build

2025-12-14 10:24:53 +01:00 · 2025-12-14 10:22:19 +01:00 · 2025-12-14 10:08:30 +01:00 · 2025-12-14 10:05:40 +01:00 · 2025-12-14 02:06:26 +01:00 · 2025-12-14 02:05:47 +01:00
78 changed files with 2680 additions and 544 deletions
--- a/__swarm/authentik/authentik-swarm.yml
+++ b/__swarm/authentik/authentik-swarm.yml
@@ -1,4 +1,3 @@
-version: '3.9'
 services:
  authentik_ldap:
    environment:
@@ -8,16 +7,19 @@ services:
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
    ports:
-    - 2389:3389
-    - 2636:6636
+    - target: 3389
+      published: 2389
+      protocol: tcp
+      mode: ingress
+    - target: 6636
+      published: 2636
+      protocol: tcp
+      mode: ingress
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        wud.watch: true
-        wud.watch.digest: true
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -38,14 +40,11 @@ services:
      timeout: 5s
    image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
    volumes:
-    - /share/docker_data/authentik/database:/var/lib/postgresql/data
+    - database:/var/lib/postgresql/data
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        wud.watch: false
+        wud.watch: 'false'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -63,13 +62,10 @@ services:
    volumes:
    - redis:/data
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        wud.watch: true
-        wud.watch.digest: true
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -85,31 +81,34 @@ services:
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
    ports:
-    - ${COMPOSE_PORT_HTTP:-9003}:9000
-    - ${COMPOSE_PORT_HTTPS:-9453}:9443
+    - target: 9000
+      published: 9003
+      protocol: tcp
+      mode: ingress
+    - target: 9443
+      published: 9453
+      protocol: tcp
+      mode: ingress
    volumes:
-    - /share/docker_data/authentik/media:/media
-    - /share/docker_data/authentik/custom-templates:/templates
+    - media:/media
+    - custom-templates:/templates
    - /var/run/docker.sock:/var/run/docker.sock
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        homepage.container: authentik-server-1
+        homepage.container: authentik_server
        homepage.description: Authentification server
        homepage.group: Utilities
        homepage.href: https://auth.sectorq.eu
        homepage.icon: authentik.png
        homepage.name: Authentik
-        homepage.server: my-docker
+        homepage.server: my-docker-swarm
        homepage.weight: '10'
        homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
        homepage.widget.type: authentik
        homepage.widget.url: https://auth.sectorq.eu
-        wud.watch: true
-        wud.watch.digest: true
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -127,17 +126,14 @@ services:
    user: root
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
-    - /share/docker_data/authentik/media:/media
-    - /share/docker_data/authentik/certs:/certs
-    - /share/docker_data/authentik/custom-templates:/templates
+    - media:/media
+    - certs:/certs
+    - custom-templates:/templates
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        wud.watch: true
-        wud.watch.digest: true
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -146,3 +142,9 @@ volumes:
    driver: local
  redis:
    driver: local
+  custom-templates:
+    driver: local
+  media:
+    driver: local
+  certs:
+    driver: local
--- a/__swarm/authentik/docker-compose.yml
+++ b/__swarm/authentik/docker-compose.yml
@@ -33,7 +33,7 @@ services:
      wud.watch: false
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/authentik/database:/var/lib/postgresql/data
+    - database:/var/lib/postgresql/data
  redis:
    command: --save 60 1 --loglevel warning
    healthcheck:
@@ -50,7 +50,7 @@ services:
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - redis:/data
+    - authentik_redis:/data
  server:
    command: server
    depends_on:
@@ -80,12 +80,12 @@ services:
      wud.watch: true
      wud.watch.digest: true
    ports:
-    - ${COMPOSE_PORT_HTTP:-9003}:9000
-    - ${COMPOSE_PORT_HTTPS:-9453}:9443
+    - 9003:9000
+    - 9453:9443
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/authentik/media:/media
-    - /share/docker_data/authentik/custom-templates:/templates
+    - media:/media
+    - templates:/templates
    - /var/run/docker.sock:/var/run/docker.sock
  worker:
    command: worker
@@ -108,12 +108,18 @@ services:
    user: root
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
-    - /share/docker_data/authentik/media:/media
-    - /share/docker_data/authentik/certs:/certs
-    - /share/docker_data/authentik/custom-templates:/templates
+    - media:/media
+    - certs:/certs
+    - custom-templates:/templates

 volumes:
  database:
    driver: local
  redis:
    driver: local
+  custom-templates:
+    driver: local
+  media:
+    driver: local
+  certs:
+    driver: local
--- a/__swarm/authentik/stack.env
+++ b/__swarm/authentik/stack.env
@@ -3,7 +3,7 @@ PG_USER=authentik
 PG_DB=authentik
 AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
-AUTHENTIK_TAG=2025.8.4
+AUTHENTIK_TAG=2025.10.2
 POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 POSTGRES_USER=authentik
 POSTGRES_DB=authentik
--- a/__swarm/bitwarden/bitwarden-swarm.yml
+++ b/__swarm/bitwarden/bitwarden-swarm.yml
@@ -1,3 +1,6 @@
+volumes:
+  data:
+    driver: local
 services:
  bitwarden:
    environment:
@@ -19,17 +22,17 @@ services:
      mode: ingress
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/bitwarden/bw-data:/data
+    - data:/data
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
-        homepage.container: vaultwarden
+        homepage.container: bitwarden_bitwarden
        homepage.description: Password manager
        homepage.group: Utilities
        homepage.href: https://pw.sectorq.eu
        homepage.icon: bitwarden.png
        homepage.name: Bitwarden
-        homepage.server: my-docker
+        homepage.server: my-docker-swarm
        homepage.weight: '1'
        wud.watch: 'true'
        wud.watch.digest: 'true'
--- a/__swarm/bitwarden/docker-compose.yml
+++ b/__swarm/bitwarden/docker-compose.yml
@@ -29,4 +29,7 @@ services:
    - 8181:80
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/bitwarden/bw-data:/data
+    - data:/data
+volumes:
+  data:
+    driver: local
--- a/__swarm/bookstack/bookstack-swarm.yml
+++ b/__swarm/bookstack/bookstack-swarm.yml
@@ -1,30 +1,35 @@
-version: '3.9'
+volumes:
+  app_data:
+    driver: local
+  db_data:
+    driver: local
+
 services:
  app:
    env_file:
    - stack.env
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
    ports:
-    - 6875:80
+    - target: 80
+      published: 6875
+      protocol: tcp
+      mode: ingress
    volumes:
-    - /share/docker_data/bookstack/bookstack_app_data:/config
+    - app_data:/config
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
-        homepage.container: bookstack-app-1
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: bookstack_app
        homepage.description: Books
        homepage.group: Utilities
        homepage.href: https://bookstack.sectorq.eu
        homepage.icon: bookstack.png
        homepage.name: Bookstack
        homepage.server: my-docker-swarm
-        homepage.weight: 1
-        wud.watch: true
-        wud.watch.digest: true
+        homepage.weight: '1'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -36,15 +41,12 @@ services:
      PUID: 0
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
    volumes:
-    - /share/docker_data/bookstack/bookstack_db_data:/config
+    - db_data:/config
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        wud.watch: true
-        wud.watch.digest: true
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
--- a/__swarm/bookstack/stack.env
+++ b/__swarm/bookstack/stack.env
@@ -1,16 +1,16 @@
-PUID: 1000
-PGID: 1000
-APP_URL: https://bookstack.sectorq.eu
-DB_HOST: db
-DB_PORT: 3306
-DB_USER: bookstack
-DB_PASS: l4c1j4yd33Du5lo
-DB_DATABASE: bookstackapp
-MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
-TZ: Europe/Bratislava
-MYSQL_DATABASE: bookstackapp
-MYSQL_USER: bookstack
-MYSQL_PASSWORD: l4c1j4yd33Du5lo
+PUID=1000
+PGID=1000
+APP_URL=https://bookstack.sectorq.eu
+DB_HOST=db
+DB_PORT=3306
+DB_USER=bookstack
+DB_PASS=l4c1j4yd33Du5lo
+DB_DATABASE=bookstackapp
+MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
+TZ=Europe/Bratislava
+MYSQL_DATABASE=bookstackapp
+MYSQL_USER=bookstack
+MYSQL_PASSWORD=l4c1j4yd33Du5lo
 # # Set authentication method to be saml2
 # AUTH_METHOD: saml2
 # # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
@@ -46,41 +46,41 @@ MYSQL_PASSWORD: l4c1j4yd33Du5lo


 # Set OIDC to be the authentication method
-AUTH_METHOD: oidc
+AUTH_METHOD=oidc
 #AUTH_METHOD: standard 
 # Control if BookStack automatically initiates login via your OIDC system 
 # if it's the only authentication method. Prevents the need for the
 # user to click the "Login with x" button on the login page.
 # Setting this to true enables auto-initiation.
-AUTH_AUTO_INITIATE: true
+AUTH_AUTO_INITIATE=true

 # Set the display name to be shown on the login button.
 # (Login with <name>)
-OIDC_NAME: SSO
+OIDC_NAME=SSO

 # Name of the claims(s) to use for the user's display name.
 # Can have multiple attributes listed, separated with a '|' in which 
 # case those values will be joined with a space.
 # Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
-OIDC_DISPLAY_NAME_CLAIMS: name
+OIDC_DISPLAY_NAME_CLAIMS=name

 # OAuth Client ID to access the identity provider
-OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
+OIDC_CLIENT_ID=GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U

 # OAuth Client Secret to access the identity provider
-OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
+OIDC_CLIENT_SECRET=Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8

 # Issuer URL
 # Must start with 'https://'
-OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
+OIDC_ISSUER=https://auth.sectorq.eu/application/o/bookstack/

 # The "end session" (RP-initiated logout) URL to call during BookStack logout.
 # By default this is false which disables RP-initiated logout.
 # Setting to "true" will enable logout if found as supported by auto-discovery.
 # Otherwise, this can be set as a specific URL endpoint.
-OIDC_END_SESSION_ENDPOINT: false
+OIDC_END_SESSION_ENDPOINT=false

