Merge branch 'main' of ssh://synth.download:10429/sd/synth.download

2026-01-09 21:17:45 -06:00 · 2026-01-09 21:17:45 -06:00 · a736c43540
commit a736c43540
parent 2b985757c7 7405c6adea
64 changed files with 522 additions and 51 deletions
--- a/beeper/etc/containers/systemd/aode/aode-relay.container
+++ b/beeper/etc/containers/systemd/aode/aode-relay.container
@ -1,15 +1,13 @@
 [Unit]
 Description=Aode ActivityPub Relay
-Requires=network-online.target
-After=network-online.target

 [Container]
-Image=registry.hub.docker.com/asonix/relay:latest
+Image=docker.io/asonix/relay:latest
 ContainerName=aode-relay
-EnvironmentFile=/var/containers/aode/.env.secrets
-EnvironmentFile=/var/containers/aode/.env
+EnvironmentFile=/etc/containers/systemd/aode/.env.secrets
+EnvironmentFile=/etc/containers/systemd/aode/.env
 PublishPort=127.0.0.1:19438:8080
-Volume=/var/containers/aode/relay:/db:Z
+Volume=/var/containers/aode/data:/db:Z

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/ask-js/ask-js.container
+++ b/beeper/etc/containers/systemd/ask-js/ask-js.container
@ -0,0 +1,19 @@
+[Unit]
+Description=Ask.JS
+After=postgresql.service
+Requires=postgresql.service
+
+[Container]
+Image=ghcr.io/ihateblueb/ask-js:dev
+ContainerName=ask-js
+Network=ask-js.network
+Network=postgresql.network
+PublishPort=127.0.0.1:20617:3579
+Volume=/var/containers/ask-js/config:/app/config:ro,Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/ask-js/ask-js.network
+++ b/beeper/etc/containers/systemd/ask-js/ask-js.network
@ -0,0 +1,2 @@
+[Network]
+IPv6=true
--- a/beeper/etc/containers/systemd/caddy/caddy.container
+++ b/beeper/etc/containers/systemd/caddy/caddy.container
@ -1,7 +1,5 @@
 [Unit]
 Description=Caddy reverse proxy
-After=network-online.target
-Wants=network-online.target

 [Container]
 ContainerName=caddy
@ -9,8 +7,8 @@ AddCapability=NET_ADMIN
 Image=ghcr.io/zenfyrdev/caddy:latest
 Network=host
 Volume=/etc/caddy:/etc/caddy:z
-Volume=/var/containers/caddy/caddy_config:/config:z
-Volume=/var/containers/caddy/caddy_data:/data:z
+Volume=/var/containers/caddy/config:/config:z
+Volume=/var/containers/caddy/data:/data:z
 Volume=/var/log/caddy:/var/log/caddy:z
 Volume=/var/www:/var/www:z

