Merge pull request 'pocketid template fix' (#64) from dev into main

Reviewed-on: #64

.gitignore

@@ -0,0 +1 @@
+*tmp*

filebrowser/service-filebrowser.json

@@ -21,7 +21,7 @@
             "DEPEND": "null",
             "START_ON_BOOT": "false",
             "ENTRYPOINT": "sh -c",
-            "CMD": "mkdir -p /etc/user/data/jellyfin/media && mkdir -p /etc/user/data/transmission/downloads/complete",
+            "CMD": "mkdir -p /etc/user/data/jellyfin/media && chown -R 1000:1000 /etc/user/data/jellyfin/media && mkdir -p /etc/user/data/transmission/downloads/complete",
             "PRE_START": "null",
             "POST_START": "null"
         },
@@ -61,7 +61,7 @@
             "DEPEND": [],
             "START_ON_BOOT": "false",
             "ENTRYPOINT": "sh",
-            "CMD": "if [ ! -f /database.db ]; then /filebrowser config init && /filebrowser users add \"$FILEBROWSER_USER\" \"$FILEBROWSER_PASS\" --perm.admin && /filebrowser ; else /filebrowser ; fi",
+            "CMD": "if [ ! -f /database/filebrowser.db ]; then cd /database ; /bin/filebrowser config init && /bin/filebrowser users add \"$FILEBROWSER_USER\" \"$FILEBROWSER_PASS\" --perm.admin && /init.sh; else /init.sh ; fi",
             "PRE_START": "null",
             "POST_START": [
                 "firewall-filebrowser",

gitea/domain-gitea.json

@@ -0,0 +1,60 @@
+{
+    "main": {
+        "SERVICE_NAME": "gitea",
+        "DOMAIN": "#DOMAIN"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/domain-check",
+            "UPDATE": "true",
+            "MEMORY": "64M",
+            "NAME": "domain_checker",
+            "ROLES": "domain_checker",
+            "NETWORK": "host",
+            "SELECTOR": "",
+            "SCALE": "0",
+            "EXTRA": "--rm --privileged",
+            "PRE_START": [],
+            "DEPEND": [],
+            "POST_START": [],
+            "CMD": "",
+            "ENVS": [
+                {
+                    "PROXY": "smarthostloadbalancer"
+                },
+                {
+                    "TARGET": "gitea-app"
+                },
+                {
+                    "PORT": "3000"
+                },
+                {
+                    "DOMAIN": "#DOMAIN"
+                },
+                {
+                    "SMARTHOST_PROXY_PATH": "/smarthost-domains"
+                },
+                {
+                    "OPERATION": "CREATE"
+                }
+            ],
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/config/smarthost-domains",
+                    "DEST": "/smarthost-domains",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ]
+        }
+    ]
+}

gitea/firewall-gitea-dns.json

@@ -0,0 +1,76 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "UPDATE": "true",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "gitea-app"
+                },
+                {
+                    "TARGET": "coredns"
+                },
+                {
+                    "TYPE": "udp"
+                },
+                {
+                    "TARGET_PORT": "53"
+                },
+                {
+                    "COMMENT": "gitea application access for local dns"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "",
+            "PRE_START": [],
+            "POST_START": []
+        }
+    ]
+}

gitea/firewall-gitea-smtp.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "gitea-app"
+                },
+                {
+                    "TARGET": "smtp"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "25"
+                },
+                {
+                    "COMMENT": "gitea to smtp"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

gitea/firewall-gitea.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "smarthostbackend"
+                },
+                {
+                    "TARGET": "gitea-app"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "3000"
+                },
+                {
+                    "COMMENT": "gitea"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

gitea/gitea-secret.json

@@ -0,0 +1,22 @@
+{
+    "giteapostgres": {
+        "POSTGRES_DB": "#POSTGRES_DB",
+        "POSTGRES_USER": "#POSTGRES_USER",
+        "POSTGRES_PASSWORD": "#POSTGRES_PASSWORD",
+        "POSTGRES_ROOT_PASSWORD": "#POSTGRES_ROOT_PASSWORD"
+    },
+    "giteaapp": {
+        "GITEA__database__DB_TYPE": "postgres",
+        "GITEA__database__HOST": "giteapostgres-db",
+        "GITEA__database__NAME": "#POSTGRES_DB",
+        "GITEA__database__USER": "#POSTGRES_USER",
+        "GITEA__database__PASSWD": "#POSTGRES_PASSWORD",
+        "GITEA__mailer__ENABLED": "#MAIL_ENABLE",
+        "GITEA__mailer__FROM": "#MAIL_FROM",
+        "GITEA__mailer__PROTOCOL": "#MAIL_PROTOCOL",
+        "GITEA__mailer__SMTP_ADDR": "#MAIL_SMTP_ADDR",
+        "GITEA__mailer__SMTP_PORT": "#MAIL_SMTP_PORT",
+        "GITEA__mailer__USER": "#MAIL_USER",
+        "GITEA__mailer__PASSWD": "#MAIL_PASSWORD"
+    }
+}

gitea/service-gitea.json

@@ -0,0 +1,110 @@
+{
+    "main": {
+        "SERVICE_NAME": "gitea",
+        "DOMAIN": "#DOMAIN"
+    },
+    "containers": [
+        {
+            "IMAGE": "alpine:latest",
+            "UPDATE": "true",
+            "NAME": "gitea-init",
+            "NETWORK": "host",
+            "MEMORY": "64M",
+            "VOLUMES": [
+                {
+                    "SOURCE": "USER_DATA",
+                    "DEST": "/etc/user/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "EXTRA": "--rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "ENTRYPOINT": "sh -c",
+            "CMD": "mkdir -p /etc/user/data/gitea/db && mkdir -p /etc/user/data/gitea/data && chown -R 1000:1000 /etc/user/data/gitea",
+            "PRE_START": "null",
+            "POST_START": "null"
+        },
+        {
+            "IMAGE": "postgres:15-alpine",
+            "NAME": "giteapostgres-db",
+            "UPDATE": "true",
+            "ROLES": "postgres-db",
+            "MEMORY": "256M",
+            "NETWORK": "gitea-net",
+            "SELECTOR": "giteapostgres-db",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/gitea/db",
+                    "DEST": "/var/lib/postgresql/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [
+                {
+                    "SOURCE": "null",
+                    "DEST": "5432",
+                    "TYPE": "tcp"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/gitea/gitea.json"
+            ],
+            "ENVS": [
+                {
+                    "POSTGRES_INITDB_ARGS": "--encoding=UTF8 --locale=C"
+                }
+            ],
+            "EXTRA": "--label logging=promtail_user --label logging_jobname=containers --restart unless-stopped",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": [],
+            "POST_START": []
+        },
+        {
+            "IMAGE": "gitea/gitea:latest",
+            "UPDATE": "true",
+            "NAME": "giteaapp",
+            "DNS": [
+                "coredns"
+            ],
+            "MEMORY": "512M",
+            "SELECTOR": "gitea-app",
+            "NETWORK": "gitea-net",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/gitea/data",
+                    "DEST": "/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [
+                {
+                    "SOURCE": "null",
+                    "DEST": "3000",
+                    "TYPE": "tcp"
+                },
+                {
+                    "SOURCE": "null",
+                    "DEST": "22",
+                    "TYPE": "tcp"
+                }
+            ],
+            "EXTRA": "null",
+            "ENV_FILES": [
+                "/etc/user/secret/gitea/gitea.json"
+            ],
+            "DEPEND": [],
+            "START_ON_BOOT": "true",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": [
+                "firewall-gitea-dns",
+                "firewall-gitea-smtp",
+                "firewall-gitea",
+                "domain-gitea"
+            ]
+        }
+    ]
+}

