(WIP) monitoring: attempt at container alerts

(WIP) monitoring: containers dashboard, loki storage update
WIP: containers dashboard - loki logs
2024-10-22 23:07:41 -07:00 · 2024-10-22 23:07:08 -07:00 · 2024-10-12 23:32:03 -07:00 · 2024-10-12 23:31:09 -07:00 · 2024-10-12 02:28:52 -07:00
44 changed files with 692 additions and 1541 deletions
--- a/.idea/alpina.iml
+++ b/.idea/alpina.iml
@@ -4,7 +4,7 @@
    <content url="file://$MODULE_DIR$">
      <excludeFolder url="file://$MODULE_DIR$/venv" />
    </content>
-    <orderEntry type="inheritedJdk" />
+    <orderEntry type="jdk" jdkName="Poetry (alpina) (4)" jdkType="Python SDK" />
    <orderEntry type="sourceFolder" forTests="false" />
  </component>
  <component name="PyDocumentationSettings">
--- a/.idea/jsonSchemas.xml
+++ b/.idea/jsonSchemas.xml
@@ -31,7 +31,7 @@
                <list>
                  <Item>
                    <option name="directory" value="true" />
-                    <option name="path" value="roles/alpina/templates/services/authentik/blueprints" />
+                    <option name="path" value="roles/alpina/collections/services/authentik/templates/blueprints" />
                    <option name="mappingKind" value="Directory" />
                  </Item>
                </list>
@@ -39,22 +39,6 @@
            </SchemaInfo>
          </value>
        </entry>
        <entry key="Loki">
          <value>
            <SchemaInfo>
              <option name="name" value="Loki" />
              <option name="relativePathToSchema" value="https://json.schemastore.org/loki.json" />
              <option name="applicationDefined" value="true" />
              <option name="patterns">
                <list>
                  <Item>
                    <option name="path" value="roles/alpina/templates/services/monitoring/loki_config/loki-config.yaml.j2" />
                  </Item>
                </list>
              </option>
            </SchemaInfo>
          </value>
        </entry>
        <entry key="Traefik v2">
          <value>
            <SchemaInfo>
@@ -140,6 +124,25 @@
            </SchemaInfo>
          </value>
        </entry>
        <entry key="prometheus.rules.json">
          <value>
            <SchemaInfo>
              <option name="name" value="prometheus.rules.json" />
              <option name="relativePathToSchema" value="https://json.schemastore.org/prometheus.rules.json" />
              <option name="applicationDefined" value="true" />
              <option name="patterns">
                <list>
                  <Item>
                    <option name="path" value="roles/alpina/templates/services/monitoring/prometheus_config/container-alerts.yml" />
                  </Item>
                  <Item>
                    <option name="path" value="roles/alpina/templates/services/monitoring/prometheus_config/container.alerts.yml" />
                  </Item>
                </list>
              </option>
            </SchemaInfo>
          </value>
        </entry>
      </map>
    </state>
  </component>
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -3,5 +3,5 @@
  <component name="Black">
    <option name="sdkName" value="Poetry (alpina) (2)" />
  </component>
-  <component name="ProjectRootManager" version="2" project-jdk-name="Poetry (alpina)" project-jdk-type="Python SDK" />
+  <component name="ProjectRootManager" version="2" project-jdk-name="Poetry (alpina) (4)" project-jdk-type="Python SDK" />
 </project>
--- a/README.md
+++ b/README.md
@@ -8,22 +8,6 @@ running on top of TrueNAS SCALE, separating all the docker stuff from the applia
 # Notes
 ## Monitoring
 The monitoring stack is set up to monitor all the containers and the host.
 This is a work in progress, Grafana is set up with grafanalib, a Python library that generates Grafana dashboards.
 The dashboards are generated from Python scripts in 
 [grafana_config/dashboards](roles/alpina/templates/services/monitoring/grafana_config/dashboards).
 This requires a custom grafana image, which is built from the 
 [Dockerfile](roles/alpina/templates/services/monitoring/Dockerfile).
 This also means it has to be manually rebuilt whenever the dashboards are updated.
 From the services/monitoring directory, run:
 ```bash
 docker compose up -d --build --force-recreate grafana
 ```
 ## IPv6
 The current configuration is designed to work with IPv6. 
 However, because of how (not properly) I'm doing the subnetting 
--- a/group_vars/alpina/vars.yml
+++ b/group_vars/alpina/vars.yml
@@ -14,19 +14,18 @@ authentik_secret_key: "{{ vault_authentik_secret_key }}"
 authentik_sendgrid_api_key: "{{ vault_authentik_sendgrid_api_key }}"
 auth_grafana_client_secret: "{{ vault_auth_grafana_client_secret }}"
 auth_minio_client_secret: "{{ vault_auth_minio_client_secret }}"
 auth_gitea_client_secret: "{{ vault_auth_gitea_client_secret }}"
 auth_nextcloud_client_secret: "{{ vault_auth_nextcloud_client_secret }}"
 arrstack_password: "{{ vault_arrstack_password }}"
 auth_vpgen_client_secret: "{{ vault_auth_vpgen_client_secret }}"
 # Minio
 minio_password: "{{ vault_minio_password }}"
 # Monitoring
 ## auth_grafana_client_secret:
 influxdb_admin_password: "{{ vault_influxdb_admin_password }}"
 influxdb_admin_token: "{{ vault_influxdb_admin_token }}"
 alertmanager_discord_webhook: "{{ vault_alertmanager_discord_webhook }}"
 # Traefik
 acme_email: "{{ vault_acme_email }}"
 cloudflare_api_token: "{{ vault_cloudflare_api_token }}"
@@ -49,15 +48,3 @@ jwt_secret: "{{ vault_jwt_secret }}"
 nextcloud_db_password: "{{ vault_nextcloud_db_password }}"
 redis_password: "{{ vault_redis_password }}"
 nextcloud_sendgrid_api_key: "{{ vault_nextcloud_sendgrid_api_key }}"
 # VPGen
 vpgen_opnsense_api_url: https://opnsense.cazzzer.com
 vpgen_opnsense_api_key: "{{ vault_vpgen_opnsense_api_key }}"
 vpgen_opnsense_api_secret: "{{ vault_vpgen_opnsense_api_secret }}"
 vpgen_opnsense_wg_ifname: wg2
 vpgen_ipv6_client_prefix_size: 112
 vpgen_ip_max_index: 100
 vpgen_vpn_endpoint: "{{ vault_vpgen_vpn_endpoint }}"
 vpgen_vpn_dns: "{{ vault_vpgen_vpn_dns }}"
 vpgen_max_clients_per_user: 20
--- a/group_vars/alpina/vault.yml
+++ b/group_vars/alpina/vault.yml
@@ -1,138 +1,96 @@
 $ANSIBLE_VAULT;1.1;AES256
-38376439643766303237356563616337663731366435613930393135383962666435313530663632
+32653863663065353431636364373163613536643238613961666561653663633530646165643766
-3432326162343632613565393737363335306263653032300a643539393562376162333761376631
+3833323937353331313136633965393061616135366534660a333037383066303431623830313464
-62343731316430316638363338343966326635383930623339383339653936343765316439393233
+65346431633238666534373033663138353438313762326361666233353866663534363536643034
-6562323634383363300a323233346338393764623363346139313661386433656337363332656230
+3636323439316261630a623262336331663431633266336235653034323234383566323963623365
-31306233643735333033316139363165373062363334363933396563366234316330646230353261
+32626363626164373536663464643632393761346137623866633237643038306265636362626561
-62326539663337323036346533303031333730373061656563613535376162633138306634626462
+61313634353634373530383061393364613461303132326335316566326436633635633131643433
-37313038356466336138643834643863393333373939616362636365366231383762633030313831
+31376539396639326464333233643933373737313064363262323639363964643862633035396161
-33393139313336623437396161623437323163633362363137626262653462633737373062643735
+35643037636535623966626131393538643432396536643365383736636262356135373434376433
-63353561313639393166306466346134623933323532636438656263663338376337376434356163
+32316361343330303431376234323632323932376635343964383733633761326639393966383039
-64343239616632313566656664393136363337386464613932383961343134363233653039336137
+35646131343034663962363335373661323065663764396631343461383661663738386163323633
-65656566306463313264646163646130323533666464323464643433313030346535346535323264
+36303464646532633235663662666663343238633465663334326463383133643239666634653739
-34356433343739343166383034313935666139663239653662663734343139343035616134303730
+35396130393961303230396236303766336666643930626161333338326137663235323066663032
-39643136623735666333646234346239303337333961343261383834393963386633633030633962
+33376564373563323635356233616264313663373534333636643236393866613062656338353864
-61376132313532643730633865326130666565303631386262396366306565613665363934383335
+66386132663362363832366661646462316139353132626662663934336530386534376538633235
-37376139616165396436663135373932653064656136356662363137653036383537613665393634
+62653131653835323261373435373631396466353738306362616266616532313435323633613933
-38313063656637353630373634316564383362663335356364626161663163323362333937316461
+61646132346536323632643865326234356535346566346532383162393265613931343962303463
-64336636386234623438613766316430353261346339313863306462393335636131363966363038
+31636334343736666434353835633734396465653862613234386431306463326134613931646232
-66393561323335393063663838393466656331323433376461653838313638303564666662636438
+32353535663133623434643866336165616232613662336533383432633338373763643337616637
-38663735616261656338626437336433613730353236636266316536656165303534353538316232
+38323237646461376433316164646366383438316639633162303739383263656265633364303565
-62363063376464323932383261663537393263333266633461326536656533653661303335646431
+36643339356136653332666230633939636264306431636562323864373037623138363739616561
-36616436396137343634373563386439653833306537373735353764346430616231313538636362
+37613364653737353638646564323439646138646536636564303866636233616264383466656439
-30363430613839373761363032316137636432643339383561313637376339323836353161343639
+33646232653061616437656162353036313834616162313936353533393833313432656534343363
-36316665656164396236383538346561306432333637393431393566333566633434393961663330
+35636638326236646163323463356634326534623165306461316530353936646162323435633862
-32383833396238633966393837336564626135653733383863346161663364353062303931303931
+64396464303363323837316162353734626663643962303534336637336632333463393734383532
-39653662373734643037393832643439653437353935666430373337643532346161376661633738
+66616534666466393333386337363238383432643764373864613461363766333932333862363332
-61643431633431666535333463636461613166363238373138306565643533623039353031646634
+61313364613031376334326635636432346532613462613265643462636436663963323862353733
-62383662663435346635373865633731393362623761313834393964623930646364366534333236
+38396261613332396633666130653262313234633132353264363266336231373535306532383661
-35393138346433366435313066633436393561643263343534393034373161343834633261363933
+65323530653531646339626537653433303332656535346639393466353133363833326236656231
-65376636393263663566653436633762643331336139653565663334373561353130653065653935
+33336265373463396135653730616266346331376461346433343464326238323034653330393732
-31616337313764313532303934376236623833363433336335303262643135643339613839623231
+36643432316662333633333036633761653031393433333338663633386264656535623534653463
-37343730616166323239653537313137373136626337333665633134363830626131353030393662
+36363565303333356361616539376532353066336137336134656465383364636361656664356439
-31643366386365353336326133636434303636343637643539653131316133306132643133643364
+65326334643631663665376530646433323439653864623964323363396561313663636538356536
-64636464373564383938663838613031626563613362626435383832346661306562343165643539
+63626336303862333364363166353437353163656238303765636662636137383337623563666264
-66353431393032313262393566353833343632366139656234306561366139633431653133356165
+66326633343230386638616438393436633431343264343231386563613935626430306337343533
-32363332636433626132666462626137653337646234646565303831646330333133353964626461
+66656366333332326131343661356236396430303832303834653530623639353036663436373862
-37333265623865376562663365336339353036346135363062663534643537353331623630356264
+61336437386338343965653563646664643438353232306231316564616462643236646239333062
-66386665333633383534313062623533383239383231333163663565633531666236306465633135
+38643461346639623964626438396631396139383332666130316635656530653136333662353566
-36363164636165343863363866343437636630353863316633623761373232643262623762316162
+36313261646330373963663032316662383137366436636534383366636362366435393036373264
-32613665306535626139366564616362393536336364666663333761383362393631316134373138
+34646537666462363531343335336638343038333633663862666163306662643634326533316561
-32616665363164363639303538373539346239663261373731613464333734326436666433666539
+61613235366233636530663462353066646530386265623534663336376364323237343936646134
-31656264326535626134323231646535656563363231633434636337323538343038303233363765
+31616563653864383565306439613932396562613835613562326264326535636630646666366335
-61393164316237323533313336316530316431653731343261636265393361616464323536333130
+36653631353961353933386236636534393636356334633336313333383238353838336335646630
-65346538306664663566666435393738323832396365363764333637613331356661306535376332
+63633365666530623562323634303935326362643762616532303531303139333565643835396163
-62313533306365373737643835396364363737306631346161353031633531383364636563383237
+36353130656365326435343130613234336637346461313639653133623933376163393935366266
-64633432386565356137333730313736393737303665326531356265376333663636393430386233
+66653337353732363038663164363663623266356366663637343466393836353965343730666362
-33666532616632373061633063656136646533363034363330366231653936396166663134396139
+38663636336265383331666666616535366334616431306164303738306436333364653765356662
-66393131653963386365656364666263666362316136333561326566626562616138383739346139
+37316433323563323431623164386337343563663538333435616333343433396236356363333262
-62343035646435393136656434646138376331346164663562306166646132363230333538323536
+61396664326234343136666331356465333233663135613839616334623033316362336162613731
-38643934613633373734653337666261356639353235326539356264633232343834633062336539
+38646530326538643337323838326563303130643934623939346635343331356531373235663937
-31616536663730656163626437653932313564633938643163313765393731386533323465303831
+62396530383365666439373632613633633233376139616138323033613135383330333132643839
-34353663363862363761643565633635373834623665653131613531373637386361636661376532
+65363833616337656662653462323436303531653635663739633366616532333761323238353764
-64386435643966343034643763393461373961626134346539653865636161333962333463393734
+39373836303735393165393435323139346661346135636138613731373165386533386333393364
-62343838363432396133326235323636613239326139376365353930373835313531326433326234
+32336265386334386338653734353565343733393931373436336233333031356531313739636666
-66396537636162363865663433626230316362343334653735646637613130636436633132663538
+61376234393631343236643137616631373564376132623534333939346162353662306661393438
-64623230303266373965616533346464373661363233613837613765343463306136623063313139
+32326566373934653463653737383131386431363664333535626361646637613632383132623533
-31383039343462363536646636653736316362356565326538636331646235373162663332313961
