diff --git a/INVENTORY.md b/INVENTORY.md
new file mode 100644
index 0000000..e6d6822
--- /dev/null
+++ b/INVENTORY.md
@@ -0,0 +1,84 @@
+# Homelab inventaris — alles thuis
+
+Private repo. Laatst bijgewerkt vanaf NAS `192.168.1.211`.
+
+## Synology NAS — Docker (actief)
+
+| App | Map | IP:poort | Status |
+|-----|-----|----------|--------|
+| PostgreSQL | [apps/postgres](apps/postgres/) | :5433 | running |
+| pgAdmin | [apps/pgadmin](apps/pgadmin/) | :5434 | running |
+| Gitea | [apps/gitea](apps/gitea/) | :3000 | running |
+| AdGuard Home | [apps/adguard](apps/adguard/) | :53, :3001 | running |
+| DuckDNS | [apps/duckdns](apps/duckdns/) | — | running |
+| Neo4j | [apps/neo4j](apps/neo4j/) | :49153–49155 | running |
+| Homarr | [apps/homarr](apps/homarr/) | :4755 | running |
+| Portainer | [apps/portainer](apps/portainer/) | :9000 | running |
+| Remotely | [apps/remotely](apps/remotely/) | :8080 | running |
+| Excalidraw | [apps/excalidraw](apps/excalidraw/) | :3765 | running |
+| Prometheus | [apps/monitoring](apps/monitoring/) | :9090 | running |
+| Grafana | [apps/monitoring](apps/monitoring/) | :3002 | running |
+| Homelab Command | [homelab-command repo](http://192.168.1.211:3000/mo/homelab-command) | :8765 | running |
+| NATS + mesh | [apps/monitoring](apps/monitoring/) | :4222 | running |
+
+## Synology NAS — Docker (gestopt / image aanwezig)
+
+| App | Map | Opmerking |
+|-----|-----|-----------|
+| Guacamole | [apps/guacamole](apps/guacamole/) | Portainer stack, poort 8348 |
+| Wazuh | [apps/wazuh](apps/wazuh/) | SIEM stack |
+| HA Voice MCP | [apps/ha-voice-control](apps/ha-voice-control/) | build image aanwezig |
+| UniFi Controller | [apps/unifi](apps/unifi/) | data op NAS; live controller ook op **192.168.1.24** |
+| Joplin Server | [apps/joplin](apps/joplin/) | data-map beperkt (uid 999) |
+
+## NAS — Configs map (media / HA)
+
+| App | Map | NAS pad |
+|-----|-----|---------|
+| Home Assistant | [apps/home-assistant](apps/home-assistant/) | `Configs/HA` → 192.168.1.235:8123 |
+| Sonarr | [apps/sonarr](apps/sonarr/) | `Configs/Sonarr` |
+| Radarr | [apps/radarr](apps/radarr/) | `Configs/Radarr` |
+| Prowlarr | [apps/prowlarr](apps/prowlarr/) | `Configs/Prowlarr` |
+| qBittorrent | [apps/qbittorrent](apps/qbittorrent/) | `Configs/QBitTorrent` |
+| SABnzbd | [apps/sabnzbd](apps/sabnzbd/) | `Configs/Sabnzb` |
+
+## NAS — Gepland / lege config-mappen
+
+| App | Map | NAS pad |
+|-----|-----|---------|
+| Glance | [apps/glance](apps/glance/) | `Configs/glance` (leeg) |
+| Uptime Kuma | [apps/uptime-kuma](apps/uptime-kuma/) | `Configs/uptime-kuma` (leeg) |
+| Whoogle | [apps/whoogle](apps/whoogle/) | `Configs/whoogle` (leeg) |
+
+## Synology — native packages (geen Docker)
+
+| Package | Map | Opmerking |
+|---------|-----|-----------|
+| Overzicht | [apps/synology](apps/synology/) | Jellyfin, Plex, Tailscale, Surveillance, … |
+
+## Proxmox
+
+| Host | IP | Map |
+|------|-----|-----|
+| pve | 192.168.1.216 | [apps/proxmox/hosts/pve](apps/proxmox/hosts/pve/) |
+| dell-proxmox | 192.168.1.56 | [apps/proxmox/hosts/dell-proxmox](apps/proxmox/hosts/dell-proxmox/) |
+
+LXC/VM-overzicht: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md)
+
+## Netwerk (vast IP)
+
+| IP | Rol |
+|----|-----|
+| 192.168.1.211 | Synology NAS |
+| 192.168.1.216 | Proxmox pve |
+| 192.168.1.56 | Proxmox dell |
+| 192.168.1.24 | UniFi controller |
+| 192.168.1.235 | Home Assistant |
+
+## Gitea repos
+
+| Repo | Inhoud |
+|------|--------|
+| homelab-configs | Dit repo |
+| homelab-command | Dashboard + monitoring build |
+| ha-voice-control-mcp | HA voice MCP |
diff --git a/README.md b/README.md
index e6f6ade..2d3f9c9 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,7 @@
 Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox hosts.
 
