build

__swarm/bookstack/.env

@@ -1,2 +1,89 @@
-APPNAME=bookstack
-DOCKER_REGISTRY=r.sectorq.eu/library/
+APPNAME: bookstack
+DOCKER_REGISTRY: r.sectorq.eu/library/
+PUID: 1000
+PGID: 1000
+APP_URL: https://bookstack.sectorq.eu
+DB_HOST: db
+DB_PORT: 3306
+DB_USER: bookstack
+DB_PASS: l4c1j4yd33Du5lo
+DB_DATABASE: bookstackapp
+MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
+TZ: Europe/Bratislava
+MYSQL_DATABASE: bookstackapp
+MYSQL_USER: bookstack
+MYSQL_PASSWORD: l4c1j4yd33Du5lo
+APP_KEY: base64:HB4Gre472TO2pllXEw7afFY2dJ7E09ZJAaHLYP0/hV8=
+# # Set authentication method to be saml2
+# AUTH_METHOD: saml2
+# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
+# # Prevents the need for the user to click the "Login with x" button on the login page.
+# # Setting this to true enables auto-initiation.
+# AUTH_AUTO_INITIATE: false
+# # Set the display name to be shown on the login button.
+# # (Login with <name>)
+# SAML2_NAME: authentik
+# # Name of the attribute which provides the user's email address
+# SAML2_EMAIL_ATTRIBUTE: email
+# # Name of the attribute to use as an ID for the SAML user.
+# SAML2_EXTERNAL_ID_ATTRIBUTE: uid
+# # Enable SAML group sync.
+# SAML2_USER_TO_GROUPS: true
+# # Set the attribute from which BookStack will read groups names from.
+# # You will need to rename your roles in Bookstack to match your groups in authentik.
+# SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
+# # Name of the attribute(s) to use for the user's display name
+# # Can have multiple attributes listed, separated with a '|' in which
+# # case those values will be joined with a space.
+# # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
+# # Defaults to the ID value if not found.
+# ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
+# SAML2_DISPLAY_NAME_ATTRIBUTES: username
+
+# # Identity Provider entityID URL
+# SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
+
+# # Auto-load metadata from the IDP
+# # Setting this to true negates the need to specify the next three options
+# SAML2_AUTOLOAD_METADATA: true
+
+
+# Set OIDC to be the authentication method
+AUTH_METHOD: oidc
+#AUTH_METHOD: standard 
+# Control if BookStack automatically initiates login via your OIDC system 
+# if it's the only authentication method. Prevents the need for the
+# user to click the "Login with x" button on the login page.
+# Setting this to true enables auto-initiation.
+AUTH_AUTO_INITIATE: true
+
+# Set the display name to be shown on the login button.
+# (Login with <name>)
+OIDC_NAME: SSO
+
+# Name of the claims(s) to use for the user's display name.
+# Can have multiple attributes listed, separated with a '|' in which 
+# case those values will be joined with a space.
+# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
+OIDC_DISPLAY_NAME_CLAIMS: name
+
+# OAuth Client ID to access the identity provider
+OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
+
+# OAuth Client Secret to access the identity provider
+OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
+
+# Issuer URL
+# Must start with 'https://'
+OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
+
+# The "end session" (RP-initiated logout) URL to call during BookStack logout.
+# By default this is false which disables RP-initiated logout.
+# Setting to "true" will enable logout if found as supported by auto-discovery.
+# Otherwise, this can be set as a specific URL endpoint.
+OIDC_END_SESSION_ENDPOINT: false
+
+# Enable auto-discovery of endpoints and token keys.
+# As per the standard, expects the service to serve a 
+# `<issuer>/.well-known/openid-configuration` endpoint.
+OIDC_ISSUER_DISCOVER: true

__swarm/bookstack/stack.env

@@ -1,3 +1,4 @@
+APP_KEY=base64:HB4Gre472TO2pllXEw7afFY2dJ7E09ZJAaHLYP0/hV8=
 PUID=1000
 PGID=1000
 APP_URL=https://bookstack.sectorq.eu