 # Enable auto-discovery of endpoints and token keys.
 # As per the standard, expects the service to serve a 
 # `<issuer>/.well-known/openid-configuration` endpoint.
-OIDC_ISSUER_DISCOVER: true
+OIDC_ISSUER_DISCOVER=true
--- a/__swarm/dockermon/dockermon-swarm.yml
+++ b/__swarm/dockermon/dockermon-swarm.yml
@@ -0,0 +1,22 @@
+services:
+  docker_mon:
+    image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
+    ports:
+    - target: 8126
+      published: 8126
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - config:/config
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  config:
--- a/__swarm/gitea/gitea-swarm.yml
+++ b/__swarm/gitea/gitea-swarm.yml
@@ -1,9 +1,11 @@
-version: '3.9'
+networks:
+  gitea:
+    external: false
 services:
  server:
    environment:
-      USER_UID: '1000'
-      USER_GID: '1000'
+      USER_UID: 1000
+      USER_GID: 1000
      ROOT_URL: https://gitea.sectorq.eu
      ENABLE_PASSWORD_SIGNIN_FORM: 'false'
      DISABLE_REGISTRATION: 'true'
@@ -11,59 +13,69 @@ services:
    networks:
    - gitea
    ports:
-    - 3000:3000
-    - '222:22'
+    - target: 3000
+      published: 3000
+      protocol: tcp
+      mode: ingress
+    - target: 22
+      published: 222
+      protocol: tcp
+      mode: ingress
    volumes:
-    - /share/docker_data/gitea:/data
-    - /etc/timezone:/etc/timezone:ro
+    - data:/data
    - /etc/localtime:/etc/localtime:ro
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
-        homepage.container: gitea
-        homepage.description: version control server
-        homepage.group: utilities
-        homepage.href: https://${appname}.sectorq.eu
-        homepage.icon: ${appname}.png
-        homepage.name: gitea
-        homepage.server: my-docker
+        homepage.container: gitea_server
+        homepage.description: Version control server
+        homepage.group: Utilities
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Gitea
+        homepage.server: my-docker-swarm
        homepage.weight: '1'
-        homepage.widget.key: ${token}
-        homepage.widget.type: ${appname}
-        homepage.widget.url: https://${appname}.sectorq.eu
+        homepage.widget.key: "b7b6e21beb7489c170215e2b7ae0d9b0099132d6"
+        homepage.widget.type: ${APPNAME}
+        homepage.widget.url: https://${APPNAME}.sectorq.eu
        homepage.widget.version: '2'
        wud.watch: 'true'
        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
  runner:
    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
+    secrets:
+      - gitea_runner_registration_token
    environment:
      CONFIG_FILE: /config/config.yaml
      GITEA_INSTANCE_URL: https://gitea.sectorq.eu/
-      GITEA_RUNNER_REGISTRATION_TOKEN: 8nmkqjhkvywltmnff2o9vs0tzo70ufhsqpvg6ymb
+      GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/gitea_runner_registration_token
      GITEA_RUNNER_NAME: jaydee
      GITEA_RUNNER_LABELS: jaydee
    volumes:
-    - /share/docker_data/gitea-runner/config:/config
-    - /share/docker_data/gitea-runner/data:/data
+    
+    - runner_config:/config
+    - runner_data:/data
    - /var/run/docker.sock:/var/run/docker.sock
+    - /etc/localtime:/etc/localtime:ro
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
-networks:
-  gitea:
-    external: false
+volumes:
+  data:
+    driver: local
+  runner_config:
+    driver: local
+  runner_data:
+    driver: local
+secrets:
+  gitea_runner_registration_token:
+    external: true
--- a/__swarm/gitlab/docker-compose.yml
+++ b/__swarm/gitlab/docker-compose.yml
@@ -1,5 +1,16 @@
 services:
+  runner:
+    container_name: gitlab-runner
+    restart: always
+    volumes:
+      - runner:/etc/gitlab-runner
+      - /var/run/docker.sock:/var/run/docker.sock
+    image: ${DOCKER_REGISTRY:-}gitlab/gitlab-runner:latest
+    labels:
+      - wud.watch.digest=true
+      - wud.watch=true
  web:
+  
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\
@@ -47,8 +58,13 @@ services:
    restart: unless-stopped
    shm_size: 4gb
    volumes:
-    - /share/docker_data/gitlab/config:/etc/gitlab
-    - /share/docker_data/gitlab/logs:/var/log/gitlab
-    - /share/docker_data/gitlab/data:/var/opt/gitlab
+    - config:/etc/gitlab
+    - logs:/var/log/gitlab
+    - data:/var/opt/gitlab
    - /etc/localtime:/etc/localtime:ro
 version: '3.6'
+volumes:
+  runner:
+  config:
+  logs:
+  data:
--- a/__swarm/gitlab/gitlab-swarm.yml
+++ b/__swarm/gitlab/gitlab-swarm.yml
@@ -0,0 +1,101 @@
+  services:
+    runner:
+      container_name: gitlab-runner
+      restart: always
+      volumes:
+        - runner:/etc/gitlab-runner
+        - /var/run/docker.sock:/var/run/docker.sock
+      image: ${DOCKER_REGISTRY:-}gitlab/gitlab-runner:latest
+      labels:
+        - wud.watch.digest=true
+        - wud.watch=true
+      dns:
+        - 192.168.77.1
+        - 192.168.77.101
+    app:
+      environment:
+        GITLAB_OMNIBUS_CONFIG: |
+          external_url 'https://gitlab.sectorq.eu'
+          nginx['listen_port'] = 80
+          nginx['listen_https'] = false
+          web_server['username'] = 'git'
+          gitlab_rails['time_zone'] = 'Europe/Bratislava'
+          gitlab_rails['omniauth_enabled'] = true
+          gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
+          gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
+          gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
+          gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
+          gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
+          gitlab_rails['omniauth_block_auto_created_users'] = false
+          gitlab_rails['omniauth_auto_link_saml_user'] = true
+          gitlab_rails['omniauth_providers'] = [
+            {
+              name: 'saml',
+              args: {
+                assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',
+                # Shown when navigating to certificates in authentik1
+                idp_cert_fingerprint: 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',
+                idp_sso_target_url: 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',
+                issuer: 'https://gitlab.sectorq.eu',
+                name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+                attribute_statements: {
+                  email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],
+                  first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],
+                  nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']
+                }
+              },
+              label: 'authentik'
+            }
+          ]
+        TZ: Europe/Bratislava
+      hostname: gitlab.sectorq.eu
+      image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
+      network_mode: bridge
+      ports:
+      - target: 80
+        published: 8785
+        protocol: tcp
+        mode: ingress
+      - target: 443
+        published: 8743
+        protocol: tcp
+        mode: ingress
+      - target: 22
+        published: 8722
+        protocol: tcp
+        mode: ingress
+      shm_size: 4gb
+      volumes:
+      - config:/etc/gitlab
+      - logs:/var/log/gitlab
+      - data:/var/opt/gitlab
+      - /etc/localtime:/etc/localtime:ro
+      deploy:
+        labels:
+          com.centurylinklabs.watchtower.enable: 'true'
+          homepage.container: gitlab
+          homepage.description: Version control
+          homepage.group: Infrastructure
+          homepage.href: https://gitlab.sectorq.eu
+          homepage.icon: gitlab.png
+          homepage.name: Gitlab
+          homepage.server: my-docker-swarm
+          homepage.weight: '1'
+          homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
+          homepage.widget.type: gitlab
+          homepage.widget.url: https://gitlab.sectorq.eu
+          homepage.widget.user_id: '2'
+          wud.watch: 'true'
+          wud.watch.digest: 'true'
+        replicas: 1
+        placement:
+          constraints:
+          - node.role == manager
+
+  volumes:
+    config:
+      driver: local
+    logs:
+      driver: local
+    data:
+      driver: local
--- a/__swarm/grafana/grafana-swarm.yml
+++ b/__swarm/grafana/grafana-swarm.yml
@@ -1,5 +1,9 @@
 networks:
-  loki: null
+  loki:
+volumes:
+  loki_data:
+  grafana_data:
+  grafana_certs:
 services:
  grafana:
    entrypoint:
@@ -35,21 +39,20 @@ services:
      published: 3007
      protocol: tcp
      mode: ingress
-    restart: ${RESTART:-unless-stopped}
    user: 0:0
    volumes:
-    - /share/docker_data/grafana/data:/var/lib/grafana
-    - /share/docker_data/grafana/certs:/certs
+    - grafana_data:/var/lib/grafana
+    - grafana_certs:/certs
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
-        homepage.container: grafana
+        homepage.container: grafana_grafana
        homepage.description: Graphs
        homepage.group: Smarthome
        homepage.href: https://g.sectorq.eu
        homepage.icon: grafana.png
        homepage.name: Grafana
-        homepage.server: my-docker
+        homepage.server: my-docker-swarm
        homepage.weight: '1'
        wud.watch: 'true'
        wud.watch.digest: 'true'
@@ -60,6 +63,8 @@ services:
  loki:
    command: -config.file=/etc/loki/local-config.yaml
    image: ${DOCKER_REGISTRY:-}grafana/loki:latest
+    volumes:
+    - loki_data:/loki
    networks:
    - loki
    ports:
@@ -67,7 +72,6 @@ services:
      published: 3100
      protocol: tcp
      mode: ingress
-    restart: ${RESTART:-unless-stopped}
    deploy:
      labels:
        wud.watch: 'true'
@@ -81,11 +85,13 @@ services:
    image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
    networks:
    - loki
+    configs:
+      - source: promtail
+        target: /etc/promtail/config.yml
    volumes:
    - /var/log:/var/log
-    - /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
-    - /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
-    restart: ${RESTART:-unless-stopped}
+    #- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
+    #- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
    deploy:
      labels:
        wud.watch: 'true'
@@ -100,7 +106,6 @@ services:
    - 8092
    networks:
    - loki
-    restart: ${RESTART:-unless-stopped}
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
@@ -110,3 +115,6 @@ services:
      placement:
        constraints:
        - node.role == manager
+configs:
+  promtail:
+    external: true
--- a/__swarm/hashicorp/hashicorp-swarm.yml
+++ b/__swarm/hashicorp/hashicorp-swarm.yml
@@ -0,0 +1,47 @@
+services:
+  vault:
+    image: hashicorp/vault:latest
+    command: server -config=/vault/config/vault.hcl
+    volumes:
+      - data:/vault/data
+    configs:
+      - source: vault_hcl
+        target: /vault/config/vault.hcl
+    ports:
+      - "8200:8200"
+    environment:
+      VAULT_LOCAL_CONFIG: |
+        {
+          "backend": {
+            "file": {
+              "path": "/vault/file"
+            }
+          },
+          "listener": {
+            "tcp": {
+              "address": "0.0.0.0:8200",
+              "tls_disable": 1
+            }
+          },
+          "disable_mlock": true
+        }
+      VAULT_API_ADDR: "http://192.168.77.101:8200"
+    cap_add:
+      - IPC_LOCK
+    networks:
+      - vault-net
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == manager
+
+configs:
+  vault_hcl:
+    external: true
+volumes:
+  data:
+networks:
+  vault-net:
+    driver: overlay
--- a/__swarm/home-assistant/.env.influxdb2-admin-token
+++ b/__swarm/home-assistant/.env.influxdb2-admin-token
@@ -1 +0,0 @@
-l4c1j4yd33Du5lo
--- a/__swarm/home-assistant/.env.influxdb2-admin-username
+++ b/__swarm/home-assistant/.env.influxdb2-admin-username
--- a/__swarm/home-assistant/home-assistant-swarm.yml
+++ b/__swarm/home-assistant/home-assistant-swarm.yml
@@ -1,110 +1,108 @@
-version: '3.9'
+
+
 services:
  homeassistant:
-    network_mode: host
    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
    volumes:
-    - /share/docker_data/ha/:/config
+    - ha_config:/config
    - /var/run/docker.sock:/var/run/docker.sock
    - /run/dbus:/run/dbus:ro
+    networks:
+      - swarm-ipvlan 
+      - traefik-public
+      - homeassistant-internal
    privileged: true
    environment:
-    - DISABLE_JEMALLOC=value
-    - TZ=Europe/Bratislava
+      DISABLE_JEMALLOC: value
+      TZ: Europe/Bratislava
    dns:
    - 192.168.77.101
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
+        com.centurylinklabs.watchtower.enable: 'true'
        homepage.group: Smarthome
        homepage.name: Home Assistant
-        homepage.weight: 1
+        homepage.weight: '1'
        homepage.icon: home-assistant.png
        homepage.href: https://ha.sectorq.eu
        homepage.description: 3D Printing
-        homepage.server: my-docker
+        homepage.server: my-docker-swarm
        homepage.container: HomeAssistant
        homepage.widget.type: homeassistant
        homepage.widget.url: https://ha.sectorq.eu
        homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
-        wud.watch: true
-        wud.watch.digest: true
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
  esphome:
    image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
    volumes:
-    - /share/docker_data/esphome/config:/config
+    - esphome_config:/config
    - /etc/localtime:/etc/localtime:ro
    privileged: true
    network_mode: host
    environment:
-    - USERNAME=jaydee
-    - PASSWORD=jaydee1
+      USERNAME: jaydee
+      PASSWORD: jaydee1
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
+        com.centurylinklabs.watchtower.enable: 'true'
        homepage.group: Smarthome
        homepage.name: ESPHome
-        homepage.weight: 1
+        homepage.weight: '1'
        homepage.icon: esphome.png
        homepage.href: https://esphome.sectorq.eu
        homepage.description: 3D Printing
-        homepage.server: my-docker
+        homepage.server: my-docker-swarm
        homepage.container: esphome
        homepage.widget.type: esphome
        homepage.widget.url: https://esphome.sectorq.eu
        homepage.widget.username: jaydee
        homepage.widget.password: jaydee1
-        wud.watch: true
-        wud.watch.digest: true
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
  wyoming-piper-en:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
    ports:
-    - 10200:10200
+    - target: 10200
+      published: 10200
+      protocol: tcp
+      mode: ingress
    volumes:
-    - /share/docker_data/piper/english:/data
+    - piper_data:/data
    command: --data-dir /data --voice en_US-lessac-medium
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
-        wud.watch: true
-        wud.watch.digest: true
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
  wyoming-whisper-en:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
    ports:
-    - 10300:10300
+    - target: 10300
+      published: 10300
+      protocol: tcp
+      mode: ingress
    volumes:
-    - /share/docker_data/whisper/english:/data
+    - whisper_data:/data
    command: --data-dir /data --model tiny-int8 --language en
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
-        wud.watch: true
-        wud.watch.digest: true
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -114,22 +112,21 @@ services:
      --model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
      2 --debug
    volumes:
-    - /share/docker_data/openwakeword-data:/data
-    - /share/docker_data/openwakeword-data:/custom
+    - openwakeword_data:/data
+    - openwakeword_data:/custom
    environment:
-    - TZ=Europe/Bratislava
+      TZ: Europe/Bratislava
    ports:
-    - 10400:10400
-    - 10400:10400/udp
+    - target: 10400
+      published: 10400
+      protocol: tcp
+      mode: ingress
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
-        wud.watch: true
-        wud.watch.digest: true
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -138,18 +135,15 @@ services:
    security_opt:
    - apparmor=unconfined
    volumes:
-    - /share/docker_data/matter-server:/data
+    - matter-server:/data
    - /run/dbus:/run/dbus:ro
    network_mode: host
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
-        wud.watch: true
-        wud.watch.digest: true
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
@@ -157,52 +151,50 @@ services:
    image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
    network_mode: host
    volumes:
-    - /share/docker_data/music-assistant-server/data:/data/
+    - music_assistant_server_data:/data/
    cap_add:
    - SYS_ADMIN
    - DAC_READ_SEARCH
    security_opt:
    - apparmor:unconfined
    environment:
-    - LOG_LEVEL=info
+      LOG_LEVEL: info
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
-        wud.watch: true
-        wud.watch.digest: true
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
        homepage.group: Smarthome
        homepage.name: music-assistant
-        homepage.weight: 1
+        homepage.weight: '1'
        homepage.icon: music-assistant.png
        homepage.href: https://music.sectorq.eu
        homepage.description: Music
-        homepage.server: my-docker
+        homepage.server: my-docker-swarm
        homepage.container: music-assistant-server
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
  influxdb:
    ports:
-    - 8086:8086
+    - target: 8086
+      published: 8086
+      protocol: tcp
+      mode: ingress
    volumes:
-    - /share/docker_data/influxdb/data:/var/lib/influxdb2
-    - /share/docker_data/influxdb/config:/etc/influxdb2
+    - influxdb2_data:/var/lib/influxdb2
+    - influxdb2_config:/etc/influxdb2
    secrets:
-    - influxdb2-admin-username
-    - influxdb2-admin-password
-    - influxdb2-admin-token
+    - ha_influxdb2_admin_token
    environment:
-    - DOCKER_INFLUXDB_INIT_MODE=setup
-    - DOCKER_INFLUXDB_INIT_USERNAME=ha
-    - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
-    - DOCKER_INFLUXDB_INIT_ORG=ha
-    - DOCKER_INFLUXDB_INIT_BUCKET=ha
-    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
-    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
+      DOCKER_INFLUXDB_INIT_MODE: setup
+      DOCKER_INFLUXDB_INIT_USERNAME: ha
+      DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
+      DOCKER_INFLUXDB_INIT_ORG: ha
+      DOCKER_INFLUXDB_INIT_BUCKET: ha
+      #DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: mytoken123
+      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/ha_influxdb2_admin_token
    image: ${DOCKER_REGISTRY:-}influxdb:2
    healthcheck:
      test: echo  test > /var/lib/influxdb2/hc || exit 1
@@ -210,21 +202,24 @@ services:
      timeout: 3s
      retries: 2
    deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
      labels:
-        com.centurylinklabs.watchtower.enable: true
-        wud.watch: true
-        wud.watch.digest: true
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
      placement:
        constraints:
        - node.role == manager
+volumes:
+  influxdb2_data:
+  influxdb2_config:
+  music_assistant_server_data:
+  matter-server:
+  ha_config:
+  esphome_config:
+  piper_data:
+  whisper_data:
+  openwakeword_data:
 secrets:
-  influxdb2-admin-username:
-    file: .env.influxdb2-admin-username
-  influxdb2-admin-password:
-    file: .env.influxdb2-admin-password
-  influxdb2-admin-token:
-    file: .env.influxdb2-admin-token
+  ha_influxdb2_admin_token:
+    external: true
--- a/__swarm/homepage/homepage-swarm.yml
+++ b/__swarm/homepage/homepage-swarm.yml
@@ -0,0 +1,35 @@
+services:
+  homepage:
+    dns:
+    - 192.168.77.1
+    - 192.168.77.101
+    environment:
+      HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003,192.168.80.222:3003
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
+    ports:
+    - target: 3000
+      published: 3003
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - config:/app/config
+    - /var/run/docker.sock:/var/run/docker.sock:ro
+    - images:/app/public/images
+    - icons:/app/public/icons
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  config:
+    driver: local
+  images:
+    driver: local
+  icons:
+    driver: local
--- a/__swarm/immich/.env
+++ b/__swarm/immich/.env
@@ -22,3 +22,5 @@ DB_USERNAME=postgres
 DB_DATABASE_NAME=immich
 HW_MODE1=vaapi
 HW_MODE2=openvino
+APPNAME=immich
+DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/immich/immich-swarm.yml
+++ b/__swarm/immich/immich-swarm.yml
@@ -0,0 +1,85 @@
+services:
+  server:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    # devices:
+    #   - /dev/dri:/dev/dri
+    # group_add:
+    #   - video
+    #   - 993
+    volumes:
+    - ${UPLOAD_LOCATION}:/data
+    - /etc/localtime:/etc/localtime:ro
+    - /media/nas/photo:/mnt/photos2
+    env_file:
+    - .env
+    ports:
+    - target: 2283
+      published: 2283
+      protocol: tcp
+      mode: ingress
+    healthcheck:
+      disable: false
+    deploy:
+      labels:
+        homepage.container: immich_server
+        homepage.description: Photo server
+        homepage.group: Media
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Immich
+        homepage.server: my-docker-swarm
+        homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
+        homepage.widget.type: ${APPNAME}
+        homepage.widget.url: https://${APPNAME}.sectorq.eu
+        homepage.widget.version: '2'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  machine-learning:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    # device_cgroup_rules:
+    #   - 'c 189:* rmw'
+    # devices:
+    #   - /dev/dri:/dev/dri
+    volumes:
+    - model-cache:/cache
+    - /dev/bus/usb:/dev/bus/usb
+    env_file:
+    - .env
+    healthcheck:
+      disable: false
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  redis:
+    image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    healthcheck:
+      test: redis-cli ping || exit 1
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  database:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: --data-checksums
+    volumes:
+    - db:/var/lib/postgresql/data