 **Snel herstellen:** [RESTORE.md](RESTORE.md)  
+**Volledige inventaris:** [INVENTORY.md](INVENTORY.md)  
 **App-overzicht:** [apps/README.md](apps/README.md)
 
 ## Structuur
diff --git a/RESTORE.md b/RESTORE.md
index 6adac84..4fa03dd 100644
--- a/RESTORE.md
+++ b/RESTORE.md
@@ -31,7 +31,8 @@ Wachtwoorden staan in `.env` en per-app `.env` (private repo).
 | 9 | Homelab Command | `cd /volume1/homes/mo/homelab-command && docker compose -f docker-compose.homelab.yml up -d --build` |
 | 10 | NATS mesh | `cd homelab-command && docker compose -f docker-compose.mesh.yml up -d` |
 | 11 | Homarr | Kopieer `apps/homarr/config/*.json` → `/volume1/docker/homarr/`, dan `cd $CFG/apps/homarr && docker compose up -d` |
-| 12 | Overige | portainer, remotely, excalidraw, guacamole, wazuh — elk `cd $CFG/apps/<naam>` |
+| 12 | Overige | portainer, remotely, excalidraw, guacamole, wazuh, unifi, joplin — elk `cd $CFG/apps/<naam>` |
+| 13 | Proxmox | Zie `apps/proxmox/README.md` — `/etc/pve` terugzetten op nodes |
 
 Monitoring-netwerk koppelen:
 
diff --git a/apps/README.md b/apps/README.md
index 8ad39eb..799e824 100644
--- a/apps/README.md
+++ b/apps/README.md
@@ -1,55 +1,49 @@
 # Apps — overzicht
 
-Elke map = **één applicatie**. Bevat `docker-compose.yml`, `.env`, en/of `config/` waar van toepassing.
+**Volledige inventaris:** [INVENTORY.md](../INVENTORY.md)
+
+Elke map = één applicatie (`docker-compose.yml`, `.env`, `config/`).
 
