replace stirling pdf, sso for multiple app, cleanup

clean up and add loki and ntfy
update uptime
2025-12-19 15:33:26 +01:00 · 2025-11-13 18:38:45 +01:00 · 2025-11-03 22:40:32 +01:00 · 2025-10-17 17:18:47 +02:00 · 2025-10-11 15:52:07 +02:00 · 2025-09-28 23:09:59 +02:00
52 changed files with 1486 additions and 207 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -18,6 +18,7 @@ include:
      - ${INFRA_PATH}/authelia/authelia.yml
      - ${INFRA_PATH}/crowdsec/crowdsec.yml
      - ${INFRA_PATH}/homepage/homepage.yml
+      - ${INFRA_PATH}/ntfy/ntfy.yml
      - ${INFRA_PATH}/speedtest/speedtest.yml
      - ${INFRA_PATH}/syncthing/syncthing.yml
      - ${INFRA_PATH}/traefik/traefik.yml
@@ -28,37 +29,56 @@ include:
  - path:
      - ${MONITORING_PATH}/dozzle/dozzle.yml
      - ${MONITORING_PATH}/grafana/grafana.yml
+      - ${MONITORING_PATH}/loki/loki.yml
      - ${MONITORING_PATH}/prometheus/prometheus.yml
    env_file: ${MONITORING_PATH}/.env

  - path:
+      - ${MEDIA_PATH}/audiobookshelf/audiobookshelf.yml
+      - ${MEDIA_PATH}/calibre/calibre.yml
      - ${MEDIA_PATH}/immich/immich.yml
+      - ${MEDIA_PATH}/kiwix/kiwix.yml
+      - ${MEDIA_PATH}/lidarr/lidarr.yml
+      - ${MEDIA_PATH}/navidrome/navidrome.yml
+      - ${MEDIA_PATH}/prowlarr/prowlarr.yml
+      - ${MEDIA_PATH}/qbittorrent/qbittorrent.yml
+      - ${MEDIA_PATH}/readarr/readarr.yml
+      - ${MEDIA_PATH}/slskd/slskd.yml
+      - ${MEDIA_PATH}/soularr/soularr.yml
    env_file: ${MEDIA_PATH}/.env

  - path:
+      - ${SERVICE_PATH}/freshrss/freshrss.yml
      - ${SERVICE_PATH}/gitea/gitea.yml
      - ${SERVICE_PATH}/home-assistant/home-assistant.yml
+      - ${SERVICE_PATH}/ghost/ghost.yml
      - ${SERVICE_PATH}/it-tools/it-tools.yml
+      - ${SERVICE_PATH}/jupyter-notebook/jupyter-notebook.yml
+      - ${SERVICE_PATH}/linkwarden/linkwarden.yml
      - ${SERVICE_PATH}/mealie/mealie.yml
+      - ${SERVICE_PATH}/n8n/n8n.yml
+      # - ${SERVICE_PATH}/ollama/ollama.yml
      - ${SERVICE_PATH}/paperless-ngx/paperless-ngx.yml
-      - ${SERVICE_PATH}/shlink/shlink.yml
-      - ${SERVICE_PATH}/sponsorblock/sponsorblock.yml
-      - ${SERVICE_PATH}/stirling-pdf/stirling-pdf.yml
+      - ${SERVICE_PATH}/radicale/radicale.yml
+      - ${SERVICE_PATH}/pdf/pdf.yml
+      - ${SERVICE_PATH}/vaultwarden/vaultwarden.yml
      - ${SERVICE_PATH}/vikunja/vikunja.yml
    env_file: ${SERVICE_PATH}/.env

 networks:
-  private:
+  ip4net:
    driver: bridge
-    name: private
-    ipam:
-      config:
-        - subnet: 10.5.0.0/16
-          gateway: 10.5.0.1
-  public:
-    driver: bridge
-    name: public
+    name: ip4net
    ipam:
      config:
        - subnet: 10.6.0.0/16
-          gateway: 10.6.0.1
+  ip6net:
+    driver: bridge
+    name: ip6net
+    enable_ipv6: true
+    ipam:
+      driver: default
+      # config: 
+      #   # - subnet: "2a04:ee41:86:9397::/64"
+      #   - subnet: "2001:db8:2:/64"
+      #   - gateway: "2001:db8:2::1"
--- a/project/db/adminer/adminer.yml
+++ b/project/db/adminer/adminer.yml
@@ -7,6 +7,8 @@ services:
    container_name: adminer
    ports:
      - 8085:8080
+    networks: 
+      - ip4net
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/db/lldap/lldap.yml
+++ b/project/db/lldap/lldap.yml
@@ -18,6 +18,9 @@ services:
      # - "6360:6360"
      # For the web front-end
      - "17170:17170"
+    networks: 
+      - ip6net
+      - ip4net
    volumes:
      - "${DB_PATH}/lldap/data:/data"
    environment:
--- a/project/db/mariadb/mariadb.yml
+++ b/project/db/mariadb/mariadb.yml
@@ -6,6 +6,8 @@ services:
    image: mariadb:latest
    container_name: mariadb
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    networks: 
+      - ip4net
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
    volumes:
--- a/project/db/pgadmin/pgadmin.yml
+++ b/project/db/pgadmin/pgadmin.yml
@@ -10,6 +10,8 @@ services:
    image: dpage/pgadmin4:latest
    ports:
      - 8082:80
+    networks: 
+      - ip4net
    secrets: [pgadmin_default_password]
    volumes:
      - ${DB_PATH}/pgadmin/data:/var/lib/pgadmin
--- a/project/db/postgres/postgres.yml
+++ b/project/db/postgres/postgres.yml
@@ -7,9 +7,12 @@ services:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: postgres
-    image: postgres:latest
+    image: postgres:16.4
    ports:
      - 5432:5432
+    networks: 
+      - ip4net
+      - ip6net
    secrets: [postgres_default_password]
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_default_password
@@ -29,9 +32,12 @@ services:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: postgres-with-pg-vector
-    image: tensorchord/pgvecto-rs:pg16-v0.2.1-alpha.2
+    image: tensorchord/pgvecto-rs:pg16-v0.3.0
    ports:
      - 5433:5432
+    networks: 
+      - ip4net
+      - ip6net
    secrets: [postgres_default_password]
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_default_password
--- a/project/db/redis/redis.yml
+++ b/project/db/redis/redis.yml
@@ -5,6 +5,9 @@ services:
      service: default
    container_name: redis
    image: redis:latest
+    networks: 
+      - ip4net
+      - ip6net
    volumes:
      - ${DB_PATH}/redis/data:/data
    labels:
--- a/project/infrastructure/authelia/authelia.yml
+++ b/project/infrastructure/authelia/authelia.yml
@@ -16,6 +16,8 @@ services:
    image: authelia/authelia:latest
    ports:
      - 9959:9959 # metrics prometheus
+    networks: 
+      - ip6net
    expose:
      - 9091
    secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY]
@@ -24,10 +26,11 @@ services:
      AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/STORAGE_ENCRYPTION_KEY
-      AUTHELIA_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} # this does not work for access control or openID yet
-      AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet
+      # AUTHELIA_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} # this does not work for access control or openID yet
+      # AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet
    volumes:
      - ${INFRA_PATH}/authelia/config:/config
+      - "/var/log/authelia/:/config/log"
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/infrastructure/crowdsec/crowdsec.yml
+++ b/project/infrastructure/crowdsec/crowdsec.yml
@@ -6,34 +6,22 @@ services:
    container_name: crowdsec
    image: crowdsecurity/crowdsec:latest
    environment:
-      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve"
-    expose:
-      - 8080
-    ports:
-      - 6060:6060
-    volumes:
-      - ${INFRA_PATH}/crowdsec/data:/var/lib/crowdsec/data
-      - ${INFRA_PATH}/crowdsec/config:/etc/crowdsec
-      - /var/log/auth.log:/var/log/auth.log:ro
-      - /var/log/crowdsec:/var/log/crowdsec:ro
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-
-  crowdsec-traefik-bouncer:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: fbonalair/traefik-crowdsec-bouncer:latest
-    container_name: bouncer-traefik
-    environment:
+      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
      CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}
-      CROWDSEC_AGENT_HOST: crowdsec:8080
-      GIN_MODE: release
-    expose:
-      - 8080
-    depends_on:
-      - crowdsec
+      CUSTOM_HOSTNAME: crowdsec
+    ports:
+      - 6061:8080
+      - 6060:6060
+    networks: 
+      - ip4net
+      - ip6net
+    volumes:
+      - ${INFRA_PATH}/crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
+      - ${INFRA_PATH}/crowdsec/config:/etc/crowdsec
+      - ${INFRA_PATH}/crowdsec/data:/var/lib/crowdsec/data
+      - /var/log/crowdsec:/var/log/crowdsec:ro
+      - /var/log/syslog:/var/log/syslog:ro
+      - /var/log/kern.log:/var/log/kern.log:ro
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/infrastructure/homepage/homepage.yml
+++ b/project/infrastructure/homepage/homepage.yml
@@ -7,9 +7,12 @@ services:
