build

2025-12-14 18:34:53 +01:00 · 2025-12-14 10:45:29 +01:00 · 2025-12-14 10:43:26 +01:00 · 2025-12-14 10:40:22 +01:00 · 2025-12-14 10:34:40 +01:00 · 2025-12-14 10:30:34 +01:00
216 changed files with 8896 additions and 108 deletions
--- a/__swarm/authentik/.env
+++ b/__swarm/authentik/.env
@@ -0,0 +1,16 @@
 PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 PG_USER=authentik
 PG_DB=authentik
 AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
 AUTHENTIK_TAG=2025.8.4
 POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 POSTGRES_USER=authentik
 POSTGRES_DB=authentik
 TZ=Europe/Bratislava
 AUTHENTIK_REDIS__HOST=redis
 AUTHENTIK_POSTGRESQL__HOST=postgresql
 AUTHENTIK_POSTGRESQL__USER=authentik
 AUTHENTIK_POSTGRESQL__NAME=authentik
 AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/authentik/authentik-swarm.yml
+++ b/__swarm/authentik/authentik-swarm.yml
@@ -0,0 +1,150 @@
 services:
  authentik_ldap:
    environment:
      AUTHENTIK_HOST: https://auth.sectorq.eu
      AUTHENTIK_INSECURE: 'false'
      AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
    ports:
    - target: 3389
      published: 2389
      protocol: tcp
      mode: ingress
    - target: 6636
      published: 2636
      protocol: tcp
      mode: ingress
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  postgresql:
    environment:
      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
      POSTGRES_DB: ${PG_DB:-authentik}
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      TZ: Europe/Bratislava
    healthcheck:
      interval: 30s
      retries: 5
      start_period: 20s
      test:
      - CMD-SHELL
      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
      timeout: 5s
    image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
    volumes:
    - database:/var/lib/postgresql/data
    deploy:
      labels:
        wud.watch: 'false'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  redis:
    command: --save 60 1 --loglevel warning
    healthcheck:
      interval: 30s
      retries: 5
      start_period: 20s
      test:
      - CMD-SHELL
      - redis-cli ping | grep PONG
      timeout: 3s
    image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine
    volumes:
    - redis:/data
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  server:
    command: server
    environment:
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
    ports:
    - target: 9000
      published: 9003
      protocol: tcp
      mode: ingress
    - target: 9443
      published: 9453
      protocol: tcp
      mode: ingress
    volumes:
    - media:/media
    - custom-templates:/templates
    - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      labels:
        homepage.container: authentik_server
        homepage.description: Authentification server
        homepage.group: Utilities
        homepage.href: https://auth.sectorq.eu
        homepage.icon: authentik.png
        homepage.name: Authentik
        homepage.server: my-docker-swarm
        homepage.weight: '10'
        homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
        homepage.widget.type: authentik
        homepage.widget.url: https://auth.sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  worker:
    command: worker
    environment:
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
    user: root
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - media:/media
    - certs:/certs
    - custom-templates:/templates
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  database:
    driver: local
  redis:
    driver: local
  custom-templates:
    driver: local
  media:
    driver: local
  certs:
    driver: local
--- a/__swarm/authentik/docker-compose.yml
+++ b/__swarm/authentik/docker-compose.yml
@@ -0,0 +1,125 @@
 services:
  authentik_ldap:
    environment:
      AUTHENTIK_HOST: https://auth.sectorq.eu
      AUTHENTIK_INSECURE: 'false'
      AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
    labels:
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 2389:3389
    - 2636:6636
    restart: ${RESTART:-unless-stopped}
  postgresql:
    environment:
      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
      POSTGRES_DB: ${PG_DB:-authentik}
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      TZ: Europe/Bratislava
    healthcheck:
      interval: 30s
      retries: 5
      start_period: 20s
      test:
      - CMD-SHELL
      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
      timeout: 5s
    image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
    labels:
      wud.watch: false
    restart: ${RESTART:-unless-stopped}
    volumes:
    - database:/var/lib/postgresql/data
  redis:
    command: --save 60 1 --loglevel warning
    healthcheck:
      interval: 30s
      retries: 5
      start_period: 20s
      test:
      - CMD-SHELL
      - redis-cli ping | grep PONG
      timeout: 3s
    image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
    - authentik_redis:/data
  server:
    command: server
    depends_on:
    - postgresql
    - redis
    environment:
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
    labels:
      homepage.container: authentik-server-1
      homepage.description: Authentification server
      homepage.group: Utilities
      homepage.href: https://auth.sectorq.eu
      homepage.icon: authentik.png
      homepage.name: Authentik
      homepage.server: my-docker
      homepage.weight: '10'
      homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
      homepage.widget.type: authentik
      homepage.widget.url: https://auth.sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 9003:9000
    - 9453:9443
    restart: ${RESTART:-unless-stopped}
    volumes:
    - media:/media
    - templates:/templates
    - /var/run/docker.sock:/var/run/docker.sock
  worker:
    command: worker
    depends_on:
    - postgresql
    - redis
    environment:
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    user: root
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - media:/media
    - certs:/certs
    - custom-templates:/templates
 volumes:
  database:
    driver: local
  redis:
    driver: local
  custom-templates:
    driver: local
  media:
    driver: local
  certs:
    driver: local
--- a/__swarm/authentik/stack.env
+++ b/__swarm/authentik/stack.env
@@ -0,0 +1,15 @@
 PG_PASS=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 PG_USER=authentik
 PG_DB=authentik
 AUTHENTIK_SECRET_KEY=ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
 AUTHENTIK_TAG=2025.10.2
 POSTGRES_PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
 POSTGRES_USER=authentik
 POSTGRES_DB=authentik
 TZ=Europe/Bratislava
 AUTHENTIK_REDIS__HOST=redis
 AUTHENTIK_POSTGRESQL__HOST=postgresql
 AUTHENTIK_POSTGRESQL__USER=authentik
 AUTHENTIK_POSTGRESQL__NAME=authentik
 AUTHENTIK_POSTGRESQL__PASSWORD=499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp
--- a/__swarm/bitwarden/.env
+++ b/__swarm/bitwarden/.env
@@ -0,0 +1,2 @@
 APPNAME=bitwarden
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/bitwarden/bitwarden-stack.yml
+++ b/__swarm/bitwarden/bitwarden-stack.yml
@@ -0,0 +1,39 @@
 services:
  bitwarden:
    environment:
      WEBSOCKET_ENABLED: 'true'
      SIGNUPS_ALLOWED: 'true'
      DOMAIN: https://pw.sectorq.eu
      SMTP_HOST: mail.sectorq.eu
      SMTP_FROM: jaydee@sectorq.eu
      SMTP_PORT: '465'
      SMTP_SSL: 'true'
      SMTP_USERNAME: jaydee@sectorq.eu
      SMTP_PASSWORD: $SMTP_PASSWORD
      ADMIN_TOKEN: $ADMIN_PASSWORD
    image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
    ports:
    - target: 80
      published: 8181
      protocol: tcp
      mode: ingress
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/bitwarden/bw-data:/data
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: vaultwarden
        homepage.description: Password manager
        homepage.group: Utilities
        homepage.href: https://pw.sectorq.eu
        homepage.icon: bitwarden.png
        homepage.name: Bitwarden
        homepage.server: my-docker
        homepage.weight: '1'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
--- a/__swarm/bitwarden/bitwarden-swarm.yml
+++ b/__swarm/bitwarden/bitwarden-swarm.yml
@@ -0,0 +1,42 @@
 volumes:
  data:
    driver: local
 services:
  bitwarden:
    environment:
      WEBSOCKET_ENABLED: 'true'
      SIGNUPS_ALLOWED: 'true'
      DOMAIN: https://pw.sectorq.eu
      SMTP_HOST: mail.sectorq.eu
      SMTP_FROM: jaydee@sectorq.eu
      SMTP_PORT: '465'
      SMTP_SSL: 'true'
      SMTP_USERNAME: jaydee@sectorq.eu
      SMTP_PASSWORD: $SMTP_PASSWORD
      ADMIN_TOKEN: $ADMIN_PASSWORD
    image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
    ports:
    - target: 80
      published: 8181
      protocol: tcp
      mode: ingress
    restart: ${RESTART:-unless-stopped}
    volumes:
    - data:/data
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: bitwarden_bitwarden
        homepage.description: Password manager
        homepage.group: Utilities
        homepage.href: https://pw.sectorq.eu
        homepage.icon: bitwarden.png
        homepage.name: Bitwarden
        homepage.server: my-docker-swarm
        homepage.weight: '1'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
--- a/__swarm/bitwarden/docker-compose.yml
+++ b/__swarm/bitwarden/docker-compose.yml
@@ -0,0 +1,35 @@
 services:
  bitwarden:
    container_name: vaultwarden
    environment:
    - WEBSOCKET_ENABLED=true
    - SIGNUPS_ALLOWED=true
    - DOMAIN=https://pw.sectorq.eu
    - SMTP_HOST=mail.sectorq.eu
    - SMTP_FROM=jaydee@sectorq.eu
    - SMTP_PORT=465
    - SMTP_SSL=true
    - SMTP_USERNAME=jaydee@sectorq.eu
    - SMTP_PASSWORD=$SMTP_PASSWORD
    - ADMIN_TOKEN=$ADMIN_PASSWORD
    image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      homepage.container: vaultwarden
      homepage.description: Password manager
      homepage.group: Utilities
      homepage.href: https://pw.sectorq.eu
      homepage.icon: bitwarden.png
      homepage.name: Bitwarden
      homepage.server: my-docker
      homepage.weight: 1
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 8181:80
    restart: ${RESTART:-unless-stopped}
    volumes:
    - data:/data
 volumes:
  data:
    driver: local
--- a/__swarm/bookstack/.env
+++ b/__swarm/bookstack/.env
@@ -0,0 +1,2 @@
 APPNAME=bookstack
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/bookstack/bookstack-swarm.yml
+++ b/__swarm/bookstack/bookstack-swarm.yml
@@ -0,0 +1,52 @@
 volumes:
  app_data:
    driver: local
  db_data:
    driver: local
 services:
  app:
    env_file:
    - stack.env
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
    ports:
    - target: 80
      published: 6875
      protocol: tcp
      mode: ingress
    volumes:
    - app_data:/config
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: bookstack_app
        homepage.description: Books
        homepage.group: Utilities
        homepage.href: https://bookstack.sectorq.eu
        homepage.icon: bookstack.png
        homepage.name: Bookstack
        homepage.server: my-docker-swarm
        homepage.weight: '1'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  db:
    env_file:
    - stack.env
    environment:
      PGID: 0
      PUID: 0
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
    volumes:
    - db_data:/config
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
--- a/__swarm/bookstack/docker-compose
+++ b/__swarm/bookstack/docker-compose
@@ -0,0 +1,88 @@
 ---
 version: "2"
 services:
  app:
    image: lscr.io/linuxserver/bookstack:latest
    environment:
      PUID: 1000
      PGID: 1000
      APP_URL: https://bookstack.sectorq.eu
      DB_HOST: db
      DB_PORT: 3306
      DB_USER: bookstack
      DB_PASS: l4c1j4yd33Du5lo
      DB_DATABASE: bookstackapp
      # Set authentication method to be saml2
      AUTH_METHOD: saml2
      # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
      # Prevents the need for the user to click the "Login with x" button on the login page.
      # Setting this to true enables auto-initiation.
      AUTH_AUTO_INITIATE: false
      # Set the display name to be shown on the login button.
      # (Login with <name>)
      SAML2_NAME: authentik
      # Name of the attribute which provides the user's email address
      SAML2_EMAIL_ATTRIBUTE: email
      # Name of the attribute to use as an ID for the SAML user.
      SAML2_EXTERNAL_ID_ATTRIBUTE: uid
      # Enable SAML group sync.
      SAML2_USER_TO_GROUPS: true
      # Set the attribute from which BookStack will read groups names from.
      # You will need to rename your roles in Bookstack to match your groups in authentik.
      SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
      # Name of the attribute(s) to use for the user's display name
      # Can have multiple attributes listed, separated with a '|' in which
      # case those values will be joined with a space.
      # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
      # Defaults to the ID value if not found.
      ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
      SAML2_DISPLAY_NAME_ATTRIBUTES: username
      # Identity Provider entityID URL
      SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
      # Auto-load metadata from the IDP
      # Setting this to true negates the need to specify the next three options
      SAML2_AUTOLOAD_METADATA: true
    volumes:
      - /share/docker_data/bookstack/bookstack_app_data:/config
    ports:
      - 6875:80
    restart: ${RESTART:-unless-stopped}
    depends_on:
      - db
    labels:
      com.centurylinklabs.watchtower.enable: true
      homepage.group: Utilities
      homepage.name: Bookstack
      homepage.weight: 1
      homepage.icon: bookstack.png
      homepage.href: https://bookstack.sectorq.eu
      homepage.description: Books
      homepage.server: my-docker
      homepage.container: bookstack-app-1
      # homepage.widget.type: ${APPNAME}
      # homepage.widget.url: https://${APPNAME}.sectorq.eu
      # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666
      # homepage.widget.version: 2
  db:
    image: lscr.io/linuxserver/mariadb
    environment:
      PUID: 0
      PGID: 0
      MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
      TZ: Europe/Bratislava
      MYSQL_DATABASE: bookstackapp
      MYSQL_USER: bookstack
      MYSQL_PASSWORD: l4c1j4yd33Du5lo
    volumes:
      - /share/docker_data/bookstack/bookstack_db_data:/config
    restart: ${RESTART:-unless-stopped}
--- a/__swarm/bookstack/docker-compose.yml
+++ b/__swarm/bookstack/docker-compose.yml
@@ -0,0 +1,38 @@
 services:
  app:
    depends_on:
    - db
    env_file:
    - stack.env
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      homepage.container: bookstack-app-1
      homepage.description: Books
      homepage.group: Utilities
      homepage.href: https://bookstack.sectorq.eu
      homepage.icon: bookstack.png
      homepage.name: Bookstack
      homepage.server: my-docker
      homepage.weight: 1
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 6875:80
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/bookstack/bookstack_app_data:/config
  db:
    env_file:
    - stack.env
    environment:
      PGID: 0
      PUID: 0
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/bookstack/bookstack_db_data:/config
 version: '2'