 **NAS-repo:** `/volume1/docker/homelab-configs`  
 **Starten:** `cd apps/<naam> && docker compose up -d`
 
 ## Docker op Synology (192.168.1.211)
 
-| App | Map | Poort | Container | Data op NAS |
-|-----|-----|-------|-----------|-------------|
-| PostgreSQL | [postgres](postgres/) | 5433 | postgres-homelab | `/volume1/docker/postgres/data` |
-| pgAdmin | [pgadmin](pgadmin/) | 5434 | pgadmin | volume |
-| Gitea | [gitea](gitea/) | 3000 | gitea | docker volumes |
-| AdGuard Home | [adguard](adguard/) | 53, 3001 | Adguard | config in repo → `/volume1/docker/Configs/adguard` |
-| DuckDNS | [duckdns](duckdns/) | — | duckdns | — |
-| Neo4j | [neo4j](neo4j/) | 49153–49155 | neo4j | `/volume1/docker/neo4j` |
-| Homarr | [homarr](homarr/) | 4755 | homarr | `/volume1/docker/homarr` |
-| Portainer | [portainer](portainer/) | 9000 | portainer | `/volume1/docker/portainer` |
-| Remotely | [remotely](remotely/) | 8080 | remotely | `/volume1/docker/remotely` |
-| Excalidraw | [excalidraw](excalidraw/) | 3765 | Excalidraw | — |
-| Guacamole | [guacamole](guacamole/) | 8348 | Guacamole | `/volume1/docker/guacamole` |
-| Wazuh | [wazuh](wazuh/) | — | — | `/volume1/docker/wazuh` |
-| HA Voice MCP | [ha-voice-control](ha-voice-control/) | 8765 | ha-voice-control | build |
-| Monitoring | [monitoring](monitoring/) | 9090, 3002, 9187 | prometheus, grafana, exporter | volumes |
-| Homelab Command | [homelab-command](homelab-command/) | 8765 | homelab-command | aparte repo |
+| App | Poort | Map |
+|-----|-------|-----|
+| [postgres](postgres/) | 5433 | DB |
+| [pgadmin](pgadmin/) | 5434 | DB UI |
+| [gitea](gitea/) | 3000 | Git |
+| [adguard](adguard/) | 53, 3001 | DNS |
+| [duckdns](duckdns/) | — | DDNS |
+| [neo4j](neo4j/) | 49153+ | Graph |
+| [homarr](homarr/) | 4755 | Dashboard |
+| [portainer](portainer/) | 9000 | Docker UI |
+| [remotely](remotely/) | 8080 | Remote |
+| [excalidraw](excalidraw/) | 3765 | Whiteboard |
+| [guacamole](guacamole/) | 8348 | Remote desktop |
+| [monitoring](monitoring/) | 9090, 3002 | Prometheus/Grafana |
+| [homelab-command](homelab-command/) | 8765 | aparte repo |
+| [wazuh](wazuh/) | — | SIEM |
+| [ha-voice-control](ha-voice-control/) | 8765 | HA MCP |
+| [unifi](unifi/) | 8443 | UniFi (+ 192.168.1.24) |
+| [joplin](joplin/) | 22300 | Notes |
+| [glance](glance/) | 8081 | Dashboard |
+| [uptime-kuma](uptime-kuma/) | 3001 | Uptime |
+| [whoogle](whoogle/) | 5000 | Search |
 
-## Media / automation (configs, draaien op Proxmox LXC)
+## Media / HA (config)
 
-| App | Map | Config-bron op NAS |
-|-----|-----|-------------------|
-| Sonarr | [sonarr](sonarr/) | `/volume1/docker/Configs/Sonarr` |
-| Radarr | [radarr](radarr/) | `/volume1/docker/Configs/Radarr` |
-| Prowlarr | [prowlarr](prowlarr/) | `/volume1/docker/Configs/Prowlarr` |
-| qBittorrent | [qbittorrent](qbittorrent/) | `/volume1/docker/Configs/QBitTorrent` |
-| SABnzbd | [sabnzbd](sabnzbd/) | `/volume1/docker/Configs/Sabnzb` |
-| Home Assistant | [home-assistant](home-assistant/) | `/volume1/docker/Configs/HA/config` |
+[sonarr](sonarr/) · [radarr](radarr/) · [prowlarr](prowlarr/) · [qbittorrent](qbittorrent/) · [sabnzbd](sabnzbd/) · [home-assistant](home-assistant/)
 
-## Proxmox hosts
+## Proxmox
 
-| Host | Map | IP |
-|------|-----|-----|
-| pve (RTX 3090, PVE 9) | [proxmox/hosts/pve](proxmox/hosts/pve/) | 192.168.1.216 |
-| dell-proxmox (Dell, PVE 8) | [proxmox/hosts/dell-proxmox](proxmox/hosts/dell-proxmox/) | 192.168.1.56 |
+[proxmox/](proxmox/) — hosts `pve` + `dell-proxmox`, [LXC-overzicht](proxmox/lxc-inventory.md)
 
