcYgas15JWlfg/
+# GOTIFY
+WUD_TRIGGER_GOTIFY_EXTERNAL_PRIORITY=0
+WUD_TRIGGER_GOTIFY_EXTERNAL_TOKEN="AFxvpm1JpPSsmkf"
+WUD_TRIGGER_GOTIFY_EXTERNAL_URL=https://gotify.sectorq.eu
+#WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=batch
+WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=simple
+WUD_TRIGGER_GOTIFY_EXTERNAL_ONCE=true
+
+# WUD_TRIGGER_GOTIFY_EXTERNAL2_PRIORITY=0
+# WUD_TRIGGER_GOTIFY_EXTERNAL2_TOKEN=AzAY1vUr1zLS9R6
+# WUD_TRIGGER_GOTIFY_EXTERNAL2_URL=https://gotify2.sectorq.eu
+# #WUD_TRIGGER_GOTIFY_EXTERNAL2_MODE=batch
+# WUD_TRIGGER_GOTIFY_EXTERNAL2_MODE=simple
+# WUD_TRIGGER_GOTIFY_EXTERNAL2_ONCE=true
+
+
+# NTFY
+#WUD_TRIGGER_NTFY_MSERVER_URL=https://ntfy.sectorq.eu
+#WUD_TRIGGER_NTFY_MSERVER_TOPIC=wud
+
+
+WUD_TRIGGER_DOCKER_MSERVER_PRUNE=true
+WUD_TRIGGER_DOCKER_RPI5_PRUNE=true
+WUD_TRIGGER_DOCKER_NAS_PRUNE=true
+WUD_TRIGGER_DOCKER_RACK_PRUNE=true
+# error info debug trace
+WUD_LOG_LEVEL=debug
+# text json
+WUD_LOG_FORMAT=text
+
+WUD_WATCHER_EXTDOCKER_HOST=193.168.144.164
+WUD_WATCHER_EXTDOCKER_PORT=2376
+WUD_WATCHER_EXTDOCKER_CERTFILE=/certs/ext/cert.pem
+WUD_WATCHER_EXTDOCKER_CAFILE=/certs/ext/ca.pem
+WUD_WATCHER_EXTDOCKER_KEYFILE=/certs/ext/key.pem
+WUD_WATCHER_EXTDOCKER_CRON=0 * * * *
+WUD_WATCHER_EXTDOCKER_WATCHALL=true
+WUD_WATCHER_EXTDOCKER_WATCHBYDEFAULT=true
+
+WUD_WATCHER_MSERVER_HOST=192.168.77.101
+WUD_WATCHER_MSERVER_PORT=2376
+WUD_WATCHER_MSERVER_CERTFILE=/certs/m-server/cert.pem
+WUD_WATCHER_MSERVER_CAFILE=/certs/m-server/ca.pem
+WUD_WATCHER_MSERVER_KEYFILE=/certs/m-server/key.pem
+WUD_WATCHER_MSERVER_CRON=0 * * * *
+WUD_WATCHER_MSERVER_WATCHALL=true
+WUD_WATCHER_MSERVER_WATCHBYDEFAULT=false
+
+WUD_WATCHER_RPI5_HOST=192.168.77.238
+WUD_WATCHER_RPI5_PORT=2376
+WUD_WATCHER_RPI5_CERTFILE=/certs/rpi5/cert.pem
+WUD_WATCHER_RPI5_CAFILE=/certs/rpi5/ca.pem
+WUD_WATCHER_RPI5_KEYFILE=/certs/rpi5/key.pem
+WUD_WATCHER_RPI5_CRON=0 * * * *
+WUD_WATCHER_RPI5_WATCHALL=true
+WUD_WATCHER_RPI5_WATCHBYDEFAULT=true
+
+WUD_WATCHER_NAS_HOST=192.168.77.106
+WUD_WATCHER_NAS_PORT=2376
+WUD_WATCHER_NAS_CERTFILE=/certs/nas/cert.pem
+WUD_WATCHER_NAS_CAFILE=/certs/nas/ca.pem
+WUD_WATCHER_NAS_KEYFILE=/certs/nas/key.pem
+WUD_WATCHER_NAS_CRON=0 * * * *
+WUD_WATCHER_NAS_WATCHALL=true
+WUD_WATCHER_NAS_WATCHBYDEFAULT=true
+
+WUD_WATCHER_RACK_HOST=192.168.77.55
+WUD_WATCHER_RACK_PORT=2376
+WUD_WATCHER_RACK_CERTFILE=/certs/rack/cert.pem
+WUD_WATCHER_RACK_CAFILE=/certs/rack/ca.pem
+WUD_WATCHER_RACK_KEYFILE=/certs/rack/key.pem
+WUD_WATCHER_RACK_CRON=0 * * * *
+WUD_WATCHER_RACK_WATCHALL=true
+WUD_WATCHER_RACK_WATCHBYDEFAULT=true
+
+WUD_SERVER_CORS_ENABLED=true
\ No newline at end of file
diff --git a/__swarm/zabbix-server/.env b/__swarm/zabbix-server/.env
new file mode 100755
index 0000000..b79a908
--- /dev/null
+++ b/__swarm/zabbix-server/.env
@@ -0,0 +1,2 @@
+APPNAME=zabbix
+#RESTART=always
\ No newline at end of file
diff --git a/__swarm/zabbix-server/docker-compose.yml b/__swarm/zabbix-server/docker-compose.yml