+32343465366562363765353366333330633631353936613930376631336538306230626632303966
-64623061636638666234623336656365383165626461323561343930316432313632316332306334
+31343936386535663165663066663862656439306363326337313561396132316338363930323632
-61376430303835383934396266303564363230313735366464386134393265326334663633663632
+33313061623534373338623931663934396339633564353533626639373837323832366132343538
-38643034393737303963643733656333316137646435653666353239373738373632383561646333
+63373862663137306665383732303863343564343830636233613139666631626532373938386663
-65363865353362383832643238363332613931343038366563316163303764323936316466666364
+35646331646462356639383964373732393866653963643832633661323430323430613330633364
-31373439383661656336653431666164393833643266656133383137376133636134643137663532
+35343262366362646165383032333236623863656264353964623136643631326135623538306261
-33353531663336346562653339616430333133363232336461353937303435346337363932306133
+37393839343331653665356131343063316232303963636462653238333466636334616435666463
-37623164343462363830323263323664303334633563313439376232303031633633316636383164
+65636662383930353238623130363834616137643830633261646338363435343839633565303562
-66306238333432333635653435383138383339343837346134613630353335656335663062326132
+37623231396163346464303464333962336261353634396236613132306464643764356265656137
-65323638343963623062663638366538363162343230323262616138373239653163623832313366
+32373263613964396430646332666235303634373431643939623963633334326135626565656662
-65323834383631646164316363383636643437346435313030656362653332653635343066666232
+30646166303732643562653166633232666635343665616665653566316632303861613861313333
-39346235383265326262306434383861653138393835663863383032363664323565316165646566
+38393636663137333231613239353661656338333536656563616237343234623031363535666637
-61646238393062373131346536343533663839313831383335316363343465663130633133393436
+61343662663965663161666436366630366432363733663537613064386130326466343366383232
-66333465633636353639663836376561353839613533346164366238353833636534633338313262
+32363662343561666665323565356163383932336361656132373263363239636666613461366339
-30656433376362346333303630643639353262323532666238633764363132303161326638643761
+31323264393866386239353333386161643330343262366666323533303737373163313262313766
-36616131636538613539383935613337643930333334613566393031646630383330656164363361
+61303638366263346232353134333431613730386431623235323537323962666133613939353762
-37306536356164633831626362653364313164356235653464333633313263383032333439626434
+63326361633630323937353163383930626336663365626532613031623532393932316138353335
-65376531396661636661303831393062666362623966353739303330393631323963373564353265
+32363262393764663135393466616639373965313238323935383531633434633038663437646662
-61343862323737336238356231626561396333386264666563356235333339653538626130623936
+31633265373937316533373332316132363061386133356231623230393739326464333761336338
-63326431316538346534313764356333396565666431633833613337323136643137306166623238
+38626234646164616265633061346239363164376532383834356435346232653065326362343363
-66393561333137373964353935323930636237366433613038383761643665363330323865386133
+39613532356166633133626563643238373661323937353635343464666339323561326136623366
-37623339613733353366656637383030623663313639363334656361623035643232626633313864
+62633637656462376136633963653263346565366563646533373431613761616231653739613537
-36346564653766646333613763616163363462613937656534363461376235613064373039326165
+32343332356435393635363837396463613165626337346235303363613764306132343539333836
-32666265383065636232613632333830633439653066653666663261646536663434393535613131
+63386633626332396339383165303166653334663239313066666632356165643161356262346230
-30373062313765663038313534623165653833623330383032363063393239373234636630646561
+32636365636364663466343939663538386439343336303537636230306263643534653339313538
-38633962363530666638666630316434613462656335613236363831313863613030636539356133
+31373165363962373337636138336561336638633762373363646139366339323031313664306534
-66386133383433663964306661636131633236633935633236623530373864646363383534383735
+30623130663037323839666166323162393065643535663866383062356330633137343239316436
-63633165626464333332303331333338313838393832626637626137316338643136336333633930
+32303132393739653363376138633430313832383165663366626436653033663637616664346632
-61346436336635656639616261383666336330333862303139633137373362303033653432613039
+63633439663734393236343265323533633639316133323336373064633138363266316135363335
-35623663353538323761623839623438646363313164356631386364356533346133333334326565
+31336637666331333139306537333565333064666433653730633430336261656665613263663937
-32303837663261386463313535373765356166376165386535623838326431616564346632363732
+64313230656333373838346439623061393164393239393934306336373063303934663334353532
-62373231356530346632373134343865303532326136653731633038353066623435336462303138
+31313637623466313835313566616161376230343532653561343364383133653736646338303631
-37363039343433613939363663623135396636396433653362666164323237393664623564393532
+36356164303630303433356332343630616465383831623036383833393330663566616333653161
-61376463336564396537366365373936333666373432376566323864343735636264643139643063
+63393361643266323336393962663263323338633634633033393762656139393665353630633637
-66396230303336633438666234336434353866323637316334313162363734623763666338336234
+39386462303731396261613961613238616237373332656361303139633763303837653765623464
-39303330343035333864396631323231363134646238323065356138633131323135613133356237
+64333565666532653864383861333433353731343161613231383836353966353636373762306132
-34373562633430613062313261363939373632313838333934303165336562663839663833383763
+35333536373939656638356333383135313231306433656536383933623634653263353434393238
-39316632656561653033613933373861366361353761346539306234366538373461373930306535
+32323037666135316337633465666335376332326633346665643333656139386465353134356636
-66623430343336333033306135303639646566393336663538313430616364653933663536386535
+36333434303538326135346539313734393939353163316666366438613133333464623732666438
-64323962353734356134656361663131376564626461386233643731393664353038626464313763
+663934323030303937623038343662646163
 64396265373737313134613962376334373965353338303363303935353538643561336461393032
 37356434343837376534663938366434343063643966643965346465636166363235643635333466
 38323664366366663363616664336165653264633437393636363866316262303432356461386330
 63326539626363333331366162363230626462656633653866383331333164663734633630353265
 63303832376230646136346261383965626633613739616330666232376366613332663839336531
 32343031336363663865643165666435623462376130326433316562363530343662366432313031
 63626538656633346563663735323030363231643933326337613634376531636235333339373633
 66353362333265343964353966383363613336636536393734363363623363316532653533633434
 39333162303834353362323362656630343733653336613065333462626637303264653361393462
 32336238326535383662636465383832346438333230666662633430303964343236626331623536
 65383666316431646538396661386332323037383666336138666135613763363633343934663836
 32656362323631303732613235663135633939643165626231373162643963613637626235613365
 32326266323431636434633234333730373836373039666137663232323539396364373061393232
 30646432666365333336333836313333363537363163383034656136383164663331373632313564
 34353731363338323438366464663938393632626530323537306233613866356234323364373766
 34326662656263383864613538326536626133386532303932326362376632363631356535393937
 33346462336636656165316166363364343330383337636361656438383661333366633532616131
 37313033623430663039626131303933316561666233613666636433363537373264653331323136
 66663532653233373735326333333738663931343735306262353831303330633136623966316431
 39316462313066336536623438626163383139343532313932316435356431323865373035343465
 30346237393531353833616136323431376530333635633632666431313938643539363831313539
 38396338336136363165323135663836336139623865666631663237616664636233653663383965
 39623665656563316334323738323730306631636565393662313536353565383033653365663461
 38326432353166376438356238386161396638666131636536356333393563613461373263346538
 36656138353762323662363061613764633466303566353338626666646533616137393336333333
 30393733316636353266653039346237363830333831383535646531616130353534633062643135
 64373533646462313035383236333866313866366130663863363162613234393762646662666233
 30653666353333366365343036643462346361303536363935396133343166303339623461376563
 39333163636466646534356337656431376663623833303235303534633634386665636162346634
 34646665633639663763316339663539663261333436363935316334656330313835616138626237
 35623363393532633937653132303635396536646635633062393661616538303631663136363038
 35623539303963383063343338653130643233636537356264323238633839303337383665393333
 36303330393638643464646535653833626531343634626531396261363139326336623765623039
 32613237636366376463343766303964336661363432646436373963626537373137396661633766
 63633830663035663764303634643662333464353234646232343066306131336533396435313239
 66366630643564313665306130656463633065646430373334336664633264353336376439666137
 65366537366462623136353539373961333238373733663837373430663865643334393565333861
 35363035343561633164613631633532623164376339633630393633396437333034376339656538
 32653030626434326632386635383739663932393331333062656565303939373566653031613839
 31363162666330393232646562333833633266643165316464623533623539356339333365623966
 65323638396531346261303835373138333262323466656263643737343734303237303638353036
 3733
--- a/inventories/prod/group_vars/alpina/vars.yml
+++ b/inventories/prod/group_vars/alpina/vars.yml
@@ -9,12 +9,6 @@ wg_psk: "{{ vault_wg_psk }}"
 wg_addresses: "{{ vault_wg_addresses }}"
 fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
-# Authentik External OAuth
+# Authentik GitHub OAuth
 github_consumer_key: 32d5cae58d744c56fcc9
 github_consumer_secret: "{{ vault_github_consumer_secret }}"
 google_consumer_key: 606830535764-9vc8mjta87g9974pb7qasp82cpoc1d3a.apps.googleusercontent.com
 google_consumer_secret: "{{ vault_google_consumer_secret }}"
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.100
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
--- a/inventories/prod/group_vars/alpina/vault.yml
+++ b/inventories/prod/group_vars/alpina/vault.yml
@@ -1,27 +1,21 @@
 $ANSIBLE_VAULT;1.1;AES256
-64376262343730306465343137353235393430646535633031646432363631643061656336313962
+61656162363565633436373135333536623561663136303736393865623830633539376362363363
-6661643832613835353937313832393762613430616338360a356137373036343037316635666366
+3938333137343336626634346262363964316563643261310a366538363037343965363766646535
-62643132656233663933353239653438316238353363326539353038383436613038356137643836
+61636239326464373039333462653562373933396665393039633266326234663335363337666439
-6265373939326266640a376162333266313333653339383533303639393932373266356361313763
+6137323332303533640a383062383135633762323561313666636566306531306636633466316536
-65346235626430323232393161643932316161383564393663343039626431366130353066636265
+66623731626266333731303336323733343336626366343833633365616330343565363035323039
-63643639383162326235373636393435316338393431393166663835623739356562633435373438
+35313961383131616133386663376331336639633137383137346164353632653939363266613562
-30393630623261353134313038643464306637383738303163353937316261313263613264393939
+36316631366661353632386230306532633862393963663465383862653964646462666334396666
-37363037616230623732663866656665666664393835313836393237303234303866393437393833
+66626636353539316266343937623662613336616331626439306538363764636366656635356639
-34376335353133613938663861323062623763323463316563363439623030653033373538323436
+30663535393366383261333832356237373230663037373638303161303534636230616464636265
-38333863353333323364396431373030386636366330323562663831376531333661613337303835
+37623938303638646233346338616239393838396433313063343065386666323264646461373032
-35643464396332333436633036326563613863636238353837643965303862636665303362336162
+63376661646139316430303533643063336634333364643231336130613638626431623732646434
-34623430353061613364643436343736613734326332316465356333626534303166636638336236
+63643833353164313465633333646232653761356333323933396666323837656334343866363762
-36613362666337616635316330396635616165346666396465303861386162353836333332663931
+39646263653137356632323534356631366531636530613736343438393136363835373435636230
-64663838646332316363376339666632336238613365636666623137663564313665363461393163
+30313163386335353935663432323033326235653963653930396235373863373232666334326661
-35303735613734393439376339396466643065316432383236393633376461316534623535396464
+34336632666365666563326366376461386130343965363832343430396537323734363533353065
-62386464396534333561323539646336623464623033333835356439353632373033373736393134
+64313837623366356261383437306465633730353332636561333462356363326132313933653234
-30666435306632336433383562303238363361313735323439366638333033653761393061303130
+66363634333664333433613466396639306436353035346134373430663532373934343861323262
-36633536356264376366383335623534323436383361373037383931313766353534363663336462
+30666664336336393835346234316238613839326436363162626439376530306133343530303365
-39353064306439306135623863643163393762333366303665623432386462333466626535613464
+65393030633237333166336637363435646435323736353461333932366638333264333239373733
-65613031666530303163353534323032396264666464303639383038343537303839633831373039
+30623062643336643431
 61323437313737623530663532626530613935353431306138623239386136323334636163343432
 65633933643630643634336639393866353739653638656366356163343132656666336232643731
 65363639623262613132646366353235626237646532373233626162643434396362313033653637
 36333035646634616138313863386637346466393262363833313135343964666630623736343666
 64373638333066343666306334366332366530623138306636633166613739363635303138633434
 3439326265613564666639363362643037653733393336363232
--- a/inventories/staging/group_vars/alpina/vars.yml
+++ b/inventories/staging/group_vars/alpina/vars.yml
@@ -9,12 +9,6 @@ wg_psk: "{{ vault_wg_psk }}"
 wg_addresses: "{{ vault_wg_addresses }}"
 fw_vpn_input_ports: "{{ vault_fw_vpn_input_ports }}"
-# Authentik External OAuth
+# Authentik GitHub OAuth
 github_consumer_key: dbacb8621c37320eb745
 github_consumer_secret: "{{ vault_github_consumer_secret }}"
 google_consumer_key: 606830535764-pec4b3sa2tohim3u9jl2jmnl1see46q1.apps.googleusercontent.com
 google_consumer_secret: "{{ vault_google_consumer_secret }}"
 # VPGen
 vpgen_ipv4_starting_addr: 10.18.11.50
 vpgen_ipv6_starting_addr: "{{ vault_vpgen_ipv6_starting_addr }}"
--- a/inventories/staging/group_vars/alpina/vault.yml
+++ b/inventories/staging/group_vars/alpina/vault.yml
@@ -1,27 +1,21 @@
 $ANSIBLE_VAULT;1.1;AES256
-66646463303166643563376162636432643963336537343738383763653232316661383864373761
+63633535633462326534626562373461373363643166383961303861623531663263323534366537
-3539643230626437623736353630663865376630663765650a666266663366393833396461303665
