Updates

Add Yamtrack

.docker/ca.pem

@@ -1,35 +1,35 @@
 -----BEGIN CERTIFICATE-----
-MIIGDTCCA/WgAwIBAgIUcokYvBeL/cw6X1huaaYmdBXSuGkwDQYJKoZIhvcNAQEL
+MIIGDTCCA/WgAwIBAgIUdAhU4hnAkB2x7/pAxs4QqrlH13MwDQYJKoZIhvcNAQEL
 BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx
 DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe
-Fw0yNDA4MjgxMDEwMTlaFw0yNzA4MjgxMDEwMTlaMFoxGjAYBgNVBAMTEUNvbnRh
+Fw0yNTA4MTMwMjM1MjRaFw0yODA4MTIwMjM1MjRaMFoxGjAYBgNVBAMTEUNvbnRh
 aW5lciBTdGF0aW9uMQ0wCwYDVQQKEwRRTkFQMQ8wDQYDVQQIEwZUYWlwZWkxDzAN
 BgNVBAcTBlRhaXBlaTELMAkGA1UEBhMCVFcwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQDVbCgA+GoNLKbpXbu7V0FPnsYhd+vqrQrNK785R9v4mBgLG/BW
-zFL1o62Wx8ffa6GZ83Rsll5QSAL8f7QMF15lFqbtialJTkdM1EoblVdiQnXFYoPO
-+2At3JPBY4/nDvQeNqhAbS6x4wGfCyM2diXjRnVxg2nRyuWouMnvKPDkS0sFoZ2O
-wFwmzO9qmDY4DFBDthO4DgpfB027enlHPQtuMUvZATNy8pMS+laMW9UYrknnBmxf
-fzGBcuUv92Y1rX8IlFZtGEBywsvOGHK9Luev5BRsySSLUPaunS+4C4SrUgHWPkCI
-0fXTN4tdwZNeDtE1oZdJtcuRdViTMhXseq04lZn2znuTcgQqfuobW8Z8oFlwraDy
-PTxA/OCRZB8RxQ0SPRw9IJXmSxXqNlPCbDdSD7likKPXcZrbRLL65b9Nq3RIiHbH
-39BexNuHnxZXVFVDZtVJ6cbqkYsnEs6wE0N5jrYYUs/tUcbKi9dyHgVZPSNUw0Aj
-sI5A5dbBqQLHpVFgLLaNH18a/XhvCPSnCFJgQMO+/DV6ic61tZhXm8Nb1FvW02+u
-zwBMb+83TEsUADWRGJxaCFS9z/IW4ivz50DAj0Pmiw03e8xzih7IpY/PKjr2chOn
-0t2RDNPBOyE7RM3QutWDb4LOXMFNZkLQ0nC4Khp7emybQo7eqY0Hg5Eu4QIDAQAB
-o4HKMIHHMB0GA1UdDgQWBBQtlSGNU6Hl/iiSjJyjSJBgAeisZDCBlwYDVR0jBIGP
-MIGMgBQtlSGNU6Hl/iiSjJyjSJBgAeisZKFepFwwWjEaMBgGA1UEAxMRQ29udGFp
+DwAwggIKAoICAQCkQ3UfH4sIieOQvmnKIMW0gF+tGsnNUtdet7TyS7/PUZWLuRag
+/Jsxyehr4bOMDexrhYRGBe+DxkvqUby+oPQk2d07rYsd4zVWBcHdVHp/JDiAUr7g
+7J7p/epDhzGE6siuYOwIf8fKSWxqxX7kEi8g7wxXaZTUi6Ub0I+2RS/95oCwFHqn
+nmaxEjr9YwmonColNa7YmYqEp6MBvd/a7Sls1GGezNZkBRJe0fQPdX96TKCPviWR
+p5ogGOXHOdoruRKieiuqJGGvg+nLMKSMSZHDBUyiSuhGqOQEqQP7TEYLXsrQfpoY
+A0/BRyIkbTsB9EyhYMP18GS7vorKfJYe+76nvLzAqWYFCV4JpR/DBSKcUiLbRVy2
+oQViaYGnk0W1WjpR9d9UvY+uDhNZJwI2gpWxOWBS0e+Hd0aRs/0erYZdYynnKqmU
+2PHNPcTjUAU5AbYUP86dYjSWTI7tkgvZVHloCWYUoCmKX/abzjrpvgHBIgmCi9Dt
+0J/OgfYUV5HpISX5pstOPbcnCmrnhhwTYZEmkibJN6QoNr4huB5ECbSQ0cxTdyF4
+ruBBMjOwEI8uCZ4WwajURIJOr8uPatD0+zPKMKYuphEqrnxIqRXbvZBalpia1o95
+YOtfR7RClvyQ58B4/CZPwug7FW4A5Vr8ylNYKl0fkPz7oiwxWkZBei11lQIDAQAB
+o4HKMIHHMB0GA1UdDgQWBBSVugZSd2jDJoE1oJh+IzJWtV60wzCBlwYDVR0jBIGP
+MIGMgBSVugZSd2jDJoE1oJh+IzJWtV60w6FepFwwWjEaMBgGA1UEAxMRQ29udGFp
 bmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAxDzANBgNVBAgTBlRhaXBlaTEPMA0G
-A1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUV4IUcokYvBeL/cw6X1huaaYmdBXSuGkw
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAhPbQgj0nsP5x49PpXuGI
-jHIYU2aNT7IJJBR56gMgQ9V8nuVnDmiL5CSrPki+X9R0gOZXAMptoVaHKZfVeyzA
-FyII/MjmPfRH8um2EP3tvSbzpPZJEVvXUrgq1ghR32b0Gs/DuCHdRF2fWWBgOKkv
-Fex1GqDgQSJYmBlumFNOI7G0oX5NZJ06Qx7h+OhH4oiIqa+i1vKuibp7dnDUj+Sm
-X/mkdjecbJ0p/edm5HAXQ71mtwQ2Pns78GqMRsO2McY843gQB38GpaAg/dX2ND3v
-HluC8uIm0hMi2ANP71tjLvykQEq3S2frUNqB8rq4XnQTLWyBd/swrY7g/u2TXanJ
-O3wc4NUpsFPNpdcsgsKmzhzrBYA+Zadi8c5rVUj/dVixenVRDMW1fb/QHcBfs10t
-66/sq+/cx9wMXfj+S108t+3Bt2zyaBHVcKSAxQZ1kvp8/LlSB0hvmx0m3gZeR8zi
-6kcyKcWgXSw55HwqthlhwUqFj0IqozqS+seOW8iKmqoWHsnnrjdEi71uaGWt9yWD
-4V27ywAtVrEWbq8jQAXqMKbWdHbfHOK4MaPvRh+AFQ1ura03rouEVO3D9cC617X2
-Qu3P2N0h8gewT0HTfUBFM2cnozjbi3iTroaUD9WlVJdfBgE+um4lAidQmJ3XRsC9
-uZED17rgqYtGJicYpjPutbc=
+A1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUV4IUdAhU4hnAkB2x7/pAxs4QqrlH13Mw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAE/XMNmFNW1U0lu6rx4TZ
+c9GM/Qal3poWcSEKhbH4hinyfGYLQ67hx9vtcBcbgNLqNjnZt0Tio9JnAcFEFFnT
+slCrpnQ9KrHUEDMPgStD2nvg33RkFK6OZdHSm0KxzX1HQFnFMc/HbBtvvx1rTLeC
+RHj4bpwoE00GtOKgvKUfahqRX0yOIsqwok5OBi+Z8BbiSZzLKAjVQ3C+yeu7xsVL
+5kRAIWG3orFJObOP9j9LyRRnzn8v3yUZ48w38oF2PD2l0notCMPDgWfst0T6RdCO
+lwrKqxTcC/4Y23Yz6LUJoWQH5W58cZo2KbH6X5PKbJYpuBxRQp1ShlQvnDxE8E/I
+Z9C3X8drxIw1aqFOHqAfPafEmMkVT0HMA0w6AhX84R2NGhtVaU8Rp+7bMKoU8It0
++HpFVrTyo8DrYUMkDVH8OHM/CxPDNM20DA6g/+pHij/EiL+5WF4ZixhpHe415sBn
+2D43OwSuvmF5XS0kWeQrsfTteUjjyMQXJ82DHn5jUmtzoQSbPEAzJvNL8dxS4deh
+kB/TzkEbCTbzZSPxZjWyf4x3ZwibHhxtz+21Vt1vUe+L6Dui6BBW28UEeLb4O04P
+zgHE8ULD/9Q3fivxABKSt2PgAz1fTD+ywFC4jbzbmI13BVbS6f3BcrL10Auy0KmP
+etHm3Irulez4LlRQOaH8wAU=
 -----END CERTIFICATE-----

.docker/cert.pem

@@ -1,30 +1,31 @@
 -----BEGIN CERTIFICATE-----
-MIIFHTCCAwWgAwIBAgIUfC79jDanWE2zTnPm0KYGWxMe/IAwDQYJKoZIhvcNAQEL
+MIIFXTCCA0WgAwIBAgIUX1k7YkWIPXHhz1JzwppSwHo2vZMwDQYJKoZIhvcNAQEL
 BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx
 DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe
-Fw0yNDA4MjgxMDEwMjRaFw0yNTA4MjgxMDEwMjRaMBExDzANBgNVBAMTBmNsaWVu
-dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKd37kOUV2OPP1Vn0jIg
-QKU36jB/P2S+LUCP7bdcPOAOHJCpaA7gUYOp03tYNMmVuVuN3Ul4MBWPTPqbSwrQ
-86poNUqM9h+6aHeFGrzRxn2C2vx02GqlzFl7QO7KX8Vnzi9xa763+R0bzy3fLGU7
-xUaevxf3sXCEpH117+2BNBci7oisMPvx538Tga16MVbsPivmH3mp/kAzfCAHhNek
-ZJq77bEHIFHIrdfvfw10w53u7OT8U9YEQAUsukw8Krr0usWVvQrpkFoOS1bgEu4x
-OGThml5IncEMcUtxoSMlJfm1sDBPoaIYvjbNhinMQWFQ1P1XNp8sJO66jHwCKLTQ
-puLtsp3N4Ems1C7lQj/g7A18r0/fd5fhNIeVm1ae7Z0CDhx3cbTUy4yeo7/Xwp/u
-f3n4wq8b3E1wnvL75CG05V5wTt4PY+nmtn46yDIlu6GvNTuC3NKnP2Lfso8AMVlb
-4B7x8YgBkLEWPICGxdPjMUVnyR4jOrXuKP7XrPYSJBSBLtqbYm52gA4AqWfAxDQa
-7wTMU1lriIbVuCQDnKL4SGF3o8ekoxkHUMHmy6E7vGjpFa4sgpqYhG6wbiU8/c3F
-F+HT0hNSo6zLVeYuILNEVOsGbSm41Nh74j87B/rahJYj6g7h3/KbzGhjhfmdyzeX
-we6wjWFn9cUvHpAuDaZMv4yzAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMC
-MAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAGtCJo5USHAGkZruDKZ/6
-oXEq6ti4xiLNeffo6Rnb1P6p5EbtZnJz1H47X4+4V2hCgIvjsrPBoKLr0NX7/3g8
-a+pIJj6OrHjKrJ/6wR0MOzi7MCuhHSYmgpm6a9PQTeZWlEWDUNMzryo+1yyZi7HV
-AzkR8QPFQkl497SvrPAdUXHjVf8mWAjEK44wldU3Wg7unqodCcSRkjCxXs5ffnfM
-Nvw7Tio1Ga0crPk3qBR+/FKQmhUw4TLGCBDmXhVDnkeOMPz63v78DuRCcg0aaMFr
-8gmsfDsK6JCR6q6pZuBdJ0sgY8pk7GuCDHg0PXOlEgsmG8LMLyWpBzlQ/Y5jWUEy
-vzaHjDg75ibqyDYj+S2YxCaFDfoaq5rXCqQ1qIphGGJ4sE8RXVCq4+4o0l99vq7a
-HGBRvinIF9+61zjsdYfKNB63YfjB5DvIK6srQnfn1jQGuOTG2WeGfoYYpq5KKD6j
-cLFwxwf8u76rFpBJaoR273CJdJrMFrvF0tLZ5ngmk4gIkUXMBhTeyElSIdw/3pV/
-L4YsdEV1Q17Va9RKcvYxhRLXfno5uuqRoz79Gue7XCKsM+GwjSAfv+EdyKdozabJ
-S1DPHSDqxyHzyLLVl260xYAD/jxdbETvvmKABcbiutvLh44OClI518nh4tE40q6z
-2HUNsYtVSl+bv5mRkTDzrkY=
+Fw0yNTA4MTMwMjM1NDFaFw0yNjA4MTMwMjM1NDFaMBExDzANBgNVBAMTBmNsaWVu
+dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ/Be4+vKxjdlM+CRtFv
+rlQSEx8lKr943FOPktxtV84oXnm0w+KiKPHNnJDupqh2TBjWnMvMNNZrdkrG5Ryz
+zhT3MjlAWAM9wfd20LSqxevLclFCZZEvyYjAKHFcw9Y7tGZeHvhCRZ08vIdTPwg8
+0JqZyOQH7uERvUGPZfZJicNcU7z9cJZXteRhZTJexwKDwt3MbROo43HSYxUXK378
+wB+lvN/hZ5WGd8hF89O9CyF24irLXKJq5gPkLf5+amhM9raEGtH5YL7KsOCAkyE4
+Rh3c9rmlxR9jQrpo0x6KA6qAXtM4A/FxTqWe5NSwKTeC+LCZgiNGLcj+wem2N9HI
+vyjmqEzYv5jmEp3eNXJhR+sKawitijdTouyb2aI5Q9kCtQXgAjYcI3bmfT0wFfE9
+Vb/RpJhf70QK3ZA8Ej1ZZngHEfyHUUDdxZvZeCzxv+8N4XeqThy878ljWl5kFeRT
+a/YMfYlQxW7F4usxT6p2QWKb7oq0AsmyKWby75XyUQTiZDoxbZNh9HZRouKAvxhd
+n9v0OKyrVAMEIx3g3fPJ+zMt43pcZQS6BHv+SucXf443wm094P8VpsO4s99xWXQI
+we4jF31jI4011HnOHJ/3p/c9aXco+2nEJN2MyV8tB0YO/v6aHjpsWdhJBVnybuf6
+WpgbF75KSZX1r0leUzxRCpCrAgMBAAGjZDBiMBMGA1UdJQQMMAoGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIHgDAdBgNVHQ4EFgQU/9dtJ1ThWEBazrAYHropGKATowkwHwYD
+VR0jBBgwFoAUlboGUndowyaBNaCYfiMyVrVetMMwDQYJKoZIhvcNAQELBQADggIB
+ABKl/jaCgvA++4XsIpdfUTj2zAKBtiENMTE/ih+oXq3j3Ks6FG+ok3kBBxfdW9Sw
+eInm3YzQR8Yq6i/tkxQWRHo9nLxsSNOznlT5Mx8CkC7QNoOi6oLE/L+vRfM0XnhB
+332immequMIgimnkNWZKb6AxItnCMuaNiaAYT1PXofcCdHQ+xXiIZksYqHv9eyyo
+vAObguto3zAJ5JTqZkq+BuOw4gLl7IJkqOxHby5rha1iNNFw1RM6QVUsADo4h7r6
+Ghh5lY6IBRy72TS6oIIz2FzdqW3QzSEWwy8uQ/DIAaCqcp8v9yPQBl4rqbziR8LW
+Jg1arhekJwivPgrvpGJyAAnsUYkaYiy4QtIq0XU/BauHpch3EEwbfajdjhiMtL0B
+fjfz8uc0HChzHlVYeGOHQqLAShjUNMPWFUxFg4uZV0Zr5JnaaWk5yR96zhKUa54Z
+SI4zAvmH1sB0zzSMwvNCfAdBxujVRjVZCy50l/OkAKZ+3twTtYRggr01Jbi7BVBH
+CUP9wBahk+JfDu/TYrs9eSjXhEHH7B4zfWjaYlq2DToV/aIY6gyuAJmz4VSoCHOp
+UqR51UzyWmaDW+Ktmj9HbhGk42dqrFwcPlmjlgOsXh6kCOP0mUBDY5Tp5TuqtCmI
+Re94OL/qIBTWLETAJxo9RbmjFJG3OJuw9be5fqGuqpF6
 -----END CERTIFICATE-----