new file mode 100755
index 0000000..413f370
--- /dev/null
+++ b/__swarm/zabbix-server/docker-compose.yml
@@ -0,0 +1,98 @@
+networks:
+  zabbix:
+    driver: bridge
+    ipam:
+      config:
+      - subnet: 192.168.89.0/28
+      driver: default
+services:
+  db-server:
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}postgres:16-alpine
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+    networks:
+      zabbix:
+        ipv4_address: 192.168.89.4
+
+    ports:
+    - 5432:5432
+    restart: unless-stopped
+    volumes:
+    - /share/docker_data/zabbix-server/postgres-data:/var/lib/postgresql/data
+  zabbix-frontend:
+    depends_on:
+    - db-server
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-latest
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      zabbix:
+        ipv4_address: 192.168.89.3
+    ports:
+    - 8051:8080
+    - 4435:8443
+    restart: unless-stopped
+    volumes:
+    - /share/docker_data/zabbix-server/frontend/certs:/usr/share/zabbix/conf/certs
+  zabbix-server:
+    depends_on:
+    - db-server
+    env_file:
+    - stack.env
+    extends:
+      file: logging.yml
+      service: ${LOGGING:-syslog}
+    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest
+    volumes:
+      - /share/docker_data/zabbix-server/server/alertscripts:/usr/lib/zabbix/alertscripts
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      homepage.container: zabbix-server-zabbix-server-1
+      homepage.description: Monitoring server
+      homepage.group: Utilities
+      homepage.href: https://${APPNAME}.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Zabbix Server
+      homepage.server: my-docker
+      homepage.weight: '90'
+      homepage.widget.key: 431bda3fbb45a9d603c1b74d57c3a61df1e07124c5c7119cb6379194d5555822
+      homepage.widget.type: ${APPNAME}
+      homepage.widget.url: https://${APPNAME}.sectorq.eu
+      wud.watch: true
+      wud.watch.digest: true
+    networks:
+      zabbix:
+        ipv4_address: 192.168.89.2
+    ports:
+    - 10051:10051
+    restart: unless-stopped
+  webdriver:
+    ports:
+      - 4444:4444
+      - 7900:7900
+    shm_size: "2g"
+    restart: always
+    image: ${DOCKER_REGISTRY:-}docker.io/selenium/standalone-chrome:latest
+    labels:
+      wud.watch: true
+      wud.watch.digest: true
+  postinstall:
+    image: debian:12-slim
+    depends_on:
+      zabbix-server:
+        condition: service_started
+    environment:
+      - PUID=0
+      - PGID=0
+    volumes:
+      - /usr/bin:/usr/bin              # mount whole directory
+      - /usr/lib:/usr/lib   
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/docker_data/zabbix-server/scripts:/scripts
+    entrypoint: ["/bin/sh", "/scripts/install-curl.sh"]
\ No newline at end of file
diff --git a/__swarm/zabbix-server/logging.yml b/__swarm/zabbix-server/logging.yml
new file mode 100755
index 0000000..4984601