+    shm_size: 128mb
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  model-cache: null
+  db: null
--- a/__swarm/immich/stack.env
+++ b/__swarm/immich/stack.env
@@ -21,3 +21,5 @@ DB_PASSWORD=postgres
 DB_USERNAME=postgres
 DB_DATABASE_NAME=immich
 POSTGRES_PASSWORD=postgres
+APPNAME=immich
+DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/influxdb/influxdb-swarm.yml
+++ b/__swarm/influxdb/influxdb-swarm.yml
@@ -0,0 +1,37 @@
+services:
+  influxdb:
+    ports:
+    - target: 8086
+      published: 8087
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/var/lib/influxdb2
+    - config:/etc/influxdb2
+    secrets:
+    - influxdb2-admin-token
+    environment:
+      DOCKER_INFLUXDB_INIT_MODE: setup
+      DOCKER_INFLUXDB_INIT_USERNAME: ha
+      DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
+      DOCKER_INFLUXDB_INIT_ORG: ha
+      DOCKER_INFLUXDB_INIT_BUCKET: ha
+      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/influxdb2-admin-token
+    image: ${DOCKER_REGISTRY:-}influxdb:2
+    healthcheck:
+      test: echo  test > /var/lib/influxdb2/hc || exit 1
+      interval: 10s
+      timeout: 3s
+      retries: 2
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+secrets:
+  influxdb2-admin-token:
+    external: true
+volumes:
+  data:
+  config:
--- a/__swarm/jupyter/jupyter-swarm.yml
+++ b/__swarm/jupyter/jupyter-swarm.yml
@@ -0,0 +1,27 @@
+services:
+  base-notebook:
+    ports:
+    - target: 8888
+      published: 8888
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/home/jovyan/work
+    image: ${DOCKER_REGISTRY:-}jupyter/base-notebook:latest
+    deploy:
+      labels:
+        homepage.container: jupyter_base-notebook
+        homepage.description: Python server
+        homepage.group: Utils
+        homepage.href: http://m-server.home.lan:8888/
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Jupyter Notebook
+        homepage.server: my-docker-swarm
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
--- a/__swarm/kestra/kestra-swarm.yml
+++ b/__swarm/kestra/kestra-swarm.yml
@@ -0,0 +1,98 @@
+services:
+  kestra:
+    command: server standalone --worker-thread=128
+    environment:
+      SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
+      SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
+      KESTRA_CONFIGURATION: |
+        datasources:
+          postgres:
+            url: jdbc:postgresql://postgres:5432/kestra
+            driverClassName: org.postgresql.Driver
+            username: kestra
+            password: k3str4
+        kestra:
+          server:
+            basicAuth:
+              enabled: false
+              username: "jaydee@sectorq.eu" # it must be a valid email address
+              password: ${PASSWORD}
+          repository:
+            type: postgres
+          storage:
+            type: local
+            local:
+              basePath: "/app/storage"
+          queue:
+            type: postgres
+          tasks:
+            tmpDir:
+              path: /tmp/kestra-wd/tmp
+          url: http://localhost:8080/
+          tutorial-flows:
+            enabled: false
+        micronaut:
+          server:
+            cors:
+              enabled: true
+    image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
+    ports:
+    - target: 8080
+      published: 8980
+      protocol: tcp
+      mode: ingress
+    - target: 8081
+      published: 8981
+      protocol: tcp
+      mode: ingress
+    user: root
+    volumes:
+    - /etc/localtime:/etc/localtime:ro
+    - data:/app/storage
+    - /var/run/docker.sock:/var/run/docker.sock
+    - /tmp/kestra-wd:/tmp/kestra-wd
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: kestra_kestra
+        homepage.description: Automation
+        homepage.group: Infrastructure
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Kestra
+        homepage.server: my-docker-swarm
+        homepage.weight: '1'
+        wud.display.icon: mdi:evernote
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  postgres:
+    environment:
+      POSTGRES_DB: kestra
+      POSTGRES_PASSWORD: k3str4
+      POSTGRES_USER: kestra
+    healthcheck:
+      interval: 30s
+      retries: 10
+      test:
+      - CMD-SHELL
+      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 10s
+    image: ${DOCKER_REGISTRY:-}postgres:16
+    volumes:
+    -  db:/var/lib/postgresql/data
+    deploy:
+      labels:
+        wud.watch: 'false'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
+    driver: local
+  db:
+    driver: local
--- a/__swarm/mailu3/docker-compose.yml
+++ b/__swarm/mailu3/docker-compose.yml
@@ -117,16 +117,16 @@ services:
      - webmail
      - radicale
    ports:
-      - 0.0.0.0:8880:80
-      - 0.0.0.0:8443:443
-      - 0.0.0.0:25:25
-      - 0.0.0.0:465:465
-      - 0.0.0.0:587:587
-      - 0.0.0.0:110:110
-      - 0.0.0.0:995:995
-      - 0.0.0.0:143:143
-      - 0.0.0.0:993:993
-      - 0.0.0.0:4190:4190
+      - '8880:80'
+      - '8443:443'
+      - '25:25'
+      - '465:465'
+      - '587:587'
+      - '110:110' 
+      - '995:995'
+      - '143:143'
+      - '993:993'
+      - '4190:4190'
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/certs:/certs
--- a/__swarm/mailu3/mailu3-swarm.yml
+++ b/__swarm/mailu3/mailu3-swarm.yml
@@ -0,0 +1,259 @@
+networks:
+  clamav:
+    driver: overlay
+  default:
+    driver: overlay
+    ipam:
+      config:
+        - subnet: 192.168.205.0/24
+      driver: default
+  fts_attachments:
+    driver: overlay
+    internal: true
+  oletools:
+    driver: overlay
+    internal: true
+  radicale:
+    driver: overlay
+  webmail:
+    driver: overlay
+
+services:
+  admin:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/data:/data
+      - /share/docker_data/mailu3/dkim:/dkim
+    networks:
+      # Swarm uses service discovery, but requires network connection
+      - default
+      # DNS is handled by Swarm's internal DNS resolver (the resolver service will be discoverable by name)
+  
+  antispam:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    hostname: antispam
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/filter:/var/lib/rspamd
+      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
+    networks:
+      - default
+      - oletools
+      - clamav
+
+  antivirus:
+    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
+    networks:
+      - clamav
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+  fetchmail:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/data/fetchmail:/data
+    networks:
+      - default # Connect to 'default' for service discovery
+
+
+  front:
+    # NOTE: 'extends' is removed. You must manually define logging or accept default.
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+      homepage.container: mailu3-front-1
+      homepage.description: eMail server
+      homepage.group: Utilities
+      homepage.href: https://mail.sectorq.eu
+      homepage.icon: ${APPNAME}.png
+      homepage.name: Mailu
+      homepage.server: my-docker
+      homepage.weight: 1
+    volumes:
+      - /share/docker_data/mailu3/certs:/certs
+      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
+    networks:
+      - default
+      - webmail
+      - radicale
+    ports:
+      - target: 80
+        published: 8880
+        protocol: tcp
+        mode: ingress
+      - target: 443
+        published: 8443
+        protocol: tcp
+        mode: ingress
+      - target: 25
+        published: 25
+        protocol: tcp
+        mode: ingress
+      - target: 465
+        published: 465
+        protocol: tcp
+        mode: ingress
+      - target: 587
+        published: 587
+        protocol: tcp
+        mode: ingress
+      - target: 110
+        published: 110
+        protocol: tcp
+        mode: ingress
+      - target: 995
+        published: 995
+        protocol: tcp
+        mode: ingress
+      - target: 143
+        published: 143
+        protocol: tcp
+        mode: ingress
+      - target: 993
+        published: 993
+        protocol: tcp
+        mode: ingress
+      - target: 4190
+        published: 4190
+        protocol: tcp
+        mode: ingress
+
+
+  fts_attachments:
+    image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
+    hostname: tika
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    networks:
+      - fts_attachments
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+
+  imap:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/mail:/mail
+      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
+    networks:
+      - default
+      - fts_attachments
+
+
+  oletools:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
+    hostname: oletools
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    networks:
+      - oletools
+
+
+  redis:
+    image: ${DOCKER_REGISTRY:-}redis:alpine
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/redis:/data
+    networks:
+      - default # Connect to default network
+
+
+  resolver:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    networks:
+      default:
+        # NOTE: Swarm does not support static IPs for scaling. 
+        # This will fail standard 'docker stack deploy'. 
+        # For mailu, the static IP is critical, so we attempt to enforce it 
+        # via the deploy key, but be aware this is highly non-standard.
+        # It's better to configure Mailu to use the service name 'resolver' instead of the static IP.
+        # If using a customized deployer:
+        # deploy:
+        #   placement:
+        #     constraints:
+        #       - node.hostname == your-swarm-manager
+        #   endpoint_mode: dnsrr
+        #   mode: global
+        #   replicas: 1
+        #   labels:
+        #     com.docker.stack.static_ips: 192.168.205.254
+        #     com.docker.stack.static_network: default
+        ipv4_address: 192.168.205.254
+
+
+  smtp:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/mailqueue:/queue
+      - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
+    networks:
+      - default # Connect to default network
+
+  webdav:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/dav:/data
+    networks:
+      - radicale
+
+
+  webmail:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
+    env_file: stack.env
+    labels:
+      wud.watch: 'true'
+      wud.watch.digest: 'true'
+    volumes:
+      - /share/docker_data/mailu3/webmail:/data
+      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
+    networks:
+      - webmail
--- a/__swarm/mealie/mealie-swarm.yml
+++ b/__swarm/mealie/mealie-swarm.yml
@@ -0,0 +1,46 @@
+services:
+  app:
+    image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0
+    ports:
+    - target: 9000
+      published: 9925
+      protocol: tcp
+      mode: ingress
+    deploy:
+      resources:
+        limits:
+          memory: 1000M
+      labels:
+        homepage.container: mealie_app
+        homepage.description: Recipe server
+        homepage.group: Utils
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Mealie
+        homepage.server: my-docker-swarm
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+    volumes:
+    - data:/app/data/
+    environment:
+      ALLOW_SIGNUP: 'false'
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Bratislava
+      BASE_URL: https://mealie.sectorq.eu
+      OIDC_AUTH_ENABLED: 'true'
+      OIDC_PROVIDER_NAME: authentik
+      OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
+      OIDC_CLIENT_ID: QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b
+      OIDC_CLIENT_SECRET: SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV
+      OIDC_SIGNUP_ENABLED: 'true'
+      OIDC_USER_GROUP: mealie-users
+      OIDC_ADMIN_GROUP: mealie-admins
+      OIDC_AUTO_REDIRECT: 'true'
+      OIDC_REMEMBER_ME: 'true'
+volumes:
+  data:
--- a/__swarm/mediacenter/docker-compose.yml
+++ b/__swarm/mediacenter/docker-compose.yml
@@ -144,7 +144,7 @@ services:
    ports:
    - 8096:8096
    - 8920:8920
-    - 7359:7359/udp
+    - 7359:7359
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/jellyfin:/config
@@ -248,7 +248,7 @@ services:
    ports:
    - 8085:8085
    - 6881:6881
-    - 6881:6881/udp
+
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/qbittorrent/config:/config
--- a/__swarm/mediacenter/mediacenter-swarm.yml
+++ b/__swarm/mediacenter/mediacenter-swarm.yml
@@ -0,0 +1,420 @@
+networks:
+  duplicati:
+    driver: overlay
+  mediarr:
+    driver: overlay
+volumes:
+  homarr_configs:
+  homarr_icons:
+  homarr_data:
+  jackett_config:
+  jackett_downloads:
+  jellyfin_config:
+  jellyseerr_config:
+  lidarr_config:
+  qbittorrent_config:
+  radarr_config:
+  sonarr_config:
+  bazarr_config:
+  m-server_music:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.101,rw,nfsvers=4.1
+      device: :/music
+services:
+  bazarr:
+    environment:
+      PUID: '1000'
+      PGID: '1000'
+      TZ: Europe/Bratislava
+    hostname: bazarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
+    networks:
+    - mediarr
+    dns:
+      - 192.168.77.101
+    ports:
+    - target: 6767
+      published: 6767
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - bazarr_config:/config
+    - /media/m-server/movies:/movies/m-server
+    - /media/m-server/shows:/tv/m-server
+    - /media/nas/movies:/movies/nas
+    - /media/nas/shows:/tv/nas
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: mediacenter_bazarr
+        homepage.description: Subtitles
+        homepage.group: Media
+        homepage.href: https://bazarr.sectorq.eu
+        homepage.icon: bazarr.png
+        homepage.name: bazarr
+        homepage.server: my-docker-swarm
+        homepage.weight: '90'
+        homepage.widget.key: ${BAZARR_TOKEN}
+        homepage.widget.type: bazarr
+        homepage.widget.url: https://bazarr.sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  flaresolverr:
+    environment:
+      LOG_LEVEL: info
+      TZ: Europe/Bratislava
+    hostname: flaresolverr
+    image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 8191
+      published: 8191
+      protocol: tcp
+      mode: ingress
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  homarr:
+    hostname: homarr
+    image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 7575
+      published: 7575
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - homarr_configs:/app/data/configs
+    - homarr_icons:/app/public/icons
+    - homarr_data:/data
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  jackett:
+    dns:
+    - 192.168.77.101
+    environment:
+      PUID: '1000'
+      PGID: '1000'
+      TZ: Europe/Bratislava
+      AUTO_UPDATE: 'true'
+      RUN_OPTS: ''
+    hostname: jackett
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 9117
+      published: 9117
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - jackett_config:/config
+    - jackett_downloads:/downloads
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: mediacenter_jackett
+        homepage.description: Subtitles
+        homepage.group: Media
+        homepage.href: https://jackett.sectorq.eu
+        homepage.icon: jackett.png
+        homepage.name: Jackett
+        homepage.server: my-docker-swarm
+        homepage.weight: '80'
+        homepage.widget.password: ${JACKET_TOKEN}
+        homepage.widget.type: jackett
+        homepage.widget.url: https://jackett.sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  jellyfin:
+    environment:
+      TZ: Europe/Bratislava
+      JELLYFIN_PublishedServerUrl: https://jf.sectorq.eu
+      VAAPI_DEVICE: /dev/dri/renderD128
+      LIBVA_DRIVER_NAME: radeonsi
+    hostname: jellyfin
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
+
+    ports:
+    - target: 8096
+      published: 8096
+      protocol: tcp
+      mode: ingress
+    - target: 8920
+      published: 8920
+      protocol: tcp
+      mode: ingress
+    - target: 7359
+      published: 7359
+      protocol: tcp
+      mode: ingress
+    user: root
+    volumes:
+    - jellyfin_config:/config
+    - /media/m-server/movies:/data/movies/m-server
+    - m-server_music:/data/music/m-server
+    - /media/m-server/shows:/data/shows/m-server
+    - /media/nas/movies:/data/movies/nas
+    - /media/nas/music:/data/music/nas
+    - /media/nas/shows:/data/shows/nas
+    - /media/nas/xxx:/data/xxx/nas
+    - /dev/dri:/dev/dri
+    devices:
+      - /dev/dri/renderD128:/dev/dri/renderD128
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: mediacenter_jellyfin
+        homepage.description: Subtitles
+        homepage.group: Media
+        homepage.href: https://jf.sectorq.eu
+        homepage.icon: jellyfin.png
+        homepage.name: Jellyfin
+        homepage.server: my-docker-swarm
+        homepage.weight: '10'
+        homepage.widget.key: ${JELLYFIN_TOKEN}
+        homepage.widget.type: jellyfin
+        homepage.widget.url: https://jf.sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+        - node.labels.gpu == amd
+
+  jellyseerr:
+    environment:
+      LOG_LEVEL: debug
+      TZ: Europe/Bratislava
+    hostname: jellyseerr
+    image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 5055
+      published: 5055
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - jellyseerr_config:/app/config
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enabl: 'true'
+        homepage.container: mediacenter_jellyseerr
+        homepage.description: Subtitles
+        homepage.group: Media
+        homepage.href: https://js.sectorq.eu
+        homepage.icon: jellyseerr.png
+        homepage.name: Jellyseerr
+        homepage.server: my-docker-swarm
+        homepage.weight: '20'
+        homepage.widget.key: ${JELLYSEER_TOKEN}
+        homepage.widget.type: jellyseerr
+        homepage.widget.url: https://js.sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  lidarr:
+    environment:
+      PUID: '1000'
+      PGID: '1000'
+      TZ: Europe/Bratislava
+    hostname: lidarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 8686
+      published: 8686
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - lidarr_config:/config
+    - /media/m-server/music:/music
+    - /media/m-server/downloads:/downloads
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: mediacenter_lidarr
+        homepage.description: Subtitles
+        homepage.group: Media
+        homepage.href: https://lidarr.sectorq.eu
+        homepage.icon: lidarr.png
+        homepage.name: Lidarr
+        homepage.server: my-docker-swarm
+        homepage.weight: '60'
+        homepage.widget.key: ${LIDARR_TOKEN}
+        homepage.widget.type: lidarr
+        homepage.widget.url: https://lidarr.sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  qbittorrent:
+    environment:
+      PUID: '1000'
+      PGID: '1000'
+      TZ: Europe/Bratislava
+      WEBUI_PORT: '8085'
+      FILE__PASSWORD: /run/secrets/mysecretpassword
+    hostname: qbittorrent
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 8085
+      published: 8085
+      protocol: tcp
+      mode: ingress
+    - target: 6881
+      published: 6881
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - qbittorrent_config:/config
+    - /media/m-server/downloads:/downloads
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: mediacenter_qbittorrent
+        homepage.description: Subtitles
+        homepage.group: Utilities
+        homepage.href: https://qbit.sectorq.eu
+        homepage.icon: qbittorrent.png
+        homepage.name: Qbittorrent
+        homepage.server: my-docker-swarm
+        homepage.weight: '95'
+        homepage.widget.enableLeechProgress: 'false'
+        homepage.widget.password: ${QBIT_TOKEN}
+        homepage.widget.type: qbittorrent
+        homepage.widget.url: https://qbit.sectorq.eu
+        homepage.widget.username: admin
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  radarr:
+    dns:
+    - 192.168.77.101
+    environment:
+      PUID: '1000'
+      PGID: '1000'
+      TZ: Europe/Bratislava
+    hostname: radarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 7878
+      published: 7878
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - radarr_config:/config
+    - /media/m-server/movies/:/movies-m-server
+    - /media/nas/movies/:/movies-nas
+    - /media/m-server/downloads:/downloads
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: mediacenter_radarr
+        homepage.description: Subtitles
+        homepage.group: Media
+        homepage.href: https://radarr.sectorq.eu
+        homepage.icon: radarr.png
+        homepage.name: Radarr
+        homepage.server: my-docker-swarm
+        homepage.weight: '20'
+        homepage.widget.key: ${RADARR_TOKEN}
+        homepage.widget.type: radarr
+        homepage.widget.url: https://radarr.sectorq.eu
+        wud.display.icon: mdi:radarr
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+
+  sonarr:
+    dns:
+    - 192.168.77.101
+    environment:
+      PUID: '1000'
+      PGID: '1000'
+      TZ: Europe/Bratislava
+    hostname: sonarr
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
+    networks:
+    - mediarr
+    ports:
+    - target: 8989
+      published: 8989
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - sonarr_config:/config
+    - /media/m-server/shows:/tv-m-server
+    - /media/nas/shows:/tv-nas
+    - /media/m-server/downloads:/downloads
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: mediacenter_sonarr
+        homepage.description: Subtitles
+        homepage.group: Media
+        homepage.href: https://sonarr.sectorq.eu
+        homepage.icon: sonarr.png
+        homepage.name: Sonarr
+        homepage.server: my-docker-swarm
+        homepage.weight: '30'
+        homepage.widget.key: ${SONARR_TOKEN}
+        homepage.widget.type: sonarr
+        homepage.widget.url: https://sonarr.sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
--- a/__swarm/mosquitto/mosquitto-swarm.yml
+++ b/__swarm/mosquitto/mosquitto-swarm.yml
@@ -0,0 +1,25 @@
+services:
+  mosquitto:
+    image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
+    ports:
+    - target: 1883
+      published: 1883