--- a/__swarm/bookstack/stack.env
+++ b/__swarm/bookstack/stack.env
@@ -0,0 +1,86 @@
 PUID=1000
 PGID=1000
 APP_URL=https://bookstack.sectorq.eu
 DB_HOST=db
 DB_PORT=3306
 DB_USER=bookstack
 DB_PASS=l4c1j4yd33Du5lo
 DB_DATABASE=bookstackapp
 MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
 TZ=Europe/Bratislava
 MYSQL_DATABASE=bookstackapp
 MYSQL_USER=bookstack
 MYSQL_PASSWORD=l4c1j4yd33Du5lo
 # # Set authentication method to be saml2
 # AUTH_METHOD: saml2
 # # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
 # # Prevents the need for the user to click the "Login with x" button on the login page.
 # # Setting this to true enables auto-initiation.
 # AUTH_AUTO_INITIATE: false
 # # Set the display name to be shown on the login button.
 # # (Login with <name>)
 # SAML2_NAME: authentik
 # # Name of the attribute which provides the user's email address
 # SAML2_EMAIL_ATTRIBUTE: email
 # # Name of the attribute to use as an ID for the SAML user.
 # SAML2_EXTERNAL_ID_ATTRIBUTE: uid
 # # Enable SAML group sync.
 # SAML2_USER_TO_GROUPS: true
 # # Set the attribute from which BookStack will read groups names from.
 # # You will need to rename your roles in Bookstack to match your groups in authentik.
 # SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
 # # Name of the attribute(s) to use for the user's display name
 # # Can have multiple attributes listed, separated with a '|' in which
 # # case those values will be joined with a space.
 # # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
 # # Defaults to the ID value if not found.
 # ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
 # SAML2_DISPLAY_NAME_ATTRIBUTES: username
 # # Identity Provider entityID URL
 # SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
 # # Auto-load metadata from the IDP
 # # Setting this to true negates the need to specify the next three options
 # SAML2_AUTOLOAD_METADATA: true
 # Set OIDC to be the authentication method
 AUTH_METHOD=oidc
 #AUTH_METHOD: standard 
 # Control if BookStack automatically initiates login via your OIDC system 
 # if it's the only authentication method. Prevents the need for the
 # user to click the "Login with x" button on the login page.
 # Setting this to true enables auto-initiation.
 AUTH_AUTO_INITIATE=true
 # Set the display name to be shown on the login button.
 # (Login with <name>)
 OIDC_NAME=SSO
 # Name of the claims(s) to use for the user's display name.
 # Can have multiple attributes listed, separated with a '|' in which 
 # case those values will be joined with a space.
 # Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
 OIDC_DISPLAY_NAME_CLAIMS=name
 # OAuth Client ID to access the identity provider
 OIDC_CLIENT_ID=GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
 # OAuth Client Secret to access the identity provider
 OIDC_CLIENT_SECRET=Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
 # Issuer URL
 # Must start with 'https://'
 OIDC_ISSUER=https://auth.sectorq.eu/application/o/bookstack/
 # The "end session" (RP-initiated logout) URL to call during BookStack logout.
 # By default this is false which disables RP-initiated logout.
 # Setting to "true" will enable logout if found as supported by auto-discovery.
 # Otherwise, this can be set as a specific URL endpoint.
 OIDC_END_SESSION_ENDPOINT=false
 # Enable auto-discovery of endpoints and token keys.
 # As per the standard, expects the service to serve a 
 # `<issuer>/.well-known/openid-configuration` endpoint.
 OIDC_ISSUER_DISCOVER=true
--- a/__swarm/dockermon/.env
+++ b/__swarm/dockermon/.env
@@ -0,0 +1,2 @@
 APPNAME=dockermon
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/dockermon/docker-compose.yml
+++ b/__swarm/dockermon/docker-compose.yml
@@ -0,0 +1,14 @@
 services:
  docker_mon:
    image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 8126:8126
    restart: unless-stopped
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /share/docker_data/dockermon/config:/config
 version: '2'
--- a/__swarm/dockermon/dockermon-swarm.yml
+++ b/__swarm/dockermon/dockermon-swarm.yml
@@ -0,0 +1,22 @@
 services:
  docker_mon:
    image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
    ports:
    - target: 8126
      published: 8126
      protocol: tcp
      mode: ingress
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - config:/config
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  config:
--- a/__swarm/fail2ban/.env
+++ b/__swarm/fail2ban/.env
@@ -0,0 +1,2 @@
 APPNAME=fail2ban
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/fail2ban/.gitkeep
+++ b/__swarm/fail2ban/.gitkeep
--- a/__swarm/fail2ban/docker-compose.yaml
+++ b/__swarm/fail2ban/docker-compose.yaml
@@ -0,0 +1,49 @@
 ---
 services:
  # fail2ban:
  #   image: lscr.io/linuxserver/fail2ban:latest
  #   container_name: fail2ban
  #   cap_add:
  #     - NET_ADMIN
  #     - NET_RAW
  #   network_mode: host
  #   environment:
  #     - PUID=1000
  #     - PGID=1000
  #     - TZ=Europe/Bratislava
  #     - VERBOSITY=-vvv #optional
  #   volumes:
  #     - /share/docker_data/fail2ban/config:/config
  #     - /share/docker_data/fail2ban/log:/var/log:ro
  #     # - /path/to/airsonic/log:/remotelogs/airsonic:ro #optional
  #     # - /path/to/apache2/log:/remotelogs/apache2:ro #optional
  #     # - /path/to/authelia/log:/remotelogs/authelia:ro #optional
  #     # - /path/to/emby/log:/remotelogs/emby:ro #optional
  #     # - /path/to/filebrowser/log:/remotelogs/filebrowser:ro #optional
  #     - /share/docker_data/ha:/remotelogs/homeassistant:ro #optional
  #     # - /path/to/lighttpd/log:/remotelogs/lighttpd:ro #optional
  #     # - /path/to/nextcloud/log:/remotelogs/nextcloud:ro #optional
  #     # - /path/to/nginx/log:/remotelogs/nginx:ro #optional
  #     # - /path/to/nzbget/log:/remotelogs/nzbget:ro #optional
  #     # - /path/to/overseerr/log:/remotelogs/overseerr:ro #optional
  #     # - /path/to/prowlarr/log:/remotelogs/prowlarr:ro #optional
  #     # - /path/to/radarr/log:/remotelogs/radarr:ro #optional
  #     # - /path/to/sabnzbd/log:/remotelogs/sabnzbd:ro #optional
  #     # - /path/to/sonarr/log:/remotelogs/sonarr:ro #optional
  #     # - /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
  #     # - /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
  #   restart: unless-stopped
  blockips-unifi:
    stdin_open: true
    tty: true
    container_name: blockips-unifi
    restart: always
    environment:
        - TZ=Europe/Bratislava
    volumes:
        - /share/docker_data/unify_block/config.php:/config.php
        - /share/docker_data/unify_block/ban.sh:/ban.sh
        - /share/docker_data/unify_block/crontab:/etc/crontabs/root
        - /share/docker_data/fail2ban/ban:/ban
        - /share/docker_data/fail2ban/unban:/unban
    image: ${DOCKER_REGISTRY:-}tusc/blockips-unifi:latest
--- a/__swarm/fail2ban/fail2ban.env
+++ b/__swarm/fail2ban/fail2ban.env
@@ -0,0 +1,12 @@
 TZ=Europe/Bratislava
 F2B_LOG_TARGET=/log/fail2ban.log
 F2B_LOG_LEVEL=INFO
 F2B_DB_PURGE_AGE=1d
 SSMTP_HOST=mail.sectorq.eu
 SSMTP_PORT=465
 SSMTP_HOSTNAME=mail.sectorq.eu
 SSMTP_USER=fail2ban@sectorq.eu
 SSMTP_PASSWORD=l4c1j4yd33Du5lo
 SSMTP_TLS=YES
--- a/__swarm/gitea/.env
+++ b/__swarm/gitea/.env
@@ -0,0 +1,3 @@
 APPNAME=gitea
 DOCKER_REGISTRY=r.sectorq.eu/library/
 TOKEN=ddfc91b29920082636da70cc677aec74c88a7666
--- a/__swarm/gitea/docker-compose.yml
+++ b/__swarm/gitea/docker-compose.yml
@@ -0,0 +1,55 @@
 networks:
  gitea:
    external: false
 services:
  server:
    container_name: gitea
    environment:
      USER_UID: 1000
      USER_GID: 1000
      ROOT_URL: https://gitea.sectorq.eu
      ENABLE_PASSWORD_SIGNIN_FORM: false
      DISABLE_REGISTRATION: true
    image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      homepage.container: gitea
      homepage.description: Version control server
      homepage.group: Utilities
      homepage.href: https://${APPNAME}.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Gitea
      homepage.server: my-docker
      homepage.weight: 1
      homepage.widget.key: ${TOKEN}
      homepage.widget.type: ${APPNAME}
      homepage.widget.url: https://${APPNAME}.sectorq.eu
      homepage.widget.version: 2
      wud.watch: true
      wud.watch.digest: true
    networks:
    - gitea
    ports:
    - 3000:3000
    - '222:22'
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/gitea:/data
    - /etc/timezone:/etc/timezone:ro
    - /etc/localtime:/etc/localtime:ro
  runner:
    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
    environment:
      CONFIG_FILE: /config/config.yaml
      GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/"
      GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb"
      GITEA_RUNNER_NAME: jaydee
      GITEA_RUNNER_LABELS: jaydee
    volumes:
      - /share/docker_data/gitea-runner/config:/config
      - /share/docker_data/gitea-runner/data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: ${RESTART:-unless-stopped}
    labels:
      wud.watch: true
      wud.watch.digest: true
--- a/__swarm/gitea/gitea-swarm.yml
+++ b/__swarm/gitea/gitea-swarm.yml
@@ -0,0 +1,81 @@
 networks:
  gitea:
    external: false
 services:
  server:
    environment:
      USER_UID: 1000
      USER_GID: 1000
      ROOT_URL: https://gitea.sectorq.eu
      ENABLE_PASSWORD_SIGNIN_FORM: 'false'
      DISABLE_REGISTRATION: 'true'
    image: ${DOCKER_REGISTRY:-}gitea/gitea:latest
    networks:
    - gitea
    ports:
    - target: 3000
      published: 3000
      protocol: tcp
      mode: ingress
    - target: 22
      published: 222
      protocol: tcp
      mode: ingress
    volumes:
    - data:/data
    - /etc/localtime:/etc/localtime:ro
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: gitea_server
        homepage.description: Version control server
        homepage.group: Utilities
        homepage.href: https://${APPNAME}.sectorq.eu
        homepage.icon: ${APPNAME}.png
        homepage.name: Gitea
        homepage.server: my-docker-swarm
        homepage.weight: '1'
        homepage.widget.key: "b7b6e21beb7489c170215e2b7ae0d9b0099132d6"
        homepage.widget.type: ${APPNAME}
        homepage.widget.url: https://${APPNAME}.sectorq.eu
        homepage.widget.version: '2'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  runner:
    image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
    secrets:
      - gitea_runner_registration_token
    environment:
      CONFIG_FILE: /config/config.yaml
      GITEA_INSTANCE_URL: https://gitea.sectorq.eu/
      GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/gitea_runner_registration_token
      GITEA_RUNNER_NAME: jaydee
      GITEA_RUNNER_LABELS: jaydee
    volumes:
    - runner_config:/config
    - runner_data:/data
    - /var/run/docker.sock:/var/run/docker.sock
    - /etc/localtime:/etc/localtime:ro
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  data:
    driver: local
  runner_config:
    driver: local
  runner_data:
    driver: local
 secrets:
  gitea_runner_registration_token:
    external: true
--- a/__swarm/gitlab/docker-compose.yml
+++ b/__swarm/gitlab/docker-compose.yml
@@ -0,0 +1,70 @@
 services:
  runner:
    container_name: gitlab-runner
    restart: always
    volumes:
      - runner:/etc/gitlab-runner
      - /var/run/docker.sock:/var/run/docker.sock
    image: ${DOCKER_REGISTRY:-}gitlab/gitlab-runner:latest
    labels:
      - wud.watch.digest=true
      - wud.watch=true
  web:
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\
        \ = 80\nnginx['listen_https'] = false\nweb_server['username'] = 'git'\ngitlab_rails['time_zone']\
        \ = 'Europe/Bratislava'\ngitlab_rails['omniauth_enabled'] = true\ngitlab_rails['omniauth_allow_single_sign_on']\
        \ = ['saml']\ngitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n\
        gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\ngitlab_rails['omniauth_sync_profile_attributes']\
        \ = ['email']\ngitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n\
        gitlab_rails['omniauth_block_auto_created_users'] = false\ngitlab_rails['omniauth_auto_link_saml_user']\
        \ = true\ngitlab_rails['omniauth_providers'] = [\n  {\n    name: 'saml',\n\
        \    args: {\n      assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',\n\
        \      # Shown when navigating to certificates in authentik1\n      idp_cert_fingerprint:\
        \ 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',\n      idp_sso_target_url:\
        \ 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',\n\
        \      issuer: 'https://gitlab.sectorq.eu',\n      name_identifier_format:\
        \ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',\n      attribute_statements:\
        \ {\n        email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],\n\
        \        first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],\n\
        \        nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']\n\
        \      }\n    },\n    label: 'authentik'\n  }\n]\n"
      TZ: Europe/Bratislava
    hostname: gitlab.sectorq.eu
    image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: gitlab
      homepage.description: Version control
      homepage.group: Infrastructure
      homepage.href: https://gitlab.sectorq.eu
      homepage.icon: gitlab.png
      homepage.name: Gitlab
      homepage.server: my-docker
      homepage.weight: '1'
      homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
      homepage.widget.type: gitlab
      homepage.widget.url: https://gitlab.sectorq.eu
      homepage.widget.user_id: '2'
      wud.watch: true
      wud.watch.digest: true
    network_mode: bridge
    ports:
    - 8785:80
    - 8743:443
    - '8722:22'
    restart: unless-stopped
    shm_size: 4gb
    volumes:
    - config:/etc/gitlab
    - logs:/var/log/gitlab
    - data:/var/opt/gitlab
    - /etc/localtime:/etc/localtime:ro
 version: '3.6'
 volumes:
  runner:
  config:
  logs:
  data:
--- a/__swarm/gitlab/gitlab-swarm.yml
+++ b/__swarm/gitlab/gitlab-swarm.yml
@@ -0,0 +1,101 @@
  services:
    runner:
      container_name: gitlab-runner
      restart: always
      volumes:
        - runner:/etc/gitlab-runner
        - /var/run/docker.sock:/var/run/docker.sock
      image: ${DOCKER_REGISTRY:-}gitlab/gitlab-runner:latest
      labels:
        - wud.watch.digest=true
        - wud.watch=true
      dns:
        - 192.168.77.1
        - 192.168.77.101
    app:
      environment:
        GITLAB_OMNIBUS_CONFIG: |
          external_url 'https://gitlab.sectorq.eu'
          nginx['listen_port'] = 80
          nginx['listen_https'] = false
          web_server['username'] = 'git'
          gitlab_rails['time_zone'] = 'Europe/Bratislava'
          gitlab_rails['omniauth_enabled'] = true
          gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
          gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
          gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
          gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
          gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
          gitlab_rails['omniauth_block_auto_created_users'] = false
          gitlab_rails['omniauth_auto_link_saml_user'] = true
          gitlab_rails['omniauth_providers'] = [
            {
              name: 'saml',
              args: {
                assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',
                # Shown when navigating to certificates in authentik1
                idp_cert_fingerprint: 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',
                idp_sso_target_url: 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',
                issuer: 'https://gitlab.sectorq.eu',
                name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
                attribute_statements: {
                  email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],
                  first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],
                  nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']
                }
              },
              label: 'authentik'
            }
          ]
        TZ: Europe/Bratislava
      hostname: gitlab.sectorq.eu
      image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
      network_mode: bridge
      ports:
      - target: 80
        published: 8785
        protocol: tcp
        mode: ingress
      - target: 443
        published: 8743
        protocol: tcp
        mode: ingress
      - target: 22
        published: 8722
        protocol: tcp
        mode: ingress
      shm_size: 4gb
      volumes:
      - config:/etc/gitlab
      - logs:/var/log/gitlab
      - data:/var/opt/gitlab
      - /etc/localtime:/etc/localtime:ro
      deploy:
        labels:
          com.centurylinklabs.watchtower.enable: 'true'
          homepage.container: gitlab
          homepage.description: Version control
          homepage.group: Infrastructure
          homepage.href: https://gitlab.sectorq.eu
          homepage.icon: gitlab.png
          homepage.name: Gitlab
          homepage.server: my-docker-swarm
          homepage.weight: '1'
          homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
          homepage.widget.type: gitlab
          homepage.widget.url: https://gitlab.sectorq.eu
          homepage.widget.user_id: '2'
          wud.watch: 'true'
          wud.watch.digest: 'true'
        replicas: 1
        placement:
          constraints:
          - node.role == manager
  volumes:
    config:
      driver: local
    logs:
      driver: local
    data:
      driver: local
--- a/__swarm/gotify/.env
+++ b/__swarm/gotify/.env
@@ -0,0 +1,3 @@
 APPNAME=gotify
 DOCKER_REGISTRY=r.sectorq.eu/library/
 CLIENT_TOKEN=CowKqc8UU5Xn-EA
--- a/__swarm/gotify/docker-compose
+++ b/__swarm/gotify/docker-compose
@@ -0,0 +1,22 @@
 name: gotify
 services:
    server:
        ports:
            - 8010:80
        environment:
            - TZ=Europe/Berlin
            - GOTIFY_DEFAULTUSER_PASS='admin'
        volumes:
            - /share/docker_data/gotify/data:/app/data
        image: ${DOCKER_REGISTRY:-}gotify/server
        labels:
          - com.centurylinklabs.watchtower.enable=true
          - homepage.group=Utilities
          - homepage.name=Gotify
          - homepage.weight=1
          - homepage.icon=gotify.png
          - homepage.href=https://gotify.sectorq.eu
          - homepage.description=Notification Server
          - homepage.widget.type=gotify
          - homepage.widget.url=https://gotify.sectorq.eu
          - homepage.widget.key=C3Fy8AQym_sc1zS
--- a/__swarm/gotify/docker-compose.yml
+++ b/__swarm/gotify/docker-compose.yml
@@ -0,0 +1,46 @@
 version: '3.8'
 services:
  gotify:
    container_name: gotify
    hostname: gotify
    image: gotify/server
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - net
    ports:
      - "8680:80"
    volumes:
      - data:/app/data
    environment:
      GOTIFY_DEFAULTUSER_PASS:  'l4c1j4yd33Du5lo'   # Change me!!!!!
  igotify:
    container_name: igotify
    hostname: igotify
    image: ghcr.io/androidseb25/igotify-notification-assist:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pull_policy: always
    networks:
      - net
    ports:
      - "8681:8080"
    volumes:
      - api-data:/app/data
    environment:                 # option environment see above note
      GOTIFY_URLS: 'https://gotify.sectorq.eu'
      GOTIFY_CLIENT_TOKENS: ${CLIENT_TOKEN}
      SECNTFY_TOKENS: 'NTFY-DEVICE-nmE8MaAk1PX9wCRSkqKatiKzD4LCvDTENi3LTPwcn5cckXtkwQQ'
      GOTIFY_DEFAULTUSER_PASS:  'l4c1j4yd33Du5lo' 
 networks:
  net:
 volumes:
  data:
  api-data:
--- a/__swarm/gotify/stack.env
+++ b/__swarm/gotify/stack.env
@@ -0,0 +1,4 @@
 GOTIFY_URLS=https://gotify.sectorq.eu
 GOTIFY_CLIENT_TOKENS=CfYatBoIszgIr07
 SECNTFY_TOKENS=NTFY-DEVICE-CIrIeIoagAdUFwI8uOZlo6Qd9b3OF1x1NSpdns6mlImvzb4X0kI
 GOTIFY_DEFAULTUSER_PASS=l4c1j4yd33Du5lo
--- a/__swarm/grafana/.env
+++ b/__swarm/grafana/.env
@@ -0,0 +1,2 @@
 APPNAME=grafana
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/grafana/docker-compose.yml
+++ b/__swarm/grafana/docker-compose.yml
@@ -0,0 +1,88 @@
 name: grafana
 networks:
  loki: null
 services:
  grafana:
    container_name: grafana
    entrypoint:
    - sh
    - -euc
    - "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
      apiVersion: 1\ndatasources:\n- name: Loki\n  type: loki\n  access: proxy\n \
      \ orgId: 1\n  url: http://loki:3100\n  basicAuth: false\n  isDefault: true\n\
      \  version: 1\n  editable: false\nEOF\n/run.sh\n"
    environment:
      GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
      GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
      GF_AUTH_GENERIC_OAUTH_NAME: authentik
      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
        && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
      GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
      GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
      GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
      GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
      GF_LOG_FILTERS: rendering:debug
      GF_RENDERING_CALLBACK_URL: http://grafana:3000/
      GF_RENDERING_SERVER_URL: http://renderer:8092/render
      GF_SERVER_ROOT_URL: https://g.sectorq.eu/
    image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: grafana
      homepage.description: Graphs
      homepage.group: Smarthome
      homepage.href: https://g.sectorq.eu
      homepage.icon: grafana.png
      homepage.name: Grafana
      homepage.server: my-docker
      homepage.weight: '1'
      wud.watch: true
      wud.watch.digest: true
    networks:
    - loki
    ports:
    - 3007:3000
    restart: ${RESTART:-unless-stopped}
    user: 0:0
    volumes:
    - /share/docker_data/grafana/data:/var/lib/grafana
    - /share/docker_data/grafana/certs:/certs
  loki:
    command: -config.file=/etc/loki/local-config.yaml
    image: ${DOCKER_REGISTRY:-}grafana/loki:latest
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - loki
    ports:
      - 3100:3100
    restart: ${RESTART:-unless-stopped}
  promtail:
    command: -config.file=/etc/promtail/config.yml
    image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - loki
    volumes:
      - /var/log:/var/log
      - /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
      - /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
    restart: ${RESTART:-unless-stopped}
  renderer:
    image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 8092
    networks:
    - loki
    restart: ${RESTART:-unless-stopped}
--- a/__swarm/grafana/grafana-swarm.yml
+++ b/__swarm/grafana/grafana-swarm.yml
@@ -0,0 +1,120 @@
 networks:
  loki:
 volumes:
  loki_data:
  grafana_data:
  grafana_certs:
 services:
  grafana:
    entrypoint:
    - sh
    - -euc
    - "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
      apiVersion: 1\ndatasources:\n- name: Loki\n  type: loki\n  access: proxy\n \
      \ orgId: 1\n  url: http://loki:3100\n  basicAuth: false\n  isDefault: true\n\
      \  version: 1\n  editable: false\nEOF\n/run.sh\n"
    environment:
      GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
      GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
      GF_AUTH_GENERIC_OAUTH_NAME: authentik
      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
        && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
      GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
      GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
      GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
      GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
      GF_LOG_FILTERS: rendering:debug
      GF_RENDERING_CALLBACK_URL: http://grafana:3000/
      GF_RENDERING_SERVER_URL: http://renderer:8092/render
      GF_SERVER_ROOT_URL: https://g.sectorq.eu/
    image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
    networks:
    - loki
    ports:
    - target: 3000
      published: 3007
