gitlab update

library/compose/gitlab/.env.j2

@@ -1,3 +1 @@
-{% if not swarm_enabled %}
 GITLAB_ROOT_PASSWORD={{ root_password }}
-{% endif %}

library/compose/gitlab/compose.yaml.j2

@@ -1,12 +1,9 @@
 services:
   {{ service_name }}:
-    image: docker.io/gitlab/gitlab-ce:18.5.4-ce.0
-    {% if not swarm_enabled %}
+    image: docker.io/gitlab/gitlab-ce:18.6.1-ce.0
     restart: {{ restart_policy }}
-    {% endif %}
     shm_size: '256m'
-    environment:
-      - 
+    env_file: .env
     {% if traefik_enabled %}
     networks:
       {{ traefik_network }}:
@@ -16,26 +13,15 @@ services:
       - "{{ ports_http }}:80"
       {% endif %}
       - "{{ ports_ssh }}:22"
-      {% if registry_enabled %}
+      {% if registry_enabled and not traefik_enabled %}
       - "{{ ports_registry }}:5000"
       {% endif %}
     volumes:
-      {% if volume_mode == 'mount' %}
-      {% if not swarm_enabled %}
-      - {{ volume_mount_path }}/config/gitlab.rb:/etc/gitlab/gitlab.rb:ro
-      {% endif %}
-      - {{ volume_mount_path }}/config:/etc/gitlab
-      - {{ volume_mount_path }}/logs:/var/log/gitlab
-      - {{ volume_mount_path }}/data:/var/opt/gitlab
-      {% else %}
-      {% if not swarm_enabled %}
       - ./config/gitlab.rb:/etc/gitlab/gitlab.rb:ro
-      {% endif %}
       - {{ service_name }}_config:/etc/gitlab
       - {{ service_name }}_logs:/var/log/gitlab
       - {{ service_name }}_data:/var/opt/gitlab
-      {% endif %}
-    {% if traefik_enabled and not swarm_enabled %}
+    {% if traefik_enabled  %}
     labels:
       - traefik.enable=true
       - traefik.docker.network={{ traefik_network }}
@@ -53,84 +39,18 @@ services:
       {% if registry_enabled %}
       - traefik.http.services.{{ service_name }}_registry.loadBalancer.server.port=5000
       - traefik.http.routers.{{ service_name }}_registry-http.service={{ service_name }}_registry
-      - traefik.http.routers.{{ service_name }}_registry-http.rule=Host(`{{ traefik_registry_host }}`)
+      - traefik.http.routers.{{ service_name }}_registry-http.rule=Host(`{{ traefik_registry_host }}`.{{ traefik_domain }}`)
       - traefik.http.routers.{{ service_name }}_registry-http.entrypoints=web
       {% if traefik_tls_enabled %}
       - traefik.http.routers.{{ service_name }}_registry-https.service={{ service_name }}_registry
-      - traefik.http.routers.{{ service_name }}_registry-https.rule=Host(`{{ traefik_registry_host }}`)
+      - traefik.http.routers.{{ service_name }}_registry-https.rule=Host(`{{ traefik_registry_host }}`.{{ traefik_domain }}`)
       - traefik.http.routers.{{ service_name }}_registry-https.entrypoints=websecure
       - traefik.http.routers.{{ service_name }}_registry-https.tls=true
       - traefik.http.routers.{{ service_name }}_registry-https.tls.certresolver={{ traefik_tls_certresolver }}
       {% endif %}
       {% endif %}
     {% endif %}
-    {#
-      Docker Swarm configuration (only when swarm_enabled is set):
-      - Configs: GitLab configuration file
-      - Secrets: Root password and registry secret (if registry enabled)
-      - Deploy: Replication, placement, restart policy, and Traefik labels
-    #}
-    {% if swarm_enabled %}
-    configs:
-      - source: gitlab_config
-        target: /etc/gitlab/gitlab.rb
-    secrets:
-      - source: {{ service_name }}_root_password
-        target: /run/secrets/gitlab_root_password
-        mode: 0400
-      {% if registry_enabled %}
-      - source: {{ service_name }}_registry_secret
-        target: /run/secrets/gitlab_registry_secret
-        mode: 0400
-      {% endif %}
-    deploy:
-      mode: replicated
-      replicas: 1
-      {% if swarm_placement_host %}
-      placement:
-        constraints:
-          - node.hostname == {{ swarm_placement_host }}