+3263633238646439306430356365623233313838326639350a386633363434623737313565316535
-61663961623036383039323239333361396564343836363662326237666464363439643336613336
+33393734633937333637373432366132323366343836393538366339626235613937323066613666
-6562666639313461330a613831316232623963396136343638643133376430373634316133653432
+3737393262646333390a623331333461373563313166323232343234616538623433376166313532
-65633339623833303866343130386433633065326466333636353362306362663830333934393364
+32323834346336336164343938303062336438643566343866316164643535663039326331646465
-35613338316631333438623230623131626431633930313664616237396666326665633965373333
+36666162393365323633646635333666613030386265306238633434303234336439646663356363
-33636234666561656333623836633562363130346665623839353734616437303562623530613432
+63323638373035326465633934326363316364616539613462653232393465633233366666373664
-31313037366232613335613262336334393966326139633332613733326335383130316265613038
+66616361646564303530356331323864343966633736643434653237316236363063613634646438
-35366162623737666331636435643234383634663964666465666563396262336134306636343830
+35303238646632616465643264316164363139393834626362326538613033656464323435396638
-30373831393232373664666564316134316266376134323538366130383962396566386161303461
+31346631653764303332386331663361623766333332366537313634636333346538653537346631
-31336333633135323631373763346631656132346334356233303630643166323565393736336236
+62363438303036386530633236376633326162336434343861346261373835653735323161323965
-39343231313132316663613734323833303935333162643862623632316662653736303266336635
+62353965373164616537346134303232363033323134323130316439386339613966646330666533
-37316435633464343761656262326538633730616239366330363736323761653061306139623335
+65346239383230646565346133663530613462363532663562326136376233303638323332326630
-33363066383636633461353534396433653161393132313034373165653563646234653764306539
+35656432363563653663616236393932663637323139666664636237336136366438656666633865
-32653239613566653762613364653863313334653437646166643537633530613463653966383538
+66353162656364356638313236643131613830393838636264663833343461373963613431656364
-37343834326162393739333066623066613566313265626562333537366230393938613931366638
+32303331623033303433333631313038316336653638656638373031653234356164333363336532
-36316364383361366461396136353063363233353865373062643963646266643763363938376265
+37316334353463376562643138346633613633353536653939376564333166323931353634333736
-34623333316264383035373266313437353161666537376535333830616435383830366166316136
+63616133663266383339323562343265613461623865623263623139396163343065623264366230
-33643132316534383466343366303764633031353961363033663662636364613132343862653066
+32633362336335396562366563363830636133376238646433386236666461333731353337386333
-39376136323662383866666136656361396263666338623133346436353938316464346363303761
+61323931643766326338
 39656133653736646137396437396133373765376337623832653232383531663930663037323462
 66373630633737356138333532333265393964313739336363663265613363636464623232316539
 37353164393965616363346666303330613438306136363037313065666662656535356437663262
 37306264626431396336326362653764316536396366393533336164663861366462653964656465
 64366139333535383065643033343632323837633036323439376134373966613739626261376436
 3133326138613735316230353965656239303263386638373339
--- a/poetry.lock
+++ b/poetry.lock
@@ -1,28 +1,28 @@
-# This file is automatically @generated by Poetry 1.8.4 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
 [[package]]
 name = "ansible"
-version = "10.7.0"
+version = "10.5.0"
 description = "Radically simple IT automation"
 optional = false
 python-versions = ">=3.10"
 files = [
-    {file = "ansible-10.7.0-py3-none-any.whl", hash = "sha256:0089f08e047ceb70edd011be009f5c6273add613fbe491e9697c0556c989d8ea"},
+    {file = "ansible-10.5.0-py3-none-any.whl", hash = "sha256:1d10bddba58f1edd0fe0b8e0387e0fafc519535066bb3c919c33b6ea3ec32a0f"},
-    {file = "ansible-10.7.0.tar.gz", hash = "sha256:59d29e3de1080e740dfa974517d455217601b16d16880314d9be26145c68dc22"},
+    {file = "ansible-10.5.0.tar.gz", hash = "sha256:ba2045031a7d60c203b6e5fe1f8eaddd53ae076f7ada910e636494384135face"},
 ]
 [package.dependencies]
-ansible-core = ">=2.17.7,<2.18.0"
+ansible-core = ">=2.17.5,<2.18.0"
 [[package]]
 name = "ansible-core"
-version = "2.17.7"
+version = "2.17.5"
 description = "Radically simple IT automation"
 optional = false
 python-versions = ">=3.10"
 files = [
-    {file = "ansible_core-2.17.7-py3-none-any.whl", hash = "sha256:64d4f0a006687a5621aa80dca54fd0c5ae75145b7aac8c1b8d7f07a1399c4705"},
+    {file = "ansible_core-2.17.5-py3-none-any.whl", hash = "sha256:10f165b475cf2bc8d886e532cadb32c52ee6a533649793101d3166bca9bd3ea3"},
-    {file = "ansible_core-2.17.7.tar.gz", hash = "sha256:3aaab735d6c4e2d6239bc326800dc0ecda2a1490caa8455b41084ec0bc54dacf"},
+    {file = "ansible_core-2.17.5.tar.gz", hash = "sha256:ae7f51fd13dc9d57c9bcd43ef23f9c255ca8f18f4b5c0011a4f9b724d92c5a8e"},
 ]
 [package.dependencies]
@@ -52,19 +52,19 @@ release = ["twine"]
 [[package]]
 name = "attrs"
-version = "24.3.0"
+version = "24.2.0"
 description = "Classes Without Boilerplate"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.7"
 files = [
-    {file = "attrs-24.3.0-py3-none-any.whl", hash = "sha256:ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308"},
+    {file = "attrs-24.2.0-py3-none-any.whl", hash = "sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"},
-    {file = "attrs-24.3.0.tar.gz", hash = "sha256:8f5c07333d543103541ba7be0e2ce16eeee8130cb0b3f9238ab904ce1e85baff"},
+    {file = "attrs-24.2.0.tar.gz", hash = "sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346"},
 ]
 [package.extras]
 benchmark = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-codspeed", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
 cov = ["cloudpickle", "coverage[toml] (>=5.3)", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
-dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit-uv", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
+dev = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pre-commit", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
 docs = ["cogapp", "furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
 tests = ["cloudpickle", "hypothesis", "mypy (>=1.11.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"]
 tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
@@ -150,51 +150,51 @@ pycparser = "*"
 [[package]]
 name = "cryptography"
-version = "44.0.0"
+version = "43.0.1"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
-python-versions = "!=3.9.0,!=3.9.1,>=3.7"
+python-versions = ">=3.7"
 files = [
-    {file = "cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123"},
+    {file = "cryptography-43.0.1-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b15492a11f9e1b62ba9d73c210e2416724633167de94607ec6069ef724fad092"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:27e613d7077ac613e399270253259d9d53872aaf657471473ebfc9a52935c062"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:831c3c4d0774e488fdc83a1923b49b9957d33287de923d58ebd3cec47a0ae43f"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:68aaecc4178e90719e95298515979814bda0cbada1256a4485414860bd7ab962"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:761817a3377ef15ac23cd7834715081791d4ec77f9297ee694ca1ee9c2c7e5eb"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:de41fd81a41e53267cb020bb3a7212861da53a7d39f863585d13ea11049cf277"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:3c672a53c0fb4725a29c303be906d3c1fa99c32f58abe008a82705f9ee96f40b"},
+    {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f98bf604c82c416bc829e490c700ca1553eafdf2912a91e23a79d97d9801372a"},
-    {file = "cryptography-44.0.0-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:4ac4c9f37eba52cb6fbeaf5b59c152ea976726b865bd4cf87883a7e7006cc543"},
+    {file = "cryptography-43.0.1-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:61ec41068b7b74268fa86e3e9e12b9f0c21fcf65434571dbb13d954bceb08042"},
-    {file = "cryptography-44.0.0-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:ed3534eb1090483c96178fcb0f8893719d96d5274dfde98aa6add34614e97c8e"},
+    {file = "cryptography-43.0.1-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:014f58110f53237ace6a408b5beb6c427b64e084eb451ef25a28308270086494"},
-    {file = "cryptography-44.0.0-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:f3f6fdfa89ee2d9d496e2c087cebef9d4fcbb0ad63c40e821b39f74bf48d9c5e"},
+    {file = "cryptography-43.0.1-cp37-abi3-win32.whl", hash = "sha256:2bd51274dcd59f09dd952afb696bf9c61a7a49dfc764c04dd33ef7a6b502a1e2"},
-    {file = "cryptography-44.0.0-cp37-abi3-win32.whl", hash = "sha256:eb33480f1bad5b78233b0ad3e1b0be21e8ef1da745d8d2aecbb20671658b9053"},
+    {file = "cryptography-43.0.1-cp37-abi3-win_amd64.whl", hash = "sha256:666ae11966643886c2987b3b721899d250855718d6d9ce41b521252a17985f4d"},
-    {file = "cryptography-44.0.0-cp37-abi3-win_amd64.whl", hash = "sha256:abc998e0c0eee3c8a1904221d3f67dcfa76422b23620173e28c11d3e626c21bd"},
+    {file = "cryptography-43.0.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:ac119bb76b9faa00f48128b7f5679e1d8d437365c5d26f1c2c3f0da4ce1b553d"},
-    {file = "cryptography-44.0.0-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:660cb7312a08bc38be15b696462fa7cc7cd85c3ed9c576e81f4dc4d8b2b31591"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1bbcce1a551e262dfbafb6e6252f1ae36a248e615ca44ba302df077a846a8806"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1923cb251c04be85eec9fda837661c67c1049063305d6be5721643c22dd4e2b7"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58d4e9129985185a06d849aa6df265bdd5a74ca6e1b736a77959b498e0505b85"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:404fdc66ee5f83a1388be54300ae978b2efd538018de18556dde92575e05defc"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:d03a475165f3134f773d1388aeb19c2d25ba88b6a9733c5c590b9ff7bbfa2e0c"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:c5eb858beed7835e5ad1faba59e865109f3e52b3783b9ac21e7e47dc5554e289"},
+    {file = "cryptography-43.0.1-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:511f4273808ab590912a93ddb4e3914dfd8a388fed883361b02dea3791f292e1"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f53c2c87e0fb4b0c00fa9571082a057e37690a8f12233306161c8f4b819960b7"},
+    {file = "cryptography-43.0.1-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:80eda8b3e173f0f247f711eef62be51b599b5d425c429b5d4ca6a05e9e856baa"},
-    {file = "cryptography-44.0.0-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:9e6fc8a08e116fb7c7dd1f040074c9d7b51d74a8ea40d4df2fc7aa08b76b9e6c"},
+    {file = "cryptography-43.0.1-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:38926c50cff6f533f8a2dae3d7f19541432610d114a70808f0926d5aaa7121e4"},
-    {file = "cryptography-44.0.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:d2436114e46b36d00f8b72ff57e598978b37399d2786fd39793c36c6d5cb1c64"},
+    {file = "cryptography-43.0.1-cp39-abi3-win32.whl", hash = "sha256:a575913fb06e05e6b4b814d7f7468c2c660e8bb16d8d5a1faf9b33ccc569dd47"},
-    {file = "cryptography-44.0.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a01956ddfa0a6790d594f5b34fc1bfa6098aca434696a03cfdbe469b8ed79285"},
+    {file = "cryptography-43.0.1-cp39-abi3-win_amd64.whl", hash = "sha256:d75601ad10b059ec832e78823b348bfa1a59f6b8d545db3a24fd44362a1564cb"},
-    {file = "cryptography-44.0.0-cp39-abi3-win32.whl", hash = "sha256:eca27345e1214d1b9f9490d200f9db5a874479be914199194e746c893788d417"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:ea25acb556320250756e53f9e20a4177515f012c9eaea17eb7587a8c4d8ae034"},
-    {file = "cryptography-44.0.0-cp39-abi3-win_amd64.whl", hash = "sha256:708ee5f1bafe76d041b53a4f95eb28cdeb8d18da17e597d46d7833ee59b97ede"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:c1332724be35d23a854994ff0b66530119500b6053d0bd3363265f7e5e77288d"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:37d76e6863da3774cd9db5b409a9ecfd2c71c981c38788d3fcfaf177f447b731"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:fba1007b3ef89946dbbb515aeeb41e30203b004f0b4b00e5e16078b518563289"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:f677e1268c4e23420c3acade68fac427fffcb8d19d7df95ed7ad17cdef8404f4"},
+    {file = "cryptography-43.0.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:5b43d1ea6b378b54a1dc99dd8a2b5be47658fe9a7ce0a58ff0b55f4b43ef2b84"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:f5e7cb1e5e56ca0933b4873c0220a78b773b24d40d186b6738080b73d3d0a756"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:88cce104c36870d70c49c7c8fd22885875d950d9ee6ab54df2745f83ba0dc365"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:8b3e6eae66cf54701ee7d9c83c30ac0a1e3fa17be486033000f2a73a12ab507c"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:9d3cdb25fa98afdd3d0892d132b8d7139e2c087da1712041f6b762e4f807cc96"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:be4ce505894d15d5c5037167ffb7f0ae90b7be6f2a98f9a5c3442395501c32fa"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:e710bf40870f4db63c3d7d929aa9e09e4e7ee219e703f949ec4073b4294f6172"},
-    {file = "cryptography-44.0.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:62901fb618f74d7d81bf408c8719e9ec14d863086efe4185afd07c352aee1d2c"},
+    {file = "cryptography-43.0.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:7c05650fe8023c5ed0d46793d4b7d7e6cd9c04e68eabe5b0aeea836e37bdcec2"},
-    {file = "cryptography-44.0.0.tar.gz", hash = "sha256:cd4e834f340b4293430701e772ec543b0fbe6c2dea510a5286fe0acabe153a02"},
+    {file = "cryptography-43.0.1.tar.gz", hash = "sha256:203e92a75716d8cfb491dc47c79e17d0d9207ccffcbcb35f598fbe463ae3444d"},
 ]
 [package.dependencies]
 cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""}
 [package.extras]
-docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=3.0.0)"]
+docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"]
-docstest = ["pyenchant (>=3)", "readme-renderer (>=30.0)", "sphinxcontrib-spelling (>=7.3.1)"]
+docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"]
-nox = ["nox (>=2024.4.15)", "nox[uv] (>=2024.3.2)"]
+nox = ["nox"]
-pep8test = ["check-sdist", "click (>=8.0.1)", "mypy (>=1.4)", "ruff (>=0.3.6)"]
+pep8test = ["check-sdist", "click", "mypy", "ruff"]
-sdist = ["build (>=1.0.0)"]
+sdist = ["build"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi (>=2024)", "cryptography-vectors (==44.0.0)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
+test = ["certifi", "cryptography-vectors (==43.0.1)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"]
 test-randomorder = ["pytest-randomly"]
 [[package]]
@@ -216,13 +216,13 @@ dev = ["flake8", "pytest"]
 [[package]]
 name = "jinja2"
-version = "3.1.5"
+version = "3.1.4"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
+    {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
-    {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
+    {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
 ]
 [package.dependencies]
@@ -233,72 +233,72 @@ i18n = ["Babel (>=2.7)"]
 [[package]]
 name = "markupsafe"
-version = "3.0.2"
+version = "3.0.1"
 description = "Safely add untrusted strings to HTML/XML markup."