homeassistant/template.json

@@ -1,15 +1,18 @@
 {
-    "name": "homeassistant",
+    "name": "Homeassistant",
-    "description": "Home Assistant lets you automate, control, and monitor smart home devices securely from a single interface.",
+    "subtitle": "Smart Home",
+    "title": "Home Assistant",
+    "icon": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTAiIGhlaWdodD0iNTAiIHZpZXdCb3g9IjAgMCA1MCA1MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTUwIDQ2Ljc5MTZDNTAgNDguNTU2MiA0OC41OTM3IDUwIDQ2Ljg3NSA1MEgzLjEyNUMxLjQwNjI1IDUwIDAgNDguNTU2MiAwIDQ2Ljc5MTZWMjcuNTQxM0MwIDI1Ljc3NjYgMC45OTM3NSAyMy4zMTI4IDIuMjEwNDIgMjIuMDYzN0wyMi43ODk2IDAuOTM1MjQ2QzI0LjAwNDIgLTAuMzExNzQ5IDI1Ljk5MzggLTAuMzExNzQ5IDI3LjIwODMgMC45MzUyNDZMNDcuNzg5NiAyMi4wNjU2QzQ5LjAwNDIgMjMuMzEyNiA1MCAyNS43Nzg4IDUwIDI3LjU0MzRWNDYuNzkzOFY0Ni43OTE2WiIgZmlsbD0iI0YyRjRGOSIvPgo8cGF0aCBkPSJNNDcuNzg5NiAyMi4wNjI3TDI3LjIxMDQgMC45MzUyMDZDMjUuOTk1OCAtMC4zMTE3MzUgMjQuMDA2MiAtMC4zMTE3MzUgMjIuNzkxNyAwLjkzNTIwNkwyLjIxMDQyIDIyLjA2MjdDMC45OTU4MzMgMjMuMzA5NyAwIDI1Ljc3NTUgMCAyNy41NDAxVjQ2Ljc4OTZDMCA0OC41NTQxIDEuNDA2MjUgNDkuOTk3OSAzLjEyNSA0OS45OTc5SDIyLjM0NzlMMTMuODgzMyA0MS4zMDc4QzEzLjQ0NzkgNDEuNDYxOCAxMi45ODMzIDQxLjU0OTUgMTIuNSA0MS41NDk1QzEwLjE0NTggNDEuNTQ5NSA4LjIyOTE3IDM5LjU4MTcgOC4yMjkxNyAzNy4xNjQ4QzguMjI5MTcgMzQuNzQ4IDEwLjE0NTggMzIuNzgwMiAxMi41IDMyLjc4MDJDMTQuODU0MiAzMi43ODAyIDE2Ljc3MDggMzQuNzQ4IDE2Ljc3MDggMzcuMTY0OEMxNi43NzA4IDM3LjY2MzIgMTYuNjg1NCAzOC4xNDAyIDE2LjUzNTQgMzguNTg3MkwyMy4xMjUgNDUuMzUyM1YyMC41Njc1QzIxLjcwODMgMTkuODUzMSAyMC43MjkyIDE4LjM2MDIgMjAuNzI5MiAxNi42MzQyQzIwLjcyOTIgMTQuMjE3MyAyMi42NDU4IDEyLjI0OTUgMjUgMTIuMjQ5NUMyNy4zNTQyIDEyLjI0OTUgMjkuMjcwOCAxNC4yMTczIDI5LjI3MDggMTYuNjM0MkMyOS4yNzA4IDE4LjM2MDIgMjguMjkxNyAxOS44NTMxIDI2Ljg3NSAyMC41Njc1VjM3Ljk0OThMMzMuNDI5MiAzMS4yMjFDMzMuMyAzMC44MDE4IDMzLjIyOTIgMzAuMzU2OSAzMy4yMjkyIDI5Ljg5NDlDMzMuMjI5MiAyNy40NzgxIDM1LjE0NTggMjUuNTEwMyAzNy41IDI1LjUxMDNDMzkuODU0MiAyNS41MTAzIDQxLjc3MDggMjcuNDc4MSA0MS43NzA4IDI5Ljg5NDlDNDEuNzcwOCAzMi4zMTE4IDM5Ljg1NDIgMzQuMjc5NiAzNy41IDM0LjI3OTZDMzYuOTc5MiAzNC4yNzk2IDM2LjQ4MzMgMzQuMTc5IDM2LjAyMjkgMzQuMDAzNkwyNi44NzUgNDMuMzk1M1Y1MEg0Ni44NzVDNDguNTkzNyA1MCA1MCA0OC41NTYzIDUwIDQ2Ljc5MTdWMjcuNTQyMkM1MCAyNS43Nzc3IDQ5LjAwNjMgMjMuMzEzNyA0Ny43ODk2IDIyLjA2NDdWMjIuMDYyN1oiIGZpbGw9IiMxOEJDRjIiLz4KPC9zdmc+Cg==",
+    "description": "Home Assistant is free and open-source home automation software that acts as a central hub for managing and controlling smart home devices. It allows users to connect, automate, and customize their smart home setup, offering local control and privacy features. ",
     "fields": [
         {
-            "description": "Your Home Assistant domain:",
+            "description": "Domain",
             "key": "DOMAIN",
             "value": "",
             "required": "true"
         },
         {
-            "description": "Home Assistant timezone:",
+            "description": "Timezone",
             "key": "TZ",
             "value": "Europe/Budapest",
             "required": "true"

immich/service-immich.json

@@ -29,7 +29,7 @@
             "IMAGE": "tensorchord/pgvecto-rs:pg14-v0.2.0",
             "UPDATE": "true",
             "NAME": "immichpostgres-db",
-            "MEMORY": "256M",
+            "MEMORY": "768M",
             "NETWORK": "immich-net",
             "SELECTOR": "immichpostgres",
             "VOLUMES": [
@@ -49,6 +49,11 @@
             "ENV_FILES": [
                 "/etc/user/secret/immich/immich.json"
             ],
+            "ENVS": [
+                {
+                    "POSTGRES_INITDB_ARGS": "--data-checksums"
+                }
+            ],
             "EXTRA": "--restart always",
             "DEPEND": "null",
             "START_ON_BOOT": "false",
@@ -81,7 +86,7 @@
             "IMAGE": "ghcr.io/immich-app/immich-server:#IMMICH_VERSION",
             "UPDATE": "true",
             "NAME": "immichapp-app",
-            "MEMORY": "1024M",
+            "MEMORY": "1536M",
             "NETWORK": "immich-net",
             "SELECTOR": "immichapp",
             "PORTS": [
@@ -136,7 +141,7 @@
             "UPDATE": "true",
             "NAME": "immichmachine-learning",
             "ROLES": "backend-www",
-            "MEMORY": "1024M",
+            "MEMORY": "1536M",
             "NETWORK": "immich-net",
             "SELECTOR": "immichmachine-learning",
             "ENVS": [

immich/template.json

@@ -1,24 +1,28 @@
 {
-    "name": "immich",
+    "name": "Immich",
-    "description":"Immich is a photo and video backup solution that helps you securely store and manage your media across devices.",
+    "title": "Immich",
+    "subtitle": "Photos and Videos",
+    "icon": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iOTYiIGhlaWdodD0iOTYiIHZpZXdCb3g9IjAgMCA5NiA5NiIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTQ1LjMwNjkgMzIuNTE3N0M1MC41NDQ1IDM3LjE4IDU0Ljc2NTUgNDIuMTc2MyA1Ny40ODIgNDYuODg0OUM2Mi4xNDc2IDM4LjQ5NTIgNjUuMjY1MiAyOC41MjU4IDY1LjMwNDUgMjIuMTc2MkM2NS4zMDQ1IDIyLjEzMTMgNjUuMzA0NSAyMi4wOTAzIDY1LjMwNDUgMjIuMDUyMkM2NS4zMDQ1IDEyLjY1NjYgNTUuOTgyOCA5IDQ3Ljk1MjggOUMzOS45MjI5IDkgMzAuNjAxMSAxMi42NTY2IDMwLjYwMTEgMjIuMDUyMkMzMC42MDExIDIyLjE4MDMgMzAuNjAxMSAyMi4zNTIxIDMwLjYwMTEgMjIuNTU5MkMzNS4wNzcgMjQuNTU5OSA0MC4zODIzIDI4LjEzNDYgNDUuMzA2OSAzMi41MTc3WiIgZmlsbD0iI0ZBMjkyMSIvPgo8cGF0aCBkPSJNMTYuNzM0NSA1OC4xMzk2QzIwLjAwOCA1NC40Nzc1IDI1LjAzMDIgNTAuNTA4OCAzMC42OTc1IDQ3LjE1MzVDMzYuNzI2OCA0My41ODU1IDQyLjc1NzQgNDEuMDkyOCA0OC4wNTA1IDM5Ljk1MjFDNDEuNTU2NCAzMi44OTc5IDMzLjA5IDI2LjgzNTkgMjcuMDk0NiAyNC44MzY2QzI3LjA1MjYgMjQuODIzIDI3LjAxMzMgMjQuODEwNyAyNi45NzggMjQuNzk4NUMxOC4wOSAyMS44OTU2IDExLjc1MDMgMjkuNjc4OCA5LjI2OTgxIDM3LjM1NzJDNi43ODkzIDQ1LjAzNTYgNy4zNjY3MSA1NS4wNzk5IDE2LjI1NDcgNTcuOTgyOEMxNi4zNzUzIDU4LjAyMjMgMTYuNTM4IDU4LjA3NTUgMTYuNzM0NSA1OC4xMzk2WiIgZmlsbD0iI0VENzlCNSIvPgo8cGF0aCBkPSJNODYuNzMgMzcuMjI3M0M4NC4yNDk1IDI5LjU0ODkgNzcuOTA5OCAyMS43NjU3IDY5LjAyMTggMjQuNjY4NkM2OC44OTk4IDI0LjcwODEgNjguNzM3MiAyNC43NjEyIDY4LjU0MiAyNC44MjUzQzY4LjAzMzcgMjkuNzIyIDY2LjI5MTkgMzUuOTAxMyA2My42Njc1IDQxLjk2NDZDNjAuODc2NiA0OC40MTM3IDU3LjQ1NCA1My45OTQ3IDUzLjgzODkgNTguMDQ2NEM2My4yMTYyIDU5LjkxNjIgNzMuNjEwMiA1OS44MTU0IDc5LjYyODYgNTcuODkxQzc5LjY3MDYgNTcuODc3NSA3OS43MDk5IDU3Ljg2MzggNzkuNzQ1MSA1Ny44NTI5Qzg4LjYzMzEgNTQuOTQ4NiA4OS4yMTA2IDQ0LjkwNDQgODYuNzMgMzcuMjI3M1oiIGZpbGw9IiNGRkI0MDAiLz4KPHBhdGggZD0iTTQwLjAyODEgNjUuNjQ1N0MzOC41MTY3IDU4Ljc3ODIgMzguMDIxOSA1Mi4yNDA1IDM4LjU3NzcgNDYuODI3MUMyOS44OTg0IDUwLjg1NzIgMjEuNTQ4NiA1Ny4wOCAxNy44MDM0IDYyLjE5NDhDMTcuNzc3NSA2Mi4yMzAyIDE3Ljc1MzIgNjIuMjY0NCAxNy43MzE1IDYyLjI5NDNDMTIuMjM5IDY5Ljg5NjQgMTcuNjQyMSA3OC4zNjM5IDI0LjEzODkgODMuMTA4QzMwLjYzNDQgODcuODUzNCA0MC4zMTQxIDkwLjQwNDcgNDUuODA3OSA4Mi44MDI3QzQ1Ljg4MzggODIuNjk5MSA0NS45ODQxIDgyLjU2MDEgNDYuMTA0NyA4Mi4zOTI1QzQzLjY1MjYgNzguMTMwOCA0MS40NDg3IDcyLjEwMTUgNDAuMDI4MSA2NS42NDU3WiIgZmlsbD0iIzFFODNGNyIvPgo8cGF0aCBkPSJNNzguMTIyOSA2MS44MDQ5QzczLjMzMzkgNjIuODMyNSA2Ni45NTA4IDYzLjA3NjUgNjAuNDAzOCA2Mi40NEM1My40NDA2IDYxLjc2NDEgNDcuMTA1IDYwLjIxNTggNDIuMTU0OCA1OC4wMTA3QzQzLjI4MzkgNjcuNTU0OCA0Ni41OTEzIDc3LjQ2MjkgNTAuMjcxNSA4Mi42MjRDNTAuMjk3MiA4Mi42NTk1IDUwLjMyMTcgODIuNjkzNiA1MC4zNDM0IDgyLjcyMzVDNTUuODM1NyA5MC4zMjU2IDY1LjUxNTQgODcuNzc0MyA3Mi4wMTIyIDgzLjAyODhDNzguNTA3OSA3OC4yODM0IDgzLjkxMjIgNjkuODE1OSA3OC40MTk3IDYyLjIxNTJDNzguMzQzOCA2Mi4xMTE1IDc4LjI0MzUgNjEuOTcyNSA3OC4xMjI5IDYxLjgwNDlaIiBmaWxsPSIjMThDMjQ5Ii8+Cjwvc3ZnPgo=",
+    "description":"Immich is a free, open-source, self-hosted photo and video management platform designed as an alternative to Google Photos. It allows users to back up, organize, and manage their photos and videos on their own server, prioritizing privacy and control over their data.",
     "fields": [
         {
-            "description": "Your Immich domain:",
+            "description": "Domain",
             "key": "DOMAIN",
             "value": "",
             "required": "true"
         },
         {
-            "description": "Immich timezone:",
+            "description": "Timezone",
             "key": "IMMICH_TZ",
             "value": "Europe/Budapest",
             "required": "true"
         },
         {
-            "description": "Immich version:",
+            "description": "Version",
             "key": "IMMICH_VERSION",
             "value": "release",
-            "required": "true"
+            "required": "true",
+            "advanced": "true"
         },
         {
             "description": "POSTGRES database name",

