Remove comments v3

Reviewed-on: #18

.archived/adguardhome-sync/docker-compose.yml

@@ -0,0 +1,22 @@
+# Docker Compose configuration for AdGuardHome Sync service
+
+services:
+  adguardhome-sync:
+    # Basic container configuration
+    container_name: adguardhome-sync
+    image: docker.io/linuxserver/adguardhome-sync:0.7.6
+    restart: unless-stopped
+    
+    # Environment configuration
+    environment:
+      - PUID=${PUID}  # User ID for the container
+      - PGID=${PGID}  # Group ID for the container
+      - TZ=${TZ}      # Timezone
+    
+    # Persistent storage configuration
+    volumes:
+      - ${CONFIG_PATH}:/config  # Maps host config directory to container
+    
+    # Network port configuration
+    ports:
+      - ${PORT}:8080  # Web interface port

.archived/authentik/docker-compose.yml

@@ -1,57 +1,68 @@
+# Authentik Identity Provider Configuration
+
 services:
-  authentik_postgres:
+  authentik_db:
-    image: docker.io/library/postgres:17.5
+    container_name: authentik_db
-    container_name: authentik_postgres
+    image: docker.io/library/postgres:17.5-alpine
+    restart: unless-stopped
     environment:
-      - POSTGRES_DB=${POSTGRES_DB}
+      # Database configuration
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
     volumes:
       - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data
     ports:
       - ${POSTGRES_PORT}:5432
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
-      start_period: 20s
+      start_period: 10s
-      interval: 30s
+      interval: 5s
       retries: 5
       timeout: 5s
 
   authentik_valkey:
-    image: docker.io/valkey/valkey:8.1.2
     container_name: authentik_valkey
-    command: valkey-server --save 60 1 --loglevel warning --requirepass ${VALKEY_PASSWORD}
+    image: docker.io/valkey/valkey:8.1.3-alpine
+    restart: unless-stopped
+    command: valkey-server --save 60 1 --requirepass ${VALKEY_PASSWORD}
     volumes:
       - ${APPDATA_PATH}/authentik/valkey:/data
-    ports:
-      - ${VALKEY_PORT}:6379
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"]
-      start_period: 20s
+      start_period: 10s
-      interval: 30s
+      interval: 5s
       retries: 5
-      timeout: 3s
+      timeout: 5s
 
   authentik_server:
-    image: ghcr.io/goauthentik/server:2025.6.2
     container_name: authentik_server
+    image: ghcr.io/goauthentik/server:2025.6.3
+    restart: unless-stopped
     depends_on:
-      authentik_postgres:
+      authentik_db:
         condition: service_healthy
       authentik_valkey:
         condition: service_healthy
     command: server
     environment:
+      # Generic configuration
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
+      - AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Database configuration
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      # Valkey cache configuration
       - AUTHENTIK_REDIS__HOST=authentik_valkey
       - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Email configuration
       - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
       - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
       - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
@@ -66,26 +77,36 @@ services:
     ports:
       - ${AUTHENTIK_HTTP_PORT}:9000
       - ${AUTHENTIK_HTTPS_PORT}:9443
-    restart: unless-stopped
 
   authentik_worker:
-    image: ghcr.io/goauthentik/server:2025.6.2
     container_name: authentik_worker
+    image: ghcr.io/goauthentik/server:2025.6.3
+    restart: unless-stopped
     depends_on:
-      authentik_postgres:
+      authentik_db:
         condition: service_healthy
       authentik_valkey:
         condition: service_healthy
     command: worker
+    user: ${PUID}:${PGID}
     environment:
+      # Generic configuration
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
+      - AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Database configuration
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      # Valkey cache configuration
       - AUTHENTIK_REDIS__HOST=authentik_valkey
       - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Email configuration
       - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
       - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
       - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
@@ -98,4 +119,3 @@ services:
       - ${APPDATA_PATH}/authentik/media:/media
       - ${APPDATA_PATH}/authentik/certs:/certs
       - ${APPDATA_PATH}/authentik/custom-templates:/templates
-    restart: unless-stopped

.archived/caddy-cloudflare-crowdsec/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   crowdsec:
-    image: ghcr.io/crowdsecurity/crowdsec:v1.6.9
+    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10
     container_name: crowdsec
     environment:
       - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
@@ -12,7 +12,7 @@ services:
       - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
       - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
     networks:
-      - backend
+      - frontend
     restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
@@ -44,11 +44,8 @@ services:
       - ${HTTPS_PORT}:443/udp
     networks:
       - frontend
-      - backend
     restart: unless-stopped
 
 networks:
   frontend:
     external: true
-  backend:
-    external: true

.archived/gickup/docker-compose.yml

@@ -0,0 +1,18 @@
+# Gickup service configuration
+services:
+  gickup:
+    # Basic container configuration
+    container_name: gickup
+    image: ghcr.io/cooperspencer/gickup:0.10.38
+    restart: unless-stopped
+    
+    # Command to run when the container starts
+    command: ["/gickup/conf.yml"]  # Points to the configuration file inside the container
+    
+    # Environment variables
+    environment:
+      - TZ=${TZ}  # Timezone
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/gickup/conf.yml:/gickup/conf.yml