-Zie [proxmox/README.md](proxmox/README.md).
+## Synology packages
 
-## Reverse proxy
+[synology/](synology/) — Jellyfin, Plex, Tailscale, …
 
-Nginx-configs: [../infrastructure/nginx/](../infrastructure/nginx/)
+## Infra
 
-## Aparte Gitea-repos
-
-- **homelab-command** — dashboard, Grafana-build, NATS mesh
-- **ha-voice-control-mcp** — MCP server
+[../infrastructure/nginx/](../infrastructure/nginx/)
diff --git a/apps/glance/README.md b/apps/glance/README.md
new file mode 100644
index 0000000..376463b
--- /dev/null
+++ b/apps/glance/README.md
@@ -0,0 +1,5 @@
+# Glance
+
+Dashboard. NAS-map `Configs/glance` was leeg — voeg `config/glance.yml` toe wanneer je Glance deployt.
+
+Poort: **8081** (standaard in compose).
diff --git a/apps/glance/config/.gitkeep b/apps/glance/config/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/apps/glance/docker-compose.yml b/apps/glance/docker-compose.yml
new file mode 100644
index 0000000..8517623
--- /dev/null
+++ b/apps/glance/docker-compose.yml
@@ -0,0 +1,12 @@
+# Glance — dashboard (config map nog leeg op NAS)
+services:
+  glance:
+    image: glanceapp/glance:latest
+    container_name: glance
+    restart: unless-stopped
+    ports:
+      - "${GLANCE_PORT:-8081}:8080"
+    volumes:
+      - ./config:/app/config
+    environment:
+      TZ: ${TZ:-Europe/Brussels}
diff --git a/apps/joplin/README.md b/apps/joplin/README.md
new file mode 100644
index 0000000..ad4dce3
--- /dev/null
+++ b/apps/joplin/README.md
@@ -0,0 +1,5 @@
+# Joplin Server
+
+Notes server. Bestaande data: `/volume1/docker/joplin` (beperkte toegang uid 999).
+
+Poort: **22300**. Gebruikt PostgreSQL — kan `postgres-homelab` hergebruiken i.p.v. aparte `joplin-db`.
diff --git a/apps/joplin/docker-compose.yml b/apps/joplin/docker-compose.yml
new file mode 100644
index 0000000..087f585
--- /dev/null
+++ b/apps/joplin/docker-compose.yml
@@ -0,0 +1,33 @@
+# Joplin Server — data op NAS (map /volume1/docker/joplin, uid 999)
+services:
+  joplin:
+    image: joplin/server:latest
+    container_name: joplin
+    restart: unless-stopped
+    ports:
+      - "${JOPLIN_PORT:-22300}:22300"
+    environment:
+      APP_PORT: 22300
+      APP_BASE_URL: ${JOPLIN_BASE_URL:-http://192.168.1.211:22300}
+      DB_CLIENT: pg
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-WaQTUw2t}
+      POSTGRES_DATABASE: ${JOPLIN_DB:-joplin}
+      POSTGRES_USER: ${POSTGRES_USER:-mo}
+      POSTGRES_PORT: 5432
+      POSTGRES_HOST: postgres-homelab
+    depends_on:
+      - joplin-db
+
+  joplin-db:
+    image: postgres:16-alpine
+    container_name: joplin-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-WaQTUw2t}
+      POSTGRES_USER: ${POSTGRES_USER:-mo}
+      POSTGRES_DB: ${JOPLIN_DB:-joplin}
+    volumes:
+      - joplin-db-data:/var/lib/postgresql/data
+
+volumes:
+  joplin-db-data:
diff --git a/apps/portainer/README.md b/apps/portainer/README.md
index a585f55..9d0d789 100644
--- a/apps/portainer/README.md
+++ b/apps/portainer/README.md
@@ -1,8 +1,19 @@
-# portainer
+# Portainer
 
 | | |
 |---|---|
-| **Poort** | 9000 |
-| **Start** | `docker compose up -d` |
+| **UI** | http://192.168.1.211:9000 |
+| **Data** | `/volume1/docker/portainer` |
 