--- /dev/null
+++ b/__swarm/zabbix-server/logging.yml
@@ -0,0 +1,14 @@
+---
+services:
+  syslog:
+    logging:
+      driver: syslog
+      options:
+        tag: zabbix-server
+
+  loki:
+    logging:
+      driver: loki
+      options:
+        loki-url: "http://192.168.77.101:3100/loki/api/v1/push"
+
diff --git a/__swarm/zabbix-server/stack.env b/__swarm/zabbix-server/stack.env
new file mode 100755
index 0000000..ce63c80
--- /dev/null
+++ b/__swarm/zabbix-server/stack.env
@@ -0,0 +1,131 @@
+# Zabbix global
+# ZBX_DEBUGLEVEL=3
+
+# Database
+MYSQL_PASSWORD=zabbix
+MYSQL_USER=zabbix
+MYSQL_ROOT_PASSWORD=rootpwd
+
+POSTGRES_PASSWORD=zabbix
+POSTGRES_USER=zabbix
+POSTGRES_DB=zabbix
+
+# Zabbix server
+# all env variables https://hub.docker.com/r/zabbix/zabbix-server-mysql
+DB_SERVER_HOST=db-server
+ZBX_SERVER_HOST=zabbix-server
+ZBX_SERVER_VERSION=7.4
+# Zabbix frontend
+# all env variable https://hub.docker.com/r/zabbix/zabbix-web-nginx-mysql
+ZBX_SSO_SP_KEY=/usr/share/zabbix/conf/certs/sp.key
+ZBX_SSO_SP_CERT=/usr/share/zabbix/conf/certs/sp.crt
+ZBX_SSO_IDP_CERT=/usr/share/zabbix/conf/certs/idp.crt
+ZBX_SSO_SETTINGS={"strict":false, "baseurl":"https://zabbix.sectorq.eu/", "use_proxy_headers":true, "security":{"requestedAuthnContext":"false"}}
+### Zabbix agent ###
+# all env variable https://hub.docker.com/r/zabbix/zabbix-agent2
+ZBX_AGENT_VERSION=7.0
+ZBX_WEBSERVICEURL=https://zabbix.sectorq.eu
+ZBX_NODEADDRESS=zabbix-server
+ZBX_NODEADDRESSPORT=10051
+ZBX_STARTVMWARECOLLECTORS=2
+ZBX_STARTCONNECTORS=1
+
+
+
+# ZBX_ALLOWUNSUPPORTEDDBVERSIONS=0 # Available since 6.0.0
+# ZBX_DBTLSCONNECT= # Available since 5.0.0
+# ZBX_DBTLSCAFILE= # Available since 5.0.0
+# ZBX_DBTLSCERTFILE= # Available since 5.0.0
+# ZBX_DBTLSKEYFILE= # Available since 5.0.0
+# ZBX_DBTLSCIPHER= # Available since 5.0.0
+# ZBX_DBTLSCIPHER13= # Available since 5.0.0
+# ZBX_VAULTDBPATH= # Available since 5.2.0
+# ZBX_VAULTPREFIX= # Available since 7.0.0
+# ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
+# VAULT_TOKEN= # Available since 5.2.0
+# ZBX_LISTENIP=
+# ZBX_LISTENPORT=10051
+# ZBX_LISTENBACKLOG=
+# ZBX_STARTREPORTWRITERS=0 # Available since 5.4.0
+# ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report # Available since 5.4.0
+# ZBX_SERVICEMANAGERSYNCFREQUENCY=60 # Available since 6.0.0
+# ZBX_HISTORYSTORAGEURL= # Available since 3.4.0
+# ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.0
+# ZBX_ENABLEGLOBALSCRIPTS=0 # Available since 7.0.0
+# ZBX_STARTPOLLERS=5
+# ZBX_STARTIPMIPOLLERS=0
+# ZBX_STARTCONNECTORS=0 # Available since 6.4.0
+# ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0
+# ZBX_STARTPOLLERSUNREACHABLE=1
+# ZBX_STARTTRAPPERS=5
+# ZBX_STARTPINGERS=1
+# ZBX_STARTDISCOVERERS=1
+# ZBX_STARTHISTORYPOLLERS=5 # Available since 5.4.0
+# ZBX_STARTHTTPPOLLERS=1
+# ZBX_STARTODBCPOLLERS=1 # Available since 6.0.0
+# ZBX_STARTTIMERS=1
+# ZBX_STARTESCALATORS=1
+# ZBX_STARTALERTERS=3 # Available since 3.4.0