+      protocol: tcp
+      mode: host
+    volumes:
+    - conf:/mosquitto/config
+    - data:/mosquitto/data
+    - log:/mosquitto/log
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  conf:
+  data:
+  log:
--- a/__swarm/motioneye/motioneye-swarm.yml
+++ b/__swarm/motioneye/motioneye-swarm.yml
@@ -0,0 +1,40 @@
+services:
+  app:
+    dns:
+    - 192.168.77.101
+    environment:
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
+    ports:
+    - target: 8081
+      published: 8081
+      protocol: tcp
+      mode: ingress
+    - target: 8765
+      published: 8765
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - /etc/localtime:/etc/localtime:ro
+    - config:/etc/motioneye
+    - data:/var/lib/motioneye
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: motioneye_app
+        homepage.description: Video manager
+        homepage.group: Media
+        homepage.href: http://m-server.home.lan:8765/
+        homepage.icon: /images/motioneye.webp
+        homepage.name: MotionEye
+        homepage.server: my-docker-swarm
+        homepage.weight: '1'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  config:
+  data:
--- a/__swarm/n8n/n8n-swarm.yml
+++ b/__swarm/n8n/n8n-swarm.yml
@@ -0,0 +1,42 @@
+version: '3'
+services:
+  app:
+    image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
+    ports:
+    - target: 5678
+      published: 5679
+      protocol: tcp
+      mode: ingress
+    environment:
+      N8N_HOST: n8n.sectorq.eu
+      N8N_PORT: '5678'
+      N8N_PROTOCOL: https
+      N8N_BASIC_AUTH_ACTIVE: 'true'
+      N8N_BASIC_AUTH_USER: sth
+      N8N_BASIC_AUTH_PASSWORD: pwd
+      N8N_RUNNERS_ENABLED: 'true'
+      N8N_RUNNERS_MODE: internal
+      N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: 'true'
+      N8N_SECURE_COOKIE: 'false'
+      WEBHOOK_URL: https://n8n.sectorq.eu
+    volumes:
+    - data:/home/node/.n8n
+    stop_grace_period: 60s
+    deploy:
+      labels:
+        homepage.container: n8n_app
+        homepage.description: Workflow management
+        homepage.group: Utils
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: /icons/n8n.svg
+        homepage.name: n8n
+        homepage.server: my-docker-swarm
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
+    driver: local
--- a/__swarm/nebula/nebula-swarm.yml
+++ b/__swarm/nebula/nebula-swarm.yml
@@ -0,0 +1,15 @@
+services:
+  nebula-sync:
+    image: ghcr.io/lovelaze/nebula-sync:latest
+    environment:
+      PRIMARY: http://192.168.77.101:9380|l4c1j4yd33Du5lo
+      REPLICAS: http://192.168.77.106:9380|l4c1j4yd33Du5lo
+      CLIENT_SKIP_TLS_VERIFICATION: 'true'
+      FULL_SYNC: 'true'
+      RUN_GRAVITY: 'true'
+      CRON: 0 * * * *
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
--- a/__swarm/nextcloud/.env
+++ b/__swarm/nextcloud/.env
@@ -1,2 +1,3 @@
 APPNAME=nextcloud
 #RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/nextcloud/nextcloud-swarm.yml
+++ b/__swarm/nextcloud/nextcloud-swarm.yml
@@ -0,0 +1,109 @@
+services:
+  app:
+    dns:
+    - 192.168.77.101
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}nextcloud:latest
+    links:
+    - db
+    ports:
+    - target: 80
+      published: 8134
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/var/www/html
+    - pre-installation:/docker-entrypoint-hooks.d/pre-installation
+    - post-installation:/docker-entrypoint-hooks.d/post-installation
+    - pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
+    - post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
+    - before-starting:/docker-entrypoint-hooks.d/before-starting
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
+          -y smbclient;chown -R www-data:www-data /var/www/html
+        homepage.container: nextcloud_app
+        homepage.description: Cloud server
+        homepage.group: Infrastructure
+        homepage.href: https://nc.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Nextcloud
+        homepage.server: my-docker-swarm
+        homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
+        homepage.widget.type: ${APPNAME}
+        homepage.widget.url: https://nc.sectorq.eu
+        homepage.widget.username: jaydee
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  db:
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
+      --skip-innodb-read-only-compressed
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
+    volumes:
+    - mariadb:/var/lib/mysql
+    - /etc/localtime:/etc/localtime
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  redis:
+    image: ${DOCKER_REGISTRY:-}redis:alpine
+    volumes:
+    - redis:/data
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  appapi-harp:
+    environment:
+      HP_SHARED_KEY: l4c1j4yd33Du5lo
+      NC_INSTANCE_URL: https://nc.sectorq.eu
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - certs:/certs
+    hostname: appapi-harp
+    ports:
+    - target: 8780
+      published: 8780
+      protocol: tcp
+      mode: ingress
+    - target: 8782
+      published: 8782
+      protocol: tcp
+      mode: ingress
+    image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
+  pre-installation:
+  post-installation:
+  pre-upgrade:
+  post-upgrade:
+  before-starting:
+  mariadb:
+  redis:
+  certs:
--- a/__swarm/nginx/nginx-swarm.yml
+++ b/__swarm/nginx/nginx-swarm.yml
@@ -0,0 +1,55 @@
+networks:
+  pihole_pihole:
+    external: true
+services:
+  app:
+    dns:
+    - 192.168.78.254
+    healthcheck:
+      interval: 10s
+      test:
+      - CMD
+      - /usr/bin/check-health
+      timeout: 3s
+    image: jc21/nginx-proxy-manager:latest
+    networks:
+    - pihole_pihole
+    ports:
+    - target: 80
+      published: 8099
+      protocol: tcp
+      mode: ingress
+    - target: 443
+      published: 4439
+      protocol: tcp
+      mode: ingress
+    - target: 81
+      published: 81
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/data
+    - letsencrypt:/etc/letsencrypt
+    deploy:
+      labels:
+        homepage.container: nginx-app-1
+        homepage.description: Reverse Proxy
+        homepage.group: Infrastructure
+        homepage.href: http://active.home.lan:81
+        homepage.icon: nginx-proxy-manager.png
+        homepage.name: Nginx
+        homepage.server: my-docker-swarm
+        homepage.weight: '25'
+        homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
+        homepage.widget.type: npm
+        homepage.widget.url: http://active.home.lan:81
+        homepage.widget.username: monitoring@sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
+  letsencrypt:
--- a/__swarm/node-red/node-red-swarm.yml
+++ b/__swarm/node-red/node-red-swarm.yml
@@ -0,0 +1,32 @@
+services:
+  app:
+    dns:
+    - 192.168.77.101
+    environment:
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
+    ports:
+    - target: 1880
+      published: 1880
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/data
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+        homepage.container: node-red_app
+        homepage.description: Node red
+        homepage.group: Infrastructure
+        homepage.href: http://active.home.lan:1880
+        homepage.icon: node-red.png
+        homepage.name: Node-red
+        homepage.server: my-docker-swarm
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
--- a/__swarm/ollama/ollama-swarm.yml
+++ b/__swarm/ollama/ollama-swarm.yml
@@ -0,0 +1,24 @@
+services:
+  app:
+    image: ${DOCKER_REGISTRY:-}ollama/ollama:rocm
+    devices:
+    - /dev/kfd
+    - /dev/dri
+    volumes:
+    - models:/root/.ollama
+    environment:
+      HSA_OVERRIDE_GFX_VERSION: 11.0.0
+    ports:
+    - target: 11434
+      published: 11434
+      protocol: tcp
+      mode: ingress
+    dns:
+    - 8.8.8.8
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  models:
--- a/__swarm/onlyoffice/onlyoffice-swarm.yml
+++ b/__swarm/onlyoffice/onlyoffice-swarm.yml
@@ -0,0 +1,103 @@
+services:
+  server:
+    build:
+      context: .
+    image: onlyoffice/documentserver
+    environment:
+      DB_TYPE: postgres
+      DB_HOST: postgresql
+      DB_PORT: '5432'
+      DB_NAME: onlyoffice
+      DB_USER: onlyoffice
+      AMQP_URI: amqp://guest:guest@onlyoffice-rabbitmq
+    ports:
+    - target: 80
+      published: 8280
+      protocol: tcp
+      mode: ingress
+    - target: 443
+      published: 22443
+      protocol: tcp
+      mode: ingress
+    healthcheck:
+      test:
+      - CMD
+      - curl
+      - -f
+      - http://localhost:8000/info/info.json
+      interval: 30s
+      retries: 5
+      start_period: 60s
+      timeout: 10s
+    stdin_open: true
+    stop_grace_period: 60s
+    volumes:
+    - data:/var/www/onlyoffice/Data
+    - logs:/var/log/onlyoffice
+    - cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
+    - files:/var/www/onlyoffice/documentserver-example/public/files
+    - fonts:/usr/share/fonts
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+        homepage.container: onlyoffice_server
+        homepage.description: OnlyOffice Document Server
+        homepage.group: Infrastructure
+        homepage.href: http://active.home.lan:8280/example/
+        homepage.icon: onlyoffice.png
+        homepage.name: OnlyOffice Document Server
+        homepage.server: my-docker-swarm
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  onlyoffice-rabbitmq:
+    image: rabbitmq:3
+    expose:
+    - '5672'
+    healthcheck:
+      test:
+      - CMD
+      - rabbitmq-diagnostics
+      - status
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  postgresql:
+    image: postgres:15
+    environment:
+      POSTGRES_DB: onlyoffice
+      POSTGRES_USER: onlyoffice
+      POSTGRES_HOST_AUTH_METHOD: trust
+    expose:
+    - '5432'
+    volumes:
+    - db:/var/lib/postgresql
+    healthcheck:
+      test:
+      - CMD-SHELL
+      - pg_isready -U onlyoffice
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  db:
+  data:
+  logs:
+  cache:
+  files:
+  fonts:
--- a/__swarm/paperless-ngx/paperless-ngx-swarm.yml
+++ b/__swarm/paperless-ngx/paperless-ngx-swarm.yml
@@ -0,0 +1,69 @@
+services:
+  broker:
+    image: ${DOCKER_REGISTRY:-}docker.io/library/redis:8
+    volumes:
+    - redisdata:/data
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  webserver:
+    image: ${DOCKER_REGISTRY:-}ghcr.io/paperless-ngx/paperless-ngx:latest
+    ports:
+    - target: 8000
+      published: 8001
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/usr/src/paperless/data
+    - media:/usr/src/paperless/media
+    - export:/usr/src/paperless/export
+    - consume:/usr/src/paperless/consume
+    - scripts:/opt/scripts
+    env_file: stack.env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_URL: https://paperless.sectorq.eu
+      PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.sectorq.eu
+      PAPERLESS_POST_CONSUME_SCRIPT: /opt/scripts/post-consumption.sh
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
+        {
+            "openid_connect": {
+              "APPS": [
+                {
+                  "provider_id": "authentik",
+                  "name": "Authentik",
+                  "client_id": "B4NM614bqWkvDqGDAmR823qUm8n4ZNlG3XtvkI51",
+                  "secret": "7FFRdLWOUHlDxkhc86xR2yhxRn8BmDfTtfX9aTVY1XbRY197zy3UXPs51IMIkIjwjp6uijtpIQDDJDpR7LNInJt0F5hEXGMEcTfJxYyfNv2ytKFO58tCN5UD2EnzbCmN",
+                  "settings": {
+                    "server_url": "https://auth.sectorq.eu/application/o/paperless/.well-known/openid-configuration"
+                  }
+                }
+              ],
+              "OAUTH_PKCE_ENABLED": "True"
+            }
+          }
+    deploy:
+      labels:
+        homepage.container: paperless-ngx_webserver
+        homepage.description: PDF server
+        homepage.group: Utils
+        homepage.href: https://paperless.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Paperless
+        homepage.server: my-docker-swarm
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
+  media:
+  export:
+  consume:
+  scripts:
+  redisdata:
--- a/__swarm/pihole/pihole-swarm.yml
+++ b/__swarm/pihole/pihole-swarm.yml
@@ -0,0 +1,70 @@
+volumes:
+  data:
+    driver: local
+  dnsmasq_d:
+    driver: local
+
+networks:
+  pihole:
+    driver: overlay
+    attachable: true
+    ipam:
+      config:
+        - subnet: 192.168.78.0/24
+services:
+  app:
+    cap_add:
+    - NET_ADMIN
+    - SYS_TIME
+    - SYS_NICE
+    environment:
+      FTLCONF_dns_listeningMode: all
+      FTLCONF_dns_upstreams: 8.8.8.8;8.8.4.4
+      FTLCONF_webserver_api_password: ${PASSWORD}
+      TZ: Europe/Bratislava
+    hostname: m-server
+    image: pihole/pihole:latest
+    networks:
+      pihole:
+        ipv4_address: 192.168.78.254
+    ports:
+    - target: 53
+      published: 53
+      protocol: udp
+      mode: ingress
+    - target: 80
+      published: 9380
+      protocol: tcp
+      mode: ingress
+    - target: 443
+      published: 9343
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/etc/pihole
+    - dnsmasq_d:/etc/dnsmasq.d
+    - type: tmpfs
+      target: /dev/shm
+      tmpfs:
+        size: 248000000
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: pihole_app
+        homepage.description: Add blocker
+        homepage.group: Infrastructure
+        homepage.href: https://active.home.lan:9343/admin
+        homepage.icon: /images/pihole.png
+        homepage.name: Pihole
+        homepage.server: my-docker-swarm
+        homepage.weight: '1'
+        homepage.widget.key: ${PASSWORD}
+        homepage.widget.type: pihole
+        homepage.widget.url: https://active.home.lan:9343
+        homepage.widget.version: '6'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
--- a/__swarm/rancher/rancher-swarm.yml
+++ b/__swarm/rancher/rancher-swarm.yml
@@ -0,0 +1,27 @@
+services:
+  rancher:
+    command: --acme-domain rancher.sectorq.eu
+    image: ${DOCKER_REGISTRY:-}rancher/rancher:latest
+    ports:
+    - target: 80
+      published: 7080
+      protocol: tcp
+      mode: ingress
+    - target: 443
+      published: 7443
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/var/lib/rancher
+    cap_add:
+      - ALL                  # add all capabilities
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  data:
--- a/__swarm/registry/docker-compose.yml
+++ b/__swarm/registry/docker-compose.yml
@@ -21,3 +21,4 @@ services:
    volumes:
    - /share/docker_data/registry/auth:/auth
    - /share/docker_registry/data:/var/lib/registry
+    - /share/docker_data/registry/config:/etc/docker/registry/
--- a/__swarm/registry/registry-swarm.yml
+++ b/__swarm/registry/registry-swarm.yml
@@ -0,0 +1,40 @@
+services:
+  app:
+    environment:
+      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
+      REGISTRY_AUTH: htpasswd
+      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+    image: registry:2
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+        loki-relabel-config: |
+          - action: labelmap
+            regex: swarm_stack
+            replacement: namespace
+          - action: labelmap
+            regex: swarm_(service)
+    ports:
+    - target: 5000
+      published: 5000
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - auth:/auth
+    - /share/docker_registry/data:/var/lib/registry
+    - config:/etc/docker/registry/
+    
+    deploy:
+      labels:
+        wud.watch: 'false'
+        wud.watch.digest: 'false'
+        service_name: 'registry'
+      replicas: 1
+      restart_policy:
+        condition: any
+
+volumes:
+  auth:
+  config:
--- a/__swarm/regsync/regsync-swarm.yml
+++ b/__swarm/regsync/regsync-swarm.yml
@@ -0,0 +1,34 @@
+volumes:
+  config:
+    driver: local
+services:
+  app:
+    command: -c /home/appuser/regsync.yml server
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}ghcr.io/regclient/regsync:latest
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+        loki-relabel-config: |
+          - action: labelmap
+            regex: swarm_stack
+            replacement: namespace
+          - action: labelmap
+            regex: swarm_(service)
+    stdin_open: true
+    volumes:
+    - config:/home/appuser/
+    - /etc/localtime:/etc/localtime
+    # labels:
+    #     service_name: 'regsync'
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+        service_name: 'regsync'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
--- a/__swarm/regsync/stack.env
+++ b/__swarm/regsync/stack.env
@@ -4,3 +4,5 @@ HUB_USER=sectorq
 HUB_PASS=dckr_pat_7XN8zNgj8JRPq1mlS5IvMcxJDUA
 LOCAL_USER=jaydee
 LOCAL_PASS=l4c1j4yd33Du5lo
+APPNAME=regsync
+DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/semaphore/docker-compose.yml
+++ b/__swarm/semaphore/docker-compose.yml
@@ -10,7 +10,7 @@ services:
      SEMAPHORE_ADMIN: administrator
      SEMAPHORE_ADMIN_EMAIL: administrator@sectorq.eu
      SEMAPHORE_ADMIN_NAME: administrator
-      SEMAPHORE_ADMIN_PASSWORD: $SEMAPHORE_ADMIN_PASSWORD
+      SEMAPHORE_ADMIN_PASSWORD: administrator
      SEMAPHORE_DB: semaphore_db
      SEMAPHORE_DB_HOST: db
      SEMAPHORE_DB_PASS: StrongPassw0rd
@@ -21,7 +21,7 @@ services:
      SEMAPHORE_LDAP_DN_SEARCH: dc=sectorq,dc=eu
      SEMAPHORE_LDAP_HOST: 192.168.77.101
      SEMAPHORE_LDAP_NEEDTLS: 'no'
-      SEMAPHORE_LDAP_PASSWORD: $LDAP_ADMIN_PASSWORD
+      SEMAPHORE_LDAP_PASSWORD: administrator
      SEMAPHORE_LDAP_PORT: '2389'
      SEMAPHORE_LDAP_SEARCH_FILTER: (&(objectClass=inetOrgPerson)(uid=%s))
      SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
--- a/__swarm/semaphore/semaphore-swarm.yml
+++ b/__swarm/semaphore/semaphore-swarm.yml
@@ -0,0 +1,63 @@
+services:
+  app:
+    dns:
+    - 192.168.77.101
+    - 192.168.77.1
+    secrets:
+    - semaphore_admin_password
+    environment:
+      SEMAPHORE_ACCESS_KEY_ENCRYPTION: MflCLIUF5bn6Lgkuwy4BoAdIFhoZ4Ief2oocXmuZSjs=
+      SEMAPHORE_ADMIN: admin
+      SEMAPHORE_ADMIN_EMAIL: jaydee@sectorq.eu
+      SEMAPHORE_ADMIN_NAME: admin
+      SEMAPHORE_ADMIN_PASSWORD_FILE: /run/secrets/semaphore_admin_password
+      SEMAPHORE_DB: semaphore_db
+      SEMAPHORE_DB_HOST: db
+      SEMAPHORE_DB_PASS: StrongPassw0rd
+      SEMAPHORE_DB_PORT: 3306
+      SEMAPHORE_DB_USER: semaphore_user
+      SEMAPHORE_LDAP_ACTIVATED: 'no'
+      SEMAPHORE_LDAP_DN_BIND: cn=jaydee,ou=users,dc=sectorq,dc=eu
+      SEMAPHORE_LDAP_DN_SEARCH: dc=sectorq,dc=eu
+      SEMAPHORE_LDAP_HOST: 192.168.77.101
+      SEMAPHORE_LDAP_NEEDTLS: 'no'
+      SEMAPHORE_LDAP_PASSWORD: administrator
+      SEMAPHORE_LDAP_PORT: '2389'
+      SEMAPHORE_LDAP_SEARCH_FILTER: (&(objectClass=inetOrgPerson)(uid=%s))
+      SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}semaphoreui/semaphore:latest
+    ports:
+    - target: 3000
+      published: 3002
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - /etc/localtime:/etc/localtime:ro
+    - data:/etc/semaphore/
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+  db:
+    environment:
+      MYSQL_DATABASE: semaphore_db
+      MYSQL_PASSWORD: StrongPassw0rd
+      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+      MYSQL_USER: semaphore_user
+    image: ${DOCKER_REGISTRY:-}mysql:8.0
+    volumes:
+    - db:/var/lib/mysql
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+volumes:
+  data:
+  db:
+secrets:
+  semaphore_admin_password:
+    external: true
--- a/__swarm/uptime-kuma/uptime-kuma-swarm.yml
+++ b/__swarm/uptime-kuma/uptime-kuma-swarm.yml
@@ -0,0 +1,21 @@
+services:
+  uptime-kuma:
+    image: ${DOCKER_REGISTRY:-}louislam/uptime-kuma:nightly2
+    ports:
+    - target: 3001
+      published: 3001
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - data:/app/data
+    - /var/run/docker.sock:/var/run/docker.sock
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      restart_policy:
+        condition: any
+volumes:
+  data:
--- a/__swarm/webhub/webhub-swarm.yml
+++ b/__swarm/webhub/webhub-swarm.yml
@@ -0,0 +1,50 @@
+services:
+  heimdall:
+    environment:
+      PUID: '1000'
+      PGID: '1000'
+      TZ: Europe/Bratislava
+    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/heimdall:latest
+    ports:
+    - target: 80
+      published: 8084
+      protocol: tcp
+      mode: ingress
+    - target: 443
+      published: 4437
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - heimdall_config:/config
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  web:
+    environment:
+      NGINX_HOST: sectorq.eu
+      NGINX_PORT: '80'
+    image: ${DOCKER_REGISTRY:-}nginx:latest
+    ports:
+    - target: 80
+      published: 48000
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - webhub_data:/usr/share/nginx/html
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  heimdall_config:
+  webhub_data:
--- a/__swarm/wordpress/wordpress-swarm.yml
+++ b/__swarm/wordpress/wordpress-swarm.yml
@@ -0,0 +1,52 @@
+services:
+  db:
+    image: ${DOCKER_REGISTRY:-}mariadb:10.6.4-focal
+    command: --default-authentication-plugin=mysql_native_password
+    volumes:
+    - db_data:/var/lib/mysql
+    secrets:
+    - wordpress_db_password
+    - wordpress_root_db_password
+    environment:
+      MYSQL_ROOT_PASSWORD: wordpress
+      MYSQL_DATABASE: wordpress
+      MYSQL_USER: wordpress
+      MYSQL_PASSWORD_FILE: /run/secrets/wordpress_db_password
+      MYSQL_HOST: '%'
+    expose:
+    - 3306
+    - 33060
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  wordpress:
+    image: ${DOCKER_REGISTRY:-}wordpress:latest
+    volumes:
+    - wp_data:/var/www/html
+    ports:
+    - target: 80
+      published: 8098
+      protocol: tcp
+      mode: ingress
+    secrets:
+    - wordpress_db_password
+    environment:
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_USER: wordpress
+      WORDPRESS_DB_PASSWORD_FILE: /run/secrets/wordpress_db_password
+      WORDPRESS_DB_NAME: wordpress
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+volumes:
+  db_data: null
+  wp_data: null
+secrets:
+  wordpress_db_password:
+    external: true
+  wordpress_root_db_password:
+    external: true
--- a/__swarm/wud/stack.env
+++ b/__swarm/wud/stack.env
@@ -16,7 +16,7 @@ WUD_AUTH_OIDC_AUTHENTIK_TIMEOUT=2000