.archived/gitea-mirror/docker-compose.yml

@@ -0,0 +1,32 @@
+# Gitea Mirror Service Configuration
+services:
+  gitea-mirror:
+    # Basic container configuration
+    container_name: gitea-mirror
+    image: ghcr.io/raylabshq/gitea-mirror:v2.22.0
+    restart: unless-stopped
+    user: ${PUID}:${PGID}  # Runs as specified user/group
+    
+    # Application environment configuration
+    environment:
+      - NODE_ENV=production  # Runtime environment
+      - DATABASE_URL=file:data/gitea-mirror.db  # SQLite database location
+      - HOST=0.0.0.0  # Binding address
+      - PORT=4321  # Internal container port
+      - JWT_SECRET=${JWT_SECRET}  # Authentication secret
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/gitea-mirror/data:/app/data  # Application data storage
+    
+    # Network port configuration
+    ports:
+      - ${PORT}:4321  # Maps host port to container
+    
+    # Health check configuration
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=3", "--spider", "http://localhost:4321/api/health"]
+      interval: 30s  # Check interval
+      timeout: 10s  # Check timeout
+      retries: 5  # Allowed retries
+      start_period: 15s  # Initial delay before checks

.archived/glance/docker-compose.yml

@@ -0,0 +1,22 @@
+# Glance - A modern dashboard for your self-hosted services
+# Documentation: https://glanceapp.io/docs
+
+services:
+  glance:
+    # Basic container configuration
+    container_name: glance
+    image: glanceapp/glance:v0.8.4  # Official Glance image with version
+    restart: unless-stopped  # Automatically restart unless explicitly stopped
+
+    # Environment variables configuration
+    environment:
+      - MY_SECRET_TOKEN=${MY_SECRET_TOKEN}  # Secret token for API authentication
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/glance/config:/app/config  # Configuration files
+      - ${APPDATA_PATH}/glance/assets:/app/assets  # Static assets and cache
+    
+    # Network configuration
+    ports:
+      - ${PORT}:8080  # Map host port to container port (host:container)

.archived/glance/glance.yml

@@ -0,0 +1,105 @@
+pages:
+  - name: Home
+    # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
+    # hide-desktop-navigation: true
+    columns:
+      - size: small
+        widgets:
+          - type: calendar
+            first-day-of-week: monday
+
+          - type: rss
+            limit: 10
+            collapse-after: 3
+            cache: 12h
+            feeds:
+              - url: https://selfh.st/rss/
+                title: selfh.st
+                limit: 4
+              - url: https://ciechanow.ski/atom.xml
+              - url: https://www.joshwcomeau.com/rss.xml
+                title: Josh Comeau
+              - url: https://samwho.dev/rss.xml
+              - url: https://ishadeed.com/feed.xml
+                title: Ahmad Shadeed
+
+          - type: twitch-channels
+            channels:
+              - theprimeagen
+              - j_blow
+              - piratesoftware
+              - cohhcarnage
+              - christitustech
+              - EJ_SA
+
+      - size: full
+        widgets:
+          - type: group
+            widgets:
+              - type: hacker-news
+              - type: lobsters
+
+          - type: videos
+            channels:
+              - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips
+              - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
+              - UCsBjURrPoezykLs9EqgamOA # Fireship
+              - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee
+              - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
+
+          - type: group
+            widgets:
+              - type: reddit
+                subreddit: technology
+                show-thumbnails: true
+              - type: reddit
+                subreddit: selfhosted
+                show-thumbnails: true
+
+      - size: small
+        widgets:
+          - type: weather
+            location: London, United Kingdom
+            units: metric # alternatively "imperial"
+            hour-format: 12h # alternatively "24h"
+            # Optionally hide the location from being displayed in the widget
+            # hide-location: true
+
+          - type: markets
+            markets:
+              - symbol: SPY
+                name: S&P 500
+              - symbol: BTC-USD
+                name: Bitcoin
+              - symbol: NVDA
+                name: NVIDIA
+              - symbol: AAPL
+                name: Apple
+              - symbol: MSFT
+                name: Microsoft
+
+          - type: releases
+            cache: 1d
+            # Without authentication the Github API allows for up to 60 requests per hour. You can create a
+            # read-only token from your Github account settings and use it here to increase the limit.
+            # token: ...
+            repositories:
+              - glanceapp/glance
+              - go-gitea/gitea
+              - immich-app/immich
+              - syncthing/syncthing
+
+  # Add more pages here:
+  # - name: Your page name
+  #   columns:
+  #     - size: small
+  #       widgets:
+  #         # Add widgets here
+
+  #     - size: full
+  #       widgets:
+  #         # Add widgets here
+
+  #     - size: small
+  #       widgets:
+  #         # Add widgets here