-Zie [apps/README.md](../README.md) en [RESTORE.md](../../RESTORE.md).
+```bash
+docker compose up -d
+```
+
+## Portainer stacks (compose in Portainer beheerd)
+
+| Stack | Bestand | Container |
+|-------|---------|-----------|
+| Excalidraw | [stacks/excalidraw.yml](stacks/excalidraw.yml) | Excalidraw :3765 |
+| Guacamole | [stacks/guacamole.yml](stacks/guacamole.yml) | Guacamole :8348 |
+
+Zie ook [apps/excalidraw](../excalidraw/) en [apps/guacamole](../guacamole/).
diff --git a/apps/portainer/stacks/excalidraw.yml b/apps/portainer/stacks/excalidraw.yml
new file mode 100644
index 0000000..1580d69
--- /dev/null
+++ b/apps/portainer/stacks/excalidraw.yml
@@ -0,0 +1,13 @@
+version: "3.9"
+services:
+  excalidraw:
+    container_name: Excalidraw
+    healthcheck:
+     test: curl -f http://localhost:80/ || exit 1
+    image: excalidraw/excalidraw:latest
+    ports:
+      - 3765:80
+    restart: on-failure:5
+    stdin_open: true
+    environment:
+      - NODE_ENV=production
\ No newline at end of file
diff --git a/apps/portainer/stacks/guacamole.yml b/apps/portainer/stacks/guacamole.yml
new file mode 100644
index 0000000..14a540a
--- /dev/null
+++ b/apps/portainer/stacks/guacamole.yml
@@ -0,0 +1,20 @@
+services:
+  guacamole:
+    container_name: Guacamole
+    image: jwetzell/guacamole
+
+    healthcheck:
+     test: curl -f http://localhost:8080/ || exit 1
+    mem_limit: 6g
+    cpu_shares: 1024
+    security_opt:
+      - no-new-privileges:false
+    restart: on-failure:5
+    ports:
+      - 8348:8080
+    volumes:
+      - /volume1/docker/guacamole:/config:rw
+    environment:
+      PUID: 1026
+      PGID: 100
+      TZ: Europe/Bucharest
\ No newline at end of file
diff --git a/apps/proxmox/lxc-inventory.md b/apps/proxmox/lxc-inventory.md
new file mode 100644
index 0000000..13cdbb4
--- /dev/null
+++ b/apps/proxmox/lxc-inventory.md
@@ -0,0 +1,62 @@
+# Proxmox — LXC & VM overzicht
+
+Configs: `hosts/<naam>/lxc/*.conf` en `qemu-server/*.conf`
+
+## Host: pve (192.168.1.216)
+
+### VMs
+| VMID | Naam |
+|------|------|
+| 101 | W11 |
+| 111 | Syno-latest |
+
+### LXCs
+| VMID | Hostname |
+|------|----------|
+| 100 | autocaliweb |
+| 102 | clawbot |
+| 103 | CrowdSec |
+| 104 | vaultwarden |
+| 105 | linkwarden |
+| 106 | kimai |
+| 107 | pve-scripts-local |
+| 108 | tunarr |
+| 109 | nextcloudpi |
+| 110 | passbolt |
+| 112 | immich |
+| 113 | metube |
+| 114 | endurain |
+| 115 | passbolt |
+| 116 | opencloud |
+| 117 | Proxy |
+| 118 | paymenter |
+| 119 | nodecast-tv |
+
+## Host: dell-proxmox (192.168.1.56)
+
+### VMs
+| VMID | Naam |
+|------|------|
+| 101 | opnsense |
+| 102 | Postgress |
+| 103 | Synology |
+| 104 | kassa-dev |
+| 105 | docker |
+
+### LXCs
+| VMID | Hostname |
+|------|----------|
+| 100 | n8n |
+| 106 | vdi.el-kadi.nl |
+| 107 | Virtualmin |
+| 108 | n8n |
+| 109 | nginxproxymanager |
+| 110 | nextcloudpi |
+| 112 | iventoy |
+| 113 | traccar |
+| 115 | kasm |
+| 116 | runtipi |
+| 118 | changedetection |
+| 119 | n8n |
+
+> App-configs binnen LXCs: backup via `pct enter <id>` of volume mount. Proxmox container-definitie staat al in git.
diff --git a/apps/synology/README.md b/apps/synology/README.md
new file mode 100644
index 0000000..f46d124
--- /dev/null
+++ b/apps/synology/README.md
@@ -0,0 +1,22 @@
+# Synology DSM — native packages
+
+Geïnstalleerd als **Synology Package** (niet Docker). Geen compose; backup via DSM of Hyper Backup.
+
+| Package | Doel | Config-locatie (typisch) |
+|---------|------|---------------------------|
+| Docker | Container engine | DSM Package Center |
+| UniFi SDN Controller | Oud/alternatief UniFi | `@apphome/UniFiSDNController` |
+| Jellyfin | Media server | `@apphome/jellyfin` |
+| Plex Media Server | Media | `@apphome/PlexMediaServer` |
+| Tailscale | VPN mesh | `@appdata/Tailscale` |
+| Surveillance Station | Camera's | `@apphome/SurveillanceStation` |
+| Synology Photos | Foto's | `@apphome/SynologyPhotos` |
+| Synology Drive | Bestanden sync | `@apphome/SynologyDrive` |
+| Hyper Backup | Backups | `@apphome/HyperBackup` |
+| Active Backup | PC backup | `@apphome/ActiveBackup` |
+| Web Station | Web hosting | `@apphome/WebStation` |
+| MariaDB | Database | `@apphome/MariaDB10` |
+| VPN Center | VPN server | `@apphome/VPNCenter` |
+| Virtualization | VMM | `@apphome/Virtualization` |
+
+> Paden onder `/volume1/@apphome/` — alleen leesbaar met root. Documenteer instellingen handmatig of via DSM export.
diff --git a/apps/unifi/.env.example b/apps/unifi/.env.example
new file mode 100644
index 0000000..e437c94
--- /dev/null
+++ b/apps/unifi/.env.example
@@ -0,0 +1,7 @@
+PUID=1026
+PGID=100
+TZ=Europe/Brussels
+MONGO_USER=unifi
+MONGO_PASS=WaQTUw2t
+UNIFI_DATA_DIR=/volume1/docker/unifi
+UNIFI_MONGO_DIR=/volume1/docker/Configs/Unifi/data/db
diff --git a/apps/unifi/README.md b/apps/unifi/README.md
new file mode 100644
index 0000000..8096665
--- /dev/null
+++ b/apps/unifi/README.md
@@ -0,0 +1,13 @@
+# UniFi Network
+
+| | |