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:db842712984e91707437461930e6011e60b39136c7331e971952bb30465bc1a1"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3ffb4a8e7d46ed96ae48805746755fadd0909fea2306f93d5d8233ba23dda12a"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:67c519635a4f64e495c50e3107d9b4075aec33634272b5db1cde839e07367589"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:48488d999ed50ba8d38c581d67e496f955821dc183883550a6fbc7f1aefdc170"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f31ae06f1328595d762c9a2bf29dafd8621c7d3adc130cbb46278079758779ca"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:80fcbf3add8790caddfab6764bde258b5d09aefbe9169c183f88a7410f0f6dea"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:3341c043c37d78cc5ae6e3e305e988532b072329639007fd408a476642a89fd6"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:cb53e2a99df28eee3b5f4fea166020d3ef9116fdc5764bc5117486e6d1211b25"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-win32.whl", hash = "sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-win32.whl", hash = "sha256:db15ce28e1e127a0013dfb8ac243a8e392db8c61eae113337536edb28bdc1f97"},
-    {file = "MarkupSafe-3.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a"},
+    {file = "MarkupSafe-3.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:4ffaaac913c3f7345579db4f33b0020db693f302ca5137f106060316761beea9"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:26627785a54a947f6d7336ce5963569b5d75614619e75193bdb4e06e21d447ad"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b954093679d5750495725ea6f88409946d69cfb25ea7b4c846eef5044194f583"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:973a371a55ce9ed333a3a0f8e0bcfae9e0d637711534bcb11e130af2ab9334e7"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:244dbe463d5fb6d7ce161301a03a6fe744dac9072328ba9fc82289238582697b"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d98e66a24497637dd31ccab090b34392dddb1f2f811c4b4cd80c230205c074a3"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ad91738f14eb8da0ff82f2acd0098b6257621410dcbd4df20aaa5b4233d75a50"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:7044312a928a66a4c2a22644147bc61a199c1709712069a344a3fb5cfcf16915"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:a4792d3b3a6dfafefdf8e937f14906a51bd27025a36f4b188728a73382231d91"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-win32.whl", hash = "sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-win32.whl", hash = "sha256:fa7d686ed9883f3d664d39d5a8e74d3c5f63e603c2e3ff0abcba23eac6542635"},
-    {file = "MarkupSafe-3.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b"},
+    {file = "MarkupSafe-3.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:9ba25a71ebf05b9bb0e2ae99f8bc08a07ee8e98c612175087112656ca0f5c8bf"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:8ae369e84466aa70f3154ee23c1451fda10a8ee1b63923ce76667e3077f2b0c4"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40f1e10d51c92859765522cbd79c5c8989f40f0419614bcdc5015e7b6bf97fc5"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5a4cb365cb49b750bdb60b846b0c0bc49ed62e59a76635095a179d440540c346"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ee3941769bd2522fe39222206f6dd97ae83c442a94c90f2b7a25d847d40f4729"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:62fada2c942702ef8952754abfc1a9f7658a4d5460fabe95ac7ec2cbe0d02abc"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:4c2d64fdba74ad16138300815cfdc6ab2f4647e23ced81f59e940d7d4a1469d9"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:fb532dd9900381d2e8f48172ddc5a59db4c445a11b9fab40b3b786da40d3b56b"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:0f84af7e813784feb4d5e4ff7db633aba6c8ca64a833f61d8e4eade234ef0c38"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-win32.whl", hash = "sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-win32.whl", hash = "sha256:cbf445eb5628981a80f54087f9acdbf84f9b7d862756110d172993b9a5ae81aa"},
-    {file = "MarkupSafe-3.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87"},
+    {file = "MarkupSafe-3.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:a10860e00ded1dd0a65b83e717af28845bb7bd16d8ace40fe5531491de76b79f"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:e81c52638315ff4ac1b533d427f50bc0afc746deb949210bc85f05d4f15fd772"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:312387403cd40699ab91d50735ea7a507b788091c416dd007eac54434aee51da"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2ae99f31f47d849758a687102afdd05bd3d3ff7dbab0a8f1587981b58a76152a"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c97ff7fedf56d86bae92fa0a646ce1a0ec7509a7578e1ed238731ba13aabcd1c"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a7420ceda262dbb4b8d839a4ec63d61c261e4e77677ed7c66c99f4e7cb5030dd"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:45d42d132cff577c92bfba536aefcfea7e26efb975bd455db4e6602f5c9f45e7"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:4c8817557d0de9349109acb38b9dd570b03cc5014e8aabf1cbddc6e81005becd"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:6a54c43d3ec4cf2a39f4387ad044221c66a376e58c0d0e971d47c475ba79c6b5"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-win32.whl", hash = "sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-win32.whl", hash = "sha256:c91b394f7601438ff79a4b93d16be92f216adb57d813a78be4446fe0f6bc2d8c"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313-win_amd64.whl", hash = "sha256:fe32482b37b4b00c7a52a07211b479653b7fe4f22b2e481b9a9b099d8a430f2f"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:17b2aea42a7280db02ac644db1d634ad47dcc96faf38ab304fe26ba2680d359a"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:852dc840f6d7c985603e60b5deaae1d89c56cb038b577f6b5b8c808c97580f1d"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0778de17cff1acaeccc3ff30cd99a3fd5c50fc58ad3d6c0e0c4c58092b859396"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:800100d45176652ded796134277ecb13640c1a537cad3b8b53da45aa96330453"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d06b24c686a34c86c8c1fba923181eae6b10565e4d80bdd7bc1c8e2f11247aa4"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:33d1c36b90e570ba7785dacd1faaf091203d9942bc036118fab8110a401eb1a8"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:beeebf760a9c1f4c07ef6a53465e8cfa776ea6a2021eda0d0417ec41043fe984"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:bbde71a705f8e9e4c3e9e33db69341d040c827c7afa6789b14c6e16776074f5a"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-win32.whl", hash = "sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-win32.whl", hash = "sha256:82b5dba6eb1bcc29cc305a18a3c5365d2af06ee71b123216416f7e20d2a84e5b"},
-    {file = "MarkupSafe-3.0.2-cp313-cp313t-win_amd64.whl", hash = "sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f"},
+    {file = "MarkupSafe-3.0.1-cp313-cp313t-win_amd64.whl", hash = "sha256:730d86af59e0e43ce277bb83970530dd223bf7f2a838e086b50affa6ec5f9295"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:eaa0a10b7f72326f1372a713e73c3f739b524b3af41feb43e4921cb529f5929a"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:4935dd7883f1d50e2ffecca0aa33dc1946a94c8f3fdafb8df5c330e48f71b132"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:48032821bbdf20f5799ff537c7ac3d1fba0ba032cfc06194faffa8cda8b560ff"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e9393357f19954248b00bed7c56f29a25c930593a77630c719653d51e7669c2a"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1a9d3f5f0901fdec14d8d2f66ef7d035f2157240a433441719ac9a3fba440b13"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:40621d60d0e58aa573b68ac5e2d6b20d44392878e0bfc159012a5787c4e35bc8"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:88b49a3b9ff31e19998750c38e030fc7bb937398b1f78cfa599aaef92d693144"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f94190df587738280d544971500b9cafc9b950d32efcb1fba9ac10d84e6aa4e6"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cfad01eed2c2e0c01fd0ecd2ef42c492f7f93902e39a42fc9ee1692961443a29"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b6a387d61fe41cdf7ea95b38e9af11cfb1a63499af2759444b99185c4ab33f5b"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:1225beacc926f536dc82e45f8a4d68502949dc67eea90eab715dea3a21c1b5f0"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:8ad4ad1429cd4f315f32ef263c1342166695fad76c100c5d979c45d5570ed58b"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:3169b1eefae027567d1ce6ee7cae382c57fe26e82775f460f0b2778beaad66c0"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:e24bfe89c6ac4c31792793ad9f861b8f6dc4546ac6dc8f1c9083c7c4f2b335cd"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:eb7972a85c54febfb25b5c4b4f3af4dcc731994c7da0d8a0b4a6eb0640e1d178"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:2a4b34a8d14649315c4bc26bbfa352663eb51d146e35eef231dd739d54a5430a"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-win32.whl", hash = "sha256:8c4e8c3ce11e1f92f6536ff07154f9d49677ebaaafc32db9db4620bc11ed480f"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-win32.whl", hash = "sha256:242d6860f1fd9191aef5fae22b51c5c19767f93fb9ead4d21924e0bcb17619d8"},
-    {file = "MarkupSafe-3.0.2-cp39-cp39-win_amd64.whl", hash = "sha256:6e296a513ca3d94054c2c881cc913116e90fd030ad1c656b3869762b754f5f8a"},
+    {file = "MarkupSafe-3.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:93e8248d650e7e9d49e8251f883eed60ecbc0e8ffd6349e18550925e31bd029b"},
-    {file = "markupsafe-3.0.2.tar.gz", hash = "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0"},
+    {file = "markupsafe-3.0.1.tar.gz", hash = "sha256:3e683ee4f5d0fa2dde4db77ed8dd8a876686e3fc417655c2ece9a90576905344"},
 ]
 [[package]]
@@ -317,13 +317,13 @@ nicer-shell = ["ipython"]
 [[package]]
 name = "packaging"
-version = "24.2"
+version = "24.1"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "packaging-24.2-py3-none-any.whl", hash = "sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"},
+    {file = "packaging-24.1-py3-none-any.whl", hash = "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"},
-    {file = "packaging-24.2.tar.gz", hash = "sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f"},
+    {file = "packaging-24.1.tar.gz", hash = "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002"},
 ]
 [[package]]
@@ -418,23 +418,23 @@ test = ["commentjson", "packaging", "pytest"]
 [[package]]
 name = "setuptools"
-version = "75.6.0"
+version = "75.1.0"
 description = "Easily download, build, install, upgrade, and uninstall Python packages"
 optional = false
-python-versions = ">=3.9"
+python-versions = ">=3.8"
 files = [
-    {file = "setuptools-75.6.0-py3-none-any.whl", hash = "sha256:ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"},
+    {file = "setuptools-75.1.0-py3-none-any.whl", hash = "sha256:35ab7fd3bcd95e6b7fd704e4a1539513edad446c097797f2985e0e4b960772f2"},
-    {file = "setuptools-75.6.0.tar.gz", hash = "sha256:8199222558df7c86216af4f84c30e9b34a61d8ba19366cc914424cdbd28252f6"},
+    {file = "setuptools-75.1.0.tar.gz", hash = "sha256:d59a21b17a275fb872a9c3dae73963160ae079f1049ed956880cd7c09b120538"},
 ]
 [package.extras]
-check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.7.0)"]
+check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1)", "ruff (>=0.5.2)"]
-core = ["importlib_metadata (>=6)", "jaraco.collections", "jaraco.functools (>=4)", "jaraco.text (>=3.7)", "more_itertools", "more_itertools (>=8.8)", "packaging", "packaging (>=24.2)", "platformdirs (>=4.2.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
+core = ["importlib-metadata (>=6)", "importlib-resources (>=5.10.2)", "jaraco.collections", "jaraco.functools", "jaraco.text (>=3.7)", "more-itertools", "more-itertools (>=8.8)", "packaging", "packaging (>=24)", "platformdirs (>=2.6.2)", "tomli (>=2.0.1)", "wheel (>=0.43.0)"]
 cover = ["pytest-cov"]
 doc = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier", "towncrier (<24.7)"]
 enabler = ["pytest-enabler (>=2.2)"]
-test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test (>=5.5)", "packaging (>=24.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