.archived/glance/home.yml

@@ -0,0 +1,88 @@
+- name: Home
+  # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
+  # hide-desktop-navigation: true
+  columns:
+    - size: small
+      widgets:
+        - type: calendar
+          first-day-of-week: monday
+
+        - type: rss
+          limit: 10
+          collapse-after: 3
+          cache: 12h
+          feeds:
+            - url: https://selfh.st/rss/
+              title: selfh.st
+            - url: https://ciechanow.ski/atom.xml
+            - url: https://www.joshwcomeau.com/rss.xml
+              title: Josh Comeau
+            - url: https://samwho.dev/rss.xml
+            - url: https://ishadeed.com/feed.xml
+              title: Ahmad Shadeed
+
+        - type: twitch-channels
+          channels:
+            - theprimeagen
+            - j_blow
+            - piratesoftware
+            - cohhcarnage
+            - christitustech
+            - EJ_SA
+
+    - size: full
+      widgets:
+        - type: group
+          widgets:
+            - type: hacker-news
+            - type: lobsters
+
+        - type: videos
+          channels:
+            - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips
+            - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
+            - UCsBjURrPoezykLs9EqgamOA # Fireship
+            - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee
+            - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
+
+        - type: group
+          widgets:
+            - type: reddit
+              subreddit: technology
+              show-thumbnails: true
+            - type: reddit
+              subreddit: selfhosted
+              show-thumbnails: true
+
+    - size: small
+      widgets:
+        - type: weather
+          location: London, United Kingdom
+          units: metric # alternatively "imperial"
+          hour-format: 12h # alternatively "24h"
+          # Optionally hide the location from being displayed in the widget
+          # hide-location: true
+
+        - type: markets
+          markets:
+            - symbol: SPY
+              name: S&P 500
+            - symbol: BTC-USD
+              name: Bitcoin
+            - symbol: NVDA
+              name: NVIDIA
+            - symbol: AAPL
+              name: Apple
+            - symbol: MSFT
+              name: Microsoft
+
+        - type: releases
+          cache: 1d
+          # Without authentication the Github API allows for up to 60 requests per hour. You can create a
+          # read-only token from your Github account settings and use it here to increase the limit.
+          # token: ...
+          repositories:
+            - glanceapp/glance
+            - go-gitea/gitea
+            - immich-app/immich
+            - syncthing/syncthing

.archived/homepage/docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  dockerproxy:
+    image: ghcr.io/tecnativa/docker-socket-proxy:0.3.0
+    container_name: dockerproxy
+    environment:
+      - CONTAINERS=${CONTAINERS} # Allow access to viewing containers
+      - SERVICES=${SERVICES} # Allow access to viewing services (necessary when using Docker Swarm)
+      - TASKS=${TASKS} # Allow access to viewing tasks (necessary when using Docker Swarm)
+      - POST=${POST} # Disallow any POST operations (effectively read-only)
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    ports:
+      - ${PROXY_PORT}:2375
+    networks:
+      - backend
+    restart: unless-stopped
+
+  homepage:
+    image: ghcr.io/gethomepage/homepage:v1.3.2
+    container_name: homepage
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - HOMEPAGE_ALLOWED_HOSTS=${HOMEPAGE_ALLOWED_HOSTS}
+    volumes:
+      - ${APPDATA_PATH}/homepage/config:/app/config
+    ports:
+      - ${APP_PORT}:3000
+    networks:
+      - frontend
+      - backend
+    restart: unless-stopped
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true