      protocol: tcp
      mode: ingress
    user: 0:0
    volumes:
    - grafana_data:/var/lib/grafana
    - grafana_certs:/certs
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: grafana_grafana
        homepage.description: Graphs
        homepage.group: Smarthome
        homepage.href: https://g.sectorq.eu
        homepage.icon: grafana.png
        homepage.name: Grafana
        homepage.server: my-docker-swarm
        homepage.weight: '1'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  loki:
    command: -config.file=/etc/loki/local-config.yaml
    image: ${DOCKER_REGISTRY:-}grafana/loki:latest
    volumes:
    - loki_data:/loki
    networks:
    - loki
    ports:
    - target: 3100
      published: 3100
      protocol: tcp
      mode: ingress
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  promtail:
    command: -config.file=/etc/promtail/config.yml
    image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
    networks:
    - loki
    configs:
      - source: promtail
        target: /etc/promtail/config.yml
    volumes:
    - /var/log:/var/log
    #- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
    #- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  renderer:
    image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
    ports:
    - 8092
    networks:
    - loki
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 configs:
  promtail:
    external: true
--- a/__swarm/hashicorp/hashicorp-swarm.yml
+++ b/__swarm/hashicorp/hashicorp-swarm.yml
@@ -0,0 +1,47 @@
 services:
  vault:
    image: hashicorp/vault:latest
    command: server -config=/vault/config/vault.hcl
    volumes:
      - data:/vault/data
    configs:
      - source: vault_hcl
        target: /vault/config/vault.hcl
    ports:
      - "8200:8200"
    environment:
      VAULT_LOCAL_CONFIG: |
        {
          "backend": {
            "file": {
              "path": "/vault/file"
            }
          },
          "listener": {
            "tcp": {
              "address": "0.0.0.0:8200",
              "tls_disable": 1
            }
          },
          "disable_mlock": true
        }
      VAULT_API_ADDR: "http://192.168.77.101:8200"
    cap_add:
      - IPC_LOCK
    networks:
      - vault-net
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.role == manager
 configs:
  vault_hcl:
    external: true
 volumes:
  data:
 networks:
  vault-net:
    driver: overlay
--- a/__swarm/home-assistant-swarm.yml
+++ b/__swarm/home-assistant-swarm.yml
@@ -0,0 +1,230 @@
 version: '3.9'
 services:
  homeassistant:
    network_mode: host
    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
    volumes:
    - /share/docker_data/ha/:/config
    - /var/run/docker.sock:/var/run/docker.sock
    - /run/dbus:/run/dbus:ro
    privileged: true
    environment:
    - DISABLE_JEMALLOC=value
    - TZ=Europe/Bratislava
    dns:
    - 192.168.77.101
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        homepage.group: Smarthome
        homepage.name: Home Assistant
        homepage.weight: 1
        homepage.icon: home-assistant.png
        homepage.href: https://ha.sectorq.eu
        homepage.description: 3D Printing
        homepage.server: my-docker
        homepage.container: HomeAssistant
        homepage.widget.type: homeassistant
        homepage.widget.url: https://ha.sectorq.eu
        homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
        wud.watch: true
        wud.watch.digest: true
      placement:
        constraints:
        - node.role == manager
  esphome:
    image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
    volumes:
    - /share/docker_data/esphome/config:/config
    - /etc/localtime:/etc/localtime:ro
    privileged: true
    network_mode: host
    environment:
    - USERNAME=jaydee
    - PASSWORD=jaydee1
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        homepage.group: Smarthome
        homepage.name: ESPHome
        homepage.weight: 1
        homepage.icon: esphome.png
        homepage.href: https://esphome.sectorq.eu
        homepage.description: 3D Printing
        homepage.server: my-docker
        homepage.container: esphome
        homepage.widget.type: esphome
        homepage.widget.url: https://esphome.sectorq.eu
        homepage.widget.username: jaydee
        homepage.widget.password: jaydee1
        wud.watch: true
        wud.watch.digest: true
      placement:
        constraints:
        - node.role == manager
  wyoming-piper-en:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
    ports:
    - 10200:10200
    volumes:
    - /share/docker_data/piper/english:/data
    command: --data-dir /data --voice en_US-lessac-medium
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        wud.watch: true
        wud.watch.digest: true
      placement:
        constraints:
        - node.role == manager
  wyoming-whisper-en:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
    ports:
    - 10300:10300
    volumes:
    - /share/docker_data/whisper/english:/data
    command: --data-dir /data --model tiny-int8 --language en
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        wud.watch: true
        wud.watch.digest: true
      placement:
        constraints:
        - node.role == manager
  openwakeword:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
    command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
      --model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
      2 --debug
    volumes:
    - /share/docker_data/openwakeword-data:/data
    - /share/docker_data/openwakeword-data:/custom
    environment:
    - TZ=Europe/Bratislava
    ports:
    - 10400:10400
    - 10400:10400/udp
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        wud.watch: true
        wud.watch.digest: true
      placement:
        constraints:
        - node.role == manager
  matter-server:
    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
    security_opt:
    - apparmor=unconfined
    volumes:
    - /share/docker_data/matter-server:/data
    - /run/dbus:/run/dbus:ro
    network_mode: host
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        wud.watch: true
        wud.watch.digest: true
      placement:
        constraints:
        - node.role == manager
  music-assistant-server:
    image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
    network_mode: host
    volumes:
    - /share/docker_data/music-assistant-server/data:/data/
    cap_add:
    - SYS_ADMIN
    - DAC_READ_SEARCH
    security_opt:
    - apparmor:unconfined
    environment:
    - LOG_LEVEL=info
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        wud.watch: true
        wud.watch.digest: true
        homepage.group: Smarthome
        homepage.name: music-assistant
        homepage.weight: 1
        homepage.icon: music-assistant.png
        homepage.href: https://music.sectorq.eu
        homepage.description: Music
        homepage.server: my-docker
        homepage.container: music-assistant-server
      placement:
        constraints:
        - node.role == manager
  influxdb:
    ports:
    - 8086:8086
    volumes:
    - /share/docker_data/influxdb/data:/var/lib/influxdb2
    - /share/docker_data/influxdb/config:/etc/influxdb2
    secrets:
    - influxdb2-admin-username
    - influxdb2-admin-password
    - influxdb2-admin-token
    environment:
    - DOCKER_INFLUXDB_INIT_MODE=setup
    - DOCKER_INFLUXDB_INIT_USERNAME=ha
    - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
    - DOCKER_INFLUXDB_INIT_ORG=ha
    - DOCKER_INFLUXDB_INIT_BUCKET=ha
    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
    - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
    image: ${DOCKER_REGISTRY:-}influxdb:2
    healthcheck:
      test: echo  test > /var/lib/influxdb2/hc || exit 1
      interval: 10s
      timeout: 3s
      retries: 2
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      labels:
        com.centurylinklabs.watchtower.enable: true
        wud.watch: true
        wud.watch.digest: true
      placement:
        constraints:
        - node.role == manager
 secrets:
  influxdb2-admin-username:
    file: .env.influxdb2-admin-username
  influxdb2-admin-password:
    file: .env.influxdb2-admin-password
  influxdb2-admin-token:
    file: .env.influxdb2-admin-token
--- a/__swarm/home-assistant/.env
+++ b/__swarm/home-assistant/.env
@@ -0,0 +1,3 @@
 APPNAME=home-assistant
 DOCKER_REGISTRY=r.sectorq.eu/library/
 RESTART=always
--- a/__swarm/home-assistant/docker-compose.yml
+++ b/__swarm/home-assistant/docker-compose.yml
@@ -86,7 +86,7 @@ services:
      - 10200:10200
    volumes:
      - /share/docker_data/piper/english:/data
-    command: --voice en_US-lessac-medium
+    command: --data-dir /data --voice en_US-lessac-medium
    restart: ${RESTART:-unless-stopped}
    labels:
@@ -100,7 +100,7 @@ services:
      - 10300:10300
    volumes:
      - /share/docker_data/whisper/english:/data
-    command: --model tiny-int8 --language en
+    command: --data-dir /data --model tiny-int8 --language en
    restart: ${RESTART:-unless-stopped}
    labels:
      com.centurylinklabs.watchtower.enable: true
@@ -168,18 +168,32 @@ services:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
      wud.watch.digest: true
      homepage.group: Smarthome
      homepage.name: music-assistant
      homepage.weight: 1
      homepage.icon: music-assistant.png
      homepage.href: https://music.sectorq.eu
      homepage.description: Music
      homepage.server: my-docker
      homepage.container: music-assistant-server
  influxdb:
    ports:
      - 8086:8086
    volumes:
      - /share/docker_data/influxdb/data:/var/lib/influxdb2
      - /share/docker_data/influxdb/config:/etc/influxdb2
    secrets:
      - influxdb2-admin-username
      - influxdb2-admin-password
      - influxdb2-admin-token
    environment:
      - DOCKER_INFLUXDB_INIT_MODE=setup
      - DOCKER_INFLUXDB_INIT_USERNAME=ha
      - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
      - DOCKER_INFLUXDB_INIT_ORG=ha
      - DOCKER_INFLUXDB_INIT_BUCKET=ha
      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
    image: ${DOCKER_REGISTRY:-}influxdb:2
    restart: ${RESTART:-unless-stopped}
    healthcheck:
@@ -190,4 +204,11 @@ services:
    labels:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
-      wud.watch.digest: true
+      wud.watch.digest: true
 secrets:
  influxdb2-admin-username:
    file: .env.influxdb2-admin-username
  influxdb2-admin-password:
    file: .env.influxdb2-admin-password
  influxdb2-admin-token:
    file: .env.influxdb2-admin-token      
--- a/__swarm/home-assistant/home-assistant-swarm.yml
+++ b/__swarm/home-assistant/home-assistant-swarm.yml
@@ -0,0 +1,225 @@
 services:
  homeassistant:
    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
    volumes:
    - ha_config:/config
    - /var/run/docker.sock:/var/run/docker.sock
    - /run/dbus:/run/dbus:ro
    networks:
      - swarm-ipvlan 
      - traefik-public
      - homeassistant-internal
    privileged: true
    environment:
      DISABLE_JEMALLOC: value
      TZ: Europe/Bratislava
    dns:
    - 192.168.77.101
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.group: Smarthome
        homepage.name: Home Assistant
        homepage.weight: '1'
        homepage.icon: home-assistant.png
        homepage.href: https://ha.sectorq.eu
        homepage.description: 3D Printing
        homepage.server: my-docker-swarm
        homepage.container: HomeAssistant
        homepage.widget.type: homeassistant
        homepage.widget.url: https://ha.sectorq.eu
        homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  esphome:
    image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
    volumes:
    - esphome_config:/config
    - /etc/localtime:/etc/localtime:ro
    privileged: true
    network_mode: host
    environment:
      USERNAME: jaydee
      PASSWORD: jaydee1
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.group: Smarthome
        homepage.name: ESPHome
        homepage.weight: '1'
        homepage.icon: esphome.png
        homepage.href: https://esphome.sectorq.eu
        homepage.description: 3D Printing
        homepage.server: my-docker-swarm
        homepage.container: esphome
        homepage.widget.type: esphome
        homepage.widget.url: https://esphome.sectorq.eu
        homepage.widget.username: jaydee
        homepage.widget.password: jaydee1
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  wyoming-piper-en:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
    ports:
    - target: 10200
      published: 10200
      protocol: tcp
      mode: ingress
    volumes:
    - piper_data:/data
    command: --data-dir /data --voice en_US-lessac-medium
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  wyoming-whisper-en:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
    ports:
    - target: 10300
      published: 10300
      protocol: tcp
      mode: ingress
    volumes:
    - whisper_data:/data
    command: --data-dir /data --model tiny-int8 --language en
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  openwakeword:
    image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-openwakeword:latest
    command: --preload-model 'ok_nabu' --custom-model-dir /custom --model 'ok nabu'
      --model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
      2 --debug
    volumes:
    - openwakeword_data:/data
    - openwakeword_data:/custom
    environment:
      TZ: Europe/Bratislava
    ports:
    - target: 10400
      published: 10400
      protocol: tcp
      mode: ingress
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  matter-server:
    image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant-libs/python-matter-server:stable
    security_opt:
    - apparmor=unconfined
    volumes:
    - matter-server:/data
    - /run/dbus:/run/dbus:ro
    network_mode: host
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  music-assistant-server:
    image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
    network_mode: host
    volumes:
    - music_assistant_server_data:/data/
    cap_add:
    - SYS_ADMIN
    - DAC_READ_SEARCH
    security_opt:
    - apparmor:unconfined
    environment:
      LOG_LEVEL: info
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
        homepage.group: Smarthome
        homepage.name: music-assistant
        homepage.weight: '1'
        homepage.icon: music-assistant.png
        homepage.href: https://music.sectorq.eu
        homepage.description: Music
        homepage.server: my-docker-swarm
        homepage.container: music-assistant-server
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  influxdb:
    ports:
    - target: 8086
      published: 8086
      protocol: tcp
      mode: ingress
    volumes:
    - influxdb2_data:/var/lib/influxdb2
    - influxdb2_config:/etc/influxdb2
    secrets:
    - ha_influxdb2_admin_token
    environment:
      DOCKER_INFLUXDB_INIT_MODE: setup
      DOCKER_INFLUXDB_INIT_USERNAME: ha
      DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
      DOCKER_INFLUXDB_INIT_ORG: ha
      DOCKER_INFLUXDB_INIT_BUCKET: ha
      #DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: mytoken123
      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/ha_influxdb2_admin_token
    image: ${DOCKER_REGISTRY:-}influxdb:2
    healthcheck:
      test: echo  test > /var/lib/influxdb2/hc || exit 1
      interval: 10s
      timeout: 3s
      retries: 2
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  influxdb2_data:
  influxdb2_config:
  music_assistant_server_data:
  matter-server:
  ha_config:
  esphome_config:
  piper_data:
  whisper_data:
  openwakeword_data:
 secrets:
  ha_influxdb2_admin_token:
    external: true
--- a/__swarm/homepage/.env
+++ b/__swarm/homepage/.env
@@ -0,0 +1,2 @@
 APPNAME=homepage
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/homepage/docker-compose.yml
+++ b/__swarm/homepage/docker-compose.yml
@@ -0,0 +1,26 @@
 networks:
  pihole_pihole:
    external: true
 services:
  homepage:
    container_name: homepage
    dns:
    - 192.168.78.254
    environment:
      HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
      wud.watch.digest: true
    networks:
    - pihole_pihole
    ports:
    - 3003:3000
    restart: unless-stopped
    volumes:
    - /share/docker_data/homepage/config:/app/config
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - /share/docker_data/homepage/images:/app/public/images
    - /share/docker_data/homepage/icons:/app/public/icons
--- a/__swarm/homepage/homepage-swarm.yml
+++ b/__swarm/homepage/homepage-swarm.yml
@@ -0,0 +1,35 @@
 services:
  homepage:
    dns:
    - 192.168.77.1
    - 192.168.77.101
    environment:
      HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003,192.168.80.222:3003
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
    ports:
    - target: 3000
      published: 3003
      protocol: tcp
      mode: ingress
    volumes:
    - config:/app/config
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - images:/app/public/images
    - icons:/app/public/icons
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  config:
    driver: local
  images:
    driver: local
  icons:
    driver: local
--- a/__swarm/immich/.env
+++ b/__swarm/immich/.env
@@ -0,0 +1,26 @@
 # You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
 # The location where your uploaded files are stored
 UPLOAD_LOCATION=/media/nas/qda_1/immich/library
 # The location where your database files are stored. Network shares are not supported for the database
 DB_DATA_LOCATION=/share/docker_data/immich/db
 # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
 # TZ=Etc/UTC
 # The Immich version to use. You can pin this to a specific version like "v1.71.0"
 IMMICH_VERSION=release
 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
 DB_PASSWORD=postgres
 # The values below this line do not need to be changed
 ###################################################################################
 DB_USERNAME=postgres
 DB_DATABASE_NAME=immich
 HW_MODE1=vaapi
 HW_MODE2=openvino
 APPNAME=immich
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/immich/docker-compose
+++ b/__swarm/immich/docker-compose
@@ -0,0 +1,88 @@
 name: immich
 services:
  database:
    command: postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user",
      public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB
      -c wal_compression=on
    container_name: immich_postgres
    env_file:
    - stack.env
    environment:
      POSTGRES_INITDB_ARGS: --data-checksums
    healthcheck:
      interval: 5m
      start_interval: 30s
      start_period: 5m
      test: pg_isready --dbname="$${DB_PASSWORD}" --username="$${DB_USERNAME}" ||
        exit 1; Chksum="$$(psql --dbname="$${DB_DATABASE_NAME}" --username="$${DB_USERNAME}"
        --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures),
        0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [
        "$$Chksum" = '0' ] || exit 1
    image: ${DOCKER_REGISTRY:-}docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/immich/db:/var/lib/postgresql/data
  immich-machine-learning:
    container_name: immich_machine_learning
    env_file:
    - stack.env
    extends:
      file: hwaccel.ml.yml
      service: ${HW_MODE2:-cpu}
    healthcheck:
      disable: false
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
    - model-cache:/cache
  immich-server:
    container_name: immich_server
    depends_on:
    - redis
    - database
    env_file:
    - stack.env
    extends:
      file: hwaccel.transcoding.yml
      service: ${HW_MODE1:-cpu}
    healthcheck:
      disable: false
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    labels:
      homepage.container: immich_server
      homepage.description: Photo server
      homepage.group: Media
      homepage.href: https://${APPNAME}.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Immich
      homepage.server: my-docker
      homepage.widget.key: wVxjlztA8MpeuzKkNGCSUPK2WjAY55qq4cfs9Zr5opU
      homepage.widget.type: ${APPNAME}
      homepage.widget.url: https://${APPNAME}.sectorq.eu
      homepage.widget.version: '2'
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 2283:2283
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/immich/library:/usr/src/app/upload
    - /media/nas/nas-photo:/mnt/photos2
    - /etc/localtime:/etc/localtime:ro
  redis:
    container_name: immich_redis
    healthcheck:
      test: redis-cli ping || exit 1
    image: ${DOCKER_REGISTRY:-}docker.io/redis:6.2-alpine
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
 volumes:
  model-cache: null
--- a/__swarm/immich/docker-compose.yml
+++ b/__swarm/immich/docker-compose.yml
@@ -0,0 +1,88 @@
 #
 # WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
 #
 # Make sure to use the docker-compose.yml of the current release:
 #
 # https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 #
 # The compose file on main may not be compatible with the latest release.
 name: immich
 services:
  immich-server:
    container_name: immich_server
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    extends:
      file: hwaccel.transcoding.yml
      service: ${HW_MODE1:-vaapi} # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
      - ${UPLOAD_LOCATION}:/data
      - /etc/localtime:/etc/localtime:ro
      - /media/nas/photo:/mnt/photos2
    env_file:
      - .env
    ports:
      - '2283:2283'
    depends_on:
      - redis
      - database
    restart: ${RESTART:-unless-stopped}
    healthcheck:
      disable: false
    labels:
      homepage.container: immich_server
      homepage.description: Photo server
      homepage.group: Media
      homepage.href: https://${APPNAME}.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Immich
      homepage.server: my-docker
      homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
      homepage.widget.type: ${APPNAME}
      homepage.widget.url: https://${APPNAME}.sectorq.eu
      homepage.widget.version: '2'
      wud.watch: true
      wud.watch.digest: true
  immich-machine-learning:
    container_name: immich_machine_learning
    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
      file: hwaccel.ml.yml
      service: ${HW_MODE2:-openvino} # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
      - model-cache:/cache
    env_file:
      - .env
    restart: ${RESTART:-unless-stopped}
    healthcheck:
      disable: false
  redis:
    container_name: immich_redis
    image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1
    restart: ${RESTART:-unless-stopped}
  database:
    container_name: immich_postgres
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: '--data-checksums'
      # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
      # DB_STORAGE_TYPE: 'HDD'
    volumes:
      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    shm_size: 128mb
    restart: ${RESTART:-unless-stopped}
 volumes:
  model-cache:
--- a/__swarm/immich/hwaccel.ml.yml
+++ b/__swarm/immich/hwaccel.ml.yml
@@ -0,0 +1,43 @@
 # Configurations for hardware-accelerated machine learning
 # If using Unraid or another platform that doesn't allow multiple Compose files,
 # you can inline the config for a backend by copying its contents
 # into the immich-machine-learning service in the docker-compose.yml file.
 # See https://immich.app/docs/features/ml-hardware-acceleration for info on usage.
 services:
  armnn:
    devices:
      - /dev/mali0:/dev/mali0
    volumes:
      - /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver)
      - /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required)
  cpu: {}
  cuda:
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities:
                - gpu
  openvino:
    device_cgroup_rules:
      - 'c 189:* rmw'
    devices:
      - /dev/dri:/dev/dri
    volumes:
      - /dev/bus/usb:/dev/bus/usb
  openvino-wsl:
    devices:
      - /dev/dri:/dev/dri
      - /dev/dxg:/dev/dxg
    volumes:
      - /dev/bus/usb:/dev/bus/usb
      - /usr/lib/wsl:/usr/lib/wsl
--- a/__swarm/immich/hwaccel.transcoding.yml
+++ b/__swarm/immich/hwaccel.transcoding.yml
@@ -0,0 +1,57 @@
 # Configurations for hardware-accelerated transcoding
 # If using Unraid or another platform that doesn't allow multiple Compose files,
 # you can inline the config for a backend by copying its contents
 # into the immich-microservices service in the docker-compose.yml file.
 # See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.
 services:
  cpu: {}
  nvenc:
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities:
                - gpu
                - compute
                - video
  quicksync:
    devices:
      - /dev/dri:/dev/dri
  rkmpp:
    security_opt: # enables full access to /sys and /proc, still far better than privileged: true
      - systempaths=unconfined
      - apparmor=unconfined
    group_add:
      - video
    devices:
      - /dev/rga:/dev/rga
      - /dev/dri:/dev/dri
      - /dev/dma_heap:/dev/dma_heap
      - /dev/mpp_service:/dev/mpp_service
      #- /dev/mali0:/dev/mali0 # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
    volumes:
      #- /etc/OpenCL:/etc/OpenCL:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
      #- /usr/lib/aarch64-linux-gnu/libmali.so.1:/usr/lib/aarch64-linux-gnu/libmali.so.1:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping
  vaapi:
    devices:
      - /dev/dri:/dev/dri
    group_add:
      - video
      - 993
  vaapi-wsl: # use this for VAAPI if you're running Immich in WSL2
    devices:
      - /dev/dri:/dev/dri
      - /dev/dxg:/dev/dxg
    volumes:
      - /usr/lib/wsl:/usr/lib/wsl
    environment:
      - LIBVA_DRIVER_NAME=d3d12
--- a/__swarm/immich/immich-swarm.yml
+++ b/__swarm/immich/immich-swarm.yml
@@ -0,0 +1,85 @@
 services:
  server:
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # devices:
    #   - /dev/dri:/dev/dri
    # group_add:
    #   - video
    #   - 993
    volumes:
    - ${UPLOAD_LOCATION}:/data
    - /etc/localtime:/etc/localtime:ro
    - /media/nas/photo:/mnt/photos2
    env_file:
    - .env
    ports:
    - target: 2283
      published: 2283
      protocol: tcp
      mode: ingress
    healthcheck:
      disable: false
    deploy:
      labels:
        homepage.container: immich_server
        homepage.description: Photo server
        homepage.group: Media
        homepage.href: https://${APPNAME}.sectorq.eu
        homepage.icon: ${APPNAME}.png
        homepage.name: Immich
        homepage.server: my-docker-swarm
        homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
        homepage.widget.type: ${APPNAME}
        homepage.widget.url: https://${APPNAME}.sectorq.eu
        homepage.widget.version: '2'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  machine-learning:
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    # device_cgroup_rules:
    #   - 'c 189:* rmw'
    # devices:
    #   - /dev/dri:/dev/dri
    volumes:
    - model-cache:/cache
    - /dev/bus/usb:/dev/bus/usb
    env_file:
    - .env
    healthcheck:
      disable: false
    deploy:
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  redis:
    image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1
    deploy:
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  database:
    image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: --data-checksums
    volumes:
    - db:/var/lib/postgresql/data
    shm_size: 128mb
    deploy:
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  model-cache: null
  db: null
--- a/__swarm/immich/stack.env
+++ b/__swarm/immich/stack.env
@@ -0,0 +1,25 @@
 # You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
 # The location where your uploaded files are stored
 UPLOAD_LOCATION=/media/nas/qda_1/immich/library
 #UPLOAD_LOCATION=/share/docker_data/immich/library
 # The location where your database files are stored
 DB_DATA_LOCATION=/share/docker_data/immich/db
 # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
 # TZ=Etc/UTC
 TZ=Europe/Bratislava
 # The Immich version to use. You can pin this to a specific version like "v1.71.0"
 IMMICH_VERSION=release
 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
 DB_PASSWORD=postgres
 # The values below this line do not need to be changed
 ###################################################################################
 DB_USERNAME=postgres
 DB_DATABASE_NAME=immich
 POSTGRES_PASSWORD=postgres
 APPNAME=immich
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/influxdb/.env
+++ b/__swarm/influxdb/.env
@@ -0,0 +1,3 @@
 APPNAME=influxdb
 DOCKER_REGISTRY=r.sectorq.eu/library/
 RESTART=always
--- a/__swarm/influxdb/.env.influxdb2-admin-password
+++ b/__swarm/influxdb/.env.influxdb2-admin-password
@@ -0,0 +1 @@
 ha
--- a/__swarm/influxdb/.env.influxdb2-admin-token
+++ b/__swarm/influxdb/.env.influxdb2-admin-token
@@ -0,0 +1 @@
 l4c1j4yd33Du5lo
--- a/__swarm/influxdb/.env.influxdb2-admin-username
+++ b/__swarm/influxdb/.env.influxdb2-admin-username
@@ -0,0 +1 @@
 ha
--- a/__swarm/influxdb/docker-compose.yml
+++ b/__swarm/influxdb/docker-compose.yml
@@ -0,0 +1,37 @@
 version: '3'
 services:
  influxdb:
    ports:
      - 8087:8086
    volumes:
      - /share/docker_data/influxdb2/data:/var/lib/influxdb2
      - /share/docker_data/influxdb2/config:/etc/influxdb2
    secrets:
      - influxdb2-admin-username
      - influxdb2-admin-password
      - influxdb2-admin-token
    environment:
      - DOCKER_INFLUXDB_INIT_MODE=setup
      - DOCKER_INFLUXDB_INIT_USERNAME=ha
      - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
      - DOCKER_INFLUXDB_INIT_ORG=ha
      - DOCKER_INFLUXDB_INIT_BUCKET=ha
      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
    image: ${DOCKER_REGISTRY:-}influxdb:2
    restart: ${RESTART:-unless-stopped}
    healthcheck:
      test: "echo  test > /var/lib/influxdb2/hc || exit 1"
      interval: 10s
      timeout: 3s
      retries: 2
    labels:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
      wud.watch.digest: true
 secrets:
  influxdb2-admin-username:
    file: .env.influxdb2-admin-username
  influxdb2-admin-password:
    file: .env.influxdb2-admin-password
  influxdb2-admin-token:
    file: .env.influxdb2-admin-token      
--- a/__swarm/influxdb/influxdb-swarm.yml
+++ b/__swarm/influxdb/influxdb-swarm.yml
@@ -0,0 +1,37 @@
 services:
  influxdb:
    ports:
    - target: 8086
      published: 8087
      protocol: tcp
      mode: ingress
    volumes:
    - data:/var/lib/influxdb2
    - config:/etc/influxdb2
    secrets:
    - influxdb2-admin-token
    environment:
      DOCKER_INFLUXDB_INIT_MODE: setup
      DOCKER_INFLUXDB_INIT_USERNAME: ha
      DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
      DOCKER_INFLUXDB_INIT_ORG: ha
      DOCKER_INFLUXDB_INIT_BUCKET: ha
      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/influxdb2-admin-token
    image: ${DOCKER_REGISTRY:-}influxdb:2
    healthcheck:
      test: echo  test > /var/lib/influxdb2/hc || exit 1
      interval: 10s
      timeout: 3s
      retries: 2
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
 secrets:
  influxdb2-admin-token:
    external: true
 volumes:
  data:
  config:
--- a/jupyter_notebook/.env
+++ b/jupyter_notebook/.env
--- a/jupyter_notebook/docker-compose.yml
+++ b/jupyter_notebook/docker-compose.yml
--- a/__swarm/jupyter/jupyter-swarm.yml
+++ b/__swarm/jupyter/jupyter-swarm.yml
@@ -0,0 +1,27 @@
 services:
  base-notebook:
    ports:
    - target: 8888
      published: 8888
      protocol: tcp
      mode: ingress
    volumes:
    - data:/home/jovyan/work
    image: ${DOCKER_REGISTRY:-}jupyter/base-notebook:latest
    deploy:
      labels:
        homepage.container: jupyter_base-notebook
        homepage.description: Python server
        homepage.group: Utils
        homepage.href: http://m-server.home.lan:8888/
        homepage.icon: ${APPNAME}.png
        homepage.name: Jupyter Notebook
        homepage.server: my-docker-swarm
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  data:
--- a/__swarm/kestra/.env
+++ b/__swarm/kestra/.env
@@ -0,0 +1,2 @@
 APPNAME=kestra
 PASSWORD=l4c1j4yd33Du5lo
--- a/__swarm/kestra/docker-compose.yml
+++ b/__swarm/kestra/docker-compose.yml
@@ -0,0 +1,89 @@
 services:
  kestra:
    command: server standalone --worker-thread=128
    depends_on:
      postgres:
        condition: service_started
    environment:
      SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
      SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
      KESTRA_CONFIGURATION: |
        datasources:
          postgres:
            url: jdbc:postgresql://postgres:5432/kestra
            driverClassName: org.postgresql.Driver
            username: kestra
            password: k3str4
        kestra:
          server:
            basicAuth:
              enabled: false
              username: "jaydee@sectorq.eu" # it must be a valid email address
              password: ${PASSWORD}
          repository:
            type: postgres
          storage:
            type: local
            local:
              basePath: "/app/storage"
          queue:
            type: postgres
          tasks:
            tmpDir:
              path: /tmp/kestra-wd/tmp
          url: http://localhost:8080/
          tutorial-flows:
            enabled: false
        micronaut:
          server:
            cors:
              enabled: true
    image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: kestra-kestra-1
      homepage.description: Automation
      homepage.group: Infrastructure
      homepage.href: https://${APPNAME}.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Kestra
      homepage.server: my-docker
      homepage.weight: '1'
      wud.display.icon: mdi:evernote
      wud.watch: true
      wud.watch.digest: true
    ports:
    - 8980:8080
    - 8981:8081
    pull_policy: always
    restart: ${RESTART:-unless-stopped}
    user: root
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - /share/docker_data/kestra/kestra-data:/app/storage
    - /var/run/docker.sock:/var/run/docker.sock
    - /tmp/kestra-wd:/tmp/kestra-wd
  postgres:
    environment:
      POSTGRES_DB: kestra
      POSTGRES_PASSWORD: k3str4
      POSTGRES_USER: kestra
    healthcheck:
      interval: 30s
      retries: 10
      test:
      - CMD-SHELL
      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
      timeout: 10s
    image: ${DOCKER_REGISTRY:-}postgres:16
    labels:
      wud.watch: false
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/kestra/postgres-data:/var/lib/postgresql/data
 volumes:
  kestra-data:
    driver: local
  postgres-data:
    driver: local
--- a/__swarm/kestra/kestra-swarm.yml
+++ b/__swarm/kestra/kestra-swarm.yml
@@ -0,0 +1,98 @@
 services:
  kestra:
    command: server standalone --worker-thread=128
    environment:
      SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
      SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
      KESTRA_CONFIGURATION: |
        datasources:
          postgres:
            url: jdbc:postgresql://postgres:5432/kestra
            driverClassName: org.postgresql.Driver
            username: kestra
            password: k3str4
        kestra:
          server:
            basicAuth:
              enabled: false
              username: "jaydee@sectorq.eu" # it must be a valid email address
              password: ${PASSWORD}
          repository:
            type: postgres
          storage:
            type: local
            local:
              basePath: "/app/storage"
          queue:
            type: postgres
          tasks:
            tmpDir:
              path: /tmp/kestra-wd/tmp
          url: http://localhost:8080/
          tutorial-flows:
            enabled: false
        micronaut:
          server:
            cors:
              enabled: true
    image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
    ports:
    - target: 8080
      published: 8980
      protocol: tcp
      mode: ingress
    - target: 8081
      published: 8981
      protocol: tcp
      mode: ingress
    user: root
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - data:/app/storage
    - /var/run/docker.sock:/var/run/docker.sock
    - /tmp/kestra-wd:/tmp/kestra-wd
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: kestra_kestra
        homepage.description: Automation
        homepage.group: Infrastructure
        homepage.href: https://${APPNAME}.sectorq.eu
        homepage.icon: ${APPNAME}.png
        homepage.name: Kestra
        homepage.server: my-docker-swarm
        homepage.weight: '1'
        wud.display.icon: mdi:evernote
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  postgres:
    environment:
      POSTGRES_DB: kestra
      POSTGRES_PASSWORD: k3str4
      POSTGRES_USER: kestra
    healthcheck:
      interval: 30s
      retries: 10
      test:
      - CMD-SHELL
      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
      timeout: 10s
    image: ${DOCKER_REGISTRY:-}postgres:16
    volumes:
    -  db:/var/lib/postgresql/data
    deploy:
      labels:
        wud.watch: 'false'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  data:
    driver: local
  db:
    driver: local
--- a/__swarm/kestra/stack.env
+++ b/__swarm/kestra/stack.env
@@ -0,0 +1 @@
 APPNAME=kestra
--- a/__swarm/mailu/.env
+++ b/__swarm/mailu/.env
@@ -0,0 +1,4 @@
 APPNAME=mailu
 DOCKER_REGISTRY=r.sectorq.eu/library/
 MAILU_VERSION=2024.06
 LOGGING=syslog
--- a/__swarm/mailu/docker-compose.yml
+++ b/__swarm/mailu/docker-compose.yml
@@ -0,0 +1,247 @@
 networks:
  clamav:
    driver: bridge
  default:
    driver: bridge
    ipam:
      config:
      - subnet: 192.168.205.0/24
      driver: default
  fts_attachments:
    driver: bridge
    internal: true
  oletools:
    driver: bridge
    internal: true
  radicale:
    driver: bridge
  webmail:
    driver: bridge
 services:
  admin:
    depends_on:
      - redis
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/data:/data
      - /share/docker_data/mailu3/dkim:/dkim
  antispam:
    depends_on:
      - front
      - redis
      - oletools
      - antivirus
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    hostname: antispam
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - default
      - oletools
      - clamav
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/filter:/var/lib/rspamd
      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
  antivirus:
    healthcheck:
      interval: 10s
      retries: 3
      start_period: 10s
      test:
        - CMD-SHELL
        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
      timeout: 5s
    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - clamav
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
  fetchmail:
    depends_on:
      - admin
      - smtp
      - imap
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/mailu3/data/fetchmail:/data
  front:
    depends_on:
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    extends:
      file: logging.yml
      service: ${LOGGING:-syslog}
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
      homepage.container: mailu3-front-1
      homepage.description: eMail server
      homepage.group: Utilities
      homepage.href: https://mail.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Mailu
      homepage.server: my-docker
      homepage.weight: 1
    networks:
      - default
      - webmail
      - radicale
    ports:
      - 0.0.0.0:8880:80
      - 0.0.0.0:8443:443
      - 0.0.0.0:25:25
      - 0.0.0.0:465:465
      - 0.0.0.0:587:587
      - 0.0.0.0:110:110
      - 0.0.0.0:995:995
      - 0.0.0.0:143:143
      - 0.0.0.0:993:993
      - 0.0.0.0:4190:4190
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/certs:/certs
      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
  fts_attachments:
    depends_on:
     - resolver
    dns:
      - 192.168.205.254
    healthcheck:
      interval: 10s
      retries: 3
      start_period: 10s
      test:
        - CMD-SHELL
        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
      timeout: 5s
    hostname: tika
    image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - fts_attachments
    restart: ${RESTART:-unless-stopped}
  imap:
    depends_on:
      - front
      - fts_attachments
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - default
      - fts_attachments
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/mail:/mail
      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
  oletools:
    depends_on:
      - resolver
    dns:
      - 192.168.205.254
    hostname: oletools
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - oletools
    restart: ${RESTART:-unless-stopped}
  redis:
    depends_on:
      - resolver
    dns:
      - 192.168.205.254
    image: ${DOCKER_REGISTRY:-}redis:alpine
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: unless-stopped
    volumes:
    - /share/docker_data/mailu3/redis:/data
  resolver:
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      default:
        ipv4_address: 192.168.205.254
    restart: ${RESTART:-unless-stopped}
  smtp:
    depends_on:
      - front
      - resolver
    dns:
     - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
     - /share/docker_data/mailu3/mailqueue:/queue
     - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
  webdav:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - radicale
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/dav:/data
  webmail:
    depends_on:
      - front
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - webmail
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/webmail:/data
      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
--- a/__swarm/mailu/logging.yml
+++ b/__swarm/mailu/logging.yml
@@ -0,0 +1,18 @@
 ---
 services:
  syslog:
    logging:
      driver: syslog
      options:
        tag: mailu-front
  journald:
    logging:
      driver: journald
      options:
        tag: mailu-front
  loki:
    logging:
      driver: loki
      options:
        loki-url: "http://192.168.77.101:3100/loki/api/v1/push"
--- a/__swarm/mailu/stack.env
+++ b/__swarm/mailu/stack.env
@@ -0,0 +1,167 @@
 # Mailu main configuration file
 #
 # This file is autogenerated by the configuration management wizard for compose flavor.
 # For a detailed list of configuration variables, see the documentation at
 # https://mailu.io
 ###################################
 # Common configuration variables
 ###################################
 # Set to a randomly generated 16 bytes string
 SECRET_KEY=T1GSGDDBVRYF7UR7
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
 SUBNET=192.168.205.0/24
 # Main mail domain
 DOMAIN=mail.sectorq.eu
 # Hostnames for this server, separated with commas
 HOSTNAMES=mail.sectorq.eu,sectorq.eu
 # Postmaster local part (will append the main mail domain)
 POSTMASTER=admin
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
 #TLS_FLAVOR=cert
 TLS_FLAVOR=letsencrypt
 # Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
 AUTH_RATELIMIT_IP=5/hour
 # Authentication rate limit per user (regardless of the source-IP)
 AUTH_RATELIMIT_USER=50/day
 # Opt-out of statistics, replace with "True" to opt out
 DISABLE_STATISTICS=True
 ###################################
 # Optional features
 ###################################
 # Expose the admin interface (value: true, false)
 ADMIN=true
 # Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
 WEBMAIL=roundcube
 # Expose the API interface (value: true, false)
 API=true
 # Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
 WEBDAV=radicale
 # Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
 ANTIVIRUS=clamav
 # Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
 SCAN_MACROS=true
 ###################################
 # Mail settings
 ###################################
 # Message size limit in bytes
 # Default: accept messages up to 50MB
 # Max attachment size will be 33% smaller
 MESSAGE_SIZE_LIMIT=50000000
 # Message rate limit (per user)
 MESSAGE_RATELIMIT=200/day
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!
 RELAYNETS=
 # Will relay all outgoing mails if configured
 RELAYHOST=
 # Enable fetchmail
 FETCHMAIL_ENABLED=true
 # Fetchmail delay
 FETCHMAIL_DELAY=600
 # Recipient delimiter, character used to delimiter localpart from custom address part
 RECIPIENT_DELIMITER=+
 # DMARC rua and ruf email
 DMARC_RUA=admin
 DMARC_RUF=admin
 # Welcome email, enable and set a topic and body if you wish to send welcome
 # emails to all users.
 WELCOME=false
 WELCOME_SUBJECT=Welcome to your new email account
 WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
 # Maildir Compression
 # choose compression-method, default: none (value: gz, bz2, zstd)
 COMPRESSION=
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL=
 # IMAP full-text search is enabled by default.
 # Set the following variable to off in order to disable the feature
 # or a comma separated list of language codes to support
 FULL_TEXT_SEARCH=en
 ###################################
 # Web settings
 ###################################
 # Path to redirect / to
 WEBROOT_REDIRECT=/webmail
 # Path to the admin interface if enabled
 WEB_ADMIN=/admin
 # Path to the webmail if enabled
 WEB_WEBMAIL=/webmail
 # Path to the API interface if enabled
 WEB_API=/api
 # Website name
 SITENAME=sectorq
 # Linked Website URL
 WEBSITE=https://mail.sectorq.eu
 ###################################
 # Advanced settings
 ###################################
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu
 # Number of rounds used by the password hashing scheme
 CREDENTIAL_ROUNDS=12
 # Header to take the real ip from
 REAL_IP_HEADER=X-Real-IP
 # IPs for nginx set_real_ip_from (CIDR list separated by commas)
 REAL_IP_FROM=192.168.77.101
 # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
 REJECT_UNLISTED_RECIPIENT=
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=INFO
 # Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TZ=EU/Bratislava
 # Default spam threshold used for new users
 DEFAULT_SPAM_THRESHOLD=80
 # API token required for authenticating to the RESTful API.
 # This is a mandatory setting for using the RESTful API.
 API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
 # Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
 FULL_TEXT_SEARCH_ATTACHMENTS=true
 LD_PRELOAD=/usr/lib/libhardened_malloc.so
--- a/__swarm/mailu3/.env
+++ b/__swarm/mailu3/.env
@@ -0,0 +1,4 @@
 APPNAME=mailu
 DOCKER_REGISTRY=r.sectorq.eu/library/
 MAILU_VERSION=2024.06
 LOGGING=syslog
--- a/__swarm/mailu3/docker-compose.yml
+++ b/__swarm/mailu3/docker-compose.yml
@@ -0,0 +1,247 @@
 networks:
  clamav:
    driver: bridge
  default:
    driver: bridge
    ipam:
      config:
      - subnet: 192.168.205.0/24
      driver: default
  fts_attachments:
    driver: bridge
    internal: true
  oletools:
    driver: bridge
    internal: true
  radicale:
    driver: bridge
  webmail:
    driver: bridge
 services:
  admin:
    depends_on:
      - redis
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/data:/data
      - /share/docker_data/mailu3/dkim:/dkim
  antispam:
    depends_on:
      - front
      - redis
      - oletools
      - antivirus
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    hostname: antispam
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - default
      - oletools
      - clamav
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/filter:/var/lib/rspamd
      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
  antivirus:
    healthcheck:
      interval: 10s
      retries: 3
      start_period: 10s
      test:
        - CMD-SHELL
        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
      timeout: 5s
    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - clamav
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
  fetchmail:
    depends_on:
      - admin
      - smtp
      - imap
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/mailu3/data/fetchmail:/data
  front:
    depends_on:
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    extends:
      file: logging.yml
      service: ${LOGGING:-syslog}
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
      homepage.container: mailu3-front-1
      homepage.description: eMail server
      homepage.group: Utilities
      homepage.href: https://mail.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Mailu
      homepage.server: my-docker
      homepage.weight: 1
    networks:
      - default
      - webmail
      - radicale
    ports:
      - '8880:80'
      - '8443:443'
      - '25:25'
      - '465:465'
      - '587:587'
      - '110:110' 
      - '995:995'
      - '143:143'
      - '993:993'
      - '4190:4190'
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/certs:/certs
      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
  fts_attachments:
    depends_on:
     - resolver
    dns:
      - 192.168.205.254
    healthcheck:
      interval: 10s
      retries: 3
      start_period: 10s
      test:
        - CMD-SHELL
        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
      timeout: 5s
    hostname: tika
    image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - fts_attachments
    restart: ${RESTART:-unless-stopped}
  imap:
    depends_on:
      - front
      - fts_attachments
      - resolver
    dns:
      - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - default
      - fts_attachments
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/mail:/mail
      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
  oletools:
    depends_on:
      - resolver
    dns:
      - 192.168.205.254
    hostname: oletools
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - oletools
    restart: ${RESTART:-unless-stopped}
  redis:
    depends_on:
      - resolver
    dns:
      - 192.168.205.254
    image: ${DOCKER_REGISTRY:-}redis:alpine
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: unless-stopped
    volumes:
    - /share/docker_data/mailu3/redis:/data
  resolver:
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      default:
        ipv4_address: 192.168.205.254
    restart: ${RESTART:-unless-stopped}
  smtp:
    depends_on:
      - front
      - resolver
    dns:
     - 192.168.205.254
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: ${RESTART:-unless-stopped}
    volumes:
     - /share/docker_data/mailu3/mailqueue:/queue
     - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
  webdav:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - radicale
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/dav:/data
  webmail:
    depends_on:
      - front
    env_file: stack.env
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
      - webmail
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/mailu3/webmail:/data
      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
--- a/__swarm/mailu3/logging.yml
+++ b/__swarm/mailu3/logging.yml
@@ -0,0 +1,18 @@
 ---
 services:
  syslog:
    logging:
      driver: syslog
      options:
        tag: mailu-front
  journald:
    logging:
      driver: journald
      options:
        tag: mailu-front
  loki:
    logging:
      driver: loki
      options:
        loki-url: "http://192.168.77.101:3100/loki/api/v1/push"
--- a/__swarm/mailu3/mailu3-swarm.yml
+++ b/__swarm/mailu3/mailu3-swarm.yml
@@ -0,0 +1,259 @@
 networks:
  clamav:
    driver: overlay
  default:
    driver: overlay
    ipam:
      config:
        - subnet: 192.168.205.0/24
      driver: default
  fts_attachments:
    driver: overlay
    internal: true
  oletools:
    driver: overlay
    internal: true
  radicale:
    driver: overlay
  webmail:
    driver: overlay
 services:
  admin:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/data:/data
      - /share/docker_data/mailu3/dkim:/dkim
    networks:
      # Swarm uses service discovery, but requires network connection
      - default
      # DNS is handled by Swarm's internal DNS resolver (the resolver service will be discoverable by name)
  antispam:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    hostname: antispam
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/filter:/var/lib/rspamd
      - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
    networks:
      - default
      - oletools
      - clamav
  antivirus:
    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
    networks:
      - clamav
    healthcheck:
      test:
        - CMD-SHELL
        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s
  fetchmail:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/data/fetchmail:/data
    networks:
      - default # Connect to 'default' for service discovery
  front:
    # NOTE: 'extends' is removed. You must manually define logging or accept default.
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
      homepage.container: mailu3-front-1
      homepage.description: eMail server
      homepage.group: Utilities
      homepage.href: https://mail.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Mailu
      homepage.server: my-docker
      homepage.weight: 1
    volumes:
      - /share/docker_data/mailu3/certs:/certs
      - /share/docker_data/mailu3/overrides/nginx:/overrides:ro
    networks:
      - default
      - webmail
      - radicale
    ports:
      - target: 80
        published: 8880
        protocol: tcp
        mode: ingress
      - target: 443
        published: 8443
        protocol: tcp
        mode: ingress
      - target: 25
        published: 25
        protocol: tcp
        mode: ingress
      - target: 465
        published: 465
        protocol: tcp
        mode: ingress
      - target: 587
        published: 587
        protocol: tcp
        mode: ingress
      - target: 110
        published: 110
        protocol: tcp
        mode: ingress
      - target: 995
        published: 995
        protocol: tcp
        mode: ingress
      - target: 143
        published: 143
        protocol: tcp
        mode: ingress
      - target: 993
        published: 993
        protocol: tcp
        mode: ingress
      - target: 4190
        published: 4190
        protocol: tcp
        mode: ingress
  fts_attachments:
    image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
    hostname: tika
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    networks:
      - fts_attachments
    healthcheck:
      test:
        - CMD-SHELL
        - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s
  imap:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/mail:/mail
      - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
    networks:
      - default
      - fts_attachments
  oletools:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
    hostname: oletools
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    networks:
      - oletools
  redis:
    image: ${DOCKER_REGISTRY:-}redis:alpine
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/redis:/data
    networks:
      - default # Connect to default network
  resolver:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    networks:
      default:
        # NOTE: Swarm does not support static IPs for scaling. 
        # This will fail standard 'docker stack deploy'. 
        # For mailu, the static IP is critical, so we attempt to enforce it 
        # via the deploy key, but be aware this is highly non-standard.
        # It's better to configure Mailu to use the service name 'resolver' instead of the static IP.
        # If using a customized deployer:
        # deploy:
        #   placement:
        #     constraints:
        #       - node.hostname == your-swarm-manager
        #   endpoint_mode: dnsrr
        #   mode: global
        #   replicas: 1
        #   labels:
        #     com.docker.stack.static_ips: 192.168.205.254
        #     com.docker.stack.static_network: default
        ipv4_address: 192.168.205.254
  smtp:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/mailqueue:/queue
      - /share/docker_data/mailu3/overrides/postfix:/overrides:ro
    networks:
      - default # Connect to default network
  webdav:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/dav:/data
    networks:
      - radicale
  webmail:
    image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
    env_file: stack.env
    labels:
      wud.watch: 'true'
      wud.watch.digest: 'true'
    volumes:
      - /share/docker_data/mailu3/webmail:/data
      - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
    networks:
      - webmail
--- a/__swarm/mailu3/stack.env
+++ b/__swarm/mailu3/stack.env
@@ -0,0 +1,167 @@
 # Mailu main configuration file
 #
 # This file is autogenerated by the configuration management wizard for compose flavor.
 # For a detailed list of configuration variables, see the documentation at
 # https://mailu.io
 ###################################
 # Common configuration variables
 ###################################
 # Set to a randomly generated 16 bytes string
 SECRET_KEY=T1GSGDDBVRYF7UR7
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
 SUBNET=192.168.205.0/24
 # Main mail domain
 DOMAIN=mail.sectorq.eu
 # Hostnames for this server, separated with commas
 HOSTNAMES=mail.sectorq.eu,sectorq.eu
 # Postmaster local part (will append the main mail domain)
 POSTMASTER=admin
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
 #TLS_FLAVOR=cert
 TLS_FLAVOR=letsencrypt
 # Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
 AUTH_RATELIMIT_IP=5/hour
 # Authentication rate limit per user (regardless of the source-IP)
 AUTH_RATELIMIT_USER=50/day
 # Opt-out of statistics, replace with "True" to opt out
 DISABLE_STATISTICS=True
 ###################################
 # Optional features
 ###################################
 # Expose the admin interface (value: true, false)
 ADMIN=true
 # Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
 WEBMAIL=roundcube
 # Expose the API interface (value: true, false)
 API=true
 # Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
 WEBDAV=radicale
 # Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
 ANTIVIRUS=clamav
 # Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
 SCAN_MACROS=true
 ###################################
 # Mail settings
 ###################################
 # Message size limit in bytes
 # Default: accept messages up to 50MB
 # Max attachment size will be 33% smaller
 MESSAGE_SIZE_LIMIT=50000000
 # Message rate limit (per user)
 MESSAGE_RATELIMIT=200/day
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!
 RELAYNETS=
 # Will relay all outgoing mails if configured
 RELAYHOST=
 # Enable fetchmail
 FETCHMAIL_ENABLED=true
 # Fetchmail delay
 FETCHMAIL_DELAY=600
 # Recipient delimiter, character used to delimiter localpart from custom address part
 RECIPIENT_DELIMITER=+
 # DMARC rua and ruf email
 DMARC_RUA=admin
 DMARC_RUF=admin
 # Welcome email, enable and set a topic and body if you wish to send welcome
 # emails to all users.
 WELCOME=false
 WELCOME_SUBJECT=Welcome to your new email account
 WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
 # Maildir Compression
 # choose compression-method, default: none (value: gz, bz2, zstd)
 COMPRESSION=
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL=
 # IMAP full-text search is enabled by default.
 # Set the following variable to off in order to disable the feature
 # or a comma separated list of language codes to support
 FULL_TEXT_SEARCH=en
 ###################################
 # Web settings
 ###################################
 # Path to redirect / to
 WEBROOT_REDIRECT=/webmail
 # Path to the admin interface if enabled
 WEB_ADMIN=/admin
 # Path to the webmail if enabled
 WEB_WEBMAIL=/webmail
 # Path to the API interface if enabled
 WEB_API=/api
 # Website name
 SITENAME=sectorq
 # Linked Website URL
 WEBSITE=https://mail.sectorq.eu
 ###################################
 # Advanced settings
 ###################################
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu
 # Number of rounds used by the password hashing scheme
 CREDENTIAL_ROUNDS=12
 # Header to take the real ip from
 REAL_IP_HEADER=X-Real-IP
 # IPs for nginx set_real_ip_from (CIDR list separated by commas)
 REAL_IP_FROM=192.168.77.101
 # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
 REJECT_UNLISTED_RECIPIENT=
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=INFO
 # Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TZ=EU/Bratislava
 # Default spam threshold used for new users
 DEFAULT_SPAM_THRESHOLD=80
 # API token required for authenticating to the RESTful API.
 # This is a mandatory setting for using the RESTful API.
 API_TOKEN=WM4QHB7FA6YBOQHC0M98CGM2LDG2OP4N
 # Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
 FULL_TEXT_SEARCH_ATTACHMENTS=true
 LD_PRELOAD=/usr/lib/libhardened_malloc.so
--- a/__swarm/mealie/.env
+++ b/__swarm/mealie/.env
@@ -0,0 +1,4 @@
 RESTART=always
 DOCKER_REGISTRY=r.sectorq.eu/library/
 APPNAME=mealie
--- a/__swarm/mealie/docker-compose.yml
+++ b/__swarm/mealie/docker-compose.yml
@@ -0,0 +1,42 @@
 services:
  mealie:
    image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0 # 
    container_name: mealie
    restart: always
    ports:
        - "9925:9000" # 
    deploy:
      resources:
        limits:
          memory: 1000M # 
    volumes:
      - /share/docker_data/mealie/data:/app/data/
    environment:
      # Set Backend ENV Variables Here
      ALLOW_SIGNUP: "false"
      PUID: 1000
      PGID: 1000
      TZ: Europe/Bratislava
      BASE_URL: https://mealie.sectorq.eu
      OIDC_AUTH_ENABLED: true
      OIDC_PROVIDER_NAME: authentik
      OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
      OIDC_CLIENT_ID: "QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b"
      OIDC_CLIENT_SECRET: "SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV"
      OIDC_SIGNUP_ENABLED: true
      OIDC_USER_GROUP: mealie-users
      OIDC_ADMIN_GROUP: mealie-admins
      OIDC_AUTO_REDIRECT: true   # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
      OIDC_REMEMBER_ME: true
    labels:      
      homepage.container: mealie
      homepage.description: Recipe server
      homepage.group: Utils
      homepage.href: https://${APPNAME}.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Mealie
      homepage.server: my-docker
      wud.watch: true
      wud.watch.digest: true     
 volumes:
  mealie-data:
--- a/__swarm/mealie/mealie-swarm.yml
+++ b/__swarm/mealie/mealie-swarm.yml
@@ -0,0 +1,46 @@
 services:
  app:
    image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0
    ports:
    - target: 9000
      published: 9925
      protocol: tcp
      mode: ingress
    deploy:
      resources:
        limits:
          memory: 1000M
      labels:
        homepage.container: mealie_app
        homepage.description: Recipe server
        homepage.group: Utils
        homepage.href: https://${APPNAME}.sectorq.eu
        homepage.icon: ${APPNAME}.png
        homepage.name: Mealie
        homepage.server: my-docker-swarm
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
    volumes:
    - data:/app/data/
    environment:
      ALLOW_SIGNUP: 'false'
      PUID: 1000
      PGID: 1000
      TZ: Europe/Bratislava
      BASE_URL: https://mealie.sectorq.eu
      OIDC_AUTH_ENABLED: 'true'
      OIDC_PROVIDER_NAME: authentik
      OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
      OIDC_CLIENT_ID: QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b
      OIDC_CLIENT_SECRET: SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV
      OIDC_SIGNUP_ENABLED: 'true'
      OIDC_USER_GROUP: mealie-users
      OIDC_ADMIN_GROUP: mealie-admins
      OIDC_AUTO_REDIRECT: 'true'
      OIDC_REMEMBER_ME: 'true'
 volumes:
  data:
--- a/__swarm/mealie/stack.env
+++ b/__swarm/mealie/stack.env
@@ -0,0 +1,37 @@
 ###############################################################################
 # Paperless-ngx settings                                                      #
 ###############################################################################
 # See http://docs.paperless-ngx.com/configuration/ for all available options.
 # The UID and GID of the user used to run paperless in the container. Set this
 # to your UID and GID on the host so that you have write access to the
 # consumption directory.
 #USERMAP_UID=1000
 #USERMAP_GID=1000
 # See the documentation linked above for all options. A few commonly adjusted settings
 # are provided below.
 # This is required if you will be exposing Paperless-ngx on a public domain
 # (if doing so please consider security measures such as reverse proxy)
 #PAPERLESS_URL=https://paperless.example.com
 # Adjust this key if you plan to make paperless available publicly. It should
 # be a very long sequence of random characters. You don't need to remember it.
 #PAPERLESS_SECRET_KEY=change-me
 # Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
 #PAPERLESS_TIME_ZONE=America/Los_Angeles
 # The default language to use for OCR. Set this to the language most of your
 # documents are written in.
 #PAPERLESS_OCR_LANGUAGE=eng
 # Additional languages to install for text recognition, separated by a whitespace.
 # Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
 # the language used for OCR.
 # The container installs English, German, Italian, Spanish and French by default.
 # See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
 # for available languages.
 #PAPERLESS_OCR_LANGUAGES=tur ces
--- a/__swarm/mediacenter/.env
+++ b/__swarm/mediacenter/.env
@@ -0,0 +1,12 @@
 APPNAME=mediacenter
 DOCKER_REGISTRY=r.sectorq.eu/library/
 LOGGING=syslog
 JELLYSEER_TOKEN=MTczMTY1NTk3ODUwOTY3NmJiOTM0LTY1MDctNGI2NS1hMmEyLTE3MjQ1MmI3OTI0Yg==
 JELLYFIN_TOKEN=0b0247d8030b46a0afe71be194311521
 JACKET_TOKEN=l4c1j4yd33Du5lo
 BAZARR_TOKEN=be4265d373929be3672ac813154baf6a
 LIDARR_TOKEN=a9d7379966bd467aa0ad226848575e03
 QBIT_TOKEN=l4c1j4yd33Du5lo
 RADARR_TOKEN=671f20f9518b4ab3a977cc00f95b0427
 SONARR_TOKEN=325b15a81c544ed2a1cd2bb16e95a129
 HW_MODE=cpu
--- a/__swarm/mediacenter/docker-compose.yml
+++ b/__swarm/mediacenter/docker-compose.yml
@@ -0,0 +1,326 @@
 networks:
  duplicati:
    driver: bridge
  mediarr:
    driver: bridge
 services:
  bazarr:
    container_name: bazarr
    depends_on:
      - sonarr
      - radarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Bratislava
    hostname: bazarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: bazarr
      homepage.description: Subtitles
      homepage.group: Media
      homepage.href: https://bazarr.sectorq.eu
      homepage.icon: bazarr.png
      homepage.name: bazarr
      homepage.server: my-docker
      homepage.weight: '90'
      homepage.widget.key: ${BAZARR_TOKEN}
      homepage.widget.type: bazarr
      homepage.widget.url: https://bazarr.sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    networks:
      - mediarr
    ports:
      - 6767:6767
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /share/docker_data/bazarr/config:/config
      - /media/m-server/movies:/movies/m-server
      - /media/m-server/shows:/tv/m-server
      - /media/nas/movies:/movies/nas
      - /media/nas/shows:/tv/nas
  flaresolverr:
    container_name: flaresolverr
    environment:
    - LOG_LEVEL=info
    - TZ=Europe/Bratislava
    hostname: flaresolverr
    image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
      wud.watch.digest: true
    networks:
      - mediarr
    ports:
      - 8191:8191
    restart: ${RESTART:-unless-stopped}
  homarr:
    container_name: homarr
    hostname: homarr
    image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
      wud.watch.digest: true
    networks:
      - mediarr
    ports:
      - 7575:7575
    restart: ${RESTART:-unless-stopped}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /share/docker_data/homarr/configs:/app/data/configs
      - /share/docker_data/homarr/icons:/app/public/icons
      - /share/docker_data/homarr/data:/data
  jackett:
    container_name: jackett
    dns:
      - 192.168.77.101
    depends_on:
      - sonarr
      - radarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Bratislava
      - AUTO_UPDATE=true
      - RUN_OPTS=
    hostname: jackett
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: jackett
      homepage.description: Subtitles
      homepage.group: Media
      homepage.href: https://jackett.sectorq.eu
      homepage.icon: jackett.png
      homepage.name: Jackett
      homepage.server: my-docker
      homepage.weight: '80'
      homepage.widget.password: ${JACKET_TOKEN}
      homepage.widget.type: jackett
      homepage.widget.url: https://jackett.sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    networks:
    - mediarr
    ports:
    - 9117:9117
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/jackett/config:/config
    - /share/docker_data/jackett/downloads:/downloads
  jellyfin:
    container_name: jellyfin
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Europe/Bratislava
    - JELLYFIN_PublishedServerUrl=https://jf.sectorq.eu
    extends:
      file: hwaccel.yml
      service: ${HW_MODE:-cpu}
    hostname: jellyfin
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: jellyfin
      homepage.description: Subtitles
      homepage.group: Media
      homepage.href: https://jf.sectorq.eu
      homepage.icon: jellyfin.png
      homepage.name: Jellyfin
      homepage.server: my-docker
      homepage.weight: '10'
      homepage.widget.key: ${JELLYFIN_TOKEN}
      homepage.widget.type: jellyfin
      homepage.widget.url: https://jf.sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    network_mode: host
    ports:
    - 8096:8096
    - 8920:8920
    - 7359:7359
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/jellyfin:/config
    - /media/m-server/movies:/data/movies/m-server
    - /media/m-server/music:/data/music/m-server
    - /media/m-server/shows:/data/shows/m-server
    - /media/nas/movies:/data/movies/nas
    - /media/nas/music:/data/music/nas
    - /media/nas/shows:/data/shows/nas
    - /media/nas/xxx:/data/xxx/nas
  jellyseerr:
    container_name: jellyseerr
    environment:
    - LOG_LEVEL=debug
    - TZ=Europe/Bratislava
    hostname: jellyseerr
    image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
    labels:
      com.centurylinklabs.watchtower.enabl: 'true'
      homepage.container: jellyseerr
      homepage.description: Subtitles
      homepage.group: Media
      homepage.href: https://js.sectorq.eu