    container_name: homepage
    ports:
      - 3030:3000
+    networks: 
+      - ip4net
    environment:
      HOMEPAGE_VAR_LOCAL_DOMAIN: ${LOCAL_DOMAIN}
      HOMEPAGE_VAR_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
+      HOMEPAGE_ALLOWED_HOSTS: homepage.${LOCAL_DOMAIN}, 192.168.178.35:3030
    volumes:
      - ${INFRA_PATH}/homepage/config:/app/config
      - ${INFRA_PATH}/homepage/data/images:/app/public/images
--- a/project/infrastructure/ntfy/ntfy.yml
+++ b/project/infrastructure/ntfy/ntfy.yml
@@ -0,0 +1,27 @@
+services:
+  ntfy:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: ntfy 
+    image: binwiederhier/ntfy 
+    ports:
+      - "4023:80"
+    networks: 
+      - ip4net
+    command:
+      - serve
+    volumes:
+      - /var/cache/ntfy:/var/cache/ntfy
+      - ${INFRA_PATH}/ntfy/config:/etc/ntfy
+      - ${INFRA_PATH}/ntfy/data:/var/lib/ntfy
+    labels:
+      # Watchtower
+      - 'com.centurylinklabs.watchtower.enable=true'
+      # Traefik
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.ntfy.rule=Host(`ntfy.${PUBLIC_DOMAIN}`)'
+      - 'traefik.http.routers.ntfy.entrypoints=https'
+      - 'traefik.http.routers.ntfy.tls=true'
+      # Middlewares
+      - "traefik.http.routers.ntfy.middlewares=crowdsec-bouncer@file"
--- a/project/infrastructure/speedtest/speedtest.yml
+++ b/project/infrastructure/speedtest/speedtest.yml
@@ -4,25 +4,18 @@ services:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: speedtest
-    image: ghcr.io/librespeed/speedtest:latest
-    environment:
-      MODE: standalone
-      TITLE: "LibreSpeed"
-      #TELEMETRY: "false"
-      #ENABLE_ID_OBFUSCATION: "false"
-      #REDACT_IP_ADDRESSES: "false"
-      #PASSWORD:
-      #EMAIL:
-      #DISABLE_IPINFO: "false"
-      #DISTANCE: "km"
-      #WEBPORT: 80
+    image: openspeedtest/latest
    ports:
-      - "4001:80" # webport mapping (host:container)
+      - "4001:3001" # webport mapping (host:container)
+      - "3999:3001" # webport mapping (host:container)
+    networks: 
+      - ip4net
    labels:
      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
+      - 'com.centurylinklabs.watchtower.enable=true'
      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.speedtest.rule=Host(`speedtest.${LOCAL_DOMAIN}`)"
-      - "traefik.http.routers.speedtest.entrypoints=https"
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.speedtest.rule=Host(`speedtest.${LOCAL_DOMAIN}`)'
+      - 'traefik.http.routers.speedtest.entrypoints=https'
      - 'traefik.http.routers.speedtest.tls=true'
+      - 'traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000'
--- a/project/infrastructure/syncthing/syncthing.yml
+++ b/project/infrastructure/syncthing/syncthing.yml
@@ -6,12 +6,17 @@ services:
    image: syncthing/syncthing
    container_name: syncthing
    volumes:
+      - ${EXTERNAL_STORAGE}/notes/Obsidian-sync:/var/syncthing-data/Obsidian-sync
+      - ${EXTERNAL_STORAGE}/media/pictures/to-sort:/var/syncthing-data/picture-phone
      - ${INFRA_PATH}/syncthing/data:/var/syncthing
    ports:
      - 8384:8384 # Web UI
      - 22000:22000/tcp # TCP file transfers
      - 22000:22000/udp # QUIC file transfers
      - 21027:21027/udp # Receive local discovery broadcasts
+    networks: 
+      - ip4net
+      - ip6net
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
@@ -23,4 +28,4 @@ services:
      - "traefik.http.routers.syncthing.service=syncthing-svc"
      - "traefik.http.services.syncthing-svc.loadbalancer.server.port=8384"
      # Middlewares
-      - "traefik.http.routers.syncthing.middlewares=crowdsec-bouncer@file"
+      #- "traefik.http.routers.syncthing.middlewares=crowdsec-bouncer@file"
--- a/project/infrastructure/traefik/html/ban.html
+++ b/project/infrastructure/traefik/html/ban.html
@@ -0,0 +1,329 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <title>CrowdSec Access Forbidden</title>
+  <meta content="text/html; charset=utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <style>
+    /*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
+    *,
+    :after,
+    :before {
+      border: 0 solid #e5e7eb;
+      box-sizing: border-box
+    }
+
+    :after,
+    :before {
+      --tw-content: ""
+    }
+
+    html {
+      -webkit-text-size-adjust: 100%;
+      font-feature-settings: normal;
+      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
+      line-height: 1.5;
+      -moz-tab-size: 4;
+      -o-tab-size: 4;
+      tab-size: 4
+    }
+
+    body {
+      line-height: inherit;
+      margin: 0
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-size: inherit;
+      font-weight: inherit
+    }
+
+    a {
+      color: inherit;
+      text-decoration: inherit
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6,
+    hr,
+    p,
+    pre {
+      margin: 0
+    }
+
+    *,
+    ::backdrop,
+    :after,
+    :before {
+      --tw-border-spacing-x: 0;
+      --tw-border-spacing-y: 0;
+      --tw-translate-x: 0;
+      --tw-translate-y: 0;
+      --tw-rotate: 0;
+      --tw-skew-x: 0;
+      --tw-skew-y: 0;
+      --tw-scale-x: 1;
+      --tw-scale-y: 1;
+      --tw-pan-x: ;
+      --tw-pan-y: ;
+      --tw-pinch-zoom: ;
+      --tw-scroll-snap-strictness: proximity;
+      --tw-ordinal: ;
+      --tw-slashed-zero: ;
+      --tw-numeric-figure: ;
+      --tw-numeric-spacing: ;
+      --tw-numeric-fraction: ;
+      --tw-ring-inset: ;
+      --tw-ring-offset-width: 0px;
+      --tw-ring-offset-color: #fff;
+      --tw-ring-color: #3b82f680;
+      --tw-ring-offset-shadow: 0 0 #0000;
+      --tw-ring-shadow: 0 0 #0000;
+      --tw-shadow: 0 0 #0000;
+      --tw-shadow-colored: 0 0 #0000;
+      --tw-blur: ;
+      --tw-brightness: ;
+      --tw-contrast: ;
+      --tw-grayscale: ;
+      --tw-hue-rotate: ;
+      --tw-invert: ;
+      --tw-saturate: ;
+      --tw-sepia: ;
+      --tw-drop-shadow: ;
+      --tw-backdrop-blur: ;
+      --tw-backdrop-brightness: ;
+      --tw-backdrop-contrast: ;
+      --tw-backdrop-grayscale: ;
+      --tw-backdrop-hue-rotate: ;
+      --tw-backdrop-invert: ;
+      --tw-backdrop-opacity: ;
+      --tw-backdrop-saturate: ;
+      --tw-backdrop-sepia:
+    }
+
+    .flex {
+      display: flex
+    }
+
+    .flex-wrap {
+      flex-wrap: wrap
+    }
+
+    .inline-flex {
+      display: inline-flex
+    }
+
+    .h-24 {
+      height: 6rem
+    }
+
+    .h-6 {
+      height: 1.5rem
+    }
+
+    .h-full {
+      height: 100%
+    }
+
+    .h-screen {
+      height: 100vh
+    }
+
+    .text-center {
+      text-align: center
+    }
+
+    .w-24 {
+      width: 6rem
+    }
+
+    .w-6 {
+      width: 1.5rem
+    }
+
+    .w-full {
+      width: 100%
+    }
+
+    .w-screen {
+      width: 100vw
+    }
+
+    .my-3 {
+      margin-top: 0.75rem;
+      margin-bottom: 0.75rem
+    }
+
+    .flex-col {
+      flex-direction: column
+    }
+
+    .items-center {
+      align-items: center
+    }
+
+    .justify-center {
+      justify-content: center
+    }
+
+    .justify-between {
+      justify-content: space-between
+    }
+
+    .space-y-1>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
+      margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .space-y-4>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(1rem*var(--tw-space-y-reverse));
+      margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .rounded-xl {
+      border-radius: .75rem
+    }
+
+    .border-2 {
+      border-width: 2px
+    }
+
+    .border-black {
+      --tw-border-opacity: 1;
+      border-color: rgb(0 0 0/var(--tw-border-opacity))
+    }
+
+    .p-4 {
+      padding: 1rem
+    }
+
+    .px-4 {
+      padding-left: 1rem;
+      padding-right: 1rem
+    }
+
+    .py-2 {
+      padding-bottom: .5rem;
+      padding-top: .5rem
+    }
+
+    .text-2xl {
+      font-size: 1.5rem;