-      {% endif %}
-      restart_policy:
-        condition: on-failure
-      {% if traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}_web.loadBalancer.server.port=80
-        - traefik.http.routers.{{ service_name }}_http.service={{ service_name }}_web
-        - traefik.http.routers.{{ service_name }}_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}_http.entrypoints=web
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}_https.service={{ service_name }}_web
-        - traefik.http.routers.{{ service_name }}_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}_https.entrypoints=websecure
-        - traefik.http.routers.{{ service_name }}_https.tls=true
-        - traefik.http.routers.{{ service_name }}_https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% endif %}
-        {% if registry_enabled %}
-        - traefik.http.services.{{ service_name }}_registry.loadBalancer.server.port=5000
-        - traefik.http.routers.{{ service_name }}_registry-http.service={{ service_name }}_registry
-        - traefik.http.routers.{{ service_name }}_registry-http.rule=Host(`{{ traefik_registry_host }}`)
-        - traefik.http.routers.{{ service_name }}_registry-http.entrypoints=web
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}_registry-https.service={{ service_name }}_registry
-        - traefik.http.routers.{{ service_name }}_registry-https.rule=Host(`{{ traefik_registry_host }}`)
-        - traefik.http.routers.{{ service_name }}_registry-https.entrypoints=websecure
-        - traefik.http.routers.{{ service_name }}_registry-https.tls=true
-        - traefik.http.routers.{{ service_name }}_registry-https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% endif %}
-        {% endif %}
-      {% endif %}
-    {% endif %}
 
-{#
-  Volume definitions:
-  - When volume_mode is 'local' (default): use docker-managed local volumes
-  - When volume_mode is 'nfs': configure NFS-backed volumes
-  - When volume_mode is 'mount': no volume definition needed (bind mounts used directly)
-#}
-{% if volume_mode == 'local' %}
 volumes:
   {{ service_name }}_config:
     driver: local
@@ -138,51 +58,7 @@ volumes:
     driver: local
   {{ service_name }}_data:
     driver: local
-{% elif volume_mode == 'nfs' %}
-volumes:
-  {{ service_name }}_config:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},nfsvers=4,{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/config"
-  {{ service_name }}_logs:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},nfsvers=4,{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/logs"
-  {{ service_name }}_data:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},nfsvers=4,{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/data"
-{% endif %}
-
-{#
-  Docker Swarm configs and secrets (only when swarm_enabled is set):
-  - Config: GitLab configuration file
-  - Secrets: Root password and registry secret (if registry enabled)
-#}
-{% if swarm_enabled %}
-configs:
-  gitlab_config:
-    file: ./config/gitlab.rb
-
-secrets:
-  {{ service_name }}_root_password:
-    file: ./.env.secret
-  {% if registry_enabled %}
-  {{ service_name }}_registry_secret:
-    file: ./.env.registry.secret
-  {% endif %}
-{% endif %}
 
-{#
-  Network definitions (only when Traefik is enabled):
-  - Traefik network: always external (managed by Traefik)
-#}
 {% if traefik_enabled %}
 networks:
   {{ traefik_network }}:

library/compose/gitlab/template.yaml

@@ -2,66 +2,78 @@
 kind: compose
 metadata:
   name: GitLab
-  description: 'A **complete DevOps platform** that provides Git repository management, CI/CD pipelines,
-
+  description: |-
+    A **complete DevOps platform** that provides Git repository management, CI/CD pipelines,
     issue tracking, and container registry in a single application.