@ -18,4 +16,4 @@ Volume=/var/www:/var/www:z
 Restart=always

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/copyparty/copyparty.container
+++ b/beeper/etc/containers/systemd/copyparty/copyparty.container
@ -0,0 +1,23 @@
+[Unit]
+Description=copyparty
+
+[Container]
+Image=docker.io/copyparty/ac:latest
+ContainerName=copyparty
+Environment=LD_PRELOAD=/usr/lib/libmimalloc-secure.so
+Environment=PYTHONUNBUFFERED=1
+HealthCmd=wget --spider -q 127.0.0.1:3923/?reset=/._
+HealthInterval=1m
+HealthTimeout=2s
+HealthRetries=5
+PublishPort=127.0.0.1:15084:3923
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/containers/copyparty/config:/cfg:Z
+Volume=/mnt/ext/copyparty:/w:z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/dind/dind.container
+++ b/beeper/etc/containers/systemd/dind/dind.container
@ -0,0 +1,25 @@
+[Unit]
+Description=Rootless Podman-in-Podman
+
+[Container]
+Image=quay.io/podman/stable
+ContainerName=dind
+AutoUpdate=registry
+SecurityLabelDisable=true
+Unmask=ALL
+AddDevice=/dev/fuse
+HealthCmd=podman info || exit 1
+HealthInterval=5s
+HealthTimeout=3s
+HealthRetries=5
+User=podman
+Volume=/var/containers/dind/data:/home/podman/.local/share/containers:Z
+Volume=/var/run/dind:/var/run/1000:z
+Exec=sh -c "podman system service --time=0 unix:///var/run/1000/docker.sock & PID=$!; while [ ! -S /var/run/1000/docker.sock ]; do sleep 0.1; kill -0 $PID 2>/dev/null || exit 1; done && chmod 0666 /var/run/1000/docker.sock && wait $PID"
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/ejabberd/ejabberd.container
+++ b/beeper/etc/containers/systemd/ejabberd/ejabberd.container
@ -0,0 +1,30 @@
+[Unit]
+Description=ejabberd
+Requires=postgresql.service
+After=postgresql.service
+
+[Container]
+Image=ghcr.io/processone/ejabberd:latest
+ContainerName=ejabberd
+Environment=CTL_ON_START=registered_users synth.download ; status
+EnvironmentFile=/etc/containers/systemd/ejabberd/.env
+Network=ejabberd.network
+Network=postgresql.network
+PublishPort=5222:5222
+PublishPort=5223:5223
+PublishPort=5269:5269
+PublishPort=5270:5270
+PublishPort=5280:5280
+PublishPort=5443:5443
+PublishPort=5478:5478
+Volume=/var/containers/ejabberd/config:/opt/ejabberd/conf:ro,Z
+Volume=/var/containers/ejabberd/files:/opt/ejabberd/upload:Z
+Volume=/var/containers/ejabberd/database:/opt/ejabberd/database:Z
+Volume=/etc/certs:/etc/letsencrypt/live:ro,z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/ejabberd/ejabberd.network
+++ b/beeper/etc/containers/systemd/ejabberd/ejabberd.network
@ -0,0 +1,2 @@
+[Network]
+IPv6=true
--- a/beeper/etc/containers/systemd/forgejo/forgejo-runner.container
+++ b/beeper/etc/containers/systemd/forgejo/forgejo-runner.container
@ -0,0 +1,21 @@
+[Unit]
+Description=Forgejo Runner
+After=dind.service
+Requires=dind.service
+
+[Container]
+Image=data.forgejo.org/forgejo/runner:4.0.0
+ContainerName=forgejo-runner
+EnvironmentFile=/etc/containers/systemd/forgejo/.env.runner
+Network=forgejo.network
+User=1001:1001
+Exec=/bin/sh -c "sleep 5; forgejo-runner daemon"
+Volume=/var/containers/forgejo/runner/data:/data:Z
+Volume=/var/run/dind/docker.sock:/var/run/docker.sock:z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/forgejo/forgejo.container
+++ b/beeper/etc/containers/systemd/forgejo/forgejo.container
@ -0,0 +1,22 @@
+[Unit]
+Description=Forgejo
+After=postgresql.service
+Requires=postgresql.service
+
+[Container]
+Image=codeberg.org/forgejo/forgejo:13
+ContainerName=forgejo
+EnvironmentFile=/etc/containers/systemd/forgejo/.env
+Network=forgejo.network
+Network=postgresql.network
+PublishPort=127.0.0.1:41807:3000
+PublishPort=10429:22
+Timezone=local
+Volume=/var/containers/forgejo/data:/data:Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/forgejo/forgejo.network