__swarm/kestra/kestra-swarm.yml

@@ -36,6 +36,16 @@ services:
             cors:
               enabled: true
     image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+        loki-relabel-config: |
+          - action: labelmap
+            regex: swarm_stack
+            replacement: namespace
+          - action: labelmap
+            regex: swarm_(service)
     ports:
     - target: 8080
       published: 8980
@@ -82,6 +92,16 @@ services:
       - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
       timeout: 10s
     image: ${DOCKER_REGISTRY:-}postgres:16
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+        loki-relabel-config: |
+          - action: labelmap
+            regex: swarm_stack
+            replacement: namespace
+          - action: labelmap
+            regex: swarm_(service)
     volumes:
     -  db:/var/lib/postgresql/data
     deploy:

__swarm/n8n/n8n-swarm.yml

@@ -19,6 +19,7 @@ services:
       N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: 'true'
       N8N_SECURE_COOKIE: 'false'
       WEBHOOK_URL: https://n8n.sectorq.eu
+      NODES_EXCLUDE: "[]"
     volumes:
     - data:/home/node/.n8n
     stop_grace_period: 60s

__swarm/pihole/pihole-swarm.yml

@@ -65,6 +65,3 @@ services:
         wud.watch: 'true'
         wud.watch.digest: 'true'
       replicas: 1
-      placement:
-        constraints:
-        - node.role == manager

__swarm/uptime-kuma/uptime-kuma-swarm.yml

@@ -1,5 +1,5 @@
 services:
-  uptime-kuma:
+  app:
     image: ${DOCKER_REGISTRY:-}louislam/uptime-kuma:nightly2
     ports:
     - target: 3001
@@ -9,6 +9,16 @@ services:
     volumes:
     - data:/app/data
     - /var/run/docker.sock:/var/run/docker.sock
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
+        loki-relabel-config: |
+          - action: labelmap
+            regex: swarm_stack
+            replacement: namespace
+          - action: labelmap
+            regex: swarm_(service)
     deploy:
       labels:
         com.centurylinklabs.watchtower.enable: 'true'

duplicati/docker-compose.yml

@@ -0,0 +1,14 @@
+services:
+  myapp:
+    image: duplicati/duplicati:latest
+    volumes:
+      - data:/data
+      - /media/nas/data/docker_data/duplicati:/backups
+      - /var/lib/docker/volumes:/volumes
+    environment:
+      SETTINGS_ENCRYPTION_KEY: "l4c1j4yd33Du5lo"
+      DUPLICATI__WEBSERVICE_PASSWORD: "l4c1j4yd33Du5lo"
+    ports:
+      - 8201:8200
+volumes:
+  data:

grocy/docker-compose.yml

@@ -0,0 +1,16 @@
+---
+services:
+  grocy:
+    image: lscr.io/linuxserver/grocy:latest
+    container_name: grocy
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
+    volumes:
+      - config:/config
+    ports:
+      - 9283:80
+    restart: unless-stopped
+volumes:
+  config:

home-assistant/.env

@@ -1,3 +1,4 @@
 APPNAME=home-assistant
 DOCKER_REGISTRY=r.sectorq.eu/library/
 RESTART=always
+HA_VERSION=2025.12.4

home-assistant/docker-compose.yml

@@ -3,7 +3,7 @@ services:
   homeassistant:
     container_name: HomeAssistant
     network_mode: host
-    image: "${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest"
+    image: "${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:${HA_VERSION:-latest}"
     volumes:
       - /share/docker_data/ha/:/config
       #- /dev/skyconnect:/dev/ttyUSB1 
@@ -15,8 +15,12 @@ services:
     environment:
       - DISABLE_JEMALLOC=value
       - TZ=Europe/Bratislava
+    logging:
+      driver: loki
+      options:
+        loki-url: http://192.168.77.101:3100/loki/api/v1/push
     labels:
-      com.centurylinklabs.watchtower.enable: true
+      # com.centurylinklabs.watchtower.enable: true
       homepage.group: Smarthome
       homepage.name: Home Assistant
       homepage.weight: 1
@@ -29,8 +33,8 @@ services:
       homepage.widget.url: https://ha.sectorq.eu
       homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
       #homepage.widget.custom: [{"state","sensor.sonoff_1001555a27_power"}]
-      wud.watch: true
-      wud.watch.digest: true
+      # wud.watch: true
+      # wud.watch.digest: true
     restart: ${RESTART:-unless-stopped}
     dns:
       - 192.168.77.101
@@ -192,8 +196,8 @@ services:
       - DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
       - DOCKER_INFLUXDB_INIT_ORG=ha
       - DOCKER_INFLUXDB_INIT_BUCKET=ha
-      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
-      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
+      - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=l4c1j4yd33Du5lo
+      #- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
     image: ${DOCKER_REGISTRY:-}influxdb:2
     restart: ${RESTART:-unless-stopped}
     healthcheck:

homebox/docker-compose.yml

@@ -0,0 +1,18 @@
+services:
+  homebox:
+    image: ghcr.io/hay-kot/homebox:latest
+#   image: ghcr.io/hay-kot/homebox:latest-rootless
+    container_name: homebox
+    restart: always
+    environment:
+    - HBOX_LOG_LEVEL=info
+    - HBOX_LOG_FORMAT=text
+    - HBOX_WEB_MAX_UPLOAD_SIZE=10
+    volumes:
+      - data:/data/
+    ports:
+      - 3104:7745
+
+volumes:
+   data:
+     driver: local

kopia/docker-compose.yml

@@ -0,0 +1,33 @@
+version: '3.7'
+services:
+    kopia:
+        image: kopia/kopia:latest
+        hostname: Hostname
+        container_name: Kopia
+        restart: unless-stopped
+        ports:
+            - 51515:51515
+        # Setup the server that provides the web gui
+        command:
+            - server
+            - start
+            - --disable-csrf-token-checks
+            - --insecure
+            - --address=0.0.0.0:51515
+            - --server-username=jaydee
+            - --server-password=l4c1j4yd33Du5lo
+        environment:
+            # Set repository password
+            KOPIA_PASSWORD: "l4c1j4yd33Du5lo"
+            USER: "jaydee"
+        volumes:
+            # Mount local folders needed by kopia
+            - /share/docker_data/kopia/config/dir:/app/config
+            - /share/docker_data/kopia/cache/dir:/app/cache
+            - /share/docker_data/kopia/logs/dir:/app/logs
+            # Mount local folders to snapshot
+            - /var/lib/docker/volumes:/data:ro
+            # Mount repository location
+            - /media/nas/data/docker_data/kopia/repository:/repository
+            # Mount path for browsing mounted snapshots
+            - /share/docker_data/kopia/tmp/dir:/tmp:shared

mailu3/docker-compose.yml

@@ -63,9 +63,9 @@ services:
       start_period: 10s
       test:
         - CMD-SHELL
-        - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
+        - "clamdcheck.sh"
       timeout: 5s
-    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
+    image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.4
     labels:
       wud.watch: true
       wud.watch.digest: true

mediacenter/.env

@@ -9,4 +9,4 @@ LIDARR_TOKEN=a9d7379966bd467aa0ad226848575e03
 QBIT_TOKEN=l4c1j4yd33Du5lo
 RADARR_TOKEN=671f20f9518b4ab3a977cc00f95b0427
 SONARR_TOKEN=325b15a81c544ed2a1cd2bb16e95a129
-HW_MODE=cpu
+HW_MODE=hw