+      line-height: 2rem
+    }
+
+    .text-sm {
+      font-size: .875rem;
+      line-height: 1.25rem
+    }
+
+    .text-xl {
+      font-size: 1.25rem;
+      line-height: 1.75rem
+    }
+
+    .font-bold {
+      font-weight: 700
+    }
+
+    .text-white {
+      --tw-text-opacity: 1;
+      color: rgb(255 255 255/var(--tw-text-opacity))
+    }
+
+    @media (min-width:640px) {
+      .sm\:w-2\/3 {
+        width: 66.666667%
+      }
+    }
+
+    @media (min-width:768px) {
+      .md\:flex-row {
+        flex-direction: row
+      }
+    }
+
+    @media (min-width:1024px) {
+      .lg\:w-1\/2 {
+        width: 50%
+      }
+
+      .lg\:text-3xl {
+        font-size: 1.875rem;
+        line-height: 2.25rem
+      }
+
+      .lg\:text-xl {
+        font-size: 1.25rem;
+        line-height: 1.75rem
+      }
+    }
+
+    @media (min-width:1280px) {
+      .xl\:text-4xl {
+        font-size: 2.25rem;
+        line-height: 2.5rem
+      }
+    }
+  </style>
+</head>
+
+<body class="h-screen w-screen p-4">
+  <div class="h-full w-full flex flex-col justify-center items-center">
+    <div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
+      <div class="flex flex-col items-center space-y-4">
+        <svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
+          data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
+          class="warning">
+          <path
+            d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
+          </path>
+        </svg>
+        <h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Access Forbidden</h1>
+      </div>
+      <div class="flex justify-center flex-wrap">
+        <p class="my-3">This security check has been powered by</p>
+        <a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
+          <svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
+            <defs>
+              <clipPath id="a">
+                <path d="M0 52h84v201.2H0zm0 0" />
+              </clipPath>
+              <clipPath id="b">
+                <path d="M170 52h84.4v201.2H170zm0 0" />
+              </clipPath>
+            </defs>
+            <path
+              d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
+            <path
+              d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
+            <g clip-path="url(#a)">
+              <path
+                d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
+            </g>
+            <g clip-path="url(#b)">
+              <path
+                d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
+            </g>
+            <path
+              d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
+          </svg>
+          <span>CrowdSec</span>
+        </a>
+      </div>
+    </div>
+  </div>
+</body>
+</html>
--- a/project/infrastructure/traefik/html/captcha.html
+++ b/project/infrastructure/traefik/html/captcha.html
@@ -0,0 +1,338 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <title>CrowdSec Captcha</title>
+  <meta content="text/html; charset=utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <style>
+    /*! tailwindcss v3.2.7 | MIT License | https://tailwindcss.com*/
+    *,
+    :after,
+    :before {
+      border: 0 solid #e5e7eb;
+      box-sizing: border-box
+    }
+
+    :after,
+    :before {
+      --tw-content: ""
+    }
+
+    html {
+      -webkit-text-size-adjust: 100%;
+      font-feature-settings: normal;
+      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;
+      line-height: 1.5;
+      -moz-tab-size: 4;
+      -o-tab-size: 4;
+      tab-size: 4
+    }
+
+    body {
+      line-height: inherit;
+      margin: 0
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-size: inherit;
+      font-weight: inherit
+    }
+
+    a {
+      color: inherit;
+      text-decoration: inherit
+    }
+
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6,
+    hr,
+    p,
+    pre {
+      margin: 0
+    }
+
+    *,
+    ::backdrop,
+    :after,
+    :before {
+      --tw-border-spacing-x: 0;
+      --tw-border-spacing-y: 0;
+      --tw-translate-x: 0;
+      --tw-translate-y: 0;
+      --tw-rotate: 0;
+      --tw-skew-x: 0;
+      --tw-skew-y: 0;
+      --tw-scale-x: 1;
+      --tw-scale-y: 1;
+      --tw-pan-x: ;
+      --tw-pan-y: ;
+      --tw-pinch-zoom: ;
+      --tw-scroll-snap-strictness: proximity;
+      --tw-ordinal: ;
+      --tw-slashed-zero: ;
+      --tw-numeric-figure: ;
+      --tw-numeric-spacing: ;
+      --tw-numeric-fraction: ;
+      --tw-ring-inset: ;
+      --tw-ring-offset-width: 0px;
+      --tw-ring-offset-color: #fff;
+      --tw-ring-color: #3b82f680;
+      --tw-ring-offset-shadow: 0 0 #0000;
+      --tw-ring-shadow: 0 0 #0000;
+      --tw-shadow: 0 0 #0000;
+      --tw-shadow-colored: 0 0 #0000;
+      --tw-blur: ;
+      --tw-brightness: ;
+      --tw-contrast: ;
+      --tw-grayscale: ;
+      --tw-hue-rotate: ;
+      --tw-invert: ;
+      --tw-saturate: ;
+      --tw-sepia: ;
+      --tw-drop-shadow: ;
+      --tw-backdrop-blur: ;
+      --tw-backdrop-brightness: ;
+      --tw-backdrop-contrast: ;
+      --tw-backdrop-grayscale: ;
+      --tw-backdrop-hue-rotate: ;
+      --tw-backdrop-invert: ;
+      --tw-backdrop-opacity: ;
+      --tw-backdrop-saturate: ;
+      --tw-backdrop-sepia:
+    }
+
+    .flex {
+      display: flex
+    }
+    .flex-wrap {
+      flex-wrap: wrap
+    }
+
+    .inline-flex {
+      display: inline-flex
+    }
+
+    .h-24 {
+      height: 6rem
+    }
+
+    .h-6 {
+      height: 1.5rem
+    }
+
+    .h-full {
+      height: 100%
+    }
+
+    .h-screen {
+      height: 100vh
+    }
+
+    .text-center {
+      text-align: center
+    }
+
+    .w-24 {
+      width: 6rem
+    }
+
+    .w-6 {
+      width: 1.5rem
+    }
+
+    .w-full {
+      width: 100%
+    }
+
+    .w-screen {
+      width: 100vw
+    }
+
+    .my-3 {
+      margin-top: 0.75rem;
+      margin-bottom: 0.75rem
+    }
+
+    .flex-col {
+      flex-direction: column
+    }
+
+    .items-center {
+      align-items: center
+    }
+
+    .justify-center {
+      justify-content: center
+    }
+
+    .justify-between {
+      justify-content: space-between
+    }
+
+    .space-y-1>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(.25rem*var(--tw-space-y-reverse));
+      margin-top: calc(.25rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .space-y-4>:not([hidden])~:not([hidden]) {
+      --tw-space-y-reverse: 0;
+      margin-bottom: calc(1rem*var(--tw-space-y-reverse));
+      margin-top: calc(1rem*(1 - var(--tw-space-y-reverse)))
+    }
+
+    .rounded-xl {
+      border-radius: .75rem
+    }
+
+    .border-2 {
+      border-width: 2px
+    }
+
+    .border-black {
+      --tw-border-opacity: 1;
+      border-color: rgb(0 0 0/var(--tw-border-opacity))
+    }
+
+    .p-4 {
+      padding: 1rem
+    }
+
+    .px-4 {
+      padding-left: 1rem;
+      padding-right: 1rem
+    }
+
+    .py-2 {
+      padding-bottom: .5rem;
+      padding-top: .5rem
+    }
+
+    .text-2xl {
+      font-size: 1.5rem;
+      line-height: 2rem
+    }
+
+    .text-sm {
+      font-size: .875rem;
+      line-height: 1.25rem
+    }
+
+    .text-xl {
+      font-size: 1.25rem;
+      line-height: 1.75rem
+    }
+
+    .font-bold {
+      font-weight: 700
+    }
+
+    .text-white {
+      --tw-text-opacity: 1;
+      color: rgb(255 255 255/var(--tw-text-opacity))
+    }
+
+    @media (min-width:640px) {
+      .sm\:w-2\/3 {
+        width: 66.666667%
+      }
+    }
+
+    @media (min-width:768px) {
+      .md\:flex-row {
+        flex-direction: row
+      }
+    }
+
+    @media (min-width:1024px) {
+      .lg\:w-1\/2 {
+        width: 50%
+      }
+
+      .lg\:text-3xl {
+        font-size: 1.875rem;
+        line-height: 2.25rem
+      }
+
+      .lg\:text-xl {
+        font-size: 1.25rem;