+++ b/beeper/etc/containers/systemd/forgejo/forgejo.network
@ -0,0 +1,2 @@
+[Network]
+IPv6=true
--- a/beeper/etc/containers/systemd/freshrss/freshrss.container
+++ b/beeper/etc/containers/systemd/freshrss/freshrss.container
@ -0,0 +1,21 @@
+[Unit]
+Description=FreshRSS
+Requires=postgresql.service
+After=postgresql.service
+
+[Container]
+Image=docker.io/freshrss/freshrss:latest
+ContainerName=freshrss
+EnvironmentFile=/etc/containers/systemd/freshrss/.env.secrets
+Network=freshrss.network
+Network=postgresql.network
+PublishPort=127.0.0.1:27819:80
+Volume=/var/containers/freshrss/data:/var/www/FreshRSS/data:Z
+Volume=/var/containers/freshrss/extensions:/var/www/FreshRSS/extensions:Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/freshrss/freshrss.network
+++ b/beeper/etc/containers/systemd/freshrss/freshrss.network
@ -0,0 +1,2 @@
+[Network]
+IPv6=true
--- a/beeper/etc/containers/systemd/i2pd/i2pd.container
+++ b/beeper/etc/containers/systemd/i2pd/i2pd.container
@ -0,0 +1,16 @@
+[Unit]
+Description=I2PD Daemon
+
+[Container]
+Image=ghcr.io/purplei2p/i2pd:latest
+ContainerName=i2pd
+AutoUpdate=registry
+Network=host
+Volume=/var/containers/i2pd/data:/home/i2pd/data:Z,U
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/iceshrimp/iceshrimp.container
+++ b/beeper/etc/containers/systemd/iceshrimp/iceshrimp.container
@ -7,6 +7,7 @@ After=postgresql.service
 Image=iceshrimp.dev/iceshrimp/iceshrimp.net:dev
 ContainerName=iceshrimp
 Environment=ICESHRIMP_CONFIG_OVERRIDES=/app/config/configuration.ini
+Network=iceshrimp.network
 Network=postgresql.network
 PublishPort=127.0.0.1:24042:24042
 Volume=/var/containers/iceshrimp/data/media:/data/media:Z
--- a/beeper/etc/containers/systemd/iceshrimp/iceshrimp.network
+++ b/beeper/etc/containers/systemd/iceshrimp/iceshrimp.network
@ -0,0 +1,2 @@
+[Network]
+IPv6=true
--- a/beeper/etc/containers/systemd/knot/knot.container
+++ b/beeper/etc/containers/systemd/knot/knot.container
@ -0,0 +1,19 @@
+[Unit]
+Description=Tangled Knot Server
+
+[Container]
+Image=ghcr.io/zenfyrdev/knot:latest
+ContainerName=knot
+EnvironmentFile=/etc/containers/systemd/knot/.env
+PublishPort=127.0.0.1:44131:5555
+PublishPort=20564:22
+Volume=/var/containers/knot/keys:/etc/ssh/keys:Z
+Volume=/var/containers/knot/repositories:/home/git/repositories:Z
+Volume=/var/containers/knot/data:/app:Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/mailserver/mailserver.container
+++ b/beeper/etc/containers/systemd/mailserver/mailserver.container
@ -0,0 +1,32 @@
+[Unit]
+Description=mailserver
+
+[Container]
+Image=ghcr.io/docker-mailserver/docker-mailserver:edge
+ContainerName=mailserver
+EnvironmentFile=/etc/containers/systemd/mailserver/.env.secrets
+EnvironmentFile=/etc/containers/systemd/mailserver/.env
+AddCapability=NET_ADMIN
+HealthCmd=ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1
+HealthInterval=10s
+HealthTimeout=3s
+HealthRetries=0
+HostName=mx1.synth.download
+PublishPort=25:25
+PublishPort=143:143
+PublishPort=587:587
+PublishPort=993:993
+Timezone=local
+Volume=/var/containers/mailserver/data:/var/mail:Z
+Volume=/var/containers/mailserver/state:/var/mail-state:Z
+Volume=/var/containers/mailserver/logs:/var/log/mail:Z
+Volume=/var/containers/mailserver/config:/tmp/docker-mailserver:Z
+Volume=/etc/certs/wildcard_.synth.download.crt:/etc/letsencrypt/live/synth.download/fullchain.pem:ro,z
+Volume=/etc/certs/wildcard_.synth.download.key:/etc/letsencrypt/live/synth.download/privkey.pem:ro,z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/mastodon/mastodon-darkhttpd.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-darkhttpd.container
@ -1,10 +1,8 @@
 [Unit]
 Description=Mastodon DarkHTTPD Static Server
-After=network-online.target
-Wants=network-online.target