.archived/joplin/docker-compose.yml

@@ -0,0 +1,57 @@
+services:
+  joplin_db:
+    image: docker.io/library/postgres:17.5
+    container_name: joplin_db
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+    volumes:
+      - ${APPDATA_PATH}/joplin/db:/var/lib/postgresql/data
+    ports:
+      - ${DB_PORT}:5432
+    networks:
+      - backend
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
+      start_period: 10s
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+  joplin_server:
+    image: docker.io/joplin/server:3.3.13
+    container_name: joplin_server
+    depends_on:
+      joplin_db:
+        condition: service_healthy
+    environment:
+      - APP_PORT=22300
+      - APP_BASE_URL=${APP_BASE_URL}
+      - DB_CLIENT=pg
+      - POSTGRES_HOST=joplin_db
+      - POSTGRES_PORT=5432
+      - POSTGRES_DATABASE=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - MAILER_ENABLED=${MAILER_ENABLED}
+      - MAILER_HOST=${MAILER_HOST}
+      - MAILER_PORT=${MAILER_PORT}
+      - MAILER_SECURITY=${MAILER_SECURITY}
+      - MAILER_AUTH_USER=${MAILER_AUTH_USER}
+      - MAILER_AUTH_PASSWORD=${MAILER_AUTH_PASSWORD}
+      - MAILER_NOREPLY_NAME=${MAILER_NOREPLY_NAME}
+      - MAILER_NOREPLY_EMAIL=${MAILER_NOREPLY_EMAIL}
+    ports:
+      - ${APP_PORT}:22300
+    networks:
+      - frontend
+      - backend
+    restart: unless-stopped
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true

.archived/vaultwarden/docker-compose.yml

@@ -0,0 +1,71 @@
+# Vaultwarden Configuration - (Bitwarden-compatible) Password Manager
+services:
+  vaultwarden_db:
+    # PostgreSQL Database Configuration
+    container_name: vaultwarden_db
+    image: docker.io/library/postgres:17.5
+    restart: unless-stopped  # Auto-recover from crashes
+    
+    # Database credentials
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}  # Database username
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}  # Database password
+      - POSTGRES_DB=${POSTGRES_DB}  # Database name
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/vaultwarden/db:/var/lib/postgresql/data  # Database files
+    
+    # Network configuration
+    ports:
+      - ${DB_PORT}:5432  # PostgreSQL default port
+    networks:
+      - backend  # Connects to backend network
+    
+    # Health monitoring
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]  # Connection check
+      interval: 30s  # Check every 30 seconds
+      timeout: 5s  # Maximum check duration
+      retries: 5  # Allow 5 failures before marking unhealthy
+      start_period: 20s  # Initial grace period
+
+  vaultwarden_server:
+    container_name: vaultwarden_server
+    # Container configuration
+    image: ghcr.io/dani-garcia/vaultwarden:1.34.1  # Official Vaultwarden image
+    restart: unless-stopped  # Auto-restart on failure
+    depends_on:
+      vaultwarden_db:
+        condition: service_healthy  # Wait for healthy database
+    
+    # Application settings
+    environment:
+      - PUID=${PUID}  # User ID for file permissions
+      - PGID=${PGID}  # Group ID for file permissions
+      - TZ=${TZ}  # Timezone configuration
+      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@vaultwarden_db:5432/${POSTGRES_DB}  # DB connection
+      - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED}  # Real-time updates
+      - LOG_FILE=/data/vaultwarden.log  # Log file location
+      # Uncomment and set these only on first run
+      # - DOMAIN=${DOMAIN}  # Domain Name
+      # - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}  # User registration
+      # - ADMIN_TOKEN=${ADMIN_TOKEN}  # Admin interface access token
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/vaultwarden/data:/data  # Vault data storage
+    
+    # Network configuration
+    ports:
+      - ${SERVER_PORT}:80  # Web interface port
+    networks:
+      - frontend  # Connects to frontend network
+      - backend  # Connects to backend network
+
+# External network definitions
+networks:
+  frontend:
+    external: true  # Uses existing frontend network
+  backend:
+    external: true  # Uses existing backend network

adminer/docker-compose.yml

@@ -1,13 +1,7 @@
 services:
   adminer:
-    image: docker.io/library/adminer:5.3.0
     container_name: adminer
+    image: docker.io/library/adminer:5.3.0
+    restart: unless-stopped
     ports:
       - ${PORT}:8080
-    networks:
-      - backend
-    restart: unless-stopped
-
-networks:
-  backend:
-    external: true

archived/authentik/.env

@@ -1,24 +0,0 @@
-# Environment Variables
-POSTGRES_DB=
-POSTGRES_USER=
-POSTGRES_PASSWORD=
-VALKEY_PASSWORD=
-AUTHENTIK_SECRET_KEY=
-AUTHENTIK_ERROR_REPORTING__ENABLED=
-AUTHENTIK_EMAIL__HOST=
-AUTHENTIK_EMAIL__PORT=
-AUTHENTIK_EMAIL__USERNAME=
-AUTHENTIK_EMAIL__PASSWORD=
-AUTHENTIK_EMAIL__USE_TLS=
-AUTHENTIK_EMAIL__USE_SSL=
-AUTHENTIK_EMAIL__TIMEOUT=
-AUTHENTIK_EMAIL__FROM=
-
-# Paths
-APPDATA_PATH=
-
-# Ports
-POSTGRES_PORT=
-VALKEY_PORT=
-AUTHENTIK_HTTP_PORT=
-AUTHENTIK_HTTPS_PORT=