jellyfin/service-jellyfin.json

@@ -29,7 +29,7 @@
             "POST_START": "null"
         },
         {
-            "IMAGE": "jellyfin/jellyfin:latest",
+            "IMAGE": "jellyfin/jellyfin:#VERSION",
             "UPDATE": "true",
             "NAME": "jellyfin",
             "NETWORK": "host",

jellyfin/template.json

@@ -1,11 +1,21 @@
 {
-    "name": "jellyfin",
+    "name": "Jellyfin",
-    "description": "Jellyfin media server lets you stream and organize your movies, TV shows, music, and photos across all your devices.",
+    "title": "Jellyfin",
+    "subtitle": "Media System",
+    "icon": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNjYiIGhlaWdodD0iNjYiIHZpZXdCb3g9IjAgMCA2NiA2NiIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTMzIDI1LjI4NzZDMzAuMTAxNCAyNS4yODc2IDIwLjc3MTcgNDIuMjA0MiAyMi4xOTQgNDUuMDYwMkMyMy42MTY0IDQ3LjkxNjMgNDIuMzk5MiA0Ny44ODUxIDQzLjgwNTkgNDUuMDYwMkM0NS4yMTI3IDQyLjIzNTQgMzUuOTAyOCAyNS4yODkgMzMgMjUuMjg3NloiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8yMl85OCkiLz4KPHBhdGggZD0iTTMzIDBDMjQuMjcwMSAwIC0zLjg0NTIzIDUwLjk3MSAwLjQ0MTcwNiA1OS41Nzg5QzQuNzI4NjQgNjguMTg2OCA2MS4zMjY2IDY4LjA4NzUgNjUuNTY2OCA1OS41Nzg5QzY5LjgwNjkgNTEuMDcwMiA0MS43MzgzIDAgMzMgMFpNNTQuMzQzOSA1Mi4xMDk3QzUxLjU2NTggNTcuNjg3MSAxNC40ODM4IDU3Ljc0OTUgMTEuNjc0NSA1Mi4xMDk3QzguODY1MjUgNDYuNDY5OSAyNy4yODY0IDEzLjA3MjEgMzMuMDA4NSAxMy4wNzIxQzM4LjczMDUgMTMuMDcyMSA1Ny4xMjIgNDYuNTMwOSA1NC4zNDM5IDUyLjEwOTdaIiBmaWxsPSJ1cmwoI3BhaW50MV9saW5lYXJfMjJfOTgpIi8+CjxkZWZzPgo8bGluZWFyR3JhZGllbnQgaWQ9InBhaW50MF9saW5lYXJfMjJfOTgiIHgxPSIxMi4zMzExIiB5MT0iMjYuOTQzOSIgeDI9IjY3LjA1NDQiIHkyPSI1OC41Mzc5IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNBQTVDQzMiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDBBNERDIi8+CjwvbGluZWFyR3JhZGllbnQ+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQxX2xpbmVhcl8yMl85OCIgeDE9IjEyLjMzMTEiIHkxPSIyNi45NDQiIHgyPSI2Ny4wNTQ0IiB5Mj0iNTguNTM4IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiNBQTVDQzMiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMDBBNERDIi8+CjwvbGluZWFyR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg==",
+    "description": "Jellyfin is a free and open-source media server and suite of applications that allows users to manage, organize, and stream their personal media collections. It is built by volunteers and emphasizes user control, privacy, and a lack of tracking or hidden agendas.",
     "fields": [
         {
-            "description": "Your Jellyfin domain:",
+            "description": "Domain",
             "key": "DOMAIN",
             "value": ""
+        },
+        {
+            "description": "Version",
+            "key": "VERSION",
+            "value": "2025081105",
+            "info": "Latest stable official version at the time of template creation.",
+            "advanced": "true"
         }
     ]
 }

leantime/domain-leantime.json

@@ -26,7 +26,7 @@
                     "TARGET": "leantime-app"
                 },
                 {
-                    "PORT": "80"
+                    "PORT": "8080"
                 },
                 {
                     "DOMAIN": "#DOMAIN"

leantime/firewall-leantime.json

@@ -58,7 +58,7 @@
                     "TYPE": "tcp"
                 },
                 {
-                    "TARGET_PORT": "80"
+                    "TARGET_PORT": "8080"
                 },
                 {
                     "COMMENT": "leantime"

leantime/service-leantime.json

@@ -115,7 +115,7 @@
             "PORTS": [
                 {
                     "SOURCE": "null",
-                    "DEST": "80",
+                    "DEST": "8080",
                     "TYPE": "tcp"
                 }
             ],