+test = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "jaraco.test", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.*)", "pytest-home (>=0.5)", "pytest-perf", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel (>=0.44.0)"]
-type = ["importlib_metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (>=1.12,<1.14)", "pytest-mypy"]
+type = ["importlib-metadata (>=7.0.2)", "jaraco.develop (>=7.21)", "mypy (==1.11.*)", "pytest-mypy"]
 [metadata]
 lock-version = "2.0"
--- a/roles/alpina/tasks/main.yml
+++ b/roles/alpina/tasks/main.yml
@@ -31,5 +31,4 @@
      - nextcloud
      - jellyfin
      - arrstack
      - vpgen
  import_tasks: deploy_collection.yml
--- a/roles/alpina/templates/apps/nextcloud/.env.j2
+++ b/roles/alpina/templates/apps/nextcloud/.env.j2
@@ -1 +1 @@
-NEXTCLOUD_VERSION=30-apache
+NEXTCLOUD_VERSION=29-apache
--- a/roles/alpina/templates/apps/nextcloud/.env.notify_push.j2
+++ b/roles/alpina/templates/apps/nextcloud/.env.notify_push.j2
--- a/roles/alpina/templates/apps/vpgen/.env.vpgen.j2
+++ b/roles/alpina/templates/apps/vpgen/.env.vpgen.j2
@@ -1,20 +0,0 @@
 DATABASE_URL=file:/data/vpgen.db
 AUTH_DOMAIN=auth.{{ domain }}
 AUTH_CLIENT_ID=vpgen
 AUTH_CLIENT_SECRET={{ auth_vpgen_client_secret }}
 OPNSENSE_API_URL={{ vpgen_opnsense_api_url }}
 OPNSENSE_API_KEY={{ vpgen_opnsense_api_key }}
 OPNSENSE_API_SECRET={{ vpgen_opnsense_api_secret }}
 OPNSENSE_WG_IFNAME={{ vpgen_opnsense_wg_ifname }}
 IPV4_STARTING_ADDR={{ vpgen_ipv4_starting_addr }}
 IPV6_STARTING_ADDR={{ vpgen_ipv6_starting_addr }}
 IPV6_CLIENT_PREFIX_SIZE={{ vpgen_ipv6_client_prefix_size }}
 IP_MAX_INDEX={{ vpgen_ip_max_index }}
 VPN_ENDPOINT={{ vpgen_vpn_endpoint }}
 VPN_DNS={{ vpgen_vpn_dns }}
 MAX_CLIENTS_PER_USER={{ vpgen_max_clients_per_user }}
 ORIGIN=https://vpgen.{{ domain }}
--- a/roles/alpina/templates/apps/vpgen/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/vpgen/docker-compose.yml.j2
@@ -1,16 +0,0 @@
 {% import 'contrib/compose_helpers.j2' as helpers with context %}
 networks:
  {{ helpers.default_network(196) | indent(2) }}
 services:
  vpgen:
    image: gitea.cazzzer.com/cazzzer/vpgen:develop
    container_name: vpgen
    labels:
      - {{ helpers.traefik_labels('vpgen', port='3000') | indent(6) }}
    restart: unless-stopped
    env_file:
      - .env.vpgen
    volumes:
      - {{ base_volume_path }}/vpgen:/data
--- a/roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/alpina-enrollment-internal.yaml.j2
@@ -1,225 +0,0 @@
 version: 1
 metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Alpina - Enrollment by Invitation (Internal)
 entries:
  # Flow for internal enrollment by invitation
  - identifiers:
      slug: enrollment-internal-invitation-flow
    model: authentik_flows.flow
    id: flow
    attrs:
      name: Alpina Enrollment Flow
      title: Sign Up
      designation: enrollment
      authentication: require_unauthenticated
  # Prompt fields
  - identifiers:
      name: alpina-enrollment-field-name
    model: authentik_stages_prompt.prompt
    id: prompt-field-name
    attrs:
      field_key: name
      label: Name
      type: text
      required: true
      placeholder: Name
      placeholder_expression: false
      order: 0
  - identifiers:
      name: alpina-enrollment-field-password
    model: authentik_stages_prompt.prompt
    id: prompt-field-password
    attrs:
      field_key: password
      label: Password
      type: password
      required: true
      placeholder: Password
      placeholder_expression: false
      order: 1
  - identifiers:
      name: alpina-enrollment-field-password-repeat
    model: authentik_stages_prompt.prompt
    id: prompt-field-password-repeat
    attrs:
      field_key: password_repeat
      label: Password (repeat)
      type: password
      required: true
      placeholder: Password (repeat)
      placeholder_expression: false
      order: 2
  # Flow stages
  - identifiers:
      name: alpina-enrollment-invitation
    model: authentik_stages_invitation.invitationstage
    id: enrollment-invitation
  - identifiers:
      name: alpina-enrollment-identification-oauth
    model: authentik_stages_identification.identificationstage
    id: enrollment-identification-oauth
    attrs:
      user_fields:
        - email
      pretend_user_exists: true
      show_matched_user: false
      sources:
        - !Find [authentik_sources_oauth.oauthsource, [slug, github-enrollment]]
        - !Find [authentik_sources_oauth.oauthsource, [slug, google-enrollment]]
  - identifiers:
      name: alpina-enrollment-deny-existing-email
    model: authentik_stages_deny.denystage
    id: enrollment-deny-existing-email
    attrs:
      deny_message: "An account with this email already exists"
  - identifiers:
      name: alpina-enrollment-prompt-name-password
    model: authentik_stages_prompt.promptstage
    id: enrollment-prompt-name-password
    attrs:
      fields:
        - !KeyOf prompt-field-name
        - !KeyOf prompt-field-password
        - !KeyOf prompt-field-password-repeat
      validation_policies:
        - !Find [authentik_policies_password.passwordpolicy, [name, default-password-change-password-policy]]
  - identifiers:
      name: alpina-enrollment-user-write
    model: authentik_stages_user_write.userwritestage
    id: enrollment-user-write
    attrs:
      user_creation_mode: always_create
      user_type: internal
  - identifiers:
      name: alpina-enrollment-email-verify
    model: authentik_stages_email.emailstage
    id: enrollment-email-verify
    attrs:
      use_global_settings: true
      template: email/account_confirmation.html
      activate_user_on_success: true
  - identifiers:
      name: alpina-enrollment-user-login
    model: authentik_stages_user_login.userloginstage
    id: enrollment-user-login
  # Policies
  - identifiers:
      name: alpina-enrollment-invited-used-policy
    model: authentik_policies_event_matcher.eventmatcherpolicy
    id: enrollment-invited-used-policy
    attrs:
      action: invitation_used
  - identifiers:
      name: alpina-enrollment-unique-email-policy
    model: authentik_policies_expression.expressionpolicy
    id: enrollment-unique-email-policy
    attrs:
      expression: |
        # https://docs.goauthentik.io/docs/customize/policies/expression/unique_email
        from authentik.core.models import User
        email = request.context["flow_plan"].context["pending_user"].email
        if User.objects.filter(email=email).exists():
          ak_message("Email address in use")
          return False
        if request.context["flow_plan"].context.get("prompt_data") is None:
          request.context["flow_plan"].context["prompt_data"] = {}
        request.context["flow_plan"].context["prompt_data"]["email"] = email
        request.context["flow_plan"].context["prompt_data"]["username"] = email
        return True
  - identifiers:
      name: alpina-enrollment-user-write-add-groups-policy
    model: authentik_policies_expression.expressionpolicy
    id: enrollment-user-write-add-groups-policy
    attrs:
        expression: |
          # https://docs.goauthentik.io/docs/add-secure-apps/flows-stages/stages/user_write
          from authentik.core.models import Group
          ak_logger.info("Adding groups", request=request, prompt_data=request.context["prompt_data"], invitation=request.context.get("invitation"))
          requested_groups = request.context["prompt_data"].get("alpina_add_groups")
          if requested_groups is None:
            return True
          groups = []
          for group_name in requested_groups:
            group, _ = Group.objects.get_or_create(name=group_name)
            groups.append(group)
          # ["groups"] *must* be set to an array of Group objects, names alone are not enough.
          request.context["flow_plan"].context["groups"] = groups
          return True
  # Flow stage bindings
  - identifiers:
      target: !KeyOf flow
      stage: !KeyOf enrollment-invitation
      order: 0
    model: authentik_flows.flowstagebinding
    id: enrollment-invitation-binding
  - identifiers:
      target: !KeyOf flow
      stage: !KeyOf enrollment-identification-oauth
      order: 1
    model: authentik_flows.flowstagebinding
  - identifiers:
      target: !KeyOf flow
      stage: !KeyOf enrollment-deny-existing-email
      order: 2
    model: authentik_flows.flowstagebinding
    id: enrollment-deny-existing-email-binding
  - identifiers:
      target: !KeyOf flow
      stage: !KeyOf enrollment-prompt-name-password
      order: 10
    model: authentik_flows.flowstagebinding
  - identifiers:
      target: !KeyOf flow
      stage: !KeyOf enrollment-user-write
      order: 20
    model: authentik_flows.flowstagebinding
    id: enrollment-user-write-binding
  - identifiers:
      target: !KeyOf flow
      stage: !KeyOf enrollment-email-verify
      order: 30
    model: authentik_flows.flowstagebinding
  - identifiers:
      target: !KeyOf flow
      stage: !KeyOf enrollment-user-login
      order: 100
    model: authentik_flows.flowstagebinding
  # Stage policy bindings
  # Log used invitations
  - identifiers:
      target: !KeyOf enrollment-invitation-binding
      policy: !KeyOf enrollment-invited-used-policy
      order: 0
    model: authentik_policies.policybinding
    attrs:
      negate: true
  # Deny existing email addresses
  - identifiers:
      target: !KeyOf enrollment-deny-existing-email-binding
      policy: !KeyOf enrollment-unique-email-policy
      order: 0
    model: authentik_policies.policybinding
    attrs:
      negate: true
  # Add groups to user from invitation "alpina_add_groups" field
  # This only work for email sign up, as the invitation flow context isn't
  # preserved for the default-source-enrollment flow
  - identifiers:
      target: !KeyOf enrollment-user-write-binding
      policy: !KeyOf enrollment-user-write-add-groups-policy
      order: 0
    model: authentik_policies.policybinding
--- a/roles/alpina/templates/services/authentik/blueprints/alpina-groups.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/alpina-groups.yaml.j2
@@ -1,40 +0,0 @@
 version: 1
 metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Alpina - Default Groups
 entries:
  - identifiers:
      name: "admins"
    model: authentik_core.group
    id: "admins"
    attrs:
      is_superuser: true
  - identifiers:
      name: "users"
    model: authentik_core.group
    id: "users"
  - identifiers:
      name: "arrstack"
    model: authentik_core.group
    id: "arrstack"
    attrs:
      arrstack_username: "arr"
      arrstack_password: "{{ arrstack_password }}"
  - identifiers:
      scope_name: "minio"
    model: authentik_providers_oauth2.scopemapping
    id: "scope-minio"
    attrs:
      name: "Minio Policy"
      expression: |
        policy = "default"
        if ak_is_group_member(request.user, name="admins"):
            policy = "consoleAdmin"
        return {
          "policy": policy,
        }
--- a/roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/alpina-oauth-sources.yaml.j2
@@ -1,79 +0,0 @@
 version: 1
 metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Alpina - External OAuth
 entries:
  {% set sources = {
    "GitHub": {
      "provider_type": "github",
      "consumer_key": github_consumer_key,
      "consumer_secret": github_consumer_secret,
    },
    "Google": {
      "provider_type": "google",
      "consumer_key": google_consumer_key,
      "consumer_secret": google_consumer_secret,
    },
  } -%}
  {% for source in sources.keys() -%}
  - identifiers:
      slug: {{ source | lower }}-auth
    model: authentik_sources_oauth.oauthsource
    attrs:
      provider_type: {{ sources[source]["provider_type"] }}
      name: {{ source }} (Auth Only)
      consumer_key: {{ sources[source]["consumer_key"] }}
      consumer_secret: {{ sources[source]["consumer_secret"] }}
      user_matching_mode: email_link
      user_path_template: goauthentik.io/sources/%(slug)s
      authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
  - identifiers:
      slug: {{ source | lower }}-enrollment
    model: authentik_sources_oauth.oauthsource
    attrs:
      provider_type: {{ sources[source]["provider_type"] }}
      name: {{ source }} (Auth and Enrollment)