+# ZBX_JAVAGATEWAY=zabbix-java-gateway
+# ZBX_JAVAGATEWAYPORT=10052
+# ZBX_STARTJAVAPOLLERS=5
+# ZBX_STARTLLDPROCESSORS=2 # Available since 4.2.0
+# ZBX_STATSALLOWEDIP= # Available since 4.0.5
+# ZBX_STARTVMWARECOLLECTORS=0
+# ZBX_VMWAREFREQUENCY=60
+# ZBX_VMWAREPERFFREQUENCY=60
+# ZBX_VMWARECACHESIZE=8M
+# ZBX_VMWARETIMEOUT=10
+# ZBX_ENABLE_SNMP_TRAPS=false
+# ZBX_SOURCEIP=
+# ZBX_SMSDEVICES=
+# ZBX_HOUSEKEEPINGFREQUENCY=1
+# ZBX_MAXHOUSEKEEPERDELETE=5000
+# ZBX_PROBLEMHOUSEKEEPINGFREQUENCY=60 # Available since 6.0.0
+# ZBX_SENDERFREQUENCY=30 # Depcrecated since 3.4.0
+ZBX_CACHESIZE=64M
+# ZBX_CACHEUPDATEFREQUENCY=10
+# ZBX_STARTDBSYNCERS=4
+# ZBX_EXPORTFILESIZE=1G # Available since 4.0.0
+# ZBX_EXPORTTYPE= # Available since 5.0.10 and 5.2.6
+# ZBX_AUTOHANODENAME=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
+# ZBX_HANODENAME= # Available since 6.0.0
+# ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
+# ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0
+# ZBX_NODEADDRESS=localhost # Available since 6.0.0
+# ZBX_HISTORYCACHESIZE=16M
+# ZBX_HISTORYINDEXCACHESIZE=4M
+# ZBX_HISTORYSTORAGEDATEINDEX=0 # Available since 4.0.0
+# ZBX_TRENDCACHESIZE=4M
+# ZBX_TRENDFUNCTIONCACHESIZE=4M
+# ZBX_VALUECACHESIZE=8M
+# ZBX_TRAPPERTIMEOUT=300
+# ZBX_UNREACHABLEPERIOD=45
+# ZBX_UNAVAILABLEDELAY=60
+# ZBX_UNREACHABLEDELAY=15
+# ZBX_LOGSLOWQUERIES=3000
+# ZBX_STARTPROXYPOLLERS=1
+# ZBX_PROXYCONFIGFREQUENCY=10
+# ZBX_PROXYDATAFREQUENCY=1
+# ZBX_TLSLISTEN= # Available since 7.4.0
+# ZBX_TLSCAFILE=
+# ZBX_TLSCA=
+# ZBX_TLSCRLFILE=
+# ZBX_TLSCRL=
+# ZBX_TLSCERTFILE=
+# ZBX_TLSCERT=
+# ZBX_TLSKEYFILE=
+# ZBX_TLSKEY=
+# ZBX_TLSCIPHERALL= # Available since 4.4.7
+# ZBX_TLSCIPHERALL13= # Available since 4.4.7
+# ZBX_TLSCIPHERCERT= # Available since 4.4.7
+# ZBX_TLSCIPHERCERT13= # Available since 4.4.7
+# ZBX_TLSCIPHERPSK= # Available since 4.4.7
+# ZBX_TLSCIPHERPSK13= # Available since 4.4.7
+# ZBX_TLS_FRONTENDACCEPT= # Available since 7.4.0
+# ZBX_FRONTENDALLOWEDIP= # Available since 7.4.0
+# ZBX_TLSFRONTENDCERTISSUER= # Available since 7.4.0
+# ZBX_TLSFRONTENDCERTSUBJECT= # Available since 7.4.0
+ZBX_WEBDRIVERURL=192.168.77.101:4444 # Available since 7.0.0
+ZBX_STARTBROWSERPOLLERS=5 # Available since 7.0.0
+# ZBX_STARTSNMPPOLLERS=1 # Available since 7.0.0
\ No newline at end of file
diff --git a/__swarm/zabbix-server/webscenario.js b/__swarm/zabbix-server/webscenario.js
new file mode 100644
index 0000000..d767abc
--- /dev/null
+++ b/__swarm/zabbix-server/webscenario.js
@@ -0,0 +1,27 @@
+var browser, result;
+ var opts = Browser.chromeOptions();
+ opts.capabilities.alwaysMatch['goog:chromeOptions'].args = []
+ browser = new Browser(opts);
+ browser.setScreenSize(Number(1980), Number(1020));
+ 
+ screens = [];
+ const screenshot = '';
+ const res_value = '';
+ try {
+    var params = JSON.parse(value); // Parse the JSON string containing parameters passed from Zabbix.