leantimedelete/template.json

@@ -1,113 +0,0 @@
-{
-    "name": "leantime",
-    "fields": [
-        {
-            "description": "Please add LeanTime domain:",
-            "key": "DOMAIN",
-            "value": "",
-            "required": "true"
-        },
-        {
-            "description": "Please add your deploy name (default is LeanTime)",
-            "key": "LEANTIME_SITENAME",
-            "value": "LeanTime"
-        },
-        {
-            "description": "Please add your deploy default language (default is en-US)",
-            "key": "LEANTIME_LANG",
-            "value": "en-US"
-        },
-        {
-            "description": "Please add your deploy default timezone (default is Europe/Budapest)",
-            "key": "LEANTIME_TZ",
-            "value": "Europe/Budapest"
-        },
-        {
-            "description": "Do you want to disable login form for public?",
-            "key": "DISABLE_LOGIN",
-            "value": "true"
-        },
-        {
-            "description": "MYSQL database name",
-            "key": "DB_MYSQL",
-            "value": "",
-            "required": "true",
-            "generated": "time|md5|10"
-        },
-        {
-            "description": "MYSQL username",
-            "key": "DB_USER",
-            "value": "",
-            "required": "true",
-            "generated": "time|md5|8"
-        },
-        {
-            "description": "MYSQL password for user",
-            "key": "DB_PASSWORD",
-            "value": "",
-            "required": "true",
-            "generated": "random|md5|12"
-        },
-        {
-            "description": "MYSQL root user password",
-            "key": "DB_ROOT_PASSWORD",
-            "value": "",
-            "required": "true",
-            "generated": "random|sha256|20"
-        },
-        {
-            "description": "Do you want to set up OIDC provider? (default is false)",
-            "key": "OIDC_ENABLE",
-            "value": "false"
-        },
-        {
-            "description": "Please add OIDC user key:",
-            "key": "OIDC_CLIENT_KEY",
-            "value": ""
-        },
-        {
-            "description": "Please add OIDC client secret:",
-            "key": "OIDC_CLIENT_SECRET",
-            "value": ""
-        },
-        {
-            "description": "Do you want to set up S3 bucket server? (default is false)",
-            "key": "LEANTIME_USE_S3",
-            "value": "false"
-        },
-        {
-            "description": "Session password",
-            "key": "SESSION_PASSWORD",
-            "value": "",
-            "required": "true",
-            "generated": "random|sha256|20"
-        },
-        {
-            "description": "Please add session expiration time in seconds (defaults is 28800)",
-            "key": "SESSION_EXPIRATION",
-            "value": "28800"
-        },
-        {
-            "description": "Please add a strong password for sessions",
-            "key": "SESSION_PASSWORD",
-            "value": "",
-            "required": "true",
-            "generated": "random|sha256|20"
-        },
-        {
-            "description": "Please set LeanTime access mode (defaults is https)",
-            "key": "SESSION_SECURITY",
-            "value": "true"
-        },
-        {
-            "description": "Please set SMTP host for sending emails",
-            "key": "LEANTIME_SMTP",
-            "value": "smtp-mail"
-        },
-        {
-            "description": "Do you want to connect an S3 bucket provider?",
-            "key": "LEANTIME_USE_S3",
-            "value": "false"
-        }
-    ]
-}

matrix/domain-matrix-admin.json

@@ -1,7 +1,7 @@
 {
     "main": {
-        "SERVICE_NAME": "leantime",
+        "SERVICE_NAME": "matrix",
-        "DOMAIN": "#DOMAIN"
+        "DOMAIN": "#ADMINDOMAIN"
     },
     "containers": [
         {
@@ -23,20 +23,20 @@
                     "PROXY": "smarthostloadbalancer"
                 },
                 {
-                    "TARGET": "leantime-app"
+                    "TARGET": "matrixadmin"
                 },
                 {
                     "PORT": "80"
                 },
                 {
-                    "LOCATION": "#LEANTIME_LOCATION_PATH"
+                    "DOMAIN": "#ADMINDOMAIN"
-                },
-                {
-                    "DOMAIN": "#DOMAIN"
                 },
                 {
                     "SMARTHOST_PROXY_PATH": "/smarthost-domains"
                 },
+                {
+                    "LOCATION": "#SUBPATH"
+                },
                 {
                     "OPERATION": "CREATE"
                 }

matrix/domain-matrix.json

@@ -0,0 +1,60 @@
+{
+    "main": {
+        "SERVICE_NAME": "matrix",
+        "DOMAIN": "#DOMAIN"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/domain-check",
+            "UPDATE": "true",
+            "MEMORY": "64M",
+            "NAME": "domain_checker",
+            "ROLES": "domain_checker",
+            "NETWORK": "host",
+            "SELECTOR": "",
+            "SCALE": "0",
+            "EXTRA": "--rm --privileged",
+            "PRE_START": [],
+            "DEPEND": [],
+            "POST_START": [],
+            "CMD": "",
+            "ENVS": [
+                {
+                    "PROXY": "smarthostloadbalancer"
+                },
+                {
+                    "TARGET": "matrixserver"
+                },
+                {
+                    "PORT": "8008"
+                },
+                {
+                    "DOMAIN": "#DOMAIN"
+                },
+                {
+                    "SMARTHOST_PROXY_PATH": "/smarthost-domains"
+                },
+                {
+                    "OPERATION": "CREATE"
+                }
+            ],
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/config/smarthost-domains",
+                    "DEST": "/smarthost-domains",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ]
+        }
+    ]
+}

matrix/firewall-matrix-admin.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "smarthostbackend"
+                },
+                {
+                    "TARGET": "matrixadmin"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "80"
+                },
+                {
+                    "COMMENT": "matrixadmin for proxy"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

matrix/firewall-matrix-dns.json

@@ -0,0 +1,76 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "UPDATE": "true",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "matrixserver"
+                },
+                {
+                    "TARGET": "coredns"
+                },
+                {
+                    "TYPE": "udp"
+                },
+                {
+                    "TARGET_PORT": "53"
+                },
+                {
+                    "COMMENT": "matrix nginx access for local dns"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "",
+            "PRE_START": [],
+            "POST_START": []
+        }
+    ]
+}

matrix/firewall-matrix-smtp.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "matrixserver"
+                },
+                {
+                    "TARGET": "smtp"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "25"
+                },
+                {
+                    "COMMENT": "matrix to smtp"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

matrix/firewall-matrix.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "smarthostbackend"
+                },
+                {
+                    "TARGET": "matrixserver"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "8008"
+                },
+                {
+                    "COMMENT": "matrix"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

matrix/matrix-secret.json

@@ -0,0 +1,29 @@
+{
+    "matrixpostgres": {
+        "POSTGRES_DB": "#POSTGRES_DB",
+        "POSTGRES_USER": "#POSTGRES_USER",
+        "POSTGRES_PASSWORD": "#POSTGRES_PASSWORD",
+        "POSTGRES_ROOT_PASSWORD": "#POSTGRES_ROOT_PASSWORD"
+    },
+    "matrixserver": {
+        "DB_TYPE": "psycopg2",
+        "POSTGRES_DB": "#POSTGRES_DB",
+        "POSTGRES_USER": "#POSTGRES_USER",
+        "POSTGRES_PASSWORD": "#POSTGRES_PASSWORD",
+        "POSTGRES_HOST": "matrixpostgres-db",
+        "DB_PORT": "5432",
+        "SYNAPSE_SERVER_NAME": "#DOMAIN",
+        "SYNAPSE_REPORT_STATS": "no",
+        "ADMIN_USERNAME": "#ADMIN_USERNAME",
+        "ADMIN_PASSWORD": "#ADMIN_PASSWORD",
+        "SYNAPSE_CONFIG_DIR": "/data",
+        "SYNAPSE_CONFIG_PATH": "/data/homeserver.yaml",
+        "SYNAPSE_DATA_DIR": "/data"
+    },
+    "matrixadmin": {
+        "REACT_APP_SERVER": "https://#DOMAIN",
+        "BASE_PATH": "#ADMINDOMAIN",
+        "ADMINDOMAIN": "#ADMINDOMAIN",
+        "SUBPATH": "#SUBPATH"
+    }
+}

matrix/service-matrix.json

@@ -0,0 +1,199 @@
+{
+    "main": {
+        "SERVICE_NAME": "matrix",
+        "DOMAIN": "DOMAIN"
+    },
+    "containers": [
+        {
+            "IMAGE": "alpine:latest",
+            "UPDATE": "true",
+            "NAME": "matrix-init",
+            "NETWORK": "host",
+            "MEMORY": "64M",
+            "VOLUMES": [
+                {
+                    "SOURCE": "USER_DATA",
+                    "DEST": "/etc/user/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/matrix/matrix.json"
+            ],
+            "EXTRA": "--rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "ENTRYPOINT": "sh -c",
+            "CMD": "mkdir -p /etc/user/data/matrix/db && mkdir -p /etc/user/data/matrix/synapse",
+            "PRE_START": "null",
+            "POST_START": "null"
+        },
+        {
+            "IMAGE": "postgres:alpine",
+            "UPDATE": "true",
+            "NAME": "matrixpostgres-db",
+            "ROLES": "postgres-db",
+            "MEMORY": "256M",
+            "NETWORK": "matrix-net",
+            "SELECTOR": "matrixpostgres-db",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/matrix/db",
+                    "DEST": "/var/lib/postgresql/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [
+                {
+                    "SOURCE": "null",
+                    "DEST": "5432",
+                    "TYPE": "tcp"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/matrix/matrix.json"
+            ],
+            "ENVS": [
+                {
+                    "POSTGRES_INITDB_ARGS": "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
+                }
+            ],
+            "EXTRA": "--restart unless-stopped",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": [],
+            "POST_START": []
+        },
+        {
+            "IMAGE": "matrixdotorg/synapse",
+            "UPDATE": "true",
+            "NAME": "matrixserver-init",
+            "ROLES": "backend-www",
+            "MEMORY": "512M",
+            "NETWORK": "matrix-net",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/matrix/synapse",
+                    "DEST": "/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/matrix/matrix.json"
+            ],
+            "EXTRA": "--rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "ENTRYPOINT": "bash -c",
+            "CMD": "if [ ! -f /data/homeserver.yaml ]; then /start.py generate ; else exit 1; fi",
+            "PRE_START": [],
+            "POST_START": []
+        },
+        {
+            "IMAGE": "safebox/matrix-setup:latest",
+            "UPDATE": "true",
+            "NAME": "matrixserver-dbinit",
+            "NETWORK": "host",
+            "MEMORY": "64M",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/matrix/synapse",
+                    "DEST": "/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/matrix/matrix.json"
+            ],
+            "EXTRA": "--rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        },
+        {
+            "IMAGE": "matrixdotorg/synapse",
+            "UPDATE": "true",
+            "NAME": "matrixserver-app",
+            "ROLES": "backend-www",
+            "MEMORY": "512M",
+            "NETWORK": "matrix-net",
+            "SELECTOR": "matrixserver",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/matrix/synapse",
+                    "DEST": "/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/matrix/matrix.json"
+            ],
+            "EXTRA": "--restart unless-stopped",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": [],
+            "POST_START": [
+                "firewall-matrix",
+                "domain-matrix"
+            ]
+        },
+        {
+            "IMAGE": "safebox/matrix-setup:latest",
+            "UPDATE": "true",
+            "NAME": "matrixserver-finalize",
+            "NETWORK": "host",
+            "MEMORY": "64M",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/matrix/synapse",
+                    "DEST": "/data",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "SHARED",
+                    "DEST": "/var/tmp/shared",
+                    "TYPE": "rw"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/matrix/matrix.json"
+            ],
+            "EXTRA": "--rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        },
+        {
+            "IMAGE": "awesometechnologies/synapse-admin",
+            "UPDATE": "true",
+            "NAME": "matrixadmin",
+            "ROLES": "backend-www",
+            "MEMORY": "128M",
+            "NETWORK": "matrix-net",
+            "SELECTOR": "matrixadmin",
+            "VOLUMES": [],
+            "PORTS": [
+                {
+                    "SOURCE": "null",
+                    "DEST": "80",
+                    "TYPE": "tcp"
+                }
+            ],
+            "EXTRA": "--restart unless-stopped",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": [],
+            "POST_START": [
+                "firewall-matrix-admin",
+                "domain-matrix-admin"
+            ]
+        }
+    ]
+}