      consumer_key: {{ sources[source]["consumer_key"] }}
      consumer_secret: {{ sources[source]["consumer_secret"] }}
      user_matching_mode: email_link
      user_path_template: goauthentik.io/sources/%(slug)s
      authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
      enrollment_flow: !Find [authentik_flows.flow, [slug, default-source-enrollment]]
  {% endfor %}
  # Modify default source enrollment to use email as username
  - identifiers:
      slug: default-source-enrollment
    model: authentik_flows.flow
    id: source-enrollment-flow
    attrs:
      policy_engine_mode: all
  - identifiers:
      name: alpina-email-as-username-policy
    model: authentik_policies_expression.expressionpolicy
    id: email-as-username-policy
    attrs:
      expression: |
        # https://docs.goauthentik.io/docs/users-sources/sources/social-logins/google/#username-mapping
        email = request.context["prompt_data"].get("email")
        # Direct set username to email
        request.context["prompt_data"]["username"] = email
        # Set username to email without domain
        # request.context["prompt_data"]["username"] = email.split("@")[0]
        return True
  - identifiers:
      policy: !KeyOf email-as-username-policy
      target: !KeyOf source-enrollment-flow
    model: authentik_policies.policybinding
    attrs:
      order: 0
  # Modify default source enrollment to create internal users
  # with the internal user type and the users group
  - identifiers:
      name: default-source-enrollment-write
    model: authentik_stages_user_write.userwritestage
    attrs:
      user_type: internal
      group: !Find [authentik_core.group, [name, users]]
--- a/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/apps-oauth2.yaml.j2
@@ -5,87 +5,46 @@ metadata:
  name: Alpina - OAuth2 Apps
 entries:
  {% set apps = {
    "Grafana": {
      "redirect_uri": "https://grafana."~ domain ~"/login/generic_oauth",
      "icon": "https://grafana."~ domain ~"/public/img/grafana_icon.svg",
      "client_secret": auth_grafana_client_secret,
      "ui_group": "Services",
      "allowed_for_groups": ["admins"],
    },
    "Minio": {
      "redirect_uri": "https://minio."~ domain ~"/oauth_callback",
      "icon": "https://minio."~ domain ~"/logo192.png",
      "client_secret": auth_minio_client_secret,
      "ui_group": "Services",
      "allowed_for_groups": ["admins"],
    },
    "Gitea": {
-      "redirect_uri": "https://gitea."~ domain ~"/user/oauth2/Authentik/callback",
+      "redirect_uris": "https://gitea."~ domain ~"/user/oauth2/Authentik/callback",
      "icon": "https://gitea."~ domain ~"/assets/img/logo.svg",
      "client_secret": auth_gitea_client_secret,
      "ui_group": "Apps",
      "allowed_for_groups": ["admins", "users"],
    },
    "Nextcloud": {
-      "redirect_uri": "https://nc."~ domain ~"/apps/sociallogin/custom_oidc/authentik",
+      "redirect_uris": "https://nc."~ domain ~"/apps/sociallogin/custom_oidc/authentik",
      "icon": "https://nc."~ domain ~"/apps/theming/favicon",
      "client_secret": auth_nextcloud_client_secret,
      "ui_group": "Apps",
      "allowed_for_groups": ["admins", "users"],
    },
    "VPGen": {
      "redirect_uri": "https://vpgen."~ domain ~"/auth/authentik/callback",
      "icon": "https://vpgen."~ domain ~"/favicon.png",
      "client_secret": auth_vpgen_client_secret,
      "ui_group": "Apps",
      "allowed_for_groups": ["admins", "users"],
    },
  } -%}
  {% for app in apps.keys() -%}
  - identifiers:
      name: {{ app }}
    model: authentik_providers_oauth2.oauth2provider
-    id: {{ app }}
+    id: {{ app | lower }}
    attrs:
      access_code_validity: minutes=1
      access_token_validity: minutes=5
      authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
      invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
      client_type: confidential
-      client_id: {{ app | lower }}
+      issuer_mode: per_provider
-      client_secret: {{ apps[app]["client_secret"] }}
+      sub_mode: hashed_user_id
      property_mappings:
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
-        {% if app == "Minio" -%}
+      redirect_uris: {{ apps[app]["redirect_uris"] }}
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, minio]]
+      refresh_token_validity: days=30
        {%- endif %}
      redirect_uris:
        - matching_mode: strict
          url: {{ apps[app]["redirect_uri"] }}
      # Necessary for JWKS to be generated correctly
      signing_key: !Find [authentik_crypto.certificatekeypair, [name, "authentik Self-signed Certificate"]]
  - identifiers:
      slug: {{ app | lower }}
    model: authentik_core.application
-    id: app-{{ app }}
+    id: {{ app | lower }}
    attrs:
      name: {{ app }}
-      group: "{{ apps[app]["ui_group"] }}"
+      group: "Apps"
      meta_description: "Hello, I'm {{ app }}!"
      meta_publisher: Alpina
      icon: "{{ apps[app]["icon"] }}"
      open_in_new_tab: true
-      provider: !KeyOf {{ app }}
+      policy_engine_mode: any
-
+      provider: !KeyOf {{ app | lower }}
  {% for group in apps[app]["allowed_for_groups"] -%}
  - identifiers:
      group: !Find [authentik_core.group, [name, {{ group }}]]
      target: !KeyOf app-{{ app }}
    model: authentik_policies.policybinding
    attrs:
      order: 10
  {% endfor %}
  {% endfor %}
--- a/roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2
@@ -4,47 +4,61 @@ metadata:
    blueprints.goauthentik.io/instantiate: "true"
  name: Alpina - Proxied Apps
 entries:
-  # TODO: Possibly refactor this into a jinja macro (?)
+  - identifiers:
      name: arrstack
    model: authentik_core.group
    id: arrstack
    attrs:
      arrstack_username: "arr"
      arrstack_password: "{{ arrstack_password }}"
  # TODO: Probably refactor this into a jinja macro
  {% set apps = {
-    "Uptime Kuma": {
+    "uptime-kuma": {
      "host": "uptime",
      "name": "Uptime Kuma",
      "icon": "https://uptime."~ domain ~"/icon.svg",
      "unauthenticated_paths": "^/icon.svg$",
-      "ui_group": "Services",
+      "group": "Services",
-      "allowed_for_groups": ["admins"],
+      "create_admin_group": true,
    },
-    "qBit": {
+    "qbit": {
      "host": "qbit",
      "name": "qBit",
      "icon": "https://qbit."~ domain ~"/images/qbittorrent-tray.svg",
      "unauthenticated_paths": "^/images/qbittorrent-tray.svg$",
-      "ui_group": "Arrstack",
+      "group": "Arrstack",
-      "allowed_for_groups": ["arrstack"],
+      "create_admin_group": false,
    },
-    "Prowlarr": {
+    "prowlarr": {
      "host": "prowlarr",
      "name": "Prowlarr",
      "icon": "https://prowlarr."~ domain ~"/Content/Images/logo.svg",
      "unauthenticated_paths": "^/Content/Images/logo.svg$",
-      "ui_group": "Arrstack",
+      "group": "Arrstack",
-      "allowed_for_groups": ["arrstack"],
+      "create_admin_group": false,
    },
-    "Sonarr": {
+    "sonarr": {
      "host": "sonarr",
      "name": "Sonarr",
      "icon": "https://sonarr."~ domain ~"/Content/Images/logo.svg",
      "unauthenticated_paths": "^/Content/Images/logo.svg$",
-      "ui_group": "Arrstack",
+      "group": "Arrstack",
-      "allowed_for_groups": ["arrstack"],
+      "create_admin_group": false,
    },
-    "Radarr": {
+    "radarr": {
      "host": "radarr",
      "name": "Radarr",
      "icon": "https://radarr."~ domain ~"/Content/Images/logo.svg",
      "unauthenticated_paths": "^/Content/Images/logo.svg$",
-      "ui_group": "Arrstack",
+      "group": "Arrstack",
-      "allowed_for_groups": ["arrstack"],
+      "create_admin_group": false,
    },
  } -%}
  {% for app in apps.keys() -%}
  - identifiers:
-      name: {{ app }}
+      name: {{ apps[app]["name"] }}
    model: authentik_providers_proxy.proxyprovider
    id: {{ app }}
    attrs:
@@ -54,26 +68,39 @@ entries:
      skip_path_regex: "{{ apps[app]["unauthenticated_paths"] }}"
  - identifiers:
-      slug: {{ app | lower | replace(" ", "-") }}
+      slug: {{ app }}
    model: authentik_core.application
    id: app-{{ app }}
    attrs:
-      name: {{ app }}
+      name: {{ apps[app]["name"] }}
-      group: {{ apps[app]["ui_group"] }}
+      group: {{ apps[app]["group"] }}
-      meta_description: "Hello, I'm {{ app }}!"
+      meta_description: "Hello, I'm {{ apps[app]["name"] }}!"
      meta_publisher: Alpina
      icon: "{{ apps[app]["icon"] }}"
      open_in_new_tab: true
      provider: !KeyOf {{ app }}
-  {% for group in apps[app]["allowed_for_groups"] -%}
+  {% if apps[app]["create_admin_group"] -%}
  - identifiers:
-      group: !Find [authentik_core.group, [name, {{ group }}]]
+      name: "{{ apps[app]["name"] }} Admins"
-      target: !KeyOf app-{{ app }}
+    model: authentik_core.group
    id: "{{ app }} Admins"
  - identifiers:
      group: !KeyOf "{{ app }} Admins"
      target: !Find [authentik_core.application, [ slug, {{ app }}] ]
    model: authentik_policies.policybinding
    attrs:
-      order: 10
+      order: 0
-  {% endfor %}
+  {% endif %}
  {% if apps[app]["group"] == "Arrstack" -%}
  - identifiers:
      group: !KeyOf arrstack
      target: !Find [authentik_core.application, [slug, {{ app }}]]
    model: authentik_policies.policybinding
    attrs:
      order: 0
  {% endif %}
  {% endfor %}
--- a/roles/alpina/templates/services/authentik/blueprints/default-authentication.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/default-authentication.yaml.j2
@@ -48,8 +48,7 @@ entries:
      passwordless_flow: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
      sources:
        - !Find [authentik_core.source, [slug, authentik-built-in]]
-        - !Find [authentik_sources_oauth.oauthsource, [slug, github-auth]]
+        - !Find [authentik_sources_oauth.oauthsource, [slug, github]]
        - !Find [authentik_sources_oauth.oauthsource, [slug, google-auth]]
    # Enable compatibility mode for the default authentication flow for better autofill support
  - identifiers:
--- a/roles/alpina/templates/services/authentik/blueprints/github-oauth.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/github-oauth.yaml.j2
@@ -0,0 +1,25 @@
 version: 1
 metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Alpina - GitHub OAuth
 entries:
  - identifiers:
      slug: github
    model: authentik_sources_oauth.oauthsource
    attrs:
      name: GitHub
      slug: github
      access_token_url: https://github.com/login/oauth/access_token
      additional_scopes: openid read:org
      authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
      authorization_url: https://github.com/login/oauth/authorize
      consumer_key: {{ github_consumer_key }}
      consumer_secret: {{ github_consumer_secret }}
      enabled: true
      enrollment_flow: !Find [authentik_flows.flow, [slug, default-source-enrollment]]
      policy_engine_mode: any
      profile_url: https://api.github.com/user
      provider_type: github
      user_matching_mode: email_link
      user_path_template: goauthentik.io/sources/%(slug)s
--- a/roles/alpina/templates/services/authentik/blueprints/services-oauth2.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/services-oauth2.yaml.j2
@@ -0,0 +1,56 @@
 version: 1
 metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Alpina - OAuth2 Services
 entries:
  {% set apps = {
    "Grafana": {
      "redirect_uris": "https://grafana."~ domain ~"/login/generic_oauth",
      "icon": "https://grafana."~ domain ~"/public/img/grafana_icon.svg",
      "client_secret": auth_grafana_client_secret,
    },
  } -%}
  # TODO: Add Minio
  {% for app in apps.keys() -%}
  - identifiers:
      name: {{ app }}
    model: authentik_providers_oauth2.oauth2provider
    id: {{ app | lower }}
    attrs:
      authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
      client_type: confidential
      client_id: {{ app | lower }}
      client_secret: {{ apps[app]["client_secret"] }}
      property_mappings:
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
      redirect_uris: {{ apps[app]["redirect_uris"] }}
  - identifiers:
      slug: {{ app | lower }}
    model: authentik_core.application
    attrs:
      name: {{ app }}
      group: "Services"
      meta_description: "Hello, I'm {{ app }}!"