 # BASIC
 WUD_AUTH_BASIC_JAYDEE_USER=homepage
-WUD_AUTH_BASIC_JAYDEE_HASH=$$apr1$$pGMz1QxU$$y6XuTscvGcYgas15JWlfg/
+WUD_AUTH_BASIC_JAYDEE_HASH=$apr1$OZNN/65l$cQp3tMfyQdftPIgje.uDZ1
 # GOTIFY
 WUD_TRIGGER_GOTIFY_EXTERNAL_PRIORITY=0
 WUD_TRIGGER_GOTIFY_EXTERNAL_TOKEN="AFxvpm1JpPSsmkf"
@@ -47,14 +47,14 @@ WUD_LOG_LEVEL=debug
 # text json
 WUD_LOG_FORMAT=text

-WUD_WATCHER_EXTDOCKER_HOST=193.168.144.164
-WUD_WATCHER_EXTDOCKER_PORT=2376
-WUD_WATCHER_EXTDOCKER_CERTFILE=/certs/ext/cert.pem
-WUD_WATCHER_EXTDOCKER_CAFILE=/certs/ext/ca.pem
-WUD_WATCHER_EXTDOCKER_KEYFILE=/certs/ext/key.pem
-WUD_WATCHER_EXTDOCKER_CRON=0 * * * *
-WUD_WATCHER_EXTDOCKER_WATCHALL=true
-WUD_WATCHER_EXTDOCKER_WATCHBYDEFAULT=true
+# WUD_WATCHER_EXTDOCKER_HOST=193.168.144.164
+# WUD_WATCHER_EXTDOCKER_PORT=2376
+# WUD_WATCHER_EXTDOCKER_CERTFILE=/certs/ext/cert.pem
+# WUD_WATCHER_EXTDOCKER_CAFILE=/certs/ext/ca.pem
+# WUD_WATCHER_EXTDOCKER_KEYFILE=/certs/ext/key.pem
+# WUD_WATCHER_EXTDOCKER_CRON=0 * * * *
+# WUD_WATCHER_EXTDOCKER_WATCHALL=true
+# WUD_WATCHER_EXTDOCKER_WATCHBYDEFAULT=true