+        line-height: 1.75rem
+      }
+    }
+
+    @media (min-width:1280px) {
+      .xl\:text-4xl {
+        font-size: 2.25rem;
+        line-height: 2.5rem
+      }
+    }
+  </style>
+  <script src="{{ .FrontendJS }}" async defer></script>
+</head>
+
+<body class="h-screen w-screen p-4">
+  <div class="h-full w-full flex flex-col justify-center items-center">
+    <div class="border-2 border-black rounded-xl p-4 text-center w-full sm:w-2/3 lg:w-1/2">
+      <div class="flex flex-col items-center space-y-4">
+        <svg fill="black" class="h-24 w-24" aria-hidden="true" focusable="false" data-prefix="fas"
+          data-icon="exclamation-triangle" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"
+          class="warning">
+          <path
+            d="M569.517 440.013C587.975 472.007 564.806 512 527.94 512H48.054c-36.937 0-59.999-40.055-41.577-71.987L246.423 23.985c18.467-32.009 64.72-31.951 83.154 0l239.94 416.028zM288 354c-25.405 0-46 20.595-46 46s20.595 46 46 46 46-20.595 46-46-20.595-46-46-46zm-43.673-165.346l7.418 136c.347 6.364 5.609 11.346 11.982 11.346h48.546c6.373 0 11.635-4.982 11.982-11.346l7.418-136c.375-6.874-5.098-12.654-11.982-12.654h-63.383c-6.884 0-12.356 5.78-11.981 12.654z">
+          </path>
+        </svg>
+        <h1 class="text-2xl lg:text-3xl xl:text-4xl">CrowdSec Captcha</h1>
+      </div>
+      <form action="" method="POST" class="flex flex-col space-y-1" id="captcha-form">
+        <div id="captcha" class="{{ .FrontendKey }}" data-sitekey="{{ .SiteKey }}" data-callback="captchaCallback">
+        </div>
+      </form>
+      <div class="flex justify-center flex-wrap">
+        <p class="my-3">This security check has been powered by</p>
+        <a href="https://crowdsec.net/" target="_blank" rel="noopener" class="inline-flex flex-col items-center">
+          <svg fill="black" width="33.92" height="33.76" viewBox="0 0 254.4 253.2">
+            <defs>
+              <clipPath id="a">
+                <path d="M0 52h84v201.2H0zm0 0" />
+              </clipPath>
+              <clipPath id="b">
+                <path d="M170 52h84.4v201.2H170zm0 0" />
+              </clipPath>
+            </defs>
+            <path
+              d="M59.3 128.4c1.4 2.3 2.5 4.6 3.4 7-1-4.1-2.3-8.1-4.3-12-3.1-6-7.8-5.8-10.7 0-2 4-3.2 8-4.3 12.1 1-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M207.8 128.4a42.9 42.9 0 013.4 7c-1-4.1-2.3-8.1-4.3-12-3.2-6-7.8-5.8-10.7 0-2 4-3.3 8-4.3 12.1.9-2.4 2-4.8 3.4-7.1 3.4-5.8 8.8-6 12.5 0M134.6 92.9c2 3.5 3.6 7 4.8 10.7-1.3-5.4-3-10.6-5.6-15.7-4-7.5-9.7-7.2-13.3 0a75.4 75.4 0 00-5.6 16c1.2-3.8 2.7-7.4 4.7-11 4.1-7.2 10.6-7.5 15 0M43.8 136.8c.9 4.6 3.7 8.3 7.3 9.2 0 2.7 0 5.5.2 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4M192.4 136.8c.8 4.6 3.7 8.3 7.2 9.2 0 2.7 0 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3.9 2.2 1.2 0 .6-3 .7-6.3 1-9.6.2-2.7.3-5.5.2-8.2 3.6-1 6.4-4.6 7.3-9.2a17.8 17.8 0 01-9.1 2.4c-3.4 0-6.6-1-9.1-2.4M138.3 104.6c-3.1 1.9-7 3-11.3 3-4.3 0-8.2-1.1-11.3-3 1 5.8 4.5 10.3 9 11.5 0 3.4 0 6.8.3 10.2.4 4.1.5 8.2 1.2 12 .4 2.9 1.2 2.7 1.6 0 .7-3.8.8-7.9 1.2-12 .3-3.4.3-6.8.3-10.2 4.5-1.2 8-5.7 9-11.5" />
+            <path
+              d="M51 146c0 2.7.1 5.5.3 8.2.3 3.3.4 6.6 1 9.6.3 2.3 1 2.2 1.3 0 .5-3 .6-6.3 1-9.6l.2-8.2c3.5-1 6.4-4.6 7.2-9.2a17.8 17.8 0 01-9 2.4c-3.5 0-6.6-1-9.2-2.4.9 4.6 3.7 8.3 7.3 9.2M143.9 105c-1.9-.4-3.5-1.2-4.9-2.3 1.4 5.6 2.5 11.3 4 17 1.2 5 2 10 2.4 15 .6 7.8-4.5 14.5-10.9 14.5h-15c-6.4 0-11.5-6.7-11-14.5.5-5 1.3-10 2.6-15 1.3-5.3 2.3-10.5 3.6-15.7-2.2 1.2-4.8 1.9-7.7 2-4.7.1-9.4-.3-14-1-4-.4-6.7-3-8-6.7-1.3-3.4-2-7-3.3-10.4-.5-1.5-1.6-2.8-2.4-4.2-.4-.6-.8-1.2-.9-1.8v-7.8a77 77 0 0124.5-3c6.1 0 12 1 17.8 3.2 4.7 1.7 9.7 1.8 14.4 0 9-3.4 18.2-3.8 27.5-3 4.9.5 9.8 1.6 14.8 2.4v8.2c0 .6-.3 1.5-.7 1.7-2 .9-2.2 2.7-2.7 4.5-.9 3.2-1.8 6.4-2.9 9.5a11 11 0 01-8.8 7.7 40.6 40.6 0 01-18.4-.2m29.4 80.6c-3.2-26.8-6.4-50-8.9-60.7a14.3 14.3 0 0014.1-14h.4a9 9 0 005.6-16.5 14.3 14.3 0 00-3.7-27.2 9 9 0 00-6.9-14.6c2.4-1.1 4.5-3 5.8-5 3.4-5.3 4-29-8-44.4-5-6.3-9.8-2.5-10 1.8-1 13.2-1.1 23-4.5 34.3a9 9 0 00-16-4.1 14.3 14.3 0 00-28.4 0 9 9 0 00-16 4.1c-3.4-11.2-3.5-21.1-4.4-34.3-.3-4.3-5.2-8-10-1.8-12 15.3-11.5 39-8.1 44.4 1.3 2 3.4 3.9 5.8 5a9 9 0 00-7 14.6 14.3 14.3 0 00-3.6 27.2A9 9 0 0075 111h.5a14.5 14.5 0 0014.3 14c-4 17.2-10 66.3-15 111.3l-1.3 13.4a1656.4 1656.4 0 01106.6 0l-1.4-12.7-5.4-51.3" />
+            <g clip-path="url(#a)">
+              <path
+                d="M83.5 136.6l-2.3.7c-5 1-9.8 1-14.8-.2-1.4-.3-2.7-1-3.8-1.9l3.1 13.7c1 4 1.7 8 2 12 .5 6.3-3.6 11.6-8.7 11.6H46.9c-5.1 0-9.2-5.3-8.7-11.6.3-4 1-8 2-12 1-4.2 1.8-8.5 2.9-12.6-1.8 1-3.9 1.5-6.3 1.6a71 71 0 01-11.1-.7 7.7 7.7 0 01-6.5-5.5c-1-2.7-1.6-5.6-2.6-8.3-.4-1.2-1.3-2.3-2-3.4-.2-.4-.6-1-.6-1.4v-6.3c6.4-2 13-2.6 19.6-2.5 4.9.1 9.6 1 14.2 2.6 3.9 1.4 7.9 1.5 11.7 0 1.8-.7 3.6-1.2 5.5-1.6a13 13 0 01-1.6-15.5A18.3 18.3 0 0159 73.1a11.5 11.5 0 00-17.4 8.1 7.2 7.2 0 00-12.9 3.3c-2.7-9-2.8-17-3.6-27.5-.2-3.4-4-6.5-8-1.4C7.5 67.8 7.9 86.9 10.6 91c1.1 1.7 2.8 3.1 4.7 4a7.2 7.2 0 00-5.6 11.7 11.5 11.5 0 00-2.9 21.9 7.2 7.2 0 004.5 13.2h.3c0 .6 0 1.1.2 1.7.9 5.4 5.6 9.5 11.3 9.5A1177.2 1177.2 0 0010 253.2c18.1-1.5 38.1-2.6 59.5-3.4.4-4.6.8-9.3 1.4-14 1.2-11.6 3.3-30.5 5.7-49.7 2.2-18 4.7-36.3 7-49.5" />
+            </g>
+            <g clip-path="url(#b)">
+              <path
+                d="M254.4 118.2c0-5.8-4.2-10.5-9.7-11.4a7.2 7.2 0 00-5.6-11.7c2-.9 3.6-2.3 4.7-4 2.7-4.2 3.1-23.3-6.5-35.5-4-5.1-7.8-2-8 1.4-.8 10.5-.9 18.5-3.6 27.5a7.2 7.2 0 00-12.8-3.3 11.5 11.5 0 00-17.8-7.9 18.4 18.4 0 01-4.5 22 13 13 0 01-1.3 15.2c2.4.5 4.8 1 7.1 2 3.8 1.3 7.8 1.4 11.6 0 7.2-2.8 14.6-3 22-2.4 4 .4 7.9 1.2 12 1.9l-.1 6.6c0 .5-.2 1.2-.5 1.3-1.7.7-1.8 2.2-2.2 3.7l-2.3 7.6a8.8 8.8 0 01-7 6.1c-5 1-10 1-14.9-.2-1.5-.3-2.8-1-3.9-1.9 1.2 4.5 2 9.1 3.2 13.7 1 4 1.6 8 2 12 .4 6.3-3.6 11.6-8.8 11.6h-12c-5.2 0-9.3-5.3-8.8-11.6.4-4 1-8 2-12 1-4.2 1.9-8.5 3-12.6-1.8 1-4 1.5-6.3 1.6-3.7 0-7.5-.3-11.2-.7a7.7 7.7 0 01-3.7-1.5c3.1 18.4 7.1 51.2 12.5 100.9l.6 5.3.8 7.9c21.4.7 41.5 1.9 59.7 3.4L243 243l-4.4-41.2a606 606 0 00-7-48.7 11.5 11.5 0 0011.2-11.2h.4a7.2 7.2 0 004.4-13.2c4-1.8 6.8-5.8 6.8-10.5" />
+            </g>
+            <path
+              d="M180 249.6h.4a6946 6946 0 00-7.1-63.9l5.4 51.3 1.4 12.6M164.4 125c2.5 10.7 5.7 33.9 8.9 60.7a570.9 570.9 0 00-8.9-60.7M74.8 236.3l-1.4 13.4 1.4-13.4" />
+          </svg>
+          <span>CrowdSec</span>
+        </a>
+      </div>
+    </div>
+  </div>
+  <script>
+    function captchaCallback() {
+      setTimeout(() => document.querySelector('#captcha-form').submit(), 500);
+    }
+  </script>
+</body>
+</html>
--- a/project/infrastructure/traefik/traefik.yml
+++ b/project/infrastructure/traefik/traefik.yml
@@ -9,16 +9,24 @@ services:
      - "80:80"
      - "443:443"
      - "8079:8080"
+    networks:
+      - ip6net
+      - ip4net
    environment:
+      TRAEFIK_EMAIL: ${EMAIL}
      TRAEFIK_LOCAL_DOMAIN: ${LOCAL_DOMAIN}
      TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
      TRAEFIK_AUTH_PUBLIC_DOMAIN: auth.${PUBLIC_DOMAIN}
+      TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
+      INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
    volumes:
      - "/var/log/crowdsec/:/var/log/crowdsec/"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "${INFRA_PATH}/traefik/letsencrypt:/letsencrypt"
      - "${INFRA_PATH}/traefik/config:/etc/traefik"
      - "${INFRA_PATH}/traefik/certs:/etc/certs"
+      - "${INFRA_PATH}/traefik/html/ban.html:/ban.html"
+      - "${INFRA_PATH}/traefik/html/captcha.html:/captcha.html"
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
@@ -35,6 +43,8 @@ services:
      service: default
    image: traefik/whoami:latest
    container_name: "traefik-whoami"
+    networks: 
+      - ip4net