nextcloud/domain-nextcloud.json

@@ -1,48 +1,60 @@
- {
+{
     "main": {
-      "SERVICE_NAME": "nextcloud",
+        "SERVICE_NAME": "nextcloud",
-      "DOMAIN": "#NEXTCLOUD_TRUSTED_DOMAINS"
+        "DOMAIN": "#DOMAIN"
     },
     "containers": [
-      { 
+        {
-  "IMAGE": "safebox/domain-check",
+            "IMAGE": "safebox/domain-check",
-	"UPDATE": "true",
+            "UPDATE": "true",
-  "MEMORY": "64M",
+            "MEMORY": "64M",
-	"NAME": "domain_checker", 
+            "NAME": "domain_checker",
-	"ROLES": "domain_checker", 
+            "ROLES": "domain_checker",
-	"NETWORK": "host", 
+            "NETWORK": "host",
-	"SELECTOR": "",
+            "SELECTOR": "",
-	"SCALE": "0", 
+            "SCALE": "0",
-	"EXTRA": "--rm --privileged",
+            "EXTRA": "--rm --privileged",
-	"PRE_START": [], 
+            "PRE_START": [],
-	"DEPEND": [], 
+            "DEPEND": [],
-	"POST_START": [], 
+            "POST_START": [],
-	"CMD": "",
+            "CMD": "",
-        "ENVS": [
+            "ENVS": [
-          { "PROXY": "smarthostloadbalancer" },
+                {
-          { "TARGET": "nextcloudnginx" },
+                    "PROXY": "smarthostloadbalancer"
-          { "PORT": "80" },
+                },
-          { "DOMAIN": "#NEXTCLOUD_TRUSTED_DOMAINS" },
+                {
-          { "SMARTHOST_PROXY_PATH": "/smarthost-domains" },
+                    "TARGET": "nextcloudnginx"
-	        { "OPERATION": "CREATE" }
+                },
-        ],
+                {
-        "VOLUMES": [
+                    "PORT": "80"
-          {
+                },
-       	"SOURCE": "/etc/user/config/smarthost-domains",
+                {
-        "DEST": "/smarthost-domains",
+                    "DOMAIN": "#DOMAIN"
-        "TYPE": "rw"
+                },
-          },
+                {
-	        {
+                    "SMARTHOST_PROXY_PATH": "/smarthost-domains"
-	      "SOURCE": "/etc/system/data/dns/hosts.local",
+                },
-	      "DEST": "/etc/dns/hosts.local",
+                {
-	      "TYPE": "ro"
+                    "OPERATION": "CREATE"
-	        },
+                }
-          { 
+            ],
-	      "SOURCE": "/var/run/docker.sock", 
+            "VOLUMES": [
-	      "DEST": "/var/run/docker.sock", 
+                {
-	      "TYPE": "rw" 
+                    "SOURCE": "/etc/user/config/smarthost-domains",
-          }
+                    "DEST": "/smarthost-domains",
-	    ]
+                    "TYPE": "rw"
-    }
+                },
-  ]
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ]
+        }
+    ]
 }

nextcloud/nextcloud-secret.json

@@ -1,20 +1,20 @@
 {
-    "nextcloudmysql": {
+    "nextcloudpostgres": {
-        "MARIADB_DATABASE": "#MARIADB_DATABASE",
+        "POSTGRES_DB": "#POSTGRES_DB",
-        "MARIADB_USER": "#MARIADB_USER",
+        "POSTGRES_USER": "#POSTGRES_USER",
-        "MARIADB_PASSWORD": "#MARIADB_PASSWORD",
+        "POSTGRES_PASSWORD": "#POSTGRES_PASSWORD",
-        "MARIADB_ROOT_PASSWORD": "#MARIADB_ROOT_PASSWORD"
+        "POSTGRES_ROOT_PASSWORD": "#POSTGRES_ROOT_PASSWORD"
     },
     "nextcloudphp": {
         "NEXTCLOUD_ADMIN_USER": "#NEXTCLOUD_ADMIN_USER",
         "NEXTCLOUD_ADMIN_PASSWORD": "#NEXTCLOUD_ADMIN_PASSWORD",
-        "NEXTCLOUD_TRUSTED_DOMAINS": "#NEXTCLOUD_TRUSTED_DOMAINS",
+        "DOMAIN": "#DOMAIN",
-        "OVERWRITEHOST": "#NEXTCLOUD_TRUSTED_DOMAINS",
+        "OVERWRITEHOST": "#DOMAIN",
         "NEXTCLOUD_DATA_DIR": "/var/data",
-        "MYSQL_DATABASE": "#MARIADB_DATABASE",
+        "POSTGRES_DB": "#POSTGRES_DB",
-        "MYSQL_USER": "#MARIADB_USER",
+        "POSTGRES_USER": "#POSTGRES_USER",
-        "MYSQL_PASSWORD": "#MARIADB_PASSWORD",
+        "POSTGRES_PASSWORD": "#POSTGRES_PASSWORD",
-        "MYSQL_HOST": "nextcloudmysql-db",
+        "POSTGRES_HOST": "nextcloudpostgres-db",
         "REDIS_HOST": "nextcloud-redis"
     }
 }

nextcloud/service-nextcloud.json

@@ -34,47 +34,31 @@
             "DEPEND": "null",
             "START_ON_BOOT": "false",
             "ENTRYPOINT": "sh -c",
-            "CMD": "mkdir -p /etc/user/data/nextcloud/db && mkdir -p /etc/system/log/nextcloud/db && mkdir -p /etc/user/data/nextcloud/apps && mkdir -p /etc/user/data/nextcloud/config && mkdir -p /etc/user/data/nextcloud/data && chmod 777 -R /etc/user/data/nextcloud && chmod 0770 -R /etc/user/data/nextcloud/data && chown -R 82:82 /etc/user/data/nextcloud/data && chown -R 82:82 /etc/user/data/nextcloud/apps && chown -R 82:82 /etc/user/data/nextcloud/config",
+            "CMD": "mkdir -p /etc/user/data/nextcloud/db && mkdir -p /etc/user/data/nextcloud/apps && mkdir -p /etc/user/data/nextcloud/config && mkdir -p /etc/user/data/nextcloud/data && chmod 777 -R /etc/user/data/nextcloud && chmod 0770 -R /etc/user/data/nextcloud/data && chown -R 82:82 /etc/user/data/nextcloud/data && chown -R 82:82 /etc/user/data/nextcloud/apps && chown -R 82:82 /etc/user/data/nextcloud/config",
             "PRE_START": "null",
             "POST_START": "null"
         },
         {
-            "IMAGE": "mariadb:10.5",
+            "IMAGE": "postgres:15-alpine",
             "UPDATE": "true",
-            "NAME": "nextcloudmysql-db",
+            "NAME": "nextcloudpostgres-db",
             "MEMORY": "256M",
             "NETWORK": "nextcloud-net",
-            "SELECTOR": "nextcloudmysql",
+            "SELECTOR": "nextcloudpostgres",
             "VOLUMES": [
                 {
                     "SOURCE": "/etc/user/data/nextcloud/db",
-                    "DEST": "/var/lib/mysql",
+                    "DEST": "/var/lib/postgres",
-                    "TYPE": "rw"
-                },
-                {
-                    "SOURCE": "/etc/system/log/nextcloud/db",
-                    "DEST": "/var/lib/mysql/mysql-bin",
                     "TYPE": "rw"
                 }
             ],
             "PORTS": [
                 {
                     "SOURCE": "null",
-                    "DEST": "3306",
+                    "DEST": "5432",
                     "TYPE": "tcp"
                 }
             ],
-            "READYNESS": [
-                {
-                    "tcp": "3306"
-                },
-                {
-                    "HTTP": ""
-                },
-                {
-                    "EXEC": "/ready.sh"
-                }
-            ],
             "ENV_FILES": [
                 "/etc/user/secret/nextcloud/nextcloud.json"
             ],
@@ -182,7 +166,7 @@
             ]
         },
         {
-            "IMAGE": "registry.format.hu/nextcloud-nginx:1.23.1",
+            "IMAGE": "safebox/nextcloud-nginx:latest",
             "UPDATE": "true",
             "NAME": "nextcloudnginx",
             "ROLES": "backend-www",