+    browser.navigate(params.url);
+    browser.collectPerfEntries();
+    result = browser.getResult();
+    //result.screenshot = browser.getScreenshot();
+    return JSON.stringify(result);
+ }
+ catch (err) {
+ if (!(err instanceof BrowserError)) {
+ browser.setError(err.message);
+ }
+
+browser.collectPerfEntries();
+result = browser.getResult();
+//result.screenshot = browser.getScreenshot();
+ return JSON.stringify(result);
+ }
diff --git a/__swarm/zabbix/.gitkeep b/__swarm/zabbix/.gitkeep
new file mode 100755
index 0000000..e69de29
diff --git a/__swarm/zabbix/docker-compose.yaml b/__swarm/zabbix/docker-compose.yaml
new file mode 100755
index 0000000..bce60b0
--- /dev/null
+++ b/__swarm/zabbix/docker-compose.yaml
@@ -0,0 +1,503 @@
+version: '3.5'
+services:
+ zabbix-server:
+  image: zabbix/zabbix-server-mysql:ubuntu-6.4-latest
+  ports:
+   - "10051:10051"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+#   - dbsocket:/var/run/mysqld/
+   - /share/docker_data/zabbix/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
+   - /share/docker_data/zabbix/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/export:/var/lib/zabbix/export:rw
+   - /share/docker_data/zabbix/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+   - /share/docker_data/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
+  ulimits:
+   nproc: 65535
+   nofile:
+    soft: 20000
+    hard: 40000
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 1G
+    reservations:
+      cpus: '0.5'
+      memory: 512M
+  env_file:
+   - /data/zabbix/.env_db_mysql
+   - /data/zabbix/.env_srv
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+   - MYSQL_ROOT_USER
+   - MYSQL_ROOT_PASSWORD
+#   - client-key.pem
+#   - client-cert.pem
+#   - root-ca.pem
+  depends_on:
+   - mysql-server
+  networks:
+   zbx_net_backend:
+     aliases:
+      - zabbix-server
+      - zabbix-server-mysql
+      - zabbix-server-ubuntu-mysql
+      - zabbix-server-mysql-ubuntu
+   zbx_net_frontend:
+#  devices:
+#   - "/dev/ttyUSB0:/dev/ttyUSB0"
+  stop_grace_period: 30s
+  sysctls:
+   - net.ipv4.ip_local_port_range=1024 65000
+   - net.ipv4.conf.all.accept_redirects=0
+   - net.ipv4.conf.all.secure_redirects=0
+   - net.ipv4.conf.all.send_redirects=0
+  labels:
+   com.zabbix.description: "Zabbix server with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-server"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-proxy-sqlite3:
+  image: zabbix/zabbix-proxy-sqlite3:ubuntu-6.4-latest
+  profiles:
+   - all
+  ports:
+   - "10061:10051"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - /share/docker_data/zabbix/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+   - /share/docker_data/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
+  ulimits:
+   nproc: 65535
+   nofile:
+    soft: 20000
+    hard: 40000
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.3'
+      memory: 256M
+  env_file:
+   - /data/zabbix/.env_prx
+   - /data/zabbix/.env_prx_sqlite3
+  depends_on:
+   - zabbix-java-gateway
+   - zabbix-snmptraps
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-proxy-sqlite3
+     - zabbix-proxy-ubuntu-sqlite3
+     - zabbix-proxy-sqlite3-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 30s
+  labels:
+   com.zabbix.description: "Zabbix proxy with SQLite3 database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-proxy"
+   com.zabbix.dbtype: "sqlite3"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-proxy-mysql:
+  image: zabbix/zabbix-proxy-mysql:ubuntu-6.4-latest
+  profiles:
+   - all
+  ports:
+   - "10071:10051"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+#   - dbsocket:/var/run/mysqld/
+   - /share/docker_data/zabbix/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+   - /share/docker_data/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
+  ulimits:
+   nproc: 65535
+   nofile:
+    soft: 20000
+    hard: 40000
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.3'
+      memory: 256M
+  env_file:
+   - /data/zabbix/.env_db_mysql_proxy
+   - /data/zabbix/.env_prx
+   - /data/zabbix/.env_prx_mysql
+  depends_on:
+   - mysql-server
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+   - MYSQL_ROOT_USER
+   - MYSQL_ROOT_PASSWORD
+#   - client-key.pem
+#   - client-cert.pem
+#   - root-ca.pem
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-proxy-mysql
+     - zabbix-proxy-ubuntu-mysql
+     - zabbix-proxy-mysql-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 30s
+  labels:
+   com.zabbix.description: "Zabbix proxy with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-proxy"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-web-apache-mysql:
+  image: zabbix/zabbix-web-apache-mysql:ubuntu-6.4-latest