      homepage.icon: jellyseerr.png
      homepage.name: Jellyseerr
      homepage.server: my-docker
      homepage.weight: '20'
      homepage.widget.key: ${JELLYSEER_TOKEN}
      homepage.widget.type: jellyseerr
      homepage.widget.url: https://js.sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    networks:
    - mediarr
    ports:
    - 5055:5055
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/jellyseerr/config:/app/config
  lidarr:
    container_name: lidarr
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Europe/Bratislava
    hostname: lidarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: lidarr
      homepage.description: Subtitles
      homepage.group: Media
      homepage.href: https://lidarr.sectorq.eu
      homepage.icon: lidarr.png
      homepage.name: Lidarr
      homepage.server: my-docker
      homepage.weight: '60'
      homepage.widget.key: ${LIDARR_TOKEN}
      homepage.widget.type: lidarr
      homepage.widget.url: https://lidarr.sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    networks:
    - mediarr
    ports:
    - 8686:8686
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/lidarr/config:/config
    - /media/m-server/music:/music
    - /media/m-server/downloads:/downloads
  qbittorrent:
    container_name: qbittorrent
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Europe/Bratislava
    - WEBUI_PORT=8085
    - FILE__PASSWORD=/run/secrets/mysecretpassword
    hostname: qbittorrent
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: qbittorrent
      homepage.description: Subtitles
      homepage.group: Utilities
      homepage.href: https://qbit.sectorq.eu
      homepage.icon: qbittorrent.png
      homepage.name: Qbittorrent
      homepage.server: my-docker
      homepage.weight: '95'
      homepage.widget.enableLeechProgress: 'true'
      homepage.widget.password: ${QBIT_TOKEN}
      homepage.widget.type: qbittorrent
      homepage.widget.url: https://qbit.sectorq.eu
      homepage.widget.username: admin
      wud.watch: true
      wud.watch.digest: true
    networks:
    - mediarr
    ports:
    - 8085:8085
    - 6881:6881
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/qbittorrent/config:/config
    - /media/m-server/downloads:/downloads
  radarr:
    container_name: radarr
    dns:
    - 192.168.77.101
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Europe/Bratislava
    hostname: radarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: radarr
      homepage.description: Subtitles
      homepage.group: Media
      homepage.href: https://radarr.sectorq.eu
      homepage.icon: radarr.png
      homepage.name: Radarr
      homepage.server: my-docker
      homepage.weight: '20'
      homepage.widget.key: ${RADARR_TOKEN}
      homepage.widget.type: radarr
      homepage.widget.url: https://radarr.sectorq.eu
      wud.display.icon: mdi:radarr
      wud.watch: true
      wud.watch.digest: true
    networks:
    - mediarr
    ports:
    - 7878:7878
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/radarr/config:/config
    - /media/m-server/movies/:/movies-m-server
    - /media/nas/movies/:/movies-nas
    - /media/m-server/downloads:/downloads
  sonarr:
    container_name: sonarr
    dns:
      - 192.168.77.101
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Bratislava
    hostname: sonarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: sonarr
      homepage.description: Subtitles
      homepage.group: Media
      homepage.href: https://sonarr.sectorq.eu
      homepage.icon: sonarr.png
      homepage.name: Sonarr
      homepage.server: my-docker
      homepage.weight: '30'
      homepage.widget.key: ${SONARR_TOKEN}
      homepage.widget.type: sonarr
      homepage.widget.url: https://sonarr.sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    networks:
    - mediarr
    ports:
    - 8989:8989
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/sonarr/config:/config
    - /media/m-server/shows:/tv-m-server
    - /media/nas/shows:/tv-nas
    - /media/m-server/downloads:/downloads
--- a/__swarm/mediacenter/hwaccel.yml
+++ b/__swarm/mediacenter/hwaccel.yml
@@ -0,0 +1,8 @@
 ---
 services:
  cpu: {}
  hw:
    devices:
      - /dev/dri/renderD128
      - /dev/dri/card1
--- a/__swarm/mediacenter/mediacenter-swarm.yml
+++ b/__swarm/mediacenter/mediacenter-swarm.yml
@@ -0,0 +1,426 @@
 networks:
  duplicati:
    driver: overlay
  mediarr:
    driver: overlay
 volumes:
  homarr_configs:
  homarr_icons:
  homarr_data:
  jackett_config:
  jackett_downloads:
  jellyfin_config:
  jellyseerr_config:
  lidarr_config:
  qbittorrent_config:
  radarr_config:
  sonarr_config:
  bazarr_config:
  m-server_music:
    driver: local
    driver_opts:
      type: nfs
      o: addr=192.168.77.101,rw,nfsvers=4.2,nolock
      device: :/music
  m-server_movies:
    driver: local
    driver_opts:
      type: nfs
      o: addr=192.168.77.101,rw,nfsvers=4.2,nolock
      device: :/movies
 services:
  bazarr:
    environment:
      PUID: '1000'
      PGID: '1000'
      TZ: Europe/Bratislava
    hostname: bazarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
    networks:
    - mediarr
    dns:
      - 192.168.77.101
    ports:
    - target: 6767
      published: 6767
      protocol: tcp
      mode: ingress
    volumes:
    - bazarr_config:/config
    - /media/m-server/movies:/movies/m-server
    - /media/m-server/shows:/tv/m-server
    - /media/nas/movies:/movies/nas
    - /media/nas/shows:/tv/nas
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: mediacenter_bazarr
        homepage.description: Subtitles
        homepage.group: Media
        homepage.href: https://bazarr.sectorq.eu
        homepage.icon: bazarr.png
        homepage.name: bazarr
        homepage.server: my-docker-swarm
        homepage.weight: '90'
        homepage.widget.key: ${BAZARR_TOKEN}
        homepage.widget.type: bazarr
        homepage.widget.url: https://bazarr.sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  flaresolverr:
    environment:
      LOG_LEVEL: info
      TZ: Europe/Bratislava
    hostname: flaresolverr
    image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
    networks:
    - mediarr
    ports:
    - target: 8191
      published: 8191
      protocol: tcp
      mode: ingress
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  homarr:
    hostname: homarr
    image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
    networks:
    - mediarr
    ports:
    - target: 7575
      published: 7575
      protocol: tcp
      mode: ingress
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - homarr_configs:/app/data/configs
    - homarr_icons:/app/public/icons
    - homarr_data:/data
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  jackett:
    dns:
    - 192.168.77.101
    environment:
      PUID: '1000'
      PGID: '1000'
      TZ: Europe/Bratislava
      AUTO_UPDATE: 'true'
      RUN_OPTS: ''
    hostname: jackett
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
    networks:
    - mediarr
    ports:
    - target: 9117
      published: 9117
      protocol: tcp
      mode: ingress
    volumes:
    - jackett_config:/config
    - jackett_downloads:/downloads
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: mediacenter_jackett
        homepage.description: Subtitles
        homepage.group: Media
        homepage.href: https://jackett.sectorq.eu
        homepage.icon: jackett.png
        homepage.name: Jackett
        homepage.server: my-docker-swarm
        homepage.weight: '80'
        homepage.widget.password: ${JACKET_TOKEN}
        homepage.widget.type: jackett
        homepage.widget.url: https://jackett.sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  jellyfin:
    environment:
      TZ: Europe/Bratislava
      JELLYFIN_PublishedServerUrl: https://jf.sectorq.eu
      VAAPI_DEVICE: /dev/dri/renderD128
      LIBVA_DRIVER_NAME: radeonsi
    hostname: jellyfin
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
    ports:
    - target: 8096
      published: 8096
      protocol: tcp
      mode: ingress
    - target: 8920
      published: 8920
      protocol: tcp
      mode: ingress
    - target: 7359
      published: 7359
      protocol: tcp
      mode: ingress
    user: root
    volumes:
    - jellyfin_config:/config
    - m-server_movies:/data/movies/m-server
    - m-server_music:/data/music/m-server
    - /media/m-server/shows:/data/shows/m-server
    - /media/nas/movies:/data/movies/nas
    - /media/nas/music:/data/music/nas
    - /media/nas/shows:/data/shows/nas
    - /media/nas/xxx:/data/xxx/nas
    - /dev/dri:/dev/dri
    devices:
      - /dev/dri/renderD128:/dev/dri/renderD128
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: mediacenter_jellyfin
        homepage.description: Subtitles
        homepage.group: Media
        homepage.href: https://jf.sectorq.eu
        homepage.icon: jellyfin.png
        homepage.name: Jellyfin
        homepage.server: my-docker-swarm
        homepage.weight: '10'
        homepage.widget.key: ${JELLYFIN_TOKEN}
        homepage.widget.type: jellyfin
        homepage.widget.url: https://jf.sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
        - node.labels.gpu == amd
  jellyseerr:
    environment:
      LOG_LEVEL: debug
      TZ: Europe/Bratislava
    hostname: jellyseerr
    image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
    networks:
    - mediarr
    ports:
    - target: 5055
      published: 5055
      protocol: tcp
      mode: ingress
    volumes:
    - jellyseerr_config:/app/config
    deploy:
      labels:
        com.centurylinklabs.watchtower.enabl: 'true'
        homepage.container: mediacenter_jellyseerr
        homepage.description: Subtitles
        homepage.group: Media
        homepage.href: https://js.sectorq.eu
        homepage.icon: jellyseerr.png
        homepage.name: Jellyseerr
        homepage.server: my-docker-swarm
        homepage.weight: '20'
        homepage.widget.key: ${JELLYSEER_TOKEN}
        homepage.widget.type: jellyseerr
        homepage.widget.url: https://js.sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  lidarr:
    environment:
      PUID: '1000'
      PGID: '1000'
      TZ: Europe/Bratislava
    hostname: lidarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
    networks:
    - mediarr
    ports:
    - target: 8686
      published: 8686
      protocol: tcp
      mode: ingress
    volumes:
    - lidarr_config:/config
    - /media/m-server/music:/music
    - /media/m-server/downloads:/downloads
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: mediacenter_lidarr
        homepage.description: Subtitles
        homepage.group: Media
        homepage.href: https://lidarr.sectorq.eu
        homepage.icon: lidarr.png
        homepage.name: Lidarr
        homepage.server: my-docker-swarm
        homepage.weight: '60'
        homepage.widget.key: ${LIDARR_TOKEN}
        homepage.widget.type: lidarr
        homepage.widget.url: https://lidarr.sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  qbittorrent:
    environment:
      PUID: '1000'
      PGID: '1000'
      TZ: Europe/Bratislava
      WEBUI_PORT: '8085'
      FILE__PASSWORD: /run/secrets/mysecretpassword
    hostname: qbittorrent
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
    networks:
    - mediarr
    ports:
    - target: 8085
      published: 8085
      protocol: tcp
      mode: ingress
    - target: 6881
      published: 6881
      protocol: tcp
      mode: ingress
    volumes:
    - qbittorrent_config:/config
    - /media/m-server/downloads:/downloads
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: mediacenter_qbittorrent
        homepage.description: Subtitles
        homepage.group: Utilities
        homepage.href: https://qbit.sectorq.eu
        homepage.icon: qbittorrent.png
        homepage.name: Qbittorrent
        homepage.server: my-docker-swarm
        homepage.weight: '95'
        homepage.widget.enableLeechProgress: 'false'
        homepage.widget.password: ${QBIT_TOKEN}
        homepage.widget.type: qbittorrent
        homepage.widget.url: https://qbit.sectorq.eu
        homepage.widget.username: admin
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  radarr:
    dns:
    - 192.168.77.101
    environment:
      PUID: '1000'
      PGID: '1000'
      TZ: Europe/Bratislava
    hostname: radarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
    networks:
    - mediarr
    ports:
    - target: 7878
      published: 7878
      protocol: tcp
      mode: ingress
    volumes:
    - radarr_config:/config
    - /media/m-server/movies/:/movies-m-server
    - /media/nas/movies/:/movies-nas
    - /media/m-server/downloads:/downloads
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: mediacenter_radarr
        homepage.description: Subtitles
        homepage.group: Media
        homepage.href: https://radarr.sectorq.eu
        homepage.icon: radarr.png
        homepage.name: Radarr
        homepage.server: my-docker-swarm
        homepage.weight: '20'
        homepage.widget.key: ${RADARR_TOKEN}
        homepage.widget.type: radarr
        homepage.widget.url: https://radarr.sectorq.eu
        wud.display.icon: mdi:radarr
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  sonarr:
    dns:
    - 192.168.77.101
    environment:
      PUID: '1000'
      PGID: '1000'
      TZ: Europe/Bratislava
    hostname: sonarr
    image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
    networks:
    - mediarr
    ports:
    - target: 8989
      published: 8989
      protocol: tcp
      mode: ingress
    volumes:
    - sonarr_config:/config
    - /media/m-server/shows:/tv-m-server
    - /media/nas/shows:/tv-nas
    - /media/m-server/downloads:/downloads
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: mediacenter_sonarr
        homepage.description: Subtitles
        homepage.group: Media
        homepage.href: https://sonarr.sectorq.eu
        homepage.icon: sonarr.png
        homepage.name: Sonarr
        homepage.server: my-docker-swarm
        homepage.weight: '30'
        homepage.widget.key: ${SONARR_TOKEN}
        homepage.widget.type: sonarr
        homepage.widget.url: https://sonarr.sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
--- a/__swarm/mosquitto/.env
+++ b/__swarm/mosquitto/.env
@@ -0,0 +1,2 @@
 APPNAME=mosquitto
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/mosquitto/docker-compose.yml
+++ b/__swarm/mosquitto/docker-compose.yml
@@ -0,0 +1,15 @@
 name: mosquitto
 services:
  mosquitto:
    image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      wud.watch: true
      wud.watch.digest: true
    mem_limit: 1g
    network_mode: host
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/mosquitto/conf:/mosquitto/config
    - /share/docker_data/mosquitto/data:/mosquitto/data
    - /share/docker_data/mosquitto/log:/mosquitto/log
--- a/__swarm/mosquitto/mosquitto-swarm.yml
+++ b/__swarm/mosquitto/mosquitto-swarm.yml
@@ -0,0 +1,25 @@
 services:
  mosquitto:
    image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
    ports:
    - target: 1883
      published: 1883
      protocol: tcp
      mode: host
    volumes:
    - conf:/mosquitto/config
    - data:/mosquitto/data
    - log:/mosquitto/log
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  conf:
  data:
  log:
--- a/__swarm/motioneye/.env
+++ b/__swarm/motioneye/.env
@@ -0,0 +1,3 @@
 APPNAME=motioneye
 DOCKER_REGISTRY=r.sectorq.eu/library/
 RESTART=always
--- a/__swarm/motioneye/docker-compose.yml
+++ b/__swarm/motioneye/docker-compose.yml
@@ -0,0 +1,28 @@
 services:
  motioneye:
    container_name: motioneye
    dns:
      - 192.168.77.101
    environment:
      - TZ=Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      homepage.container: motioneye
      homepage.description: Video manager
      homepage.group: Media
      homepage.href: http://m-server.home.lan:8765/
      homepage.icon: /images/motioneye.webp
      homepage.name: MotionEye
      homepage.server: my-docker
      homepage.weight: '1'
      wud.watch: true
      wud.watch.digest: true
    ports:
      - 8081:8081
      - 8765:8765
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /share/docker_data/motioneye/etc_motioneye:/etc/motioneye
      - /share/docker_data/motioneye/var_lib_motioneye:/var/lib/motioneye
--- a/__swarm/motioneye/motioneye-swarm.yml
+++ b/__swarm/motioneye/motioneye-swarm.yml
@@ -0,0 +1,40 @@
 services:
  app:
    dns:
    - 192.168.77.101
    environment:
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
    ports:
    - target: 8081
      published: 8081
      protocol: tcp
      mode: ingress
    - target: 8765
      published: 8765
      protocol: tcp
      mode: ingress
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - config:/etc/motioneye
    - data:/var/lib/motioneye
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        homepage.container: motioneye_app
        homepage.description: Video manager
        homepage.group: Media
        homepage.href: http://m-server.home.lan:8765/
        homepage.icon: /images/motioneye.webp
        homepage.name: MotionEye
        homepage.server: my-docker-swarm
        homepage.weight: '1'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  config:
  data:
--- a/__swarm/n8n/.env
+++ b/__swarm/n8n/.env
@@ -0,0 +1,2 @@
 APPNAME=n8n
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/n8n/docker-compose.yml
+++ b/__swarm/n8n/docker-compose.yml
@@ -0,0 +1,33 @@
 version: "3"
 services:
  n8n:
    image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
    container_name: n8n
    ports:
      - "5679:5678"
    environment:
      - N8N_HOST=n8n.sectorq.eu
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - N8N_BASIC_AUTH_ACTIVE=true