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/infrastructure/uptime-kuma/uptime-kuma.yml
+++ b/project/infrastructure/uptime-kuma/uptime-kuma.yml
@@ -1,14 +1,25 @@
 services:
  uptime-kuma:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: louislam/uptime-kuma:latest
+    # not using the template because ncsd is not configured to support changing PUID/PGID
+    # https://github.com/louislam/uptime-kuma/issues/4743
+    # extends:
+    #   file: ${TEMPLATES_PATH}
+    #   service: default
+    image: louislam/uptime-kuma
    container_name: uptime-kuma
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges=true
+    environment:
+      TZ: ${TZ}
    volumes:
      - ${INFRA_PATH}/uptime-kuma/config:/app/data
+      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - 5001:3001
+    networks:
+      - ip4net
+      - ip6net
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/infrastructure/watchtower/watchtower.yml
+++ b/project/infrastructure/watchtower/watchtower.yml
@@ -16,6 +16,8 @@ services:
      - WATCHTOWER_HTTP_API_PERIODIC_POLLS=true
    ports:
      - 7999:8080
+    networks:
+      - ip4net
    volumes:
      # - ${INFRA_PATH}/watchtower/config:/config.json
      - /var/run/docker.sock:/var/run/docker.sock
--- a/project/media/audiobookshelf/audiobookshelf.yml
+++ b/project/media/audiobookshelf/audiobookshelf.yml
@@ -0,0 +1,26 @@
+services:
+  audiobookshelf:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ghcr.io/advplyr/audiobookshelf:latest
+    container_name: audiobookshelf
+    ports:
+      - 13378:80
+    networks:
+      - ip6net
+    volumes:
+      - ${AUDIOBOOKSHELF_EXTERNAL_PATH}:/audiobooks
+      - ${MEDIA_PATH}/audiobookshelf/config:/config
+      - ${MEDIA_PATH}/audiobookshelf/data/metadata:/metadata
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.audiobookshelf.entrypoints=https"
+      - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver"
+      - 'traefik.http.routers.audiobookshelf.tls=true'
+      # Middlewares
+      - "traefik.http.routers.audiobookshelf.middlewares=crowdsec-bouncer@file"
--- a/project/media/calibre/calibre.yml
+++ b/project/media/calibre/calibre.yml
@@ -0,0 +1,53 @@
+services:
+  calibre:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: lscr.io/linuxserver/calibre:latest
+    container_name: calibre
+    environment:
+      - PASSWORD= #optional
+      - CLI_ARGS= #optional
+    volumes:
+      - ${EXTERNAL_STORAGE}/media/books:/config/library
+      - ${MEDIA_PATH}/data/downloaded/books:/config/tosync
+    ports:
+      - 2005:8080 # gui
+      - 2006:8181 # gui https
+      - 2007:8081 # webserver ui
+    networks:
+      - ip4net
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.calibre.rule=Host(`calibre.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.calibre.entrypoints=https"
+      - 'traefik.http.routers.calibre.tls=true'
+      - 'traefik.http.services.calibre.loadbalancer.server.port=8080'
+
+  calibre-web:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: lscr.io/linuxserver/calibre-web:latest
+    container_name: calibre-web
+    environment:
+      - DOCKER_MODS=linuxserver/mods:universal-calibre #optional
+      #      - OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional
+    volumes:
+      - ${EXTERNAL_STORAGE}/media/books:/books
+      - ${MEDIA_PATH}/calibre/data:/config
+    ports:
+      - 2008:8083
+    networks:
+      - ip6net
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.calibre-web.rule=Host(`calibre-web.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.calibre-web.entrypoints=https"
+      - 'traefik.http.routers.calibre-web.tls=true'
--- a/project/media/immich/immich.yml
+++ b/project/media/immich/immich.yml
@@ -5,7 +5,6 @@ services:
      service: default
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:release
-    command: [ "start.sh", "immich" ]
    environment:
      DB_PASSWORD: ${IMMICH_DB_PASSWORD}
      DB_HOSTNAME: postgres-with-pg-vector
@@ -13,11 +12,14 @@ services:
      DB_DATABASE_NAME: immich
      REDIS_HOSTNAME: redis
    volumes:
+      # to mount the trueNas external library: sudo mount 192.168.178.36:/mnt/hdd-storage/vm-external-storage/immich /mnt/external-storage/immich/
      - ${IMMICH_EXTERNAL_PATH}:/usr/src/app/external:ro
      - ${MEDIA_PATH}/immich/data/library:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 2283:3001
+    networks:
+      - ip6net
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
@@ -30,35 +32,39 @@ services:
      # Middlewares
      - "traefik.http.routers.immich-server.middlewares=crowdsec-bouncer@file"

-  immich-microservices:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    container_name: immich_microservices
-    image: ghcr.io/immich-app/immich-server:release
-    command: [ "start.sh", "microservices" ]
-    environment:
-      DB_PASSWORD: ${IMMICH_DB_PASSWORD}
-      DB_HOSTNAME: postgres-with-pg-vector
-      DB_USERNAME: immich
-      DB_DATABASE_NAME: immich
-      REDIS_HOSTNAME: redis
-    volumes:
-      - ${IMMICH_EXTERNAL_PATH}:/usr/src/app/external
-      - ${MEDIA_PATH}/immich/data/library:/usr/src/app/upload
-      - /etc/localtime:/etc/localtime:ro
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-
  immich-machine-learning:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:release
+    ports:
+      - 3003:3003
    volumes:
      - ${MEDIA_PATH}/immich/data/model-cache:/cache
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
+
+  # https://github.com/Salvoxia/immich-folder-album-creator
+  # one time run: 
+  # docker run -e -e API_URL="https://immich.crescentec.xyz/api/" -e API_KEY="qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA" -e ROOT_PATH="/usr/src/app/external" -e LOG_LEVEL="DEBUG" salvoxia/immich-folder-album-creator:latest /script/immich_auto_album.sh
+  immich-folder-album-creator:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: immich_folder_album_creator
+    image: salvoxia/immich-folder-album-creator:latest
+    environment:
+      API_URL: https://immich.crescentec.xyz/api
+      API_KEY: qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA
+      ROOT_PATH: /usr/src/app/external
+      CRON_EXPRESSION: "0 * * * *"
+      LOG_LEVEL: DEBUG
+      #RUN_IMMEDIATELY: true
+      #UNATTENDED: 1
+    volumes:
+      - /usr/src/app/external:/usr/src/app/external
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/media/kiwix/kiwix.yml
+++ b/project/media/kiwix/kiwix.yml
@@ -0,0 +1,24 @@
+services:
+  kiwix:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ghcr.io/kiwix/kiwix-serve
+    container_name: kiwix 
+    ports:
+      - 2009:8080
+    networks:
+      - ip4net
+    volumes:
+      - ${EXTERNAL_STORAGE}/wikipedia/:/data
+    command:
+      - '*.zim'
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.kiwix.rule=Host(`wikipedia.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.kiwix.entrypoints=https"
+      - 'traefik.http.routers.kiwix.tls=true'
+      - 'traefik.http.services.kiwix.loadbalancer.server.port=8080'
--- a/project/media/lidarr/lidarr.yml
+++ b/project/media/lidarr/lidarr.yml
@@ -0,0 +1,26 @@
+services:
+  lidarr:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: lscr.io/linuxserver/lidarr 
+    container_name: lidarr 
+    ports:
+      - 2010:8686
+    networks:
+      - ip4net
+    dns: 
+      - 8.8.8.8
+      - 1.1.1.1
+    volumes:
+      - ${MEDIA_PATH}/lidarr/config:/config
+      - ${MEDIA_PATH}/data:/data
+      - ${EXTERNAL_STORAGE}/media/music:/music
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.lidarr.rule=Host(`lidarr.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.lidarr.entrypoints=https"
+      - 'traefik.http.routers.lidarr.tls=true'
--- a/project/media/navidrome/navidrome.yml
+++ b/project/media/navidrome/navidrome.yml