authelia/docker-compose.yml

@@ -0,0 +1,17 @@
+services:
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:4.39.5
+    restart: unless-stopped
+    environment:
+      - TZ=${TZ}
+    volumes:
+      - ${APPDATA_PATH}/authelia/config:/config
+    ports:
+      - ${PORT}:9091
+    # healthcheck:
+    #   test: ["CMD", "curl", "-f", "http://localhost:9091/api/state"]
+    #   start_period: 30s
+    #   interval: 10s
+    #   timeout: 10s
+    #   retries: 3

caddy-cloudflare-ddns-crowdsec/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   crowdsec:
-    image: ghcr.io/crowdsecurity/crowdsec:v1.6.9
     container_name: crowdsec
+    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10
+    restart: unless-stopped
     environment:
       - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
       - GID=${GID}
@@ -12,8 +13,8 @@ services:
       - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
       - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
     networks:
-      - backend
+      proxy:
-    restart: unless-stopped
+        ipv4_address: 172.30.0.3
     healthcheck:
       test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
       interval: 30s
@@ -22,8 +23,9 @@ services:
       start_period: 30s 
 
   caddy:
-    image: docker.io/ryuupendragon/caddy-cloudflare-ddns-crowdsec:2.10.0
     container_name: caddy
+    image: docker.io/ryuupendragon/caddy-cloudflare-ddns-crowdsec:2.10.0
+    restart: unless-stopped
     depends_on:
       crowdsec:
         condition: service_healthy
@@ -43,12 +45,14 @@ services:
       - ${HTTPS_PORT}:443
       - ${HTTPS_PORT}:443/udp
     networks:
-      - frontend
+      proxy:
-      - backend
+        ipv4_address: 172.30.0.2
-    restart: unless-stopped
 
 networks:
-  frontend:
+  proxy:
-    external: true
+    name: proxy
-  backend:
+    driver: bridge
-    external: true
+    ipam:
+     config:
+       - subnet: 172.30.0.0/16
+         gateway: 172.30.0.1

caddy-crowdsec/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   crowdsec:
-    image: ghcr.io/crowdsecurity/crowdsec:v1.6.9
     container_name: crowdsec
+    image: ghcr.io/crowdsecurity/crowdsec:v1.6.10
+    restart: unless-stopped
     environment:
       - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
       - GID=${GID}
@@ -12,8 +13,8 @@ services:
       - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/
       - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro
     networks:
-      - backend
+      proxy:
-    restart: unless-stopped
+        ipv4_address: 172.30.0.3
     healthcheck:
       test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"]
       interval: 30s
@@ -22,8 +23,9 @@ services:
       start_period: 30s 
 
   caddy:
-    image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0
     container_name: caddy
+    image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0
+    restart: unless-stopped
     depends_on:
       crowdsec:
         condition: service_healthy
@@ -42,12 +44,14 @@ services:
       - ${HTTPS_PORT}:443
       - ${HTTPS_PORT}:443/udp
     networks:
-      - frontend
+      proxy:
-      - backend
+        ipv4_address: 172.30.0.2
-    restart: unless-stopped
 
 networks:
-  frontend:
+  proxy:
-    external: true
+    name: proxy
-  backend:
+    driver: bridge
-    external: true
+    ipam:
+     config:
+       - subnet: 172.30.0.0/16
+         gateway: 172.30.0.1

forgejo/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   forgejo:
-    image: codeberg.org/forgejo/forgejo:11.0.2-rootless
     container_name: forgejo
+    image: codeberg.org/forgejo/forgejo:11.0.3-rootless
+    restart: unless-stopped
     user: ${PUID}:${PGID}
     volumes:
       - ${APPDATA_PATH}/forgejo/config:/etc/gitea
@@ -10,10 +11,3 @@ services:
       - /etc/localtime:/etc/localtime:ro
     ports:
       - ${SERVER_PORT}:3000
-    networks:
-      - frontend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true

gitea-mirror/docker-compose.yml

@@ -1,28 +0,0 @@
-services:
-  gitea-mirror:
-    image: ghcr.io/raylabshq/gitea-mirror:v2.22.0
-    container_name: gitea-mirror
-    user: ${PUID}:${PGID}
-    environment:
-      - NODE_ENV=production
-      - DATABASE_URL=file:data/gitea-mirror.db
-      - HOST=0.0.0.0
-      - PORT=4321
-      - JWT_SECRET=${JWT_SECRET}
-    volumes:
-      - ${APPDATA_PATH}/gitea-mirror/data:/app/data
-    ports:
-      - ${PORT}:4321
-    networks:
-      - internal
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD", "wget", "--no-verbose", "--tries=3", "--spider", "http://localhost:4321/api/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 5
-      start_period: 15s
-
-networks:
-  internal:
-    external: true