+  profiles:
+   - all
+  ports:
+   - "8081:8080"
+   - "8443:8443"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+#   - dbsocket:/var/run/mysqld/
+   - /share/docker_data/zabbix/etc/ssl/apache2:/etc/ssl/apache2:ro
+   - /share/docker_data/zabbix/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.5'
+      memory: 256M
+  env_file:
+   - /data/zabbix/.env_db_mysql
+   - /data/zabbix/.env_web
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+#   - client-key.pem
+#   - client-cert.pem
+#   - root-ca.pem
+  depends_on:
+   - mysql-server
+   - zabbix-server
+  healthcheck:
+   test: ["CMD", "curl", "-f", "http://localhost:8080/"]
+   interval: 10s
+   timeout: 5s
+   retries: 3
+   start_period: 30s
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-web-apache-mysql
+     - zabbix-web-apache-ubuntu-mysql
+     - zabbix-web-apache-mysql-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 10s
+  sysctls:
+   - net.core.somaxconn=65535
+  labels:
+   com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-frontend"
+   com.zabbix.webserver: "apache2"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-web-nginx-mysql:
+  image: zabbix/zabbix-web-nginx-mysql:ubuntu-6.4-latest
+  ports:
+   - "80:8080"
+   - "443:8443"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+#   - dbsocket:/var/run/mysqld/
+   - /share/docker_data/zabbix/etc/ssl/nginx:/etc/ssl/nginx:ro
+   - /share/docker_data/zabbix/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.5'
+      memory: 256M
+  env_file:
+   - /data/zabbix/.env_db_mysql
+   - /data/zabbix/.env_web
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+#   - client-key.pem
+#   - client-cert.pem
+#   - root-ca.pem
+  depends_on:
+   - mysql-server
+   - zabbix-server
+  healthcheck:
+   test: ["CMD", "curl", "-f", "http://localhost:8080/ping"]
+   interval: 10s
+   timeout: 5s
+   retries: 3
+   start_period: 30s
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-web-nginx-mysql
+     - zabbix-web-nginx-ubuntu-mysql
+     - zabbix-web-nginx-mysql-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 10s
+  sysctls:
+   - net.core.somaxconn=65535
+  labels:
+   com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-frontend"
+   com.zabbix.webserver: "nginx"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-agent:
+  image: zabbix/zabbix-agent:ubuntu-6.4-latest
+  profiles:
+   - full
+   - all
+  ports:
+   - "10050:10050"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - /share/docker_data/zabbix/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - /share/docker_data/zabbix/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+  deploy:
+   resources:
+    limits:
+      cpus: '0.2'
+      memory: 128M
+    reservations:
+      cpus: '0.1'
+      memory: 64M
+   mode: global
+  env_file:
+   - /data/zabbix/.env_agent
+  privileged: true
+  pid: "host"
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-agent
+     - zabbix-agent-passive
+     - zabbix-agent-ubuntu
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix agent"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-agentd"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-java-gateway:
+  image: zabbix/zabbix-java-gateway:ubuntu-6.4-latest
+  profiles:
+   - full
+   - all
+  ports:
+   - "10052:10052"
+  deploy:
+   resources:
+    limits:
+      cpus: '0.5'
+      memory: 512M
+    reservations:
+      cpus: '0.25'
+      memory: 256M
+  env_file:
+   - /data/zabbix/.env_java
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-java-gateway
+     - zabbix-java-gateway-ubuntu
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix Java Gateway"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "java-gateway"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-snmptraps:
+  image: zabbix/zabbix-snmptraps:ubuntu-6.4-latest
+  profiles:
+   - full
+   - all
+  ports:
+   - "162:1162/udp"
+  volumes:
+   - /share/docker_data/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw
+  deploy:
+   resources:
+    limits:
+      cpus: '0.5'
+      memory: 256M
+    reservations:
+      cpus: '0.25'
+      memory: 128M
+  networks:
+   zbx_net_frontend:
+    aliases:
+     - zabbix-snmptraps
+   zbx_net_backend:
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix snmptraps"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "snmptraps"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-web-service:
+  image: zabbix/zabbix-web-service:ubuntu-6.4-latest
+  profiles:
+   - full
+   - all
+  ports:
+   - "10053:10053"
+  volumes:
+   - /share/docker_data/zabbix/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+  security_opt:
+   - seccomp:/data/zabbix/chrome_dp.json
+  deploy:
+   resources:
+    limits:
+      cpus: '0.5'
+      memory: 512M
+    reservations:
+      cpus: '0.25'
+      memory: 256M
+  env_file:
+   - /data/zabbix/.env_web_service
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-web-service
+     - zabbix-web-service-ubuntu
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix web service"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "web-service"
+   com.zabbix.os: "ubuntu"
+
+ mysql-server:
+  image: mysql:8.0-oracle
+  command:
+   - mysqld
+   - --character-set-server=utf8mb4
+   - --collation-server=utf8mb4_bin
+   - --default-authentication-plugin=mysql_native_password
+#   - --require-secure-transport
+#   - --ssl-ca=/run/secrets/root-ca.pem
+#   - --ssl-cert=/run/secrets/server-cert.pem
+#   - --ssl-key=/run/secrets/server-key.pem
+  volumes:
+   - /share/docker_data/zabbix/var/lib/mysql:/var/lib/mysql:rw
+#   - dbsocket:/var/run/mysqld/
+  env_file:
+   - /data/zabbix/.env_db_mysql
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+   - MYSQL_ROOT_PASSWORD
+#   - server-key.pem
+#   - server-cert.pem
+#   - root-ca.pem
+  stop_grace_period: 1m
+  networks:
+   zbx_net_backend:
+    aliases:
+     - mysql-server
+     - zabbix-database
+     - mysql-database
+
+ db_data_mysql:
+  image: busybox
+  volumes:
+   - /share/docker_data/zabbix/var/lib/mysql:/var/lib/mysql:rw
+
+# elasticsearch:
+#  image: elasticsearch
+#  profiles:
+#   - full
+#   - all
+#  environment:
+#   - transport.host=0.0.0.0
+#   - discovery.zen.minimum_master_nodes=1
+#  networks:
+#   zbx_net_backend:
+#    aliases:
+#     - elasticsearch
+
+networks:
+  zbx_net_frontend:
+    driver: bridge
+    driver_opts:
+      com.docker.network.enable_ipv6: "false"
+    ipam:
+      driver: default
+      config:
+      - subnet: 172.16.238.0/24
+  zbx_net_backend:
+    driver: bridge
+    driver_opts:
+      com.docker.network.enable_ipv6: "false"
+    internal: true
+    ipam:
+      driver: default
+      config:
+      - subnet: 172.16.239.0/24
+
+volumes:
+  snmptraps:
+#  dbsocket:
+
+secrets:
+  MYSQL_USER:
+    file: /data/zabbix/.MYSQL_USER
+  MYSQL_PASSWORD:
+    file: /data/zabbix/.MYSQL_PASSWORD
+  MYSQL_ROOT_USER:
+    file: /data/zabbix/.MYSQL_ROOT_USER
+  MYSQL_ROOT_PASSWORD:
+    file: /data/zabbix/.MYSQL_ROOT_PASSWORD
+#  client-key.pem:
+#    file: ./env_vars/.ZBX_DB_KEY_FILE
+#  client-cert.pem:
+#    file: ./env_vars/.ZBX_DB_CERT_FILE
+#  root-ca.pem:
+#    file: ./env_vars/.ZBX_DB_CA_FILE
+#  server-cert.pem:
+#    file: ./env_vars/.DB_CERT_FILE
+#  server-key.pem:
+#    file: ./env_vars/.DB_KEY_FILE
diff --git a/converted.yml b/converted.yml
new file mode 100644
index 0000000..d1ad0ce
--- /dev/null
+++ b/converted.yml
@@ -0,0 +1,148 @@
+version: '3.9'
+services:
+  authentik_ldap:
+    environment:
+      AUTHENTIK_HOST: https://auth.sectorq.eu
+      AUTHENTIK_INSECURE: 'false'
+      AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
+    ports:
+    - 2389:3389
+    - 2636:6636
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  postgresql:
+    environment:
+      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
+      POSTGRES_DB: ${PG_DB:-authentik}
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      TZ: Europe/Bratislava
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+      - CMD-SHELL
+      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 5s
+    image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
+    volumes:
+    - /share/docker_data/authentik/database:/var/lib/postgresql/data
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        wud.watch: false
+      placement:
+        constraints:
+        - node.role == manager
+  redis:
+    command: --save 60 1 --loglevel warning
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+      - CMD-SHELL
+      - redis-cli ping | grep PONG
+      timeout: 3s
+    image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine
+    volumes:
+    - redis:/data
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  server:
+    command: server
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
+    ports:
+    - ${COMPOSE_PORT_HTTP:-9003}:9000
+    - ${COMPOSE_PORT_HTTPS:-9453}:9443
+    volumes:
+    - /share/docker_data/authentik/media:/media
+    - /share/docker_data/authentik/custom-templates:/templates
+    - /var/run/docker.sock:/var/run/docker.sock
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        homepage.container: authentik-server-1
+        homepage.description: Authentification server
+        homepage.group: Utilities
+        homepage.href: https://auth.sectorq.eu
+        homepage.icon: authentik.png
+        homepage.name: Authentik
+        homepage.server: my-docker
+        homepage.weight: '10'