@@ -0,0 +1,31 @@
+services:
+  navidrome:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: deluan/navidrome 
+    container_name: navidrome
+    ports:
+      - 2011:4533
+    networks:
+      - ip4net
+    volumes:
+      - ${MEDIA_PATH}/navidrome/data:/data
+      - ${EXTERNAL_STORAGE}/media/music:/music:ro
+    environment:
+      ND_REVERSEPROXYWHITELIST: 0.0.0.0/0
+      ND_ENABLEUSEREDITING: false
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.navidrome.rule=Host(`navidrome.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.navidrome.entrypoints=https"
+      - 'traefik.http.routers.navidrome.tls=true'
+      # Middlewares
+      - "traefik.http.routers.navidrome.middlewares=crowdsec-bouncer@file, authelia@file"
+      # Subsonic endpoint use basic authentication middleware from authelia
+      - "traefik.http.routers.navidrome-subsonic.rule=Host(`navidrome.${PUBLIC_DOMAIN}`) && PathPrefix(`/rest/`) && !Query(`c`, `NavidromeUI`)"
+      - "traefik.http.routers.navidrome-subsonic.entrypoints=https"
+      - "traefik.http.routers.navidrome-subsonic.middlewares=crowdsec-bouncer@file, authelia-basicauth@file, subsonic-basicauth@file"
--- a/project/media/prowlarr/prowlarr.yml
+++ b/project/media/prowlarr/prowlarr.yml
@@ -0,0 +1,21 @@
+services:
+  prowlarr:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: lscr.io/linuxserver/prowlarr:develop
+    container_name: prowlarr
+    ports:
+      - 2004:9696
+    networks:
+      - ip4net
+    volumes:
+      - ${MEDIA_PATH}/prowlarr/config:/config
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.prowlarr.entrypoints=https"
+      - 'traefik.http.routers.prowlarr.tls=true'
--- a/project/media/qbittorrent/qbittorrent.yml
+++ b/project/media/qbittorrent/qbittorrent.yml
@@ -0,0 +1,31 @@
+services:
+  qbittorrent:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    ports:
+      - 2002:2002
+      - 50059:6881
+      - 50059:6881/udp
+    networks:
+      - ip4net
+      - ip6net
+    environment:
+      - WEBUI_PORT=2002
+      - TORRENTING_PORT=50059
+    volumes:
+      - ${MEDIA_PATH}/qbittorrent/config:/config
+      - ${MEDIA_PATH}/data/torrents:/data/torrents
+      - ${MEDIA_PATH}/data/downloaded/books:/data/downloaded/books
+      - ${EXTERNAL_STORAGE}/media/audiobooks:/data/downloaded/audiobooks
+      - ${EXTERNAL_STORAGE}/media/music:/data/downloaded/music
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.qbittorrent.entrypoints=https"
+      - 'traefik.http.routers.qbittorrent.tls=true'
--- a/project/media/readarr/readarr.yml
+++ b/project/media/readarr/readarr.yml
@@ -0,0 +1,24 @@
+services:
+  readarr:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: lscr.io/linuxserver/readarr:develop
+    container_name: readarr
+    ports:
+      - 2003:8787
+    networks:
+      - ip4net
+    volumes:
+      - ${MEDIA_PATH}/readarr/config:/config
+      - ${MEDIA_PATH}/data/torrents:/data/torrents
+      - ${EXTERNAL_STORAGE}/media/audiobooks:/data/media/audiobooks
+      - ${EXTERNAL_STORAGE}/media/books:/data/media/books
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.readarr.rule=Host(`readarr.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.readarr.entrypoints=https"
+      - 'traefik.http.routers.readarr.tls=true'
--- a/project/media/slskd/slskd.yml
+++ b/project/media/slskd/slskd.yml
@@ -0,0 +1,29 @@
+services:
+  slskd:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: slskd/slskd 
+    container_name: slskd
+    user: ${PUID}:${PGID}  
+    ports:
+      - 2013:5031 # http
+      - 2014:5030 # https
+      - 50300:50300 # incoming connections
+    networks:
+      - ip4net
+    environment:
+      - SLSKD_REMOTE_CONFIGURATION=true
+    volumes:
+      - ${MEDIA_PATH}/slskd/config/slskd.yml:/app/slskd.yml
+      - ${MEDIA_PATH}/data/slskd_downloads:/app/downloads
+      - ${EXTERNAL_STORAGE}/media/music:/app/library
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.slskd.rule=Host(`slskd.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.slskd.entrypoints=https"
+      - 'traefik.http.routers.slskd.tls=true'
+      - 'traefik.http.services.slskd.loadbalancer.server.port=5030'
--- a/project/media/soularr/soularr.yml
+++ b/project/media/soularr/soularr.yml
@@ -0,0 +1,13 @@
+services:
+  soularr:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: mrusse08/soularr 
+    container_name: soularr
+    user: ${PUID}:${PGID}  
+    networks:
+      - ip4net
+    volumes:
+      - ${MEDIA_PATH}/soularr/data:/data
+      - ${MEDIA_PATH}/data/slskd_downloads:/downloads
--- a/project/monitoring/dozzle/dozzle.yml
+++ b/project/monitoring/dozzle/dozzle.yml
@@ -7,6 +7,8 @@ services:
    image: amir20/dozzle:latest
    ports:
      - 8083:8080
+    networks: 
+      - ip4net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
--- a/project/monitoring/grafana/grafana.yml
+++ b/project/monitoring/grafana/grafana.yml
@@ -7,6 +7,8 @@ services:
    image: grafana/grafana-oss:latest
    ports:
      - 8090:3000
+    networks:
+      - ip4net
    volumes:
      - ${MONITORING_PATH}/grafana/data:/var/lib/grafana
    labels:
--- a/project/monitoring/loki/loki.yml
+++ b/project/monitoring/loki/loki.yml
@@ -0,0 +1,37 @@
+services:
+  loki:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: loki
+    image: grafana/loki
+    ports:
+      - 8094:3100
+    networks:
+      - ip4net
+    volumes:
+      - ${MONITORING_PATH}/loki/config/loki-config.yml:/etc/loki/local-config.yaml
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.loki.rule=Host(`loki.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.loki.entrypoints=https"
+      - "traefik.http.routers.loki.tls=true"
+
+  promtail:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: promtail 
+    image: grafana/promtail
+    networks:
+      - ip4net
+    volumes:
+      - ${MONITORING_PATH}/loki/config/promtail-config.yml:/etc/promtail/config.yml
+      - /var/log:/var/log
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/monitoring/prometheus/prometheus.yml
+++ b/project/monitoring/prometheus/prometheus.yml
@@ -7,6 +7,8 @@ services:
    image: prom/prometheus:latest
    ports:
      - 9090:9090
+    networks:
+      - ip4net
    volumes:
      - ${MONITORING_PATH}/prometheus/config:/etc/prometheus
    labels:
--- a/project/service/freshrss/freshrss.yml
+++ b/project/service/freshrss/freshrss.yml
@@ -0,0 +1,28 @@
+services:
+  freshrss:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: freshrss/freshrss:latest
+    container_name: freshrss
+    ports:
+      - 4014:80
+    networks:
+      - ip6net
+    volumes:
+      - ${SERVICE_PATH}/freshrss/data:/var/www/FreshRSS/data
+      - ${SERVICE_PATH}/freshrss/extensions:/var/www/FreshRSS/extensions
+    environment:
+      CRON_MIN: '3,33'
+      TRUSTED_PROXY: 172.16.0.1/12 192.168.0.1/16
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.freshrss.rule=Host(`rss.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.freshrss.entrypoints=https"
+      - "traefik.http.routers.freshrss.tls=true"
+      - "traefik.http.routers.freshrss.tls.certresolver=myresolver"
+      # Middlewares
+      - "traefik.http.routers.freshrss.middlewares=crowdsec-bouncer@file"
--- a/project/service/ghost/ghost.yml
+++ b/project/service/ghost/ghost.yml
@@ -0,0 +1,33 @@
+services:
+  ghost:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ghost:latest
+    container_name: ghost
+    ports:
+      - 4016:2368
+    environment:
+      # see https://ghost.org/docs/config/#configuration-options
+      database__client: mysql
+      database__connection__host: mysql-ghost
+      database__connection__user: root
+      database__connection__password: example
+      database__connection__database: ghost
+      # this url value is just an example, and is likely wrong for your environment!