      - N8N_BASIC_AUTH_USER=sth
      - N8N_BASIC_AUTH_PASSWORD=pwd
      - N8N_RUNNERS_ENABLED=true
      - N8N_RUNNERS_MODE=internal
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_SECURE_COOKIE=false
      - WEBHOOK_URL=https://n8n.sectorq.eu
    volumes:
      - /share/docker_data/n8n/n8n-data:/home/node/.n8n
    restart: ${RESTART:-unless-stopped}
    stop_grace_period: 60s
    labels:      
      homepage.container: n8n
      homepage.description: Workflow management
      homepage.group: Utils
      homepage.href: https://${APPNAME}.sectorq.eu
      homepage.icon: /icons/n8n.svg
      homepage.name: n8n
      homepage.server: my-docker
      wud.watch: true
      wud.watch.digest: true   
--- a/__swarm/n8n/n8n-swarm.yml
+++ b/__swarm/n8n/n8n-swarm.yml
@@ -0,0 +1,42 @@
 version: '3'
 services:
  app:
    image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
    ports:
    - target: 5678
      published: 5679
      protocol: tcp
      mode: ingress
    environment:
      N8N_HOST: n8n.sectorq.eu
      N8N_PORT: '5678'
      N8N_PROTOCOL: https
      N8N_BASIC_AUTH_ACTIVE: 'true'
      N8N_BASIC_AUTH_USER: sth
      N8N_BASIC_AUTH_PASSWORD: pwd
      N8N_RUNNERS_ENABLED: 'true'
      N8N_RUNNERS_MODE: internal
      N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: 'true'
      N8N_SECURE_COOKIE: 'false'
      WEBHOOK_URL: https://n8n.sectorq.eu
    volumes:
    - data:/home/node/.n8n
    stop_grace_period: 60s
    deploy:
      labels:
        homepage.container: n8n_app
        homepage.description: Workflow management
        homepage.group: Utils
        homepage.href: https://${APPNAME}.sectorq.eu
        homepage.icon: /icons/n8n.svg
        homepage.name: n8n
        homepage.server: my-docker-swarm
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  data:
    driver: local
--- a/__swarm/nebula/.env
+++ b/__swarm/nebula/.env
@@ -0,0 +1,2 @@
 APPNAME=nebula
 PASSWORD=l4c1j4yd33Du5lo
--- a/__swarm/nebula/docker-compose
+++ b/__swarm/nebula/docker-compose
@@ -0,0 +1,17 @@
 services:
  nebula-sync:
    image: ghcr.io/lovelaze/nebula-sync:latest
    container_name: nebula-sync
    environment:
    - PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
    - REPLICAS=http://192.168.77.238:9380|l4c1j4yd33Du5lo,http://192.168.77.106:9380|l4c1j4yd33Du5lo
    - CLIENT_SKIP_TLS_VERIFICATION=true
    - FULL_SYNC=true
    - RUN_GRAVITY=true
    - CRON=0 * * * *      
    labels:
      wud.watch: true
      wud.watch.digest: true
    restart: always
--- a/__swarm/nebula/docker-compose.yml
+++ b/__swarm/nebula/docker-compose.yml
@@ -0,0 +1,11 @@
 services:
  nebula-sync:
    image: ghcr.io/lovelaze/nebula-sync:latest
    environment:
    - PRIMARY=http://192.168.77.101:9380|l4c1j4yd33Du5lo
    - REPLICAS=http://192.168.77.106:9380|l4c1j4yd33Du5lo
    - CLIENT_SKIP_TLS_VERIFICATION=true
    - FULL_SYNC=true
    - RUN_GRAVITY=true
    - CRON=0 * * * *      
--- a/__swarm/nebula/nebula-swarm.yml
+++ b/__swarm/nebula/nebula-swarm.yml
@@ -0,0 +1,15 @@
 services:
  nebula-sync:
    image: ghcr.io/lovelaze/nebula-sync:latest
    environment:
      PRIMARY: http://192.168.77.101:9380|l4c1j4yd33Du5lo
      REPLICAS: http://192.168.77.106:9380|l4c1j4yd33Du5lo
      CLIENT_SKIP_TLS_VERIFICATION: 'true'
      FULL_SYNC: 'true'
      RUN_GRAVITY: 'true'
      CRON: 0 * * * *
    deploy:
      replicas: 1
      placement:
        constraints:
        - node.role == manager
--- a/__swarm/nextcloud/.env
+++ b/__swarm/nextcloud/.env
@@ -0,0 +1,3 @@
 APPNAME=nextcloud
 #RESTART=always
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/nextcloud/docker-compose.yml
+++ b/__swarm/nextcloud/docker-compose.yml
@@ -0,0 +1,94 @@
 networks:
  nextcloud_network:
    ipam:
      config:
      - subnet: 192.168.80.0/28
      driver: default
  pihole_pihole:
    external: true
 services:
  app:
    depends_on:
    - db
    dns:
    - 192.168.78.254
    env_file:
    - stack.env
    image: ${DOCKER_REGISTRY:-}nextcloud:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
        -y smbclient;chown -R www-data:www-data /var/www/html
      homepage.container: nextcloud-app-1
      homepage.description: Cloud server
      homepage.group: Infrastructure
      homepage.href: https://nc.sectorq.eu
      homepage.icon: ${APPNAME}.png
      homepage.name: Nextcloud
      homepage.server: my-docker
      homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
      homepage.widget.type: ${APPNAME}
      homepage.widget.url: https://nc.sectorq.eu
      homepage.widget.username: jaydee
      wud.watch: true
      wud.watch.digest: true
    links:
    - db
    networks:
    - nextcloud_network
    - pihole_pihole
    ports:
    - 8134:80
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/nextcloud/app:/var/www/html
    - /share/docker_data/nextcloud/app-hooks/pre-installation:/docker-entrypoint-hooks.d/pre-installation
    - /share/docker_data/nextcloud/app-hooks/post-installation:/docker-entrypoint-hooks.d/post-installation
    - /share/docker_data/nextcloud/app-hooks/pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
    - /share/docker_data/nextcloud/app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
    - /share/docker_data/nextcloud/app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting
  db:
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
      --skip-innodb-read-only-compressed
    env_file:
    - stack.env
    image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
    labels:
      com.centurylinklabs.watchtower.enable: true
      wud.watch: true
      wud.watch.digest: true
    networks:
    - nextcloud_network
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/nextcloud/mariadb:/var/lib/mysql
    - /etc/localtime:/etc/localtime
  redis:
    image: ${DOCKER_REGISTRY:-}redis:alpine
    labels:
      wud.watch: true
      wud.watch.digest: true
    networks:
    - nextcloud_network
    restart: ${RESTART:-unless-stopped}
    volumes:
    - /share/docker_data/nextcloud/redis:/data
  appapi-harp:
    environment:
      - HP_SHARED_KEY=l4c1j4yd33Du5lo
      - NC_INSTANCE_URL=https://nc.sectorq.eu
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /share/docker_data/nextcloud/certs:/certs
    container_name: appapi-harp
    hostname: appapi-harp
    restart: unless-stopped
    ports:
      - 8780:8780
      - 8782:8782
    image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
    networks:
    - nextcloud_network
    labels:
      wud.watch: true
      wud.watch.digest: true
--- a/__swarm/nextcloud/nextcloud-swarm.yml
+++ b/__swarm/nextcloud/nextcloud-swarm.yml
@@ -0,0 +1,109 @@
 services:
  app:
    dns:
    - 192.168.77.101
    env_file:
    - stack.env
    image: ${DOCKER_REGISTRY:-}nextcloud:latest
    links:
    - db
    ports:
    - target: 80
      published: 8134
      protocol: tcp
      mode: ingress
    volumes:
    - data:/var/www/html
    - pre-installation:/docker-entrypoint-hooks.d/pre-installation
    - post-installation:/docker-entrypoint-hooks.d/post-installation
    - pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
    - post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
    - before-starting:/docker-entrypoint-hooks.d/before-starting
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
          -y smbclient;chown -R www-data:www-data /var/www/html
        homepage.container: nextcloud_app
        homepage.description: Cloud server
        homepage.group: Infrastructure
        homepage.href: https://nc.sectorq.eu
        homepage.icon: ${APPNAME}.png
        homepage.name: Nextcloud
        homepage.server: my-docker-swarm
        homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
        homepage.widget.type: ${APPNAME}
        homepage.widget.url: https://nc.sectorq.eu
        homepage.widget.username: jaydee
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  db:
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
      --skip-innodb-read-only-compressed
    env_file:
    - stack.env
    image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
    volumes:
    - mariadb:/var/lib/mysql
    - /etc/localtime:/etc/localtime
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  redis:
    image: ${DOCKER_REGISTRY:-}redis:alpine
    volumes:
    - redis:/data
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
  appapi-harp:
    environment:
      HP_SHARED_KEY: l4c1j4yd33Du5lo
      NC_INSTANCE_URL: https://nc.sectorq.eu
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - certs:/certs
    hostname: appapi-harp
    ports:
    - target: 8780
      published: 8780
      protocol: tcp
      mode: ingress
    - target: 8782
      published: 8782
      protocol: tcp
      mode: ingress
    image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  data:
  pre-installation:
  post-installation:
  pre-upgrade:
  post-upgrade:
  before-starting:
  mariadb:
  redis:
  certs:
--- a/__swarm/nextcloud/stack.env
+++ b/__swarm/nextcloud/stack.env
@@ -0,0 +1,10 @@
 TZ=Europe/Bratislava
 MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
 MYSQL_PASSWORD=l4c1j4yd33Du5lo
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
 MYSQL_HOST=db
 REDIS_HOST=redis
 PHP_MEMORY_LIMIT=1024M
 PHP_UPLOAD_LIMIT=1024M
 NEXTCLOUD_MEMORY_LIMIT=1024M
--- a/__swarm/nginx/.env
+++ b/__swarm/nginx/.env
@@ -0,0 +1 @@
 APPNAME=nginx
--- a/__swarm/nginx/docker-compose.yml
+++ b/__swarm/nginx/docker-compose.yml
@@ -0,0 +1,40 @@
 networks:
  pihole_pihole:
    external: true
 services:
  app:
    dns:
    - 192.168.78.254
    healthcheck:
      interval: 10s
      test:
      - CMD
      - /usr/bin/check-health
      timeout: 3s
    image: jc21/nginx-proxy-manager:latest
    labels:
      homepage.container: nginx-app-1
      homepage.description: Reverse Proxy
      homepage.group: Infrastructure
      homepage.href: http://active.home.lan:81
      homepage.icon: nginx-proxy-manager.png
      homepage.name: Nginx
      homepage.server: my-docker
      homepage.weight: '25'
      homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
      homepage.widget.type: npm
      homepage.widget.url: http://active.home.lan:81
      homepage.widget.username: monitoring@sectorq.eu
      wud.watch: true
      wud.watch.digest: true
    networks:
    - pihole_pihole
    ports:
    - 8099:80
    - 4439:443
    - 81:81
    restart: unless-stopped
    volumes:
    - /share/docker_data/nginx/data:/data
    - /share/docker_data/nginx/letsencrypt:/etc/letsencrypt
 version: '3.8'
--- a/__swarm/nginx/nginx-swarm.yml
+++ b/__swarm/nginx/nginx-swarm.yml
@@ -0,0 +1,55 @@
 networks:
  pihole_pihole:
    external: true
 services:
  app:
    dns:
    - 192.168.78.254
    healthcheck:
      interval: 10s
      test:
      - CMD
      - /usr/bin/check-health
      timeout: 3s
    image: jc21/nginx-proxy-manager:latest
    networks:
    - pihole_pihole
    ports:
    - target: 80
      published: 8099
      protocol: tcp
      mode: ingress
    - target: 443
      published: 4439
      protocol: tcp
      mode: ingress
    - target: 81
      published: 81
      protocol: tcp
      mode: ingress
    volumes:
    - data:/data
    - letsencrypt:/etc/letsencrypt
    deploy:
      labels:
        homepage.container: nginx-app-1
        homepage.description: Reverse Proxy
        homepage.group: Infrastructure
        homepage.href: http://active.home.lan:81
        homepage.icon: nginx-proxy-manager.png
        homepage.name: Nginx
        homepage.server: my-docker-swarm
        homepage.weight: '25'
        homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
        homepage.widget.type: npm
        homepage.widget.url: http://active.home.lan:81
        homepage.widget.username: monitoring@sectorq.eu
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  data:
  letsencrypt:
--- a/__swarm/node-red/.env
+++ b/__swarm/node-red/.env
@@ -0,0 +1,2 @@
 APPNAME=node-red
 DOCKER_REGISTRY=r.sectorq.eu/library/
--- a/__swarm/node-red/docker-compose.yml
+++ b/__swarm/node-red/docker-compose.yml
@@ -0,0 +1,28 @@
 networks:
  node-red-net: null
 services:
  node-red:
    dns:
    - 192.168.77.101
    environment:
    - TZ=Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
    labels:
      com.centurylinklabs.watchtower.enable: 'true'
      wud.watch: true
      wud.watch.digest: true
      homepage.container: node-red-node-red-1
      homepage.description:  Node red
      homepage.group: Infrastructure
      homepage.href: http://active.home.lan:1880
      homepage.icon: node-red.png
      homepage.name: Node-red
      homepage.server: my-docker
    mem_limit: 1g
    networks:
    - node-red-net
    ports:
    - 1880:1880
    restart: always
    volumes:
    - /share/docker_data/node-red:/data
--- a/__swarm/node-red/node-red-swarm.yml
+++ b/__swarm/node-red/node-red-swarm.yml
@@ -0,0 +1,32 @@
 services:
  app:
    dns:
    - 192.168.77.101
    environment:
      TZ: Europe/Bratislava
    image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
    ports:
    - target: 1880
      published: 1880
      protocol: tcp
      mode: ingress
    volumes:
    - data:/data
    deploy:
      labels:
        com.centurylinklabs.watchtower.enable: 'true'
        wud.watch: 'true'
        wud.watch.digest: 'true'
        homepage.container: node-red_app
        homepage.description: Node red
        homepage.group: Infrastructure
        homepage.href: http://active.home.lan:1880
        homepage.icon: node-red.png
        homepage.name: Node-red
        homepage.server: my-docker-swarm
      replicas: 1
      placement:
        constraints:
        - node.role == manager
 volumes:
  data:
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
jaydee	79c859e876	build	2025-12-14 10:45:29 +01:00
jaydee	d333a7928b	build	2025-12-14 10:43:26 +01:00
jaydee	f6d4ec9801	build	2025-12-14 10:40:22 +01:00
jaydee	79fc3b6880	build	2025-12-14 10:34:40 +01:00
jaydee	c373e27f68	build	2025-12-14 10:30:34 +01:00
jaydee	17db71682e	build	2025-12-14 10:28:24 +01:00
jaydee	67b908b5ad	build	2025-12-14 10:22:19 +01:00
jaydee	2a2aa81e5f	build	2025-12-14 10:08:30 +01:00
jaydee	b6d6c62071	build	2025-12-14 10:05:40 +01:00
jaydee	cc0df08051	build	2025-12-14 02:06:26 +01:00
jaydee	bf2772103a	build	2025-12-14 02:05:47 +01:00
jaydee	e23498073d	build	2025-12-14 02:04:35 +01:00
jaydee	a75e61ef72	build	2025-12-14 02:04:03 +01:00
jaydee	d0d3a56a7c	build	2025-12-14 02:03:02 +01:00
jaydee	c6d44a83e2	build	2025-12-14 01:50:14 +01:00
jaydee	91d00911e5	build	2025-12-14 01:19:08 +01:00
jaydee	9594626646	build	2025-12-13 21:26:29 +01:00
jaydee	e96c3015fb	build	2025-12-13 15:17:49 +01:00
jaydee	5b340d6b3d	build	2025-12-12 18:10:59 +01:00
jaydee	94c59d85fc	build	2025-12-12 18:07:34 +01:00
jaydee	f78408484b	build	2025-12-12 16:42:51 +01:00
jaydee	42adb45e9f	build	2025-12-12 16:38:53 +01:00
jaydee	e986f77d26	build	2025-12-12 16:32:23 +01:00
jaydee	4e1dcb5009	build	2025-12-12 16:25:04 +01:00
jaydee	4f7c3a285c	build	2025-12-12 16:23:39 +01:00
jaydee	62cab99470	build	2025-12-12 16:22:47 +01:00
jaydee	1bc1b0dcb9	build	2025-12-12 16:19:03 +01:00
jaydee	b37bf9f699	build	2025-12-12 16:02:28 +01:00
jaydee	bed32a51a6	build	2025-12-12 16:00:49 +01:00
jaydee	cf04cb7f74	build	2025-12-12 15:57:16 +01:00
jaydee	c835e3fbea	build	2025-12-12 15:55:48 +01:00
jaydee	6affd9f1a4	build	2025-12-12 15:53:56 +01:00
jaydee	9a064b469e	build	2025-12-12 15:23:20 +01:00
jaydee	c206590073	build	2025-12-12 15:18:18 +01:00
jaydee	565b25dc9b	build	2025-12-12 12:16:10 +01:00
jaydee	24179fade8	build	2025-12-11 17:12:09 +01:00
jaydee	1ed48b84c4	build	2025-12-11 16:45:19 +01:00
jaydee	2cf269a868	build	2025-12-10 23:42:15 +01:00
jaydee	c01c495b41	build	2025-12-10 23:34:38 +01:00
jaydee	e2748ccda8	build	2025-12-10 23:33:15 +01:00
jaydee	a4eb29de87	build	2025-12-10 23:25:37 +01:00
jaydee	005616c0a6	Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose	2025-12-10 23:24:13 +01:00
jaydee	74213b1de9	build	2025-12-10 23:23:26 +01:00
ladislav.dusa	f3de9e0995	build	2025-12-09 09:21:14 +01:00
ladislav.dusa	f82f7e0f25	build	2025-12-09 09:20:58 +01:00
jaydee	a98a226099	build	2025-12-08 18:57:14 +01:00
jaydee	f6536c0e6c	build	2025-12-08 18:53:19 +01:00
jaydee	b73b3dc929	build	2025-12-08 18:15:05 +01:00
jaydee	4e8fe0a1a1	build	2025-12-08 18:14:12 +01:00
jaydee	6484de18e8	build	2025-12-08 18:00:55 +01:00
jaydee	a92d32e73b	build	2025-12-08 16:51:22 +01:00
jaydee	178f30e9f1	build	2025-12-08 16:49:06 +01:00
jaydee	121abc76b0	build	2025-12-08 16:48:20 +01:00
jaydee	62a3ba833f	build	2025-12-08 16:47:44 +01:00
jaydee	cd2dc573f4	build	2025-12-08 16:46:24 +01:00
jaydee	7b6229bb39	build	2025-12-08 16:41:58 +01:00
jaydee	f06bcd22a6	build	2025-12-08 16:41:10 +01:00
jaydee	fa00fadccf	build	2025-12-08 16:06:47 +01:00
jaydee	4537da6174	build	2025-12-08 15:21:02 +01:00
jaydee	020b784632	build	2025-12-08 15:20:18 +01:00
jaydee	2963ee88f9	build	2025-12-08 15:08:41 +01:00
jaydee	682a727d50	build	2025-12-08 14:02:49 +01:00
jaydee	fca4bb4508	build	2025-12-08 00:02:56 +01:00
jaydee	8f2d400301	build	2025-12-07 23:25:42 +01:00
jaydee	bc41a0431d	build	2025-12-07 23:22:52 +01:00
jaydee	838fe4ed2a	build	2025-12-07 23:21:54 +01:00
jaydee	d932db7b28	build	2025-12-07 23:18:19 +01:00
jaydee	abaf235fed	build	2025-12-07 21:13:21 +01:00
jaydee	914bd21457	build	2025-12-07 21:04:38 +01:00
jaydee	0a746ab637	build	2025-12-07 21:01:33 +01:00
jaydee	3191ca5b55	build	2025-12-07 21:00:52 +01:00
jaydee	5a2235ae06	build	2025-12-07 20:59:57 +01:00
jaydee	4f212e10f2	build	2025-12-07 20:54:15 +01:00
jaydee	fc0ea98def	build	2025-12-07 20:47:22 +01:00
jaydee	0d9b5ef975	build	2025-12-07 20:44:01 +01:00
jaydee	4ce8f2ec9f	build	2025-12-07 20:40:26 +01:00
jaydee	5f24941a59	build	2025-12-07 20:32:19 +01:00