gitea-runner/docker-compose-multi.yml

@@ -1,7 +1,8 @@
 services:
   gitea_runner1:
-    image: docker.io/gitea/act_runner:0.2.12
     container_name: gitea_runner1
+    image: docker.io/gitea/act_runner:0.2.12
+    restart: unless-stopped
     environment:
       CONFIG_FILE: /config.yaml
       GITEA_INSTANCE_URL: "${INSTANCE_URL}"
@@ -11,11 +12,11 @@ services:
       - ./config.yaml:/config.yaml
       - ./data1:/data
       - /var/run/docker.sock:/var/run/docker.sock
-    restart: unless-stopped
 
   gitea_runner2:
-    image: docker.io/gitea/act_runner:0.2.12
     container_name: gitea_runner2
+    image: docker.io/gitea/act_runner:0.2.12
+    restart: unless-stopped
     environment:
       CONFIG_FILE: /config.yaml
       GITEA_INSTANCE_URL: "${INSTANCE_URL}"
@@ -25,11 +26,11 @@ services:
       - ./config.yaml:/config.yaml
       - ./data2:/data
       - /var/run/docker.sock:/var/run/docker.sock
-    restart: unless-stopped
 
   gitea_runner3:
-    image: docker.io/gitea/act_runner:0.2.12
     container_name: gitea_runner3
+    image: docker.io/gitea/act_runner:0.2.12
+    restart: unless-stopped
     environment:
       CONFIG_FILE: /config.yaml
       GITEA_INSTANCE_URL: "${INSTANCE_URL}"
@@ -39,4 +40,3 @@ services:
       - ./config.yaml:/config.yaml
       - ./data3:/data
       - /var/run/docker.sock:/var/run/docker.sock
-    restart: unless-stopped

gitea-runner/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   gitea_runner:
-    image: docker.io/gitea/act_runner:0.2.12
     container_name: gitea_runner
+    image: docker.io/gitea/act_runner:0.2.12
+    restart: unless-stopped
     environment:
       CONFIG_FILE: /config.yaml
       GITEA_INSTANCE_URL: "${INSTANCE_URL}"
@@ -11,4 +12,3 @@ services:
       - ./config.yaml:/config.yaml
       - ./data:/data
       - /var/run/docker.sock:/var/run/docker.sock
-    restart: unless-stopped

gitea/docker-compose-mariadb.yml

@@ -1,55 +0,0 @@
-services:
-  gitea_db:
-    image: docker.io/library/mariadb:11.8.2
-    container_name: gitea_db
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
-    environment:
-      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-      - MYSQL_USER=${MYSQL_USER}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE=${MYSQL_DATABASE}
-    volumes:
-      - ${APPDATA_PATH}/gitea/db:/var/lib/mysql
-    ports:
-      - ${DB_PORT}:3306
-    networks:
-      - backend
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
-      start_period: 10s
-      interval: 10s
-      timeout: 5s
-      retries: 3
-
-  gitea_server:
-    image: docker.io/gitea/gitea:1.24.2-rootless
-    container_name: gitea_server
-    depends_on:
-      gitea_db:
-        condition: service_healthy
-    user: ${PUID}:${PGID}
-    environment:
-      - GITEA__database__DB_TYPE=mysql
-      - GITEA__database__HOST=gitea_db:3306
-      - GITEA__database__NAME=${MYSQL_DATABASE}
-      - GITEA__database__USER=${MYSQL_USER}
-      - GITEA__database__PASSWD=${MYSQL_PASSWORD}
-    volumes:
-      - ${APPDATA_PATH}/gitea/config:/etc/gitea
-      - ${APPDATA_PATH}/gitea/data:/var/lib/gitea
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    ports:
-      - ${SERVER_PORT}:3000
-      - ${SSH_PORT}:22
-    networks:
-      - frontend
-      - backend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true
-  backend:
-    external: true

gitea/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   gitea_db:
-    image: docker.io/library/postgres:17.5
     container_name: gitea_db
+    image: docker.io/library/postgres:17.5
+    restart: unless-stopped
     environment:
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
@@ -10,9 +11,6 @@ services:
       - ${APPDATA_PATH}/gitea/db:/var/lib/postgresql/data
     ports:
       - ${DB_PORT}:5432
-    networks:
-      - backend
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
       start_period: 10s
@@ -21,8 +19,9 @@ services:
       retries: 3
 