+|---|---|
+| **Controller** | https://192.168.1.24 (primair) |
+| **NAS data** | `/volume1/docker/unifi`, `Configs/Unifi` |
+| **Login** | zie `.env` / homelab-command `UNIFI_*` |
+
+```bash
+docker compose up -d
+```
+
+Config: `config/system.properties`
diff --git a/apps/unifi/config/system.properties b/apps/unifi/config/system.properties
new file mode 100644
index 0000000..acca70e
--- /dev/null
+++ b/apps/unifi/config/system.properties
@@ -0,0 +1,44 @@
+## system.properties
+#
+# each unifi instance requires a set of ports:
+#
+## device inform
+# unifi.http.port=8080
+## controller UI / API
+# unifi.https.port=8443
+## portal redirect port for HTTP
+# portal.http.port=8880
+## portal redirect port for HTTPs
+# portal.https.port=8843
+## local-bound port for DB server
+# unifi.db.port=27117
+## UDP port used for STUN
+# unifi.stun.port=3478
+#
+## the IP devices should be talking to for inform
+# system_ip=a.b.c.d
+## disable mongodb journaling
+# unifi.db.nojournal=false
+## extra mongod args
+# unifi.db.extraargs
+#
+## HTTPS options
+# unifi.https.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
+# unifi.https.sslEnabledProtocols=TLSv1,SSLv2Hello
+# unifi.https.hsts=false
+# unifi.https.hsts.max_age=31536000
+# unifi.https.hsts.preload=false
+# unifi.https.hsts.subdomain=false
+#
+# Ports reserved for device redirector. There is no need to open
+# firewall for these ports on controller, however do NOT set
+# controller to use these ports.
+#
+# portal.redirector.port=8881
+# portal.redirector.port.wired=8882
+#
+# Port used for throughput measurement.
+# unifi.throughput.port=6789
+#
+#Tue Feb 25 23:34:10 UTC 2025
+uuid=a274df25-fe33-4c8a-ad32-8232a8ecdab4
diff --git a/apps/unifi/docker-compose.yml b/apps/unifi/docker-compose.yml
new file mode 100644
index 0000000..b470db7
--- /dev/null
+++ b/apps/unifi/docker-compose.yml
@@ -0,0 +1,36 @@
+# UniFi Network Application
+# Data: /volume1/docker/unifi
+# Live controller ook op https://192.168.1.24 (apart apparaat/VM)
+
+services:
+  unifi:
+    image: lscr.io/linuxserver/unifi-network-application:latest
+    container_name: unifi
+    restart: unless-stopped
+    network_mode: host
+    environment:
+      PUID: ${PUID:-1026}
+      PGID: ${PGID:-100}
+      TZ: ${TZ:-Europe/Brussels}
+      MONGO_HOST: unifi-db
+      MONGO_PORT: 27017
+      MONGO_USER: ${MONGO_USER:-unifi}
+      MONGO_PASS: ${MONGO_PASS:-WaQTUw2t}
+      MONGO_DBNAME: ${MONGO_DBNAME:-unifi}
+      MONGO_AUTHSOURCE: admin
+      MEM_LIMIT: 1024
+      MEM_STARTUP: 1024
+    volumes:
+      - ${UNIFI_DATA_DIR:-/volume1/docker/unifi}:/config
+    depends_on:
+      - unifi-db
+
+  unifi-db:
+    image: docker.io/mongo:4.4
+    container_name: unifi-db
+    restart: unless-stopped
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGO_USER:-unifi}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASS:-WaQTUw2t}
+    volumes:
+      - ${UNIFI_MONGO_DIR:-/volume1/docker/Configs/Unifi/data/db}:/data/db
diff --git a/apps/uptime-kuma/README.md b/apps/uptime-kuma/README.md
new file mode 100644
index 0000000..f57bc5a
--- /dev/null
+++ b/apps/uptime-kuma/README.md
@@ -0,0 +1,5 @@
+# Uptime Kuma
+
+Monitoring / statuspagina. Data: `/volume1/docker/Configs/uptime-kuma`
+
+Poort: **3001** (let op: conflict met AdGuard web UI op 3001 — pas poort aan in `.env`).
diff --git a/apps/uptime-kuma/docker-compose.yml b/apps/uptime-kuma/docker-compose.yml
new file mode 100644
index 0000000..2e98d0b
--- /dev/null
+++ b/apps/uptime-kuma/docker-compose.yml
@@ -0,0 +1,11 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    container_name: uptime-kuma
+    restart: unless-stopped
+    ports:
+      - "${UPTIME_KUMA_PORT:-3001}:3001"
+    volumes:
+      - ${UPTIME_KUMA_DATA:-/volume1/docker/Configs/uptime-kuma}:/app/data
+    environment:
+      TZ: ${TZ:-Europe/Brussels}
diff --git a/apps/whoogle/README.md b/apps/whoogle/README.md
new file mode 100644
index 0000000..abb11eb
--- /dev/null
+++ b/apps/whoogle/README.md
@@ -0,0 +1,5 @@
+# Whoogle
+
+Privacy-vriendelijke Google-proxy. Config-map op NAS was leeg.
+
+Poort: **5000**
diff --git a/apps/whoogle/config/.gitkeep b/apps/whoogle/config/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/apps/whoogle/docker-compose.yml b/apps/whoogle/docker-compose.yml
new file mode 100644
index 0000000..7cdc262
--- /dev/null
+++ b/apps/whoogle/docker-compose.yml
@@ -0,0 +1,12 @@
+services:
+  whoogle:
+    image: benbusby/whoogle-search:latest
+    container_name: whoogle
+    restart: unless-stopped
+    ports:
+      - "${WHOOGLE_PORT:-5000}:5000"
+    environment:
+      TZ: ${TZ:-Europe/Brussels}
+      WHOOGLE_CONFIG_DIR: /config
+    volumes:
+      - ./config:/config
diff --git a/scripts/sync-from-nas.sh b/scripts/sync-from-nas.sh
index cf13b70..ee7f2d8 100644
--- a/scripts/sync-from-nas.sh
+++ b/scripts/sync-from-nas.sh
@@ -23,6 +23,19 @@ for svc in gitea postgres-web excalidraw guacamole wazuh ha-voice-control; do
   fi
 done
 