 [Container]
-Image=registry.hub.docker.com/p3terx/darkhttpd
+Image=docker.io/p3terx/darkhttpd
 ContainerName=mastodon-darkhttpd
 Exec=/mastodon/public/system
 PublishPort=127.0.0.1:42261:80
--- a/beeper/etc/containers/systemd/mastodon/mastodon-dfdb.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-dfdb.container
@ -14,7 +14,7 @@ HealthCmd=redis-cli ping
 HealthInterval=5s
 HealthRetries=20
 Network=mastodon.network
-Volume=/var/containers/mastodon/dragonfly:/data:z
+Volume=/var/containers/mastodon/dragonfly:/data:Z

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/mastodon/mastodon-ingress.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-ingress.container
@ -6,8 +6,8 @@ After=postgresql.service mastodon-dfdb.service
 [Container]
 Image=ghcr.io/synth-download/mastodon-ingress:nightly
 ContainerName=mastodon-ingress
-EnvironmentFile=/var/containers/mastodon/.env.secrets
-EnvironmentFile=/var/containers/mastodon/.env
+EnvironmentFile=/etc/containers/systemd/mastodon/.env.secrets
+EnvironmentFile=/etc/containers/systemd/mastodon/.env
 Network=mastodon.network
 Network=postgresql.network

--- a/beeper/etc/containers/systemd/mastodon/mastodon-sidekiq.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-sidekiq.container
@ -6,8 +6,8 @@ After=postgresql.service mastodon-dfdb.service
 [Container]
 Image=ghcr.io/synth-download/mastodon:nightly
 ContainerName=mastodon-sidekiq
-EnvironmentFile=/var/containers/mastodon/.env.secrets
-EnvironmentFile=/var/containers/mastodon/.env
+EnvironmentFile=/etc/containers/systemd/mastodon/.env.secrets
+EnvironmentFile=/etc/containers/systemd/mastodon/.env
 Exec=bundle exec sidekiq
 HealthCmd=ps aux | grep '[s]idekiq 7' || false
 Network=mastodon.network
--- a/beeper/etc/containers/systemd/mastodon/mastodon-streaming.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-streaming.container
@ -6,8 +6,8 @@ After=postgresql.service mastodon-dfdb.service
 [Container]
 Image=ghcr.io/synth-download/mastodon-streaming:nightly
 ContainerName=mastodon-streaming
-EnvironmentFile=/var/containers/mastodon/.env.secrets
-EnvironmentFile=/var/containers/mastodon/.env
+EnvironmentFile=/etc/containers/systemd/mastodon/.env.secrets
+EnvironmentFile=/etc/containers/systemd/mastodon/.env
 Exec=node ./streaming/index.js
 HealthCmd=curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1
 Network=mastodon.network
--- a/beeper/etc/containers/systemd/mastodon/mastodon-web.container
+++ b/beeper/etc/containers/systemd/mastodon/mastodon-web.container
@ -6,8 +6,8 @@ After=postgresql.service mastodon-dfdb.service
 [Container]
 Image=ghcr.io/synth-download/mastodon:nightly
 ContainerName=mastodon-web
-EnvironmentFile=/var/containers/mastodon/.env.secrets
-EnvironmentFile=/var/containers/mastodon/.env
+EnvironmentFile=/etc/containers/systemd/mastodon/.env.secrets
+EnvironmentFile=/etc/containers/systemd/mastodon/.env
 Exec=bundle exec puma -C config/puma.rb
 HealthCmd=curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1
 Network=mastodon.network
--- a/beeper/etc/containers/systemd/mastodon/mastodon.network
+++ b/beeper/etc/containers/systemd/mastodon/mastodon.network
@ -1,3 +1,2 @@
 [Network]
-NetworkName=mastodon
 IPv6=true
--- a/beeper/etc/containers/systemd/mollysocket/mollysocket.container
+++ b/beeper/etc/containers/systemd/mollysocket/mollysocket.container
@ -0,0 +1,20 @@
+[Unit]
+Description=MollySocket
+
+[Container]
+Image=ghcr.io/mollyim/mollysocket:1.6-alpine
+ContainerName=mollysocket
+AutoUpdate=registry
+EnvironmentFile=/etc/containers/systemd/mollysocket/.env.secrets
+EnvironmentFile=/etc/containers/systemd/mollysocket/.env
+Exec=server
+PublishPort=127.0.0.1:19236:19236
+Volume=/var/containers/mollysocket/data:/data:Z
+WorkingDir=/data
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/pds/pds.container
+++ b/beeper/etc/containers/systemd/pds/pds.container
@ -0,0 +1,17 @@
+[Unit]
+Description=ATProto Personal Data Server
+
+[Container]
+Image=ghcr.io/bluesky-social/pds:latest
+ContainerName=pds
+EnvironmentFile=/etc/containers/systemd/pds/.env.secrets
+EnvironmentFile=/etc/containers/systemd/pds/.env
+PublishPort=127.0.0.1:24318:3000
+Volume=/var/containers/pds/data:/pds:Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/postgresql/postgresql.container
+++ b/beeper/etc/containers/systemd/postgresql/postgresql.container
@ -2,16 +2,16 @@
 Description=PostgreSQL Database

