working on templates 2

cli/core/schema/compose/v1.2.json

@@ -68,7 +68,7 @@
         "description": "Docker network name",
         "type": "str",
         "default": "bridge",
-        "needs": "network_mode=bridge,macvlan",
+        "needs": ["network_mode=bridge,macvlan"],
         "required": true
       },
       {
@@ -76,14 +76,14 @@
         "description": "Use existing Docker network (external)",
         "type": "bool",
         "default": false,
-        "needs": "network_mode=bridge,macvlan"
+        "needs": ["network_mode=bridge,macvlan"]
       },
       {
         "name": "network_macvlan_ipv4_address",
         "description": "Static IP address for container",
         "type": "str",
         "default": "192.168.1.253",
-        "needs": "network_mode=macvlan",
+        "needs": ["network_mode=macvlan"],
         "required": true
       },
       {
@@ -91,7 +91,7 @@
         "description": "Host network interface name",
         "type": "str",
         "default": "eth0",
-        "needs": "network_mode=macvlan",
+        "needs": ["network_mode=macvlan"],
         "required": true
       },
       {
@@ -99,7 +99,7 @@
         "description": "Network subnet in CIDR notation",
         "type": "str",
         "default": "192.168.1.0/24",
-        "needs": "network_mode=macvlan",
+        "needs": ["network_mode=macvlan"],
         "required": true
       },
       {
@@ -107,7 +107,7 @@
         "description": "Network gateway IP address",
         "type": "str",
         "default": "192.168.1.1",
-        "needs": "network_mode=macvlan",
+        "needs": ["network_mode=macvlan"],
         "required": true
       }
     ]
@@ -345,7 +345,7 @@
         "description": "Number of replicas",
         "type": "int",
         "default": 1,
-        "needs": "swarm_placement_mode=replicated",
+        "needs": ["swarm_placement_mode=replicated"],
         "required": true
       },
       {
@@ -353,7 +353,7 @@
         "description": "Target hostname for placement constraint",
         "type": "str",
         "default": "",
-        "needs": "swarm_placement_mode=replicated",
+        "needs": ["swarm_placement_mode=replicated"],
         "extra": "Constrains service to run on specific node by hostname"
       }
     ]
@@ -390,7 +390,7 @@
         "name": "database_host",
         "description": "Database host",
         "type": "str",
-        "needs": "database_external=true",
+        "needs": ["database_external=true"],
         "default": "database",
         "required": true
       },
@@ -464,7 +464,7 @@
       {
         "name": "email_from",
         "description": "From email address",
-        "type": "email",
+        "type": "str",
         "required": true
       },
       {
@@ -504,7 +504,7 @@
         "description": "Traefik middleware name for Authentik authentication",
         "type": "str",
         "default": "authentik-middleware@file",
-        "needs": "traefik_enabled=true",
+        "needs": ["traefik_enabled=true"],
         "required": true
       }
     ]

library/compose/adguardhome/template.yaml

@@ -64,11 +64,15 @@ spec:
         needs: ["traefik_enabled=false", "initial_setup=true"]
         extra: >
           Only used during first-time setup. After configuration, port becomes inactive.
+      ports_dns:
+        description: "DNS port"
+        type: int
+        default: 53
       ports_tls:
         description: "DNS over TLS Port"
-        type: "int"
+        type: int
         default: 853
       ports_dnscrypt:
         description: "DNSCrypt Port"
-        type: "int"
+        type: int
         default: 5443

library/compose/alloy/compose.yaml.j2

@@ -1,26 +1,27 @@
 services:
   {{ service_name }}:
-    image: grafana/alloy:v1.11.3
+    image: docker.io/grafana/alloy:{{ alloy_version }}
     restart: {{ restart_policy }}
     {% if container_hostname %}
     hostname: {{ container_hostname }}
     {% endif %}
-    command:
-      - run
-      - --server.http.listen-addr=0.0.0.0:12345
-      - --storage.path=/var/lib/alloy/data
-      - /etc/alloy/config.alloy
+    {% if resources_enabled %}
+    deploy:
+      resources:
+        limits:
+          cpus: '1.0'
+          memory: 512M
+    {% endif %}
     {% if traefik_enabled %}
     networks:
       {{ traefik_network }}:
     {% endif %}
-    {% if not traefik_enabled and general_webui_enabled %}
+    {% if not traefik_enabled %}
     ports:
       - "{{ ports_webui }}:12345"
     {% endif %}
     volumes:
-      - ./config/config.alloy:/etc/alloy/config.alloy
-      - {{ service_name }}_data:/var/lib/alloy/data
+      - {{ service_name }}_data:/alloy/data
       {% if logs_enabled or metrics_enabled %}
       - /:/rootfs:ro
       - /sys:/sys:ro
@@ -35,7 +36,7 @@ services:
       {% if metrics_enabled and metrics_system %}
       - /run/udev/data:/run/udev/data:ro
       {% endif %}
-    {% if traefik_enabled and general_webui_enabled %}
+    {% if traefik_enabled %}
     labels:
       - traefik.enable=true
       - traefik.docker.network={{ traefik_network }}

library/compose/alloy/template.yaml

@@ -1,42 +1,52 @@
 ---
 kind: compose
+schema: "1.2"
 metadata:
   name: Grafana Alloy
-  description: |-
-    Grafana Alloy is an open telemetry collector distribution that gathers
-    and processes logs, metrics, traces and profiles. It combines features
-    from the OpenTelemetry Collector and Prometheus and provides programmable
-    pipelines and high-performance, vendor-neutral observability.
-    ## Prerequisites
-    - :info: Set the `container_hostname` to your desired hostname. (This is
-    useful for identification in logs and metrics systems.)
-    ## References
-    * **Project:** https://grafana.com/docs/alloy/
-    * **Source:** https://github.com/grafana/alloy
-    * **Documentation:** https://grafana.com/docs/alloy/latest/
+  description: |
+    Grafana Alloy is an open telemetry collector that collects, processes, and exports metrics to various backends.
+    
+    ## Resources
+    - **Project**: https://grafana.com/oss/alloy/
+    - **Documentation**: https://grafana.com/docs/alloy/latest/
+    - **GitHub**: https://github.com/grafana/alloy
   version: v1.11.2
   author: Christian Lempa
   date: '2025-10-13'
   tags:
     - traefik
-schema: "1.2"
 spec:
   general:
     vars:
-      general_webui_enabled:
-        type: bool
-        description: Enable Alloy web user interface
+      service_name:
+        default: alloy
+      container_name:
+        default: alloy
+      alloy_version:
+        type: str
+        description: Grafana Alloy version to use
+        default: v1.11.2
+      restart_policy:
+        type: str
+        description: Restart policy for the container
+        default: unless-stopped
   ports:
     vars:
       ports_webui:
         type: int
-        description: Main port for Alloy HTTP server
+        description: Port for Alloy web UI
         default: 12345
-        needs: ["general_webui_enabled=true"]
-        required: true
+  traefik:
+    required: false
+    vars:
+      traefik_enabled:
+        type: bool
+        default: false
+      traefik_host:
+        type: str
+        default: alloy.localhost
   logs:
-    name: Log Collection
-    description: Configure log collection for Docker containers and system logs
+    title: Log Collection
     toggle: logs_enabled
     vars:
       logs_enabled:
@@ -51,12 +61,13 @@ spec:
       logs_docker:
         type: bool
         description: Enable Docker container log collection
+        default: true
       logs_system:
         type: bool
         description: Enable system and journalctl log collection
+        default: true
   metrics:
-    name: Metrics Collection
-    description: Configure metrics collection for Docker containers and system metrics
+    title: Metrics Collection
     toggle: metrics_enabled
     vars:
       metrics_enabled:
@@ -71,6 +82,8 @@ spec:
       metrics_docker:
         type: bool
         description: Enable Docker container metrics collection (cAdvisor)
+        default: true
       metrics_system:
         type: bool
         description: Enable system (node) metrics collection
+        default: true

library/compose/grafana/compose.yaml.j2

@@ -1,5 +1,5 @@
 services:
-  {{ service_name }}_
+  {{ service_name }}:
     image: docker.io/grafana/grafana-oss:12.1.1
     restart: {{ restart_policy }}
     environment:

library/compose/influxdb/compose.yaml.j2

@@ -18,7 +18,6 @@ services:
     {% endif %}
     volumes:
       - {{ service_name }}_data:/var/lib/influxdb2
-      - /etc/influxdb2:/etc/influxdb2  # FIXME: WHAT IS THAT?
     {% if traefik_enabled %}
     labels:
       - traefik.enable=true

library/compose/netbox/.env.j2

@@ -1,3 +1,4 @@
 REDIS_PASSWORD={{ redis_password }}
 DATABASE_PASSWORD={{ database_password }}
 NETBOX_SECRET_KEY={{ netbox_secret_key }}
+EMAIL_PASSWORD={{ email_password }}

library/compose/netbox/compose.yaml.j2

@@ -4,6 +4,9 @@ services:
     image: docker.io/netboxcommunity/netbox:v4.2.3
     restart: {{ restart_policy }}
     environment:
+      {% if container_timezone %}
+      - TIME_ZONE={{ container_timezone }}
+      {% endif %}
       {% if traefik_enabled %}
       - ALLOWED_HOSTS={{ traefik_host }}.{{ traefik_domain }}
       {% else %}
@@ -26,7 +29,7 @@ services:
       - METRICS_ENABLED=true
       {% endif %}
       {% if email_enabled %}
-      - EMAIL_SERVER={{ email_server }}
+      - EMAIL_SERVER={{ email_host }}
       - EMAIL_PORT={{ email_port }}
       - EMAIL_FROM={{ email_from }}
       - EMAIL_USERNAME={{ email_username }}
@@ -81,6 +84,9 @@ services:
       - /opt/netbox/netbox/manage.py
       - rqworker
     environment:
+      {% if container_timezone %}
+      - TIME_ZONE={{ container_timezone }}
+      {% endif %}
       {% if database_external %}
       - DB_HOST={{ database_host }}
       {% else %}
@@ -98,7 +104,7 @@ services:
       - METRICS_ENABLED=true
       {% endif %}
       {% if email_enabled %}
-      - EMAIL_SERVER={{ email_server }}
+      - EMAIL_SERVER={{ email_host }}
       - EMAIL_PORT={{ email_port }}
       - EMAIL_FROM={{ email_from }}
       - EMAIL_USERNAME={{ email_username }}
@@ -126,10 +132,7 @@ services:
   {{ service_name }}_redis:
     image: docker.io/library/redis:8.4.0-alpine
     restart: {{ restart_policy }}
-    command:
-      - sh
-      - -c
-      - # FIXME: NEED TO REPAIR
+    command: ["redis-server", "--requirepass", "${REDIS_PASSWORD}"]
     environment:
       - REDIS_PASSWORD=${REDIS_PASSWORD}
     networks:
@@ -140,10 +143,7 @@ services:
   {{ service_name }}_redis-cache:
     image: docker.io/library/redis:8.4.0-alpine
     restart: {{ restart_policy }}
-    command:
-      - sh
-      - -c
-      - # FIXME: NEED TO REPAIR
+    command: ["redis-server", "--requirepass", "${REDIS_PASSWORD}"]
     environment:
       - REDIS_PASSWORD=${REDIS_PASSWORD}
     networks:
@@ -171,14 +171,9 @@ services:
     networks:
       - {{ service_name }}_backend
     volumes:
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/postgres:/var/lib/postgresql/data
-      {% elif volume_mode == 'local' or volume_mode == 'nfs' %}
       - {{ service_name }}_postgres:/var/lib/postgresql/data
-      {% endif %}
   {% endif %}
 
-
 networks:
   {{ service_name }}_backend:
     driver: bridge

library/compose/netbox/template.yaml

@@ -1,101 +1,67 @@
+---
 kind: compose
 metadata:
-    name: NetBox
-    description: |-
-        Network infrastructure management (IPAM/DCIM) and network automation source of truth. Provides comprehensive API for managing IP addresses, circuits, devices, racks, cables, and other network infrastructure components with powerful automation capabilities.
-        ## References
-        * **Project:** https://netbox.dev/
-        * **Documentation:** https://docs.netbox.dev/
-        * **GitHub:** https://github.com/netbox-community/netbox
-    version: 4.2.3
-    author: Christian Lempa
-    date: "2025-11-13"
-    tags:
-        - traefik
-    draft: false
+  name: NetBox
+  description: |-
+    Network infrastructure management (IPAM/DCIM) and network automation source of truth. Provides comprehensive API for managing IP addresses, circuits, devices, racks, cables, and other network infrastructure components with powerful automation capabilities.
+    ## References
+    * **Project:** https://netbox.dev/
+    * **Documentation:** https://docs.netbox.dev/
+    * **GitHub:** https://github.com/netbox-community/netbox
+  next_steps: |-
+    Log in with your initial admin user:
+    ```bash
+    Username: admin
+    Password: admin
+    ```
+  version: 4.2.3
+  author: Christian Lempa
+  date: "2025-11-13"
+  tags:
+    - traefik
+    - database
+    - email
+  draft: false
 schema: "1.2"
 spec:
-    database:
-        key: database
-        title: ""
-        vars:
-            database_name:
-                default: netbox
-            database_user:
-                default: netbox
-            redis_password:
-                description: Redis password for authentication
-                type: str
-                sensitive: true
-                autogenerated: true
-                required: true
-    email:
-        key: email
-        title: ""
-        vars:
-            email_from:
-                default: netbox@example.com
-            email_server:
-                type: str
-                default: localhost
-    general:
-        key: general
-        title: ""
-        vars:
-            service_name:
-                default: netbox
-    netbox:
-        key: netbox
-        title: NetBox Configuration
-        description: Configure NetBox application settings
-        vars:
-            netbox_metrics_enabled:
-                description: Enable Prometheus metrics endpoint
-                type: bool
-                default: false
-            netbox_secret_key:
-                description: Secret Key
-                type: str
-                sensitive: true
-                autogenerated: true
-                required: true
-                extra: Used for cryptographic signing and session management
-    ports:
-        key: ports
-        title: ""
-        vars:
-            ports_http:
-                description: Host port for HTTP
-                default: 8000
-    swarm:
-        key: swarm
-        title: ""
-        description: |
-            Docker Swarm deployment requires an external PostgreSQL database. Enable 'database_external' in the Database section first.
-        needs:
-            - database_external=true
-        vars:
-            swarm_placement_host:
-                description: Target hostname for stateful services (NetBox, Redis)
-            swarm_worker_placement_host:
-                description: Target hostname for worker service (replicated mode only)
-                type: str
-                needs: [swarm_worker_placement_mode=replicated]
-            swarm_worker_placement_mode:
-                description: Deployment mode for worker service
-                type: enum
-                default: replicated
-                options: [replicated, global]
-                required: true
-            swarm_worker_replicas:
-                description: Number of worker replicas for queue processing
-                type: int
-                default: 1
-                required: true
-                needs: [swarm_worker_placement_mode=replicated]
-    traefik:
-        key: traefik
-        title: ""
-        vars:
-            traefik_host:
-                default: netbox
+  database:
+    vars:
+      database_name:
+        default: netbox
+      database_user:
+        default: netbox
+      redis_password:
+        description: Redis password for authentication
+        type: str
+        sensitive: true
+        autogenerated: true
+        required: true
+  general:
+    vars:
+      service_name:
+        default: netbox
+  netbox:
+    title: NetBox Configuration
+    description: Configure NetBox application settings
+    vars:
+      netbox_metrics_enabled:
+        description: Enable Prometheus metrics endpoint
+        type: bool
+        default: false
+      netbox_secret_key:
+        description: Secret Key
+        type: str
+        sensitive: true
+        autogenerated: true
+        autogenerated_length: 50
+        required: true
+        extra: Used for cryptographic signing and session management
+  ports:
+    vars:
+      ports_http:
+        description: Host port for HTTP
+        default: 8000
+  traefik:
+    vars:
+      traefik_host:
+        default: netbox

library/compose/nginx/template.yaml

@@ -3,23 +3,34 @@ kind: compose
 schema: "1.2"
 metadata:
   name: Nginx
-  description: >
+  description: |-
     Nginx is a high-performance web server, reverse proxy, and load balancer known for its stability, rich feature set, simple configuration, and low resource
     consumption. It is widely used to serve static content, handle HTTP requests, and distribute traffic across multiple servers.
 
+    ## Prerequisites
+    * **Project:** https://nginx.org/
+    * **Documentation:** https://nginx.org/en/docs/
+    * **GitHub:** https://github.com/nginx/nginx
 
-    Project: https://nginx.org/
-
-    Documentation: https://nginx.org/en/docs/
-
-    GitHub: https://github.com/nginx/nginx
   version: 1.28.0-alpine
-  date: 2023-10-01
   author: Christian Lempa
+  date: '2023-10-01'
   tags:
     - traefik
     - swarm
 spec:
+  general:
+    vars:
+      service_name:
+        default: "nginx"
+      restart_policy:
+        type: enum
+        options: ["unless-stopped", "always", "on-failure", "no"]
+        default: "unless-stopped"
+      container_name:
+        default: "nginx"
+      container_timezone:
+        default: "UTC"
   ports:
     vars:
       ports_http:
@@ -30,9 +41,40 @@ spec:
         description: HTTPS port for nginx service
         type: int
         default: 8443
-  nginx:
+  traefik:
     vars:
-      nginx_version:
-        description: Nginx version
-        type: str
-        default: latest
+      traefik_enabled:
+        type: bool
+        default: false
+      traefik_network:
+        default: "traefik"
+      traefik_host:
+        default: "nginx"
+      traefik_domain:
+        default: "home.arpa"
+      traefik_entrypoint:
+        default: "web"
+      traefik_tls_entrypoint:
+        default: "websecure"
+      traefik_tls_enabled:
+        type: bool
+        default: true
+      traefik_tls_certresolver:
+        default: "cloudflare"
+  network:
+    vars:
+      network_mode:
+        type: enum
+        options: ["bridge", "host", "macvlan"]
+        default: "bridge"
+      network_name:
+        default: "bridge"
+  swarm:
+    vars:
+      swarm_enabled:
+        type: bool
+        default: false
+      swarm_replicas:
+        description: Number of replicas for Swarm mode
+        type: int
+        default: 1

library/compose/openwebui/compose.yaml.j2

@@ -1,6 +1,6 @@
 services:
   {{ service_name }}:
-    image: ghcr.io/open-webui/open-webui:v{{ openwebui_version }}
+    image: ghcr.io/open-webui/open-webui:v0.6.36
     container_name: {{ container_name }}
     {#
       Set container hostname for identification

library/compose/openwebui/template.yaml

@@ -28,10 +28,6 @@ spec:
         default: openwebui
       container_name:
         default: openwebui
-      openwebui_version:
-        type: str
-        description: Openwebui version
-        default: latest
       ollama_base_url:
         type: str
         description: Ollama API base URL

library/compose/passbolt/template.yaml

@@ -3,28 +3,136 @@ kind: compose
 schema: "1.2"
 metadata:
   name: Passbolt
-  description: >
+  description: |-
     Passbolt is an open-source password manager designed for teams and businesses. It provides a secure way to store, share, and manage passwords and sensitive
     information collaboratively.
 
+    ## Prerequisites
+    * **Project:** https://www.passbolt.com/
+    * **Documentation:** https://help.passbolt.com/
+    * **GitHub:** https://github.com/passbolt/passbolt
 
-    Project: https://www.passbolt.com/
-
-    Documentation: https://help.passbolt.com/
-
-    GitHub: https://github.com/passbolt/passbolt
   version: 11.3
   author: Christian Lempa
   date: '2025-09-28'
-  tags: []
+  tags:
+    - traefik
+    - database
 spec:
   general:
     vars:
       service_name:
-        default: passbolt
+        default: "passbolt"
       container_name:
-        default: passbolt
-      volumes_version:
+        default: "passbolt"
+      container_timezone:
+        default: "UTC"
+  ports:
+    vars:
+      ports_http:
+        description: HTTP port for Passbolt
+        type: int
+        default: 80
+      ports_https:
+        description: HTTPS port for Passbolt
+        type: int
+        default: 443
+  traefik:
+    vars:
+      traefik_enabled:
+        type: bool
+        default: false
+      traefik_network:
+        default: "traefik"
+      traefik_host:
+        default: "passbolt"
+      traefik_domain:
+        default: "home.arpa"
+      traefik_entrypoint:
+        default: "web"
+      traefik_tls_entrypoint:
+        default: "websecure"
+      traefik_tls_enabled:
+        type: bool
+        default: true
+      traefik_tls_certresolver:
+        default: "cloudflare"
+  database:
+    vars:
+      database_type:
+        options: ["sqlite", "postgres", "mysql"]
+        default: "mysql"
+      database_external:
+        description: Use an external database server?
+        extra: skips creation of internal database container
+        type: bool
+        needs: "database_type=mysql,postgres"
+        default: false
+      database_host:
+        description: Database host
+        type: str
+        needs: "database_external=true"
+        default: "passbolt-db"
+        required: true
+      database_port:
+        description: Database port
+        type: int
+        required: true
+      database_name:
+        description: Database name
+        type: str
+        required: true
+      database_user:
+        description: Database user
+        type: str
+        required: true
+      database_password:
+        description: Database password
+        type: str
+        sensitive: true
+        required: true
+  volume:
+    vars:
+      volume_mode:
+        type: enum
+        options: ["local", "mount", "nfs"]
+        default: "local"
+      volume_mount_path:
+        description: Host path for bind mounts
+        type: str
+        default: "/mnt/storage"
+        needs: "volume_mode=mount"
+        required: true
+      volume_nfs_server:
+        description: NFS server address
+        type: str
+        default: "192.168.1.1"
+        needs: "volume_mode=nfs"
+        required: true
+      volume_nfs_path:
+        description: NFS export path
+        type: str
+        default: "/export"
+        needs: "volume_mode=nfs"
+        required: true
+      volume_nfs_options:
+        description: NFS mount options (comma-separated)
+        type: str
+        default: "rw,nolock,soft"
+        needs: "volume_mode=nfs"
+        required: true
+  resources:
+    vars:
+      resources_enabled:
+        type: bool
+        default: false
+      resources_cpu_limit:
+        description: Maximum CPU cores (e.g., 0.5, 1.0, 2.0)
+        type: str
+        default: "1.0"
+        required: true
+      resources_memory_limit:
+        description: Maximum memory (e.g., 512M, 1G, 2G)
         type: str
-        description: Volumes version
-        default: latest
+        default: "1G"
+        required: true

library/compose/pihole/template.yaml

@@ -47,6 +47,8 @@ spec:
     vars:
       service_name:
         default: "pihole"
+      container_name:
+        default: "pihole"
   admin_settings:
     description: "Admin Pi-hole Settings"
     required: true
@@ -57,6 +59,21 @@ spec:
         sensitive: true
         default: ""
         autogenerated: true
+  ports:
+    vars:
+      ports_http:
+        description: HTTP port for Pi-hole
+        type: int
+        default: 80
+      ports_https:
+        description: HTTPS port for Pi-hole
+        type: int
+        default: 443
+      ports_ntp:
+        description: "External NTP port"
+        type: int
+        default: 123
+        required: true
   traefik:
     vars:
       traefik_host:
@@ -69,16 +86,13 @@ spec:
           NOTE: Swarm only supports 'bridge' mode!"
       network_name:
         default: "pihole_network"
-  ports:
-    vars:
-      ports_ntp:
-        description: "External NTP port"
-        type: int
-        default: 123
-        required: true
   swarm:
     vars:
       swarm_placement_host:
         required: true
         optional: false
         needs: null
+      swarm_replicas:
+        description: Number of replicas for Swarm mode
+        type: int
+        default: 1

library/compose/postgres/template.yaml

@@ -22,19 +22,57 @@ metadata:
 spec:
   general:
     vars:
-      postgres_version:
+      service_name:
+        default: "postgres"
+      container_name:
+        default: "postgres"
+  ports:
+    vars:
+      ports_postgres:
+        description: PostgreSQL port
+        type: int
+        default: 5432
+  traefik:
+    vars:
+      traefik_host:
+        default: "postgres"
+  network:
+    vars:
+      network_mode:
+        extra: >
+          Use 'host' mode if you need to bind directly to port 5432.
+          NOTE: Swarm only supports 'bridge' mode!
+      network_name:
+        default: "postgres_network"
+  swarm:
+    vars:
+      swarm_replicas:
+        description: Number of replicas for Swarm mode
+        type: int
+        default: 1
+  volume:
+    vars:
+      volume_mode:
+        description: Volume mounting mode (local, mount, nfs)
+        type: str
+        default: "local"
+        options:
+          - local
+          - mount
+          - nfs
+      volume_mount_path:
+        description: Path for bind mounts when volume_mode is 'mount'
         type: str
-        description: PostgreSQL version
-        default: latest
-      postgres_secrets_enabled:
-        type: bool
-        description: "Enable Docker secrets for sensitive data"
-        default: false
-      postgres_initdb_args:
+        default: "/var/lib/postgresql/data"
+      volume_nfs_server:
+        description: NFS server address when volume_mode is 'nfs'
         type: str
-        description: "PostgreSQL initialization arguments"
-        default: "--data-checksums"
-      postgres_host_auth_method:
+        default: ""
+      volume_nfs_path:
+        description: NFS path when volume_mode is 'nfs'
         type: str
-        description: "PostgreSQL host authentication method (leave empty for password-based)"
         default: ""
+      volume_nfs_options:
+        description: NFS mount options when volume_mode is 'nfs'
+        type: str
+        default: "rw"

library/compose/renovate/template.yaml

@@ -1,21 +1,24 @@
 ---
 kind: compose
-schema: "1.1"
+schema: "1.2"
 metadata:
   name: Renovate
-  description: |
+  description: |-
     **Renovate** is an automated dependency update tool that creates pull requests for newer versions of dependencies.
     Supports GitHub, GitLab, Bitbucket, Gitea, and more platforms with flexible configuration options.
+
     ## Use Cases
     - Automated dependency updates for all your repositories
     - Security vulnerability patching
     - Multi-platform support (GitLab, GitHub, Bitbucket, etc.)
     - Customizable update schedules and rules
     - Self-hosted or cloud-based deployment
+
     ## Resources
     - **Project**: https://www.mend.io/renovate/
     - **Documentation**: https://docs.renovatebot.com/
     - **GitHub**: https://github.com/renovatebot/renovate
+
   version: 10.5.0
   author: Christian Lempa
   date: '2025-11-05'
@@ -49,12 +52,16 @@ spec:
     vars:
       service_name:
         default: "renovate"
+      restart_policy:
+        type: enum
+        options: ["unless-stopped", "always", "on-failure", "no"]
+        default: "unless-stopped"
       container_name:
         default: "renovate"
       container_hostname:
         default: "renovate"
-      container_loglevel:
-        default: "info"
+      container_timezone:
+        default: "UTC"
   renovate_settings:
     title: "Renovate Settings"
     required: true
@@ -105,7 +112,45 @@ spec:
         default: 8080
   traefik:
     vars:
+      traefik_enabled:
+        type: bool
+        default: false
+      traefik_network:
+        default: "traefik"
       traefik_host:
         default: "renovate"
       traefik_domain:
         default: "home.arpa"
+      traefik_entrypoint:
+        default: "web"
+      traefik_tls_entrypoint:
+        default: "websecure"
+      traefik_tls_enabled:
+        type: bool
+        default: true
+      traefik_tls_certresolver:
+        default: "cloudflare"
+  network:
+    vars:
+      network_mode:
+        type: enum
+        options: ["bridge", "host", "macvlan"]
+        default: "bridge"
+      network_name:
+        default: "bridge"
+  swarm:
+    vars:
+      swarm_enabled:
+        type: bool
+        default: false
+      swarm_placement_mode:
+        type: enum
+        options: ["replicated", "global"]
+        default: "replicated"
+      swarm_replicas:
+        type: int
+        default: 1
+        needs: "swarm_placement_mode=replicated"
+      swarm_placement_host:
+        default: ""
+        needs: "swarm_placement_mode=replicated"

library/compose/whoami/common/networks.yaml.j2

@@ -1,3 +0,0 @@
-networks:
-  {{ traefik_network }}:
-    external: true

library/compose/whoami/compose.yaml.j2

@@ -1,6 +1,56 @@
-{#
-  whoami Docker Compose Configuration
-#}
-include:
-  - services/whoami.yaml
-  - common/networks.yaml
+---
+services:
+  {{ service_name }}:
+    image: traefik/whoami:v1.11.0
+    {% if not swarm_enabled %}
+    restart: {{ restart_policy }}
+    {% endif %}
+    {% if swarm_enabled or resources_enabled %}
+    deploy:
+      {% if swarm_enabled %}
+      mode: {{ swarm_placement_mode }}
+      {% if swarm_placement_mode == "replicated" %}
+      replicas: {{ swarm_replicas }}
+      {% endif %}
+      {% if swarm_placement_host %}
+      placement:
+        constraints:
+          - node.hostname == {{ swarm_placement_host }}
+      {% endif %}
+      restart_policy:
+        condition: on-failure
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network={{ traefik_network }}
+        - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
+        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
+        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+        - traefik.http.routers.{{ service_name }}-http.entrypoints=web
+        {% if traefik_tls_enabled %}
+        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+        - traefik.http.routers.{{ service_name }}-https.entrypoints=websecure
+        - traefik.http.routers.{{ service_name }}-https.tls=true
+        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
+        {% endif %}
+      {% endif %}
+    {% else %}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network={{ traefik_network }}
+      - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
+      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
+      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+      - traefik.http.routers.{{ service_name }}-http.entrypoints=web
+      {% if traefik_tls_enabled %}
+      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+      - traefik.http.routers.{{ service_name }}-https.entrypoints=websecure
+      - traefik.http.routers.{{ service_name }}-https.tls=true
+      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
+      {% endif %}
+    {% endif %}
+    networks:
+      - {{ traefik_network }}
+
+networks:
+  {{ traefik_network }}:
+    external: true

library/compose/whoami/compose.yaml.j2.backup

@@ -1,57 +0,0 @@
-services:
-  {{ service_name }}:
-    image: traefik/whoami:v1.11.0
-    {% if not swarm_enabled %}
-    container_name: {{ container_name }}
-    restart: {{ restart_policy }}
-    {% endif %}
-    hostname: {{ container_hostname }}
-    {% if swarm_enabled or resources_enabled %}
-    deploy:
-      {% if swarm_enabled %}
-      mode: {{ swarm_placement_mode }}
-      {% if swarm_placement_mode == "replicated" %}
-      replicas: {{ swarm_replicas }}
-      {% endif %}
-      {% if swarm_placement_host %}
-      placement:
-        constraints:
-          - node.hostname == {{ swarm_placement_host }}
-      {% endif %}
-      restart_policy:
-        condition: on-failure
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-https.tls=true
-        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% endif %}
-      {% endif %}
-    {% else %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-https.tls=true
-      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% endif %}
-    {% endif %}
-    networks:
-      - {{ traefik_network }}
-
-networks:
-  {{ traefik_network }}:
-    external: true

library/compose/whoami/services/whoami.yaml.j2

@@ -1,57 +0,0 @@
-services:
-  {{ service_name }}:
-    image: traefik/whoami:v1.11.0
-    {% if not swarm_enabled %}
-    container_name: {{ container_name }}
-    restart: {{ restart_policy }}
-    {% endif %}
-    hostname: {{ container_hostname }}
-    {% if swarm_enabled or resources_enabled %}
-    deploy:
-      {% if swarm_enabled %}
-      mode: {{ swarm_placement_mode }}
-      {% if swarm_placement_mode == "replicated" %}
-      replicas: {{ swarm_replicas }}
-      {% endif %}
-      {% if swarm_placement_host %}
-      placement:
-        constraints:
-          - node.hostname == {{ swarm_placement_host }}
-      {% endif %}
-      restart_policy:
-        condition: on-failure
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-https.tls=true
-        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% endif %}
-      {% endif %}
-    {% else %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-https.tls=true
-      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% endif %}
-    {% endif %}
-    networks:
-      - {{ traefik_network }}
-
-networks:
-  {{ traefik_network }}:
-    external: true

library/compose/whoami/template.yaml

@@ -1,6 +1,5 @@
 ---
 kind: compose
-schema: "1.2"
 metadata:
   name: Whoami
   description: |
@@ -14,45 +13,21 @@ metadata:
     - **Project**: https://github.com/traefik/whoami
     - **Documentation**: https://traefik.io/docs/
     - **GitHub**: https://github.com/traefik/whoami
-  next_steps: |
-    ## Post-Installation Steps
-    1. **Start the service**:
-       ```bash
-       docker compose up -d
-       ```
-    2. **Verify the service is running**:
-       ```bash
-       docker compose ps
-       ```
-    3. **Test the endpoint**:
-       - Visit the configured host in your browser
-       - Or use curl: `curl http://{{ traefik_host }}`
-    4. **Check Traefik dashboard** (if enabled):
-       - Verify the route is registered correctly
-       - Check middleware configuration
   version: 1.11.0
   author: Christian Lempa
   date: '2025-10-30'
   tags:
     - traefik
     - swarm
-  draft: false
+schema: "1.2"
 spec:
   general:
     vars:
       service_name:
         default: whoami
-      container_name:
-        default: whoami
-      container_hostname:
-        default: whoami
   traefik:
-    required: true
-    needs: []
     vars:
+      traefik_enabled:
+        default: true
       traefik_host:
-        default: whoami.localhost
-  traefik_tls:
-    needs: []
-  swarm:
-    needs: []
+        default: whoami

library/terraform/netbox-vm/netbox_virtual_machine.tf.j2

@@ -1,8 +1,16 @@
+data "netbox_cluster" "{{ resource_name }}_cluster" {
+  name = "{{ cluster_ref }}"
+}
+
+data "netbox_site" "{{ resource_name }}_site" {
+  name = "{{ site_ref }}"
+}
+
 resource "netbox_virtual_machine" "{{ resource_name }}" {
   name       = "{{ vm_name }}"
-  cluster_id = netbox_cluster.{{ cluster_ref }}.id
+  cluster_id = data.netbox_cluster.{{ resource_name }}_cluster.id
 {% if site_ref %}
-  site_id    = data.netbox_site.{{ site_ref }}.id
+  site_id    = data.netbox_site.{{ resource_name }}_site.id
 {% endif %}
   status     = "{{ status }}"
 {% if device_ref %}
@@ -34,3 +42,25 @@ resource "netbox_virtual_machine" "{{ resource_name }}" {
   }
 {% endif %}
 }
+
+{% if ipam_enabled %}
+resource "netbox_interface" "{{ resource_name }}_interface" {
+  name               = "{{ interface_name }}"
+  virtual_machine_id = netbox_virtual_machine.{{ resource_name }}.id
+}
+
+resource "netbox_ip_address" "{{ resource_name }}_ip" {
+  ip_address   = "{{ primary_ip4 }}"
+  status       = "active"
+  {% if dns_name %}
+  dns_name     = "{{ dns_name }}"
+  {% endif %}
+  interface_id = netbox_interface.{{ resource_name }}_interface.id
+  object_type  = "virtualization.vminterface"
+}
+
+resource "netbox_primary_ip" "{{ resource_name }}_primary_ip" {
+  ip_address_id      = netbox_ip_address.{{ resource_name }}_ip.id
+  virtual_machine_id = netbox_virtual_machine.{{ resource_name }}.id
+}
+{% endif %}

library/terraform/netbox-vm/template.yaml

@@ -56,6 +56,26 @@ spec:
       device_ref:
         type: str
         description: Device resource name for host assignment (leave empty to skip)
+  ipam:
+    title: IP Address Management
+    toggle: ipam_enabled
+    vars:
+      ipam_enabled:
+        type: bool
+        description: Enable IP address assignment
+        default: false
+      interface_name:
+        type: str
+        description: Network interface name
+        default: eth0
+        required: true
+      primary_ip4:
+        type: str
+        description: Primary IPv4 address resource name
+        required: true
+      dns_name:
+        type: str
+        description: DNS name for the IP address (leave empty to skip)
   resources:
     title: Resource Allocation
     toggle: resources_enabled