      meta_publisher: Alpina
      icon: "{{ apps[app]["icon"] }}"
      open_in_new_tab: true
      provider: !KeyOf {{ app | lower }}
  - identifiers:
      name: "{{ app }} Admins"
    model: authentik_core.group
    id: "{{ app }} Admins"
  - identifiers:
      group: !KeyOf "{{ app }} Admins"
      target: !Find [authentik_core.application, [slug, {{ app | lower }}]]
    model: authentik_policies.policybinding
    attrs:
      order: 0
  {% endfor %}
--- a/roles/alpina/templates/services/minio/.env.minio.j2
+++ b/roles/alpina/templates/services/minio/.env.minio.j2
@@ -5,16 +5,11 @@ MINIO_DOMAIN=s3.{{ domain }}
 MINIO_SERVER_URL=https://s3.{{ domain }}
 MINIO_BROWSER_REDIRECT_URL=https://minio.{{ domain }}
-# https://min.io/docs/minio/linux/reference/minio-server/settings/iam/openid.html
+#MINIO_IDENTITY_OPENID_CONFIG_URL=https://auth.{{ domain }}/application/o/minio/.well-known/openid-configuration
-MINIO_IDENTITY_OPENID_CONFIG_URL=https://auth.{{ domain }}/application/o/minio/.well-known/openid-configuration
+#MINIO_IDENTITY_OPENID_CLIENT_ID=
-MINIO_IDENTITY_OPENID_CLIENT_ID=minio
+#MINIO_IDENTITY_OPENID_CLIENT_SECRET=
-MINIO_IDENTITY_OPENID_CLIENT_SECRET={{ auth_minio_client_secret }}
+#MINIO_IDENTITY_OPENID_CLAIM_NAME=
-# defaults to "policy"
+#MINIO_IDENTITY_OPENID_CLAIM_PREFIX=
-#MINIO_IDENTITY_OPENID_CLAIM_NAME=policy
+#MINIO_IDENTITY_OPENID_SCOPES=
-MINIO_IDENTITY_OPENID_DISPLAY_NAME=Authentik
+#MINIO_IDENTITY_OPENID_REDIRECT_URI=
 # no need to specify scopes,
 # as it defaults to the ones advertised at the discovery url
 #MINIO_IDENTITY_OPENID_SCOPES=openid,profile,email,minio
 #MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=off
 #MINIO_IDENTITY_OPENID_CLAIM_USERINFO=on
 #MINIO_IDENTITY_OPENID_COMMENT=
--- a/roles/alpina/templates/services/monitoring/.env.alertmanager.j2
+++ b/roles/alpina/templates/services/monitoring/.env.alertmanager.j2
@@ -0,0 +1 @@
 DISCORD_WEBHOOK={{ alertmanager_discord_webhook }}
--- a/roles/alpina/templates/services/monitoring/Dockerfile
+++ b/roles/alpina/templates/services/monitoring/Dockerfile
@@ -4,10 +4,6 @@ RUN pip install grafanalib
 COPY ./grafana_config/dashboards /dashboards
 # Required for grafanalib to find the shared python files like common.py
 # https://github.com/weaveworks/grafanalib/issues/58
 ENV PYTHONPATH=/dashboards
 RUN generate-dashboards /dashboards/*.dashboard.py
 FROM grafana/grafana:latest
--- a/roles/alpina/templates/services/monitoring/alertmanager_config/alertmanager.yml.j2
+++ b/roles/alpina/templates/services/monitoring/alertmanager_config/alertmanager.yml.j2
@@ -0,0 +1,68 @@
 # The root route on which each incoming alert enters.
 route:
  group_by: ["alertname", "job"]
  group_wait: 20s
  group_interval: 5m
  repeat_interval: 3h
  receiver: discord_webhook
 receivers:
  - name: "discord_webhook"
    discord_configs:
      - webhook_url: "{{ alertmanager_discord_webhook }}"
 {#        - send_resolved: true#}
 {#            username: 'Alertmanager'#}
 {#            webhook_configs:#}
 {#            - send_resolved: true#}
 {#                url: '{{ alertmanager_discord_webhook }}'#}
 {#                username: 'Alertmanager'#}
 {#                icon_url: 'https://prometheus.io/assets/icon.png'#}
 {#                icon_emoji: ':alert:'#}
 {#                send_resolved: true#}
 {#                text: "{{ .CommonAnnotations.summary }}"#}
 {#                title: "{{ .CommonLabels.alertname }}"#}
 {#                color: '{{ if eq .Status "firing" }}#FF0000{{ else }}#00FF00{{ end }}'#}
 {#                footer: '{{ .CommonLabels.monitor }}'#}
 {#                footer_icon: 'https://prometheus.io/assets/icon.png'#}
 {#                actions:#}
 {#                - type: 'button'#}
 {#                    text: 'Open in Grafana'#}
 {#                    url: '{{ .ExternalURL }}'#}
 {#                    style: 'primary'#}
 {#                    send_resolved: true#}
 {#                    confirm:#}
 {#                    title: 'Are you sure?'#}
 {#                    text: 'This will open Grafana in a new tab.'#}
 {#                    ok_text: 'Yes'#}
 {#                    dismiss_text: 'No'#}
 {#                fields:#}
 {#                - title: 'Description'#}
 {#                    value: "{{ .CommonAnnotations.description }}"#}
 {#                    short: false#}
 {#                - title: 'Details'#}
 {#                    value: "{{ .CommonAnnotations.details }}"#}
 {#                    short: false#}
 {#                - title: 'Severity'#}
 {#                    value: '{{ if eq .Labels.severity "critical" }}Critical{{ else if eq .Labels.severity "warning" }}Warning{{ else }}Info{{ end }}'#}
 {#                    short: true#}
 {#                - title: 'Host'#}
 {#                    value: '{{ .CommonLabels.monitor }}'#}
 {#                    short: true#}
 {#                - title: 'Starts At'#}
 {#                    value: '{{ .StartsAt.Format "2006-01-02 15:04:05" }}'#}
 {#                    short: true#}
 {#                - title: 'Ends At'#}
 {#                    value: '{{ .EndsAt.Format "2006-01-02 15:04:05" }}'#}
 {#                    short: true#}
 {#                - title: 'Runbook'#}
 {#                    value: '{{ .CommonAnnotations.runbook_url }}'#}
 {#                    short: true#}
 {#                - title: 'Dashboard'#}
 {#                    value: '{{ .CommonAnnotations.dashboard_url }}'#}
 {#                    short: true#}
 {#                - title: 'Alerting Rule'#}
 {#                    value: '{{ .CommonLabels.alertname }}'#}
 {#                    short: true#}
 {#                - title: 'Alerting Rule Description'#}
 {#                    value: '{{ .CommonLabels.alertname }}'#}
 {#                    short: true#}
--- a/roles/alpina/templates/services/monitoring/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/monitoring/docker-compose.yml.j2
@@ -60,17 +60,33 @@ services:
  prometheus:
    image: prom/prometheus:latest
    container_name: prometheus
    labels:
      - {{ helpers.traefik_labels('prom', port='9090') | indent(6) }}
    restart: unless-stopped
    # Needed to make config files readable (not anymore, TODO: remove)
    user: "{{ remote_uid }}"
    command:
      - --config.file=/etc/prometheus/prometheus.yml
      - --storage.tsdb.retention.time=30d
      - --web.external-url=https://prom.{{ domain }}/
    volumes:
      - ./prometheus_config:/etc/prometheus:ro
      - {{ base_volume_path }}/monitoring/prometheus_configs:/etc/prometheus/extra:ro
      - {{ base_volume_path }}/monitoring/prometheus:/prometheus
  alertmanager:
    image: prom/alertmanager:latest
    container_name: alertmanager
    labels:
      - {{ helpers.traefik_labels('alert', port='9093') | indent(6) }}
    restart: unless-stopped
    command:
      - --config.file=/etc/alertmanager/alertmanager.yml
      - --web.external-url=https://alert.{{ domain }}/
    volumes:
      - ./alertmanager_config:/etc/alertmanager:ro
      - {{ base_volume_path }}/monitoring/alertmanager:/alertmanager
  node-exporter:
    image: prom/node-exporter:latest
    container_name: node-exporter
@@ -84,11 +100,6 @@ services:
    image: gcr.io/cadvisor/cadvisor:latest
    container_name: cadvisor
    restart: unless-stopped
    command:
      - --docker_only=true
      - --store_container_labels=false
      - --whitelisted_container_labels=com.docker.compose.project,com.docker.compose.service
      - --enable_metrics=cpu,cpuLoad,diskIO,memory,network,oom_event,process
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:rw
--- a/roles/alpina/templates/services/monitoring/grafana_config/dashboards/alpina.yaml
+++ b/roles/alpina/templates/services/monitoring/grafana_config/dashboards/alpina.yaml
@@ -3,7 +3,7 @@ apiVersion: 1
 providers:
  - name: "Grafana"
    org_id: 1
-    folder: "Alpina"
+    folder: "Services"
    type: "file"
    options:
      path: "/etc/grafana/provisioning/dashboards"
--- a/roles/alpina/templates/services/monitoring/grafana_config/dashboards/common.py
+++ b/roles/alpina/templates/services/monitoring/grafana_config/dashboards/common.py
@@ -1,27 +0,0 @@
 from grafanalib.core import Template
 # TODO: consider default params for common params like line width, show points, tooltip
 PrometheusTemplate = Template(
    name='datasource',
    type='datasource',
    label='Prometheus',
    query='prometheus',
 )
 # TODO: this slightly less (clown emoji), normal Target gave me errors in grafana
 class LokiTarget(object):
    def __init__(self, loki_datasource, expr, legendFormat, refId):
        self.loki_datasource = loki_datasource
        self.expr = expr
        self.legendFormat = legendFormat
        self.refId = refId
    def to_json_data(self):
        return {
            'datasource': self.loki_datasource,
            'expr': self.expr,
            'legendFormat': self.legendFormat,
            'refId': self.refId,
            'queryType': 'range',
        }
--- a/roles/alpina/templates/services/monitoring/grafana_config/dashboards/containers.dashboard.py
+++ b/roles/alpina/templates/services/monitoring/grafana_config/dashboards/containers.dashboard.py
@@ -5,21 +5,28 @@ from grafanalib.core import (
 )
 from grafanalib.formatunits import BYTES_IEC, SECONDS, BYTES_SEC_IEC
-from common import LokiTarget, PrometheusTemplate
+prom_datasource='prometheus'
 prom_datasource='${datasource}'
 loki_datasource='loki'
 # TODO: this is (clown emoji), normal Target gave me errors in grafana
 class LokiTarget(object):
    def to_json_data(self):
        return {
            'datasource': loki_datasource,
            'expr': '{compose_project=~"$compose_project", container_name=~"$container_name"} |= `$logs_query`',
            'legendFormat': '{{ container_name }}',
            'refId': 'A',
            'queryType': 'range',
        }
 dashboard = Dashboard(
    title='Containers',
    uid='containers',
    description='Data for compose projects from default Prometheus datasource collected by Cadvisor',
    tags=[
-        'linux',
+        'example'
        'docker',
    ],
    templating=Templating(list=[
        PrometheusTemplate,
        Template(
            name='compose_project',
            label='Compose Project',
@@ -37,6 +44,7 @@ dashboard = Dashboard(
            includeAll=True,
            multi=True,
            refresh=REFRESH_ON_TIME_RANGE_CHANGE,
        ),
        Template(
            name='logs_query',
@@ -48,6 +56,7 @@ dashboard = Dashboard(
    timezone='browser',
    panels=[
        TimeSeries(
            id=1,
            title='Container Memory Usage',
            unit=BYTES_IEC,
            gridPos=GridPos(h=8, w=12, x=0, y=0),
@@ -67,14 +76,13 @@ dashboard = Dashboard(
            ],
        ),
        TimeSeries(
            id=2,
            title='Container CPU Usage',
            unit=SECONDS,
            gridPos=GridPos(h=8, w=12, x=12, y=0),
            lineWidth=2,
            fillOpacity=10,
            showPoints='never',
            tooltipMode='all',
            tooltipSort='desc',
            targets=[
                Target(
                    datasource=prom_datasource,
@@ -85,6 +93,7 @@ dashboard = Dashboard(
            ],
        ),
        TimeSeries(
            id=3,
            title='Container Network Traffic',
            unit=BYTES_SEC_IEC,
            gridPos=GridPos(h=8, w=12, x=0, y=8),
@@ -109,6 +118,7 @@ dashboard = Dashboard(
            ],
        ),
        Logs(
            id=4,
            title='',
            gridPos=GridPos(h=8, w=12, x=12, y=8),
            showLabels=True,
@@ -117,12 +127,13 @@ dashboard = Dashboard(
            prettifyLogMessage=True,
            dedupStrategy='numbers',
            targets=[
-                LokiTarget(
+                LokiTarget(),
-                    loki_datasource=loki_datasource,
+                # Target(
-                    expr='{compose_project=~"$compose_project", container_name=~"$container_name"} |= `$logs_query`',
+                #     datasource=loki_datasource,
-                    legendFormat='{{ container_name }}',
+                #     expr='{compose_project=~"$compose_project", container_name=~"$container_name"} |= `$logs_query`',
-                    refId='A',
+                #     legendFormat='{{ container_name }}',
-                ),
+                #     refId='A',
                # ),
            ],
        ),
    ],
--- a/roles/alpina/templates/services/monitoring/grafana_config/dashboards/example.dashboard.py
+++ b/roles/alpina/templates/services/monitoring/grafana_config/dashboards/example.dashboard.py
@@ -0,0 +1,51 @@
 from grafanalib.core import (
    Dashboard, TimeSeries, GaugePanel,
    Target, GridPos,
    OPS_FORMAT
 )
 dashboard = Dashboard(
    title="Python generated example dashboard",
    description="Example dashboard using the Random Walk and default Prometheus datasource",
    tags=[
        'example'
    ],
    timezone="browser",
    panels=[
        TimeSeries(
            title="Random Walk",
            dataSource='default',
            targets=[
                Target(
                    datasource='grafana',
                    expr='example',
                ),
            ],
            gridPos=GridPos(h=8, w=16, x=0, y=0),
        ),
        GaugePanel(
            title="Random Walk",
            dataSource='default',
            targets=[
                Target(
                    datasource='grafana',
                    expr='example',
                ),
            ],
            gridPos=GridPos(h=4, w=4, x=17, y=0),
        ),
        TimeSeries(
            title="Prometheus http requests",
            dataSource='prometheus',
            targets=[
                Target(
                    expr='rate(prometheus_http_requests_total[5m])',
                    legendFormat="{{ handler }}",
                    refId='A',
                ),
            ],
            unit=OPS_FORMAT,
            gridPos=GridPos(h=8, w=16, x=0, y=10),
        ),
    ],
 ).auto_panel_ids()
--- a/roles/alpina/templates/services/monitoring/grafana_config/dashboards/node.dashboard.py
+++ b/roles/alpina/templates/services/monitoring/grafana_config/dashboards/node.dashboard.py
@@ -1,139 +0,0 @@
 from grafanalib.core import Dashboard, Templating, Template, TimeSeries, PERCENT_UNIT_FORMAT, GridPos, Target
 from grafanalib.formatunits import BYTES_IEC
 from common import PrometheusTemplate
 from node_consts import CPU_BASIC_COLORS, MEMORY_BASIC_COLORS
 dashboard = Dashboard(
    title='Node Exporter',
    uid='node',
    description='Node Exporter (not quite full)',
    tags=[
        'linux',
    ],
    timezone='browser',
    templating=Templating(list=[
        # Datasource
        PrometheusTemplate,
        # Job
        Template(
            name='job',
            label='Job',
            dataSource='${datasource}',
            query='label_values(node_uname_info, job)',
        ),
        # Instance
        Template(
            name='instance',
            label='Instance',
            dataSource='${datasource}',
            query='label_values(node_uname_info{job="$job"}, instance)',
        ),
    ]),
    panels=[
        # CPU Basic
        TimeSeries(
            title='CPU Basic',
            description='Basic CPU usage info',
            unit=PERCENT_UNIT_FORMAT,
            gridPos=GridPos(h=8, w=12, x=0, y=0),
            lineWidth=1,
            fillOpacity=30,
            showPoints='never',
            stacking={'mode': 'percent', 'group': 'A'},
            tooltipMode='all',
            tooltipSort='desc',
            targets=[
                Target(
                    datasource='${datasource}',
                    expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="system"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                    legendFormat='Busy System',
                    refId='A',
                ),
                Target(
                    datasource='${datasource}',