 [Container]
-Image=registry.hub.docker.com/groonga/pgroonga:latest-alpine-18
+Image=docker.io/groonga/pgroonga:latest-alpine-18
 ContainerName=postgresql
-EnvironmentFile=/var/containers/postgresql/.env
+EnvironmentFile=/etc/containers/systemd/postgresql/.env
 Network=postgresql.network
 HealthCmd=pg_isready -U postgres -d postgres
 HealthInterval=40s
 HealthTimeout=3s
 HealthRetries=20
 UserNS=keep-id:uid=999,gid=999
-Volume=/var/containers/postgresql/db:/var/lib/postgresql/data:Z
+Volume=/var/containers/postgresql/data:/var/lib/postgresql/data:Z
 Volume=/var/containers/postgresql/exp:/mnt/exp:Z

 [Service]
--- a/beeper/etc/containers/systemd/postgresql/postgresql.network
+++ b/beeper/etc/containers/systemd/postgresql/postgresql.network
@ -1,2 +1,4 @@
 [Network]
-NetworkName=postgresql
+NetworkName=postgresql
+IPv6=true
+Internal=true
--- a/beeper/etc/containers/systemd/redlib/redlib.container
+++ b/beeper/etc/containers/systemd/redlib/redlib.container
@ -0,0 +1,19 @@
+[Unit]
+Description=Redlib
+
+[Container]
+Image=quay.io/redlib/redlib:latest
+ContainerName=redlib
+AutoUpdate=registry
+EnvironmentFile=/etc/containers/systemd/redlib/.env
+HealthCmd=wget --spider -q --tries=1 http://localhost:8080/settings
+HealthInterval=5m
+HealthTimeout=3s
+PublishPort=127.0.0.1:51617:8080
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/safetwitch/safetwitch-backend.container
+++ b/beeper/etc/containers/systemd/safetwitch/safetwitch-backend.container
@ -0,0 +1,17 @@
+[Unit]
+Description=SafeTwitch Backend
+
+[Container]
+Image=codeberg.org/safetwitch/safetwitch-backend:latest
+ContainerName=safetwitch-backend
+AutoUpdate=registry
+Environment=PORT=7000
+Environment=URL=https://b.twitch.synth.download
+PublishPort=127.0.0.1:43072:7000
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/safetwitch/safetwitch-frontend.container
+++ b/beeper/etc/containers/systemd/safetwitch/safetwitch-frontend.container
@ -0,0 +1,22 @@
+[Unit]
+Description=SafeTwitch Frontend
+After=safetwitch-backend.service
+Requires=safetwitch-backend.service
+
+[Container]
+Image=codeberg.org/safetwitch/safetwitch:latest
+ContainerName=safetwitch-frontend
+AutoUpdate=registry
+Environment=SAFETWITCH_BACKEND_DOMAIN=b.twitch.synth.download
+Environment=SAFETWITCH_INSTANCE_DOMAIN=twitch.synth.download
+Environment=SAFETWITCH_HTTPS=true
+Environment=SAFETWITCH_DEFAULT_LOCALE=en
+Environment=SAFETWITCH_FALLBACK_LOCALE=en
+PublishPort=127.0.0.1:24682:8280
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/searxng/searxng-dfdb.container
+++ b/beeper/etc/containers/systemd/searxng/searxng-dfdb.container
@ -0,0 +1,24 @@
+[Unit]
+Description=SearXNG Dragonfly DB
+
+[Container]
+Image=docker.dragonflydb.io/dragonflydb/dragonfly
+ContainerName=searxng-dfdb
+Environment=DFLY_snapshot_cron="* * * * *"
+Environment=DFLY_version_check=false
+Environment=DFLY_default_lua_flags=allow-undeclared-keys
+Environment=DFLY_dbfilename=dump.rdb
+Environment=DFLY_df_snapshot_format=false
+Environment=DFLY_dir=/data
+HealthCmd=redis-cli ping
+HealthInterval=5s
+HealthRetries=20
+Network=searxng.network
+Volume=/var/containers/searxng/dragonfly:/data:Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/searxng/searxng.container
+++ b/beeper/etc/containers/systemd/searxng/searxng.container
@ -0,0 +1,20 @@
+[Unit]
+Description=SearXNG
+After=searxng-dfdb.service
+Requires=searxng-dfdb.service
+
+[Container]
+Image=docker.io/searxng/searxng:latest
+ContainerName=searxng
+AutoUpdate=registry
+PublishPort=127.0.0.1:48898:8080
+Network=searxng.network
+Volume=/var/containers/searxng/config:/etc/searxng:ro,Z
+Volume=/var/containers/searxng/cache:/var/cache/searxng
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/searxng/searxng.network
+++ b/beeper/etc/containers/systemd/searxng/searxng.network
@ -0,0 +1,2 @@
+[Network]
+IPv6=true
--- a/beeper/etc/containers/systemd/sharkey/sharkey-activity.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-activity.container
@ -1,8 +1,7 @@
 [Unit]
 Description=Sharkey's ActivityPub Federation service
-After=postgresql.service sharkey-dfdb.service network-online.target
+After=postgresql.service sharkey-dfdb.service
 Requires=postgresql.service sharkey-dfdb.service
-Wants=network-online.target