outline/domain-outline.json

@@ -29,7 +29,7 @@
                     "PORT": "3000"
                 },
                 {
-                    "DOMAIN": "#OUTLINE_DOMAIN"
+                    "DOMAIN": "#DOMAIN"
                 },
                 {
                     "SMARTHOST_PROXY_PATH": "/smarthost-domains"

outline/outline-secret.json

@@ -7,6 +7,31 @@
     "outlineapp": {
         "SECRET_KEY": "#SECRET_KEY",
         "UTILS_SECRET": "#UTILS_SECRET",
-        "DATABASE_URL": "postgres://#DB_USER:#DB_PASSWORD@outlinepostgres-db:5432/#DB_NAME"
+        "DATABASE_URL": "postgres://#DB_USER:#DB_PASSWORD@outlinepostgres-db:5432/#DB_NAME",
+        "SLACK_CLIENT_ID": "#SLACK_CLIENT_ID",
+        "SLACK_CLIENT_SECRET": "#SLACK_CLIENT_SECRET",
+        "GOOGLE_CLIENT_ID": "#GOOGLE_CLIENT_ID",
+        "GOOGLE_CLIENT_SECRET": "#GOOGLE_CLIENT_SECRET",
+        "AZURE_CLIENT_ID": "#AZURE_CLIENT_ID",
+        "AZURE_CLIENT_SECRET": "#AZURE_CLIENT_SECRET",
+        "AZURE_RESOURCE_APP_ID": "#AZURE_RESOURCE_APP_ID",
+        "DISCORD_CLIENT_ID": "#DISCORD_CLIENT_ID",
+        "DISCORD_CLIENT_SECRET": "#DISCORD_CLIENT_SECRET",
+        "DISCORD_SERVER_ID": "#DISCORD_SERVER_ID",
+        "OIDC_CLIENT_ID": "#OIDC_CLIENT_ID",
+        "OIDC_CLIENT_SECRET": "#OIDC_CLIENT_SECRET",
+        "OIDC_AUTH_URI": "#OIDC_AUTH_URI",
+        "OIDC_TOKEN_URI": "#OIDC_TOKEN_URI",
+        "OIDC_USERINFO_URI": "#OIDC_USERINFO_URI",
+        "OIDC_LOGOUT_URI": "#OIDC_LOGOUT_URI",
+        "OIDC_USERNAME_CLAIM": "#OIDC_USERNAME_CLAIM",
+        "OIDC_DISPLAY_NAME": "#OIDC_DISPLAY_NAME",
+        "OIDC_SCOPES": "#OIDC_SCOPES",
+        "SMTP_HOST": "#SMTP_HOST",
+        "SMTP_PORT": "#SMTP_PORT",
+        "SMTP_SERVICE": "#SMTP_SERVICE",
+        "SMTP_USERNAME": "#SMTP_USERNAME",
+        "SMTP_PASSWORD": "#SMTP_PASSWORD",
+        "SMTP_FROM_EMAIL": "#SMTP_FROM_EMAIL"
     }
 }

outline/service-outline.json

@@ -108,10 +108,10 @@
                     "DATABASE_CONNECTION_POOL_MAX": ""
                 },
                 {
-                    "REDIS_URL": "redis://outlineredis-app:6379"
+                    "REDIS_URL": "redis://outlineredis-server:6379"
                 },
                 {
-                    "URL": "https://#OUTLINE_DOMAIN"
+                    "URL": "https://#DOMAIN"
                 },
                 {
                     "PORT": 3000

outline/template.json

@@ -1,5 +1,9 @@
 {
     "name": "outline",
+    "title": "Outline",
+    "subtitle": "Knowledge Base",
+    "description": "Outline is an open-source, self-hosted knowledge management and wiki application designed for teams to organize documentation, internal knowledge bases, onboarding guides, and notes.",
+    "icon": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTAiIGhlaWdodD0iNTAiIHZpZXdCb3g9IjAgMCA1MCA1MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHJlY3Qgd2lkdGg9IjUwIiBoZWlnaHQ9IjUwIiByeD0iNyIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTMwLjMzMzMgNDIuMjUyNlY0My4zMDQ0QzMwLjMzMzMgNDQuNzkzMSAyOS4xMzk0IDQ2IDI3LjY2NjcgNDZDMjcuMjA4NyA0NiAyNi43NTg1IDQ1Ljg4MDggMjYuMzU5MyA0NS42NTM4TDEwLjM1OTMgMzYuNTU1OUM5LjUxOTY4IDM2LjA3ODQgOSAzNS4xODAzIDkgMzQuMjA2NFYxNS43OTRDOSAxNC44MjAyIDkuNTE5NjggMTMuOTIyIDEwLjM1OTMgMTMuNDQ0NkwyNi4zNTkzIDQuMzQ2NjdDMjcuNjQyOSAzLjYxNjc3IDI5LjI2ODggNC4wNzY5OSAyOS45OTA4IDUuMzc0NTdDMzAuMjE1NCA1Ljc3ODA2IDMwLjMzMzMgNi4yMzMyMSAzMC4zMzMzIDYuNjk2MTZWNy43NDc4OEwzMi4yMzM3IDcuMTcxNTZDMzMuNjQ0NCA2Ljc0Mzc2IDM1LjEzMSA3LjU1Mjk2IDM1LjU1NDIgOC45Nzg5NEMzNS42Mjg4IDkuMjMwMjkgMzUuNjY2NyA5LjQ5MTIzIDM1LjY2NjcgOS43NTM1N1YxMC44NDc5TDM4LjAwMjYgMTAuNTUyOEMzOS40NjQgMTAuMzY4MSA0MC43OTY3IDExLjQxNiA0MC45Nzk0IDEyLjg5MzJDNDAuOTkzMiAxMy4wMDQyIDQxIDEzLjExNTggNDEgMTMuMjI3NlYzNi43NzI4QzQxIDM4LjI2MTcgMzkuODA2MSAzOS40Njg2IDM4LjMzMzMgMzkuNDY4NkMzOC4yMjI3IDM5LjQ2ODYgMzguMTEyMyAzOS40NjE2IDM4LjAwMjYgMzkuNDQ3N0wzNS42NjY3IDM5LjE1MjZWNDAuMjQ3QzM1LjY2NjcgNDEuNzM1NyAzNC40NzI3IDQyLjk0MjYgMzMgNDIuOTQyNkMzMi43NDA1IDQyLjk0MjYgMzIuNDgyMyA0Mi45MDQzIDMyLjIzMzcgNDIuODI4OUwzMC4zMzMzIDQyLjI1MjZaTTMwLjMzMzMgMzkuNDM4MkwzMyA0MC4yNDdWMjUuMDAwM1Y5Ljc1MzU3TDMwLjMzMzMgMTAuNTYyMlYzOS40MzgyWk0zNS42NjY3IDEzLjU2NDZWMzYuNDM2TDM4LjMzMzMgMzYuNzcyOFYxMy4yMjc2TDM1LjY2NjcgMTMuNTY0NlpNMTEuNjY2NyAxNS43OTRWMzQuMjA2NEwyNy42NjY3IDQzLjMwNDRWNi42OTYxNkwxMS42NjY3IDE1Ljc5NFpNMTQuMzMzMyAxNy41ODcxTDE3IDE2LjIzOTJWMzMuNzYxMkwxNC4zMzMzIDMyLjQxMzNWMTcuNTg3MVoiIGZpbGw9ImJsYWNrIi8+Cjwvc3ZnPgo=",
     "fields": [
         {
             "description": "Secret key",
@@ -44,10 +48,178 @@
             "generated": "random|sha256|20"
         },
         {
-            "description": "Please add Outline domain:",
+            "description": "Domain:",
             "key": "DOMAIN",
             "value": "",
             "required": "true"
+        },
+        {
+            "description": "Slack client ID",
+            "key": "SLACK_CLIENT_ID",
+            "value": "",
+            "info": "Create a new app in your Slack workspace at https://api.slack.com/apps?new_app=1 and add 'Sign in with Slack' under 'Add features and functionality'. Set the Redirect URL to 'https://<your-domain>/auth/slack.callback'.",
+            "advanced": "true"
+        },
+        {
+            "description": "Slack client secret",
+            "key": "SLACK_CLIENT_SECRET",
+            "value": "",
+            "advanced": "true"
+        },
+        {
+            "description": "Google client ID",
+            "key": "GOOGLE_CLIENT_ID",
+            "value": "",
+            "info": "Create OAuth 2.0 credentials in Google Cloud Console at https://console.cloud.google.com/apis/credentials and set the Redirect URL to 'https://<your-domain>/auth/google.callback'.",
+            "advanced": "true"
+        },
+        {
+            "description": "Google client secret",
+            "key": "GOOGLE_CLIENT_SECRET",
+            "value": "",
+            "advanced": "true"
+        },
+        {
+            "description": "Azure client ID",
+            "key": "AZURE_CLIENT_ID",
+            "value": "",
+            "info": "Register an application in Azure AD at https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and set the Redirect URL to 'https://<your-domain>/auth/azuread.callback'.",
+            "advanced": "true"
+        },
+        {
+            "description": "Azure client secret",
+            "key": "AZURE_CLIENT_SECRET",
+            "value": "",
+            "advanced": "true"
+        },
+        {
+            "description": "Azure resource app ID",
+            "key": "AZURE_RESOURCE_APP_ID",
+            "value": "",
+            "info": "This is usually the same as the client ID, but can vary based on your Azure AD setup.",
+            "advanced": "true"
+        },
+        {
+            "description": "Discord client ID",
+            "key": "DISCORD_CLIENT_ID",
+            "value": "",
+            "info": "Create an application in Discord Developer Portal at https://discord.com/developers/applications and set the Redirect URL to 'https://<your-domain>/auth/discord.callback'.",
+            "advanced": "true"
+        },
+        {
+            "description": "Discord client secret",
+            "key": "DISCORD_CLIENT_SECRET",
+            "value": "",
+            "advanced": "true"
+        },
+        {
+            "description": "Discord server ID (optional)",
+            "key": "DISCORD_SERVER_ID",
+            "value": "",
+            "info": "(Optional) If you want to restrict login to members of a specific Discord server, provide the server ID here.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect client ID",
+            "key": "OIDC_CLIENT_ID",
+            "value": "",
+            "info": "Set up an OpenID Connect application with your provider and set the Redirect URL to 'https://<your-domain>/auth/oidc.callback'.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect client secret",
+            "key": "OIDC_CLIENT_SECRET",
+            "value": "",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect provider auth URI",
+            "key": "OIDC_AUTH_URI",
+            "value": "",
+            "info": "The authorization endpoint URL of your OpenID Connect provider.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect provider token URI",
+            "key": "OIDC_TOKEN_URI",
+            "value": "",
+            "info": "The token endpoint URL of your OpenID Connect provider.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect provider userinfo URI",
+            "key": "OIDC_USERINFO_URI",
+            "value": "",
+            "info": "The userinfo endpoint URL of your OpenID Connect provider.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect provider logout URI (optional)",
+            "key": "OIDC_LOGOUT_URI",
+            "value": "",
+            "info": "(Optional) The logout endpoint URL of your OpenID Connect provider, if supported.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect username claim",
+            "key": "OIDC_USERNAME_CLAIM",
+            "value": "preferred_username",
+            "info": "The claim in the ID token or userinfo response to use as the username. Defaults to 'preferred_username'.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect display name",
+            "key": "OIDC_DISPLAY_NAME",
+            "value": "OpenID Connect",
+            "info": "The display name for the OpenID Connect authentication option. Defaults to 'OpenID Connect'.",
+            "advanced": "true"
+        },
+        {
+            "description": "OpenID Connect scopes",
+            "key": "OIDC_SCOPES",
+            "value": "openid profile email",
+            "info": "Space-separated list of scopes to request during authentication. Defaults to 'openid profile email'.",
+            "advanced": "true"
+        },
+        {
+            "description": "SMTP host",
+            "key": "SMTP_HOST",
+            "value": "",
+            "info": "Used for sending invitation and password reset emails. Leave blank to disable email functionality.",
+            "advanced": "true"
+        },
+        {
+            "description": "SMTP port",
+            "key": "SMTP_PORT",
+            "value": "587",
+            "info": "(Optional) The port to connect to on the SMTP server. Defaults to 587.",
+            "advanced": "true"
+        },
+        {
+            "description": "SMTP service (e.g., gmail)",
+            "key": "SMTP_SERVICE",
+            "value": "",
+            "info": "Used for sending invitation and password reset emails. Leave blank to disable email functionality.",
+            "advanced": "true"
+        },
+        {
+            "description": "SMTP username (email address)",
+            "key": "SMTP_USERNAME",
+            "value": "",
+            "advanced": "true"
+        },
+        {
+            "description": "SMTP password",
+            "key": "SMTP_PASSWORD",
+            "value": "",
+            "advanced": "true"
+        },
+        {
+            "description": "From email address",
+            "key": "SMTP_FROM_EMAIL",
+            "value": "",
+            "info": "(Optional) The email address that emails will be sent from. Defaults to the SMTP username if not set.",
+            "advanced": "true"
         }
     ]
 }