+        homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
+        homepage.widget.type: authentik
+        homepage.widget.url: https://auth.sectorq.eu
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+  worker:
+    command: worker
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
+    user: root
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /share/docker_data/authentik/media:/media
+    - /share/docker_data/authentik/certs:/certs
+    - /share/docker_data/authentik/custom-templates:/templates
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+      labels:
+        wud.watch: true
+        wud.watch.digest: true
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local
diff --git a/paperless-ngx/docker-compose.yml b/paperless-ngx/docker-compose.yml
index 6d2be2e..75389a1 100755
--- a/paperless-ngx/docker-compose.yml
+++ b/paperless-ngx/docker-compose.yml
@@ -42,7 +42,7 @@ services:
             }
           }
     labels:
-      homepage.container: paperless-webserver-1
+      homepage.container: paperless-ngx_webserver
       homepage.description: PDF server
       homepage.group: Utils
       homepage.href: https://paperless.sectorq.eu
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..c3726e8
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1 @@
+pyyaml
diff --git a/yaml_convert.py b/yaml_convert.py
new file mode 100644
index 0000000..81a0582
--- /dev/null
+++ b/yaml_convert.py
@@ -0,0 +1,106 @@
+import yaml
+import sys
+import copy
+
+def default_deploy():
+    return {
+        "mode": "replicated",
+        "replicas": 1,
+        "restart_policy": {"condition": "any"},
+        "labels": {},
+        "placement": {
+            "constraints": [
+                "node.role == manager"
+            ]
+        }
+    }
+
+
+def convert_service(service):
+    swarm_service = {}
+
+    # Create a fresh deploy section each time (avoids YAML anchors)
+    deploy_section = default_deploy()
+
+    for key, value in service.items():
+
+        # Unsupported in Swarm
+        if key in ["container_name", "restart", "depends_on"]:
+            continue
+
+        # Move labels → deploy.labels
+        if key == "labels":
+            if isinstance(value, dict):
+                deploy_section["labels"].update(value)
+            elif isinstance(value, list):
+                for item in value:
+                    if "=" in item:
+                        k, v = item.split("=", 1)
+                        deploy_section["labels"][k] = v
+            continue
+
+        swarm_service[key] = value
+
+    # Merge user deploy section if present
+    if "deploy" in service:
+        user_deploy = service["deploy"]
+
+        # merge deploy.labels
+        if "labels" in user_deploy:
+            labels = user_deploy["labels"]
+            if isinstance(labels, dict):
+                deploy_section["labels"].update(labels)
+            elif isinstance(labels, list):
+                for item in labels:
+                    if "=" in item:
+                        k, v = item.split("=", 1)
+                        deploy_section["labels"][k] = v
+
+        # merge placement constraints
+        if "placement" in user_deploy:
+            if "constraints" in user_deploy["placement"]:
+                deploy_section["placement"]["constraints"].extend(
+                    user_deploy["placement"]["constraints"]
+                )
+
+        # merge other keys
+        for dk, dv in user_deploy.items():
+            if dk not in ["labels", "placement"]:
+                deploy_section[dk] = copy.deepcopy(dv)
+
+    swarm_service["deploy"] = deploy_section
+    return swarm_service
+
+
+def convert_compose_to_swarm(app):
+    output_file = "__swarm/" + app + "/" + app + "-swarm.yml"
+    input_file = app + "/docker-compose.yml"
+    with open(input_file, "r") as f:
+        compose = yaml.safe_load(f)
+
+    swarm = {"version": "3.9", "services": {}}
+
+    for name, service in compose.get("services", {}).items():
+        swarm["services"][name] = convert_service(service)
+
+    for section in ["networks", "volumes", "configs", "secrets"]:
+        if section in compose:
+            swarm[section] = compose[section]
+
+    # Prevent PyYAML from creating anchors
+    class NoAliasDumper(yaml.SafeDumper):
+        def ignore_aliases(self, data):
+            return True
+
+    with open(output_file, "w") as f:
+        yaml.dump(swarm, f, sort_keys=False, Dumper=NoAliasDumper)
+
+    print(f"✔ Swarm file written to: {output_file}")
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("Usage: python convert_to_swarm.py app_name")
+        sys.exit(1)
+
+    convert_compose_to_swarm(sys.argv[1])
\ No newline at end of file