   gitea_server:
-    image: docker.io/gitea/gitea:1.24.2-rootless
     container_name: gitea_server
+    image: docker.io/gitea/gitea:1.24.3-rootless
+    restart: unless-stopped
     depends_on:
       gitea_db:
         condition: service_healthy
@@ -41,13 +40,3 @@ services:
     ports:
       - ${SERVER_PORT}:3000
       - ${SSH_PORT}:22
-    networks:
-      - frontend
-      - backend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true
-  backend:
-    external: true

gotify/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   gotify:
-    image: ghcr.io/gotify/server:2.6.3
     container_name: gotify
+    image: ghcr.io/gotify/server:2.6.3
+    restart: unless-stopped
     environment:
       - TZ=${TZ}
       - GOTIFY_REGISTRATION=${GOTIFY_REGISTRATION}
@@ -9,10 +10,3 @@ services:
       - ${APPDATA_PATH}/gotify/config:/app/data
     ports:
       - ${PORT}:80
-    networks:
-      - frontend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true

healthchecks/docker-compose.yml

@@ -1,13 +1,15 @@
 services:
   healthchecks:
-    image: ghcr.io/linuxserver/healthchecks:3.10.20250705
     container_name: healthchecks
+    image: ghcr.io/linuxserver/healthchecks:3.10.20250714
+    restart: unless-stopped
     environment:
       - PUID=${PUID}
       - PGID=${PGID}
       - TZ=${TZ}
       - SITE_ROOT=${SITE_ROOT}
       - SITE_NAME=${SITE_NAME}
+      - SITE_LOGO_URL=${SITE_LOGO_URL}
       - DEFAULT_FROM_EMAIL=${DEFAULT_FROM_EMAIL}
       - EMAIL_HOST=${EMAIL_HOST}
       - EMAIL_PORT=${EMAIL_PORT}
@@ -15,25 +17,17 @@ services:
       - EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
       - EMAIL_USE_TLS=${EMAIL_USE_TLS}
       - EMAIL_USE_SSL=${EMAIL_USE_SSL}
+      - PING_EMAIL_DOMAIN=${PING_EMAIL_DOMAIN}
       - SUPERUSER_EMAIL=${SUPERUSER_EMAIL}
       - SUPERUSER_PASSWORD=${SUPERUSER_PASSWORD}
       - SECRET_KEY=${SECRET_KEY}
-      - APPRISE_ENABLED=${APPRISE_ENABLED}
       - REGISTRATION_OPEN=${REGISTRATION_OPEN}
-      - DEBUG=${DEBUG}
+      - APPRISE_ENABLED=${APPRISE_ENABLED}
-      - SITE_LOGO_URL=${SITE_LOGO_URL}
-      - PING_EMAIL_DOMAIN=${PING_EMAIL_DOMAIN}
       - DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID}
       - DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET}
+      - DEBUG=${DEBUG}
     volumes:
       - ${APPDATA_PATH}/healthchecks/config:/config
     ports:
       - ${PORT}:8000
       - ${SMTP_PORT}:2525
-    networks:
-      - frontend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true

homeassistant/docker-compose.yml

@@ -1,9 +1,14 @@
 services:
   homeassistant:
-    image: docker.io/homeassistant/home-assistant:2025.7.1
     container_name: homeassistant
+    image: docker.io/homeassistant/home-assistant:2025.7.2
+    restart: unless-stopped
     network_mode: host
     volumes:
       - ${APPDATA_PATH}/homeassistant/config:/config
       - /etc/localtime:/etc/localtime:ro
-    restart: unless-stopped
+    healthcheck:
+      test: "curl --connect-timeout 10 --silent -f http://127.0.0.1:8123/ || exit 1"
+      interval: 45s
+      timeout: 30s
+      retries: 3

minio/docker-compose.yml

@@ -0,0 +1,33 @@
+services:
+  minio:
+    container_name: minio
+    image: docker.io/minio/minio:RELEASE.2025-07-18T21-56-31Z
+    restart: unless-stopped
+    command: server /data
+    user: ${PUID}:${PGID}
+    environment:
+      - MINIO_ROOT_USER=${MINIO_ROOT_USER}
+      - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}
+      - MINIO_SERVER_URL=${MINIO_SERVER_URL}
+      - MINIO_BROWSER_REDIRECT_URL=${MINIO_BROWSER_REDIRECT_URL}
+    volumes:
+      - ${APPDATA_PATH}/minio/data:/data
+    ports:
+      - ${API_PORT}:9000
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  minio-console:
+    container_name: minio-console
+    image: ghcr.io/georgmangold/console:v1.8.1
+    restart: unless-stopped
+    depends_on:
+      minio:
+        condition: service_healthy
+    environment:
+      - CONSOLE_MINIO_SERVER=http://minio:9000
+    ports:
+      - ${CONSOLE_PORT}:9090