pocketid/domain-pocketid.json

@@ -0,0 +1,60 @@
+{
+    "main": {
+        "SERVICE_NAME": "pocketid",
+        "DOMAIN": "#DOMAIN"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/domain-check",
+            "UPDATE": "true",
+            "MEMORY": "64M",
+            "NAME": "domain_checker",
+            "ROLES": "domain_checker",
+            "NETWORK": "host",
+            "SELECTOR": "",
+            "SCALE": "0",
+            "EXTRA": "--rm --privileged",
+            "PRE_START": [],
+            "DEPEND": [],
+            "POST_START": [],
+            "CMD": "",
+            "ENVS": [
+                {
+                    "PROXY": "smarthostloadbalancer"
+                },
+                {
+                    "TARGET": "pocketid-app"
+                },
+                {
+                    "PORT": "1411"
+                },
+                {
+                    "DOMAIN": "#DOMAIN"
+                },
+                {
+                    "SMARTHOST_PROXY_PATH": "/smarthost-domains"
+                },
+                {
+                    "OPERATION": "CREATE"
+                }
+            ],
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/config/smarthost-domains",
+                    "DEST": "/smarthost-domains",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ]
+        }
+    ]
+}

pocketid/firewall-pocketid-dns.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "coredns"
+                },
+                {
+                    "TARGET": "pocketid-app"
+                },
+                {
+                    "TYPE": "udp"
+                },
+                {
+                    "TARGET_PORT": "53"
+                },
+                {
+                    "COMMENT": "dns for pocketid-app"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

pocketid/firewall-pocketid-smtp.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "pocketid-app"
+                },
+                {
+                    "TARGET": "smtp"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "25"
+                },
+                {
+                    "COMMENT": "smtp for pocketid-app"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

pocketid/firewall-pocketid.json

@@ -0,0 +1,75 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "smarthostbackend"
+                },
+                {
+                    "TARGET": "pocketid-app"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "1411"
+                },
+                {
+                    "COMMENT": "proxy for pocketid-app"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}

pocketid/pocketid-secret.json

@@ -0,0 +1,16 @@
+{
+    "pocketidpostgres": {
+        "POSTGRES_DB": "#POSTGRES_DB",
+        "POSTGRES_USER": "#POSTGRES_USER",
+        "POSTGRES_PASSWORD": "#POSTGRES_PASSWORD",
+        "POSTGRES_ROOT_PASSWORD": "#POSTGRES_ROOT_PASSWORD"
+    },
+    "pocketidapp": {
+        "PUBLIC_APP_URL": "https://#DOMAIN",
+        "TRUST_PROXY": "true",
+        "PUID": "1000",
+        "PGID": "1000",
+        "DB_PROVIDER": "postgres",
+        "DB_CONNECTION_STRING": "postgresql://#POSTGRES_USER:#POSTGRES_PASSWORD@pocketidpostgres-db:5432/#POSTGRES_DB"
+    }
+}

pocketid/service-pocketid.json

@@ -0,0 +1,99 @@
+{
+    "main": {
+        "SERVICE_NAME": "pocketid",
+        "DOMAIN": "#DOMAIN"
+    },
+    "containers": [
+        {
+            "IMAGE": "alpine:latest",
+            "UPDATE": "true",
+            "NAME": "pocketid-init",
+            "NETWORK": "host",
+            "MEMORY": "64M",
+            "VOLUMES": [
+                {
+                    "SOURCE": "USER_DATA",
+                    "DEST": "/etc/user/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "EXTRA": "--rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "ENTRYPOINT": "sh -c",
+            "CMD": "mkdir -p /mkdir -p /etc/user/data/pocketid/db",
+            "PRE_START": "null",
+            "POST_START": "null"
+        },
+        {
+            "IMAGE": "postgres:16-alpine",
+            "NAME": "pocketidpostgres-db",
+            "UPDATE": "true",
+            "ROLES": "postgres-db patroni",
+            "MEMORY": "256M",
+            "NETWORK": "pocketid-net",
+            "SELECTOR": "pocketidpostgres-db",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/user/data/pocketid/db",
+                    "DEST": "/var/lib/postgresql/data",
+                    "TYPE": "rw"
+                }
+            ],
+            "PORTS": [
+                {
+                    "SOURCE": "null",
+                    "DEST": "5432",
+                    "TYPE": "tcp"
+                }
+            ],
+            "ENV_FILES": [
+                "/etc/user/secret/pocketid/pocketid.json"
+            ],
+            "ENVS": [
+                {
+                    "POSTGRES_INITDB_ARGS": "--encoding=UTF8 --locale=C"
+                }
+            ],
+            "EXTRA": "--label logging=promtail_user --label logging_jobname=containers --restart unless-stopped",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": [],
+            "POST_START": []
+        },
+        {
+            "IMAGE": "11notes/pocket-id:1",
+            "UPDATE": "true",
+            "NAME": "pocketidapp",
+            "DNS": [
+                "coredns"
+            ],
+            "MEMORY": "256M",
+            "SELECTOR": "pocketid-app",
+            "NETWORK": "pocketid-net",
+            "VOLUMES": [],
+            "PORTS": [
+                {
+                    "SOURCE": "null",
+                    "DEST": "1411",
+                    "TYPE": "tcp"
+                }
+            ],
+            "EXTRA": "--label logging=promtail_user --label logging_jobname=containers --restart unless-stopped",
+            "ENV_FILES": [
+                "/etc/user/secret/pocketid/pocketid.json"
+            ],
+            "DEPEND": [],
+            "START_ON_BOOT": "true",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": [
+                "firewall-pocketid",
+                "firewall-pocketid-dns",
+                "firewall-pocketid-smtp",
+                "domain-pocketid"
+            ]
+        }
+    ]
+}