-
     ## Prerequisites
-
     - ...
-
     **Performance Presets**:
-
     - `homelab`: Optimized for low-resource environments (limited workers, reduced PostgreSQL buffers)
-
     - `default`: Standard server configuration for production use
-
     **External URL**:
-
     - Set to your public domain (e.g., `https://gitlab.example.com`) for proper clone URLs
-
     - Affects SSH clone URLs and web links in emails/notifications
-
     **Container Registry**:
-
     - Enable if you need private Docker image hosting
-
     - Requires separate external URL (e.g., `https://registry.example.com`)
-
     ## Resources
-
     - **Project**: https://about.gitlab.com/
-
     - **Documentation**: https://docs.gitlab.com/
-
     - **Community**: https://forum.gitlab.com/
-
-    '
   icon:
     provider: selfh
     id: gitlab
-  version: 18.5.4-ce.0
+  version: 18.6.1-ce.0
   author: Christian Lempa
   date: '2025-12-11'
   tags:
     - traefik
-    - swarm
-  next_steps: "## Post-Installation Steps\n1. **Start GitLab**:\n   ```bash\n   docker compose up -d\n   ```\n2. **Wait for\
-    \ initialization** (2-5 minutes):\n   ```bash\n   docker compose logs -f gitlab\n   ```\n   Wait for message: `gitlab\
-    \ Reconfigured!`\n3. **Access the web interface**:\n   {% if traefik_enabled -%}\n   - Via Traefik: https://{{ traefik_host\
-    \ }}\n   {% if not traefik_enabled and network_mode == 'bridge' %}- Direct access: http://localhost:{{ ports_http }}{%\
-    \ endif %}\n   {%- else -%}\n   - Open {{ external_url }} in your browser\n   {% if network_mode == 'bridge' %}- Or: http://localhost:{{\
-    \ ports_http }}{% endif %}\n   {%- endif %}\n4. **Initial login credentials**:\n   - **Username**: `root`\n   - **Password**:\
-    \ `{{ root_password }}`\n   > **Important**: This password only works on FIRST initialization.\n   > Change it immediately\
-    \ after first login via GitLab's web interface!\n5. **Configure SSH** (optional):\n   - SSH clone URLs will use port `{{\
-    \ ports_ssh }}`\n   - Update your Git remote if needed\n## Additional Resources\n- Documentation: https://docs.gitlab.com/\n\
-    - GitLab Runner: https://docs.gitlab.com/runner/\n"
-  draft: true
+  next_steps: |-
+    ## Post-Installation Steps
+    1. **Start GitLab**:
+      ```bash
+      docker compose up -d
+      ```
+    2. **Wait for\
+      \ initialization** (2-5 minutes):
+        ```bash
+        docker compose logs -f gitlab
+        ```
+        Wait for message: `gitlab\
+      \ Reconfigured!`
+      3. **Access the web interface**:
+        {% if traefik_enabled -%}
+        - Via Traefik: https://{{ traefik_host\
+      \ }}
+        {% if not traefik_enabled and network_mode == 'bridge' %}- Direct access: http://localhost:{{ ports_http }}{%\
+      \ endif %}
+        {%- else -%}
+        - Open {{ external_url }} in your browser
+        {% if network_mode == 'bridge' %}- Or: http://localhost:{{\
+      \ ports_http }}{% endif %}
+        {%- endif %}
+      4. **Initial login credentials**:
+        - **Username**: `root`
+        - **Password**:\
+      \ `{{ root_password }}`
+        > **Important**: This password only works on FIRST initialization.
+        > Change it immediately\
+      \ after first login via GitLab's web interface!