 WUD_WATCHER_MSERVER_HOST=192.168.77.101
 WUD_WATCHER_MSERVER_PORT=2376
@@ -65,14 +65,23 @@ WUD_WATCHER_MSERVER_CRON=0 * * * *
 WUD_WATCHER_MSERVER_WATCHALL=true
 WUD_WATCHER_MSERVER_WATCHBYDEFAULT=false

-WUD_WATCHER_RPI5_HOST=192.168.77.238
-WUD_WATCHER_RPI5_PORT=2376
-WUD_WATCHER_RPI5_CERTFILE=/certs/rpi5/cert.pem
-WUD_WATCHER_RPI5_CAFILE=/certs/rpi5/ca.pem
-WUD_WATCHER_RPI5_KEYFILE=/certs/rpi5/key.pem
-WUD_WATCHER_RPI5_CRON=0 * * * *
-WUD_WATCHER_RPI5_WATCHALL=true
-WUD_WATCHER_RPI5_WATCHBYDEFAULT=true
+WUD_WATCHER_MS_HOST=192.168.77.101
+WUD_WATCHER_MS_PORT=2376
+WUD_WATCHER_MS_CERTFILE=/certs/m-server/cert.pem
+WUD_WATCHER_MS_CAFILE=/certs/m-server/ca.pem
+WUD_WATCHER_MS_KEYFILE=/certs/m-server/key.pem
+WUD_WATCHER_MS_CRON=0 * * * *
+WUD_WATCHER_MS_WATCHALL=true
+WUD_WATCHER_MS_WATCHBYDEFAULT=true
+
+# WUD_WATCHER_RPI5_HOST=192.168.77.238
+# WUD_WATCHER_RPI5_PORT=2376
+# WUD_WATCHER_RPI5_CERTFILE=/certs/rpi5/cert.pem
+# WUD_WATCHER_RPI5_CAFILE=/certs/rpi5/ca.pem
+# WUD_WATCHER_RPI5_KEYFILE=/certs/rpi5/key.pem
+# WUD_WATCHER_RPI5_CRON=0 * * * *
+# WUD_WATCHER_RPI5_WATCHALL=true
+# WUD_WATCHER_RPI5_WATCHBYDEFAULT=true

 WUD_WATCHER_NAS_HOST=192.168.77.106
 WUD_WATCHER_NAS_PORT=2376
@@ -83,13 +92,13 @@ WUD_WATCHER_NAS_CRON=0 * * * *
 WUD_WATCHER_NAS_WATCHALL=true
 WUD_WATCHER_NAS_WATCHBYDEFAULT=true

-WUD_WATCHER_RACK_HOST=192.168.77.55
-WUD_WATCHER_RACK_PORT=2376
-WUD_WATCHER_RACK_CERTFILE=/certs/rack/cert.pem
-WUD_WATCHER_RACK_CAFILE=/certs/rack/ca.pem
-WUD_WATCHER_RACK_KEYFILE=/certs/rack/key.pem
-WUD_WATCHER_RACK_CRON=0 * * * *
-WUD_WATCHER_RACK_WATCHALL=true
-WUD_WATCHER_RACK_WATCHBYDEFAULT=true
+# WUD_WATCHER_RACK_HOST=192.168.77.55
+# WUD_WATCHER_RACK_PORT=2376
+# WUD_WATCHER_RACK_CERTFILE=/certs/rack/cert.pem
+# WUD_WATCHER_RACK_CAFILE=/certs/rack/ca.pem
+# WUD_WATCHER_RACK_KEYFILE=/certs/rack/key.pem
+# WUD_WATCHER_RACK_CRON=0 * * * *
+# WUD_WATCHER_RACK_WATCHALL=true
+# WUD_WATCHER_RACK_WATCHBYDEFAULT=true