mediacenter/docker-compose.yml

@@ -3,6 +3,67 @@ networks:
     driver: bridge
   mediarr:
     driver: bridge
+volumes:
+  homarr_configs:
+  homarr_icons:
+  homarr_data:
+  jackett_config:
+  jackett_downloads:
+  jellyfin_config:
+  jellyseerr_config:
+  lidarr_config:
+  qbittorrent_config:
+  radarr_config:
+  sonarr_config:
+  bazarr_config:
+  m-server_music:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.101,rw,nfsvers=4.2,nolock,nofail
+      device: :/music
+  m-server_movies:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.101,rw,nfsvers=4.2,nolock,nofail
+      device: :/movies
+  m-server_shows:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.101,rw,nfsvers=4.2,nolock,nofail
+      device: :/shows
+  nas_shows:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.106,rw,nfsvers=4.1,nolock,nofail
+      device: :/shows
+  nas_movies:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.106,rw,nfsvers=4.1,nolock,nofail
+      device: :/movies
+  nas_music:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.106,rw,nfsvers=4.1,nolock,nofail
+      device: :/movies
+  nas_movies2:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.106,rw,nfsvers=4.1,nolock,nofail
+      device: :/xxx
+  nas_live:
+    driver: local
+    driver_opts:
+      type: nfs
+      o: addr=192.168.77.106,rw,nfsvers=4.1,nolock,nofail
+      device: :/live
 services:
   bazarr:
     container_name: bazarr
@@ -36,11 +97,11 @@ services:
       - 6767:6767
     restart: ${RESTART:-unless-stopped}
     volumes:
-      - /share/docker_data/bazarr/config:/config
-      - /media/m-server/movies:/movies/m-server
-      - /media/m-server/shows:/tv/m-server
-      - /media/nas/movies:/movies/nas
-      - /media/nas/shows:/tv/nas
+      - bazarr_config:/config
+      - m-server_movies:/movies/m-server
+      - m-server_shows:/tv/m-server
+      - nas_movies:/movies/nas
+      - nas_shows:/tv/nas
   flaresolverr:
     container_name: flaresolverr
     environment:
@@ -72,9 +133,9 @@ services:
     restart: ${RESTART:-unless-stopped}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - /share/docker_data/homarr/configs:/app/data/configs
-      - /share/docker_data/homarr/icons:/app/public/icons
-      - /share/docker_data/homarr/data:/data
+      - homarr_configs:/app/data/configs
+      - homarr_icons:/app/public/icons
+      - homarr_data:/data
   jackett:
     container_name: jackett
     dns:
@@ -111,8 +172,8 @@ services:
     - 9117:9117
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/jackett/config:/config
-    - /share/docker_data/jackett/downloads:/downloads
+    - jackett_config:/config
+    - jackett_downloads:/downloads
   jellyfin:
     container_name: jellyfin
     environment:
@@ -147,15 +208,15 @@ services:
     - 7359:7359
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/jellyfin:/config
-    - /media/m-server/movies:/data/movies/m-server
-    - /media/m-server/music:/data/music/m-server
-    - /media/m-server/shows:/data/shows/m-server
-    - /media/nas/movies:/data/movies/nas
-    - /media/nas/music:/data/music/nas
-    - /media/nas/shows:/data/shows/nas
-    - /media/nas/live:/data/live/nas
-    - /media/nas/xxx:/data/xxx/nas
+    - jellyfin_config:/config
+    - m-server_movies:/data/movies/m-server
+    - m-server_music:/data/music/m-server
+    - m-server_shows:/data/shows/m-server
+    - nas_movies:/data/movies/nas
+    - nas_music:/data/music/nas
+    - nas_shows:/data/shows/nas
+    - nas_live:/data/live/nas
+    - nas_movies2:/data/xxx/nas
   jellyseerr:
     container_name: jellyseerr
     environment:
@@ -184,12 +245,15 @@ services:
     - 5055:5055
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/jellyseerr/config:/app/config
+    - jellyseerr_config:/app/config
   lidarr:
     container_name: lidarr
+    dns:
+      - 8.8.8.8
+      - 192.168.77.101
     environment:
-    - PUID=1000
-    - PGID=1000
+    # - PUID=1000
+    # - PGID=1000
     - TZ=Europe/Bratislava
     hostname: lidarr
     image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
@@ -214,8 +278,8 @@ services:
     - 8686:8686
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/lidarr/config:/config
-    - /media/m-server/music:/music
+    - lidarr_config:/config
+    - m-server_music:/music
     - /media/m-server/downloads:/downloads
   qbittorrent:
     container_name: qbittorrent
@@ -237,7 +301,7 @@ services:
       homepage.name: Qbittorrent
       homepage.server: my-docker
       homepage.weight: '95'
-      homepage.widget.enableLeechProgress: 'true'
+      homepage.widget.enableLeechProgress: 'false'
       homepage.widget.password: ${QBIT_TOKEN}
       homepage.widget.type: qbittorrent
       homepage.widget.url: https://qbit.sectorq.eu
@@ -249,10 +313,9 @@ services:
     ports:
     - 8085:8085
     - 6881:6881
-    - 6881:6881
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/qbittorrent/config:/config
+    - qbittorrent_config:/config
     - /media/m-server/downloads:/downloads
   radarr:
     container_name: radarr
@@ -286,9 +349,9 @@ services:
     - 7878:7878
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/radarr/config:/config
-    - /media/m-server/movies/:/movies-m-server
-    - /media/nas/movies/:/movies-nas
+    - radarr_config:/config
+    - m-server_movies:/movies-m-server
+    - nas_movies:/movies-nas
     - /media/m-server/downloads:/downloads
   sonarr:
     container_name: sonarr
@@ -321,7 +384,7 @@ services:
     - 8989:8989
     restart: ${RESTART:-unless-stopped}
     volumes:
-    - /share/docker_data/sonarr/config:/config
-    - /media/m-server/shows:/tv-m-server
-    - /media/nas/shows:/tv-nas
+    - sonarr_config:/config
+    - m-server_shows:/tv-m-server
+    - nas_shows:/tv-nas
     - /media/m-server/downloads:/downloads