jaydee	fe563de936	build	2025-12-07 20:17:21 +01:00
jaydee	324244afac	build	2025-12-07 20:06:38 +01:00
jaydee	106e53fd0e	build	2025-12-07 20:05:50 +01:00
jaydee	ecdbbfb69f	build	2025-12-07 20:00:33 +01:00
jaydee	eb676c9dc6	build	2025-12-07 13:24:10 +01:00
jaydee	139908ad56	build	2025-12-07 13:19:02 +01:00
jaydee	46a0ae669c	build	2025-12-07 13:16:00 +01:00
jaydee	4708260c5c	build	2025-12-07 13:11:24 +01:00
jaydee	8fedeb155a	build	2025-12-07 13:05:41 +01:00
jaydee	bd29257d19	build	2025-12-07 13:04:52 +01:00
jaydee	f5628ee014	build	2025-12-07 12:55:51 +01:00
jaydee	b70c372e07	build	2025-12-06 16:38:51 +01:00
jaydee	dcee21d9d5	build	2025-12-06 16:36:27 +01:00
jaydee	5748b06dee	build	2025-12-06 16:32:49 +01:00
jaydee	042a50b572	build	2025-12-06 16:27:33 +01:00
jaydee	80781812de	build	2025-12-06 16:26:01 +01:00
jaydee	718dd27570	build	2025-12-06 16:22:19 +01:00
jaydee	d2e18a53e6	build	2025-12-06 16:20:53 +01:00
jaydee	7a5291fb37	build	2025-12-06 16:19:30 +01:00
jaydee	5651b03906	build	2025-12-06 16:18:26 +01:00
jaydee	246dc997b5	build	2025-12-06 16:17:27 +01:00
jaydee	81b430e23d	build	2025-12-06 16:15:23 +01:00
jaydee	43b82acc66	build	2025-12-06 16:12:53 +01:00
jaydee	7b95fd74cd	build	2025-12-06 16:10:40 +01:00
jaydee	403f9396c5	build	2025-12-06 16:08:57 +01:00
jaydee	1f82d674f8	build	2025-12-06 16:06:47 +01:00
jaydee	6f66064c8b	build	2025-12-06 16:05:02 +01:00
jaydee	504eb1229a	build	2025-12-06 16:01:52 +01:00
jaydee	c5c66dc914	build	2025-12-06 15:59:44 +01:00
jaydee	b7efad7a12	build	2025-12-06 15:55:55 +01:00
jaydee	4d98f7f39e	build	2025-12-06 15:53:02 +01:00
jaydee	f449431a91	build	2025-12-06 15:51:42 +01:00
jaydee	8f36939703	build	2025-12-06 15:48:47 +01:00
jaydee	136e637aed	build	2025-12-06 15:46:41 +01:00
jaydee	6ba2c2dd0f	build	2025-12-06 15:27:44 +01:00
jaydee	b4961f5961	build	2025-12-06 15:14:25 +01:00
jaydee	e34addb608	build	2025-12-06 15:11:35 +01:00
jaydee	89321a9b46	build	2025-12-06 15:10:34 +01:00
jaydee	0e31d85bc7	build	2025-12-06 13:25:29 +01:00
jaydee	68046f8bb3	build	2025-12-06 02:22:16 +01:00
jaydee	cc3b725b59	build	2025-12-06 02:19:58 +01:00
jaydee	7af37e4adf	build	2025-12-06 02:18:09 +01:00
jaydee	59276f0a0d	build	2025-12-06 02:13:52 +01:00
jaydee	53a2087e21	build	2025-12-06 01:53:54 +01:00
jaydee	c4a5822ee7	build	2025-12-06 01:50:44 +01:00
jaydee	6c65d61a9d	build	2025-12-06 01:17:11 +01:00
jaydee	a3661ef551	build	2025-12-06 01:14:42 +01:00
jaydee	99c4787189	build	2025-12-06 01:10:29 +01:00
jaydee	7ee17ad41c	build	2025-12-06 01:05:53 +01:00
jaydee	f414ced56e	build	2025-12-06 01:04:34 +01:00
jaydee	43966299d7	build	2025-12-06 01:01:07 +01:00
jaydee	df897ceee3	build	2025-12-06 00:59:20 +01:00
jaydee	4c73d641e8	build	2025-12-06 00:55:48 +01:00
jaydee	34cb6e28d6	build	2025-12-06 00:54:38 +01:00
jaydee	690d1a2a15	build	2025-12-06 00:47:35 +01:00
jaydee	cdd64767f4	build	2025-12-06 00:33:08 +01:00
jaydee	9080a8914c	build	2025-12-06 00:30:40 +01:00
jaydee	a428b50ecd	build	2025-12-06 00:29:45 +01:00
jaydee	630946ad99	build	2025-12-06 00:20:51 +01:00
jaydee	0fc0f74183	build	2025-12-06 00:14:24 +01:00
jaydee	bab3fd7ec3	build	2025-12-06 00:11:34 +01:00
jaydee	116855a14c	build	2025-12-06 00:07:08 +01:00
jaydee	db91ebd75e	build	2025-12-06 00:03:52 +01:00
jaydee	914ceee33c	build	2025-12-05 23:45:12 +01:00
jaydee	b784bc08e9	build	2025-12-05 23:31:00 +01:00
jaydee	3eb5938c7d	build	2025-12-05 23:28:27 +01:00
jaydee	05b09e3ab4	build	2025-12-05 23:27:54 +01:00
jaydee	b1336936a7	build	2025-12-05 23:23:16 +01:00
jaydee	e3e59b73c6	build	2025-12-05 23:15:16 +01:00
jaydee	9c8f603390	build	2025-12-05 23:14:25 +01:00
jaydee	e77462a602	build	2025-12-05 23:05:40 +01:00
jaydee	3b3a520099	build	2025-12-05 23:02:56 +01:00
jaydee	b5ad9aa6f1	build	2025-12-05 22:54:34 +01:00
jaydee	68fe8d68bf	build	2025-12-05 22:49:10 +01:00
jaydee	3fad5abfb2	build	2025-12-05 22:46:00 +01:00
jaydee	279d51b43e	build	2025-12-05 22:36:47 +01:00
jaydee	782b2361b1	build	2025-12-05 22:35:09 +01:00
jaydee	ca167b83a1	build	2025-12-05 22:34:31 +01:00
jaydee	1c7d250719	build	2025-12-05 22:27:08 +01:00
jaydee	3fd77c7a85	build	2025-12-05 22:02:54 +01:00
jaydee	c4de5186ef	build	2025-12-05 17:40:21 +01:00
jaydee	8684ec35b1	build	2025-12-05 17:38:52 +01:00
jaydee	4b3edfb97e	build	2025-12-05 17:38:16 +01:00
jaydee	f8a3b1df09	build	2025-12-05 17:37:12 +01:00
jaydee	fc47bf7ca8	build	2025-12-05 17:36:18 +01:00
jaydee	1880468c0a	build	2025-12-05 17:35:18 +01:00
jaydee	cd45bf010a	build	2025-12-05 14:23:23 +01:00
jaydee	b6bb681347	build	2025-12-05 14:22:53 +01:00
jaydee	75094c4bef	build	2025-12-05 14:22:30 +01:00
jaydee	ad6bddbd27	build	2025-12-05 14:21:56 +01:00
jaydee	4f23e7bcac	build	2025-12-05 14:21:14 +01:00
jaydee	09af3a71f2	build	2025-12-05 14:18:29 +01:00
jaydee	4044c739f3	build	2025-12-05 13:34:11 +01:00
jaydee	52101e3559	build	2025-12-05 07:30:09 +01:00
jaydee	1699f45b01	build	2025-12-04 20:36:28 +01:00
jaydee	a95436bff8	build	2025-12-04 20:34:39 +01:00
jaydee	09f7bcf059	build	2025-12-04 20:28:26 +01:00
jaydee	60f60c4950	build	2025-12-04 20:26:49 +01:00
jaydee	89231da969	build	2025-12-04 20:24:48 +01:00
jaydee	ae54ed3d27	build	2025-12-04 20:24:45 +01:00
jaydee	da2bbe5318	build	2025-12-04 20:06:12 +01:00
jaydee	16725c9d47	build	2025-12-04 14:18:31 +01:00
jaydee	f4742596e5	build	2025-12-04 13:35:13 +01:00
jaydee	c7f06a3d67	build	2025-12-04 13:29:46 +01:00
jaydee	225b5e07e4	Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose	2025-12-04 13:28:07 +01:00
jaydee	e222a43e52	build	2025-12-04 13:27:56 +01:00
ladislav.dusa	e38fdbc412	build	2025-12-03 13:17:01 +01:00
jaydee	6b9b310267	build	2025-12-02 23:50:19 +01:00
jaydee	e6b210c5c2	build	2025-12-02 17:45:31 +01:00
jaydee	05f7d57ea0	build	2025-12-02 09:27:40 +01:00
jaydee	77bf212ea5	build	2025-12-02 09:15:35 +01:00
jaydee	4e78ee240b	build	2025-12-02 09:10:24 +01:00
jaydee	71470ad568	build	2025-12-02 00:47:29 +01:00
jaydee	bfaaccd820	build	2025-12-02 00:07:30 +01:00
jaydee	d3cc962d2c	build	2025-12-02 00:07:11 +01:00
jaydee	d0430f6c29	build	2025-12-02 00:06:51 +01:00
jaydee	1f4db460b2	build	2025-12-02 00:05:18 +01:00
jaydee	2f626e5d1d	build	2025-12-02 00:02:48 +01:00
jaydee	eefa342936	build	2025-12-02 00:02:23 +01:00
jaydee	b8f2e75104	build	2025-12-01 23:56:28 +01:00
jaydee	f2cd7820ee	build	2025-12-01 23:54:51 +01:00
jaydee	5fb1992d5a	build	2025-12-01 23:52:11 +01:00
jaydee	920a1612f1	build	2025-12-01 23:51:38 +01:00
jaydee	5e747541a9	build	2025-12-01 23:51:18 +01:00
jaydee	6596084339	build	2025-12-01 23:50:10 +01:00
jaydee	7aa2886f56	build	2025-12-01 23:49:35 +01:00
jaydee	3faf6f4518	build	2025-12-01 23:44:14 +01:00
jaydee	7fd268c8f7	build	2025-12-01 23:33:08 +01:00
jaydee	36c3a04d68	build	2025-12-01 23:32:00 +01:00
jaydee	a7f03c4018	build	2025-12-01 23:31:08 +01:00
jaydee	e4aae2ad7f	build	2025-12-01 23:29:08 +01:00
jaydee	cb8da69fb7	build	2025-12-01 23:26:52 +01:00
jaydee	3db89c2fa4	build	2025-12-01 23:17:55 +01:00
jaydee	0cee8f9035	build	2025-12-01 23:13:44 +01:00
jaydee	72e396ca25	build	2025-12-01 23:09:45 +01:00
jaydee	43b639d032	build	2025-12-01 23:09:19 +01:00
jaydee	ed9e536fe3	build	2025-12-01 23:04:40 +01:00
jaydee	9a35e5dd04	build	2025-12-01 23:04:11 +01:00
jaydee	b4b12f491b	build	2025-12-01 23:01:26 +01:00
jaydee	7b5a0df31a	build	2025-12-01 23:01:04 +01:00
jaydee	38794f8d05	build	2025-12-01 22:54:45 +01:00
jaydee	7ee80c8dd7	build	2025-12-01 22:51:51 +01:00
jaydee	15d4158cf4	build	2025-12-01 22:50:00 +01:00
jaydee	f67185ff7a	build	2025-12-01 22:43:16 +01:00
jaydee	2f3e5f1c34	build	2025-12-01 22:40:54 +01:00
jaydee	23c1830136	build	2025-12-01 22:39:54 +01:00
jaydee	4019769b46	build	2025-12-01 22:39:30 +01:00
jaydee	9a5fef9a6c	build	2025-12-01 22:17:46 +01:00
jaydee	7086a5d938	build	2025-12-01 22:14:56 +01:00
jaydee	cc1973cfba	build	2025-12-01 22:13:40 +01:00
jaydee	21b1074c66	build	2025-12-01 22:10:13 +01:00
jaydee	940f6a44b4	build	2025-12-01 22:09:44 +01:00
jaydee	c711d5f918	build	2025-12-01 22:04:37 +01:00
jaydee	9a31555e24	build	2025-12-01 22:04:05 +01:00
jaydee	6ce28fee3d	build	2025-12-01 22:02:12 +01:00
jaydee	59ef2785aa	build	2025-12-01 21:32:54 +01:00
jaydee	05832a32f8	build	2025-12-01 21:25:22 +01:00
jaydee	df36b5e6e9	build	2025-12-01 21:06:10 +01:00
jaydee	db968226bd	build	2025-12-01 21:05:25 +01:00
jaydee	b44183d97f	build	2025-12-01 20:56:04 +01:00
jaydee	78f958d101	build	2025-12-01 20:53:34 +01:00
jaydee	6f0c7e1b01	build	2025-12-01 20:50:22 +01:00
jaydee	a76a083829	build	2025-12-01 20:49:33 +01:00
jaydee	a30bdd2aaf	build	2025-12-01 20:30:18 +01:00
jaydee	d4ad6a6e20	build	2025-12-01 20:28:55 +01:00
jaydee	a52c6d0acf	build	2025-12-01 20:05:39 +01:00
jaydee	83075b5d70	build	2025-12-01 19:37:17 +01:00
jaydee	b7bda89eac	build	2025-12-01 14:40:34 +01:00
jaydee	019b9279b7	build	2025-12-01 11:54:15 +01:00
jaydee	238ed8934c	build	2025-12-01 11:50:53 +01:00
jaydee	8832b26ac6	build	2025-12-01 09:46:49 +01:00
jaydee	df02fb6493	build	2025-12-01 00:45:31 +01:00
jaydee	2503bdff11	build	2025-12-01 00:44:21 +01:00
jaydee	46f149d67d	build	2025-11-30 23:59:15 +01:00
jaydee	36f36feea3	build	2025-11-30 23:56:04 +01:00
jaydee	cde8f6c486	build	2025-11-30 23:54:27 +01:00
jaydee	8a49f037e2	build	2025-11-30 23:54:10 +01:00
jaydee	f3c5258573	build	2025-11-30 23:51:33 +01:00
jaydee	0adb6aee4f	build	2025-11-30 23:49:56 +01:00
jaydee	e1638acd8d	build	2025-11-30 23:34:46 +01:00
jaydee	c349c2e262	build	2025-11-30 23:16:59 +01:00
jaydee	6fe23b5734	build	2025-11-30 23:15:18 +01:00
jaydee	4100776d71	build	2025-11-30 22:49:47 +01:00
jaydee	614aea1790	build	2025-11-30 22:38:10 +01:00
jaydee	7e0423af92	build	2025-11-30 22:34:44 +01:00
jaydee	fe0e418533	build	2025-11-30 22:28:40 +01:00
jaydee	2bda209455	build	2025-11-30 22:25:10 +01:00
jaydee	661cdf4a37	build	2025-11-30 22:20:45 +01:00
jaydee	e9598adce8	build	2025-11-30 22:06:14 +01:00
jaydee	71af5ccc4c	build	2025-11-30 22:02:25 +01:00
jaydee	0f990c2c9e	build	2025-11-30 21:58:23 +01:00
jaydee	28afb56f15	build	2025-11-30 21:45:08 +01:00
jaydee	8cd6483f92	build	2025-11-30 21:39:05 +01:00
jaydee	f1d9b5afea	build	2025-11-30 21:35:07 +01:00
jaydee	a733b283b1	build	2025-11-30 21:25:00 +01:00
jaydee	d7e80a3e06	build	2025-11-30 21:21:55 +01:00
jaydee	d9495b67a2	build	2025-11-30 20:59:37 +01:00
jaydee	ecdfa9182a	build	2025-11-30 20:56:53 +01:00
jaydee	7be1fc6085	build	2025-11-30 20:55:45 +01:00
jaydee	aa68e0f291	build	2025-11-30 20:50:00 +01:00
jaydee	972be8425a	build	2025-11-30 19:37:27 +01:00
jaydee	f901c8a22c	build	2025-11-30 19:35:08 +01:00
jaydee	99966b04ba	build	2025-11-30 18:46:25 +01:00
jaydee	86ed33513d	build	2025-11-30 18:26:06 +01:00
jaydee	a1ceec582a	build	2025-11-30 18:01:08 +01:00
jaydee	f49b9a13e0	build	2025-11-30 17:28:04 +01:00
jaydee	c2420987ca	build	2025-11-30 17:27:05 +01:00
jaydee	af8e4b1cbf	build	2025-11-30 17:13:02 +01:00
jaydee	5ef7c025f4	build	2025-11-30 17:12:46 +01:00
jaydee	befd931165	build	2025-11-30 17:04:24 +01:00
jaydee	a037496191	build	2025-11-30 17:01:20 +01:00
jaydee	5e8b06175d	build	2025-11-30 16:59:40 +01:00
jaydee	03516cad45	build	2025-11-30 16:58:51 +01:00
jaydee	1b14ee6a6d	build	2025-11-30 16:57:24 +01:00
jaydee	0e0383bf49	build	2025-11-30 16:56:13 +01:00
jaydee	527c18c89f	build	2025-11-30 16:43:19 +01:00
jaydee	03c1e12a27	build	2025-11-30 16:35:09 +01:00
jaydee	2ddb1fad36	build	2025-11-30 16:31:04 +01:00
jaydee	6f137b7a1b	build	2025-11-30 16:29:53 +01:00
jaydee	9ae1911a44	build	2025-11-30 16:03:20 +01:00
jaydee	ac9f9dd009	build	2025-11-30 15:57:29 +01:00
jaydee	3fbf904a6c	build	2025-11-30 15:57:28 +01:00
jaydee	cfb619f3c3	build	2025-11-30 15:36:23 +01:00
jaydee	bf052fae54	build	2025-11-30 15:35:00 +01:00
jaydee	63bf6b805b	build	2025-11-30 15:16:46 +01:00
jaydee	a63b1353a7	build	2025-11-30 15:15:01 +01:00
jaydee	0443fcf7aa	build	2025-11-30 15:13:57 +01:00
jaydee	d3ef0fb2b7	build	2025-11-30 15:08:49 +01:00
jaydee	67400a92b0	build	2025-11-30 15:05:19 +01:00
jaydee	a59d0b5fa7	build	2025-11-30 15:04:25 +01:00
jaydee	c1dec9fbc7	build	2025-11-30 15:02:09 +01:00
jaydee	29fe44abdb	build	2025-11-30 15:01:11 +01:00
jaydee	8296f99b41	build	2025-11-30 14:58:16 +01:00
jaydee	06041dc3ee	build	2025-11-30 14:50:36 +01:00
jaydee	6f18999452	build	2025-11-30 14:40:21 +01:00
jaydee	9477960cca	build	2025-11-30 14:39:30 +01:00
jaydee	8354f41f09	build	2025-11-30 14:14:01 +01:00
jaydee	ce5765ed78	build	2025-11-30 13:20:47 +01:00
jaydee	0420f90ac8	build	2025-11-30 12:56:57 +01:00
jaydee	8076465132	build	2025-11-30 12:47:57 +01:00
jaydee	ff651e8a4e	build	2025-11-30 12:47:02 +01:00
jaydee	9b9647ac3b	build	2025-11-30 12:46:17 +01:00
jaydee	13e6dd903a	build	2025-11-30 12:34:45 +01:00
jaydee	e5f390ad42	build	2025-11-27 01:42:57 +01:00
jaydee	a295d88932	build	2025-11-27 01:28:42 +01:00
jaydee	1895b255c0	build	2025-11-27 01:27:01 +01:00
jaydee	04036069e2	build	2025-11-27 01:10:17 +01:00
jaydee	20b4ffeecd	build	2025-11-27 01:05:30 +01:00
jaydee	360e7b3889	build	2025-11-27 00:52:55 +01:00
jaydee	a54bdf3164	build	2025-11-27 00:47:47 +01:00
jaydee	9f0b6d3380	build	2025-11-27 00:46:20 +01:00
jaydee	58ac59775f	build	2025-11-27 00:44:36 +01:00
jaydee	45b4ffb3a0	build	2025-11-27 00:43:14 +01:00
jaydee	2dc3c02720	build	2025-11-27 00:20:01 +01:00
jaydee	9c5f226c1b	build	2025-11-26 23:02:19 +01:00
jaydee	348b5bde0c	build	2025-11-22 10:15:09 +01:00
jaydee	60a4459383	build	2025-11-22 10:07:38 +01:00
jaydee	e77bcfcd1d	build	2025-11-22 10:05:24 +01:00
jaydee	59fdf78983	build	2025-11-22 09:31:52 +01:00
jaydee	c89bffbbcb	build	2025-11-22 09:25:44 +01:00
jaydee	009ac6e534	build	2025-11-22 09:18:32 +01:00
jaydee	132ba61d1c	build	2025-11-21 13:28:42 +01:00
jaydee	7fb4f4e7e2	build	2025-11-21 00:03:25 +01:00
jaydee	c895947d2c	build	2025-11-21 00:00:31 +01:00
jaydee	4fba507909	build	2025-11-20 23:59:53 +01:00
jaydee	52c271e592	build	2025-11-20 23:57:51 +01:00
jaydee	3a8cc691f4	build	2025-11-20 23:53:47 +01:00
jaydee	bc2ccf529f	build	2025-11-20 23:45:36 +01:00
jaydee	13c366a7de	build	2025-11-20 23:44:46 +01:00
jaydee	7793689b89	build	2025-11-20 23:44:08 +01:00
jaydee	5d3f47f90d	build	2025-11-20 23:43:41 +01:00
jaydee	678101718f	build	2025-11-20 23:30:43 +01:00
jaydee	0d480e7ae8	build	2025-11-20 23:26:06 +01:00
jaydee	f615d6b147	build	2025-11-19 00:54:25 +01:00
jaydee	25148d8769	build	2025-11-19 00:37:58 +01:00
jaydee	e929defb34	build	2025-11-19 00:09:22 +01:00
jaydee	376b66d9a6	build	2025-11-19 00:08:26 +01:00
jaydee	18a5022df8	build	2025-11-19 00:00:01 +01:00
jaydee	e4a1ba7073	build	2025-11-18 23:56:14 +01:00
jaydee	d98370e9b8	build	2025-11-18 23:55:20 +01:00
jaydee	cd94c86daf	build	2025-11-18 23:51:22 +01:00
jaydee	991ef075a2	build	2025-11-18 23:46:32 +01:00
jaydee	d0d7b14d16	build	2025-11-18 23:40:14 +01:00
jaydee	3fce655511	build	2025-11-18 23:35:19 +01:00
jaydee	15c7cdb3aa	build	2025-11-18 23:31:51 +01:00
jaydee	8d7101366b	build	2025-11-18 23:26:11 +01:00
jaydee	cf68eb4c75	build	2025-11-18 23:00:17 +01:00
jaydee	80e633cecd	build	2025-11-18 22:58:25 +01:00
jaydee	3c83de6a35	build	2025-11-18 22:46:32 +01:00
jaydee	46401dd288	build	2025-11-18 22:43:15 +01:00
jaydee	873ea0efb4	build	2025-11-18 22:34:01 +01:00
jaydee	4d0d9c93ca	alias	2025-11-18 20:54:46 +01:00
jaydee	8db02b515e	alias	2025-11-18 20:44:48 +01:00
jaydee	f8bb4bbd34	alias	2025-11-18 20:43:35 +01:00
jaydee	c28e3651b1	alias	2025-11-18 20:43:21 +01:00
jaydee	c94109a95e	alias	2025-11-18 18:38:42 +01:00
jaydee	74121897a5	alias	2025-11-18 17:57:06 +01:00
jaydee	c4aff80566	alias	2025-11-18 16:57:18 +01:00
jaydee	2e6ab18df8	alias	2025-11-18 16:52:34 +01:00
jaydee	03be5a8916	alias	2025-11-18 16:49:41 +01:00
jaydee	b644b36d06	alias	2025-11-18 16:48:10 +01:00
jaydee	f71ca15c11	alias	2025-11-18 16:41:32 +01:00
jaydee	d9092ebaa3	alias	2025-11-18 12:36:36 +01:00
jaydee	09460a2637	alias	2025-11-18 11:32:22 +01:00
jaydee	4e7160d332	alias	2025-11-18 11:32:15 +01:00
jaydee	46f865a292	alias	2025-11-18 01:58:20 +01:00
jaydee	efa026ccab	alias	2025-11-18 01:57:26 +01:00
jaydee	10b2bde7f9	alias	2025-11-18 01:57:14 +01:00
jaydee	712a3f65d9	alias	2025-11-18 01:47:58 +01:00
jaydee	6acff3fe5d	alias	2025-11-18 01:12:43 +01:00
jaydee	714c150042	alias	2025-11-18 01:11:47 +01:00
jaydee	f690971659	alias	2025-11-16 20:32:51 +01:00
jaydee	cdc5dc8e45	alias	2025-11-13 17:27:50 +01:00
jaydee	e8b248847b	alias	2025-11-13 09:43:49 +01:00
jaydee	46ea08fe1c	alias	2025-11-13 02:29:03 +01:00
jaydee	3352a74e24	alias	2025-11-13 02:22:35 +01:00
jaydee	78922c407e	alias	2025-11-13 02:22:22 +01:00
jaydee	680961397f	build	2025-11-13 02:03:38 +01:00
jaydee	e71867f77c	alias	2025-11-13 01:40:53 +01:00
jaydee	0e2b856b02	alias	2025-11-13 01:03:14 +01:00
jaydee	07ecd6cd75	alias	2025-11-13 01:02:38 +01:00
jaydee	a34b753ae8	alias	2025-11-13 00:27:30 +01:00
jaydee	97691340d1	Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose	2025-11-13 00:00:30 +01:00
jaydee	947af590e1	alias	2025-11-12 23:58:49 +01:00
ladislav.dusa	c80fba3ec2	build	2025-11-12 09:04:27 +01:00
jaydee	9ec8363f80	build	2025-11-11 18:19:49 +01:00
jaydee	03f9d8c332	build	2025-11-10 14:41:35 +01:00
jaydee	45d7d3eb63	build	2025-11-10 14:39:09 +01:00
jaydee	7c7325624f	build	2025-11-09 10:40:07 +01:00
jaydee	8ba24a16b8	build	2025-11-06 07:00:18 +01:00
jaydee	daf8f09000	build	2025-11-03 23:15:29 +01:00
jaydee	d270efbb1f	build	2025-11-03 16:53:08 +01:00
jaydee	f48b990ca3	build	2025-11-03 16:51:10 +01:00
		`@@ -0,0 +1,2 @@`
							`APPNAME=bitwarden`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=bookstack`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=dockermon`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=fail2ban`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=grafana`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=homepage`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=mosquitto`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=n8n`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`
		`@@ -0,0 +1,2 @@`
							`APPNAME=node-red`
							`DOCKER_REGISTRY=r.sectorq.eu/library/`