 WUD_SERVER_CORS_ENABLED=true
--- a/__swarm/wud/wud-swarm.yml
+++ b/__swarm/wud/wud-swarm.yml
@@ -0,0 +1,41 @@
+services:
+  app:
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}getwud/wud
+    # logging:
+    #   driver: loki
+    #   options:
+    #     loki-url: http://192.168.77.101:3100/loki/api/v1/push
+    ports:
+    - target: 3000
+      published: 3008
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - data:/store
+    - certs:/certs
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: wud_app
+        homepage.description: Docker container management
+        homepage.group: Infrastructure
+        homepage.href: https://wud.sectorq.eu
+        homepage.icon: /images/wud-logo.png
+        homepage.name: What's Up Docker
+        homepage.server: my-docker-swarm
+        homepage.weight: '1'
+        homepage.widget.password: l4c1j4yd33Du5lo
+        homepage.widget.type: whatsupdocker
+        homepage.widget.url: https://wud.sectorq.eu
+        homepage.widget.username: homepage
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      restart_policy:
+        condition: any
+volumes:
+  data:
+  certs:
--- a/__swarm/zabbix-server/.env
+++ b/__swarm/zabbix-server/.env
@@ -1,2 +1,3 @@
 APPNAME=zabbix
 #RESTART=always
+DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/zabbix-server/Dockerfile
+++ b/__swarm/zabbix-server/Dockerfile
@@ -0,0 +1,5 @@
+FROM zabbix/zabbix-server-pgsql:alpine-latest
+
+USER root
+RUN apk add --no-cache curl
+USER zabbix
--- a/__swarm/zabbix-server/docker-compose.yml
+++ b/__swarm/zabbix-server/docker-compose.yml
@@ -48,7 +48,11 @@ services:
    extends:
      file: logging.yml
      service: ${LOGGING:-syslog}
-    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest
+    #image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: zabbix-server-custom:latest
    volumes:
      - /share/docker_data/zabbix-server/server/alertscripts:/usr/lib/zabbix/alertscripts
    labels:
--- a/__swarm/zabbix-server/stack.env
+++ b/__swarm/zabbix-server/stack.env
@@ -1,6 +1,6 @@
 # Zabbix global
 # ZBX_DEBUGLEVEL=3
-
+DOCKER_REGISTRY=r.sectorq.eu/library/
 # Database
 MYSQL_PASSWORD=zabbix
 MYSQL_USER=zabbix
@@ -127,5 +127,5 @@ ZBX_CACHESIZE=64M
 # ZBX_TLSFRONTENDCERTISSUER= # Available since 7.4.0
 # ZBX_TLSFRONTENDCERTSUBJECT= # Available since 7.4.0
 ZBX_WEBDRIVERURL=192.168.77.101:4444 # Available since 7.0.0
-ZBX_STARTBROWSERPOLLERS=5 # Available since 7.0.0
+#ZBX_STARTBROWSERPOLLERS=0 # Available since 7.0.0
 # ZBX_STARTSNMPPOLLERS=1 # Available since 7.0.0
--- a/__swarm/zabbix-server/zabbix-server-swarm.yml
+++ b/__swarm/zabbix-server/zabbix-server-swarm.yml
@@ -0,0 +1,133 @@
+networks:
+  zabbix:
+    driver: overlay
+    ipam:
+      config:
+      - subnet: 192.168.89.0/28
+      driver: default
+services:
+  db-server:
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}postgres:16-alpine
+    networks:
+      zabbix:
+        ipv4_address: 192.168.89.4
+    ports:
+      - target: 5432
+        published: 5432
+        protocol: tcp
+        mode: ingress
+    volumes:
+      - db:/var/lib/postgresql/data
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  zabbix-frontend:
+    env_file:
+    - stack.env
+    image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-latest
+    networks:
+      zabbix:
+        ipv4_address: 192.168.89.3
+    ports:
+    - target: 8080
+      published: 8051
+      protocol: tcp
+      mode: ingress
+    - target: 8443
+      published: 4435
+      protocol: tcp
+      mode: ingress
+    volumes:
+    - certs:/usr/share/zabbix/conf/certs
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  zabbix-server:
+    env_file:
+    - stack.env
+    #image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest
+    image: r.sectorq.eu/jaydee/zabbix-server-pgsql:latest
+    volumes:
+    - alertscripts:/usr/lib/zabbix/alertscripts
+    networks:
+      zabbix:
+        ipv4_address: 192.168.89.2
+    ports:
+    - target: 10051
+      published: 10051
+      protocol: tcp
+      mode: ingress
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: zabbix-server_zabbix-server
+        homepage.description: Monitoring server
+        homepage.group: Utilities
+        homepage.href: https://${APPNAME}.sectorq.eu
+        homepage.icon: ${APPNAME}.png
+        homepage.name: Zabbix Server
+        homepage.server: my-docker-swarm
+        homepage.weight: '90'
+        homepage.widget.key: 431bda3fbb45a9d603c1b74d57c3a61df1e07124c5c7119cb6379194d5555822
+        homepage.widget.type: ${APPNAME}
+        homepage.widget.url: https://${APPNAME}.sectorq.eu
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  webdriver:
+    ports:
+    - target: 4444
+      published: 4444
+      protocol: tcp
+      mode: ingress
+    - target: 7900
+      published: 7900
+      protocol: tcp
+      mode: ingress
+    image: ${DOCKER_REGISTRY:-}docker.io/selenium/standalone-chrome:latest
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  # postinstall:
+  #   image: debian:12-slim
+  #   environment:
+  #     PUID: '0'
+  #     PGID: '0'
+  #   volumes:
+  #   - /usr/bin:/usr/bin
+  #   - /usr/lib:/usr/lib
+  #   - /var/run/docker.sock:/var/run/docker.sock
+  #   - scripts:/scripts
+  #   entrypoint:
+  #   - /bin/sh
+  #   - /scripts/install-curl.sh
+  #   deploy:
+  #     replicas: 1
+  #     placement:
+  #       constraints:
+  #       - node.role == manager
+volumes:
+  db:
+  certs:
+  alertscripts:
+  scripts:
--- a/authentik/docker-compose.yml
+++ b/authentik/docker-compose.yml
@@ -117,3 +117,11 @@ volumes:
    driver: local
  redis:
    driver: local
+  media:
+    driver: local
+  templates:
+    driver: local
+  certs:
+    driver: local
+  custom-templates:
+    driver: local
--- a/bitwarden/.env
+++ b/bitwarden/.env
@@ -1,2 +1,4 @@
 APPNAME=bitwarden
 DOCKER_REGISTRY=r.sectorq.eu/library/
+ADMIN_PASSWORD=l4c1j4yd33Du5lo
+SMTP_PASSWORD=l4c1j4yd33Du5lo
--- a/bitwarden/docker-compose.yml
+++ b/bitwarden/docker-compose.yml
@@ -1,3 +1,6 @@
+volumes:
+  data:
+    driver: local
 services:
  bitwarden:
    container_name: vaultwarden
@@ -29,4 +32,4 @@ services:
    - 8181:80
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/bitwarden/bw-data:/data
+    - data:/data
--- a/bookstack/docker-compose.yml
+++ b/bookstack/docker-compose.yml
@@ -21,7 +21,7 @@ services:
    - 6875:80
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/bookstack/bookstack_app_data:/config
+    - app_data:/config
  db:
    env_file:
    - stack.env
@@ -34,5 +34,9 @@ services:
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/bookstack/bookstack_db_data:/config
-version: '2'
+    - db_data:/config
+volumes:
+  app_data:
+    driver: local
+  db_data:
+    driver: local
--- a/dockermon/docker-compose.yml
+++ b/dockermon/docker-compose.yml
@@ -10,5 +10,7 @@ services:
    restart: unless-stopped
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
-    - /share/docker_data/dockermon/config:/config
-version: '2'
+    - config:/config
+volumes:
+  config:
+    driver: local
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -21,7 +21,7 @@ services:
      homepage.name: Gitea
      homepage.server: my-docker
      homepage.weight: 1
-      homepage.widget.key: ${TOKEN}
+      homepage.widget.key: a39e12bdd3fc724d01827b16ae6136c9229ffb16
      homepage.widget.type: ${APPNAME}
      homepage.widget.url: https://${APPNAME}.sectorq.eu
      homepage.widget.version: 2
@@ -34,22 +34,36 @@ services:
    - '222:22'
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/gitea:/data
+    - app_data:/data
    - /etc/timezone:/etc/timezone:ro
    - /etc/localtime:/etc/localtime:ro
  runner:
    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
+    # secrets:
+    #   - gitea_runner_registration_token
    environment:
      CONFIG_FILE: /config/config.yaml
      GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/"
      GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb"
+      #GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /srv/secrets/gitea_runner_registration_token
      GITEA_RUNNER_NAME: jaydee
      GITEA_RUNNER_LABELS: jaydee
    volumes:
-      - /share/docker_data/gitea-runner/config:/config
-      - /share/docker_data/gitea-runner/data:/data
+    - runner_config:/config
+    - runner_data:/data
    - /var/run/docker.sock:/var/run/docker.sock
    restart: ${RESTART:-unless-stopped}
    labels:
      wud.watch: true
      wud.watch.digest: true
+volumes:
+  app_data:
+    driver: local
+  runner_config:
+    driver: local
+  runner_data:
+    driver: local
+
+# secrets:
+#   gitea_runner_registration_token:
+#     external: true
--- a/gitea/secrets/.secret_gitea_runner_registration_token
+++ b/gitea/secrets/.secret_gitea_runner_registration_token
--- a/gitlab/docker-compose.yml
+++ b/gitlab/docker-compose.yml
@@ -45,7 +45,6 @@ services:
    - 8743:443
    - '8722:22'
    restart: unless-stopped
-    shm_size: 4gb
    volumes:
    - /share/docker_data/gitlab/config:/etc/gitlab
    - /share/docker_data/gitlab/logs:/var/log/gitlab
--- a/grafana/docker-compose.yml
+++ b/grafana/docker-compose.yml
@@ -1,6 +1,10 @@
 name: grafana
 networks:
  loki: null
+volumes:
+  loki_data:
+  grafana_data:
+  grafana_certs:
 services:
  grafana:
    container_name: grafana
@@ -49,11 +53,13 @@ services:
    restart: ${RESTART:-unless-stopped}
    user: 0:0
    volumes:
-    - /share/docker_data/grafana/data:/var/lib/grafana
-    - /share/docker_data/grafana/certs:/certs
+    - grafana_data:/var/lib/grafana
+    - grafana_certs:/certs
  loki:
    command: -config.file=/etc/loki/local-config.yaml
    image: ${DOCKER_REGISTRY:-}grafana/loki:latest
+    volumes:
+      - loki_data:/loki
    labels:
      wud.watch: true
      wud.watch.digest: true
--- a/home-assistant/docker-compose.yml
+++ b/home-assistant/docker-compose.yml
@@ -54,7 +54,7 @@ services:
    container_name: esphome
    image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
    volumes:
-      - /share/docker_data/esphome/config:/config
+      - /share/docker_data/esphome_config:/config
      - /etc/localtime:/etc/localtime:ro
    restart: ${RESTART:-unless-stopped}
    privileged: true
--- a/mediacenter/docker-compose.yml
+++ b/mediacenter/docker-compose.yml
@@ -144,7 +144,7 @@ services:
    ports:
    - 8096:8096
    - 8920:8920
-    - 7359:7359/udp
+    - 7359:7359
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/jellyfin:/config
@@ -154,6 +154,7 @@ services:
    - /media/nas/movies:/data/movies/nas
    - /media/nas/music:/data/music/nas
    - /media/nas/shows:/data/shows/nas
+    - /media/nas/live:/data/live/nas
    - /media/nas/xxx:/data/xxx/nas
  jellyseerr:
    container_name: jellyseerr
@@ -248,7 +249,7 @@ services:
    ports:
    - 8085:8085
    - 6881:6881
-    - 6881:6881/udp
+    - 6881:6881
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/qbittorrent/config:/config
--- a/n8n/docker-compose.yml
+++ b/n8n/docker-compose.yml
@@ -18,7 +18,7 @@ services:
      - N8N_SECURE_COOKIE=false
      - WEBHOOK_URL=https://n8n.sectorq.eu
    volumes:
-      - /share/docker_data/n8n/n8n-data:/home/node/.n8n
+      - n8n-data:/home/node/.n8n
    restart: ${RESTART:-unless-stopped}
    stop_grace_period: 60s
    labels:      
@@ -31,3 +31,6 @@ services:
      homepage.server: my-docker
      wud.watch: true
      wud.watch.digest: true
+volumes:
+  n8n-data:
+    driver: local
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@@ -2,7 +2,7 @@ networks:
  nextcloud_network:
    ipam:
      config:
-      - subnet: 192.168.80.0/28
+      - subnet: 192.168.90.0/28
      driver: default
  pihole_pihole:
    external: true
--- a/pihole/docker-compose.yml
+++ b/pihole/docker-compose.yml
@@ -33,6 +33,17 @@ services:
      TZ: Europe/Bratislava
    hostname: m-server
    image: pihole/pihole:latest
+    shm_size: '256mb'
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+        loki-relabel-config: |
+          - action: labelmap
+            regex: swarm_stack
+            replacement: namespace
+          - action: labelmap
+            regex: swarm_(service)
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: pihole
@@ -53,11 +64,15 @@ services:
      pihole:
        ipv4_address: 192.168.78.254
    ports:
-    - 53:53/tcp
-    - 53:53/udp
-    - 9380:80/tcp
-    - 9343:443/tcp
+    - '53:53/udp'
+    - '9380:80'
+    - '9343:443'  
    restart: always
    volumes:
-    - /share/docker_data/pihole/etc-pihole:/etc/pihole
-    - /share/docker_data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
+    - data:/etc/pihole
+    - dnsmasq_d:/etc/dnsmasq.d
+volumes:
+  data:
+    driver: local
+  dnsmasq_d:
+    driver: local
--- a/rancher/docker-compose.yml
+++ b/rancher/docker-compose.yml
@@ -12,4 +12,6 @@ services:
    privileged: true
    restart: ${RESTART:-unless-stopped}
    volumes:
-    - /share/docker_data/rancher:/var/lib/rancher
+    - data:/var/lib/rancher
+volumes:
+  data:
--- a/registry/docker-compose.yml
+++ b/registry/docker-compose.yml
@@ -21,3 +21,4 @@ services:
    volumes:
    - /share/docker_data/registry/auth:/auth
    - /share/docker_registry/data:/var/lib/registry
+    - /share/docker_data/registry/config:/etc/docker/registry/
--- a/regsync/docker-compose.yml
+++ b/regsync/docker-compose.yml
@@ -1,4 +1,6 @@
-name: regsync
+volumes:
+  data:
+    driver: local
 services:
  regsync:
    command: -c /home/appuser/regsync.yml server
@@ -16,5 +18,5 @@ services:
    restart: ${RESTART:-unless-stopped}
    stdin_open: true
    volumes:
-    - /share/docker_data/regsync/regsync.yml:/home/appuser/regsync.yml
+    - data:/home/appuser/
    - /etc/localtime:/etc/localtime
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +0,0 @@
-pyyaml
--- a/wud/stack.env
+++ b/wud/stack.env
@@ -19,7 +19,7 @@ WUD_AUTH_BASIC_JAYDEE_USER=homepage
 WUD_AUTH_BASIC_JAYDEE_HASH=$$apr1$$pGMz1QxU$$y6XuTscvGcYgas15JWlfg/
 # GOTIFY
 WUD_TRIGGER_GOTIFY_EXTERNAL_PRIORITY=0
-WUD_TRIGGER_GOTIFY_EXTERNAL_TOKEN="AFxvpm1JpPSsmkf"
+WUD_TRIGGER_GOTIFY_EXTERNAL_TOKEN="Ap-o0PU3hbTFI_."
 WUD_TRIGGER_GOTIFY_EXTERNAL_URL=https://gotify.sectorq.eu
 #WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=batch
 WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=simple
--- a/yaml_convert.py
+++ b/yaml_convert.py
@@ -1,121 +0,0 @@
-import yaml
-import sys
-import copy
-
-def default_deploy():
-    return {
-        "mode": "replicated",
-        "replicas": 1,
-        "restart_policy": {"condition": "any"},
-        "labels": {},
-        "placement": {
-            "constraints": [
-                "node.role == manager"
-            ]
-        }
-    }
-
-
-def convert_service(service):
-    swarm_service = {}
-
-    # Create a fresh deploy section each time (avoids YAML anchors)
-    deploy_section = default_deploy()
-
-    for key, value in service.items():
-        #print(key, value)
-        # Unsupported in Swarm
-        if key in ["container_name", "restart", "depends_on"]:
-            continue
-
-        # Move labels → deploy.labels
-        #print(f"Labels: {deploy_section['labels']}")
-        if key == "labels":
-            input(f"Key: {key} Value: {value}")
-            #print("Processing Labels:")
-            if isinstance(value, dict):
-                deploy_section["labels"].update({k: str(v).lower() for k, v in value.items()})
-                
-                
-            elif isinstance(value, list):
-                for item in value:
-                    if "=" in item:
-                        k, v = item.split("=", 1)
-                        deploy_section["labels"][k] = str(v).lower()
-                        
-            continue
-        
-        swarm_service[key] = value
-    # for en in swarm_service['environment']:
-    #     #print(f"Environment Variable: {en} : {swarm_service['environment'][en]}")
-    #     print(en)
-    #     print(swarm_service['environment'][en])
-    #     swarm_service['environment'][en] = str(swarm_service['environment'][en]).lower()
-    #print("Deploy Section:")
-    #print(swarm_service)
-    # Merge user deploy section if present
-    #input(service)
-    if "deploy" in service:
-        user_deploy = service["deploy"]
-        #print("User Deploy Section:")
-        # merge deploy.labels
-        if "labels" in user_deploy:
-            ##print("User Deploy Labels:")
-            labels = user_deploy["labels"]
-            if isinstance(labels, dict):
-                deploy_section["labels"].update(labels)
-            elif isinstance(labels, list):
-                for item in labels:
-                    #print(f"Label Item: {item}")
-                    if "=" in item:
-                        k, v = item.split("=", 1)
-                        deploy_section["labels"][k] = str(v).lower()
-
-        # merge placement constraints
-        if "placement" in user_deploy:
-            if "constraints" in user_deploy["placement"]:
-                deploy_section["placement"]["constraints"].extend(
-                    user_deploy["placement"]["constraints"]
-                )
-
-        # merge other keys
-        for dk, dv in user_deploy.items():
-            if dk not in ["labels", "placement"]:
-                deploy_section[dk] = copy.deepcopy(dv)
-
-    swarm_service["deploy"] = deploy_section
-    return swarm_service
-
-
-def convert_compose_to_swarm(app):
-    output_file = "__swarm/" + app + "/" + app + "-swarm.yml"
-    input_file = app + "/docker-compose.yml"
-    with open(input_file, "r") as f:
-        compose = yaml.safe_load(f)
-
-    swarm = {"version": "3.9", "services": {}}
-
-    for name, service in compose.get("services", {}).items():
-        swarm["services"][name] = convert_service(service)
-
-    for section in ["networks", "volumes", "configs", "secrets"]:
-        if section in compose:
-            swarm[section] = compose[section]
-
-    # Prevent PyYAML from creating anchors
-    class NoAliasDumper(yaml.SafeDumper):
-        def ignore_aliases(self, data):
-            return True
-
-    with open(output_file, "w") as f:
-        yaml.dump(swarm, f, sort_keys=False, Dumper=NoAliasDumper)
-
-    print(f"✔ Swarm file written to: {output_file}")
-
-
-if __name__ == "__main__":
-    if len(sys.argv) != 2:
-        print("Usage: python convert_to_swarm.py app_name")
-        sys.exit(1)
-
-    convert_compose_to_swarm(sys.argv[1])
--- a/yaml_convert2.py
+++ b/yaml_convert2.py
@@ -1,99 +0,0 @@
-import yaml
-import sys
-
-stack_name = sys.argv[1]
-INPUT_FILE = f"{stack_name}/docker-compose.yml"
-OUTPUT_FILE = f"__swarm/{stack_name}/{stack_name}-swarm.yml"
-def convert_ports(ports):
-    """Convert short port syntax to Swarm long syntax."""
-    result = []
-    for p in ports:
-        if isinstance(p, str):