pocketid/template.json

@@ -0,0 +1,43 @@
+{
+    "name": "Pocketid",
+    "title": "PocketID",
+    "subtitle": "Identity management",
+    "icon": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTAiIGhlaWdodD0iNTAiIHZpZXdCb3g9IjAgMCA1MCA1MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTQzIDBIN0MzLjEzNDAxIDAgMCAzLjEzNDAxIDAgN1Y0M0MwIDQ2Ljg2NiAzLjEzNDAxIDUwIDcgNTBINDNDNDYuODY2IDUwIDUwIDQ2Ljg2NiA1MCA0M1Y3QzUwIDMuMTM0MDEgNDYuODY2IDAgNDMgMFoiIGZpbGw9IndoaXRlIi8+CjxwYXRoIGQ9Ik0yNC40ODc4IDdDMzEuOTM4NCA3IDM4IDEzLjEzNjMgMzggMjAuNjc4N0MzOCAyMy42NDI2IDM3LjA3OSAyNi40NjMyIDM1LjMzNjIgMjguODM0MkMzMy42Mjc4IDMxLjE1OTUgMzEuMjkwMSAzMi44NDg2IDI4LjU3NTEgMzMuNzE5OEwyNy44MjQ3IDMzLjk2MUwyNi4wMzY0IDI1LjAzMTVMMjYuNTMxMSAyNC43ODkyQzI4LjE0NTkgMjMuOTk5IDI5LjE4OTYgMjIuMzE1NiAyOS4xODk2IDIwLjUwMTJDMjkuMTg5NiAxNy44NzY0IDI3LjA4MDUgMTUuNzQwOSAyNC40ODgxIDE1Ljc0MDlDMjEuODk1OCAxNS43NDA5IDE5Ljc4NiAxNy44NzY0IDE5Ljc4NiAyMC41MDEyQzE5Ljc4NiAyMi4zMTU2IDIwLjgzIDIzLjk5OSAyMi40NDQ4IDI0Ljc4OTJMMjIuOTMwMiAyNS4wMjcyTDIwLjA0OTUgNDNIMTJWN0gyNC40ODgxSDI0LjQ4NzhaIiBmaWxsPSJibGFjayIvPgo8L3N2Zz4K",
+    "description": "PocketID is an open-source identity and access management solution that provides secure and efficient user authentication and authorization for web applications and services.",
+    "fields": [
+        {
+            "description": "Domain",
+            "key": "DOMAIN",
+            "value": "",
+            "required": "true"
+        },
+        {
+            "description": "Postgres database name",
+            "key": "POSTGRES_DB",
+            "value": "",
+            "required": "true",
+            "generated": ""
+        },
+        {
+            "description": "Postgres username",
+            "key": "POSTGRES_USER",
+            "value": "",
+            "required": "true",
+            "generated": "time|md5|8"
+        },
+        {
+            "description": "Postgres password for user",
+            "key": "POSTGRES_PASSWORD",
+            "value": "",
+            "required": "true",
+            "generated": "random|md5|12"
+        },
+        {
+            "description": "Postgres root user password",
+            "key": "POSTGRES_ROOT_PASSWORD",
+            "value": "",
+            "required": "true",
+            "generated": "random|sha256|20"
+        }
+    ]
+}

roundcube/template.json

@@ -1,41 +0,0 @@
-{
-        "name": "roundcube",
-        "fields": [
-                {
-                        "description": "Please add IMAP HOST:",
-                        "key": "ROUNDCUBE_IMAP_HOST",
-                        "value": "",
-                        "required": "true"
-                },
-                {
-                        "description": "Please add IMAP PORT:",
-                        "key": "ROUNDCUBE_IMAP_PORT",
-                        "value": "143",
-                        "required": "true"
-                },
-                {
-                        "description": "Please add SMTP HOST:",
-                        "key": "ROUNDCUBE_SMTP_HOST",
-                        "value": "",
-                        "required": "true"
-                },
-                {
-                        "description": "Please add SMTP PORT (587, 465, 25, etc.):",
-                        "key": "ROUNDCUBE_SMTP_PORT",
-                        "value": "25",
-                        "required": "true"
-                },
-                {
-                        "description": "Please add UPLOAD_MAX_FILESIZE (default: 50M):",
-                        "key": "ROUNDCUBE_UPLOAD",
-                        "value": "50M",
-                        "required": "true"
-                },
-                {
-                        "description": "Please add Roundcube DOMAIN:",
-                        "key": "ROUNDCUBE_DOMAIN",
-                        "value": "",
-                        "required": "true"
-                }
-        ]
-}

vaultwarden/service-vaultwarden.json

@@ -15,44 +15,34 @@
                     "SOURCE": "USER_DATA",
                     "DEST": "/etc/user/data",
                     "TYPE": "rw"
-                },
-                {
-                    "SOURCE": "SYSTEM_LOG",
-                    "DEST": "/etc/system/log",
-                    "TYPE": "rw"
                 }
             ],
             "EXTRA": "--rm",
             "DEPEND": "null",
             "START_ON_BOOT": "false",
             "ENTRYPOINT": "sh -c",
-            "CMD": "mkdir -p /etc/user/data/vaultwarden/data && mkdir -p /etc/user/data/vaultwarden/db && mkdir -p /etc/system/log/vaultwarden/db",
+            "CMD": "mkdir -p /etc/user/data/vaultwarden/data && mkdir -p /etc/user/data/vaultwarden/db",
             "PRE_START": "null",
             "POST_START": "null"
         },
         {
-            "IMAGE": "mariadb:latest",
+            "IMAGE": "postgres:15-alpine",
             "UPDATE": "true",
-            "NAME": "vaultwardenmysql-db",
+            "NAME": "vaultwardenpostgres-db",
             "MEMORY": "256M",
             "NETWORK": "vaultwarden-net",
-            "SELECTOR": "vaultwardenmysql-db",
+            "SELECTOR": "vaultwardenpostgres-db",
             "VOLUMES": [
                 {
                     "SOURCE": "/etc/user/data/vaultwarden/db",
-                    "DEST": "/var/lib/mysql",
+                    "DEST": "/var/lib/postgres",
-                    "TYPE": "rw"
-                },
-                {
-                    "SOURCE": "/etc/system/log/vaultwarden/db",
-                    "DEST": "/var/lib/mysql/mysql-bin",
                     "TYPE": "rw"
                 }
             ],
             "PORTS": [
                 {
                     "SOURCE": "null",
-                    "DEST": "3306",
+                    "DEST": "5432",
                     "TYPE": "tcp"
                 }
             ],

vaultwarden/vaultwarden-secret.json

@@ -1,12 +1,12 @@
 {
-    "vaultwardenmysql": {
+    "vaultwardenpostgres": {
-        "MARIADB_DATABASE": "#MARIADB_DATABASE",
+        "POSTGRES_DB": "#POSTGRES_DB",
-        "MARIADB_USER": "#MARIADB_USER",
+        "POSTGRES_USER": "#POSTGRES_USER",
-        "MARIADB_PASSWORD": "#MARIADB_PASSWORD",
+        "POSTGRES_PASSWORD": "#POSTGRES_PASSWORD",
-        "MARIADB_ROOT_PASSWORD": "#MARIADB_ROOT_PASSWORD"
+        "POSTGRES_ROOT_PASSWORD": "#POSTGRES_ROOT_PASSWORD"
     },
     "vaultwardenapp": {
-        "DATABASE_URL": "'mysql://#MARIADB_USER:#MARIADB_PASSWORD@vaultwardenmysql-db:3306/#MARIADB_DATABASE'",
+        "DATABASE_URL": "'postgresql://#POSTGRES_USER:#POSTGRES_PASSWORD@vaultwardenpostgres-db:5432/#POSTGRES_DB'",
         "ADMIN_TOKEN": "#ADMIN_TOKEN",
         "VAULTWARDEN_DOMAIN": "#VAULTWARDEN_DOMAIN",
         "VAULTWARDEN_SMTP_PASSWORD": "#VAULTWARDEN_SMTP_PASSWORD"