+# Portainer stacks
+mkdir -p "$ROOT/apps/portainer/stacks"
+[ -f "$NAS_DOCKER/portainer/compose/2/docker-compose.yml" ] && \
+  cp -f "$NAS_DOCKER/portainer/compose/2/docker-compose.yml" "$ROOT/apps/portainer/stacks/excalidraw.yml"
+[ -f "$NAS_DOCKER/portainer/compose/6/docker-compose.yml" ] && \
+  cp -f "$NAS_DOCKER/portainer/compose/6/docker-compose.yml" "$ROOT/apps/portainer/stacks/guacamole.yml"
+echo "  portainer stacks"
+
+# UniFi
+mkdir -p "$ROOT/apps/unifi/config"
+[ -f "$NAS_DOCKER/unifi/data/system.properties" ] && \
+  cp -f "$NAS_DOCKER/unifi/data/system.properties" "$ROOT/apps/unifi/config/"
+
 # --- App configs ---
 mkdir -p "$ROOT/apps/homarr/config"
 cp -f "$NAS_DOCKER/homarr"/*.json "$ROOT/apps/homarr/config/" 2>/dev/null && echo "  homarr" || true
@@ -53,20 +66,30 @@ EOF
   fi
 done
 
-# qBittorrent
 if [ -d "$NAS_CONFIGS/QBitTorrent/qBittorrent" ]; then
   mkdir -p "$ROOT/apps/qbittorrent/config"
   cp -rf "$NAS_CONFIGS/QBitTorrent/qBittorrent" "$ROOT/apps/qbittorrent/config/"
   echo "  qbittorrent"
 fi
 