-            # format: "8080:80"
-            pub, tgt = p.split(":")
-            result.append({
-                "target": int(tgt),
-                "published": int(pub),
-                "protocol": "tcp",
-                "mode": "ingress"
-            })
-        else:
-            result.append(p)
-    return result
-
-def to_str_lower(value):
-    """Convert value to string. Booleans become lowercase 'true'/'false'."""
-    if isinstance(value, bool):
-        return "true" if value else "false"
-    return str(value)
-
-def env_list_to_dict(env_list):
-    """Convert environment from list ['KEY=VAL'] to dict {KEY: VAL} as strings."""
-    env_dict = {}
-    for item in env_list:
-        key, value = item.split("=", 1)
-        # convert 'true'/'false' strings to lowercase
-        if value.lower() in ["true", "false"]:
-            env_dict[key] = value.lower()
-        else:
-            env_dict[key] = str(value)
-    return env_dict
-
-def ensure_labels_as_string(labels):
-    """Ensure all label values are strings, lowercase for booleans."""
-    return {k: to_str_lower(v) for k, v in labels.items()}
-
-def convert_compose_to_swarm(data):
-    services = data.get("services", {})
-
-    for name, svc in services.items():
-
-        # 1) Convert environment list → dict (strings)
-        if "environment" in svc and isinstance(svc["environment"], list):
-            svc["environment"] = env_list_to_dict(svc["environment"])
-
-        # 2) Ensure deploy exists
-        deploy = svc.setdefault("deploy", {})
-
-        # 3) Move labels into deploy.labels, all as strings (lowercase booleans)
-        if "labels" in svc:
-            deploy.setdefault("labels", {})
-            if isinstance(svc["labels"], dict):
-                deploy["labels"].update(ensure_labels_as_string(svc["labels"]))
-            elif isinstance(svc["labels"], list):
-                for label in svc["labels"]:
-                    key, value = label.split("=", 1)
-                    deploy["labels"][key] = value.lower() if value.lower() in ["true", "false"] else str(value)
-            del svc["labels"]
-
-        # 4) Default replicas
-        deploy.setdefault("replicas", 1)
-
-        # 5) Add placement constraint
-        deploy.setdefault("placement", {})
-        deploy["placement"].setdefault("constraints", [])
-        if "node.role == manager" not in deploy["placement"]["constraints"]:
-            deploy["placement"]["constraints"].append("node.role == manager")
-
-        # 6) Convert ports to long format
-        if "ports" in svc:
-            svc["ports"] = convert_ports(svc["ports"])
-
-        # 7) Remove container_name (not allowed in Swarm)
-        svc.pop("container_name", None)
-
-    return data
-
-def main():
-    with open(INPUT_FILE, "r") as f:
-        compose = yaml.safe_load(f)
-
-    swarm = convert_compose_to_swarm(compose)
-
-    with open(OUTPUT_FILE, "w") as f:
-        yaml.dump(swarm, f, sort_keys=False)
-
-    print(f"Swarm stack file written to {OUTPUT_FILE}")
-
-if __name__ == "__main__":
-    main()
Author	SHA1	Message	Date
jaydee	67b908b5ad	build	2025-12-14 10:22:19 +01:00
jaydee	2a2aa81e5f	build	2025-12-14 10:08:30 +01:00
jaydee	b6d6c62071	build	2025-12-14 10:05:40 +01:00
jaydee	cc0df08051	build	2025-12-14 02:06:26 +01:00
jaydee	bf2772103a	build	2025-12-14 02:05:47 +01:00
jaydee	e23498073d	build	2025-12-14 02:04:35 +01:00
jaydee	a75e61ef72	build	2025-12-14 02:04:03 +01:00
jaydee	d0d3a56a7c	build	2025-12-14 02:03:02 +01:00
jaydee	c6d44a83e2	build	2025-12-14 01:50:14 +01:00
jaydee	91d00911e5	build	2025-12-14 01:19:08 +01:00
jaydee	9594626646	build	2025-12-13 21:26:29 +01:00
jaydee	e96c3015fb	build	2025-12-13 15:17:49 +01:00
jaydee	5b340d6b3d	build	2025-12-12 18:10:59 +01:00
jaydee	94c59d85fc	build	2025-12-12 18:07:34 +01:00
jaydee	f78408484b	build	2025-12-12 16:42:51 +01:00
jaydee	42adb45e9f	build	2025-12-12 16:38:53 +01:00
jaydee	e986f77d26	build	2025-12-12 16:32:23 +01:00
jaydee	4e1dcb5009	build	2025-12-12 16:25:04 +01:00
jaydee	4f7c3a285c	build	2025-12-12 16:23:39 +01:00
jaydee	62cab99470	build	2025-12-12 16:22:47 +01:00
jaydee	1bc1b0dcb9	build	2025-12-12 16:19:03 +01:00
jaydee	b37bf9f699	build	2025-12-12 16:02:28 +01:00
jaydee	bed32a51a6	build	2025-12-12 16:00:49 +01:00
jaydee	cf04cb7f74	build	2025-12-12 15:57:16 +01:00
jaydee	c835e3fbea	build	2025-12-12 15:55:48 +01:00
jaydee	6affd9f1a4	build	2025-12-12 15:53:56 +01:00
jaydee	9a064b469e	build	2025-12-12 15:23:20 +01:00
jaydee	c206590073	build	2025-12-12 15:18:18 +01:00
jaydee	565b25dc9b	build	2025-12-12 12:16:10 +01:00
jaydee	24179fade8	build	2025-12-11 17:12:09 +01:00
jaydee	1ed48b84c4	build	2025-12-11 16:45:19 +01:00
jaydee	2cf269a868	build	2025-12-10 23:42:15 +01:00
jaydee	c01c495b41	build	2025-12-10 23:34:38 +01:00
jaydee	e2748ccda8	build	2025-12-10 23:33:15 +01:00
jaydee	a4eb29de87	build	2025-12-10 23:25:37 +01:00
jaydee	005616c0a6	Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose	2025-12-10 23:24:13 +01:00
jaydee	74213b1de9	build	2025-12-10 23:23:26 +01:00
ladislav.dusa	f3de9e0995	build	2025-12-09 09:21:14 +01:00
ladislav.dusa	f82f7e0f25	build	2025-12-09 09:20:58 +01:00
jaydee	a98a226099	build	2025-12-08 18:57:14 +01:00
jaydee	f6536c0e6c	build	2025-12-08 18:53:19 +01:00
jaydee	b73b3dc929	build	2025-12-08 18:15:05 +01:00
jaydee	4e8fe0a1a1	build	2025-12-08 18:14:12 +01:00
jaydee	6484de18e8	build	2025-12-08 18:00:55 +01:00
jaydee	a92d32e73b	build	2025-12-08 16:51:22 +01:00
jaydee	178f30e9f1	build	2025-12-08 16:49:06 +01:00
jaydee	121abc76b0	build	2025-12-08 16:48:20 +01:00
jaydee	62a3ba833f	build	2025-12-08 16:47:44 +01:00
jaydee	cd2dc573f4	build	2025-12-08 16:46:24 +01:00
jaydee	7b6229bb39	build	2025-12-08 16:41:58 +01:00
jaydee	f06bcd22a6	build	2025-12-08 16:41:10 +01:00
jaydee	fa00fadccf	build	2025-12-08 16:06:47 +01:00
jaydee	4537da6174	build	2025-12-08 15:21:02 +01:00
jaydee	020b784632	build	2025-12-08 15:20:18 +01:00
jaydee	2963ee88f9	build	2025-12-08 15:08:41 +01:00
jaydee	682a727d50	build	2025-12-08 14:02:49 +01:00
jaydee	fca4bb4508	build	2025-12-08 00:02:56 +01:00
jaydee	8f2d400301	build	2025-12-07 23:25:42 +01:00
jaydee	bc41a0431d	build	2025-12-07 23:22:52 +01:00
jaydee	838fe4ed2a	build	2025-12-07 23:21:54 +01:00
jaydee	d932db7b28	build	2025-12-07 23:18:19 +01:00
jaydee	abaf235fed	build	2025-12-07 21:13:21 +01:00
jaydee	914bd21457	build	2025-12-07 21:04:38 +01:00
jaydee	0a746ab637	build	2025-12-07 21:01:33 +01:00
jaydee	3191ca5b55	build	2025-12-07 21:00:52 +01:00
jaydee	5a2235ae06	build	2025-12-07 20:59:57 +01:00
jaydee	4f212e10f2	build	2025-12-07 20:54:15 +01:00
jaydee	fc0ea98def	build	2025-12-07 20:47:22 +01:00
jaydee	0d9b5ef975	build	2025-12-07 20:44:01 +01:00
jaydee	4ce8f2ec9f	build	2025-12-07 20:40:26 +01:00
jaydee	5f24941a59	build	2025-12-07 20:32:19 +01:00
jaydee	fe563de936	build	2025-12-07 20:17:21 +01:00
jaydee	324244afac	build	2025-12-07 20:06:38 +01:00
jaydee	106e53fd0e	build	2025-12-07 20:05:50 +01:00
jaydee	ecdbbfb69f	build	2025-12-07 20:00:33 +01:00
jaydee	eb676c9dc6	build	2025-12-07 13:24:10 +01:00
jaydee	139908ad56	build	2025-12-07 13:19:02 +01:00
jaydee	46a0ae669c	build	2025-12-07 13:16:00 +01:00
jaydee	4708260c5c	build	2025-12-07 13:11:24 +01:00
jaydee	8fedeb155a	build	2025-12-07 13:05:41 +01:00
jaydee	bd29257d19	build	2025-12-07 13:04:52 +01:00
jaydee	f5628ee014	build	2025-12-07 12:55:51 +01:00
jaydee	b70c372e07	build	2025-12-06 16:38:51 +01:00
jaydee	dcee21d9d5	build	2025-12-06 16:36:27 +01:00
jaydee	5748b06dee	build	2025-12-06 16:32:49 +01:00
jaydee	042a50b572	build	2025-12-06 16:27:33 +01:00
jaydee	80781812de	build	2025-12-06 16:26:01 +01:00
jaydee	718dd27570	build	2025-12-06 16:22:19 +01:00
jaydee	d2e18a53e6	build	2025-12-06 16:20:53 +01:00
jaydee	7a5291fb37	build	2025-12-06 16:19:30 +01:00
jaydee	5651b03906	build	2025-12-06 16:18:26 +01:00
jaydee	246dc997b5	build	2025-12-06 16:17:27 +01:00
jaydee	81b430e23d	build	2025-12-06 16:15:23 +01:00
jaydee	43b82acc66	build	2025-12-06 16:12:53 +01:00
jaydee	7b95fd74cd	build	2025-12-06 16:10:40 +01:00
jaydee	403f9396c5	build	2025-12-06 16:08:57 +01:00
jaydee	1f82d674f8	build	2025-12-06 16:06:47 +01:00
jaydee	6f66064c8b	build	2025-12-06 16:05:02 +01:00
jaydee	504eb1229a	build	2025-12-06 16:01:52 +01:00
jaydee	c5c66dc914	build	2025-12-06 15:59:44 +01:00
jaydee	b7efad7a12	build	2025-12-06 15:55:55 +01:00
jaydee	4d98f7f39e	build	2025-12-06 15:53:02 +01:00
jaydee	f449431a91	build	2025-12-06 15:51:42 +01:00
jaydee	8f36939703	build	2025-12-06 15:48:47 +01:00
jaydee	136e637aed	build	2025-12-06 15:46:41 +01:00
jaydee	6ba2c2dd0f	build	2025-12-06 15:27:44 +01:00
jaydee	b4961f5961	build	2025-12-06 15:14:25 +01:00
jaydee	e34addb608	build	2025-12-06 15:11:35 +01:00
jaydee	89321a9b46	build	2025-12-06 15:10:34 +01:00
jaydee	0e31d85bc7	build	2025-12-06 13:25:29 +01:00
jaydee	68046f8bb3	build	2025-12-06 02:22:16 +01:00
jaydee	cc3b725b59	build	2025-12-06 02:19:58 +01:00
jaydee	7af37e4adf	build	2025-12-06 02:18:09 +01:00
jaydee	59276f0a0d	build	2025-12-06 02:13:52 +01:00
jaydee	53a2087e21	build	2025-12-06 01:53:54 +01:00
jaydee	c4a5822ee7	build	2025-12-06 01:50:44 +01:00
jaydee	6c65d61a9d	build	2025-12-06 01:17:11 +01:00
jaydee	a3661ef551	build	2025-12-06 01:14:42 +01:00
jaydee	99c4787189	build	2025-12-06 01:10:29 +01:00
jaydee	7ee17ad41c	build	2025-12-06 01:05:53 +01:00
jaydee	f414ced56e	build	2025-12-06 01:04:34 +01:00
jaydee	43966299d7	build	2025-12-06 01:01:07 +01:00
jaydee	df897ceee3	build	2025-12-06 00:59:20 +01:00
jaydee	4c73d641e8	build	2025-12-06 00:55:48 +01:00
jaydee	34cb6e28d6	build	2025-12-06 00:54:38 +01:00
jaydee	690d1a2a15	build	2025-12-06 00:47:35 +01:00
jaydee	cdd64767f4	build	2025-12-06 00:33:08 +01:00
jaydee	9080a8914c	build	2025-12-06 00:30:40 +01:00
jaydee	a428b50ecd	build	2025-12-06 00:29:45 +01:00
jaydee	630946ad99	build	2025-12-06 00:20:51 +01:00
jaydee	0fc0f74183	build	2025-12-06 00:14:24 +01:00
jaydee	bab3fd7ec3	build	2025-12-06 00:11:34 +01:00
jaydee	116855a14c	build	2025-12-06 00:07:08 +01:00
jaydee	db91ebd75e	build	2025-12-06 00:03:52 +01:00
jaydee	914ceee33c	build	2025-12-05 23:45:12 +01:00
jaydee	b784bc08e9	build	2025-12-05 23:31:00 +01:00
jaydee	3eb5938c7d	build	2025-12-05 23:28:27 +01:00
jaydee	05b09e3ab4	build	2025-12-05 23:27:54 +01:00
jaydee	b1336936a7	build	2025-12-05 23:23:16 +01:00
jaydee	e3e59b73c6	build	2025-12-05 23:15:16 +01:00
jaydee	9c8f603390	build	2025-12-05 23:14:25 +01:00
jaydee	e77462a602	build	2025-12-05 23:05:40 +01:00
jaydee	3b3a520099	build	2025-12-05 23:02:56 +01:00
jaydee	b5ad9aa6f1	build	2025-12-05 22:54:34 +01:00
jaydee	68fe8d68bf	build	2025-12-05 22:49:10 +01:00
jaydee	3fad5abfb2	build	2025-12-05 22:46:00 +01:00
jaydee	279d51b43e	build	2025-12-05 22:36:47 +01:00
jaydee	782b2361b1	build	2025-12-05 22:35:09 +01:00
jaydee	ca167b83a1	build	2025-12-05 22:34:31 +01:00
jaydee	1c7d250719	build	2025-12-05 22:27:08 +01:00
jaydee	3fd77c7a85	build	2025-12-05 22:02:54 +01:00
jaydee	c4de5186ef	build	2025-12-05 17:40:21 +01:00
jaydee	8684ec35b1	build	2025-12-05 17:38:52 +01:00
jaydee	4b3edfb97e	build	2025-12-05 17:38:16 +01:00
jaydee	f8a3b1df09	build	2025-12-05 17:37:12 +01:00
jaydee	fc47bf7ca8	build	2025-12-05 17:36:18 +01:00
jaydee	1880468c0a	build	2025-12-05 17:35:18 +01:00
jaydee	cd45bf010a	build	2025-12-05 14:23:23 +01:00
jaydee	b6bb681347	build	2025-12-05 14:22:53 +01:00
jaydee	75094c4bef	build	2025-12-05 14:22:30 +01:00
jaydee	ad6bddbd27	build	2025-12-05 14:21:56 +01:00
jaydee	4f23e7bcac	build	2025-12-05 14:21:14 +01:00
jaydee	09af3a71f2	build	2025-12-05 14:18:29 +01:00
jaydee	4044c739f3	build	2025-12-05 13:34:11 +01:00
jaydee	52101e3559	build	2025-12-05 07:30:09 +01:00
jaydee	1699f45b01	build	2025-12-04 20:36:28 +01:00
jaydee	a95436bff8	build	2025-12-04 20:34:39 +01:00
jaydee	09f7bcf059	build	2025-12-04 20:28:26 +01:00
jaydee	60f60c4950	build	2025-12-04 20:26:49 +01:00
jaydee	89231da969	build	2025-12-04 20:24:48 +01:00
jaydee	ae54ed3d27	build	2025-12-04 20:24:45 +01:00
jaydee	da2bbe5318	build	2025-12-04 20:06:12 +01:00
jaydee	16725c9d47	build	2025-12-04 14:18:31 +01:00
jaydee	f4742596e5	build	2025-12-04 13:35:13 +01:00
jaydee	c7f06a3d67	build	2025-12-04 13:29:46 +01:00
jaydee	225b5e07e4	Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose	2025-12-04 13:28:07 +01:00
jaydee	e222a43e52	build	2025-12-04 13:27:56 +01:00
ladislav.dusa	e38fdbc412	build	2025-12-03 13:17:01 +01:00
jaydee	6b9b310267	build	2025-12-02 23:50:19 +01:00
jaydee	e6b210c5c2	build	2025-12-02 17:45:31 +01:00
jaydee	05f7d57ea0	build	2025-12-02 09:27:40 +01:00
jaydee	77bf212ea5	build	2025-12-02 09:15:35 +01:00
jaydee	4e78ee240b	build	2025-12-02 09:10:24 +01:00
jaydee	71470ad568	build	2025-12-02 00:47:29 +01:00
jaydee	bfaaccd820	build	2025-12-02 00:07:30 +01:00
jaydee	d3cc962d2c	build	2025-12-02 00:07:11 +01:00
jaydee	d0430f6c29	build	2025-12-02 00:06:51 +01:00
jaydee	1f4db460b2	build	2025-12-02 00:05:18 +01:00
jaydee	2f626e5d1d	build	2025-12-02 00:02:48 +01:00
jaydee	eefa342936	build	2025-12-02 00:02:23 +01:00
jaydee	b8f2e75104	build	2025-12-01 23:56:28 +01:00
jaydee	f2cd7820ee	build	2025-12-01 23:54:51 +01:00
jaydee	5fb1992d5a	build	2025-12-01 23:52:11 +01:00
jaydee	920a1612f1	build	2025-12-01 23:51:38 +01:00
jaydee	5e747541a9	build	2025-12-01 23:51:18 +01:00
jaydee	6596084339	build	2025-12-01 23:50:10 +01:00
jaydee	7aa2886f56	build	2025-12-01 23:49:35 +01:00
jaydee	3faf6f4518	build	2025-12-01 23:44:14 +01:00
jaydee	7fd268c8f7	build	2025-12-01 23:33:08 +01:00
jaydee	36c3a04d68	build	2025-12-01 23:32:00 +01:00
jaydee	a7f03c4018	build	2025-12-01 23:31:08 +01:00
jaydee	e4aae2ad7f	build	2025-12-01 23:29:08 +01:00
jaydee	cb8da69fb7	build	2025-12-01 23:26:52 +01:00
jaydee	3db89c2fa4	build	2025-12-01 23:17:55 +01:00
jaydee	0cee8f9035	build	2025-12-01 23:13:44 +01:00
jaydee	72e396ca25	build	2025-12-01 23:09:45 +01:00
jaydee	43b639d032	build	2025-12-01 23:09:19 +01:00
jaydee	ed9e536fe3	build	2025-12-01 23:04:40 +01:00
jaydee	9a35e5dd04	build	2025-12-01 23:04:11 +01:00
jaydee	b4b12f491b	build	2025-12-01 23:01:26 +01:00
jaydee	7b5a0df31a	build	2025-12-01 23:01:04 +01:00
jaydee	38794f8d05	build	2025-12-01 22:54:45 +01:00
jaydee	7ee80c8dd7	build	2025-12-01 22:51:51 +01:00
jaydee	15d4158cf4	build	2025-12-01 22:50:00 +01:00
jaydee	f67185ff7a	build	2025-12-01 22:43:16 +01:00
jaydee	2f3e5f1c34	build	2025-12-01 22:40:54 +01:00
jaydee	23c1830136	build	2025-12-01 22:39:54 +01:00
jaydee	4019769b46	build	2025-12-01 22:39:30 +01:00
jaydee	9a5fef9a6c	build	2025-12-01 22:17:46 +01:00
jaydee	7086a5d938	build	2025-12-01 22:14:56 +01:00
jaydee	cc1973cfba	build	2025-12-01 22:13:40 +01:00
jaydee	21b1074c66	build	2025-12-01 22:10:13 +01:00
jaydee	940f6a44b4	build	2025-12-01 22:09:44 +01:00
jaydee	c711d5f918	build	2025-12-01 22:04:37 +01:00
jaydee	9a31555e24	build	2025-12-01 22:04:05 +01:00
jaydee	6ce28fee3d	build	2025-12-01 22:02:12 +01:00
jaydee	59ef2785aa	build	2025-12-01 21:32:54 +01:00
jaydee	05832a32f8	build	2025-12-01 21:25:22 +01:00
jaydee	df36b5e6e9	build	2025-12-01 21:06:10 +01:00
jaydee	db968226bd	build	2025-12-01 21:05:25 +01:00
jaydee	b44183d97f	build	2025-12-01 20:56:04 +01:00
jaydee	78f958d101	build	2025-12-01 20:53:34 +01:00
jaydee	6f0c7e1b01	build	2025-12-01 20:50:22 +01:00
jaydee	a76a083829	build	2025-12-01 20:49:33 +01:00
jaydee	a30bdd2aaf	build	2025-12-01 20:30:18 +01:00
jaydee	d4ad6a6e20	build	2025-12-01 20:28:55 +01:00
jaydee	a52c6d0acf	build	2025-12-01 20:05:39 +01:00
jaydee	83075b5d70	build	2025-12-01 19:37:17 +01:00
jaydee	b7bda89eac	build	2025-12-01 14:40:34 +01:00
jaydee	019b9279b7	build	2025-12-01 11:54:15 +01:00
jaydee	238ed8934c	build	2025-12-01 11:50:53 +01:00
jaydee	8832b26ac6	build	2025-12-01 09:46:49 +01:00
jaydee	df02fb6493	build	2025-12-01 00:45:31 +01:00
jaydee	2503bdff11	build	2025-12-01 00:44:21 +01:00
jaydee	46f149d67d	build	2025-11-30 23:59:15 +01:00
jaydee	36f36feea3	build	2025-11-30 23:56:04 +01:00
jaydee	cde8f6c486	build	2025-11-30 23:54:27 +01:00
jaydee	8a49f037e2	build	2025-11-30 23:54:10 +01:00
jaydee	f3c5258573	build	2025-11-30 23:51:33 +01:00
jaydee	0adb6aee4f	build	2025-11-30 23:49:56 +01:00
jaydee	e1638acd8d	build	2025-11-30 23:34:46 +01:00
jaydee	c349c2e262	build	2025-11-30 23:16:59 +01:00
jaydee	6fe23b5734	build	2025-11-30 23:15:18 +01:00
jaydee	4100776d71	build	2025-11-30 22:49:47 +01:00
jaydee	614aea1790	build	2025-11-30 22:38:10 +01:00
jaydee	7e0423af92	build	2025-11-30 22:34:44 +01:00
jaydee	fe0e418533	build	2025-11-30 22:28:40 +01:00
jaydee	2bda209455	build	2025-11-30 22:25:10 +01:00
jaydee	661cdf4a37	build	2025-11-30 22:20:45 +01:00
jaydee	e9598adce8	build	2025-11-30 22:06:14 +01:00
jaydee	71af5ccc4c	build	2025-11-30 22:02:25 +01:00
jaydee	0f990c2c9e	build	2025-11-30 21:58:23 +01:00
jaydee	28afb56f15	build	2025-11-30 21:45:08 +01:00
jaydee	8cd6483f92	build	2025-11-30 21:39:05 +01:00
jaydee	f1d9b5afea	build	2025-11-30 21:35:07 +01:00
jaydee	a733b283b1	build	2025-11-30 21:25:00 +01:00
jaydee	d7e80a3e06	build	2025-11-30 21:21:55 +01:00
jaydee	d9495b67a2	build	2025-11-30 20:59:37 +01:00
jaydee	ecdfa9182a	build	2025-11-30 20:56:53 +01:00
jaydee	7be1fc6085	build	2025-11-30 20:55:45 +01:00
jaydee	aa68e0f291	build	2025-11-30 20:50:00 +01:00
jaydee	972be8425a	build	2025-11-30 19:37:27 +01:00
jaydee	f901c8a22c	build	2025-11-30 19:35:08 +01:00
jaydee	99966b04ba	build	2025-11-30 18:46:25 +01:00
jaydee	86ed33513d	build	2025-11-30 18:26:06 +01:00
jaydee	a1ceec582a	build	2025-11-30 18:01:08 +01:00
jaydee	f49b9a13e0	build	2025-11-30 17:28:04 +01:00
jaydee	c2420987ca	build	2025-11-30 17:27:05 +01:00
jaydee	af8e4b1cbf	build	2025-11-30 17:13:02 +01:00
jaydee	5ef7c025f4	build	2025-11-30 17:12:46 +01:00
jaydee	befd931165	build	2025-11-30 17:04:24 +01:00
jaydee	a037496191	build	2025-11-30 17:01:20 +01:00
jaydee	5e8b06175d	build	2025-11-30 16:59:40 +01:00
jaydee	03516cad45	build	2025-11-30 16:58:51 +01:00
jaydee	1b14ee6a6d	build	2025-11-30 16:57:24 +01:00
jaydee	0e0383bf49	build	2025-11-30 16:56:13 +01:00
jaydee	527c18c89f	build	2025-11-30 16:43:19 +01:00
jaydee	03c1e12a27	build	2025-11-30 16:35:09 +01:00
jaydee	2ddb1fad36	build	2025-11-30 16:31:04 +01:00
jaydee	6f137b7a1b	build	2025-11-30 16:29:53 +01:00
jaydee	9ae1911a44	build	2025-11-30 16:03:20 +01:00
jaydee	ac9f9dd009	build	2025-11-30 15:57:29 +01:00
jaydee	3fbf904a6c	build	2025-11-30 15:57:28 +01:00
jaydee	cfb619f3c3	build	2025-11-30 15:36:23 +01:00
jaydee	bf052fae54	build	2025-11-30 15:35:00 +01:00
jaydee	63bf6b805b	build	2025-11-30 15:16:46 +01:00
jaydee	a63b1353a7	build	2025-11-30 15:15:01 +01:00
jaydee	0443fcf7aa	build	2025-11-30 15:13:57 +01:00
jaydee	d3ef0fb2b7	build	2025-11-30 15:08:49 +01:00
jaydee	67400a92b0	build	2025-11-30 15:05:19 +01:00
jaydee	a59d0b5fa7	build	2025-11-30 15:04:25 +01:00
jaydee	c1dec9fbc7	build	2025-11-30 15:02:09 +01:00
jaydee	29fe44abdb	build	2025-11-30 15:01:11 +01:00
jaydee	8296f99b41	build	2025-11-30 14:58:16 +01:00
jaydee	06041dc3ee	build	2025-11-30 14:50:36 +01:00