+      url: http://192.168.1.38:4016
+      # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired)
+      NODE_ENV: development
+    volumes:
+      - ${SERVICE_PATH}/ghost/data/ghost:/var/lib/ghost/content
+
+  mysql-ghost:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: mysql:8.0
+    container_name: mysql-ghost
+    environment:
+      MYSQL_ROOT_PASSWORD: example
+    volumes:
+      - ${SERVICE_PATH}/ghost/data/db:/var/lib/mysql
--- a/project/service/gitea/gitea.yml
+++ b/project/service/gitea/gitea.yml
@@ -32,6 +32,8 @@ services:
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 2001:22
+    networks:
+      - ip6net
    expose:
      - 4002
    labels:
@@ -45,6 +47,5 @@ services:
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.service=gitea-service"
      - "traefik.http.services.gitea-service.loadbalancer.server.port=4002"
-
      # Middlewares
      - "traefik.http.routers.gitea.middlewares=crowdsec-bouncer@file"
--- a/project/service/home-assistant/home-assistant.yml
+++ b/project/service/home-assistant/home-assistant.yml
@@ -5,6 +5,8 @@ services:
      service: default
    image: ghcr.io/home-assistant/home-assistant:stable
    container_name: home-assistant
+    networks:
+      - ip4net
    ports:
      - 4012:8123  
    volumes:
--- a/project/service/it-tools/it-tools.yml
+++ b/project/service/it-tools/it-tools.yml
@@ -7,6 +7,8 @@ services:
    container_name: it-tools
    ports:
      - '4007:80'
+    networks:
+      - ip4net
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/service/jupyter-notebook/jupyter-notebook.yml
+++ b/project/service/jupyter-notebook/jupyter-notebook.yml
@@ -0,0 +1,22 @@
+services:
+  jupyter:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: quay.io/jupyter/base-notebook:latest
+    container_name: jupyter
+    volumes:
+      - ${SERVICE_PATH}/jupyter-notebook/data:/home/jovyan/work
+    ports:
+      - 4013:8888 # Web UI
+    networks:
+      - ip4net
+    command: start-notebook.py --NotebookApp.token='aToken1234'
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.jupyter.rule=Host(`jupyter.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.jupyter.entrypoints=https"
+      - "traefik.http.routers.jupyter.tls=true"
--- a/project/service/linkwarden/linkwarden.yml
+++ b/project/service/linkwarden/linkwarden.yml
@@ -0,0 +1,49 @@
+services:
+  linkwarden:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ghcr.io/linkwarden/linkwarden:latest  
+    container_name: linkwarden 
+    ports:
+      - 4020:3000
+    networks:
+      - ip4net
+      - ip6net
+    volumes:
+      - ${SERVICE_PATH}/linkwarden/data:/data/data
+    environment:
+      - DATABASE_URL=postgresql://linkwarden:${LINKWARDEN_DATABASE_PASSWORD}@postgres:5432/linkwarden
+      - NEXTAUTH_URL=https://linkwarden.${PUBLIC_DOMAIN}/api/v1/auth
+      - NEXTAUTH_SECRET=${LINKWARDEN_NEXTAUTH_SECRET}
+      - MEILI_MASTER_KEY=${LINKWARDEN_MEILI_MASTER_KEY}
+      - MEILI_HOST=http://meilisearch:7700
+      - NEXT_PUBLIC_DISABLE_REGISTRATION=true
+      - NEXT_PUBLIC_AUTHELIA_ENABLED=true
+      - AUTHELIA_WELLKNOWN_URL=https://auth.${PUBLIC_DOMAIN}/.well-known/openid-configuration
+      - AUTHELIA_CLIENT_ID=linkwarden
+      - AUTHELIA_CLIENT_SECRET=${LINKWARDEN_OIDC_CLIENT_SECRET}
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.linkwarden.rule=Host(`linkwarden.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.linkwarden.entrypoints=https"
+      - "traefik.http.routers.linkwarden.tls=true"
+
+  meilisearch:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: getmeili/meilisearch:latest
+    container_name: linkwarden_meili
+    networks:
+      - ip4net
+      - ip6net
+    ports:
+      - 4021:7700
+    environment:
+      - MEILI_MASTER_KEY=${LINKWARDEN_MEILI_MASTER_KEY}
+    volumes:
+      - ${SERVICE_PATH}/linkwarden/meili_data:/meili_data
--- a/project/service/mealie/mealie.yml
+++ b/project/service/mealie/mealie.yml
@@ -7,6 +7,8 @@ services:
    container_name: mealie
    ports:
      - "4006:9000"
+    networks:
+      - ip6net
    volumes:
      - ${SERVICE_PATH}/mealie/data:/app/data/
    environment:
@@ -19,18 +21,13 @@ services:
      POSTGRES_SERVER: postgres
      POSTGRES_PORT: 5432
      POSTGRES_DB: mealie
-      # LDAP Authentication
-      LDAP_AUTH_ENABLED: true
-      LDAP_SERVER_URL: ldap://lldap:3890
-      LDAP_BASE_DN: ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
-      LDAP_ID_ATTRIBUTE: uid
-      LDAP_NAME_ATTRIBUTE: displayName
-      LDAP_MAIL_ATTRIBUTE: mail
-      LDAP_QUERY_BIND: cn=readonly_user,ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
-      LDAP_QUERY_PASSWORD: ${LLDAP_READONLY_USER_PASSWORD}
-      # LDAP_USER_FILTER: (memberof=cn=mealie,ou=groups,dc=example,dc=com)
-      # LDAP_ADMIN_FILTER: (memberof=cn=mealie-admin,ou=groups,dc=example,dc=com)
-
+      # OIDC using authelia
+      OIDC_AUTH_ENABLED: true
+      OIDC_SIGNUP_ENABLED: false 
+      OIDC_CONFIGURATION_URL: https://auth.${PUBLIC_DOMAIN}/.well-known/openid-configuration
+      OIDC_CLIENT_ID: mealie
+      OIDC_CLIENT_SECRET: ${MEALIE_OIDC_CLIENT_SECRET} 
+      OIDC_AUTO_REDIRECT: false
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/service/n8n/n8n.yml
+++ b/project/service/n8n/n8n.yml
@@ -0,0 +1,32 @@
+services:
+  n8n:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: docker.n8n.io/n8nio/n8n
+    container_name: n8n 
+    ports:
+      - 4022:5678
+    networks:
+      - ip4net
+    environment:
+      - N8N_BLOCK_ENV_ACCESS_IN_NODE=false
+      - MAM_USERNAME=${N8N_MAM_USERNAME}
+      - MAM_PASSWORD=${N8N_MAM_PASSWORD}
+      - PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
+      - PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
+    user: root
+    volumes:
+      - ${SERVICE_PATH}/n8n/data:/home/node/.n8n
+    entrypoint: /home/node/.n8n/script/entrypoint.sh 
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.n8n.rule=Host(`n8n.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.n8n.entrypoints=https"
+      - "traefik.http.routers.n8n.tls=true"
+      - "traefik.http.routers.n8n.tls.certresolver=myresolver"
+      # Middlewares
+      - "traefik.http.routers.n8n.middlewares=crowdsec-bouncer@file"
--- a/project/service/ollama/ollama.yml
+++ b/project/service/ollama/ollama.yml
@@ -0,0 +1,24 @@
+services:
+  ollama:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: ollama/ollama 
+    container_name: ollama 
+    ports:
+      - 4019:11434
+    networks:
+      - ip6net
+    volumes:
+      - ${SERVICE_PATH}/ollama/data:/root/.ollama
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.ollama.rule=Host(`ollama.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.ollama.entrypoints=https"
+      - "traefik.http.routers.ollama.tls=true"
+      - "traefik.http.routers.ollama.tls.certresolver=myresolver"
+      # Middlewares
+      - "traefik.http.routers.ollama.middlewares=crowdsec-bouncer@file"
--- a/project/service/overleaf-toolkit
+++ b/project/service/overleaf-toolkit
--- a/project/service/paperless-ngx/paperless-ngx.yml
+++ b/project/service/paperless-ngx/paperless-ngx.yml
@@ -7,9 +7,11 @@ services:
    container_name: paperless-ngx
    ports:
      - "4009:8000"
+    networks:
+      - ip6net
    volumes:
-      - ${EXTERNAL_STORAGE}/paperless-ngx/data:/usr/src/paperless/data
-      - ${EXTERNAL_STORAGE}/paperless-ngx/media:/usr/src/paperless/media
+      - ${EXTERNAL_STORAGE}/documents/data:/usr/src/paperless/data
+      - ${EXTERNAL_STORAGE}/documents/media:/usr/src/paperless/media
      - ${SERVICE_PATH}/paperless-ngx/data/export:/usr/src/paperless/export
      - ${SERVICE_PATH}/paperless-ngx/data/consume:/usr/src/paperless/consume
    environment:
@@ -21,23 +23,27 @@ services:
      PAPERLESS_DBUSER: paperless
      PAPERLESS_DBPASS: ${PAPERLESS_DB_PASSWORD}
      # Paperless var
-      PAPERLESS_URL: https://paperless.${LOCAL_DOMAIN}
-      PAPERLESS_ALLOWED_HOSTS: ${LOCAL_DOMAIN}
+      PAPERLESS_URL: https://paperless.${PUBLIC_DOMAIN}
+      PAPERLESS_ALLOWED_HOSTS: ${PUBLIC_DOMAIN},192.168.1.38,"2a04:ee41:86:9397:844f:f9ff:fe5c:e416"
      PAPERLESS_OCR_LANGUAGE: fra+eng+deu
      # Admin user when not OIDC
      PAPERLESS_ADMIN_USER: chris
      PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD}
-      # # OIDC
+      # OIDC
+      # PAPERLESS_DISABLE_REGULAR_LOGIN: true
      # PAPERLESS_ENABLE_HTTP_REMOTE_USER: true
-      # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS: false
-      # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.${PUBLIC_DOMAIN}
+      # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_REMOTE_USER
+      # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.crescentec.xyz/logout
+      # PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
+      # PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.crescentec.xyz","token_auth_method":"client_secret_basic"}}]}}'