-# Prowlarr Definitions (optioneel, groot)
 if [ -d "$NAS_CONFIGS/Prowlarr/Definitions" ]; then
   mkdir -p "$ROOT/apps/prowlarr/config"
   cp -rf "$NAS_CONFIGS/Prowlarr/Definitions" "$ROOT/apps/prowlarr/config/"
   echo "  prowlarr Definitions"
 fi
 
+# Glance / uptime-kuma / whoogle (als er ooit configs komen)
+for app in glance uptime-kuma whoogle; do
+  nasdir="$NAS_CONFIGS/$app"
+  [ "$app" = "uptime-kuma" ] && nasdir="$NAS_CONFIGS/uptime-kuma"
+  [ "$app" = "whoogle" ] && nasdir="$NAS_CONFIGS/whoogle"
+  if [ -d "$nasdir" ] && [ -n "$(ls -A "$nasdir" 2>/dev/null)" ]; then
+    mkdir -p "$ROOT/apps/$app/config"
+    cp -rf "$nasdir"/* "$ROOT/apps/$app/config/" 2>/dev/null || true
+    echo "  $app"
+  fi
+done
+
 # --- Monitoring (uit homelab-command) ---
 if [ -d "$NAS_HOMELAB/monitoring" ]; then
   cp -f "$NAS_HOMELAB/monitoring/prometheus.yml" "$ROOT/apps/monitoring/"
@@ -77,4 +100,5 @@ if [ -d "$NAS_HOMELAB/monitoring" ]; then
 fi
 
 echo ""
-echo "Klaar. Controleer: cd $ROOT && git status && git diff"
+echo "Klaar. Zie: git status && git diff"
+echo "Proxmox: handmatig scp van /etc/pve → apps/proxmox/hosts/<host>/"