n8n/docker-compose.yml

@@ -17,6 +17,7 @@ services:
       - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
       - N8N_SECURE_COOKIE=false
       - WEBHOOK_URL=https://n8n.sectorq.eu
+      - NODES_EXCLUDE="[]"
     volumes:
       - n8n-data:/home/node/.n8n
     restart: ${RESTART:-unless-stopped}

ollama/docker-compose.yml

@@ -9,11 +9,29 @@ services:
     volumes:
       - models:/root/.ollama
     environment:
-      - HSA_OVERRIDE_GFX_VERSION=11.0.0
+      - HSA_OVERRIDE_GFX_VERSION=10.3.0
     ports:
       - "11434:11434"
     dns:
       - "8.8.8.8"
-      
+  openwebui:
+    image: ghcr.io/open-webui/open-webui:main
+    ports:
+      - "3004:8080"
+    volumes:
+      - open-webui:/app/backend/data
+    environment:
+      - OAUTH_CLIENT_ID=00064iMSupbqgHwpL7f0k27BpKZ6JUDcdKOYFtRM
+      - OAUTH_CLIENT_SECRET=A8Hlk2kKjfU1WTIOxKejOrPxpji9hmg5kVEMXF03Z4ptokEkBComXrBfxkQbDUHMzbp1W5y3uulIxZ2K1VlRcQC7x28yMnYryHmUatcACFHNAKKJuN6HHnZXQSZsi0se
+      - OAUTH_PROVIDER_NAME=authentik
+      - OPENID_PROVIDER_URL=https://auth.sectorq.eu/application/o/openwebui/.well-known/openid-configuration
+      - OPENID_REDIRECT_URI=https://openwebui.sectorq.eu/oauth/oidc/callback
+      - WEBUI_URL=https://openwebui.sectorq.eu
+      # Allows auto-creation of new users using OAuth. Must be paired with ENABLE_LOGIN_FORM=false.
+      - ENABLE_OAUTH_SIGNUP=true
+      # Disables user/password login form. Required when ENABLE_OAUTH_SIGNUP=true.
+      - ENABLE_LOGIN_FORM=false
+      - OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
 volumes:
+  open-webui:
   models:

onlyoffice/docker-compose.yml

@@ -43,11 +43,11 @@ services:
     restart: always
     stop_grace_period: 60s
     volumes:
-       - /var/www/onlyoffice/Data
-       - /var/log/onlyoffice
-       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
-       - /var/www/onlyoffice/documentserver-example/public/files
-       - /usr/share/fonts
+       - data:/var/www/onlyoffice/Data
+       - logs:/var/log/onlyoffice
+       - cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - files:/var/www/onlyoffice/documentserver-example/public/files
+       - fonts:/usr/share/fonts
        