.docker/key.pem

@@ -1,51 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEAp3fuQ5RXY48/VWfSMiBApTfqMH8/ZL4tQI/tt1w84A4ckKlo
-DuBRg6nTe1g0yZW5W43dSXgwFY9M+ptLCtDzqmg1Soz2H7pod4UavNHGfYLa/HTY
-aqXMWXtA7spfxWfOL3Frvrf5HRvPLd8sZTvFRp6/F/excISkfXXv7YE0FyLuiKww
-+/HnfxOBrXoxVuw+K+Yfean+QDN8IAeE16RkmrvtsQcgUcit1+9/DXTDne7s5PxT
-1gRABSy6TDwquvS6xZW9CumQWg5LVuAS7jE4ZOGaXkidwQxxS3GhIyUl+bWwME+h
-ohi+Ns2GKcxBYVDU/Vc2nywk7rqMfAIotNCm4u2ync3gSazULuVCP+DsDXyvT993
-l+E0h5WbVp7tnQIOHHdxtNTLjJ6jv9fCn+5/efjCrxvcTXCe8vvkIbTlXnBO3g9j
-6ea2fjrIMiW7oa81O4Lc0qc/Yt+yjwAxWVvgHvHxiAGQsRY8gIbF0+MxRWfJHiM6
-te4o/tes9hIkFIEu2ptibnaADgCpZ8DENBrvBMxTWWuIhtW4JAOcovhIYXejx6Sj
-GQdQwebLoTu8aOkVriyCmpiEbrBuJTz9zcUX4dPSE1KjrMtV5i4gs0RU6wZtKbjU
-2HviPzsH+tqEliPqDuHf8pvMaGOF+Z3LN5fB7rCNYWf1xS8ekC4Npky/jLMCAwEA
-AQKCAgEAi1oqs6VOipP6eZDowblA0bqTb0OTdrshYKXjgz6HkVFsx5uP8UEL02mP
-hwXA9zVVhi+oQah3KpmRzr9GVHvHJreMELr3WzN8Fmh19UUBzBMFMinwo93PC26a
-e5l+0/8q/SN+Krdf3a70WRFqGdsAr2ENVl5QEnbtgVCQE6v9snrozmWqZRvILGAI
-+lfBkrkGivT0oAKqhLXSxbw7+EzdQjy67yIk7Kj2r8akjIfq9xKHoYuuH1puA2BS
-rXkrfWKDwEJ3igsMiUN3wZS3a+kdKiTolSgLzUYTSFoHYf1Zek6Li8fXkdDRBz1C
-NKm4hcgDU8QsuYq8OMKWf+I0CTHOi5HyDPZzJ/FjXOT3UU6ZbSeCmBdM32Sp5d2V
-ovhg8Z5UGnNboqqjmMLCOHQlTKpm9Zw8NdOBlQQxFBColCV5EolJv08c6+ak+4zS
-qKrwc+UgyZUSgIqzdHjtQGmjr5wMqHbnUYBnqH/SISSnBMnRAsjSlAe1LPdlfOZE
-neyYTA7468OE01TmzftDqxponVMf2hygadwKOhIi9sNSmb6HKFWosmGM9hS+VPls
-6Z2W1azEcwJbEtClmY80QEz2NPT1ypRrxMKH2P4jxJJAdpbV4c7NM+RU6ORPM/UX
-gRHrdP7LOpZHbdnmg8jiQpSe444jz+szbW3BgOaFzWqumnpLcVECggEBANCLiUGu
-1M2+Am4JDs4Mm6uA4BxeQafk8Vv7RuMCcUQ9vcZmyhxSidYmljZ1GUQBBA9CrFZo
-NsRWRk629W7tdsBv9DHF9NnvOVStIr81WWVCV15sv5VxRUMv9YnEp7c9QQel/D9p
-mu7XOQv2HYIbUd3fumrN+iP13PBSswOgCaIzN9ldNDv71iCwLuFJf61+SkZl/swT
-swJ2DE2B7C2a7UpdHhDyKEwvc14u7wivjlylRfIOapm6imXVFOeBDirUCmmGJW7i
-r3Yfz9MLdh+47rIMC1J4wfJvTWxppQfqajkf2ZKps8/Ajwds9JdduwQxnovTKcUN
-W3KMvWphCNBnRUcCggEBAM2Tiv4KDPIvtZ9vFzCL/+GwE6aSXzObHa1q605ah45u
-SHsHhwffBXA/+J6jOyn5hHV54Te3SjyHzXGteWtlKRr3Mvr5ZdZxM9wApv3Hlfjw
-v0rnE8ltmraTBfaBAUws2WklYRQ2nHEowWprBZslYigMKTpUZSFJX2tSUXjSgneI
-yl3SdYdLzqMn01zWdhHDn93XBCHy2cHT+BRlvjZ7qWzl4lbnH7j1mp7MSD8L+YE6
-fT7nV9BU6vG1CO4UFZQJbXHVg6MVAsAKgH6HlEELmEMlf2VjkKYyUkFU1xj3tM1k
-m3gxd0NzA003bpPStGfkCAF8S9qbNQm9rYum9TCuozUCggEAKJtS8ZgyVZFu9bAL
-0vE/ioiAmuV7kU6R9KAb8G30Uh5Xin9PUW586lb/HsF0Vvp/qN0Jo5WNPHO0IvWb
-GqtgWR4zhVGPWLQtDKDdyC+CJaZiTr+MGnRA0VFQVTAWnCZwOCYI1OwiP+lmcT7O
-Bhx9t18t9EgBMelYyO7Bbq5F0fB5Knjsh9WEnz7PEgz2sHiLy+NmVqRrUcpcoObw
-bvzgwX8aMKCGWjdPFoK7BozwgneoA/bsqNxawHNaK63EbXB2So/VUB8RnUWaePSd
-XpXq3H5d4gQjd6pWgAqeGMl7P35FJjqnCYfsEb0UbzjQBoQG5CEM3BK6wLZI16Ln
-TXUeVwKCAQAMmbuOQK10dsoqIJQKTLp9ad56ekRNlHdoNsJ/hfsDFu1oZRi4ucnK
-jJE/n/+zXfDphnPwh1KMjUJhcmGb3JJ9baN5UKoWT8/+7ydNLNuba54+CBXlZcty
-32YhKt0afzFASaM+qu5B3V6lmDO6w7rVe5FXWu7r8GRh3qTRxA1tKDxHLew4Q8RB
-qeJBsX+BLT1ySoidUBZa1BRDo8zZ6BCFdT2/V+FQ4/T7QMg43RIJAr3EikeOpHXW
-JOOMPDzqWv2TWaP87f/CJ6KinsrOhdhqXTUG0Oh/11vFV17rz9sML9t7rYSC5NzR
-8dDcTLD0IT0AYk7/8j15AGBPzAcBWeL1AoIBAQC0Eyce64cEcISQoawCvZ8+tWf8
-Yv5iWXTVi0GPBGa16D0Kgy7MMPDBVWOHELGOTfrbc7eU+xdmXmE4r9pxW8g9V/lz
-rQj2quj8fmJQNCXuGGVxqTESOIrYc6wUBjfa+ciMOzs/8+3sZgi76MTzSEIu9i/k
-1HBYS6JbOOlRDq0EoPjL8dt8mXca3FiEAdxA+DfPiKQ80I8+7fXOoK1M8UwSVmYQ
-EUJypSyZkSRgv+eAPUw1PGA8hu62oUc9c+8tHp+o5MBjFmA3lIqLvA50GowlVi1q
-KSkmjKARkowUCEY0GQkL9sJrtF7I312k/wELypJInRuFzQzfhfdYXG0QsSHE
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCfwXuPrysY3ZTP
+gkbRb65UEhMfJSq/eNxTj5LcbVfOKF55tMPioijxzZyQ7qaodkwY1pzLzDTWa3ZK
+xuUcs84U9zI5QFgDPcH3dtC0qsXry3JRQmWRL8mIwChxXMPWO7RmXh74QkWdPLyH
+Uz8IPNCamcjkB+7hEb1Bj2X2SYnDXFO8/XCWV7XkYWUyXscCg8LdzG0TqONx0mMV
+Fyt+/MAfpbzf4WeVhnfIRfPTvQshduIqy1yiauYD5C3+fmpoTPa2hBrR+WC+yrDg
+gJMhOEYd3Pa5pcUfY0K6aNMeigOqgF7TOAPxcU6lnuTUsCk3gviwmYIjRi3I/sHp
+tjfRyL8o5qhM2L+Y5hKd3jVyYUfrCmsIrYo3U6Lsm9miOUPZArUF4AI2HCN25n09
+MBXxPVW/0aSYX+9ECt2QPBI9WWZ4BxH8h1FA3cWb2Xgs8b/vDeF3qk4cvO/JY1pe
+ZBXkU2v2DH2JUMVuxeLrMU+qdkFim+6KtALJsilm8u+V8lEE4mQ6MW2TYfR2UaLi
+gL8YXZ/b9Disq1QDBCMd4N3zyfszLeN6XGUEugR7/krnF3+ON8JtPeD/FabDuLPf
+cVl0CMHuIxd9YyONNdR5zhyf96f3PWl3KPtpxCTdjMlfLQdGDv7+mh46bFnYSQVZ
+8m7n+lqYGxe+SkmV9a9JXlM8UQqQqwIDAQABAoICABPVeSozFLYvGGEU6wbohyuv
+3Mjim+aOskf7jL+qIZsaPvR8QU+bU1sF7Hi/8Ff86+CvkGLq9OpkCBkrjVldZ2oJ
+8KXT+7lXSwQWr72mcBEgvo4hIKwAU1STitHcMwIfgnutFso6rBrj5gIlDy/OIRX4
+nszUwU8XHTiM/ZswsRZcmZbenkJEHHSAtQgmZS3GPwS7cxVcQ/SnKp79M+y9o3qq
+YIMpIGubeLaYHLf+genDMTwf6F3PyMPV6fHtLvfJCl5Jk2zbOawmTQRqYhnfOzFM
+9CLDVnBZqfirt/5UIzVhX6R4kWDB8QI18nIHdu6J56dBP7tyZI/ONTP3aAG3Gyhd
+yc9X4RDz8KMuZZddX6C3OmIunAjL65jYMnf0UFbFUvRW/UNC/uWojSiJi6oKx3m1
+N0VlrPJMia7ueTSFPdtiBcyutTW5JoYZT9UiVcH9mHqYAW3EbCwngeiENryiwS5x
+5Sa39GMv70kCmwXP7HmWYGbnaNaW/k/Za+d1tQyIYBwzGMv5BPTPgJHApO0saYWq
+FPko/DXDkRsK+U9s7gY4z70Dg9y3UMy3oQcLSuvXd1x3dM78LwhrZ/0Wkr+UQY4f
+Pp/QktQQCBjrGkboK/dFewhFRqPUqOY6KQns4+Em1FpoWHJz0jOGO4LN07ZeZX+C
+uoI/q+wX7k6NF2buy32NAoIBAQDhuohKX4+GUQOJCWI0HhXDdZguLOLgtRdnfJB0
+7Zy9SXlGI4jRVD3/wr0KjaKCWUbN5EmhYuPZQloH1kuTbIJDfCCfDwAfLfdJbS/a
+WGhFOF4QmjqYyIu9PaqfVkUklk24CguHWf93O/JPIuozuj4qOokvaPBTCfk93drP
+O0d9wvLxXCKDX5MdJ2D82kaMbBB0dvGGHqECu1n8S/i11k+lG/27zXTzBc5Z6fcL
+pQnglNPinzcFUw+b/jebvqfyYVsgGL1IVFs/PXl5F87W4T/NvfymRlV3qInXPveq
+buCJvZPngsGC0ZaCMG8gvs1oVGRXNPDV8PYaIPO0S++aXz+fAoIBAQC1Lgr7ASos
+mCV2Mypm7hTugz8p20usEclxnMsTeSQiQMERUQWZ5yEh6p7lOyw/omTjUDduit3H
+i2cHqYvpvPb6p+mT6NIv9kq5i4Rwz3RuABr8OpWUjqxszMz/h4sgHZd+o+TTR7As
+lBiWCG3sJwmsdf+7AkZ9uUnQ9BCiep5vixAey8N3TlY0RBdeFdA/xgB2yRHwEkMZ
+lsCCEE77vvmQTNlTVpE0C6/w78JeEWJtQkW/tc3CRCxZvDtI1/j4LyI9AWQ12PHI
+ZZsPxyofiZXd4C/q3nMyrbpK+3bp4RdD2/TUl5PF+VsrZw//d16bJxmQocDQ++z2
+dcs+xaapGGN1AoIBAQCagtBf+GGKE1JULzQlcKJ9FLWChf8WyV6n28AWCb/MYcq9
+k/1HLF7z/xzfaGvgxbONo8Iy0jocsSpnSuyYkSHph8Hcnqv6q8AlZrPmxbU6DId2
+3dtWUZA1jUyJnMffb3LrkxSpJZWUzFfki4W8urNqvH7DERXQAXe2PXJVf8JD93nM
+dMC7JGTTA+2DpvW7kQ0Ca5iPsc+MyymhZW9tKLGD11EriEuRPlwtd9U/B01niPgw
+m8NRxbVdlfoChdL4OmPh6I1IQVXkR/QqS32t4KmH75BNUL+YFKmlyNhGtXbFUhs3
+0W0cWtKncvfedjysOXglqXthNnt/DydCNuhfxusJAoIBACdvqzIxcbWdNGJDBtK6
+tdGovcHlmtYMVRWmtEk70BKol52mThrOxVZ1lDp/I8WCGoWj+zzTeyyo+jcfv3WU
+DQpILD5mqgGIkYFLjftkHIqo+Ta3pcFdQMi511EzdqP57PTCxdb7PqylW6ikkxCY
++rEQSiaxexh4kUmrJkfHet76nPqnDZfVdEwSGif/hYGsHoO8hmwD/Zj/SE3HMPn4
++qdfItrR9+8lMBm4hk0laZAwoa/16aCEaEbsAtd7MxUKZWB0AhT6cL5W52aKym9s
+6jMOTj/IRbjdObSCgcKsnPzHTsZLa/3mpeKPn1rS58PLwfPKUYbrnwuSXjf+m6Uo
+ytUCggEAfGt5I3vGt9teDhBNgHwx87TP6LxMi0eiTdo+Tv7aIt+EJcsK+rdVzr3l
+vTRemlbk3OOU2bat1i7IHuEFu9HIIw2S25sPTrFtHbR4Ux4i/wur3j69/3dOKmsZ
+V8hkZ4zJy5EarbwLg+tlGG8ikaEUuGgy1fxJ4OUOGiHDi+/GOR9Pox7T1oRwIjEI
+5RQXbtR9xI1SL1USGPWsR3CsqI64VNZyNZfWmt/1t6SzTmmshceo7c/72kMHopP8
+PkatcTLiMuTeXCuL4UIWaBKw4Y/aaxJCDDXFUNTryDkuZIxVyhQgvLpzucfRUH+t
+rz9TdKIcHTWfelGC5dFiuBW2cPo35w==
+-----END PRIVATE KEY-----

.idea/terraform.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="TerraformProjectSettings">
+    <option name="toolPath" value="c:\dev\tools\terraform.exe" />
+  </component>
+</project>

.terraform.lock.hcl

@@ -1,11 +1,12 @@
-# This file is maintained automatically by "terraform init".
+# This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 
-provider "registry.terraform.io/kreuzwerker/docker" {
+provider "registry.opentofu.org/kreuzwerker/docker" {
   version     = "3.0.2"
   constraints = "3.0.2"
   hashes = [
     "h1:DcRxJArfX6EiATluWeCBW7HoD6usz9fMoTK2U3dmyPk=",
+    "h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
     "zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
     "zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
     "zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",

_disabled/airsonic.tf

@@ -48,6 +48,11 @@ resource "docker_container" "airsonic" {
     type = "bind"
   }
 
+  volumes {
+    container_path = "/data"
+    volume_name = "truenas-arr"
+  }
+
   networks_advanced {
     name = docker_network.bridge.name
     ipv4_address = "192.168.2.83"

_disabled/authelia.tf

@@ -0,0 +1,47 @@
+data "docker_registry_image" "authelia" {
+  name = "authelia/authelia:latest"
+}
+
+resource "docker_image" "authelia" {
+  name = data.docker_registry_image.authelia.name
+  pull_triggers = [data.docker_registry_image.authelia.sha256_digest]
+}
+
+resource "docker_container" "authelia" {
+  image = docker_image.authelia.image_id
+  name = "authelia"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/secrets/JWT_SECRET",
+    "AUTHELIA_SESSION_SECRET_FILE=/secrets/SESSION_SECRET",
+    "AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/secrets/STORAGE_PASSWORD",
+    "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/secrets/STORAGE_ENCRYPTION_KEY"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.151"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/authelia/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/secrets"
+    source = "/share/appdata/authelia/secrets"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/autobrr.tf

@@ -0,0 +1,40 @@
+data "docker_registry_image" "autobrr" {
+  name = "ghcr.io/autobrr/autobrr:latest"
+}
+
+resource "docker_image" "autobrr" {
+  name = data.docker_registry_image.autobrr.name
+  pull_triggers = [data.docker_registry_image.autobrr.sha256_digest]
+}
+
+resource "docker_container" "autobrr" {
+  image = docker_image.autobrr.image_id
+  name = "autobrr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=999",
+    "PGID=321",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.148"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/autobrr"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/barcode_buddy.tf

@@ -0,0 +1,39 @@
+
+data "docker_registry_image" "barcode_buddy" {
+  name = "f0rc3/barcodebuddy:latest"
+}
+
+resource "docker_image" "barcode_buddy" {
+  name = data.docker_registry_image.barcode_buddy.name
+  pull_triggers = [data.docker_registry_image.barcode_buddy.sha256_digest]
+}
+
+
+resource "docker_container" "barcode_buddy" {
+  image = docker_image.barcode_buddy.image_id
+  name = "barcode_buddy"
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/barcode-buddy"
+    type = "bind"
+  }
+
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.150"
+  }
+}

_disabled/bazarr.tf

@@ -0,0 +1,49 @@
+data "docker_registry_image" "bazarr" {
+  name = "lscr.io/linuxserver/bazarr:latest"
+}
+
+resource "docker_image" "bazarr" {
+  name = data.docker_registry_image.bazarr.name
+  pull_triggers = [data.docker_registry_image.bazarr.sha256_digest]
+}
+
+resource "docker_container" "bazarr" {
+  image = docker_image.bazarr.image_id
+  name = "bazarr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=1000",
+    "PGID=1000",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.152"
+  }
+
+  networks_advanced {
+    name = docker_network.whisper-asr.name
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/bazarr"
+    type = "bind"
+  }
+
+  volumes {
+    container_path = "/data"
+    volume_name = "truenas-arr"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/brother-printer-webhook.tf

@@ -0,0 +1,29 @@
+
+data "docker_registry_image" "brother-printer-webhook" {
+  name = "gitea.rescla.me/rescla/brother-printer-webhook:latest"
+}
+
+resource "docker_image" "brother-printer-webhook" {
+  name = data.docker_registry_image.brother-printer-webhook.name
+  pull_triggers = [data.docker_registry_image.brother-printer-webhook.sha256_digest]
+}
+
+
+resource "docker_container" "brother-printer-webhook" {
+  image    = docker_image.brother-printer-webhook.image_id
+  name     = "brother-printer-webhook"
+  hostname = "brother-printer-webhook"
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.grocy.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/freshrss.tf

@@ -11,7 +11,7 @@ resource "docker_container" "freshrss" {
   image = docker_image.freshrss.image_id
   name = "freshrss"
   restart = "always"
-  env = ["TZ=Europe/Paris", "CRON_MIN=1,31", "OIDC_ENABLED=0", "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.xz1.nl --db-base freshrss --db-host 192.168.2.127 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en", "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"]
+  env = ["TZ=Europe/Paris", "CRON_MIN=1,31", "OIDC_ENABLED=0", "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.xz1.nl --db-base freshrss --db-host 192.168.3.24 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en", "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"]
   mounts {
     target = "/var/www/FreshRSS/data"
     source = "/share/appdata/freshrss/data"

_disabled/home-assistant.tf

@@ -5,6 +5,11 @@ data "docker_registry_image" "home-assistant" {
 resource "docker_image" "home-assistant" {
   name = data.docker_registry_image.home-assistant.name
   pull_triggers = [data.docker_registry_image.home-assistant.sha256_digest]
+
+  # Try to preserve the docker image before removing the container
+  # lifecycle {
+  #   create_before_destroy = true
+  # }
 }
 
 resource "docker_container" "home-assistant" {

_disabled/jellyfin.tf

@@ -38,16 +38,9 @@ resource "docker_container" "jellyfin" {
   }
 
   # https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
-  mounts {
-    target = "/media"
-    source = "/share/datarr/media"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/media-hdd"
-    source = "/share/datarr-hdd/media"
-    type = "bind"
+  volumes {
+    container_path = "/datarr"
+    volume_name = "truenas-arr"
   }
 
   devices {

_disabled/readarr.tf

@@ -0,0 +1,45 @@
+data "docker_registry_image" "readarr" {
+  name = "ghcr.io/hotio/readarr"
+}
+
+resource "docker_image" "readarr" {
+  name = data.docker_registry_image.readarr.name
+  pull_triggers = [data.docker_registry_image.readarr.sha256_digest]
+}
+
+resource "docker_container" "readarr" {
+  image = docker_image.readarr.image_id
+  name = "readarr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=888",
+    "PGID=321",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.147"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/readarr"
+    type = "bind"
+  }
+
+  volumes {
+    container_path = "/data"
+    volume_name = "truenas-arr"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/redis.tf

@@ -0,0 +1,46 @@
+data "docker_registry_image" "redis" {
+  name = "redis:latest"
+}
+
+resource "docker_image" "redis" {
+  name = data.docker_registry_image.redis.name
+  pull_triggers = [data.docker_registry_image.redis.sha256_digest]
+}
+
+resource "docker_network" "redis" {
+  name = "redis"
+}
+
+resource "docker_container" "redis" {
+  image = docker_image.redis.image_id
+  name = "redis"
+
+  command = [
+    "redis-server",
+    "/data/redis.conf",
+    "--save 900 1",
+    "--appendonly yes",
+    "--appendfilename \"appendonly.aof\"",
+    "--dir \"/data\"",
+    "--requirepass uM7A2HCZTClCmHDQ3jJ"
+
+  ]
+  mounts {
+    target = "/data"
+    source = "/share/appdata/redis"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.redis.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/scholarsome.tf

@@ -0,0 +1,66 @@
+data "docker_registry_image" "scholarsome" {
+  name = "hwgilbert16/scholarsome:latest"
+}
+
+resource "docker_image" "scholarsome" {
+  name = data.docker_registry_image.scholarsome.name
+  pull_triggers = [data.docker_registry_image.scholarsome.sha256_digest]
+}
+
+resource "docker_container" "scholarsome" {
+  image = docker_image.scholarsome.image_id
+  name = "scholarsome"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "NODE_ENV=production",
+    "DATABASE_URL=mysql://scholarsome:NJu2K9CtZvMEUSgq3RE@mariadb:3306/scholarsome",
+    "JWT_SECRET=S4BABnlPSHLppWp2QWR",
+    "REDIS_HOST=redis",
+    "REDIS_PORT=6379",
+    "REDIS_USERNAME=scholarsome",
+    "REDIS_PASSWORD=VHSppvx8oDChknLbpBh",
+    "STORAGE_TYPE=local",
+    "STORAGE_LOCAL_DIR=/data",
+    "SMTP_HOST=mail.smtp2go.com",
+    "SMTP_PORT=2525",
+    "SMTP_USERNAME=scholarsome@xz1.nl",
+    "SMTP_PASSWORD=FhZ3nX5bJWcYH7Tq",
+    "HOST=scholarsome.rescla.me",
+    "HTTP_PORT=3333"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.149"
+  }
+
+  networks_advanced {
+    name = docker_network.mariadb.name
+  }
+
+  networks_advanced {
+    name = docker_network.redis.name
+  }
+
+  mounts {
+    target = "/data"
+    source = "/share/appdata/scholarsome"
+    type = "bind"
+  }
+
+  // Untested
+  depends_on = [
+    docker_container.mariadb,
+    docker_container.redis
+  ]
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/tdarr.tf

@@ -0,0 +1,58 @@
+data "docker_registry_image" "tdarr" {
+  name = "tdarr/tdarr:latest"
+}
+
+resource "docker_image" "tdarr" {
+  name = data.docker_registry_image.tdarr.name
+  pull_triggers = [data.docker_registry_image.tdarr.sha256_digest]
+}
+
+resource "docker_container" "tdarr" {
+  image = docker_image.tdarr.image_id
+  name = "tdarr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=444",
+    "PGID=321",
+    "UMASK=002"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.134"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/tdarr/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/cache"
+    source = "/share/appdata/tdarr/cache"
+    type = "bind"
+  }
+
+  # https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
+  volumes {
+    container_path = "/datarr"
+    volume_name = "truenas-arr"
+  }
+
+  devices {
+    host_path = "/dev/dri/renderD128"
+    container_path = "/dev/dri/renderD128"
+    permissions = "rwm"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/whisper-asr.tf

@@ -0,0 +1,36 @@
+data "docker_registry_image" "whisper-asr" {
+  name = "onerahmet/openai-whisper-asr-webservice:latest"
+}
+
+resource "docker_image" "whisper-asr" {
+  name = data.docker_registry_image.whisper-asr.name
+  pull_triggers = [data.docker_registry_image.whisper-asr.sha256_digest]
+}
+
+resource "docker_network" "whisper-asr" {
+  name = "whisper-asr"
+}
+
+resource "docker_container" "whisper-asr" {
+  image = docker_image.whisper-asr.image_id
+  name = "whisper-asr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "ASR_MODEL=base",
+    "ASR_ENGINE=openai_whisper",
+  ]
+
+  networks_advanced {
+    name = docker_network.whisper-asr.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/.docker/ca.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+DCCAeCgAwIBAgIUQifQlQiFfb3+C9S/ioDdmLqzpykwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJRG9ja2VyLUNBMB4XDTI1MDQyMDEzNDIwM1oXDTI2MDQy
+MDEzNDIwM1owFDESMBAGA1UEAwwJRG9ja2VyLUNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA0M5kRHJlQvXRnsCEbd0wH45phnJUwK6MB+Osg5smx8I/
+nCMKPVIMPfMGkQiA4uGPLiArfdxM8EDSpuxNRq4AoHnsCmVkHb2z0Jr0NG8Ojo/H
+/zb2EbA2s6ULoVVVHl+YqvWdyxocbvO8k06B8JWo8O5t9jdD3VJnd10m3Q/3U9Ms
+yLe+XSm2w1mBwYy6+5sRgDPsptTxa7k4lZIH2H6Xb7rPgIQxgPabIDXASBPdHD5x
+tsBRTQvc/n1iCo33aFBH6GHIMINSKtJLPAXG9uHqaYQzCkrBEIpLT+wNJ9DV22kI
+PCgk4JHj1W2tnE7gTui8I4z8UGtpgK9V+SCTDPC7VQIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJI5YNo15YDQyLGX8
+TY3za1cMrhcwDQYJKoZIhvcNAQELBQADggEBAA+Xmoc5q/iGcQZvKijqweWh2wFG
+uRH7ITi/lIBVqR+TGzr4p/q/NsW9qZPuLmrcFocIuR0XgMSAuyrfyFK/G+9ReF4g
+YVnzsYJDgCEkxQTQXfcnhj3ZqANFIqjFzn9Txw+7bysdY98gxQ3oD5omk7qdE04D
+idmGol6GY/PRhncAeU23cKAC6/QcrK3CJtArq0ZGiI3BWuCKOMPuYxvyAMdcsEh0
+MKV3fSesgvW1n/hlwbT/QnXJeAUzbxOl7yE7oI5reDS2Ay9S93R/cM4n84c6FeTw
+b1qq0x9Jqy7L7p5QwP9OpBQhfcu1q2wQ4OpIb4fkoNpTKAtrnOGdxJh/iOU=
+-----END CERTIFICATE-----

core-os-podman/.docker/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDzCCAfegAwIBAgIUM96AXB5F2mKW3i5msm8VwLKYgBQwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJRG9ja2VyLUNBMB4XDTI1MDQyMDEzNDIwM1oXDTI2MDQy
+MDEzNDIwM1owFDESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAoLAdb+g4mMvUZfZ9PHcd4Z6yiaUdi+TPKphQov+NtnU9
+qAqoYOWTLhYW6P1OeSMwaKnYdRVvafajk2mXFPbcgpMnd1eE+jutrAgE+9a9zqfS
+nSFFloqlHA75GpAbS5cB5Xvaj5mBMItMdfi34t/j4V8VHpLqV7obVHoMHtQwf0aY
+LLuCADMtW3XnWyNzL/yKN+HpyCDMIhm98csC6HTi1gHrSCkDlV5hhwQ6QyQ1gPbu
+3/XxGTyYTgjFGfY8PsMBzR8+VZDTR1edu/2+ofBgjy7FR8njcxwa4l2FrhRr3bLx
+o8mtbxUY1QJE11BwpEBApXtobIptkt6b1aEjpc14nwIDAQABo1kwVzAVBgNVHREE
+DjAMhwR/AAABhwSsFADPMB0GA1UdDgQWBBRKx6l7qTFRQTzjcOXH+p3ao/2vnzAf
+BgNVHSMEGDAWgBQkjlg2jXlgNDIsZfxNjfNrVwyuFzANBgkqhkiG9w0BAQsFAAOC
+AQEALHEYeN128jMCm02Xwig8kOJmFOs9Ih0nS5aJXyX8ClzLGPA1HLN9ljOVX9y0
+dcP2VwNkenNTBJsmU1YvTedBwWGVzJ1/7fZoNQwPzjMM4cvnygvZRy73ck8b2zLg
+oL+4cfNOcsdg+AWKJAcCwWU1ZzHgr5F7Ky9OKS1VfAanG0uRdCahuZoJqB05wdUH
+I2PxKEcgj55DS35tVEHxvlSsn+qft85+iRdWwgwJEsnFnjI7qNlrEl9m6ZUjSX1Z
+rxxn4L0SW2586BcIlj27CRvzm9n2BC51paoqvJ3u5VYQztGf/IQWdyIpjSeEZ2sN
+pI7c2e0HUIu9kXg1y1Nah4AF2g==
+-----END CERTIFICATE-----

core-os-podman/.docker/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgsB1v6DiYy9Rl
+9n08dx3hnrKJpR2L5M8qmFCi/422dT2oCqhg5ZMuFhbo/U55IzBoqdh1FW9p9qOT
+aZcU9tyCkyd3V4T6O62sCAT71r3Op9KdIUWWiqUcDvkakBtLlwHle9qPmYEwi0x1
++Lfi3+PhXxUekupXuhtUegwe1DB/Rpgsu4IAMy1bdedbI3Mv/Io34enIIMwiGb3x
+ywLodOLWAetIKQOVXmGHBDpDJDWA9u7f9fEZPJhOCMUZ9jw+wwHNHz5VkNNHV527
+/b6h8GCPLsVHyeNzHBriXYWuFGvdsvGjya1vFRjVAkTXUHCkQECle2hsim2S3pvV
+oSOlzXifAgMBAAECggEAIjsCOlmk3N/nAkWNDjlt0ydkbzAOaEO44iEKZH6+KJU3
+KjoC/olJXjL0dHOpqOKXKGSuKNsFHfSdigSfW6bu+J3ydVjeihP2fkRDE4b+biyQ
+EEsLMPOeEqkZ5c+3ENY9YC6PM7IGtFmoUyVFvv3k5JjFvfqcE04hDlDljhezsRj4
+2fTG5vHOC/rtVRxov5Fy2rL33+bRBKkZ3CTku2H306/3A0Qgml1/4HwzrMD9FpSM
+K27tHGKKb4u4iXxpSAMvHt2uZR/DFe8n4MnIvWFTeIaYRnXwHLUAMSKhhKFOA4BU
+6juksZ9quU5awKI1l0k+j+7zJP9v+HGULiK52v5XmQKBgQDiPqEQu4nP35HrslNY
+hUWRZfkcqfKaT45iSeNLrB2LcWNobE52pWdhb6UUvnrzcBZGL4EKgt+wxg/idPJU
+FUYgGS0tGRgsSbJ5HURpoaTz1LMgPpDYbWegZgfcbnluhrWDQ3AAUtkh53B+K/ZM
+M4GaxY98C1/1Lq2ZgI9p3U11ywKBgQC10kZcluOfD23L8kZcWYQK/S/+FFuLAP1B
+tG8GdsSIfKmcRPUo3UvNuGwblJodYcSSUZlAq5pyLI93L+rc81Sqp6ne3l0uELFN
+xNDP0Wf/BamjEq5CerER1cjlWggxFvz7wtO1fD5g8CdLD6xlp8IUZ9fFEQFOBGiF
+gCmVATZN/QKBgDDXXGYEVmft186OHLgLbU1KOlEZzynI6vAFC3CWo3oq7E7qsrWi
+V4MNWxHzXQ+YrvZP4wel4SyEVYGJxZapUQ404S/PLwzAjCrhSpeTMc0BqfnYB+Tx
+GWHjJOdNYiGeKyk/MbqgKAfNstdKHk2tANmstKEOw5Rmk0uEGXG9OK+pAoGAfbJX
+2EysIdttwW/FerSb12j/07xJKQjPDKxrkOFsrxrXuuPlRJHwhND5U/vgq21akvj8
+ZLv9su7hY7lpucQzBSOSCTRa4KzDlor4/KK9LY3Bn64bcHQXk8fi8cPTI/TLglVH
+PREeoq+Dyp2URla6kpbTkTZXW5MqmxhmJs/GthUCgYA8sqcJ3wrEyUreAkFRPmHg
+0g5T+TAn36bMotOVo1bcssGZ5lPdL9ovkGdCnihaA2JM2ARNr7mAjBBRnZqGMJmJ
++yQKv9crpXpgXek6T7fJL9rB1QHfNs5B5ML3zEaXXQEdVNZ2d+kVWIK0vahEKCzI
++KbMyrLmU3OK5Uw8j1BYyg==
+-----END PRIVATE KEY-----

core-os-podman/.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/kreuzwerker/docker" {
+  version     = "3.6.2"
+  constraints = "3.6.2"
+  hashes = [
+    "h1:1K3j0xUY2D0+E+DBDQc6k1u6Al9MkuNWrIC9rnvwFSM=",
+    "h1:sbdKCURC0XeBU6kPVfj24w7mtZtKbuibaqxtZEZ4bjU=",
+    "zh:22b51a8fb63481d290bdad9a221bc8c9e45d66d1a0cd45beed3f3627bf1debd8",
+    "zh:2b902eb80a1ae033af1135cc165d192668820a7f8ea15beb5472f811c18bea1f",
+    "zh:57815dcea28aedb86ed33924cd186aaee8bd31670bd78437a2a2daf2b00ce2ae",
+    "zh:583af9c6fe7e3bfc04f50aec046a9b4f98b7eddd6d1e143454e5d06a66afcf87",
+    "zh:80f8cba54f639a53c4d7714edb7246064b7f4f48ba93a70f18c914d656d799db",
+    "zh:894709f0c393c4ee91fdb849128e7f0bce688f293cd1643a6d4e39c842367278",
+    "zh:a91b41dbcb203d6dae2bb72b98c4c21c41255026b35df01895882784c4650071",
+    "zh:aec40a8157aae093412a1fb9a71ab2bea370db152e285c2d81e37ed378444b9c",
+    "zh:b87d7def2485dde6e57723c1265158f371440a8a84954c9fdb0580cf89de66bf",
+    "zh:b9dc243200ad9cd00250cb8c793ecea4ee3c57a121faf8efdb289f30008b5778",
+    "zh:dcb103831db6d3ef95468685cd104be3928793996542a1f675dc34a2ce67951d",
+    "zh:e59b4a0f2b5881016896d4417b1ab2fb87f34450663efeb01f3bcf7c3606fbbb",
+    "zh:fbd068c01114f0712578cf02f363b5521338ab1befedddf7090da532298b43d0",
+  ]
+}

core-os-podman/_disabled/haproxy.tf

@@ -0,0 +1,36 @@
+data "docker_registry_image" "haproxy" {
+  name = "haproxy:latest"
+}
+
+resource "docker_image" "haproxy" {
+  name = data.docker_registry_image.haproxy.name
+  pull_triggers = [data.docker_registry_image.haproxy.sha256_digest]
+}
+
+resource "docker_container" "haproxy" {
+  image = docker_image.haproxy.image_id
+  name = "haproxy"
+  restart = "always"
+
+  mounts {
+    target = "/usr/local/etc/haproxy/haproxy.cfg"
+    source = "/mnt/appdata/haproxy/haproxy.cfg"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.19"
+  }
+
+  networks_advanced {
+    name = docker_network.ip6net.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_disabled/resilio.tf

@@ -0,0 +1,52 @@
+data "docker_registry_image" "resilio-sync" {
+  name = "lscr.io/linuxserver/resilio-sync:latest"
+}
+
+resource "docker_image" "resilio-sync" {
+  name = data.docker_registry_image.resilio-sync.name
+  pull_triggers = [data.docker_registry_image.resilio-sync.sha256_digest]
+}
+
+resource "docker_container" "resilio-sync" {
+  image = docker_image.resilio-sync.image_id
+  name = "resilio-sync"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=556",
+    "PGID=321",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.18"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/resilio"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/sync"
+    source = "/mnt/datarr/resilio/sync"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/downloads"
+    source = "/mnt/datarr/resilio/downloads"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_disabled/solidtime.tf

@@ -0,0 +1,90 @@
+data "docker_registry_image" "solidtime" {
+  name = "solidtime/solidtime:latest"
+}
+
+resource "docker_image" "solidtime" {
+  name = data.docker_registry_image.solidtime.name
+  pull_triggers = [data.docker_registry_image.solidtime.sha256_digest]
+}
+
+resource "docker_network" "solidtime" {
+  name = "solidtime"
+}
+
+
+resource "docker_container" "solidtime-app" {
+  image = docker_image.solidtime.image_id
+  name = "solidtime-app"
+  hostname = "solidtime"
+
+  env = [
+    "CONTAINER_MODE=http",
+    "APP_URL=https://solidtime.rescla.me",
+    "APP_FORCE_HTTPS=true",
+    "CONTAINER_MODE=worker",
+    "SUPER_ADMINS=solidtime@xz1.nl",
+    "DB_HOST=192.168.2.127",
+    "DB_PORT=5432",
+    "DB_DATABASE=solidtime",
+    "DB_USERNAME=solidtime",
+    "DB_USERNAME=solidtime",
+  ]
+
+  mounts {
+    target = "app-storage:/var/www/html/storage"
+    source = "/var/lib/containers/solidtime"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.17"
+  }
+
+  networks_advanced {
+    name = docker_network.solidtime.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "solidtime-queue" {
+  image = docker_image.solidtime.image_id
+  name = "solidtime-queue"
+
+  env = [
+
+    "WORKER_COMMAND=php /var/www/html/artisan queue:work"
+  ]
+
+  mounts {
+    target = "app-storage:/var/www/html/storage"
+    source = "/var/lib/containers/solidtime"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.17"
+  }
+
+  networks_advanced {
+    name = docker_network.solidtime.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_ollama_test/ollama.tf

@@ -0,0 +1,35 @@
+data "docker_registry_image" "ollama" {
+  name = "ollama/ollama"
+}
+
+resource "docker_image" "ollama" {
+  name = data.docker_registry_image.ollama.name
+  pull_triggers = [data.docker_registry_image.ollama.sha256_digest]
+}
+
+resource "docker_network" "ollama" {
+  name = "ollama"
+}
+
+resource "docker_container" "ollama" {
+  image = docker_image.ollama.image_id
+  name = "ollama"
+  restart = "always"
+
+  mounts {
+    target = "/root/.ollama"
+    source = "/mnt/appdata/ollama"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.ollama.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_ollama_test/open-webui.tf

@@ -0,0 +1,41 @@
+data "docker_registry_image" "open-webui" {
+  name = "ghcr.io/open-webui/open-webui:main"
+}
+
+resource "docker_image" "open-webui" {
+  name = data.docker_registry_image.open-webui.name
+  pull_triggers = [data.docker_registry_image.open-webui.sha256_digest]
+}
+
+
+resource "docker_container" "open-webui" {
+  image = docker_image.open-webui.image_id
+  name = "open-webui"
+  restart = "always"
+
+  env = [
+    "OLLAMA_BASE_URL=http://ollama:11434"
+  ]
+
+  mounts {
+    target = "/app/backend/data"
+    source = "/var/lib/containers/open-webui"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.ollama.name
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.14"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/audiobookshelf.tf

@@ -0,0 +1,49 @@
+data "docker_registry_image" "audiobookshelf" {
+  name = "ghcr.io/advplyr/audiobookshelf:latest"
+}
+
+resource "docker_image" "audiobookshelf" {
+  name = data.docker_registry_image.audiobookshelf.name
+  pull_triggers = [data.docker_registry_image.audiobookshelf.sha256_digest]
+}
+
+resource "docker_container" "audiobookshelf" {
+  image = docker_image.audiobookshelf.image_id
+  name = "audiobookshelf"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.20"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/audiobookshelf/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/metadata"
+    source = "/var/lib/containers/audiobookshelf/metadata"
+    type = "bind"
+  }
+
+  volumes {
+    container_path = "/truenas-arr"
+    volume_name = docker_volume.truenas-arr.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/configarr.tf

@@ -0,0 +1,45 @@
+data "docker_registry_image" "configarr" {
+  name = "ghcr.io/raydak-labs/configarr:latest"
+}
+
+resource "docker_image" "configarr" {
+  name = data.docker_registry_image.configarr.name
+  pull_triggers = [data.docker_registry_image.configarr.sha256_digest]
+}
+
+resource "docker_container" "configarr" {
+  image = docker_image.configarr.image_id
+  name = "configarr"
+
+  log_driver = "local"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/app/config"
+    source = "/var/lib/containers/configarr/config"
+    type = "bind"
+  }
+
+
+  mounts {
+    target = "/app/cfs"
+    source = "/var/lib/containers/configarr/cfs"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/app/templates"
+    source = "/var/lib/containers/configarr/templates"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/deluge.tf

@@ -12,6 +12,9 @@ resource "docker_container" "deluge" {
   name = "deluge"
   restart = "always"
 
+  memory = 1000
+  memory_swap = 1000
+
   log_driver = "local"
 
   env = [
@@ -20,23 +23,23 @@ resource "docker_container" "deluge" {
     "UMASK=002"
   ]
 
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.137"
-  }
+  network_mode = "container:gluetun"
 
   mounts {
     target = "/config"
-    source = "/share/appdata/deluge"
+    source = "/var/lib/containers/deluge"
     type = "bind"
   }
 
-  mounts {
-    target = "/data/torrents"
-    source = "/share/datarr/torrents"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
+  depends_on = [
+    docker_container.gluetun
+  ]
+
   lifecycle {
     ignore_changes = [
       ulimit,

core-os-podman/dockerx-proxmox.bat

@@ -0,0 +1,6 @@
+docker ^
+  --tlsverify ^
+  -H=172.20.0.207:2375 ^
+  --tlscacert=.docker\ca.pem ^
+  --tlscert=.docker\cert.pem ^
+  --tlskey=.docker\key.pem %*

core-os-podman/dockerx-proxmox.sh

@@ -0,0 +1,6 @@
+docker ^
+  --tlsverify ^
+  -H=172.20.0.207:2375 ^
+  --tlscacert=.docker\ca.pem ^
+  --tlscert=.docker\cert.pem ^
+  --tlskey=.docker\key.pem %*

core-os-podman/dozzle-podman.tf

@@ -0,0 +1,33 @@
+data "docker_registry_image" "dozzle" {
+  name = "amir20/dozzle:latest"
+}
+
+resource "docker_image" "dozzle" {
+  name = data.docker_registry_image.dozzle.name
+  pull_triggers = [data.docker_registry_image.dozzle.sha256_digest]
+}
+
+resource "docker_container" "dozzle" {
+  image = docker_image.dozzle.image_id
+  name = "dozzle"
+  restart = "always"
+
+  mounts {
+    target = "/var/run/docker.sock"
+    source = "/var/run/docker.sock"
+    type = "bind"
+    read_only = true
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.10"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/elasticsearch.tf

@@ -0,0 +1,48 @@
+data "docker_registry_image" "elasticsearch" {
+  name = "docker.elastic.co/elasticsearch/elasticsearch-wolfi:9.1.5"
+}
+
+resource "docker_image" "elasticsearch" {
+  name = data.docker_registry_image.elasticsearch.name
+  pull_triggers = [data.docker_registry_image.elasticsearch.sha256_digest]
+}
+
+resource "docker_container" "elasticsearch" {
+  image = docker_image.elasticsearch.image_id
+  name = "elasticsearch"
+
+  restart = "always"
+
+  memory = 5000
+  memory_swap = 5000
+
+  mounts {
+    target = "/usr/share/elasticsearch/data"
+    source = "/var/lib/containers/elasticsearch/data"
+    type = "bind"
+  }
+
+  # mounts {
+  #   target = "/usr/share/elasticsearch/config"
+  #   source = "/var/lib/containers/elasticsearch/config"
+  #   type = "bind"
+  # }
+
+  mounts {
+    target = "/usr/share/elasticsearch/log"
+    source = "/var/lib/containers/elasticsearch/log"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.46"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/fail2ban.tf

@@ -0,0 +1,51 @@
+data "docker_registry_image" "fail2ban" {
+  name = "linuxserver/fail2ban:latest"
+}
+
+resource "docker_image" "fail2ban" {
+  name = data.docker_registry_image.fail2ban.name
+  pull_triggers = [data.docker_registry_image.fail2ban.sha256_digest]
+}
+
+resource "docker_container" "fail2ban" {
+  image = docker_image.fail2ban.image_id
+  name = "fail2ban"
+  restart = "always"
+
+  capabilities {
+    add = ["CAP_NET_ADMIN", "CAP_NET_RAW"]
+  }
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/fail2ban/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/log"
+    source = "/var/log"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/remotelogs/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+    read_only = true
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/freshrss.tf

@@ -0,0 +1,44 @@
+data "docker_registry_image" "freshrss" {
+  name = "freshrss/freshrss:latest"
+}
+
+resource "docker_image" "freshrss" {
+  name = data.docker_registry_image.freshrss.name
+  pull_triggers = [data.docker_registry_image.freshrss.sha256_digest]
+}
+
+resource "docker_container" "freshrss" {
+  image = docker_image.freshrss.image_id
+  name = "freshrss"
+  restart = "always"
+  env = [
+    "TZ=Europe/Amsterdam",
+    "CRON_MIN=1,31",
+    "OIDC_ENABLED=0",
+    "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.rescla.me --db-base freshrss --db-host 192.168.3.24 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en",
+    "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"
+  ]
+
+  mounts {
+    target = "/var/www/FreshRSS/data"
+    source = "/var/lib/containers/freshrss/data"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/www/FreshRSS/extensions"
+    source = "/var/lib/containers/freshrss/extensions"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.45"
+  }
+}

core-os-podman/gitea.tf

@@ -17,7 +17,7 @@ resource "docker_container" "gitea" {
 
   env = [
     "GITEA__database__DB_TYPE=mysql",
-    "GITEA__database__HOST=192.168.2.127:3306",
+    "GITEA__database__HOST=192.168.3.24:3306",
     "GITEA__database__NAME=gitea",
     "GITEA__database__USER=gitea",
     "GITEA__database__PASSWD=3uM4kBGaNQDo3tsRa9Nh",
@@ -27,13 +27,13 @@ resource "docker_container" "gitea" {
 
   mounts {
     target = "/var/lib/gitea"
-    source = "/share/appdata/gitea/data"
+    source = "/var/lib/containers/gitea/data"
     type = "bind"
   }
 
   mounts {
     target = "/etc/gitea"
-    source = "/share/appdata/gitea/config"
+    source = "/var/lib/containers/gitea/config"
     type = "bind"
   }
 
@@ -52,7 +52,7 @@ resource "docker_container" "gitea" {
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.131"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.25"
   }
 }

core-os-podman/gluetun.tf

@@ -0,0 +1,63 @@
+data "docker_registry_image" "gluetun" {
+  name = "qmcgaw/gluetun:latest"
+}
+
+resource "docker_image" "gluetun" {
+  name = data.docker_registry_image.gluetun.name
+  pull_triggers = [data.docker_registry_image.gluetun.sha256_digest]
+}
+
+resource "docker_container" "gluetun" {
+  image = docker_image.gluetun.image_id
+  name = "gluetun"
+  hostname = "proxy"
+
+  capabilities {
+    add = ["CAP_NET_ADMIN"]
+  }
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "VPN_SERVICE_PROVIDER=airvpn",
+    "VPN_TYPE=wireguard",
+    "WIREGUARD_PRIVATE_KEY=AMh4GiVDxxCv0xqUeNHW+koQAGAsC2ZrMkTc/aQJLWM=",
+    "WIREGUARD_PRESHARED_KEY=PI5KBRmurT3M+s9jrKQGxQXk8dMmmqLFhCFCH19ttBo=",
+    "WIREGUARD_ADDRESSES=10.159.242.252/32",
+    "FIREWALL_VPN_INPUT_PORTS=47836",
+    "SERVER_COUNTRIES=Netherlands",
+
+    # 8112 = Deluge
+    "FIREWALL_INPUT_PORTS=8112"
+  ]
+
+  devices {
+    host_path = "/dev/net/tun"
+    container_path = "/dev/net/tun"
+    permissions = "rwm"
+  }
+
+  mounts {
+    target = "/gluetun/config"
+    source = "/var/lib/containers/gluetun"
+    type = "bind"
+  }
+
+  privileged = true
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.27"
+  }
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/goaccess.tf_disabled

@@ -0,0 +1,52 @@
+data "docker_registry_image" "goaccess" {
+  name = "allinurl/goaccess:latest"
+}
+
+resource "docker_image" "goaccess" {
+  name = data.docker_registry_image.goaccess.name
+  pull_triggers = [data.docker_registry_image.goaccess.sha256_digest]
+}
+
+resource "docker_container" "goaccess" {
+  image = docker_image.goaccess.image_id
+  name = "goaccess"
+  restart = "always"
+
+  command = [
+    "srv/logs/nginx/access.log",
+    "-a",
+    "--real-time-html",
+    "-p /srv/config/goaccess.conf"
+  ]
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000"
+  ]
+
+  mounts {
+    target = "/srv/config/goaccess.conf"
+    source = "/var/lib/containers/goaccess/goaccess.conf"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/srv/logs/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+    read_only = true
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.49"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/grafana.tf

@@ -13,15 +13,17 @@ resource "docker_container" "grafana" {
 
   restart = "always"
 
+  user = "1000:1000"
+
   mounts {
     target = "/var/lib/grafana"
-    source = "/share/appdata/grafana"
+    source = "/var/lib/containers/grafana"
     type = "bind"
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.79"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.41"
   }
 
   lifecycle {

core-os-podman/grocy.tf

@@ -20,11 +20,10 @@ resource "docker_container" "grocy" {
 
   mounts {
     target = "/config"
-    source = "/share/appdata/grocy"
+    source = "/var/lib/containers/grocy"
     type = "bind"
   }
 
-
   lifecycle {
     ignore_changes = [
       ulimit,
@@ -33,7 +32,7 @@ resource "docker_container" "grocy" {
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.142"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.38"
   }
 }

core-os-podman/hoarder.tf

@@ -0,0 +1,138 @@
+data "docker_registry_image" "hoarder" {
+  name = "ghcr.io/hoarder-app/hoarder"
+}
+
+resource "docker_image" "hoarder" {
+  name = data.docker_registry_image.hoarder.name
+  pull_triggers = [data.docker_registry_image.hoarder.sha256_digest]
+}
+
+data "docker_registry_image" "hoarder-chrome" {
+  name = "gcr.io/zenika-hub/alpine-chrome:latest"
+}
+
+resource "docker_image" "hoarder-chrome" {
+  name = data.docker_registry_image.hoarder-chrome.name
+  pull_triggers = [data.docker_registry_image.hoarder-chrome.sha256_digest]
+}
+
+data "docker_registry_image" "hoarder-meilisearch" {
+  name = "getmeili/meilisearch:v1.6"
+}
+
+resource "docker_image" "hoarder-meilisearch" {
+  name = data.docker_registry_image.hoarder-meilisearch.name
+  pull_triggers = [data.docker_registry_image.hoarder-meilisearch.sha256_digest]
+}
+
+resource "docker_network" "hoarder" {
+  name = "hoarder"
+}
+
+resource "docker_container" "hoarder" {
+  image = docker_image.hoarder.image_id
+  name = "hoarder"
+  hostname = "hoarder"
+
+  env = [
+    "MEILI_ADDR=http://meilisearch:7700",
+    "BROWSER_WEB_URL=http://chrome:9222",
+    "HOARDER_VERSION=release",
+    "NEXTAUTH_SECRET=j&natTM8L8u$&z",
+    "MEILI_MASTER_KEY=GM4ysMegcCoZUOrVxglbWzGJeN9O7CMWnZIaG9c_MSQ",
+    "NEXTAUTH_URL=https://hoarder.rescla.me",
+    "DATA_DIR=/data",
+    "ASSETS_DIR=/assets",
+    "DISABLE_SIGNUPS=true",
+    "OPENAI_API_KEY=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"
+  ]
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/karakeep/data"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/assets"
+    source = "/mnt/appdata/karakeep"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.15"
+  }
+
+  networks_advanced {
+    name = docker_network.hoarder.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+resource "docker_container" "hoarder-chrome" {
+  image = docker_image.hoarder-chrome.image_id
+  name = "hoarder-chrome"
+  hostname = "chrome"
+
+  command = [
+    "--no-sandbox",
+    "--disable-gpu",
+    "--disable-dev-shm-usage",
+    "--remote-debugging-address=0.0.0.0",
+    "--remote-debugging-port=9222",
+    "--hide-scrollbars"
+  ]
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.hoarder.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+resource "docker_container" "hoarder-meilisearch" {
+  image = docker_image.hoarder-meilisearch.image_id
+  name = "hoarder-meilisearch"
+  hostname = "meilisearch"
+
+  env = [
+    "MEILI_ADDR=http://meilisearch:7700",
+    "HOARDER_VERSION=release",
+    "NEXTAUTH_SECRET=j&natTM8L8u$&z",
+    "MEILI_MASTER_KEY=GM4ysMegcCoZUOrVxglbWzGJeN9O7CMWnZIaG9c_MSQ",
+    "NEXTAUTH_URL=https://hoarder.rescla.me",
+    "MEILI_NO_ANALYTICS=true"
+  ]
+
+  restart = "always"
+  mounts {
+    target = "/meili_data"
+    source = "/var/lib/containers/karakeep/data-meilisearch"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.hoarder.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/homer.tf

@@ -0,0 +1,40 @@
+data "docker_registry_image" "homer" {
+  name = "b4bz/homer:latest"
+}
+
+resource "docker_image" "homer" {
+  name = data.docker_registry_image.homer.name
+  pull_triggers = [data.docker_registry_image.homer.sha256_digest]
+}
+
+resource "docker_container" "homer" {
+  image = docker_image.homer.image_id
+  name = "homer"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=1000",
+    "PGID=1000",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.22"
+  }
+
+  mounts {
+    target = "/www/assets"
+    source = "/var/lib/containers/homer"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/jellyfin.tf

@@ -0,0 +1,64 @@
+data "docker_registry_image" "jellyfin" {
+  name = "jellyfin/jellyfin:latest"
+}
+
+resource "docker_image" "jellyfin" {
+  name = data.docker_registry_image.jellyfin.name
+  pull_triggers = [data.docker_registry_image.jellyfin.sha256_digest]
+}
+
+resource "docker_container" "jellyfin" {
+  image = docker_image.jellyfin.image_id
+  name = "jellyfin"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=444",
+    "PGID=321",
+    "UMASK=002"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.13"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/jellyfin/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/cache"
+    source = "/var/lib/containers/jellyfin/cache"
+    type = "bind"
+  }
+
+  # https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
+  volumes {
+    container_path = "/datarr"
+    volume_name = docker_volume.truenas-arr.name
+  }
+
+  devices {
+    host_path = "/dev/dri/renderD128"
+    container_path = "/dev/dri/renderD128"
+    permissions = "rwm"
+  }
+
+  devices {
+    host_path = "/dev/dri/renderD129"
+    container_path = "/dev/dri/renderD129"
+    permissions = "rwm"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/jellyseerr.tf

@@ -19,13 +19,13 @@ resource "docker_container" "jellyseerr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.135"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.37"
   }
 
   mounts {
     target = "/app/config"
-    source = "/share/appdata/jellyseerr"
+    source = "/var/lib/containers/jellyseerr"
     type = "bind"
   }
 

core-os-podman/lidarr.tf

@@ -0,0 +1,45 @@
+data "docker_registry_image" "lidarr" {
+  name = "lscr.io/linuxserver/lidarr:latest"
+}
+
+resource "docker_image" "lidarr" {
+  name = data.docker_registry_image.lidarr.name
+  pull_triggers = [data.docker_registry_image.lidarr.sha256_digest]
+}
+
+resource "docker_container" "lidarr" {
+  image = docker_image.lidarr.image_id
+  name = "lidarr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=1000",
+    "PGID=1000",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.33"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/lidarr"
+    type = "bind"
+  }
+
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/malla.tf

@@ -0,0 +1,76 @@
+
+data "docker_registry_image" "malla" {
+  name = "ghcr.io/zenitram/malla:latest"
+}
+
+resource "docker_image" "malla" {
+  name = data.docker_registry_image.malla.name
+  pull_triggers = [data.docker_registry_image.malla.sha256_digest]
+}
+
+
+resource "docker_container" "malla-capture" {
+  image = docker_image.malla.image_id
+  name = "malla-capture"
+  restart = "always"
+
+  command = ["/app/.venv/bin/malla-capture"]
+
+  env = [
+    "MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
+    "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
+    # "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshtastic.org",
+    "MALLA_MQTT_PORT=1883",
+    "MALLA_MQTT_USERNAME=downlink",
+    "MALLA_MQTT_PASSWORD=mq!Down!1nk",
+    "MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
+  ]
+
+  mounts {
+    target = "/app/data"
+    source = "/var/lib/containers/malla"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "malla-web" {
+  image = docker_image.malla.image_id
+  name = "malla-web"
+  restart = "always"
+
+  env = [
+    "MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
+    "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
+    "MALLA_MQTT_PORT=8883",
+    "MALLA_MQTT_USERNAME=boreft",
+    "MALLA_MQTT_PASSWORD=meshboreft",
+    "MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
+  ]
+
+  command = ["/app/.venv/bin/malla-web-gunicorn"]
+  
+  mounts {
+    target = "/app/data"
+    source = "/var/lib/containers/malla"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.50"
+  }
+}

core-os-podman/mariadb.tf

@@ -1,5 +1,5 @@
 data "docker_registry_image" "mariadb" {
-  name = "mariadb:10.11"
+  name = "mariadb:11.4"
 }
 
 resource "docker_image" "mariadb" {
@@ -7,17 +7,16 @@ resource "docker_image" "mariadb" {
   pull_triggers = [data.docker_registry_image.mariadb.sha256_digest]
 }
 
-resource "docker_network" "mariadb" {
-  name = "mariadb"
-}
-
 resource "docker_container" "mariadb" {
   image = docker_image.mariadb.image_id
   name = "mariadb"
 
+  memory = 5000
+  memory_swap = 5000
+
   mounts {
     target = "/var/lib/mysql"
-    source = "/share/appdata/mariadb"
+    source = "/var/lib/containers/mariadb"
     type = "bind"
   }
 
@@ -28,12 +27,8 @@ resource "docker_container" "mariadb" {
   restart = "always"
 
   networks_advanced {
-    name = docker_network.mariadb.name
-  }
-
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.127"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.24"
   }
 
   lifecycle {

core-os-podman/mealie.tf

@@ -0,0 +1,48 @@
+
+data "docker_registry_image" "mealie" {
+  name = "ghcr.io/mealie-recipes/mealie:v3.1.2"
+}
+
+resource "docker_image" "mealie" {
+  name = data.docker_registry_image.mealie.name
+  pull_triggers = [data.docker_registry_image.mealie.sha256_digest]
+}
+
+resource "docker_container" "mealie" {
+  image = docker_image.mealie.image_id
+  name = "mealie"
+  restart = "always"
+
+  memory = 1000
+  memory_swap = 1000
+
+  env = [
+    "ALLOW_SIGNUP=false",
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000",
+    "BASE_URL=https://mealie.rescla.me",
+    "SMTP_HOST=mail.smtp2go.com",
+    "SMTP_FROM_EMAIL=mealie@xz1.nl",
+    "SMTP_USER=mealie@xz1.nl",
+    "SMTP_PASSWORD=VDHnraVWlA2P1Hbu"
+  ]
+
+  mounts {
+    target = "/app/data"
+    source = "/var/lib/containers/mealie"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.39"
+  }
+}

core-os-podman/memos.tf

@@ -0,0 +1,39 @@
+data "docker_registry_image" "memos" {
+  name = "neosmemo/memos:stable"
+}
+
+resource "docker_image" "memos" {
+  name = data.docker_registry_image.memos.name
+  pull_triggers = [data.docker_registry_image.memos.sha256_digest]
+}
+
+resource "docker_container" "memos" {
+  image = docker_image.memos.image_id
+  name = "memos"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "MEMOS_MODE=prod",
+    "MEMOS_PORT=80"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.40"
+  }
+
+  mounts {
+    target = "/var/opt/memos"
+    source = "/var/lib/containers/memos"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/meshtastic.tf

@@ -0,0 +1,28 @@
+data "docker_registry_image" "meshtastic" {
+  name = "ghcr.io/meshtastic/web:latest"
+}
+
+resource "docker_image" "meshtastic" {
+  name = data.docker_registry_image.meshtastic.name
+  pull_triggers = [data.docker_registry_image.meshtastic.sha256_digest]
+}
+
+resource "docker_container" "meshtastic" {
+  image = docker_image.meshtastic.image_id
+  name = "meshtastic"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.44"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/navidrome.tf

@@ -0,0 +1,47 @@
+data "docker_registry_image" "navidrome" {
+  name = "deluan/navidrome:latest"
+}
+
+resource "docker_image" "navidrome" {
+  name = data.docker_registry_image.navidrome.name
+  pull_triggers = [data.docker_registry_image.navidrome.sha256_digest]
+}
+
+resource "docker_container" "navidrome" {
+  image = docker_image.navidrome.image_id
+  name = "navidrome"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.16"
+  }
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/navidrome"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/music/datarr"
+    source = "/mnt/datarr/media/music"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/music/appdata"
+    source = "/mnt/appdata/navidrome/music"
+    type = "bind"
+  }
+
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/nginx-lb.tf

@@ -21,34 +21,43 @@ resource "docker_container" "nginx-lb" {
 
   mounts {
     target = "/etc/nginx/nginx.conf"
-    source = "/share/appdata/nginx-lb/nginx.conf"
+    source = "/var/lib/containers/nginx-lb/nginx.conf"
     type = "bind"
   }
 
   mounts {
     target = "/etc/nginx/config"
-    source = "/share/appdata/nginx-lb/conf"
+    source = "/var/lib/containers/nginx-lb/conf"
     type = "bind"
   }
 
   mounts {
     target = "/etc/nginx/user_conf.d"
-    source = "/share/appdata/nginx-lb/user_conf.d"
+    source = "/var/lib/containers/nginx-lb/user_conf.d"
     type = "bind"
   }
   
-
   mounts {
     target = "/etc/letsencrypt"
-    source = "/share/appdata/nginx-lb/secrets"
+    source = "/var/lib/containers/nginx-lb/secrets"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/log/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.115"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.29"
+  }
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
   }
 
   lifecycle {

core-os-podman/node-red.tf

@@ -11,9 +11,12 @@ resource "docker_container" "node-red" {
   image = docker_image.node-red.image_id
   name = "node-red"
 
+  memory = 1000
+  memory_swap = 1000
+
   mounts {
     target = "/data"
-    source = "/share/appdata/node-red"
+    source = "/var/lib/containers/node-red"
     type = "bind"
   }
 
@@ -24,8 +27,8 @@ resource "docker_container" "node-red" {
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.124"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.21"
   }
 
   lifecycle {

core-os-podman/ntfy.tf

@@ -0,0 +1,61 @@
+data "docker_registry_image" "ntfy" {
+  name = "binwiederhier/ntfy"
+}
+
+resource "docker_image" "ntfy" {
+  name = data.docker_registry_image.ntfy.name
+  pull_triggers = [data.docker_registry_image.ntfy.sha256_digest]
+}
+
+resource "docker_container" "ntfy" {
+  image = docker_image.ntfy.image_id
+  name = "ntfy"
+
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  user = "1000:1000"
+
+  command = ["serve"]
+
+  mounts {
+    target = "/etc/ntfy/server.yml"
+    source = "/var/lib/containers/ntfy/server.yml"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/etc/ntfy/templates"
+    source = "/var/lib/containers/ntfy/templates"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/var/cache/ntfy"
+    source = "/var/lib/containers/ntfy/cache"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/lib/ntfy/auth"
+    source = "/var/lib/containers/ntfy/auth"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.51"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/ofelia.tf

@@ -23,7 +23,7 @@ resource "docker_container" "ofelia" {
 
   mounts {
     target = "/etc/ofelia"
-    source = "/share/appdata/ofelia"
+    source = "/var/lib/containers/ofelia"
     type = "bind"
   }
 

core-os-podman/photoprism-tineke.tf

@@ -0,0 +1,50 @@
+resource "docker_container" "photoprism-tineke" {
+  image = docker_image.photoprism.image_id
+  name = "photoprism-tineke"
+
+  restart = "always"
+
+  memory = 10000
+  memory_swap = 10000
+
+  env = [
+    "PHOTOPRISM_UPLOAD_NSFW=true",
+    "PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism-tineke.rescla.me",
+    "PHOTOPRISM_HTTP_HOST=192.168.3.11",
+    "PHOTOPRISM_DISABLE_TLS=true",
+    "PHOTOPRISM_DATABASE_DRIVER=mysql",
+    "PHOTOPRISM_DATABASE_SERVER=192.168.3.24",
+    "PHOTOPRISM_DATABASE_NAME=photoprism_tineke",
+    "PHOTOPRISM_DATABASE_USER=photoprism",
+    "PHOTOPRISM_DATABASE_PASSWORD=YL43KVRekqUjbgPLGzz",
+    "PHOTOPRISM_AUTO_IMPORT=60"
+  ]
+
+  volumes {
+    container_path = "/photoprism/originals"
+    volume_name = "truenas-photoprism-tineke-originals"
+  }
+
+  volumes {
+    container_path = "/photoprism/import"
+    volume_name = "truenas-photoprism-tineke-import"
+  }
+
+  volumes {
+    container_path = "/photoprism/storage"
+    volume_name = "truenas-photoprism-tineke-data"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.11"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/photoprism.tf

@@ -0,0 +1,59 @@
+data "docker_registry_image" "photoprism" {
+  name = "photoprism/photoprism:latest"
+}
+
+resource "docker_image" "photoprism" {
+  name = data.docker_registry_image.photoprism.name
+  pull_triggers = [data.docker_registry_image.photoprism.sha256_digest]
+}
+
+resource "docker_container" "photoprism" {
+  image = docker_image.photoprism.image_id
+  name = "photoprism"
+
+  restart = "always"
+
+  memory = 10000
+  memory_swap = 10000
+
+  env = [
+    "PHOTOPRISM_UPLOAD_NSFW=true",
+    "PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.rescla.me",
+    "PHOTOPRISM_HTTP_HOST=192.168.3.12",
+    "PHOTOPRISM_DISABLE_TLS=true",
+    "PHOTOPRISM_DATABASE_DRIVER=mysql",
+    "PHOTOPRISM_DATABASE_SERVER=192.168.3.24",
+    "PHOTOPRISM_DATABASE_NAME=photoprism",
+    "PHOTOPRISM_DATABASE_USER=photoprism",
+    "PHOTOPRISM_DATABASE_PASSWORD=YL43KVRekqUjbgPLGzz",
+    "PHOTOPRISM_AUTO_IMPORT=60"
+  ]
+
+  volumes {
+    container_path = "/photoprism/originals"
+    volume_name = "truenas-photoprism-originals"
+  }
+
+  volumes {
+    container_path = "/photoprism/import"
+    volume_name = "truenas-photoprism-import"
+  }
+
+  volumes {
+    container_path = "/photoprism/storage"
+    volume_name = "truenas-photoprism-data"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.12"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/piped.tf

@@ -0,0 +1,144 @@
+data "docker_registry_image" "piped-backend" {
+  name = "1337kavin/piped:latest"
+}
+
+data "docker_registry_image" "piped-frontend" {
+  name = "1337kavin/piped-frontend:latest"
+}
+
+data "docker_registry_image" "piped-proxy" {
+  name = "1337kavin/piped-proxy:latest"
+}
+
+data "docker_registry_image" "piped-bg-helper" {
+  name = "1337kavin/bg-helper-server:latest"
+}
+
+resource "docker_image" "piped-backend" {
+  name = data.docker_registry_image.piped-backend.name
+  pull_triggers = [data.docker_registry_image.piped-backend.sha256_digest]
+}
+
+
+resource "docker_image" "piped-frontend" {
+  name = data.docker_registry_image.piped-frontend.name
+  pull_triggers = [data.docker_registry_image.piped-frontend.sha256_digest]
+}
+
+resource "docker_image" "piped-proxy" {
+  name = data.docker_registry_image.piped-proxy.name
+  pull_triggers = [data.docker_registry_image.piped-proxy.sha256_digest]
+}
+
+resource "docker_image" "piped-bg-helper" {
+  name = data.docker_registry_image.piped-bg-helper.name
+  pull_triggers = [data.docker_registry_image.piped-bg-helper.sha256_digest]
+}
+
+resource "docker_network" "piped" {
+  name = "piped"
+}
+
+resource "docker_container" "piped-backend" {
+  image = docker_image.piped-backend.image_id
+  name = "piped-backend"
+  hostname = "piped-backend"
+  restart = "always"
+
+  memory = 1000
+  memory_swap = 1000
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
+  }
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  depends_on = [
+    docker_container.gluetun,
+    docker_container.postgres
+  ]
+
+  mounts {
+    target = "/app/config.properties"
+    source = "/var/lib/containers/piped/config.properties"
+    type = "bind"
+    read_only = true
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+
+resource "docker_container" "piped-frontend" {
+  image = docker_image.piped-frontend.image_id
+  name = "piped-frontend"
+  hostname = "piped-frontend"
+
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "BACKEND_HOSTNAME=piped-api.rescla.me"
+  ]
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
+  }
+  
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "piped-proxy" {
+  image = docker_image.piped-proxy.image_id
+  name = "piped-proxy"
+  hostname = "piped-proxy"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "piped-bg-helper" {
+  image = docker_image.piped-bg-helper.image_id
+  name = "piped-bg-helper"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/postgres.tf

@@ -0,0 +1,49 @@
+data "docker_registry_image" "postgres" {
+  name = "pgautoupgrade/pgautoupgrade:16-alpine"
+}
+
+resource "docker_image" "postgres" {
+  name = data.docker_registry_image.postgres.name
+  pull_triggers = [data.docker_registry_image.postgres.sha256_digest]
+}
+
+resource "docker_container" "postgres" {
+  image = docker_image.postgres.image_id
+  name = "postgres"
+  hostname = "postgres"
+
+  restart = "always"
+
+  memory = 1000
+  memory_swap = 1000
+
+  log_driver = "local"
+
+  env = [
+    "POSTGRES_DB=piped",
+    "POSTGRES_USER=piped",
+    "POSTGRES_PASSWORD=YDoVrAXCxim%lOK8^"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.43"
+  }
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  mounts {
+    target = "/var/lib/postgresql/data"
+    source = "/var/lib/containers/postgres/data"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/prometheus.tf

@@ -11,25 +11,33 @@ resource "docker_container" "prometheus" {
   image = docker_image.prometheus.image_id
   name = "prometheus"
 
-  command = ["--config.file=/etc/prometheus/prometheus.yml","--storage.tsdb.path=/prometheus", "--web.console.libraries=/usr/share/prometheus/console_libraries","--web.console.templates=/usr/share/prometheus/consoles", "--storage.tsdb.retention.time=2y"]
+  command = [
+    "--config.file=/etc/prometheus/prometheus.yml",
+    "--storage.tsdb.path=/prometheus",
+    "--web.console.libraries=/usr/share/prometheus/console_libraries",
+    "--web.console.templates=/usr/share/prometheus/consoles",
+    "--storage.tsdb.retention.time=5y"
+  ]
+
+  user = "1000:1000"
 
   mounts {
-    target = "/etc/prometheus"
-    source = "/share/appdata/prometheus/config"
+    target = "/etc/prometheus/prometheus.yml"
+    source = "/var/lib/containers/prometheus/config/prometheus.yml"
     type = "bind"
   }
 
   mounts {
     target = "/prometheus"
-    source = "/share/appdata/prometheus/data"
+    source = "/var/lib/containers/prometheus/data"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.80"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.42"
   }
 
   lifecycle {

core-os-podman/prowlarr.tf

@@ -22,13 +22,13 @@ resource "docker_container" "prowlarr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.141"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.34"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/prowlarr"
+    source = "/var/lib/containers/prowlarr"
     type = "bind"
   }
 

core-os-podman/proxmox_100_podman.tf

@@ -0,0 +1,127 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+  }
+}
+
+provider "docker" {
+  # host      = "tcp://127.0.0.1:3000"
+  host      = "tcp://172.20.0.207:2375"
+  cert_path = pathexpand(".docker")
+
+  registry_auth {
+    address = "gitea.rescla.me"
+    username = "rescla"
+    password = "9c84612c4b053e2ec663cde03da730b6a01304e8"
+  }
+}
+
+resource "docker_network" "container-public" {
+  name = "container-public"
+  ipam_config {
+    subnet = "192.168.3.0/24"
+    gateway = "192.168.3.1"
+    ip_range = "192.168.3.128/25"
+  }
+}
+
+resource "docker_network" "ipv6-slaac" {
+  name = "ipv6-slaac"
+  ipv6 = true
+
+  ipam_config {
+    aux_address = {}
+    gateway = "192.168.48.1"
+    subnet = "192.168.48.0/20"
+  }
+
+  ipam_config {
+    aux_address = {}
+    subnet = "2a02:a470:b12a:2::/64"
+    gateway = "2a02:a470:b12a:2::1"
+  }
+}
+
+resource "docker_network" "ip6net" {
+  name = "ipv6net"
+  ipv6 = true
+
+  ipam_config {
+    aux_address = {}
+    gateway = "192.168.64.1"
+    subnet = "192.168.64.0/20"
+  }
+
+  ipam_config {
+    aux_address = {}
+    subnet = "2001:db8::/64"
+    gateway = "2001:db8::1"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-originals" {
+  name = "truenas-photoprism-originals"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-originals"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-import" {
+  name = "truenas-photoprism-import"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-import"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-data" {
+  name = "truenas-photoprism-data"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-data"
+    o = "username=photoprism,password=V3i77MWeoM^XpugwG%6,uid=2000,gid=2000"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-timeke-originals" {
+  name = "truenas-photoprism-tineke-originals"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-tineke-originals"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-tineke-import" {
+  name = "truenas-photoprism-tineke-import"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-tineke-import"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-tineke-data" {
+  name = "truenas-photoprism-tineke-data"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-tineke-data"
+    o = "username=photoprism,password=V3i77MWeoM^XpugwG%6,uid=2000,gid=2000"
+  }
+}
+
+resource "docker_volume" "truenas-arr" {
+  name = "truenas-arr"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/arr-media"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+

core-os-podman/radarr.tf

@@ -21,20 +21,19 @@ resource "docker_container" "radarr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.138"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.35"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/radarr"
+    source = "/var/lib/containers/radarr"
     type = "bind"
   }
 
-  mounts {
-    target = "/data"
-    source = "/share/datarr"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
   lifecycle {

core-os-podman/readme.md

@@ -0,0 +1,48 @@
+# Update docker ipv4  network
+
+Stop all pods
+```
+docker stop $(docker ps -a -q)
+```
+
+Remove network
+`docker network rm container-public`
+
+create new network
+```
+docker network create -d macvlan \
+  --subnet=192.168.3.0/24 \
+  --gateway=192.168.3.1 \
+  --ip-range=192.168.3.128/25 \
+  -o parent=ens19 \
+  container-public
+```
+
+Rest tofu
+```
+tofu state rm docker_network.container-public
+tofu import docker_network.container-public 276dec3b3e8d82e465c2e47b5c8d8ccb439c608c5665094a3735849e7b8b9742
+```
+# Update docker ipv6 network
+
+Cleanup
+```
+docker stop $(docker ps -a -q)
+docker network rm ipv6-slaac
+```
+
+Initialize
+```
+docker network create -d ipvlan \
+  --subnet=2a02:a470:b12a:2::/64 \
+  --ipv6 \
+  -o parent=ens19 \
+  -o ipvlan_mode=l2 \
+  ipv6-slaac
+```
+
+Tofu
+```
+tofu state rm docker_network.ipv6-slaac
+tofu import docker_network.ipv6-slaac d3b368472fb140224858725c8b5ba88ede8f6666464d3b05ffc957415404b3a3
+```

core-os-podman/ripe-atlas.tf

@@ -0,0 +1,46 @@
+data "docker_registry_image" "ripe-atlas" {
+  name = "jamesits/ripe-atlas:latest"
+}
+
+resource "docker_image" "ripe-atlas" {
+  name = data.docker_registry_image.ripe-atlas.name
+  pull_triggers = [data.docker_registry_image.ripe-atlas.sha256_digest]
+}
+
+resource "docker_container" "ripe-atlas" {
+  image = docker_image.ripe-atlas.image_id
+  name = "ripe-atlas"
+  restart = "always"
+
+  log_driver = "local"
+
+  mounts {
+    target = "/etc/ripe-atlas"
+    source = "/var/lib/containers/atlas-probe/etc"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/run/ripe-atlas"
+    source = "/var/lib/containers/atlas-probe/run"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/spool/ripe-atlas"
+    source = "/var/lib/containers/atlas-probe/spool"
+    type = "bind"
+  }
+
+  capabilities {
+    drop = ["ALL"]
+    add = ["CAP_CHOWN", "CAP_SETUID", "CAP_SETGID", "CAP_DAC_OVERRIDE", "CAP_NET_RAW", "CAP_KILL", "CAP_FOWNER"]
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/rssbridge.tf

@@ -0,0 +1,36 @@
+data "docker_registry_image" "rssbridge" {
+  name = "rssbridge/rss-bridge:latest"
+}
+
+resource "docker_image" "rssbridge" {
+  name = data.docker_registry_image.rssbridge.name
+  pull_triggers = [data.docker_registry_image.rssbridge.sha256_digest]
+}
+
+resource "docker_container" "rssbridge" {
+  image = docker_image.rssbridge.image_id
+  name = "rssbridge"
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/rssbridge"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.47"
+  }
+}

core-os-podman/sabnzdb.tf

@@ -22,20 +22,19 @@ resource "docker_container" "sabnzdb" {
 
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.140"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.32"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/sabnzdb"
+    source = "/var/lib/containers/sabnzdb"
     type = "bind"
   }
 
-  mounts {
-    target = "/data/usenet"
-    source = "/share/datarr/usenet"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
   lifecycle {

core-os-podman/searxng.tf

@@ -0,0 +1,87 @@
+
+data "docker_registry_image" "searxng" {
+  name = "searxng/searxng:latest"
+}
+
+data "docker_registry_image" "searxng-valkey" {
+  name = "valkey/valkey:9"
+}
+
+resource "docker_image" "searxng" {
+  name = data.docker_registry_image.searxng.name
+  pull_triggers = [data.docker_registry_image.searxng.sha256_digest]
+}
+
+resource "docker_image" "searxng-valkey" {
+  name = data.docker_registry_image.searxng-valkey.name
+  pull_triggers = [data.docker_registry_image.searxng-valkey.sha256_digest]
+}
+
+resource "docker_network" "searxng" {
+  name = "searxng"
+}
+
+resource "docker_container" "searxng-valkey" {
+  image   = docker_image.searxng-valkey.image_id
+  name    = "searxng-valkey"
+  restart = "always"
+  hostname = "valkey"
+
+  command = ["valkey-server", "--save 30 1", "--loglevel warning"]
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/searxng/valkey-data"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.searxng.name
+  }
+}
+
+resource "docker_container" "searxng" {
+  image = docker_image.searxng.image_id
+  name = "searxng"
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "SEARXNG_HOSTNAME=search.rescla.me"
+  ]
+
+  mounts {
+    target = "/var/cache/searxng"
+    source = "/var/lib/containers/searxng/searxng-data"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/etc/searxng"
+    source = "/var/lib/containers/searxng/data"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.52"
+  }
+
+  networks_advanced {
+    name = docker_network.searxng.name
+  }
+}

core-os-podman/smokeping.tf

@@ -20,21 +20,21 @@ resource "docker_container" "smokeping" {
 
   mounts {
     target = "/config"
-    source = "/share/appdata/smokeping/config"
+    source = "/var/lib/containers/smokeping/config"
     type = "bind"
   }
 
   mounts {
     target = "/data"
-    source = "/share/appdata/smokeping/data"
+    source = "/var/lib/containers/smokeping/data"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.126"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.26"
   }
 
   dns = ["172.20.0.0"]

core-os-podman/sonarr.tf

@@ -21,20 +21,19 @@ resource "docker_container" "sonarr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.136"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.36"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/sonarr"
+    source = "/var/lib/containers/sonarr"
     type = "bind"
   }
 
-  mounts {
-    target = "/data"
-    source = "/share/datarr"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
   lifecycle {

core-os-podman/synapse.tf

@@ -0,0 +1,50 @@
+/**
+Running for the first time:
+
+docker run -it --rm \
+    --mount type=bind,src=/var/lib/containers/synapse,dst=/data \
+    -e SYNAPSE_SERVER_NAME=matrix.rescla.me \
+    -e SYNAPSE_REPORT_STATS=no \
+    ghcr.io/element-hq/synapse:latest generate
+
+
+ */
+
+data "docker_registry_image" "synapse" {
+  name = "ghcr.io/element-hq/synapse:latest"
+}
+
+resource "docker_image" "synapse" {
+  name = data.docker_registry_image.synapse.name
+  pull_triggers = [data.docker_registry_image.synapse.sha256_digest]
+}
+
+resource "docker_container" "synapse" {
+  image = docker_image.synapse.image_id
+  name = "synapse"
+  restart = "always"
+
+  depends_on = [docker_container.postgres]
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/synapse"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.48"
+  }
+}

core-os-podman/traccar.tf

@@ -1,5 +1,5 @@
 data "docker_registry_image" "traccar" {
-  name = "traccar/traccar"
+  name = "traccar/traccar:debian"
 }
 
 resource "docker_image" "traccar" {
@@ -13,25 +13,21 @@ resource "docker_container" "traccar" {
 
   mounts {
     target = "/opt/traccar/logs"
-    source = "/share/appdata/traccar/logs"
+    source = "/var/lib/containers/traccar/logs"
     type = "bind"
   }
 
   mounts {
     target = "/opt/traccar/conf/traccar.xml"
-    source = "/share/appdata/traccar/traccar.xml"
+    source = "/var/lib/containers/traccar/traccar.xml"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.113"
-  }
-
-  networks_advanced {
-    name = docker_network.mariadb.name
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.23"
   }
 
   lifecycle {

core-os-podman/unifi.tf

@@ -11,17 +11,20 @@ resource "docker_container" "unifi" {
   image = docker_image.unifi.image_id
   name = "unifi"
 
+  memory = 3000
+  memory_swap = 3000
+
   mounts {
     target = "/unifi"
-    source = "/share/appdata/unifi"
+    source = "/var/lib/containers/unifi"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.67"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.30"
   }
 
   lifecycle {

core-os-podman/uptime-kuma.tf

@@ -15,13 +15,13 @@ resource "docker_container" "uptime-kuma" {
 
   mounts {
     target = "/app/data"
-    source = "/share/appdata/uptime-kuma"
+    source = "/var/lib/containers/uptime-kuma"
     type = "bind"
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.133"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.31"
   }
 
   lifecycle {

core-os-podman/vikunja.tf

@@ -16,7 +16,7 @@ resource "docker_container" "vikunja" {
 
   env = [
     "VIKUNJA_SERVICE_PUBLICURL=https://vikunja.rescla.me",
-    "VIKUNJA_DATABASE_HOST=192.168.2.127",
+    "VIKUNJA_DATABASE_HOST=192.168.3.24",
     "VIKUNJA_DATABASE_PASSWORD=4PU^B%Kz8R*8!cT8R",
     "VIKUNJA_DATABASE_TYPE=mysql",
     "VIKUNJA_DATABASE_USER=vikunja",
@@ -33,13 +33,13 @@ resource "docker_container" "vikunja" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.143"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.28"
   }
 
   mounts {
     target = "/files"
-    source = "/share/appdata/vikunja"
+    source = "/var/lib/containers/vikunja"
     type = "bind"
   }
 

core-os-podman/yamtrack.tf

@@ -0,0 +1,77 @@
+data "docker_registry_image" "yamtrack" {
+  name = "ghcr.io/fuzzygrim/yamtrack"
+}
+
+data "docker_registry_image" "yamtrack-redis" {
+  name = "redis:7-alpine"
+}
+
+resource "docker_image" "yamtrack" {
+  name = data.docker_registry_image.yamtrack.name
+  pull_triggers = [data.docker_registry_image.yamtrack.sha256_digest]
+}
+
+resource "docker_image" "yamtrack-redis" {
+  name = data.docker_registry_image.yamtrack-redis.name
+  pull_triggers = [data.docker_registry_image.yamtrack-redis.sha256_digest]
+}
+
+resource "docker_network" "yamtrack" {
+  name = "yamtrack"
+}
+
+resource "docker_container" "yamtrack-redis" {
+  image = docker_image.yamtrack-redis.image_id
+  name = "yamtrack-redis"
+  restart = "always"
+  hostname = "redis"
+
+  log_driver = "local"
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/yamtrack/data"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.yamtrack.name
+  }
+}
+
+
+resource "docker_container" "yamtrack" {
+  image = docker_image.yamtrack.image_id
+  name = "yamtrack"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "SECRET=dx43FYAAD1ZULJ1G0&8*hP6A5!rzXSB7Z0B9DdRlBwlgsv2W2CToekYP6UNdnUv2",
+    "REDIS_URL=redis://redis:6379"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.53"
+  }
+
+  networks_advanced {
+    name = docker_network.yamtrack.name
+  }
+
+  mounts {
+    target = "/yamtrack/db"
+    source = "/var/lib/containers/yamtrack/db"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

docker-qnap.tf

@@ -10,6 +10,12 @@ terraform {
 provider "docker" {
   host      = "tcp://192.168.2.64:2376"
   cert_path = pathexpand(".docker")
+
+  registry_auth {
+    address = "gitea.rescla.me"
+    username = "rescla"
+    password = "9c84612c4b053e2ec663cde03da730b6a01304e8"
+  }
 }
 
 resource "docker_network" "bridge" {
@@ -42,3 +48,13 @@ resource "docker_network" "host" {
   name = "host"
 }
 
+resource "docker_volume" "truenas-arr" {
+  name = "truenas-arr"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/arr-media"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+

dockerx.sh

@@ -0,0 +1,8 @@
+ #!/usr/bin/bash
+
+docker \
+  --tlsverify \
+  -H=192.168.2.64:2376 \
+  --tlscacert=.docker\ca.pem \
+  --tlscert=.docker\cert.pem \
+  --tlskey=.docker\key.pem %*

dozzle.tf

@@ -39,7 +39,8 @@ resource "docker_container" "dozzle" {
   lifecycle {
     ignore_changes = [
       ulimit,
-      log_opts
+      log_opts,
+      ports
     ]
   }
 }

photoprism-tineke.tf

@@ -1,38 +0,0 @@
-resource "docker_container" "photoprism-tineke" {
-  image = docker_image.photoprism.image_id
-  name = "photoprism-tineke"
-
-  restart = "always"
-
-  env = [
-    "PHOTOPRISM_UPLOAD_NSFW=true",
-    "PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",
-    "PHOTOPRISM_HTTP_HOSTNAME=photoprism-tineke.rescla.me",
-    "PHOTOPRISM_HTTP_HOST=192.168.2.132",
-    "PHOTOPRISM_DISABLE_TLS=true"
-  ]
-
-  mounts {
-    target = "/photoprism/originals/capture-one-variants"
-    source = "/share/CaptureOne/Variants"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/photoprism/storage"
-    source = "/share/appdata/photoprism-tineke/storage"
-    type = "bind"
-  }
-
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.132"
-  }
-
-  lifecycle {
-    ignore_changes = [
-      ulimit,
-      log_opts
-    ]
-  }
-}

photoprism.tf

@@ -1,53 +0,0 @@
-data "docker_registry_image" "photoprism" {
-  name = "photoprism/photoprism:latest"
-}
-
-resource "docker_image" "photoprism" {
-  name = data.docker_registry_image.photoprism.name
-  pull_triggers = [data.docker_registry_image.photoprism.sha256_digest]
-}
-
-resource "docker_container" "photoprism" {
-  image = docker_image.photoprism.image_id
-  name = "photoprism"
-
-  restart = "always"
-
-  env = [
-    "PHOTOPRISM_UPLOAD_NSFW=true",
-    "PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",
-    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.rescla.me",
-    "PHOTOPRISM_HTTP_HOST=192.168.2.116",
-    "PHOTOPRISM_DISABLE_TLS=true"
-  ]
-
-  mounts {
-    target = "/photoprism/originals/camera"
-    source = "/share/appdata/syncthing/Camera"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/photoprism/originals/capture-one-variants"
-    source = "/share/CaptureOne/Variants"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/photoprism/storage"
-    source = "/share/appdata/photoprism/storage"
-    type = "bind"
-  }
-
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.116"
-  }
-
-  lifecycle {
-    ignore_changes = [
-      ulimit,
-      log_opts
-    ]
-  }
-}