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
-      - "traefik.http.routers.paperless.rule=Host(`paperless.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.paperless.rule=Host(`paperless.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.paperless.entrypoints=https"
+      - "traefik.http.routers.paperless.tls.certresolver=myresolver"
      - "traefik.http.routers.paperless.tls=true"
-      # # Middlewares
-      # - "traefik.http.routers.paperless.middlewares=authelia@file"
+      # Middlewares
+      - "traefik.http.routers.paperless.middlewares=crowdsec-bouncer@file"
--- a/project/service/pdf/pdf.yml
+++ b/project/service/pdf/pdf.yml
@@ -0,0 +1,22 @@
+services:
+  pdf:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: bentopdf/bentopdf-simple
+    container_name: pdf
+    ports:
+      - '4003:8080'
+    networks:
+      - ip6net
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.pdf.rule=Host(`pdf.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.pdf.entrypoints=https"
+      - "traefik.http.routers.pdf.tls.certresolver=myresolver"
+      - "traefik.http.routers.pdf.tls=true"
+      # Middlewares
+      - "traefik.http.routers.pdf.middlewares=crowdsec-bouncer@file, authelia@file"
--- a/project/service/radicale/radicale.yml
+++ b/project/service/radicale/radicale.yml
@@ -0,0 +1,38 @@
+services:
+  radicale:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: tomsquest/docker-radicale
+    container_name: radicale
+    ports:
+      - 4017:5232
+    networks:
+      - ip6net
+    init: true
+    read_only: true
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETUID
+      - CHOWN
+      - SETGID
+      - KILL
+    # healthcheck:
+    #   test: curl -f http://127.0.0.1:5232 || exit 1
+    #   interval: 30s
+    #   retries: 3
+    volumes:
+      - ${SERVICE_PATH}/radicale/config:/config/
+      - ${EXTERNAL_STORAGE}/calendars-contacts:/data
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.radicale.entrypoints=https"
+      - "traefik.http.routers.radicale.tls.certresolver=myresolver"
+      - "traefik.http.routers.radicale.tls=true"
+      # Middlewares
+      - "traefik.http.routers.radicale.middlewares=crowdsec-bouncer@file"
--- a/project/service/shlink/shlink.yml
+++ b/project/service/shlink/shlink.yml
@@ -1,55 +0,0 @@
-services:
-  shlink-backend:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: shlinkio/shlink:latest
-    container_name: shlink-backend
-    ports:
-      - '4004:8080'
-    volumes:
-      - ${SERVICE_PATH}/shlink/data:/usr/share/tesseract-ocr/4.00/tessdata #Required for extra OCR languages
-      - ${SERVICE_PATH}/shlink/config:/configs
-    environment:
-      DEFAULT_DOMAIN: shlink.${PUBLIC_DOMAIN}
-      IS_HTTPS_ENABLED: true
-      # GEOLITE_LICENSE_KEY: # optional, to geolocate visit, see https://shlink.io/documentation/geolite-license-key/
-      # DB
-      DB_DRIVER: postgres
-      DB_USER: shlink
-      DB_PASSWORD: ${SHLINK_DATABASE_PASSWORD}
-      DB_HOST: postgres
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.shlink-backend.rule=Host(`shlink.${PUBLIC_DOMAIN}`)"
-      - "traefik.http.routers.shlink-backend.entrypoints=https"
-      - "traefik.http.routers.shlink-backend.tls.certresolver=myresolver"
-      - "traefik.http.routers.shlink-backend.tls=true"
-      - "traefik.http.routers.shlink-backend.service=shlink-backend-svc"
-      - "traefik.http.services.shlink-backend-svc.loadbalancer.server.port=8080"
-      # Middlewares
-      - "traefik.http.routers.shlink-backend.middlewares=crowdsec-bouncer@file"
-
-  shlink-frontend:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: shlinkio/shlink-web-client:latest
-    container_name: shlink-frontend
-    ports:
-      - '4005:8080'
-    environment:
-      SHLINK_SERVER_URL: https://shlink.${PUBLIC_DOMAIN}
-      SHLINK_SERVER_API_KEY: ${SHLINK_SERVER_API_KEY}
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.shlink-frontend.rule=Host(`shlink.${LOCAL_DOMAIN}`)"
-      - "traefik.http.routers.shlink-frontend.entrypoints=https"
-      - "traefik.http.routers.shlink-frontend.tls=true"
-  
--- a/project/service/sponsorblock/sponsorblock.yml
+++ b/project/service/sponsorblock/sponsorblock.yml
@@ -1,9 +0,0 @@
-services:
-  sponsorblock:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: ghcr.io/dmunozv04/isponsorblocktv
-    container_name: sponsorblock
-    volumes:
-    - ${SERVICE_PATH}/sponsorblock/data:/app/data
--- a/project/service/stirling-pdf/stirling-pdf.yml
+++ b/project/service/stirling-pdf/stirling-pdf.yml
@@ -1,24 +0,0 @@
-services:
-  stirling-pdf:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: frooodle/s-pdf:latest
-    container_name: stirling-pdf
-    ports:
-      - '4003:8080'
-    volumes:
-      - ${SERVICE_PATH}/stirling-pdf/data:/usr/share/tesseract-ocr/4.00/tessdata #Required for extra OCR languages
-      - ${SERVICE_PATH}/stirling-pdf/config:/configs
-#      - /location/of/customFiles:/customFiles/
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.stirling-pdf.rule=Host(`stirling-pdf.${PUBLIC_DOMAIN}`)"
-      - "traefik.http.routers.stirling-pdf.entrypoints=https"
-      - "traefik.http.routers.stirling-pdf.tls.certresolver=myresolver"
-      - "traefik.http.routers.stirling-pdf.tls=true"
-      # Middlewares
-      - "traefik.http.routers.stirling-pdf.middlewares=crowdsec-bouncer@file,authelia@file"
--- a/project/service/vaultwarden/vaultwarden.yml
+++ b/project/service/vaultwarden/vaultwarden.yml
@@ -0,0 +1,34 @@
+services:
+  vaultwarden:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: vaultwarden/server
+    container_name: vaultwarden 
+    ports:
+      - 4018:80
+    networks:
+      - ip6net
+    environment:
+      DOMAIN: "https://vaultwarden.${PUBLIC_DOMAIN}"
+      SIGNUPS_ALLOWED: false 
+      INVITATIONS_ALLOWED: false
+      SSO_ENABLED: false # for now sso does only help companies for role management and the master password is still necessary 
+      SSO_ONLY: false 
+      SSO_AUTHORITY: https://auth.${PUBLIC_DOMAIN}
+      SSO_SCOPES: profile email offline_access
+      SSO_CLIENT_ID: vaultwarden
+      SSO_CLIENT_SECRET: ${VAULTWARDEN_OIDC_CLIENT_SECRET}
+    volumes:
+      - ${EXTERNAL_STORAGE}/passwords:/data/
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.vaultwarden.entrypoints=https"
+      - "traefik.http.routers.vaultwarden.tls=true"
+      - "traefik.http.routers.vaultwarden.tls.certresolver=myresolver"
+      # Middlewares
+      - "traefik.http.routers.vaultwarden.middlewares=crowdsec-bouncer@file"
--- a/project/service/vikunja/vikunja.yml
+++ b/project/service/vikunja/vikunja.yml
@@ -17,6 +17,8 @@ services:
      VIKUNJA_DATABASE_DATABASE: vikunja
      VIKUNJA_SERVICE_JWTSECRET: /run/secrets/vikunja_jwt_secret
      VIKUNJA_SERVICE_PUBLICURL: https://vikunja.${PUBLIC_DOMAIN}
+    networks:
+      - ip6net
    volumes: 
      - ${SERVICE_PATH}/vikunja/data:/app/vikunja/files
      - ${SERVICE_PATH}/vikunja/config:/etc/vikunja
Author	SHA1	Message	Date
chris	d4061164a6	replace stirling pdf, sso for multiple app, cleanup	2025-12-19 15:33:26 +01:00
chris	7ec59a3b07	clean up and add loki and ntfy	2025-11-13 18:38:45 +01:00
chris	8a67598944	update uptime	2025-11-03 22:40:32 +01:00
chris	ebb0c20ee4	add n8n	2025-10-17 17:18:47 +02:00
chris	2bb4bfa337	music stack and general improvements	2025-10-11 15:52:07 +02:00
chris	4caf3f5266	media player	2025-09-28 23:09:59 +02:00
chris	5609944f02	improvements data stores and torrent pipeline	2025-09-25 22:59:22 +02:00
chris	c6f4b733b3	add linkwarden	2025-09-08 01:48:45 +02:00
chris	407594dd85	Modify config to externalize data to backup	2025-09-07 00:40:40 +02:00
chris	2862618816	Update domain, add kiwix and ollama	2025-09-02 20:40:57 +02:00
chris	e6ce62ae09	vaultwarden, calibre, cleanup	2025-08-03 19:00:42 +02:00
chris	f448f29a03	update	2025-06-09 12:29:21 +02:00
debian	a46ab16489	update	2025-01-19 22:36:51 +01:00
debian	e8a376ffaf	maintenance	2024-12-28 18:28:52 +01:00
debian	4229392454	add ghost, radicale, make paperless public, add vps link	2024-09-08 21:08:22 +02:00
debian	61682090cb	add addon for eEwLink Switch	2024-08-11 16:52:34 +02:00
debian	05e9cb896d	Fix crowdsec integration	2024-08-11 16:49:10 +02:00
debian	fd083af6d3	general update oon docker config	2024-07-19 12:38:32 +02:00
debian	2da547bcc2	update docker configuration	2024-07-19 12:37:00 +02:00
debian	fde83fcfd1	add rss feed	2024-06-08 00:46:20 +02:00
debian	ad9b16653a	add jupyter notebook service	2024-03-03 00:31:56 +01:00
debian	a1a1b2d950	add new application to docker compose stack	2024-03-02 18:51:35 +01:00
debian	bac65fab74	add some *arr stack	2024-03-02 18:46:14 +01:00
debian	22a94ca6cf	add qbittorrent	2024-03-02 18:44:44 +01:00
debian	e94f2adc9b	add audiobookshelf	2024-03-02 18:44:27 +01:00