   onlyoffice-rabbitmq:
     container_name: onlyoffice-rabbitmq
@@ -73,13 +73,17 @@ services:
     expose:
       - '5432'
     volumes:
-      - postgresql_data:/var/lib/postgresql
+      - db:/var/lib/postgresql
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
       interval: 10s
       retries: 3
       start_period: 10s
       timeout: 10s
-
 volumes:
-  postgresql_data:
+  db:
+  data:
+  logs:
+  cache:
+  files:
+  fonts:

searxng/docker-compose.yml

@@ -0,0 +1,10 @@
+services:
+  app:
+    image: searxng/searxng:latest
+    ports:
+      - "8688:8080"
+    volumes:
+      - searxng:/etc/searxng:rw
+    restart: unless-stopped
+volumes:
+  searxng:

wazuh/.env

@@ -1,2 +0,0 @@
-VERSION=4.11.0
-DOCKER_REGISTRY=r.sectorq.eu/library/

wazuh/docker-compose.yml

@@ -1,136 +1,114 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
-  wazuh.dashboard:
-    depends_on:
-    - wazuh.indexer
-    dns:
-    - 192.168.77.101
-    environment:
-    - INDEXER_USERNAME=admin
-    - INDEXER_PASSWORD=SecretPassword
-    - WAZUH_API_URL=https://wazuh.manager
-    - DASHBOARD_USERNAME=kibanaserver
-    - DASHBOARD_PASSWORD=kibanaserver
-    - API_USERNAME=wazuh-wui
-    - API_PASSWORD=MyS3cr37P450r.*-
-    hostname: wazuh.dashboard
-    image: ${DOCKER_REGISTRY:-}wazuh/wazuh-dashboard:${VERSION:-4.10.1}
-    labels:
-      wud.watch: true
-      wud.watch.digest: true
-    links:
-    - wazuh.indexer:wazuh.indexer
-    - wazuh.manager:wazuh.manager
-    ports:
-    - 5601:5601
-    restart: always
-    volumes:
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-    - /share/docker_data/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
-    - /share/docker_data/wazuh/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-    - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-    - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-  wazuh.indexer:
-    dns:
-    - 192.168.77.101
-    environment:
-    - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
-    hostname: wazuh.indexer
-    image: ${DOCKER_REGISTRY:-}wazuh/wazuh-indexer:${VERSION:-4.10.1}
-    labels:
-      wud.watch: true
-      wud.watch.digest: true
-    ports:
-    - 9200:9200
-    restart: always
-    ulimits:
-      memlock:
-        hard: -1
-        soft: -1
-      nofile:
-        hard: 65536
-        soft: 65536
-    volumes:
-    - wazuh-indexer-data:/var/lib/wazuh-indexer
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-    - /share/docker_data/wazuh/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
-    - /share/docker_data/wazuh/config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
-    - /share/docker_data/wazuh/config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml
-    - /share/docker_data/wazuh/config/wazuh_indexer/idp-metadata.xml:/usr/share/wazuh-indexer/opensearch-security/idp-metadata.xml
   wazuh.manager:
-    dns:
-    - 192.168.77.101
-    environment:
-    - INDEXER_URL=https://wazuh.indexer:9200
-    - INDEXER_USERNAME=admin
-    - INDEXER_PASSWORD=SecretPassword
-    - FILEBEAT_SSL_VERIFICATION_MODE=full
-    - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-    - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-    - SSL_KEY=/etc/ssl/filebeat.key
-    - API_USERNAME=wazuh-wui
-    - API_PASSWORD=MyS3cr37P450r.*-
+    image: wazuh/wazuh-manager:4.14.0
     hostname: wazuh.manager
-    image: ${DOCKER_REGISTRY:-}wazuh/wazuh-manager:${VERSION:-4.10.1}
-    labels:
-      com.centurylinklabs.watchtower.enable: 'true'
-      homepage.container: wazuh-wazuh.manager-1
-      homepage.description: Security monitoring
-      homepage.group: Utilities
-      homepage.href: https://wazuh.sectorq.eu