                    expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="user"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                    legendFormat='Busy User',
                    refId='B',
                ),
                Target(
                    datasource='${datasource}',
                    expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="iowait"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                    legendFormat='Busy Iowait',
                    refId='C',
                ),
                Target(
                    datasource='${datasource}',
                    expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode=~".*irq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                    legendFormat='Busy IRQs',
                    refId='D',
                ),
                Target(
                    datasource='${datasource}',
                    expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job",  mode!="idle",mode!="user",mode!="system",mode!="iowait",mode!="irq",mode!="softirq"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                    legendFormat='Busy Other',
                    refId='E',
                ),
                Target(
                    datasource='${datasource}',
                    expr='sum(irate(node_cpu_seconds_total{instance="$instance",job="$job", mode="idle"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance="$instance",job="$job"}) by (cpu)))',
                    legendFormat='Idle',
                    refId='F',
                ),
            ],
            # Extra JSON for the colors
            extraJson=CPU_BASIC_COLORS,
        ),
        # Memory Basic
        TimeSeries(
            title='Memory Basic',
            description='Basic memory usage',
            unit=BYTES_IEC,
            gridPos=GridPos(h=8, w=12, x=12, y=0),
            lineWidth=1,
            fillOpacity=30,
            showPoints='never',
            stacking={'mode': 'normal', 'group': 'A'},
            tooltipMode='all',
            tooltipSort='desc',
            targets=[
                Target(
                    datasource='${datasource}',
                    expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"}',
                    format='time_series',
                    legendFormat='RAM Total',
                    refId='A',
                ),
                Target(
                    datasource='${datasource}',
                    expr='node_memory_MemTotal_bytes{instance="$instance",job="$job"} - node_memory_MemFree_bytes{instance="$instance",job="$job"} - (node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"})',
                    format='time_series',
                    legendFormat='RAM Used',
                    refId='B',
                ),
                Target(
                    datasource='${datasource}',
                    expr='node_memory_Cached_bytes{instance="$instance",job="$job"} + node_memory_Buffers_bytes{instance="$instance",job="$job"} + node_memory_SReclaimable_bytes{instance="$instance",job="$job"}',
                    legendFormat='RAM Cache + Buffer',
                    refId='C',
                ),
                Target(
                    datasource='${datasource}',
                    expr='node_memory_MemFree_bytes{instance="$instance",job="$job"}',
                    legendFormat='RAM Free',
                    refId='D',
                ),
                Target(
                    datasource='${datasource}',
                    expr='(node_memory_SwapTotal_bytes{instance="$instance",job="$job"} - node_memory_SwapFree_bytes{instance="$instance",job="$job"})',
                    legendFormat='SWAP Used',
                    refId='E',
                ),
            ],
            # Extra JSON for the colors
            extraJson=MEMORY_BASIC_COLORS,
        ),
        # TODO: Network Basic
        # TODO: Disk Basic
    ],
 ).auto_panel_ids()
--- a/roles/alpina/templates/services/monitoring/grafana_config/dashboards/node_consts.py
+++ b/roles/alpina/templates/services/monitoring/grafana_config/dashboards/node_consts.py
@@ -1,487 +0,0 @@
 # TODO: Question life decisions (I'm not sure if this is good)
 CPU_BASIC_COLORS = {
    "fieldConfig": {
        "overrides": [
            {
                "matcher": {
                    "id": "byName",
                    "options": "Busy Iowait"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#890F02",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Idle"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#052B51",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Busy Iowait"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#890F02",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Idle"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#7EB26D",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Busy System"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#EAB839",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Busy User"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#0A437C",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Busy Other"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#6D1F62",
                            "mode": "fixed"
                        }
                    }
                ]
            }
        ]
    },
 }
 MEMORY_BASIC_COLORS = {
    "fieldConfig": {
        "overrides": [
            {
                "matcher": {
                    "id": "byName",
                    "options": "Apps"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#629E51",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Buffers"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#614D93",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Cache"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#6D1F62",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Cached"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#511749",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Committed"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#508642",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Free"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#0A437C",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#CFFAFF",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Inactive"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#584477",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "PageTables"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#0A50A1",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Page_Tables"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#0A50A1",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "RAM_Free"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#E0F9D7",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "SWAP Used"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#BF1B00",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Slab"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#806EB7",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Slab_Cache"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#E0752D",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Swap"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#BF1B00",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Swap Used"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#BF1B00",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Swap_Cache"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#C15C17",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Swap_Free"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#2F575E",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Unused"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#EAB839",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "RAM Total"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#E0F9D7",
                            "mode": "fixed"
                        }
                    },
                    {
                        "id": "custom.fillOpacity",
                        "value": 0
                    },
                    {
                        "id": "custom.stacking",
                        "value": {
                            "group": False,
                            "mode": "normal"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "RAM Cache + Buffer"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#052B51",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "RAM Free"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#7EB26D",
                            "mode": "fixed"
                        }
                    }
                ]
            },
            {
                "matcher": {
                    "id": "byName",
                    "options": "Available"
                },
                "properties": [
                    {
                        "id": "color",
                        "value": {
                            "fixedColor": "#DEDAF7",
                            "mode": "fixed"
                        }
                    },
                    {
                        "id": "custom.fillOpacity",
                        "value": 0
                    },
                    {
                        "id": "custom.stacking",
                        "value": {
                            "group": False,
                            "mode": "normal"
                        }
                    }
                ]
            }
        ]
    }
 }
--- a/roles/alpina/templates/services/monitoring/grafana_config/datasources/alpina.yaml.j2
+++ b/roles/alpina/templates/services/monitoring/grafana_config/datasources/alpina.yaml.j2
@@ -15,6 +15,18 @@ datasources:
    url: http://prometheus:9090
    editable: false
  - name: Alertmanager
    type: alertmanager
    access: proxy
    uid: alertmanager
    url: http://alertmanager:9093
    jsonData:
      # Valid options for implementation include mimir, cortex and prometheus
      implementation: prometheus
      # Whether Grafana should send alert instances to this Alertmanager
      handleGrafanaManagedAlerts: true
    editable: false
  - name: InfluxDB
    type: influxdb
    access: proxy
--- a/roles/alpina/templates/services/monitoring/grafana_config/grafana.ini.j2
+++ b/roles/alpina/templates/services/monitoring/grafana_config/grafana.ini.j2
@@ -31,4 +31,4 @@ name_attribute_path = name
 # Optionally map user groups to Grafana roles
 allow_assign_grafana_admin = true
-role_attribute_path = contains(groups[*], 'admins') && 'GrafanaAdmin' || 'Viewer'
+role_attribute_path = contains(groups[*], 'Grafana Admins') && 'GrafanaAdmin' || 'Viewer'
--- a/roles/alpina/templates/services/monitoring/loki_config/loki-config.yaml.j2
+++ b/roles/alpina/templates/services/monitoring/loki_config/loki-config.yaml.j2
@@ -17,6 +17,13 @@ common:
 schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v12
      index:
        prefix: index_
        period: 24h
    - from: 2024-10-18
      index:
        period: 24h
@@ -26,5 +33,5 @@ schema_config:
      store: tsdb
 # TODO: Figure this out
-# ruler:
+ruler:
-#   alertmanager_url: http://localhost:9093
+  alertmanager_url: http://localhost:9093
--- a/roles/alpina/templates/services/monitoring/prometheus_config/container.alerts.yml
+++ b/roles/alpina/templates/services/monitoring/prometheus_config/container.alerts.yml
@@ -0,0 +1,23 @@
 groups:
  - name: qbit-low-traffic
    interval: 1m
    rules:
      - alert: QbitLowTraffic
        expr: |
          rate(container_network_transmit_bytes_total{name=~"gluetun"}[1m]) < 1024
        for: 2m
        labels:
          severity: warning
        annotations:
          title: 'Low traffic on qBit'
          description: |
            The traffic on qBittorrent is lower than 1KiB/s for 2 minutes.
            Last value was x bytes/s.
            [Grafana Dashboard](https://grafana.{{ domain }}/d/containers?orgId=1)
            [View in Grafana](https://grafana.{{ domain }}/d/containers?orgId=1&viewPanel=3)
          __dashboard__uid: 'containers'
          __orgId__: 1
          __panelId__: 3
--- a/roles/alpina/templates/services/monitoring/prometheus_config/demo.alerts.yml.j2
+++ b/roles/alpina/templates/services/monitoring/prometheus_config/demo.alerts.yml.j2
@@ -0,0 +1,20 @@
 groups:
  - name: demo-service-alerts
    rules:
      - alert: DemoServiceHighErrorRate
        expr: |
          (
            sum without(status, instance) (
              rate(demo_api_request_duration_seconds_count{status=~"5..",job="demo"}[1m])
            )
          /
            sum without(status, instance) (
              rate(demo_api_request_duration_seconds_count{job="demo"}[1m])
            ) * 100 > 0.5
          )
        for: 1m
        labels:
          severity: critical
        annotations:
          title: 'High 5xx rate for {{'{{ $labels.method }}'}} on {{'{{ $labels.path }}'}}'
          description: 'The 5xx error rate for path {{'{{ $labels.path }}'}} with method {{'{{ $labels.method }}'}} in {{'{{ $labels.job }}'}} is {{'{{ printf "%.2f" $value }}'}}%.'
--- a/roles/alpina/templates/services/monitoring/prometheus_config/prometheus.yml.j2
+++ b/roles/alpina/templates/services/monitoring/prometheus_config/prometheus.yml.j2
@@ -5,6 +5,11 @@ global:
  external_labels:
    monitor: "{{ ansible_host }}"
 alerting:
  alertmanagers:
    - static_configs:
        - targets: ["alertmanager:9093"]
 scrape_configs:
  - job_name: "prometheus"
    static_configs:
@@ -30,7 +35,15 @@ scrape_configs:
    static_configs:
      - targets: ["promtail:9080"]
  - job_name: 'demo'
    static_configs:
      - targets:
          - 'demo.promlabs.com:10000'
          - 'demo.promlabs.com:10001'
          - 'demo.promlabs.com:10002'
 rule_files:
  - "/etc/prometheus/container.alerts.yml"
  - "/etc/prometheus/extra/rules/*.yml"
  - "/etc/prometheus/extra/rules/*.json"
--- a/roles/alpina/templates/services/traefik/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/traefik/docker-compose.yml.j2
@@ -12,7 +12,7 @@ networks:
 services:
  traefik:
-    image: traefik:v3.2
+    image: traefik:v3.0
    container_name: traefik
    restart: unless-stopped
    env_file:
@@ -23,6 +23,7 @@ services:
      - ./rules:/rules:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - {{ base_volume_path }}/traefik/rules:/rules/extra:ro
      - {{ base_volume_path }}/traefik/logs:/logs
      - {{ base_volume_path }}/traefik/acme:/acme
  # This is mostly just so that the traefik network gets created
--- a/roles/alpina/templates/services/traefik/traefik.yml.j2
+++ b/roles/alpina/templates/services/traefik/traefik.yml.j2
@@ -2,8 +2,11 @@ api:
  insecure: true
 log:
  filePath: /logs/traefik.log
  level: INFO
 accessLog:
  filePath: /logs/access.log
  bufferingSize: 100
 entryPoints:
  web:
--- a/services.yml
+++ b/services.yml
@@ -5,11 +5,10 @@
  post_tasks:
    - name: Docker prune objects
      docker_prune:
-        containers: true
+        containers: yes
-        # Keep images for building grafana
+        images: yes
        images: true
        images_filters:
-          until: "720h"
+          dangling: false
        networks: true
        volumes: true
-        builder_cache: false
+        builder_cache: true
Author	SHA1	Message	Date
Yuri Tatishchev	eb264b73fa	(WIP) monitoring: attempt at container alerts	2024-10-22 23:07:41 -07:00
Yuri Tatishchev	8c6b862495	(WIP) monitoring: containers dashboard, loki storage update	2024-10-22 23:07:08 -07:00
Yuri Tatishchev	30510c6690	WIP: containers dashboard - loki logs	2024-10-12 23:32:03 -07:00
Yuri Tatishchev	c38f94f4ce	WIP: monitoring improvements - containers dashboard	2024-10-12 23:31:09 -07:00
Yuri Tatishchev	002eb40b68	WIP: monitoring improvements	2024-10-12 02:28:52 -07:00
`@@ -1 +1 @@`
	`NEXTCLOUD_VERSION=30-apache`	`NEXTCLOUD_VERSION=29-apache`
		`@@ -0,0 +1 @@`
							`DISCORD_WEBHOOK={{ alertmanager_discord_webhook }}`