 [Container]
 ContainerName=sharkey-activity
@ -12,9 +11,9 @@ Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
 Environment=MK_ONLY_SERVER=1
 Environment=MK_DISABLE_CLUSTERING=1
 Environment=MK_NO_DAEMONS=1
-EnvironmentFile=/var/containers/sharkey/.env.secrets
-Network=postgresql.network
+EnvironmentFile=/etc/containers/systemd/sharkey/.env.secrets
 Network=sharkey.network
+Network=postgresql.network
 PublishPort=127.0.0.1:47815:3002
 Volume=/var/containers/sharkey/files:/sharkey/files:z
 Volume=/var/containers/sharkey/activity:/sharkey/.config:z
--- a/beeper/etc/containers/systemd/sharkey/sharkey-api.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-api.container
@ -1,8 +1,7 @@
 [Unit]
 Description=Sharkey's API and Web service
-After=postgresql.service sharkey-dfdb.service network-online.target
+After=postgresql.service sharkey-dfdb.service
 Requires=postgresql.service sharkey-dfdb.service
-Wants=network-online.target

 [Container]
 ContainerName=sharkey-api
@ -11,9 +10,9 @@ Environment=MISSKEY_CONFIG_YML=*.yml
 Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
 Environment=MK_ONLY_SERVER=1
 Environment=MK_DISABLE_CLUSTERING=1
-EnvironmentFile=/var/containers/sharkey/.env.secrets
-Network=postgresql.network
+EnvironmentFile=/etc/containers/systemd/sharkey/.env.secrets
 Network=sharkey.network
+Network=postgresql.network
 PublishPort=127.0.0.1:60628:3001
 Volume=/var/containers/sharkey/files:/sharkey/files:z
 Volume=/var/containers/sharkey/api:/sharkey/.config:z
--- a/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-dfdb.container
@ -14,7 +14,7 @@ HealthCmd=redis-cli ping
 HealthInterval=5s
 HealthRetries=20
 Network=sharkey.network
-Volume=/var/containers/sharkey/dfdb:/data:z
+Volume=/var/containers/sharkey/dfdb:/data:Z

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/sharkey/sharkey-media.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-media.container
@ -1,8 +1,7 @@
 [Unit]
 Description=Sharkey's Media service
-After=postgresql.service sharkey-dfdb.service network-online.target
+After=postgresql.service sharkey-dfdb.service
 Requires=postgresql.service sharkey-dfdb.service
-Wants=network-online.target

 [Container]
 ContainerName=sharkey-media
@ -12,9 +11,9 @@ Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
 Environment=MK_ONLY_SERVER=1
 Environment=MK_DISABLE_CLUSTERING=1
 Environment=MK_NO_DAEMONS=1
-EnvironmentFile=/var/containers/sharkey/.env.secrets
-Network=postgresql.network
+EnvironmentFile=/etc/containers/systemd/sharkey/.env.secrets
 Network=sharkey.network
+Network=postgresql.network
 PublishPort=127.0.0.1:57378:3003
 Volume=/var/containers/sharkey/files:/sharkey/files:z
 Volume=/var/containers/sharkey/media:/sharkey/.config:z
@ -25,4 +24,4 @@ Restart=always
 RestartSec=10s

 [Install]
-WantedBy=default.target
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/sharkey/sharkey-worker.container
+++ b/beeper/etc/containers/systemd/sharkey/sharkey-worker.container
@ -1,8 +1,7 @@
 [Unit]
 Description=Sharkey's Worker service
-After=postgresql.service sharkey-dfdb.service network-online.target
+After=postgresql.service sharkey-dfdb.service
 Requires=postgresql.service sharkey-dfdb.service
-Wants=network-online.target

 [Container]
 ContainerName=sharkey-worker
@ -10,9 +9,9 @@ Image=registry.activitypub.software/transfem-org/sharkey:develop
 Environment=MISSKEY_CONFIG_YML=*.yml
 Environment=MISSKEY_CONFIG_DIR=/sharkey/.config
 Environment=MK_ONLY_QUEUE=1
-EnvironmentFile=/var/containers/sharkey/.env.secrets
-Network=postgresql.network
+EnvironmentFile=/etc/containers/systemd/sharkey/.env.secrets
 Network=sharkey.network
+Network=postgresql.network
 Volume=/var/containers/sharkey/files:/sharkey/files:z
 Volume=/var/containers/sharkey/worker:/sharkey/.config:z
 Volume=/var/containers/sharkey/default.yml:/sharkey/.config/default.yml:ro,z
--- a/beeper/etc/containers/systemd/sharkey/sharkey.network
+++ b/beeper/etc/containers/systemd/sharkey/sharkey.network
@ -1,3 +1,2 @@
 [Network]
-NetworkName=sharkey
 IPv6=true
--- a/beeper/etc/containers/systemd/spindle/spindle.container
+++ b/beeper/etc/containers/systemd/spindle/spindle.container
@ -0,0 +1,18 @@
+[Unit]
+Description=Tangled Spindle Server
+
+[Container]
+Image=ghcr.io/zenfyrdev/spindle:latest
+ContainerName=spindle
+EnvironmentFile=/etc/containers/systemd/spindle/.env
+PublishPort=127.0.0.1:40653:6555
+Volume=/var/containers/spindle/logs:/var/log/spindle:Z
+Volume=/var/containers/spindle/data:/app:Z
+Volume=/var/run/dind/docker.sock:/var/run/docker.sock:z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/tor/tor.container
+++ b/beeper/etc/containers/systemd/tor/tor.container
@ -0,0 +1,17 @@
+[Unit]
+Description=Tor Daemon
+
+[Container]
+Image=docker.io/dockurr/tor
+ContainerName=tor
+AutoUpdate=registry
+Network=host
+Volume=/var/containers/tor/config:/etc/tor:ro,Z
+Volume=/var/containers/tor/data:/var/lib/tor:Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/vaultwarden/vaultwarden.container
+++ b/beeper/etc/containers/systemd/vaultwarden/vaultwarden.container
@ -0,0 +1,16 @@
+[Unit]
+Description=Vaultwarden
+
+[Container]
+Image=vaultwarden/server:latest
+ContainerName=vaultwarden
+EnvironmentFile=/etc/containers/systemd/vaultwarden/.env
+PublishPort=127.0.0.1:60838:80
+Volume=/var/containers/vaultwarden/data:/data:Z
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/xpost/xpost-zenfyr.container
+++ b/beeper/etc/containers/systemd/xpost/xpost-zenfyr.container
@ -3,7 +3,7 @@ Description=zenfyr's XPost

 [Container]
 Image=ghcr.io/zenfyrdev/xpost:latest
-EnvironmentFile=/var/containers/zenfyr-xpost/.env
+EnvironmentFile=/etc/containers/systemd/xpost/zenfyr.env
 Volume=/var/containers/zenfyr-xpost/data:/app/data:Z,U

 [Service]
--- a/beeper/etc/containers/systemd/yggdrasil/yggdrasil.container
+++ b/beeper/etc/containers/systemd/yggdrasil/yggdrasil.container
@ -1,7 +1,5 @@
 [Unit]
 Description=Yggdrasil Network Stack Daemon
-After=network-online.target
-Wants=network-online.target

 [Container]
 Image=ghcr.io/yggdrasil-network/yggstack:trunk
@ -9,7 +7,7 @@ ContainerName=yggdrasil
 AutoUpdate=registry
 Exec=-useconffile /etc/yggdrasil/yggdrasil.conf -remote-tcp 22:22 -remote-tcp 80:80 -remote-udp 80:80
 Network=host
-Volume=/var/containers/yggdrasil:/etc/yggdrasil:ro,Z
+Volume=/var/containers/yggdrasil/config:/etc/yggdrasil:ro,Z

 [Service]
 Restart=always
--- a/beeper/etc/containers/systemd/zitadel/zitadel.container
+++ b/beeper/etc/containers/systemd/zitadel/zitadel.container
@ -0,0 +1,20 @@
+[Unit]
+Description=Zitadel
+Requires=postgresql.service
+After=postgresql.service
+
+[Container]
+Image=ghcr.io/zitadel/zitadel:latest
+ContainerName=zitadel
+EnvironmentFile=/etc/containers/systemd/zitadel/.env
+Network=zitadel.network
+Network=postgresql.network
+PublishPort=127.0.0.1:19241:8080
+Exec=start-from-init --masterkeyFromEnv --tlsMode external
+
+[Service]
+Restart=always
+RestartSec=10s
+
+[Install]
+WantedBy=default.target
--- a/beeper/etc/containers/systemd/zitadel/zitadel.network
+++ b/beeper/etc/containers/systemd/zitadel/zitadel.network
@ -0,0 +1,2 @@
+[Network]
+IPv6=true
--- a/beeper/etc/sysctl.d/99-vm-zram-parameters.conf
+++ b/beeper/etc/sysctl.d/99-vm-zram-parameters.conf
@ -0,0 +1,4 @@
+vm.swappiness = 180
+vm.watermark_boost_factor = 0
+vm.watermark_scale_factor = 125
+vm.page-cluster = 0
--- a/beeper/etc/systemd/resolved.conf
+++ b/beeper/etc/systemd/resolved.conf
@ -0,0 +1,5 @@
+[Resolve]
+DNS=5.78.43.29#dns.vixen.computer 2a01:4ff:1f0:cebe::1#dns.vixen.computer
+FallbackDNS=1.1.1.1#one.one.one.one 2606:4700:4700::1111#one.one.one.one
+DNSOverTLS=yes
+DNSSEC=allow-downgrade
--- a/beeper/etc/systemd/system/mastodon-maintenance.service
+++ b/beeper/etc/systemd/system/mastodon-maintenance.service
@ -0,0 +1,9 @@
+[Unit]
+Description=Mastodon Maintenance Service
+Requires=mastodon-web.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/usr/bin/podman exec mastodon-web tootctl statuses remove --days 90
+#ExecStart=/usr/bin/podman exec mastodon-web tootctl accounts cull
--- a/beeper/etc/systemd/system/mastodon-maintenance.timer
+++ b/beeper/etc/systemd/system/mastodon-maintenance.timer
@ -0,0 +1,9 @@
+[Unit]
+Description=Mastodon monthly maintenance
+
+[Timer]
+OnCalendar=monthly
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/beeper/etc/systemd/zram-generator.conf
+++ b/beeper/etc/systemd/zram-generator.conf
@ -0,0 +1,3 @@
+[zram0]
+zram-size = ram
+compression-algorithm = zstd(level=3)
--- a/beeper/var/containers/ask-js/.gitkeep
+++ b/beeper/var/containers/ask-js/.gitkeep
--- a/beeper/var/containers/copyparty/.gitkeep
+++ b/beeper/var/containers/copyparty/.gitkeep
--- a/beeper/var/containers/forgejo/.gitkeep
+++ b/beeper/var/containers/forgejo/.gitkeep
--- a/beeper/var/containers/i2pd/.gitkeep
+++ b/beeper/var/containers/i2pd/.gitkeep
--- a/beeper/var/containers/knot/.gitkeep
+++ b/beeper/var/containers/knot/.gitkeep
--- a/beeper/var/containers/mollysocket/.gitkeep
+++ b/beeper/var/containers/mollysocket/.gitkeep
--- a/beeper/var/containers/pds/.gitkeep
+++ b/beeper/var/containers/pds/.gitkeep
--- a/beeper/var/containers/redlib/.gitkeep
+++ b/beeper/var/containers/redlib/.gitkeep
--- a/beeper/var/containers/searxng/.gitkeep
+++ b/beeper/var/containers/searxng/.gitkeep
--- a/beeper/var/containers/tor/.gitkeep
+++ b/beeper/var/containers/tor/.gitkeep
--- a/beeper/var/containers/vaultwarden/.gitkeep
+++ b/beeper/var/containers/vaultwarden/.gitkeep