-      homepage.icon: wazuh.png
-      homepage.name: Wazuh
-      homepage.server: my-docker
-      homepage.weight: '1'
-      wud.watch: true
-      wud.watch.digest: true
-    ports:
-    - 1514:1514
-    - 1515:1515
-    - 514:514/udp
-    - 55000:55000
     restart: always
     ulimits:
       memlock:
-        hard: -1
         soft: -1
+        hard: -1
       nofile:
-        hard: 655360
         soft: 655360
+        hard: 655360
+    ports:
+      - "1514:1514"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - INDEXER_URL=https://wazuh.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
-    - wazuh_api_configuration:/var/ossec/api/configuration
-    - wazuh_etc:/var/ossec/etc
-    - wazuh_logs:/var/ossec/logs
-    - wazuh_queue:/var/ossec/queue
-    - wazuh_var_multigroups:/var/ossec/var/multigroups
-    - wazuh_integrations:/var/ossec/integrations
-    - wazuh_active_response:/var/ossec/active-response/bin
-    - wazuh_agentless:/var/ossec/agentless
-    - wazuh_wodles:/var/ossec/wodles
-    - filebeat_etc:/etc/filebeat
-    - filebeat_var:/var/lib/filebeat
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
-    - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
-    - /share/docker_data/wazuh/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+      - wazuh_api_configuration:/var/ossec/api/configuration
+      - wazuh_etc:/var/ossec/etc
+      - wazuh_logs:/var/ossec/logs
+      - wazuh_queue:/var/ossec/queue
+      - wazuh_var_multigroups:/var/ossec/var/multigroups
+      - wazuh_integrations:/var/ossec/integrations
+      - wazuh_active_response:/var/ossec/active-response/bin
+      - wazuh_agentless:/var/ossec/agentless
+      - wazuh_wodles:/var/ossec/wodles
+      - filebeat_etc:/etc/filebeat
+      - filebeat_var:/var/lib/filebeat
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
+      - /share/docker_data/wazuh/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+
+  wazuh.indexer:
+    image: wazuh/wazuh-indexer:4.14.0
+    hostname: wazuh.indexer
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data:/var/lib/wazuh-indexer
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
+      - /share/docker_data/wazuh/config/wazuh_indexer/wazuh_authentik_meta.xml:/etc/wazuh-indexer/opensearch-security/wazuh_authentik_meta.xml
+      - /share/docker_data/wazuh/config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/config/opensearch-security/config.yml
+
+  wazuh.dashboard:
+    image: wazuh/wazuh-dashboard:4.14.0
+    hostname: wazuh.dashboard
+    restart: always
+    ports:
+      - 5601:5601
+    environment:
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - WAZUH_API_URL=https://wazuh.manager
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - /share/docker_data/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - /share/docker_data/wazuh/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+    depends_on:
+      - wazuh.indexer
+    links:
+      - wazuh.indexer:wazuh.indexer
+      - wazuh.manager:wazuh.manager
+
 volumes:
-  filebeat_etc: null
-  filebeat_var: null
-  wazuh-dashboard-config: null
-  wazuh-dashboard-custom: null
-  wazuh-indexer-data: null
-  wazuh_active_response: null
-  wazuh_agentless: null
-  wazuh_api_configuration: null
-  wazuh_etc: null
-  wazuh_integrations: null
-  wazuh_logs: null
-  wazuh_queue: null
-  wazuh_var_multigroups: null
-  wazuh_wodles: null
+  wazuh_api_configuration:
+  wazuh_etc:
+  wazuh_logs:
+  wazuh_queue:
+  wazuh_var_multigroups:
+  wazuh_integrations:
+  wazuh_active_response:
+  wazuh_agentless:
+  wazuh_wodles:
+  filebeat_etc:
+  filebeat_var:
+  wazuh-indexer-data:
+  wazuh-dashboard-config:
+  wazuh-dashboard-custom: