Updates

Add Yamtrack

.docker/ca.pem

@@ -1,35 +1,35 @@
 -----BEGIN CERTIFICATE-----
-MIIGDTCCA/WgAwIBAgIUDgmjZIgIVa0kvOLS27ljhGL2fQ8wDQYJKoZIhvcNAQEL
+MIIGDTCCA/WgAwIBAgIUdAhU4hnAkB2x7/pAxs4QqrlH13MwDQYJKoZIhvcNAQEL
 BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx
 DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe
-Fw0yNDExMDcxMDQ3MDhaFw0yNzExMDcxMDQ3MDhaMFoxGjAYBgNVBAMTEUNvbnRh
+Fw0yNTA4MTMwMjM1MjRaFw0yODA4MTIwMjM1MjRaMFoxGjAYBgNVBAMTEUNvbnRh
 aW5lciBTdGF0aW9uMQ0wCwYDVQQKEwRRTkFQMQ8wDQYDVQQIEwZUYWlwZWkxDzAN
 BgNVBAcTBlRhaXBlaTELMAkGA1UEBhMCVFcwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQDLDGADghOnXWqR0b5NAB+yixk8iChvW6xAYq21CUgxHDNrriEM
-m11gmyIWx+W8kVh67dWY1xzzeeuJt7q0Xuxan/vAQt5w/9UIhnF3MS0NrHEDVkXj
-q33DndxW0s9kj8fkaPwmPEpiQ+7x4uSU7IeBv4YYEUCRa0dV7QO4GLwEnJJM40oh
-UDIj9hL6dojVXFCYV2ta/MVLj5eimU+HBUZoFnCxppywpC/oTHDMEuYtGeY3VDxl
-nwLB2q4tKHjguqvOmDO1dph+tpe7VeVrGDUE0vEwXqx0mSZ/dDlhEjmKDO/v2LbE
-09XvjoG59e7u5JTrErvEXmH7tQ9QI13uE3HXmlV4nP3JJJ50PYQjousj7bmAGhZp
-WpA+1sPx8oOlKwNKbhU3134062p5LiJrLMDyC9IjllHrJhJjpgrPdJOK6STwWTtP
-qywHfPBGNKL0a9e4SBPjvisyRiDjpyM00ZTGSIb6Qe1fMH7wJlhveI3TBT6al0c8
-g5YD+jBcphWyQ/Dp/XiAu7ecfXPTzknHa2PuKeuBOZ3kSt1x9apn7cO1LrdckBxf
-m0qELqXmhr85EzBn9xiQ9JtbgNXFzgEKQ9CMJtHxkiz3EVeKj970wl0BfEoZ6sMY
-I605zbH2JfvfEzHTsTvrZEse24hfrRkt8flXiQA0xbgH2DtR06p5ZcEy6wIDAQAB
-o4HKMIHHMB0GA1UdDgQWBBRccVm1miBD05mqI1kVNHlKKdtvNjCBlwYDVR0jBIGP
-MIGMgBRccVm1miBD05mqI1kVNHlKKdtvNqFepFwwWjEaMBgGA1UEAxMRQ29udGFp
+DwAwggIKAoICAQCkQ3UfH4sIieOQvmnKIMW0gF+tGsnNUtdet7TyS7/PUZWLuRag
+/Jsxyehr4bOMDexrhYRGBe+DxkvqUby+oPQk2d07rYsd4zVWBcHdVHp/JDiAUr7g
+7J7p/epDhzGE6siuYOwIf8fKSWxqxX7kEi8g7wxXaZTUi6Ub0I+2RS/95oCwFHqn
+nmaxEjr9YwmonColNa7YmYqEp6MBvd/a7Sls1GGezNZkBRJe0fQPdX96TKCPviWR
+p5ogGOXHOdoruRKieiuqJGGvg+nLMKSMSZHDBUyiSuhGqOQEqQP7TEYLXsrQfpoY
+A0/BRyIkbTsB9EyhYMP18GS7vorKfJYe+76nvLzAqWYFCV4JpR/DBSKcUiLbRVy2
+oQViaYGnk0W1WjpR9d9UvY+uDhNZJwI2gpWxOWBS0e+Hd0aRs/0erYZdYynnKqmU
+2PHNPcTjUAU5AbYUP86dYjSWTI7tkgvZVHloCWYUoCmKX/abzjrpvgHBIgmCi9Dt
+0J/OgfYUV5HpISX5pstOPbcnCmrnhhwTYZEmkibJN6QoNr4huB5ECbSQ0cxTdyF4
+ruBBMjOwEI8uCZ4WwajURIJOr8uPatD0+zPKMKYuphEqrnxIqRXbvZBalpia1o95
+YOtfR7RClvyQ58B4/CZPwug7FW4A5Vr8ylNYKl0fkPz7oiwxWkZBei11lQIDAQAB
+o4HKMIHHMB0GA1UdDgQWBBSVugZSd2jDJoE1oJh+IzJWtV60wzCBlwYDVR0jBIGP
+MIGMgBSVugZSd2jDJoE1oJh+IzJWtV60w6FepFwwWjEaMBgGA1UEAxMRQ29udGFp
 bmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAxDzANBgNVBAgTBlRhaXBlaTEPMA0G
-A1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUV4IUDgmjZIgIVa0kvOLS27ljhGL2fQ8w
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAf09EJU15F/TWe/c4ERZw
-ihPk7yjZntG2c5ZFtgIKzXr/FITJihz61Otc7PM8KWXpGp6TE5HWfV74tCT9UiP9
-HYX+nTajLGwxknbqDezAO+5oo9/xzKrK4vdABuSghG/scrauPLzw8ZX2f890x/T9
-8YLBptYaamDufBQsWUGI5cHs5zTne752TOPmfs0kzSGCM8Ct1AOM4lFC64EZu82y
-u1QEUiV9tEBC77TtZu8hbiVUhtkgp0566NzcB7Yl55rMkQ9yKcQDYfutQH2lxwTa
-271lfGuHsZZwYPhTqLMs8GNzffmkK1pa7OQeOqu4T+jyOXFGlxULDn7UtaA4li8b
-ZZFvFQy/Ab3Pz1ls49AlAR1vsV45yWqxwaQXR9APjCYMLkyi/RGGy/H6DU5Dx+ti
-dtHPMabcS+gO4Dhu5C+8Q6ue9cH6wsZlYMoJLtCcJdGksfOQHoGa/wG+/p9dETww
-gF1ayM/KR+ZZ5F+jAlO5fANywmiE8NJ0W8vRQ1Z55T2F5fxNEgupV9EEYPL2wiVl
-7lJOVutj9l+pxxWEtdha5azEM5gqdfSASWV0mLdJAyOcNdAKgn4+cc4nxZnWwkUQ
-gLd4/6VgXGRE4B/FV3fv32+8G+R+MRux4+du0XjcNJzv0X9Y3rMTXC0XJV8gLrFV
-LisvvfPhD/QYBIxqDbIZBvk=
+A1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUV4IUdAhU4hnAkB2x7/pAxs4QqrlH13Mw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAE/XMNmFNW1U0lu6rx4TZ
+c9GM/Qal3poWcSEKhbH4hinyfGYLQ67hx9vtcBcbgNLqNjnZt0Tio9JnAcFEFFnT
+slCrpnQ9KrHUEDMPgStD2nvg33RkFK6OZdHSm0KxzX1HQFnFMc/HbBtvvx1rTLeC
+RHj4bpwoE00GtOKgvKUfahqRX0yOIsqwok5OBi+Z8BbiSZzLKAjVQ3C+yeu7xsVL
+5kRAIWG3orFJObOP9j9LyRRnzn8v3yUZ48w38oF2PD2l0notCMPDgWfst0T6RdCO
+lwrKqxTcC/4Y23Yz6LUJoWQH5W58cZo2KbH6X5PKbJYpuBxRQp1ShlQvnDxE8E/I
+Z9C3X8drxIw1aqFOHqAfPafEmMkVT0HMA0w6AhX84R2NGhtVaU8Rp+7bMKoU8It0
++HpFVrTyo8DrYUMkDVH8OHM/CxPDNM20DA6g/+pHij/EiL+5WF4ZixhpHe415sBn
+2D43OwSuvmF5XS0kWeQrsfTteUjjyMQXJ82DHn5jUmtzoQSbPEAzJvNL8dxS4deh
+kB/TzkEbCTbzZSPxZjWyf4x3ZwibHhxtz+21Vt1vUe+L6Dui6BBW28UEeLb4O04P
+zgHE8ULD/9Q3fivxABKSt2PgAz1fTD+ywFC4jbzbmI13BVbS6f3BcrL10Auy0KmP
+etHm3Irulez4LlRQOaH8wAU=
 -----END CERTIFICATE-----

.docker/cert.pem

@@ -1,30 +1,31 @@
 -----BEGIN CERTIFICATE-----
-MIIFHTCCAwWgAwIBAgIUVRyOS3aToT5Ztjegz/2yBASD4fkwDQYJKoZIhvcNAQEL
+MIIFXTCCA0WgAwIBAgIUX1k7YkWIPXHhz1JzwppSwHo2vZMwDQYJKoZIhvcNAQEL
 BQAwWjEaMBgGA1UEAxMRQ29udGFpbmVyIFN0YXRpb24xDTALBgNVBAoTBFFOQVAx
 DzANBgNVBAgTBlRhaXBlaTEPMA0GA1UEBxMGVGFpcGVpMQswCQYDVQQGEwJUVzAe
-Fw0yNDExMDcxMDQ3MTRaFw0yNTExMDcxMDQ3MTRaMBExDzANBgNVBAMTBmNsaWVu
-dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVhGZd9iTKEJ2Oqg62H
-diNdLqdbK668u2z/H7ianlNwKjBWNYq7HmA4obyK5Kmjbet0y3eJ1cXr4eo0gqay
-fdnqlfw5TaGhvEGRHgjgKEyfKHwzcMUr23JqrFUkrXWNl6oKvPmGagMF8gWyh9eG
-zBNT9fx7NQkj2gP1uiCrGAJlWYfUENIKems07yZhb3qbjNrbIqlYn9Xq2v+sOgQk
-JP3kayh4CIw/tqFJbh8VPii5R5Fv4wFSxLzfGdtaGw+K1Ia7oEdM37grYtjhEQX4
-tUezg9NSCD5NIARxWVx4tOzYW1hle4QVfQBfqUyGrjeC8TcVFWvQh8X4a6k/IMbl
-kOXV/HSIi8w2eTgPlCZn8jIQTN7gBvRfwqVINfzBDaygqYrBvUrRmdH7ge1cwjo3
-oVeTmruxWU0KgCQmQVsIABB/eJcWiMrSkp+wporFNhJ+ITP4OHTSkC7IV00P43lV
-LgzbzOnu0eQbVPMtaZ1U3+CQit7VebADot1nMZ3TrSPBwnNSzTqP4NmT1b9vqBIV
-HgcKdfxRH8Qg85bBPbElhDvw7Rhj3TZs+3WOEb+xMTZJPS+SE1DxmHwlOACSA8SV
-75w9LRF5jW8sGfjKC1IjSOxr7TozamT7g3fH2rZlN9/iQIQyfj/frZb38tzjQ9Jy
-UDn6dlKfc1/iAhhKn8XsKG9NAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMC
-MAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAT6QBEdS4ejB2GKGlRdHX
-SkIGcp9CN9TEUxmnp+V+qAmUB9k4Y6pLD2CR2Pn85qxLBFP1InTxzxfyJdHoUPRV
-C7/mF/S5efc9+geLMUVcl1+79rFv1DUYhlWKo1CBb+Yx762m9XixID2/WU0k5o8I
-p2xjsamRO/ATomtqzbrApsjgo3qAPStybzkQEI4HoouU3Uf/kXre0qd4IQ4GddPR
-6Gbmh90+ylBxiJ0wQ8bW2rh/BdhqDI/whS0ri4xU6jO0MbWfNm94VLj9h7BluVE1
-hewhF8A90VIAivoAraQxHCnDh6Iy+COKbmSLi4Ct/SosbY23Py0rd8D3kv/98a4d
-ftvHhMYPHtzLn6agH8YO0ow93in1Yua5ul/YSTMwn7wUUGPgpHb/SaWIlZeqv5H4
-TL1R/KGyIUoAn1+488SkvoRtcd+cSZouTVgCUiQxkVLl5+8a2CmWOakkLoM1uxhH
-BLa3ssr5tnGncNYxOKY//v81jEpHE0uJTp7A/uggdLkR3TNh4ZPe3X0wDnroLG6w
-w0ewOleKsbcgMag9Gcx1bYmM9MG+qqJ5QIkLMGCYD2TDoCmTBZsd4fc0t1bxBW2L
-8lIHMaPvfUHYk6PX0RMsUo9x9RP3MY6GUCpQO2ZwsQthU6cqXllnsEK8rChGN1/K
-gVisIAv9yllt8sxGU8xKVdM=
+Fw0yNTA4MTMwMjM1NDFaFw0yNjA4MTMwMjM1NDFaMBExDzANBgNVBAMTBmNsaWVu
+dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ/Be4+vKxjdlM+CRtFv
+rlQSEx8lKr943FOPktxtV84oXnm0w+KiKPHNnJDupqh2TBjWnMvMNNZrdkrG5Ryz
+zhT3MjlAWAM9wfd20LSqxevLclFCZZEvyYjAKHFcw9Y7tGZeHvhCRZ08vIdTPwg8
+0JqZyOQH7uERvUGPZfZJicNcU7z9cJZXteRhZTJexwKDwt3MbROo43HSYxUXK378
+wB+lvN/hZ5WGd8hF89O9CyF24irLXKJq5gPkLf5+amhM9raEGtH5YL7KsOCAkyE4
+Rh3c9rmlxR9jQrpo0x6KA6qAXtM4A/FxTqWe5NSwKTeC+LCZgiNGLcj+wem2N9HI
+vyjmqEzYv5jmEp3eNXJhR+sKawitijdTouyb2aI5Q9kCtQXgAjYcI3bmfT0wFfE9
+Vb/RpJhf70QK3ZA8Ej1ZZngHEfyHUUDdxZvZeCzxv+8N4XeqThy878ljWl5kFeRT
+a/YMfYlQxW7F4usxT6p2QWKb7oq0AsmyKWby75XyUQTiZDoxbZNh9HZRouKAvxhd
+n9v0OKyrVAMEIx3g3fPJ+zMt43pcZQS6BHv+SucXf443wm094P8VpsO4s99xWXQI
+we4jF31jI4011HnOHJ/3p/c9aXco+2nEJN2MyV8tB0YO/v6aHjpsWdhJBVnybuf6
+WpgbF75KSZX1r0leUzxRCpCrAgMBAAGjZDBiMBMGA1UdJQQMMAoGCCsGAQUFBwMC
+MAsGA1UdDwQEAwIHgDAdBgNVHQ4EFgQU/9dtJ1ThWEBazrAYHropGKATowkwHwYD
+VR0jBBgwFoAUlboGUndowyaBNaCYfiMyVrVetMMwDQYJKoZIhvcNAQELBQADggIB
+ABKl/jaCgvA++4XsIpdfUTj2zAKBtiENMTE/ih+oXq3j3Ks6FG+ok3kBBxfdW9Sw
+eInm3YzQR8Yq6i/tkxQWRHo9nLxsSNOznlT5Mx8CkC7QNoOi6oLE/L+vRfM0XnhB
+332immequMIgimnkNWZKb6AxItnCMuaNiaAYT1PXofcCdHQ+xXiIZksYqHv9eyyo
+vAObguto3zAJ5JTqZkq+BuOw4gLl7IJkqOxHby5rha1iNNFw1RM6QVUsADo4h7r6
+Ghh5lY6IBRy72TS6oIIz2FzdqW3QzSEWwy8uQ/DIAaCqcp8v9yPQBl4rqbziR8LW
+Jg1arhekJwivPgrvpGJyAAnsUYkaYiy4QtIq0XU/BauHpch3EEwbfajdjhiMtL0B
+fjfz8uc0HChzHlVYeGOHQqLAShjUNMPWFUxFg4uZV0Zr5JnaaWk5yR96zhKUa54Z
+SI4zAvmH1sB0zzSMwvNCfAdBxujVRjVZCy50l/OkAKZ+3twTtYRggr01Jbi7BVBH
+CUP9wBahk+JfDu/TYrs9eSjXhEHH7B4zfWjaYlq2DToV/aIY6gyuAJmz4VSoCHOp
+UqR51UzyWmaDW+Ktmj9HbhGk42dqrFwcPlmjlgOsXh6kCOP0mUBDY5Tp5TuqtCmI
+Re94OL/qIBTWLETAJxo9RbmjFJG3OJuw9be5fqGuqpF6
 -----END CERTIFICATE-----

.docker/key.pem

@@ -1,51 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEAxWEZl32JMoQnY6qDrYd2I10up1srrry7bP8fuJqeU3AqMFY1
-irseYDihvIrkqaNt63TLd4nVxevh6jSCprJ92eqV/DlNoaG8QZEeCOAoTJ8ofDNw
-xSvbcmqsVSStdY2Xqgq8+YZqAwXyBbKH14bME1P1/Hs1CSPaA/W6IKsYAmVZh9QQ
-0gp6azTvJmFvepuM2tsiqVif1era/6w6BCQk/eRrKHgIjD+2oUluHxU+KLlHkW/j
-AVLEvN8Z21obD4rUhrugR0zfuCti2OERBfi1R7OD01IIPk0gBHFZXHi07NhbWGV7
-hBV9AF+pTIauN4LxNxUVa9CHxfhrqT8gxuWQ5dX8dIiLzDZ5OA+UJmfyMhBM3uAG
-9F/CpUg1/MENrKCpisG9StGZ0fuB7VzCOjehV5Oau7FZTQqAJCZBWwgAEH94lxaI
-ytKSn7CmisU2En4hM/g4dNKQLshXTQ/jeVUuDNvM6e7R5BtU8y1pnVTf4JCK3tV5
-sAOi3WcxndOtI8HCc1LNOo/g2ZPVv2+oEhUeBwp1/FEfxCDzlsE9sSWEO/DtGGPd
-Nmz7dY4Rv7ExNkk9L5ITUPGYfCU4AJIDxJXvnD0tEXmNbywZ+MoLUiNI7GvtOjNq
-ZPuDd8fatmU33+JAhDJ+P9+tlvfy3OND0nJQOfp2Up9zX+ICGEqfxewob00CAwEA
-AQKCAgBBYB8E4UyvEbymM1U4BdUoc3W/cuAuGU8PFBWipHvqcQ1YQ0WqtL2j6z4O
-4AZK9dmzklTOPDY1PyLt2wSnSBmNMzkIeMZw0cwz/2fuUqimcFUNhlBEznj6FcEM
-1oApnoNsi+/5yf6VD8QRBQgfaANyJ24jeX+gjmJoy1wh8+mY6Y7VAXWszFGt7rOD
-h+RPvPPTjZ+WbcdLKGXvJ1F0C7DA84ZWuiNCqNvJ4jN6UiPrgyrkTiXnS03krRS4
-ZcjuxfIMylqVIy46pwwvf6SO0MjifeAc/1/BmvQO5KhPi5+Jj0P6LGrT3fYwSH8f
-3MAZnOJedzpIIqLF/LlULpehqWnrUZ3qOeuyeT3BwPIqV7ubow6Q9q73AHrwl7n6
-sz9ZlE5FD335ZiWfvthf/qIXmKSZVC66e9be87SvcP1+PMV7S6KRtgquCHKTexnS
-+9qmsE2rbMYklmxN3GJC1312S0DDHVO/8/ybCgkYPRwldTYL6qZ/vW8NzQLai2Vh
-51xBOXV677cyUbh5uwx8uEP/sQf+W9jnycUzX22jTcxEYlYwW8ujpGvgyUjaKVh5
-OkoM+gXEr4qFdIawM+GDTdnw29pexeOn0a6IKsnWD6//Ecdpx+IVLhZhNMLhZrO1
-V6g/lQI6fFeym/UwAb402QsXyTMYcn3hi6tLlOO7q7dePLJ5gQKCAQEA5K0bv9Zx
-N9SJmIhCiq9hZIvd+9D2YQHUYyoWvUZKdQRhn7odA8ysP3MeKHKpK0xq321h/qTf
-T6eH+cg3IOi4FVJ8St1RbTJEZ91wZLpYorj95Ty0SWN5wu8DnozcdwK4XfejOxBU
-kAa+nZuzXl1YbtYmHmrooPlPRga0tHw5xaasNO4kQ28+IHUFhvO62tH/OGKNs3qm
-Amnd2+IPeOfsOU5A5vDp5cjLMsW4OclFFEgFjhjXm0qE4Qf5IMfOdjGfxCkG2PQ2
-KQRYHECqmSlF4Nl1wn+gxYwG23HIcLk+aEqhaD50cBkDgRQaW+Bl1q4BE5z7V2OY
-mDXdcokloRpnYQKCAQEA3PapfQfnodCBhhWCl+F9ymcUDYYt7iAJCQ6PDB2/skrj
-sinBqyPjrI9TBPiQUfIwuxxrQHUoylvYejRYsuKOo7PPebx6vSvaYsxbZdqG6PQY
-p/aPCDn+tcze0j3KRqKCl0v2QyVVNM+WeuzpgrRJZ+5Q6PtUJqlTFrUsW/XzpaF5
-qrsIv7oboJdeLr+700j7tev/yPNahJAVAl/1JBtOgLLQjX+btREbnk/Cy8vpeDHt
-ZMbFiK80txgoMDnXjs9ZvnBL/o16bSqWGxSmOKkkwMk+cS6EKLWw2UqbqwC4pcBx
-rCl4Y/1lfo6Ux3l95Mcm08l0aqRQU2TXj8tQWEFLbQKCAQEAlcNNnijqQz890hjD
-Q6KyrS/w9N+YzFVvbHZ/J/yl/NcevIYeRIPB91gEU0csxb+paqRvfl8qJTe6FPts
-J3BiRwybfEhP8KzwIfnjhwSH0iJHnd9Qz5OHhgQVIbxtEsBEUL5DOAZs61qPchcr
-tMx7gzNbCabIrcw5f8oahO2qxGhw9cVVGJj9XjJlqUlsgazwclQRK49Ss9fzxfLa
-YTu6+JjoZpc3CBemBJ17FtVbGXpFsRdR9VErj1kybqaM79l2Ifkgk+v0oI5IylAL
-qn1eV3Dz76q4d0hKoWN2e2TGm3TtGqF0jonDQsEQtkVTTPLun5K7BTOkF2OHoWBy
-tXzeYQKCAQEAyY2l5IrFWvDadPhB+1CQcYO84uk2FDPcigphqWepaHSvZeB47Cb8
-knbZ/3rMCjOlB8hQfKdh4dQNjssY7XODMQffhOfL/ap2thA6fpnq3atqoithJNvh
-3utVhOkgDXZHMML1iyIOqvGADfj0t2jEXK0h2KMIi4uAYwI3yFp9OOQmGvoobNrS
-QJZSLspuBbhZAgSXeTGhq7HRuCzXa2wNG5AAdFGmMm+8hZez1DnYaO8B4B8AKEHJ
-EApU/kiEu5uf/PpqF3Pt7I4gBeu8A4smH0RyVMNdgdTZ0BsiC8XIqEj2Z1gcnPiT
-D/H2/E1x7LFMVXs5Wd0v+CHQDzYhv58vsQKCAQAS8NTOVa2PnFu98qp/HZUWgm3B
-t3Ed80D1SOEWQx2ejTnxo6VWpJUdv7cLvY45iRktGZ/mBaEw52LZTThomZmWU7G/
-vaBB/o61Xo/FbVK9SrFgN7x8a+VsxotKqdPU2Ddi+yeJyXeLPJRqHhIjhbYAq0eo
-pb6cLDMrXV71y7O7eFRfv5fnv1zHZkRU1bG1qWuod1oz6NUoEh9mH4+jrRtoSd6H
-1o5c5orPyaNOCGVMdlKAOZwWlvkC+cI+9vBMbKR+wfE3Cdg73v/bvZS/iwVCchPu
-79tcZf81Jk7mW4MBWfR+esDazChBEMEMZ/g4QUxQZreUnYIJZluIuTiilcPB
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCfwXuPrysY3ZTP
+gkbRb65UEhMfJSq/eNxTj5LcbVfOKF55tMPioijxzZyQ7qaodkwY1pzLzDTWa3ZK
+xuUcs84U9zI5QFgDPcH3dtC0qsXry3JRQmWRL8mIwChxXMPWO7RmXh74QkWdPLyH
+Uz8IPNCamcjkB+7hEb1Bj2X2SYnDXFO8/XCWV7XkYWUyXscCg8LdzG0TqONx0mMV
+Fyt+/MAfpbzf4WeVhnfIRfPTvQshduIqy1yiauYD5C3+fmpoTPa2hBrR+WC+yrDg
+gJMhOEYd3Pa5pcUfY0K6aNMeigOqgF7TOAPxcU6lnuTUsCk3gviwmYIjRi3I/sHp
+tjfRyL8o5qhM2L+Y5hKd3jVyYUfrCmsIrYo3U6Lsm9miOUPZArUF4AI2HCN25n09
+MBXxPVW/0aSYX+9ECt2QPBI9WWZ4BxH8h1FA3cWb2Xgs8b/vDeF3qk4cvO/JY1pe
+ZBXkU2v2DH2JUMVuxeLrMU+qdkFim+6KtALJsilm8u+V8lEE4mQ6MW2TYfR2UaLi
+gL8YXZ/b9Disq1QDBCMd4N3zyfszLeN6XGUEugR7/krnF3+ON8JtPeD/FabDuLPf
+cVl0CMHuIxd9YyONNdR5zhyf96f3PWl3KPtpxCTdjMlfLQdGDv7+mh46bFnYSQVZ
+8m7n+lqYGxe+SkmV9a9JXlM8UQqQqwIDAQABAoICABPVeSozFLYvGGEU6wbohyuv
+3Mjim+aOskf7jL+qIZsaPvR8QU+bU1sF7Hi/8Ff86+CvkGLq9OpkCBkrjVldZ2oJ
+8KXT+7lXSwQWr72mcBEgvo4hIKwAU1STitHcMwIfgnutFso6rBrj5gIlDy/OIRX4
+nszUwU8XHTiM/ZswsRZcmZbenkJEHHSAtQgmZS3GPwS7cxVcQ/SnKp79M+y9o3qq
+YIMpIGubeLaYHLf+genDMTwf6F3PyMPV6fHtLvfJCl5Jk2zbOawmTQRqYhnfOzFM
+9CLDVnBZqfirt/5UIzVhX6R4kWDB8QI18nIHdu6J56dBP7tyZI/ONTP3aAG3Gyhd
+yc9X4RDz8KMuZZddX6C3OmIunAjL65jYMnf0UFbFUvRW/UNC/uWojSiJi6oKx3m1
+N0VlrPJMia7ueTSFPdtiBcyutTW5JoYZT9UiVcH9mHqYAW3EbCwngeiENryiwS5x
+5Sa39GMv70kCmwXP7HmWYGbnaNaW/k/Za+d1tQyIYBwzGMv5BPTPgJHApO0saYWq
+FPko/DXDkRsK+U9s7gY4z70Dg9y3UMy3oQcLSuvXd1x3dM78LwhrZ/0Wkr+UQY4f
+Pp/QktQQCBjrGkboK/dFewhFRqPUqOY6KQns4+Em1FpoWHJz0jOGO4LN07ZeZX+C
+uoI/q+wX7k6NF2buy32NAoIBAQDhuohKX4+GUQOJCWI0HhXDdZguLOLgtRdnfJB0
+7Zy9SXlGI4jRVD3/wr0KjaKCWUbN5EmhYuPZQloH1kuTbIJDfCCfDwAfLfdJbS/a
+WGhFOF4QmjqYyIu9PaqfVkUklk24CguHWf93O/JPIuozuj4qOokvaPBTCfk93drP
+O0d9wvLxXCKDX5MdJ2D82kaMbBB0dvGGHqECu1n8S/i11k+lG/27zXTzBc5Z6fcL
+pQnglNPinzcFUw+b/jebvqfyYVsgGL1IVFs/PXl5F87W4T/NvfymRlV3qInXPveq
+buCJvZPngsGC0ZaCMG8gvs1oVGRXNPDV8PYaIPO0S++aXz+fAoIBAQC1Lgr7ASos
+mCV2Mypm7hTugz8p20usEclxnMsTeSQiQMERUQWZ5yEh6p7lOyw/omTjUDduit3H
+i2cHqYvpvPb6p+mT6NIv9kq5i4Rwz3RuABr8OpWUjqxszMz/h4sgHZd+o+TTR7As
+lBiWCG3sJwmsdf+7AkZ9uUnQ9BCiep5vixAey8N3TlY0RBdeFdA/xgB2yRHwEkMZ
+lsCCEE77vvmQTNlTVpE0C6/w78JeEWJtQkW/tc3CRCxZvDtI1/j4LyI9AWQ12PHI
+ZZsPxyofiZXd4C/q3nMyrbpK+3bp4RdD2/TUl5PF+VsrZw//d16bJxmQocDQ++z2
+dcs+xaapGGN1AoIBAQCagtBf+GGKE1JULzQlcKJ9FLWChf8WyV6n28AWCb/MYcq9
+k/1HLF7z/xzfaGvgxbONo8Iy0jocsSpnSuyYkSHph8Hcnqv6q8AlZrPmxbU6DId2
+3dtWUZA1jUyJnMffb3LrkxSpJZWUzFfki4W8urNqvH7DERXQAXe2PXJVf8JD93nM
+dMC7JGTTA+2DpvW7kQ0Ca5iPsc+MyymhZW9tKLGD11EriEuRPlwtd9U/B01niPgw
+m8NRxbVdlfoChdL4OmPh6I1IQVXkR/QqS32t4KmH75BNUL+YFKmlyNhGtXbFUhs3
+0W0cWtKncvfedjysOXglqXthNnt/DydCNuhfxusJAoIBACdvqzIxcbWdNGJDBtK6
+tdGovcHlmtYMVRWmtEk70BKol52mThrOxVZ1lDp/I8WCGoWj+zzTeyyo+jcfv3WU
+DQpILD5mqgGIkYFLjftkHIqo+Ta3pcFdQMi511EzdqP57PTCxdb7PqylW6ikkxCY
++rEQSiaxexh4kUmrJkfHet76nPqnDZfVdEwSGif/hYGsHoO8hmwD/Zj/SE3HMPn4
++qdfItrR9+8lMBm4hk0laZAwoa/16aCEaEbsAtd7MxUKZWB0AhT6cL5W52aKym9s
+6jMOTj/IRbjdObSCgcKsnPzHTsZLa/3mpeKPn1rS58PLwfPKUYbrnwuSXjf+m6Uo
+ytUCggEAfGt5I3vGt9teDhBNgHwx87TP6LxMi0eiTdo+Tv7aIt+EJcsK+rdVzr3l
+vTRemlbk3OOU2bat1i7IHuEFu9HIIw2S25sPTrFtHbR4Ux4i/wur3j69/3dOKmsZ
+V8hkZ4zJy5EarbwLg+tlGG8ikaEUuGgy1fxJ4OUOGiHDi+/GOR9Pox7T1oRwIjEI
+5RQXbtR9xI1SL1USGPWsR3CsqI64VNZyNZfWmt/1t6SzTmmshceo7c/72kMHopP8
+PkatcTLiMuTeXCuL4UIWaBKw4Y/aaxJCDDXFUNTryDkuZIxVyhQgvLpzucfRUH+t
+rz9TdKIcHTWfelGC5dFiuBW2cPo35w==
+-----END PRIVATE KEY-----

.idea/terraform.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="TerraformProjectSettings">
+    <option name="toolPath" value="c:\dev\tools\terraform.exe" />
+  </component>
+</project>

.terraform.lock.hcl

@@ -1,11 +1,12 @@
-# This file is maintained automatically by "terraform init".
+# This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 
-provider "registry.terraform.io/kreuzwerker/docker" {
+provider "registry.opentofu.org/kreuzwerker/docker" {
   version     = "3.0.2"
   constraints = "3.0.2"
   hashes = [
     "h1:DcRxJArfX6EiATluWeCBW7HoD6usz9fMoTK2U3dmyPk=",
+    "h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
     "zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
     "zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
     "zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",

_disabled/airsonic.tf

@@ -48,6 +48,11 @@ resource "docker_container" "airsonic" {
     type = "bind"
   }
 
+  volumes {
+    container_path = "/data"
+    volume_name = "truenas-arr"
+  }
+
   networks_advanced {
     name = docker_network.bridge.name
     ipv4_address = "192.168.2.83"

_disabled/authelia.tf

@@ -0,0 +1,47 @@
+data "docker_registry_image" "authelia" {
+  name = "authelia/authelia:latest"
+}
+
+resource "docker_image" "authelia" {
+  name = data.docker_registry_image.authelia.name
+  pull_triggers = [data.docker_registry_image.authelia.sha256_digest]
+}
+
+resource "docker_container" "authelia" {
+  image = docker_image.authelia.image_id
+  name = "authelia"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/secrets/JWT_SECRET",
+    "AUTHELIA_SESSION_SECRET_FILE=/secrets/SESSION_SECRET",
+    "AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/secrets/STORAGE_PASSWORD",
+    "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/secrets/STORAGE_ENCRYPTION_KEY"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.151"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/authelia/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/secrets"
+    source = "/share/appdata/authelia/secrets"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/autobrr.tf

@@ -0,0 +1,40 @@
+data "docker_registry_image" "autobrr" {
+  name = "ghcr.io/autobrr/autobrr:latest"
+}
+
+resource "docker_image" "autobrr" {
+  name = data.docker_registry_image.autobrr.name
+  pull_triggers = [data.docker_registry_image.autobrr.sha256_digest]
+}
+
+resource "docker_container" "autobrr" {
+  image = docker_image.autobrr.image_id
+  name = "autobrr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=999",
+    "PGID=321",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.148"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/autobrr"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/barcode_buddy.tf

@@ -0,0 +1,39 @@
+
+data "docker_registry_image" "barcode_buddy" {
+  name = "f0rc3/barcodebuddy:latest"
+}
+
+resource "docker_image" "barcode_buddy" {
+  name = data.docker_registry_image.barcode_buddy.name
+  pull_triggers = [data.docker_registry_image.barcode_buddy.sha256_digest]
+}
+
+
+resource "docker_container" "barcode_buddy" {
+  image = docker_image.barcode_buddy.image_id
+  name = "barcode_buddy"
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/barcode-buddy"
+    type = "bind"
+  }
+
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.150"
+  }
+}

_disabled/bazarr.tf

@@ -0,0 +1,49 @@
+data "docker_registry_image" "bazarr" {
+  name = "lscr.io/linuxserver/bazarr:latest"
+}
+
+resource "docker_image" "bazarr" {
+  name = data.docker_registry_image.bazarr.name
+  pull_triggers = [data.docker_registry_image.bazarr.sha256_digest]
+}
+
+resource "docker_container" "bazarr" {
+  image = docker_image.bazarr.image_id
+  name = "bazarr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=1000",
+    "PGID=1000",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.152"
+  }
+
+  networks_advanced {
+    name = docker_network.whisper-asr.name
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/bazarr"
+    type = "bind"
+  }
+
+  volumes {
+    container_path = "/data"
+    volume_name = "truenas-arr"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/brother-printer-webhook.tf

@@ -0,0 +1,29 @@
+
+data "docker_registry_image" "brother-printer-webhook" {
+  name = "gitea.rescla.me/rescla/brother-printer-webhook:latest"
+}
+
+resource "docker_image" "brother-printer-webhook" {
+  name = data.docker_registry_image.brother-printer-webhook.name
+  pull_triggers = [data.docker_registry_image.brother-printer-webhook.sha256_digest]
+}
+
+
+resource "docker_container" "brother-printer-webhook" {
+  image    = docker_image.brother-printer-webhook.image_id
+  name     = "brother-printer-webhook"
+  hostname = "brother-printer-webhook"
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.grocy.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/freshrss.tf

@@ -11,7 +11,7 @@ resource "docker_container" "freshrss" {
   image = docker_image.freshrss.image_id
   name = "freshrss"
   restart = "always"
-  env = ["TZ=Europe/Paris", "CRON_MIN=1,31", "OIDC_ENABLED=0", "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.xz1.nl --db-base freshrss --db-host 192.168.2.127 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en", "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"]
+  env = ["TZ=Europe/Paris", "CRON_MIN=1,31", "OIDC_ENABLED=0", "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.xz1.nl --db-base freshrss --db-host 192.168.3.24 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en", "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"]
   mounts {
     target = "/var/www/FreshRSS/data"
     source = "/share/appdata/freshrss/data"

_disabled/home-assistant.tf

@@ -7,9 +7,9 @@ resource "docker_image" "home-assistant" {
   pull_triggers = [data.docker_registry_image.home-assistant.sha256_digest]
 
   # Try to preserve the docker image before removing the container
-  lifecycle {
-    create_before_destroy = true
-  }
+  # lifecycle {
+  #   create_before_destroy = true
+  # }
 }
 
 resource "docker_container" "home-assistant" {

_disabled/jellyfin.tf

@@ -38,16 +38,9 @@ resource "docker_container" "jellyfin" {
   }
 
   # https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
-  mounts {
-    target = "/media"
-    source = "/share/datarr/media"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/media-hdd"
-    source = "/share/datarr-hdd/media"
-    type = "bind"
+  volumes {
+    container_path = "/datarr"
+    volume_name = "truenas-arr"
   }
 
   devices {

_disabled/readarr.tf

@@ -31,10 +31,9 @@ resource "docker_container" "readarr" {
     type = "bind"
   }
 
-  mounts {
-    target = "/data"
-    source = "/share/datarr"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = "truenas-arr"
   }
 
   lifecycle {

_disabled/scholarsome.tf

@@ -34,7 +34,7 @@ resource "docker_container" "scholarsome" {
 
   networks_advanced {
     name = docker_network.bridge.name
-    ipv4_address = "192.168.2.146"
+    ipv4_address = "192.168.2.149"
   }
 
   networks_advanced {

_disabled/tdarr.tf

@@ -0,0 +1,58 @@
+data "docker_registry_image" "tdarr" {
+  name = "tdarr/tdarr:latest"
+}
+
+resource "docker_image" "tdarr" {
+  name = data.docker_registry_image.tdarr.name
+  pull_triggers = [data.docker_registry_image.tdarr.sha256_digest]
+}
+
+resource "docker_container" "tdarr" {
+  image = docker_image.tdarr.image_id
+  name = "tdarr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=444",
+    "PGID=321",
+    "UMASK=002"
+  ]
+
+  networks_advanced {
+    name = docker_network.bridge.name
+    ipv4_address = "192.168.2.134"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/share/appdata/tdarr/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/cache"
+    source = "/share/appdata/tdarr/cache"
+    type = "bind"
+  }
+
+  # https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
+  volumes {
+    container_path = "/datarr"
+    volume_name = "truenas-arr"
+  }
+
+  devices {
+    host_path = "/dev/dri/renderD128"
+    container_path = "/dev/dri/renderD128"
+    permissions = "rwm"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

_disabled/whisper-asr.tf

@@ -0,0 +1,36 @@
+data "docker_registry_image" "whisper-asr" {
+  name = "onerahmet/openai-whisper-asr-webservice:latest"
+}
+
+resource "docker_image" "whisper-asr" {
+  name = data.docker_registry_image.whisper-asr.name
+  pull_triggers = [data.docker_registry_image.whisper-asr.sha256_digest]
+}
+
+resource "docker_network" "whisper-asr" {
+  name = "whisper-asr"
+}
+
+resource "docker_container" "whisper-asr" {
+  image = docker_image.whisper-asr.image_id
+  name = "whisper-asr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "ASR_MODEL=base",
+    "ASR_ENGINE=openai_whisper",
+  ]
+
+  networks_advanced {
+    name = docker_network.whisper-asr.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/.docker/ca.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+DCCAeCgAwIBAgIUQifQlQiFfb3+C9S/ioDdmLqzpykwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJRG9ja2VyLUNBMB4XDTI1MDQyMDEzNDIwM1oXDTI2MDQy
+MDEzNDIwM1owFDESMBAGA1UEAwwJRG9ja2VyLUNBMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA0M5kRHJlQvXRnsCEbd0wH45phnJUwK6MB+Osg5smx8I/
+nCMKPVIMPfMGkQiA4uGPLiArfdxM8EDSpuxNRq4AoHnsCmVkHb2z0Jr0NG8Ojo/H
+/zb2EbA2s6ULoVVVHl+YqvWdyxocbvO8k06B8JWo8O5t9jdD3VJnd10m3Q/3U9Ms
+yLe+XSm2w1mBwYy6+5sRgDPsptTxa7k4lZIH2H6Xb7rPgIQxgPabIDXASBPdHD5x
+tsBRTQvc/n1iCo33aFBH6GHIMINSKtJLPAXG9uHqaYQzCkrBEIpLT+wNJ9DV22kI
+PCgk4JHj1W2tnE7gTui8I4z8UGtpgK9V+SCTDPC7VQIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJI5YNo15YDQyLGX8
+TY3za1cMrhcwDQYJKoZIhvcNAQELBQADggEBAA+Xmoc5q/iGcQZvKijqweWh2wFG
+uRH7ITi/lIBVqR+TGzr4p/q/NsW9qZPuLmrcFocIuR0XgMSAuyrfyFK/G+9ReF4g
+YVnzsYJDgCEkxQTQXfcnhj3ZqANFIqjFzn9Txw+7bysdY98gxQ3oD5omk7qdE04D
+idmGol6GY/PRhncAeU23cKAC6/QcrK3CJtArq0ZGiI3BWuCKOMPuYxvyAMdcsEh0
+MKV3fSesgvW1n/hlwbT/QnXJeAUzbxOl7yE7oI5reDS2Ay9S93R/cM4n84c6FeTw
+b1qq0x9Jqy7L7p5QwP9OpBQhfcu1q2wQ4OpIb4fkoNpTKAtrnOGdxJh/iOU=
+-----END CERTIFICATE-----

core-os-podman/.docker/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDzCCAfegAwIBAgIUM96AXB5F2mKW3i5msm8VwLKYgBQwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJRG9ja2VyLUNBMB4XDTI1MDQyMDEzNDIwM1oXDTI2MDQy
+MDEzNDIwM1owFDESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAoLAdb+g4mMvUZfZ9PHcd4Z6yiaUdi+TPKphQov+NtnU9
+qAqoYOWTLhYW6P1OeSMwaKnYdRVvafajk2mXFPbcgpMnd1eE+jutrAgE+9a9zqfS
+nSFFloqlHA75GpAbS5cB5Xvaj5mBMItMdfi34t/j4V8VHpLqV7obVHoMHtQwf0aY
+LLuCADMtW3XnWyNzL/yKN+HpyCDMIhm98csC6HTi1gHrSCkDlV5hhwQ6QyQ1gPbu
+3/XxGTyYTgjFGfY8PsMBzR8+VZDTR1edu/2+ofBgjy7FR8njcxwa4l2FrhRr3bLx
+o8mtbxUY1QJE11BwpEBApXtobIptkt6b1aEjpc14nwIDAQABo1kwVzAVBgNVHREE
+DjAMhwR/AAABhwSsFADPMB0GA1UdDgQWBBRKx6l7qTFRQTzjcOXH+p3ao/2vnzAf
+BgNVHSMEGDAWgBQkjlg2jXlgNDIsZfxNjfNrVwyuFzANBgkqhkiG9w0BAQsFAAOC
+AQEALHEYeN128jMCm02Xwig8kOJmFOs9Ih0nS5aJXyX8ClzLGPA1HLN9ljOVX9y0
+dcP2VwNkenNTBJsmU1YvTedBwWGVzJ1/7fZoNQwPzjMM4cvnygvZRy73ck8b2zLg
+oL+4cfNOcsdg+AWKJAcCwWU1ZzHgr5F7Ky9OKS1VfAanG0uRdCahuZoJqB05wdUH
+I2PxKEcgj55DS35tVEHxvlSsn+qft85+iRdWwgwJEsnFnjI7qNlrEl9m6ZUjSX1Z
+rxxn4L0SW2586BcIlj27CRvzm9n2BC51paoqvJ3u5VYQztGf/IQWdyIpjSeEZ2sN
+pI7c2e0HUIu9kXg1y1Nah4AF2g==
+-----END CERTIFICATE-----

core-os-podman/.docker/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgsB1v6DiYy9Rl
+9n08dx3hnrKJpR2L5M8qmFCi/422dT2oCqhg5ZMuFhbo/U55IzBoqdh1FW9p9qOT
+aZcU9tyCkyd3V4T6O62sCAT71r3Op9KdIUWWiqUcDvkakBtLlwHle9qPmYEwi0x1
++Lfi3+PhXxUekupXuhtUegwe1DB/Rpgsu4IAMy1bdedbI3Mv/Io34enIIMwiGb3x
+ywLodOLWAetIKQOVXmGHBDpDJDWA9u7f9fEZPJhOCMUZ9jw+wwHNHz5VkNNHV527
+/b6h8GCPLsVHyeNzHBriXYWuFGvdsvGjya1vFRjVAkTXUHCkQECle2hsim2S3pvV
+oSOlzXifAgMBAAECggEAIjsCOlmk3N/nAkWNDjlt0ydkbzAOaEO44iEKZH6+KJU3
+KjoC/olJXjL0dHOpqOKXKGSuKNsFHfSdigSfW6bu+J3ydVjeihP2fkRDE4b+biyQ
+EEsLMPOeEqkZ5c+3ENY9YC6PM7IGtFmoUyVFvv3k5JjFvfqcE04hDlDljhezsRj4
+2fTG5vHOC/rtVRxov5Fy2rL33+bRBKkZ3CTku2H306/3A0Qgml1/4HwzrMD9FpSM
+K27tHGKKb4u4iXxpSAMvHt2uZR/DFe8n4MnIvWFTeIaYRnXwHLUAMSKhhKFOA4BU
+6juksZ9quU5awKI1l0k+j+7zJP9v+HGULiK52v5XmQKBgQDiPqEQu4nP35HrslNY
+hUWRZfkcqfKaT45iSeNLrB2LcWNobE52pWdhb6UUvnrzcBZGL4EKgt+wxg/idPJU
+FUYgGS0tGRgsSbJ5HURpoaTz1LMgPpDYbWegZgfcbnluhrWDQ3AAUtkh53B+K/ZM
+M4GaxY98C1/1Lq2ZgI9p3U11ywKBgQC10kZcluOfD23L8kZcWYQK/S/+FFuLAP1B
+tG8GdsSIfKmcRPUo3UvNuGwblJodYcSSUZlAq5pyLI93L+rc81Sqp6ne3l0uELFN
+xNDP0Wf/BamjEq5CerER1cjlWggxFvz7wtO1fD5g8CdLD6xlp8IUZ9fFEQFOBGiF
+gCmVATZN/QKBgDDXXGYEVmft186OHLgLbU1KOlEZzynI6vAFC3CWo3oq7E7qsrWi
+V4MNWxHzXQ+YrvZP4wel4SyEVYGJxZapUQ404S/PLwzAjCrhSpeTMc0BqfnYB+Tx
+GWHjJOdNYiGeKyk/MbqgKAfNstdKHk2tANmstKEOw5Rmk0uEGXG9OK+pAoGAfbJX
+2EysIdttwW/FerSb12j/07xJKQjPDKxrkOFsrxrXuuPlRJHwhND5U/vgq21akvj8
+ZLv9su7hY7lpucQzBSOSCTRa4KzDlor4/KK9LY3Bn64bcHQXk8fi8cPTI/TLglVH
+PREeoq+Dyp2URla6kpbTkTZXW5MqmxhmJs/GthUCgYA8sqcJ3wrEyUreAkFRPmHg
+0g5T+TAn36bMotOVo1bcssGZ5lPdL9ovkGdCnihaA2JM2ARNr7mAjBBRnZqGMJmJ
++yQKv9crpXpgXek6T7fJL9rB1QHfNs5B5ML3zEaXXQEdVNZ2d+kVWIK0vahEKCzI
++KbMyrLmU3OK5Uw8j1BYyg==
+-----END PRIVATE KEY-----

core-os-podman/.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/kreuzwerker/docker" {
+  version     = "3.6.2"
+  constraints = "3.6.2"
+  hashes = [
+    "h1:1K3j0xUY2D0+E+DBDQc6k1u6Al9MkuNWrIC9rnvwFSM=",
+    "h1:sbdKCURC0XeBU6kPVfj24w7mtZtKbuibaqxtZEZ4bjU=",
+    "zh:22b51a8fb63481d290bdad9a221bc8c9e45d66d1a0cd45beed3f3627bf1debd8",
+    "zh:2b902eb80a1ae033af1135cc165d192668820a7f8ea15beb5472f811c18bea1f",
+    "zh:57815dcea28aedb86ed33924cd186aaee8bd31670bd78437a2a2daf2b00ce2ae",
+    "zh:583af9c6fe7e3bfc04f50aec046a9b4f98b7eddd6d1e143454e5d06a66afcf87",
+    "zh:80f8cba54f639a53c4d7714edb7246064b7f4f48ba93a70f18c914d656d799db",
+    "zh:894709f0c393c4ee91fdb849128e7f0bce688f293cd1643a6d4e39c842367278",
+    "zh:a91b41dbcb203d6dae2bb72b98c4c21c41255026b35df01895882784c4650071",
+    "zh:aec40a8157aae093412a1fb9a71ab2bea370db152e285c2d81e37ed378444b9c",
+    "zh:b87d7def2485dde6e57723c1265158f371440a8a84954c9fdb0580cf89de66bf",
+    "zh:b9dc243200ad9cd00250cb8c793ecea4ee3c57a121faf8efdb289f30008b5778",
+    "zh:dcb103831db6d3ef95468685cd104be3928793996542a1f675dc34a2ce67951d",
+    "zh:e59b4a0f2b5881016896d4417b1ab2fb87f34450663efeb01f3bcf7c3606fbbb",
+    "zh:fbd068c01114f0712578cf02f363b5521338ab1befedddf7090da532298b43d0",
+  ]
+}

core-os-podman/_disabled/haproxy.tf

@@ -0,0 +1,36 @@
+data "docker_registry_image" "haproxy" {
+  name = "haproxy:latest"
+}
+
+resource "docker_image" "haproxy" {
+  name = data.docker_registry_image.haproxy.name
+  pull_triggers = [data.docker_registry_image.haproxy.sha256_digest]
+}
+
+resource "docker_container" "haproxy" {
+  image = docker_image.haproxy.image_id
+  name = "haproxy"
+  restart = "always"
+
+  mounts {
+    target = "/usr/local/etc/haproxy/haproxy.cfg"
+    source = "/mnt/appdata/haproxy/haproxy.cfg"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.19"
+  }
+
+  networks_advanced {
+    name = docker_network.ip6net.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_disabled/resilio.tf

@@ -0,0 +1,52 @@
+data "docker_registry_image" "resilio-sync" {
+  name = "lscr.io/linuxserver/resilio-sync:latest"
+}
+
+resource "docker_image" "resilio-sync" {
+  name = data.docker_registry_image.resilio-sync.name
+  pull_triggers = [data.docker_registry_image.resilio-sync.sha256_digest]
+}
+
+resource "docker_container" "resilio-sync" {
+  image = docker_image.resilio-sync.image_id
+  name = "resilio-sync"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=556",
+    "PGID=321",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.18"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/resilio"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/sync"
+    source = "/mnt/datarr/resilio/sync"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/downloads"
+    source = "/mnt/datarr/resilio/downloads"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_disabled/solidtime.tf

@@ -0,0 +1,90 @@
+data "docker_registry_image" "solidtime" {
+  name = "solidtime/solidtime:latest"
+}
+
+resource "docker_image" "solidtime" {
+  name = data.docker_registry_image.solidtime.name
+  pull_triggers = [data.docker_registry_image.solidtime.sha256_digest]
+}
+
+resource "docker_network" "solidtime" {
+  name = "solidtime"
+}
+
+
+resource "docker_container" "solidtime-app" {
+  image = docker_image.solidtime.image_id
+  name = "solidtime-app"
+  hostname = "solidtime"
+
+  env = [
+    "CONTAINER_MODE=http",
+    "APP_URL=https://solidtime.rescla.me",
+    "APP_FORCE_HTTPS=true",
+    "CONTAINER_MODE=worker",
+    "SUPER_ADMINS=solidtime@xz1.nl",
+    "DB_HOST=192.168.2.127",
+    "DB_PORT=5432",
+    "DB_DATABASE=solidtime",
+    "DB_USERNAME=solidtime",
+    "DB_USERNAME=solidtime",
+  ]
+
+  mounts {
+    target = "app-storage:/var/www/html/storage"
+    source = "/var/lib/containers/solidtime"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.17"
+  }
+
+  networks_advanced {
+    name = docker_network.solidtime.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "solidtime-queue" {
+  image = docker_image.solidtime.image_id
+  name = "solidtime-queue"
+
+  env = [
+
+    "WORKER_COMMAND=php /var/www/html/artisan queue:work"
+  ]
+
+  mounts {
+    target = "app-storage:/var/www/html/storage"
+    source = "/var/lib/containers/solidtime"
+    type = "bind"
+  }
+
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.17"
+  }
+
+  networks_advanced {
+    name = docker_network.solidtime.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_ollama_test/ollama.tf

@@ -0,0 +1,35 @@
+data "docker_registry_image" "ollama" {
+  name = "ollama/ollama"
+}
+
+resource "docker_image" "ollama" {
+  name = data.docker_registry_image.ollama.name
+  pull_triggers = [data.docker_registry_image.ollama.sha256_digest]
+}
+
+resource "docker_network" "ollama" {
+  name = "ollama"
+}
+
+resource "docker_container" "ollama" {
+  image = docker_image.ollama.image_id
+  name = "ollama"
+  restart = "always"
+
+  mounts {
+    target = "/root/.ollama"
+    source = "/mnt/appdata/ollama"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.ollama.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/_ollama_test/open-webui.tf

@@ -0,0 +1,41 @@
+data "docker_registry_image" "open-webui" {
+  name = "ghcr.io/open-webui/open-webui:main"
+}
+
+resource "docker_image" "open-webui" {
+  name = data.docker_registry_image.open-webui.name
+  pull_triggers = [data.docker_registry_image.open-webui.sha256_digest]
+}
+
+
+resource "docker_container" "open-webui" {
+  image = docker_image.open-webui.image_id
+  name = "open-webui"
+  restart = "always"
+
+  env = [
+    "OLLAMA_BASE_URL=http://ollama:11434"
+  ]
+
+  mounts {
+    target = "/app/backend/data"
+    source = "/var/lib/containers/open-webui"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.ollama.name
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.14"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/audiobookshelf.tf

@@ -19,38 +19,25 @@ resource "docker_container" "audiobookshelf" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.146"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.20"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/audiobookshelf/config"
+    source = "/var/lib/containers/audiobookshelf/config"
     type = "bind"
   }
 
   mounts {
     target = "/metadata"
-    source = "/share/appdata/audiobookshelf/metadata"
+    source = "/var/lib/containers/audiobookshelf/metadata"
     type = "bind"
   }
 
-  mounts {
-    target = "/audiobooks"
-    source = "/share/datarr/media/audiobooks"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/podcasts"
-    source = "/share/datarr/media/podcasts"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/podcasts"
-    source = "/share/datarr/media/podcasts"
-    type = "bind"
+  volumes {
+    container_path = "/truenas-arr"
+    volume_name = docker_volume.truenas-arr.name
   }
 
   lifecycle {

core-os-podman/configarr.tf

@@ -0,0 +1,45 @@
+data "docker_registry_image" "configarr" {
+  name = "ghcr.io/raydak-labs/configarr:latest"
+}
+
+resource "docker_image" "configarr" {
+  name = data.docker_registry_image.configarr.name
+  pull_triggers = [data.docker_registry_image.configarr.sha256_digest]
+}
+
+resource "docker_container" "configarr" {
+  image = docker_image.configarr.image_id
+  name = "configarr"
+
+  log_driver = "local"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/app/config"
+    source = "/var/lib/containers/configarr/config"
+    type = "bind"
+  }
+
+
+  mounts {
+    target = "/app/cfs"
+    source = "/var/lib/containers/configarr/cfs"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/app/templates"
+    source = "/var/lib/containers/configarr/templates"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/deluge.tf

@@ -12,6 +12,9 @@ resource "docker_container" "deluge" {
   name = "deluge"
   restart = "always"
 
+  memory = 1000
+  memory_swap = 1000
+
   log_driver = "local"
 
   env = [
@@ -20,23 +23,23 @@ resource "docker_container" "deluge" {
     "UMASK=002"
   ]
 
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.137"
-  }
+  network_mode = "container:gluetun"
 
   mounts {
     target = "/config"
-    source = "/share/appdata/deluge"
+    source = "/var/lib/containers/deluge"
     type = "bind"
   }
 
-  mounts {
-    target = "/data/torrents"
-    source = "/share/datarr/torrents"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
+  depends_on = [
+    docker_container.gluetun
+  ]
+
   lifecycle {
     ignore_changes = [
       ulimit,

core-os-podman/dockerx-proxmox.bat

@@ -0,0 +1,6 @@
+docker ^
+  --tlsverify ^
+  -H=172.20.0.207:2375 ^
+  --tlscacert=.docker\ca.pem ^
+  --tlscert=.docker\cert.pem ^
+  --tlskey=.docker\key.pem %*

core-os-podman/dockerx-proxmox.sh

@@ -0,0 +1,6 @@
+docker ^
+  --tlsverify ^
+  -H=172.20.0.207:2375 ^
+  --tlscacert=.docker\ca.pem ^
+  --tlscert=.docker\cert.pem ^
+  --tlskey=.docker\key.pem %*

core-os-podman/dozzle-podman.tf

@@ -0,0 +1,33 @@
+data "docker_registry_image" "dozzle" {
+  name = "amir20/dozzle:latest"
+}
+
+resource "docker_image" "dozzle" {
+  name = data.docker_registry_image.dozzle.name
+  pull_triggers = [data.docker_registry_image.dozzle.sha256_digest]
+}
+
+resource "docker_container" "dozzle" {
+  image = docker_image.dozzle.image_id
+  name = "dozzle"
+  restart = "always"
+
+  mounts {
+    target = "/var/run/docker.sock"
+    source = "/var/run/docker.sock"
+    type = "bind"
+    read_only = true
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.10"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/elasticsearch.tf

@@ -0,0 +1,48 @@
+data "docker_registry_image" "elasticsearch" {
+  name = "docker.elastic.co/elasticsearch/elasticsearch-wolfi:9.1.5"
+}
+
+resource "docker_image" "elasticsearch" {
+  name = data.docker_registry_image.elasticsearch.name
+  pull_triggers = [data.docker_registry_image.elasticsearch.sha256_digest]
+}
+
+resource "docker_container" "elasticsearch" {
+  image = docker_image.elasticsearch.image_id
+  name = "elasticsearch"
+
+  restart = "always"
+
+  memory = 5000
+  memory_swap = 5000
+
+  mounts {
+    target = "/usr/share/elasticsearch/data"
+    source = "/var/lib/containers/elasticsearch/data"
+    type = "bind"
+  }
+
+  # mounts {
+  #   target = "/usr/share/elasticsearch/config"
+  #   source = "/var/lib/containers/elasticsearch/config"
+  #   type = "bind"
+  # }
+
+  mounts {
+    target = "/usr/share/elasticsearch/log"
+    source = "/var/lib/containers/elasticsearch/log"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.46"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/fail2ban.tf

@@ -0,0 +1,51 @@
+data "docker_registry_image" "fail2ban" {
+  name = "linuxserver/fail2ban:latest"
+}
+
+resource "docker_image" "fail2ban" {
+  name = data.docker_registry_image.fail2ban.name
+  pull_triggers = [data.docker_registry_image.fail2ban.sha256_digest]
+}
+
+resource "docker_container" "fail2ban" {
+  image = docker_image.fail2ban.image_id
+  name = "fail2ban"
+  restart = "always"
+
+  capabilities {
+    add = ["CAP_NET_ADMIN", "CAP_NET_RAW"]
+  }
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/fail2ban/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/log"
+    source = "/var/log"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/remotelogs/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+    read_only = true
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/freshrss.tf

@@ -0,0 +1,44 @@
+data "docker_registry_image" "freshrss" {
+  name = "freshrss/freshrss:latest"
+}
+
+resource "docker_image" "freshrss" {
+  name = data.docker_registry_image.freshrss.name
+  pull_triggers = [data.docker_registry_image.freshrss.sha256_digest]
+}
+
+resource "docker_container" "freshrss" {
+  image = docker_image.freshrss.image_id
+  name = "freshrss"
+  restart = "always"
+  env = [
+    "TZ=Europe/Amsterdam",
+    "CRON_MIN=1,31",
+    "OIDC_ENABLED=0",
+    "FRESHRSS_INSTALL=--api_enabled --base_url https://freshrss.rescla.me --db-base freshrss --db-host 192.168.3.24 --db-password utquCzXEnrjFU2BbDqYT --db-type mysql --db-user freshrss --default_user admin --language en",
+    "FRESHRSS_USER=--api_password CmZpTF3pUYz7rVtFrDTQ --email freshrss@xz1.nl --language en --password CmZpTF3pUYz7rVtFrDTQ --user admin"
+  ]
+
+  mounts {
+    target = "/var/www/FreshRSS/data"
+    source = "/var/lib/containers/freshrss/data"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/www/FreshRSS/extensions"
+    source = "/var/lib/containers/freshrss/extensions"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.45"
+  }
+}

core-os-podman/gitea.tf

@@ -17,7 +17,7 @@ resource "docker_container" "gitea" {
 
   env = [
     "GITEA__database__DB_TYPE=mysql",
-    "GITEA__database__HOST=192.168.2.127:3306",
+    "GITEA__database__HOST=192.168.3.24:3306",
     "GITEA__database__NAME=gitea",
     "GITEA__database__USER=gitea",
     "GITEA__database__PASSWD=3uM4kBGaNQDo3tsRa9Nh",
@@ -27,13 +27,13 @@ resource "docker_container" "gitea" {
 
   mounts {
     target = "/var/lib/gitea"
-    source = "/share/appdata/gitea/data"
+    source = "/var/lib/containers/gitea/data"
     type = "bind"
   }
 
   mounts {
     target = "/etc/gitea"
-    source = "/share/appdata/gitea/config"
+    source = "/var/lib/containers/gitea/config"
     type = "bind"
   }
 
@@ -52,7 +52,7 @@ resource "docker_container" "gitea" {
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.131"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.25"
   }
 }

core-os-podman/gluetun.tf

@@ -0,0 +1,63 @@
+data "docker_registry_image" "gluetun" {
+  name = "qmcgaw/gluetun:latest"
+}
+
+resource "docker_image" "gluetun" {
+  name = data.docker_registry_image.gluetun.name
+  pull_triggers = [data.docker_registry_image.gluetun.sha256_digest]
+}
+
+resource "docker_container" "gluetun" {
+  image = docker_image.gluetun.image_id
+  name = "gluetun"
+  hostname = "proxy"
+
+  capabilities {
+    add = ["CAP_NET_ADMIN"]
+  }
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "VPN_SERVICE_PROVIDER=airvpn",
+    "VPN_TYPE=wireguard",
+    "WIREGUARD_PRIVATE_KEY=AMh4GiVDxxCv0xqUeNHW+koQAGAsC2ZrMkTc/aQJLWM=",
+    "WIREGUARD_PRESHARED_KEY=PI5KBRmurT3M+s9jrKQGxQXk8dMmmqLFhCFCH19ttBo=",
+    "WIREGUARD_ADDRESSES=10.159.242.252/32",
+    "FIREWALL_VPN_INPUT_PORTS=47836",
+    "SERVER_COUNTRIES=Netherlands",
+
+    # 8112 = Deluge
+    "FIREWALL_INPUT_PORTS=8112"
+  ]
+
+  devices {
+    host_path = "/dev/net/tun"
+    container_path = "/dev/net/tun"
+    permissions = "rwm"
+  }
+
+  mounts {
+    target = "/gluetun/config"
+    source = "/var/lib/containers/gluetun"
+    type = "bind"
+  }
+
+  privileged = true
+  restart = "always"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.27"
+  }
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/goaccess.tf_disabled

@@ -0,0 +1,52 @@
+data "docker_registry_image" "goaccess" {
+  name = "allinurl/goaccess:latest"
+}
+
+resource "docker_image" "goaccess" {
+  name = data.docker_registry_image.goaccess.name
+  pull_triggers = [data.docker_registry_image.goaccess.sha256_digest]
+}
+
+resource "docker_container" "goaccess" {
+  image = docker_image.goaccess.image_id
+  name = "goaccess"
+  restart = "always"
+
+  command = [
+    "srv/logs/nginx/access.log",
+    "-a",
+    "--real-time-html",
+    "-p /srv/config/goaccess.conf"
+  ]
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000"
+  ]
+
+  mounts {
+    target = "/srv/config/goaccess.conf"
+    source = "/var/lib/containers/goaccess/goaccess.conf"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/srv/logs/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
+    type = "bind"
+    read_only = true
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.49"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/grafana.tf

@@ -13,15 +13,17 @@ resource "docker_container" "grafana" {
 
   restart = "always"
 
+  user = "1000:1000"
+
   mounts {
     target = "/var/lib/grafana"
-    source = "/share/appdata/grafana"
+    source = "/var/lib/containers/grafana"
     type = "bind"
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.79"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.41"
   }
 
   lifecycle {

core-os-podman/grocy.tf

@@ -20,11 +20,10 @@ resource "docker_container" "grocy" {
 
   mounts {
     target = "/config"
-    source = "/share/appdata/grocy"
+    source = "/var/lib/containers/grocy"
     type = "bind"
   }
 
-
   lifecycle {
     ignore_changes = [
       ulimit,
@@ -33,7 +32,7 @@ resource "docker_container" "grocy" {
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.142"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.38"
   }
 }

core-os-podman/hoarder.tf

@@ -8,7 +8,7 @@ resource "docker_image" "hoarder" {
 }
 
 data "docker_registry_image" "hoarder-chrome" {
-  name = "gcr.io/zenika-hub/alpine-chrome:123"
+  name = "gcr.io/zenika-hub/alpine-chrome:latest"
 }
 
 resource "docker_image" "hoarder-chrome" {
@@ -42,21 +42,28 @@ resource "docker_container" "hoarder" {
     "MEILI_MASTER_KEY=GM4ysMegcCoZUOrVxglbWzGJeN9O7CMWnZIaG9c_MSQ",
     "NEXTAUTH_URL=https://hoarder.rescla.me",
     "DATA_DIR=/data",
+    "ASSETS_DIR=/assets",
     "DISABLE_SIGNUPS=true",
     "OPENAI_API_KEY=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"
   ]
 
   mounts {
     target = "/data"
-    source = "/share/appdata/hoarder"
+    source = "/var/lib/containers/karakeep/data"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/assets"
+    source = "/mnt/appdata/karakeep"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.145"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.15"
   }
 
   networks_advanced {
@@ -112,10 +119,9 @@ resource "docker_container" "hoarder-meilisearch" {
   ]
 
   restart = "always"
-
   mounts {
     target = "/meili_data"
-    source = "/share/appdata/hoarder-meilisearch"
+    source = "/var/lib/containers/karakeep/data-meilisearch"
     type = "bind"
   }
 

core-os-podman/homer.tf

@@ -0,0 +1,40 @@
+data "docker_registry_image" "homer" {
+  name = "b4bz/homer:latest"
+}
+
+resource "docker_image" "homer" {
+  name = data.docker_registry_image.homer.name
+  pull_triggers = [data.docker_registry_image.homer.sha256_digest]
+}
+
+resource "docker_container" "homer" {
+  image = docker_image.homer.image_id
+  name = "homer"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=1000",
+    "PGID=1000",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.22"
+  }
+
+  mounts {
+    target = "/www/assets"
+    source = "/var/lib/containers/homer"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/jellyfin.tf

@@ -0,0 +1,64 @@
+data "docker_registry_image" "jellyfin" {
+  name = "jellyfin/jellyfin:latest"
+}
+
+resource "docker_image" "jellyfin" {
+  name = data.docker_registry_image.jellyfin.name
+  pull_triggers = [data.docker_registry_image.jellyfin.sha256_digest]
+}
+
+resource "docker_container" "jellyfin" {
+  image = docker_image.jellyfin.image_id
+  name = "jellyfin"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=444",
+    "PGID=321",
+    "UMASK=002"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.13"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/jellyfin/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/cache"
+    source = "/var/lib/containers/jellyfin/cache"
+    type = "bind"
+  }
+
+  # https://wiki.servarr.com/docker-guide#Consistent_and_well_planned_paths
+  volumes {
+    container_path = "/datarr"
+    volume_name = docker_volume.truenas-arr.name
+  }
+
+  devices {
+    host_path = "/dev/dri/renderD128"
+    container_path = "/dev/dri/renderD128"
+    permissions = "rwm"
+  }
+
+  devices {
+    host_path = "/dev/dri/renderD129"
+    container_path = "/dev/dri/renderD129"
+    permissions = "rwm"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/jellyseerr.tf

@@ -19,13 +19,13 @@ resource "docker_container" "jellyseerr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.135"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.37"
   }
 
   mounts {
     target = "/app/config"
-    source = "/share/appdata/jellyseerr"
+    source = "/var/lib/containers/jellyseerr"
     type = "bind"
   }
 

core-os-podman/lidarr.tf

@@ -0,0 +1,45 @@
+data "docker_registry_image" "lidarr" {
+  name = "lscr.io/linuxserver/lidarr:latest"
+}
+
+resource "docker_image" "lidarr" {
+  name = data.docker_registry_image.lidarr.name
+  pull_triggers = [data.docker_registry_image.lidarr.sha256_digest]
+}
+
+resource "docker_container" "lidarr" {
+  image = docker_image.lidarr.image_id
+  name = "lidarr"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "PUID=1000",
+    "PGID=1000",
+    "TZ=Europe/Amsterdam"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.33"
+  }
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/lidarr"
+    type = "bind"
+  }
+
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/malla.tf

@@ -0,0 +1,76 @@
+
+data "docker_registry_image" "malla" {
+  name = "ghcr.io/zenitram/malla:latest"
+}
+
+resource "docker_image" "malla" {
+  name = data.docker_registry_image.malla.name
+  pull_triggers = [data.docker_registry_image.malla.sha256_digest]
+}
+
+
+resource "docker_container" "malla-capture" {
+  image = docker_image.malla.image_id
+  name = "malla-capture"
+  restart = "always"
+
+  command = ["/app/.venv/bin/malla-capture"]
+
+  env = [
+    "MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
+    "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
+    # "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshtastic.org",
+    "MALLA_MQTT_PORT=1883",
+    "MALLA_MQTT_USERNAME=downlink",
+    "MALLA_MQTT_PASSWORD=mq!Down!1nk",
+    "MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
+  ]
+
+  mounts {
+    target = "/app/data"
+    source = "/var/lib/containers/malla"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "malla-web" {
+  image = docker_image.malla.image_id
+  name = "malla-web"
+  restart = "always"
+
+  env = [
+    "MALLA_SECRET_KEY=GDESl5REQFGDGXCq7EDkwwwlGC5szJlvTMedTom6ILCuPX1Di6V3JUw8BHSZj6xM",
+    "MALLA_MQTT_BROKER_ADDRESS=mqtt.meshnet.nl",
+    "MALLA_MQTT_PORT=8883",
+    "MALLA_MQTT_USERNAME=boreft",
+    "MALLA_MQTT_PASSWORD=meshboreft",
+    "MALLA_DATABASE_FILE=/app/data/meshtastic_history.db"
+  ]
+
+  command = ["/app/.venv/bin/malla-web-gunicorn"]
+  
+  mounts {
+    target = "/app/data"
+    source = "/var/lib/containers/malla"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.50"
+  }
+}

core-os-podman/mariadb.tf

@@ -1,5 +1,5 @@
 data "docker_registry_image" "mariadb" {
-  name = "mariadb:10.11"
+  name = "mariadb:11.4"
 }
 
 resource "docker_image" "mariadb" {
@@ -7,17 +7,16 @@ resource "docker_image" "mariadb" {
   pull_triggers = [data.docker_registry_image.mariadb.sha256_digest]
 }
 
-resource "docker_network" "mariadb" {
-  name = "mariadb"
-}
-
 resource "docker_container" "mariadb" {
   image = docker_image.mariadb.image_id
   name = "mariadb"
 
+  memory = 5000
+  memory_swap = 5000
+
   mounts {
     target = "/var/lib/mysql"
-    source = "/share/appdata/mariadb"
+    source = "/var/lib/containers/mariadb"
     type = "bind"
   }
 
@@ -28,12 +27,8 @@ resource "docker_container" "mariadb" {
   restart = "always"
 
   networks_advanced {
-    name = docker_network.mariadb.name
-  }
-
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.127"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.24"
   }
 
   lifecycle {

core-os-podman/mealie.tf

@@ -0,0 +1,48 @@
+
+data "docker_registry_image" "mealie" {
+  name = "ghcr.io/mealie-recipes/mealie:v3.1.2"
+}
+
+resource "docker_image" "mealie" {
+  name = data.docker_registry_image.mealie.name
+  pull_triggers = [data.docker_registry_image.mealie.sha256_digest]
+}
+
+resource "docker_container" "mealie" {
+  image = docker_image.mealie.image_id
+  name = "mealie"
+  restart = "always"
+
+  memory = 1000
+  memory_swap = 1000
+
+  env = [
+    "ALLOW_SIGNUP=false",
+    "TZ=Europe/Amsterdam",
+    "PUID=1000",
+    "PGID=1000",
+    "BASE_URL=https://mealie.rescla.me",
+    "SMTP_HOST=mail.smtp2go.com",
+    "SMTP_FROM_EMAIL=mealie@xz1.nl",
+    "SMTP_USER=mealie@xz1.nl",
+    "SMTP_PASSWORD=VDHnraVWlA2P1Hbu"
+  ]
+
+  mounts {
+    target = "/app/data"
+    source = "/var/lib/containers/mealie"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.39"
+  }
+}

core-os-podman/memos.tf

@@ -0,0 +1,39 @@
+data "docker_registry_image" "memos" {
+  name = "neosmemo/memos:stable"
+}
+
+resource "docker_image" "memos" {
+  name = data.docker_registry_image.memos.name
+  pull_triggers = [data.docker_registry_image.memos.sha256_digest]
+}
+
+resource "docker_container" "memos" {
+  image = docker_image.memos.image_id
+  name = "memos"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "MEMOS_MODE=prod",
+    "MEMOS_PORT=80"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.40"
+  }
+
+  mounts {
+    target = "/var/opt/memos"
+    source = "/var/lib/containers/memos"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/meshtastic.tf

@@ -0,0 +1,28 @@
+data "docker_registry_image" "meshtastic" {
+  name = "ghcr.io/meshtastic/web:latest"
+}
+
+resource "docker_image" "meshtastic" {
+  name = data.docker_registry_image.meshtastic.name
+  pull_triggers = [data.docker_registry_image.meshtastic.sha256_digest]
+}
+
+resource "docker_container" "meshtastic" {
+  image = docker_image.meshtastic.image_id
+  name = "meshtastic"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.44"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/navidrome.tf

@@ -0,0 +1,47 @@
+data "docker_registry_image" "navidrome" {
+  name = "deluan/navidrome:latest"
+}
+
+resource "docker_image" "navidrome" {
+  name = data.docker_registry_image.navidrome.name
+  pull_triggers = [data.docker_registry_image.navidrome.sha256_digest]
+}
+
+resource "docker_container" "navidrome" {
+  image = docker_image.navidrome.image_id
+  name = "navidrome"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.16"
+  }
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/navidrome"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/music/datarr"
+    source = "/mnt/datarr/media/music"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/music/appdata"
+    source = "/mnt/appdata/navidrome/music"
+    type = "bind"
+  }
+
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/nginx-lb.tf

@@ -21,34 +21,43 @@ resource "docker_container" "nginx-lb" {
 
   mounts {
     target = "/etc/nginx/nginx.conf"
-    source = "/share/appdata/nginx-lb/nginx.conf"
+    source = "/var/lib/containers/nginx-lb/nginx.conf"
     type = "bind"
   }
 
   mounts {
     target = "/etc/nginx/config"
-    source = "/share/appdata/nginx-lb/conf"
+    source = "/var/lib/containers/nginx-lb/conf"
     type = "bind"
   }
 
   mounts {
     target = "/etc/nginx/user_conf.d"
-    source = "/share/appdata/nginx-lb/user_conf.d"
+    source = "/var/lib/containers/nginx-lb/user_conf.d"
+    type = "bind"
+  }
+  
+  mounts {
+    target = "/etc/letsencrypt"
+    source = "/var/lib/containers/nginx-lb/secrets"
     type = "bind"
   }
 
-
   mounts {
-    target = "/etc/letsencrypt"
-    source = "/share/appdata/nginx-lb/secrets"
+    target = "/var/log/nginx"
+    source = "/var/lib/containers/nginx-lb/log"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.115"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.29"
+  }
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
   }
 
   lifecycle {

core-os-podman/node-red.tf

@@ -11,9 +11,12 @@ resource "docker_container" "node-red" {
   image = docker_image.node-red.image_id
   name = "node-red"
 
+  memory = 1000
+  memory_swap = 1000
+
   mounts {
     target = "/data"
-    source = "/share/appdata/node-red"
+    source = "/var/lib/containers/node-red"
     type = "bind"
   }
 
@@ -24,8 +27,8 @@ resource "docker_container" "node-red" {
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.124"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.21"
   }
 
   lifecycle {

core-os-podman/ntfy.tf

@@ -0,0 +1,61 @@
+data "docker_registry_image" "ntfy" {
+  name = "binwiederhier/ntfy"
+}
+
+resource "docker_image" "ntfy" {
+  name = data.docker_registry_image.ntfy.name
+  pull_triggers = [data.docker_registry_image.ntfy.sha256_digest]
+}
+
+resource "docker_container" "ntfy" {
+  image = docker_image.ntfy.image_id
+  name = "ntfy"
+
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  user = "1000:1000"
+
+  command = ["serve"]
+
+  mounts {
+    target = "/etc/ntfy/server.yml"
+    source = "/var/lib/containers/ntfy/server.yml"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/etc/ntfy/templates"
+    source = "/var/lib/containers/ntfy/templates"
+    type = "bind"
+    read_only = true
+  }
+
+  mounts {
+    target = "/var/cache/ntfy"
+    source = "/var/lib/containers/ntfy/cache"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/lib/ntfy/auth"
+    source = "/var/lib/containers/ntfy/auth"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.51"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/ofelia.tf

@@ -23,7 +23,7 @@ resource "docker_container" "ofelia" {
 
   mounts {
     target = "/etc/ofelia"
-    source = "/share/appdata/ofelia"
+    source = "/var/lib/containers/ofelia"
     type = "bind"
   }
 

core-os-podman/photoprism-tineke.tf

@@ -0,0 +1,50 @@
+resource "docker_container" "photoprism-tineke" {
+  image = docker_image.photoprism.image_id
+  name = "photoprism-tineke"
+
+  restart = "always"
+
+  memory = 10000
+  memory_swap = 10000
+
+  env = [
+    "PHOTOPRISM_UPLOAD_NSFW=true",
+    "PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism-tineke.rescla.me",
+    "PHOTOPRISM_HTTP_HOST=192.168.3.11",
+    "PHOTOPRISM_DISABLE_TLS=true",
+    "PHOTOPRISM_DATABASE_DRIVER=mysql",
+    "PHOTOPRISM_DATABASE_SERVER=192.168.3.24",
+    "PHOTOPRISM_DATABASE_NAME=photoprism_tineke",
+    "PHOTOPRISM_DATABASE_USER=photoprism",
+    "PHOTOPRISM_DATABASE_PASSWORD=YL43KVRekqUjbgPLGzz",
+    "PHOTOPRISM_AUTO_IMPORT=60"
+  ]
+
+  volumes {
+    container_path = "/photoprism/originals"
+    volume_name = "truenas-photoprism-tineke-originals"
+  }
+
+  volumes {
+    container_path = "/photoprism/import"
+    volume_name = "truenas-photoprism-tineke-import"
+  }
+
+  volumes {
+    container_path = "/photoprism/storage"
+    volume_name = "truenas-photoprism-tineke-data"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.11"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/photoprism.tf

@@ -0,0 +1,59 @@
+data "docker_registry_image" "photoprism" {
+  name = "photoprism/photoprism:latest"
+}
+
+resource "docker_image" "photoprism" {
+  name = data.docker_registry_image.photoprism.name
+  pull_triggers = [data.docker_registry_image.photoprism.sha256_digest]
+}
+
+resource "docker_container" "photoprism" {
+  image = docker_image.photoprism.image_id
+  name = "photoprism"
+
+  restart = "always"
+
+  memory = 10000
+  memory_swap = 10000
+
+  env = [
+    "PHOTOPRISM_UPLOAD_NSFW=true",
+    "PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",
+    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.rescla.me",
+    "PHOTOPRISM_HTTP_HOST=192.168.3.12",
+    "PHOTOPRISM_DISABLE_TLS=true",
+    "PHOTOPRISM_DATABASE_DRIVER=mysql",
+    "PHOTOPRISM_DATABASE_SERVER=192.168.3.24",
+    "PHOTOPRISM_DATABASE_NAME=photoprism",
+    "PHOTOPRISM_DATABASE_USER=photoprism",
+    "PHOTOPRISM_DATABASE_PASSWORD=YL43KVRekqUjbgPLGzz",
+    "PHOTOPRISM_AUTO_IMPORT=60"
+  ]
+
+  volumes {
+    container_path = "/photoprism/originals"
+    volume_name = "truenas-photoprism-originals"
+  }
+
+  volumes {
+    container_path = "/photoprism/import"
+    volume_name = "truenas-photoprism-import"
+  }
+
+  volumes {
+    container_path = "/photoprism/storage"
+    volume_name = "truenas-photoprism-data"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.12"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/piped.tf

@@ -0,0 +1,144 @@
+data "docker_registry_image" "piped-backend" {
+  name = "1337kavin/piped:latest"
+}
+
+data "docker_registry_image" "piped-frontend" {
+  name = "1337kavin/piped-frontend:latest"
+}
+
+data "docker_registry_image" "piped-proxy" {
+  name = "1337kavin/piped-proxy:latest"
+}
+
+data "docker_registry_image" "piped-bg-helper" {
+  name = "1337kavin/bg-helper-server:latest"
+}
+
+resource "docker_image" "piped-backend" {
+  name = data.docker_registry_image.piped-backend.name
+  pull_triggers = [data.docker_registry_image.piped-backend.sha256_digest]
+}
+
+
+resource "docker_image" "piped-frontend" {
+  name = data.docker_registry_image.piped-frontend.name
+  pull_triggers = [data.docker_registry_image.piped-frontend.sha256_digest]
+}
+
+resource "docker_image" "piped-proxy" {
+  name = data.docker_registry_image.piped-proxy.name
+  pull_triggers = [data.docker_registry_image.piped-proxy.sha256_digest]
+}
+
+resource "docker_image" "piped-bg-helper" {
+  name = data.docker_registry_image.piped-bg-helper.name
+  pull_triggers = [data.docker_registry_image.piped-bg-helper.sha256_digest]
+}
+
+resource "docker_network" "piped" {
+  name = "piped"
+}
+
+resource "docker_container" "piped-backend" {
+  image = docker_image.piped-backend.image_id
+  name = "piped-backend"
+  hostname = "piped-backend"
+  restart = "always"
+
+  memory = 1000
+  memory_swap = 1000
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
+  }
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  depends_on = [
+    docker_container.gluetun,
+    docker_container.postgres
+  ]
+
+  mounts {
+    target = "/app/config.properties"
+    source = "/var/lib/containers/piped/config.properties"
+    type = "bind"
+    read_only = true
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+
+resource "docker_container" "piped-frontend" {
+  image = docker_image.piped-frontend.image_id
+  name = "piped-frontend"
+  hostname = "piped-frontend"
+
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "BACKEND_HOSTNAME=piped-api.rescla.me"
+  ]
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
+  }
+  
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "piped-proxy" {
+  image = docker_image.piped-proxy.image_id
+  name = "piped-proxy"
+  hostname = "piped-proxy"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.nginx-lb.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+resource "docker_container" "piped-bg-helper" {
+  image = docker_image.piped-bg-helper.image_id
+  name = "piped-bg-helper"
+  restart = "always"
+
+  log_driver = "local"
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/postgres.tf

@@ -0,0 +1,49 @@
+data "docker_registry_image" "postgres" {
+  name = "pgautoupgrade/pgautoupgrade:16-alpine"
+}
+
+resource "docker_image" "postgres" {
+  name = data.docker_registry_image.postgres.name
+  pull_triggers = [data.docker_registry_image.postgres.sha256_digest]
+}
+
+resource "docker_container" "postgres" {
+  image = docker_image.postgres.image_id
+  name = "postgres"
+  hostname = "postgres"
+
+  restart = "always"
+
+  memory = 1000
+  memory_swap = 1000
+
+  log_driver = "local"
+
+  env = [
+    "POSTGRES_DB=piped",
+    "POSTGRES_USER=piped",
+    "POSTGRES_PASSWORD=YDoVrAXCxim%lOK8^"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.43"
+  }
+
+  networks_advanced {
+    name = docker_network.piped.name
+  }
+
+  mounts {
+    target = "/var/lib/postgresql/data"
+    source = "/var/lib/containers/postgres/data"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/prometheus.tf

@@ -11,25 +11,33 @@ resource "docker_container" "prometheus" {
   image = docker_image.prometheus.image_id
   name = "prometheus"
 
-  command = ["--config.file=/etc/prometheus/prometheus.yml","--storage.tsdb.path=/prometheus", "--web.console.libraries=/usr/share/prometheus/console_libraries","--web.console.templates=/usr/share/prometheus/consoles", "--storage.tsdb.retention.time=2y"]
+  command = [
+    "--config.file=/etc/prometheus/prometheus.yml",
+    "--storage.tsdb.path=/prometheus",
+    "--web.console.libraries=/usr/share/prometheus/console_libraries",
+    "--web.console.templates=/usr/share/prometheus/consoles",
+    "--storage.tsdb.retention.time=5y"
+  ]
+
+  user = "1000:1000"
 
   mounts {
-    target = "/etc/prometheus"
-    source = "/share/appdata/prometheus/config"
+    target = "/etc/prometheus/prometheus.yml"
+    source = "/var/lib/containers/prometheus/config/prometheus.yml"
     type = "bind"
   }
 
   mounts {
     target = "/prometheus"
-    source = "/share/appdata/prometheus/data"
+    source = "/var/lib/containers/prometheus/data"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.80"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.42"
   }
 
   lifecycle {

core-os-podman/prowlarr.tf

@@ -22,13 +22,13 @@ resource "docker_container" "prowlarr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.141"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.34"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/prowlarr"
+    source = "/var/lib/containers/prowlarr"
     type = "bind"
   }
 

core-os-podman/proxmox_100_podman.tf

@@ -0,0 +1,127 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+  }
+}
+
+provider "docker" {
+  # host      = "tcp://127.0.0.1:3000"
+  host      = "tcp://172.20.0.207:2375"
+  cert_path = pathexpand(".docker")
+
+  registry_auth {
+    address = "gitea.rescla.me"
+    username = "rescla"
+    password = "9c84612c4b053e2ec663cde03da730b6a01304e8"
+  }
+}
+
+resource "docker_network" "container-public" {
+  name = "container-public"
+  ipam_config {
+    subnet = "192.168.3.0/24"
+    gateway = "192.168.3.1"
+    ip_range = "192.168.3.128/25"
+  }
+}
+
+resource "docker_network" "ipv6-slaac" {
+  name = "ipv6-slaac"
+  ipv6 = true
+
+  ipam_config {
+    aux_address = {}
+    gateway = "192.168.48.1"
+    subnet = "192.168.48.0/20"
+  }
+
+  ipam_config {
+    aux_address = {}
+    subnet = "2a02:a470:b12a:2::/64"
+    gateway = "2a02:a470:b12a:2::1"
+  }
+}
+
+resource "docker_network" "ip6net" {
+  name = "ipv6net"
+  ipv6 = true
+
+  ipam_config {
+    aux_address = {}
+    gateway = "192.168.64.1"
+    subnet = "192.168.64.0/20"
+  }
+
+  ipam_config {
+    aux_address = {}
+    subnet = "2001:db8::/64"
+    gateway = "2001:db8::1"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-originals" {
+  name = "truenas-photoprism-originals"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-originals"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-import" {
+  name = "truenas-photoprism-import"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-import"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-data" {
+  name = "truenas-photoprism-data"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-data"
+    o = "username=photoprism,password=V3i77MWeoM^XpugwG%6,uid=2000,gid=2000"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-timeke-originals" {
+  name = "truenas-photoprism-tineke-originals"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-tineke-originals"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-tineke-import" {
+  name = "truenas-photoprism-tineke-import"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-tineke-import"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+resource "docker_volume" "truenas-photoprism-tineke-data" {
+  name = "truenas-photoprism-tineke-data"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/photoprism-tineke-data"
+    o = "username=photoprism,password=V3i77MWeoM^XpugwG%6,uid=2000,gid=2000"
+  }
+}
+
+resource "docker_volume" "truenas-arr" {
+  name = "truenas-arr"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/arr-media"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+

core-os-podman/radarr.tf

@@ -21,20 +21,19 @@ resource "docker_container" "radarr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.138"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.35"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/radarr"
+    source = "/var/lib/containers/radarr"
     type = "bind"
   }
 
-  mounts {
-    target = "/data"
-    source = "/share/datarr"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
   lifecycle {

core-os-podman/readme.md

@@ -0,0 +1,48 @@
+# Update docker ipv4  network
+
+Stop all pods
+```
+docker stop $(docker ps -a -q)
+```
+
+Remove network
+`docker network rm container-public`
+
+create new network
+```
+docker network create -d macvlan \
+  --subnet=192.168.3.0/24 \
+  --gateway=192.168.3.1 \
+  --ip-range=192.168.3.128/25 \
+  -o parent=ens19 \
+  container-public
+```
+
+Rest tofu
+```
+tofu state rm docker_network.container-public
+tofu import docker_network.container-public 276dec3b3e8d82e465c2e47b5c8d8ccb439c608c5665094a3735849e7b8b9742
+```
+# Update docker ipv6 network
+
+Cleanup
+```
+docker stop $(docker ps -a -q)
+docker network rm ipv6-slaac
+```
+
+Initialize
+```
+docker network create -d ipvlan \
+  --subnet=2a02:a470:b12a:2::/64 \
+  --ipv6 \
+  -o parent=ens19 \
+  -o ipvlan_mode=l2 \
+  ipv6-slaac
+```
+
+Tofu
+```
+tofu state rm docker_network.ipv6-slaac
+tofu import docker_network.ipv6-slaac d3b368472fb140224858725c8b5ba88ede8f6666464d3b05ffc957415404b3a3
+```

core-os-podman/ripe-atlas.tf

@@ -0,0 +1,46 @@
+data "docker_registry_image" "ripe-atlas" {
+  name = "jamesits/ripe-atlas:latest"
+}
+
+resource "docker_image" "ripe-atlas" {
+  name = data.docker_registry_image.ripe-atlas.name
+  pull_triggers = [data.docker_registry_image.ripe-atlas.sha256_digest]
+}
+
+resource "docker_container" "ripe-atlas" {
+  image = docker_image.ripe-atlas.image_id
+  name = "ripe-atlas"
+  restart = "always"
+
+  log_driver = "local"
+
+  mounts {
+    target = "/etc/ripe-atlas"
+    source = "/var/lib/containers/atlas-probe/etc"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/run/ripe-atlas"
+    source = "/var/lib/containers/atlas-probe/run"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/var/spool/ripe-atlas"
+    source = "/var/lib/containers/atlas-probe/spool"
+    type = "bind"
+  }
+
+  capabilities {
+    drop = ["ALL"]
+    add = ["CAP_CHOWN", "CAP_SETUID", "CAP_SETGID", "CAP_DAC_OVERRIDE", "CAP_NET_RAW", "CAP_KILL", "CAP_FOWNER"]
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/rssbridge.tf

@@ -0,0 +1,36 @@
+data "docker_registry_image" "rssbridge" {
+  name = "rssbridge/rss-bridge:latest"
+}
+
+resource "docker_image" "rssbridge" {
+  name = data.docker_registry_image.rssbridge.name
+  pull_triggers = [data.docker_registry_image.rssbridge.sha256_digest]
+}
+
+resource "docker_container" "rssbridge" {
+  image = docker_image.rssbridge.image_id
+  name = "rssbridge"
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/rssbridge"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.47"
+  }
+}

core-os-podman/sabnzdb.tf

@@ -22,20 +22,19 @@ resource "docker_container" "sabnzdb" {
 
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.140"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.32"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/sabnzdb"
+    source = "/var/lib/containers/sabnzdb"
     type = "bind"
   }
 
-  mounts {
-    target = "/data/usenet"
-    source = "/share/datarr/usenet"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
   lifecycle {

core-os-podman/searxng.tf

@@ -0,0 +1,87 @@
+
+data "docker_registry_image" "searxng" {
+  name = "searxng/searxng:latest"
+}
+
+data "docker_registry_image" "searxng-valkey" {
+  name = "valkey/valkey:9"
+}
+
+resource "docker_image" "searxng" {
+  name = data.docker_registry_image.searxng.name
+  pull_triggers = [data.docker_registry_image.searxng.sha256_digest]
+}
+
+resource "docker_image" "searxng-valkey" {
+  name = data.docker_registry_image.searxng-valkey.name
+  pull_triggers = [data.docker_registry_image.searxng-valkey.sha256_digest]
+}
+
+resource "docker_network" "searxng" {
+  name = "searxng"
+}
+
+resource "docker_container" "searxng-valkey" {
+  image   = docker_image.searxng-valkey.image_id
+  name    = "searxng-valkey"
+  restart = "always"
+  hostname = "valkey"
+
+  command = ["valkey-server", "--save 30 1", "--loglevel warning"]
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/searxng/valkey-data"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.searxng.name
+  }
+}
+
+resource "docker_container" "searxng" {
+  image = docker_image.searxng.image_id
+  name = "searxng"
+  restart = "always"
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "SEARXNG_HOSTNAME=search.rescla.me"
+  ]
+
+  mounts {
+    target = "/var/cache/searxng"
+    source = "/var/lib/containers/searxng/searxng-data"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/etc/searxng"
+    source = "/var/lib/containers/searxng/data"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.52"
+  }
+
+  networks_advanced {
+    name = docker_network.searxng.name
+  }
+}

core-os-podman/smokeping.tf

@@ -20,21 +20,21 @@ resource "docker_container" "smokeping" {
 
   mounts {
     target = "/config"
-    source = "/share/appdata/smokeping/config"
+    source = "/var/lib/containers/smokeping/config"
     type = "bind"
   }
 
   mounts {
     target = "/data"
-    source = "/share/appdata/smokeping/data"
+    source = "/var/lib/containers/smokeping/data"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.126"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.26"
   }
 
   dns = ["172.20.0.0"]

core-os-podman/sonarr.tf

@@ -21,20 +21,19 @@ resource "docker_container" "sonarr" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.136"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.36"
   }
 
   mounts {
     target = "/config"
-    source = "/share/appdata/sonarr"
+    source = "/var/lib/containers/sonarr"
     type = "bind"
   }
 
-  mounts {
-    target = "/data"
-    source = "/share/datarr"
-    type = "bind"
+  volumes {
+    container_path = "/data"
+    volume_name = docker_volume.truenas-arr.name
   }
 
   lifecycle {

core-os-podman/synapse.tf

@@ -0,0 +1,50 @@
+/**
+Running for the first time:
+
+docker run -it --rm \
+    --mount type=bind,src=/var/lib/containers/synapse,dst=/data \
+    -e SYNAPSE_SERVER_NAME=matrix.rescla.me \
+    -e SYNAPSE_REPORT_STATS=no \
+    ghcr.io/element-hq/synapse:latest generate
+
+
+ */
+
+data "docker_registry_image" "synapse" {
+  name = "ghcr.io/element-hq/synapse:latest"
+}
+
+resource "docker_image" "synapse" {
+  name = data.docker_registry_image.synapse.name
+  pull_triggers = [data.docker_registry_image.synapse.sha256_digest]
+}
+
+resource "docker_container" "synapse" {
+  image = docker_image.synapse.image_id
+  name = "synapse"
+  restart = "always"
+
+  depends_on = [docker_container.postgres]
+
+  env = [
+    "TZ=Europe/Amsterdam"
+  ]
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/synapse"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.48"
+  }
+}

core-os-podman/traccar.tf

@@ -1,5 +1,5 @@
 data "docker_registry_image" "traccar" {
-  name = "traccar/traccar"
+  name = "traccar/traccar:debian"
 }
 
 resource "docker_image" "traccar" {
@@ -13,25 +13,21 @@ resource "docker_container" "traccar" {
 
   mounts {
     target = "/opt/traccar/logs"
-    source = "/share/appdata/traccar/logs"
+    source = "/var/lib/containers/traccar/logs"
     type = "bind"
   }
 
   mounts {
     target = "/opt/traccar/conf/traccar.xml"
-    source = "/share/appdata/traccar/traccar.xml"
+    source = "/var/lib/containers/traccar/traccar.xml"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.113"
-  }
-
-  networks_advanced {
-    name = docker_network.mariadb.name
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.23"
   }
 
   lifecycle {

core-os-podman/unifi.tf

@@ -11,17 +11,20 @@ resource "docker_container" "unifi" {
   image = docker_image.unifi.image_id
   name = "unifi"
 
+  memory = 3000
+  memory_swap = 3000
+
   mounts {
     target = "/unifi"
-    source = "/share/appdata/unifi"
+    source = "/var/lib/containers/unifi"
     type = "bind"
   }
 
   restart = "always"
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.67"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.30"
   }
 
   lifecycle {

core-os-podman/uptime-kuma.tf

@@ -15,13 +15,13 @@ resource "docker_container" "uptime-kuma" {
 
   mounts {
     target = "/app/data"
-    source = "/share/appdata/uptime-kuma"
+    source = "/var/lib/containers/uptime-kuma"
     type = "bind"
   }
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.133"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.31"
   }
 
   lifecycle {

core-os-podman/vikunja.tf

@@ -16,7 +16,7 @@ resource "docker_container" "vikunja" {
 
   env = [
     "VIKUNJA_SERVICE_PUBLICURL=https://vikunja.rescla.me",
-    "VIKUNJA_DATABASE_HOST=192.168.2.127",
+    "VIKUNJA_DATABASE_HOST=192.168.3.24",
     "VIKUNJA_DATABASE_PASSWORD=4PU^B%Kz8R*8!cT8R",
     "VIKUNJA_DATABASE_TYPE=mysql",
     "VIKUNJA_DATABASE_USER=vikunja",
@@ -33,13 +33,13 @@ resource "docker_container" "vikunja" {
   ]
 
   networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.143"
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.28"
   }
 
   mounts {
     target = "/files"
-    source = "/share/appdata/vikunja"
+    source = "/var/lib/containers/vikunja"
     type = "bind"
   }
 

core-os-podman/yamtrack.tf

@@ -0,0 +1,77 @@
+data "docker_registry_image" "yamtrack" {
+  name = "ghcr.io/fuzzygrim/yamtrack"
+}
+
+data "docker_registry_image" "yamtrack-redis" {
+  name = "redis:7-alpine"
+}
+
+resource "docker_image" "yamtrack" {
+  name = data.docker_registry_image.yamtrack.name
+  pull_triggers = [data.docker_registry_image.yamtrack.sha256_digest]
+}
+
+resource "docker_image" "yamtrack-redis" {
+  name = data.docker_registry_image.yamtrack-redis.name
+  pull_triggers = [data.docker_registry_image.yamtrack-redis.sha256_digest]
+}
+
+resource "docker_network" "yamtrack" {
+  name = "yamtrack"
+}
+
+resource "docker_container" "yamtrack-redis" {
+  image = docker_image.yamtrack-redis.image_id
+  name = "yamtrack-redis"
+  restart = "always"
+  hostname = "redis"
+
+  log_driver = "local"
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/yamtrack/data"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.yamtrack.name
+  }
+}
+
+
+resource "docker_container" "yamtrack" {
+  image = docker_image.yamtrack.image_id
+  name = "yamtrack"
+  restart = "always"
+
+  log_driver = "local"
+
+  env = [
+    "TZ=Europe/Amsterdam",
+    "SECRET=dx43FYAAD1ZULJ1G0&8*hP6A5!rzXSB7Z0B9DdRlBwlgsv2W2CToekYP6UNdnUv2",
+    "REDIS_URL=redis://redis:6379"
+  ]
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.53"
+  }
+
+  networks_advanced {
+    name = docker_network.yamtrack.name
+  }
+
+  mounts {
+    target = "/yamtrack/db"
+    source = "/var/lib/containers/yamtrack/db"
+    type = "bind"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

docker-qnap.tf

@@ -10,6 +10,12 @@ terraform {
 provider "docker" {
   host      = "tcp://192.168.2.64:2376"
   cert_path = pathexpand(".docker")
+
+  registry_auth {
+    address = "gitea.rescla.me"
+    username = "rescla"
+    password = "9c84612c4b053e2ec663cde03da730b6a01304e8"
+  }
 }
 
 resource "docker_network" "bridge" {
@@ -42,3 +48,13 @@ resource "docker_network" "host" {
   name = "host"
 }
 
+resource "docker_volume" "truenas-arr" {
+  name = "truenas-arr"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/arr-media"
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
+}
+
+

dockerx.sh

@@ -0,0 +1,8 @@
+ #!/usr/bin/bash
+
+docker \
+  --tlsverify \
+  -H=192.168.2.64:2376 \
+  --tlscacert=.docker\ca.pem \
+  --tlscert=.docker\cert.pem \
+  --tlskey=.docker\key.pem %*

dozzle.tf

@@ -39,7 +39,8 @@ resource "docker_container" "dozzle" {
   lifecycle {
     ignore_changes = [
       ulimit,
-      log_opts
+      log_opts,
+      ports
     ]
   }
 }

photoprism-tineke.tf

@@ -1,38 +0,0 @@
-resource "docker_container" "photoprism-tineke" {
-  image = docker_image.photoprism.image_id
-  name = "photoprism-tineke"
-
-  restart = "always"
-
-  env = [
-    "PHOTOPRISM_UPLOAD_NSFW=true",
-    "PHOTOPRISM_ADMIN_PASSWORD=pyjm73tM%UPa8B5t5zhWX*F",
-    "PHOTOPRISM_HTTP_HOSTNAME=photoprism-tineke.rescla.me",
-    "PHOTOPRISM_HTTP_HOST=192.168.2.132",
-    "PHOTOPRISM_DISABLE_TLS=true"
-  ]
-
-  mounts {
-    target = "/photoprism/originals/capture-one-variants"
-    source = "/share/CaptureOne/Variants"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/photoprism/storage"
-    source = "/share/appdata/photoprism-tineke/storage"
-    type = "bind"
-  }
-
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.132"
-  }
-
-  lifecycle {
-    ignore_changes = [
-      ulimit,
-      log_opts
-    ]
-  }
-}

photoprism.tf

@@ -1,53 +0,0 @@
-data "docker_registry_image" "photoprism" {
-  name = "photoprism/photoprism:latest"
-}
-
-resource "docker_image" "photoprism" {
-  name = data.docker_registry_image.photoprism.name
-  pull_triggers = [data.docker_registry_image.photoprism.sha256_digest]
-}
-
-resource "docker_container" "photoprism" {
-  image = docker_image.photoprism.image_id
-  name = "photoprism"
-
-  restart = "always"
-
-  env = [
-    "PHOTOPRISM_UPLOAD_NSFW=true",
-    "PHOTOPRISM_ADMIN_PASSWORD=UAmpojHADcS5aB",
-    "PHOTOPRISM_HTTP_HOSTNAME=photoprism.rescla.me",
-    "PHOTOPRISM_HTTP_HOST=192.168.2.116",
-    "PHOTOPRISM_DISABLE_TLS=true"
-  ]
-
-  mounts {
-    target = "/photoprism/originals/camera"
-    source = "/share/appdata/syncthing/Camera"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/photoprism/originals/capture-one-variants"
-    source = "/share/CaptureOne/Variants"
-    type = "bind"
-  }
-
-  mounts {
-    target = "/photoprism/storage"
-    source = "/share/appdata/photoprism/storage"
-    type = "bind"
-  }
-
-  networks_advanced {
-    name = docker_network.bridge.name
-    ipv4_address = "192.168.2.116"
-  }
-
-  lifecycle {
-    ignore_changes = [
-      ulimit,
-      log_opts
-    ]
-  }
-}