+      5. **Configure SSH** (optional):
+        - SSH clone URLs will use port `{{\
+      \ ports_ssh }}`
+        - Update your Git remote if needed
+      ## Additional Resources
+      - Documentation: https://docs.gitlab.com/
+      \
+      - GitLab Runner: https://docs.gitlab.com/runner/
 schema: '1.2'
 spec:
   general:
     vars:
       service_name:
+        type: str
+        description: Docker service name
         default: gitlab
       external_url:
         type: str
@@ -100,6 +112,23 @@ spec:
           - 'no'
         default: unless-stopped
         required: true
+  advanced:
+    title: Advanced Settings
+    description: Performance tuning and advanced configuration options
+    vars:
+      performance_preset:
+        type: enum
+        description: Performance optimization profile
+        options:
+          - homelab
+          - default
+        default: homelab
+        extra: homelab is optimized for low-resource environments, default is for standard servers
+      prometheus_enabled:
+        type: bool
+        description: Enable Prometheus monitoring
+        default: false
+        extra: Disabling saves ~200-400MB RAM. GitLab UI metrics will be unavailable.
   ports:
     vars:
       ports_http:
@@ -110,10 +139,18 @@ spec:
         type: int
         description: Container Registry port
         default: 5000
-  network:
+  registry:
+    description: GitLab Container Registry configuration
+    toggle: registry_enabled
     vars:
-      network_name:
-        default: gitlab_network
+      registry_enabled:
+        type: bool
+        description: Enable GitLab Container Registry
+        default: false
+      registry_external_url:
+        type: str
+        description: External URL for Container Registry
+        default: http://localhost:5000
   traefik:
     vars:
       traefik_host:
@@ -146,85 +183,61 @@ spec:
         type: bool
         default: false
         description: Enable Traefik TLS
-  volume:
+  email:
     vars:
-      volume_mode:
-        type: enum
-        options:
-          - local
-          - mount
-          - nfs
-        default: local
-        required: true
-      volume_mount_path:
-        type: str
-        default: /mnt/storage
-        needs:
-          - volume_mode=mount
-        required: true
-      volume_nfs_server:
+      email_enabled:
+        type: bool
+        default: false
+        description: Enable email server configuration
+      email_host:
         type: str
-        default: 192.168.1.1
-        needs:
-          - volume_mode=nfs
-        required: true
-      volume_nfs_path:
+        default: ''
+        description: SMTP server hostname
+      email_port:
+        type: int
+        default: 587
+        description: SMTP server port
+      email_username:
         type: str
-        default: /export
-        needs:
-          - volume_mode=nfs
-        required: true
-      volume_nfs_options:
+        default: ''
+        description: SMTP username
+      email_password:
         type: str
-        default: rw,nolock,soft
-        needs:
-          - volume_mode=nfs
-        required: true
-  swarm:
-    vars:
-      swarm_placement_host:
+        sensitive: true
+        default: ''
+        description: SMTP password
+      email_from:
         type: str
-        description: Target hostname for placement constraint
         default: ''
-        extra: Constrains service to run on specific node by hostname
-      swarm_enabled:
+        description: From email address
+      email_use_tls:
         type: bool
-        default: false
-        description: Enable Docker Swarm mode
-      swarm_placement_mode:
-        type: str
-        default: replicated
-        description: The placement mode
-      swarm_replicas:
-        type: int
-        default: 1
-        description: The number of replicas
-  registry:
-    description: GitLab Container Registry configuration
-    toggle: registry_enabled
-    vars:
-      registry_enabled:
+        default: true
+        description: Use TLS encryption
+      email_use_ssl:
         type: bool
-        description: Enable GitLab Container Registry
         default: false
-      registry_external_url:
-        type: str
-        description: External URL for Container Registry
-        default: http://localhost:5000
-  advanced:
-    title: Advanced Settings
-    description: Performance tuning and advanced configuration options
+        description: Use SSL encryption
+  authentik:
     vars:
-      performance_preset:
-        type: enum
-        description: Performance optimization profile
-        options:
-          - homelab
-          - default
-        default: homelab
-        extra: homelab is optimized for low-resource environments, default is for standard servers
-      prometheus_enabled:
+      authentik_enabled:
         type: bool
-        description: Enable Prometheus monitoring
         default: false
-        extra: Disabling saves ~200-400MB RAM. GitLab UI metrics will be unavailable.
+        description: Enable Authentik SSO integration
+      authentik_url:
+        type: str
+        default: https://auth.home.arpa
+        description: Authentik base URL (e.g., https://auth.example.com)
+      authentik_slug:
+        type: str
+        default: gitlab
+        description: Authentik application slug
+      authentik_client_id:
+        type: str
+        default: ''
+        description: OAuth client ID from Authentik provider
+      authentik_client_secret:
+        type: str
+        sensitive: true
+        default: ''
+        description: OAuth client secret from Authentik provider

library/compose/pangolin/compose.yaml.j2

@@ -1,158 +0,0 @@
----
-services:
-  {{ service_name }}:
-    image: docker.io/fosrl/pangolin:latest
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ container_name }}
-    {% endif %}
-    hostname: {{ container_hostname }}
-    {% if network_mode == 'host' %}
-    network_mode: host
-    {% else %}
-    networks:
-      {% if traefik_enabled %}
-      {{ traefik_network }}:
-      {% endif %}
-      {% if network_mode == 'macvlan' %}
-      {{ network_name }}:
-        ipv4_address: {{ network_macvlan_ipv4_address }}
-      {% elif network_mode == 'bridge' %}
-      {{ network_name }}:
-      {% endif %}
-    {% endif %}
-    {% if network_mode == 'bridge' and not traefik_enabled %}
-    ports:
-      {% if swarm_enabled %}
-      - target: 8080
-        published: {{ ports_http }}
-        protocol: tcp
-        mode: host
-      {% else %}
-      - "{{ ports_http }}:8080/tcp"
-      {% endif %}
-    {% endif %}
-    {% if environment_enabled or postgres_enabled %}
-    environment:
-      {% if postgres_enabled %}
-      POSTGRES_CONNECTION_STRING: "{{ postgres_connection_string }}"
-      {% endif %}
-      {% if environment_enabled %}
-      {% if environment_log_level %}
-      LOG_LEVEL: "{{ environment_log_level }}"
-      {% endif %}
-      {% if environment_crowdsec_enabled %}
-      CROWDSEC_ENABLED: "true"
-      {% endif %}
-      {% endif %}
-    {% endif %}
-    volumes:
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/data:/app/data:rw
-      - {{ volume_mount_path }}/config:/app/config:rw
-      {% elif volume_mode in ['local', 'nfs'] %}
-      - {{ service_name }}-data:/app/data
-      - {{ service_name }}-config:/app/config
-      {% endif %}
-    {% if swarm_enabled or resources_enabled %}
-    deploy:
-      {% if swarm_enabled %}
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: on-failure
-      {% endif %}
-      {% if resources_enabled %}
-      resources:
-        limits:
-          cpus: '{{ resources_cpu_limit }}'
-          memory: {{ resources_memory_limit }}
-        {% if swarm_enabled %}
-        reservations:
-          cpus: '{{ resources_cpu_reservation }}'
-          memory: {{ resources_memory_reservation }}
-        {% endif %}
-      {% endif %}
-      {% if swarm_enabled and traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=8080
-        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-https.tls=true
-        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% endif %}
-      {% endif %}
-    {% endif %}
-    {% if traefik_enabled and not swarm_enabled %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=8080
-      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-https.tls=true
-      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% endif %}
-    {% endif %}
-
-{% if volume_mode == 'local' %}
-volumes:
-  {{ service_name }}-data:
-    driver: local
-  {{ service_name }}-config:
-    driver: local
-{% elif volume_mode == 'nfs' %}
-volumes:
-  {{ service_name }}-data:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/data"
-  {{ service_name }}-config:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/config"
-{% endif %}
-
-{% if network_mode != 'host' %}
-networks:
-  {{ network_name }}:
-    {% if network_external %}
-    external: true
-    {% else %}
-    {% if network_mode == 'macvlan' %}
-    driver: macvlan
-    driver_opts:
-      parent: {{ network_macvlan_parent_interface }}
-    ipam:
-      config:
-        - subnet: {{ network_macvlan_subnet }}
-          gateway: {{ network_macvlan_gateway }}
-    name: {{ network_name }}
-    {% elif swarm_enabled %}
-    driver: overlay
-    attachable: true
-    {% else %}
-    driver: bridge
-    {% endif %}
-    {% endif %}
-  {% if traefik_enabled %}
-  {{ traefik_network }}:
-    external: true
-  {% endif %}
-{% endif %}

library/compose/pangolin/template.yaml

@@ -1,291 +0,0 @@
----
-kind: compose
-metadata:
-  icon:
-    provider: selfh
-    id: pangolin
-  name: Pangolin
-  description: 'Self-hosted reverse proxy server that securely exposes private resources on distributed networks through
-
-    encrypted WireGuard tunnels. Pangolin enables access from anywhere without opening ports, using a custom
-
-    user-space WireGuard client (Newt) for secure connectivity. Features include automatic tunnel management,
-
-    integrated CrowdSec security, and support for both PostgreSQL and SQLite databases.
-
-    ## References
-
-    * **Project:** https://github.com/fosrl/pangolin
-
-    * **Documentation:** https://github.com/fosrl/pangolin/blob/main/README.md
-
-    * **Docker Hub:** https://hub.docker.com/r/fosrl/pangolin
-
-    '
-  version: latest
-  author: Christian Lempa
-  date: '2025-11-13'
-  tags:
-    - traefik
-    - swarm
-    - proxy
-    - wireguard
-  draft: true
-  next_steps: '### 1. Configure Database
-
-    {% if postgres_enabled -%}
-
-    Make sure PostgreSQL is running and accessible at:
-
-    * Connection string: {{ postgres_connection_string }}
-
-    {% else -%}
-
-    Pangolin will use SQLite database stored in the data volume.
-
-    {% endif -%}
-
-    ### 2. Deploy the Service
-
-    {% if swarm_enabled -%}
-
-    Deploy to Docker Swarm:
-
-    ```bash
-
-    docker stack deploy -c compose.yaml pangolin
-
-    ```
-
-    {% else -%}
-
-    Start Pangolin using Docker Compose:
-
-    ```bash
-
-    docker compose up -d
-
-    ```
-
-    {% endif -%}
-
-    ### 3. Access the Web Interface
-
-    {% if traefik_enabled -%}
-
-    * Navigate to: **https://{{ traefik_host }}.{{ traefik_domain }}**
-
-    {% else -%}
-
-    * Navigate to: **http://localhost:{{ ports_http }}**
-
-    {% endif -%}
-
-    ### 4. Configure WireGuard Clients
-
-    * Use the Pangolin web interface to create and manage WireGuard tunnels
-
-    * Deploy Newt client on remote machines to establish secure connections
-
-    '
-schema: '1.2'
-spec:
-  general:
-    vars:
-      service_name:
-        default: pangolin
-      container_name:
-        default: pangolin
-      container_hostname:
-        default: pangolin
-      restart_policy:
-        type: enum
-        options:
-          - unless-stopped
-          - always
-          - on-failure
-          - 'no'
-        default: unless-stopped
-        required: true
-  traefik:
-    vars:
-      traefik_host:
-        default: pangolin
-      traefik_network:
-        default: traefik
-        type: str
-        required: true
-      traefik_domain:
-        default: home.arpa
-        type: str
-        required: true
-      traefik_enabled:
-        type: bool
-        default: false
-        description: Enable Traefik integration
-  traefik_tls:
-    vars:
-      traefik_tls_certresolver:
-        type: str
-        default: cloudflare
-        required: true
-      traefik_tls_enabled:
-        type: bool
-        default: false
-        description: Enable Traefik TLS
-  network:
-    vars:
-      network_name:
-        default: pangolin_network
-      network_macvlan_ipv4_address:
-        type: str
-        default: 192.168.1.253
-        needs:
-          - network_mode=macvlan
-        required: true
-      network_macvlan_parent_interface:
-        type: str
-        default: eth0
-        needs:
-          - network_mode=macvlan
-        required: true
-      network_macvlan_subnet:
-        type: str
-        default: 192.168.1.0/24
-        needs:
-          - network_mode=macvlan
-        required: true
-      network_macvlan_gateway:
-        type: str
-        default: 192.168.1.1
-        needs:
-          - network_mode=macvlan
-        required: true
-      network_external:
-        type: bool
-        default: false
-        description: Whether the network is external
-      network_mode:
-        type: str
-        default: bridge
-        description: The network mode for the container
-  ports:
-    vars:
-      ports_http:
-        description: External HTTP port (web interface)
-        type: int
-        default: 8080
-        needs:
-          - traefik_enabled=false
-          - network_mode=bridge
-  volume:
-    vars:
-      volume_mount_path:
-        default: /mnt/storage/pangolin
-      volume_nfs_server:
-        type: str
-        default: 192.168.1.1
-        needs:
-          - volume_mode=nfs
-        required: true
-      volume_nfs_path:
-        type: str
-        default: /export
-        needs:
-          - volume_mode=nfs
-        required: true
-      volume_nfs_options:
-        type: str
-        default: rw,nolock,soft
-        needs:
-          - volume_mode=nfs
-        required: true
-      volume_mode:
-        type: enum
-        options:
-          - local
-          - mount
-          - nfs
-        default: local
-        description: The volume mode
-  resources:
-    vars:
-      resources_enabled:
-        type: bool
-        default: false
-      resources_cpu_limit:
-        type: str
-        default: 1.0
-        required: true
-      resources_cpu_reservation:
-        type: str
-        default: 0.25
-        needs:
-          - swarm_enabled=true
-        required: true
-      resources_memory_limit:
-        type: str
-        default: 1G
-        required: true
-      resources_memory_reservation:
-        type: str
-        default: 512M
-        needs:
-          - swarm_enabled=true
-        required: true
-  postgres:
-    title: PostgreSQL Configuration
-    toggle: postgres_enabled
-    needs: null
-    vars:
-      postgres_enabled:
-        type: bool
-        default: false
-        description: Use PostgreSQL database (SQLite is default)
-      postgres_connection_string:
-        type: str
-        default: postgresql://postgres:postgres@localhost:5432
-        description: PostgreSQL connection string
-        needs: postgres_enabled=true
-  environment:
-    title: Environment Variables
-    toggle: environment_enabled
-    needs: null
-    vars:
-      environment_enabled:
-        type: bool
-        default: false
-        description: Configure additional environment variables
-      environment_crowdsec_enabled:
-        type: bool
-        default: false
-        description: Enable CrowdSec integration
-        needs: environment_enabled=true
-      environment_log_level:
-        type: enum
-        default: info
-        options:
-          - debug
-          - info
-          - warn
-          - error
-        description: Log level
-        needs: environment_enabled=true
-  swarm:
-    vars:
-      swarm_enabled:
-        type: bool
-        default: false
-        description: Enable Docker Swarm mode
-      swarm_placement_host:
-        type: str
-        default: ''
-        description: The placement host
-      swarm_placement_mode:
-        type: str
-        default: replicated
-        description: The placement mode
-      swarm_replicas:
-        type: int
-        default: 1
-        description: The number of replicas