network.sh

@@ -0,0 +1,3 @@
+docker network create --subnet=172.30.10.0/24 --gateway=172.30.10.1 frontend
+docker network create --subnet=172.30.20.0/24 --gateway=172.30.20.1 backend
+docker network create --subnet=172.30.30.0/24 --gateway=172.30.30.1 internal

nextcloud/docker-compose.yml

@@ -0,0 +1,81 @@
+services:
+  nextcloud_db:
+    container_name: nextcloud_db
+    image: docker.io/library/postgres:17.5
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
+    volumes:
+      - ${APPDATA_PATH}/nextcloud/db:/var/lib/postgresql/data
+    ports:
+      - ${DB_PORT}:5432
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
+      start_period: 10s
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+  nextcloud_valkey:
+    container_name: nextcloud_valkey
+    image: docker.io/valkey/valkey:8.1.3
+    restart: unless-stopped
+    command: valkey-server --save 60 1 --requirepass ${VALKEY_PASSWORD}
+    volumes:
+      - ${APPDATA_PATH}/nextcloud/valkey:/data
+    ports:
+      - ${VALKEY_PORT}:6379
+    healthcheck:
+      test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+
+  nextcloud_app:
+    image: docker.io/library/nextcloud:31.0.7
+    container_name: nextcloud_app
+    restart: unless-stopped
+    depends_on:
+      nextcloud_db:
+        condition: service_healthy
+      nextcloud_valkey:
+        condition: service_healthy
+    environment:
+      - POSTGRES_HOST=nextcloud_db:5432
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - REDIS_HOST=nextcloud_valkey
+      - REDIS_HOST_PORT=6379
+      - REDIS_HOST_PASSWORD=${VALKEY_PASSWORD}
+      - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT}
+      - PHP_UPLOAD_LIMIT=${PHP_UPLOAD_LIMIT}
+      - APACHE_DISABLE_REWRITE_IP=${APACHE_DISABLE_REWRITE_IP}
+    volumes:
+      - ${APPDATA_PATH}/nextcloud/app:/var/www/html
+    ports:
+      - ${APP_PORT}:80
+
+  nextcloud_cron:
+    image: docker.io/library/nextcloud:31.0.7
+    container_name: nextcloud_cron
+    restart: unless-stopped
+    depends_on:
+      - nextcloud_app
+    entrypoint: /cron.sh
+    environment:
+      - POSTGRES_HOST=nextcloud_db:5432
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - REDIS_HOST=nextcloud_valkey
+      - REDIS_HOST_PORT=6379
+      - REDIS_HOST_PASSWORD=${VALKEY_PASSWORD}
+      - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT}
+      - PHP_UPLOAD_LIMIT=${PHP_UPLOAD_LIMIT}
+      - APACHE_DISABLE_REWRITE_IP=${APACHE_DISABLE_REWRITE_IP}
+    volumes:
+      - ${APPDATA_PATH}/nextcloud/app:/var/www/html

opengist/docker-compose-mariadb.yml

@@ -1,58 +0,0 @@
-services:
-  opengist_db:
-    image: docker.io/library/mariadb:11.8.2
-    container_name: opengist_db
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
-    environment:
-      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-      - MYSQL_USER=${MYSQL_USER}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE=${MYSQL_DATABASE}
-    volumes:
-      - ${APPDATA_PATH}/opengist/db:/var/lib/mysql
-    ports:
-      - ${DB_PORT}:3306
-    networks:
-      - backend
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
-      start_period: 10s
-      interval: 10s
-      timeout: 5s
-      retries: 3
-
-  opengist_server:
-    image: ghcr.io/thomiceli/opengist:1.10.0
-    container_name: opengist_server
-    depends_on:
-      opengist_db:
-        condition: service_healthy
-    environment:
-      - UID=${UID}
-      - GID=${GID}
-      - OG_DB_URI=mysql://${MYSQL_USER}:${MYSQL_PASSWORD}@opengist_db:3306/${MYSQL_DATABASE}
-      - OG_EXTERNAL_URL=${OG_EXTERNAL_URL}
-      - OG_SECRET_KEY=${OG_SECRET_KEY}
-      - OG_HTTP_GIT_ENABLED=${OG_HTTP_GIT_ENABLED}
-      - OG_SSH_GIT_ENABLED=${OG_SSH_GIT_ENABLED}
-      - OG_GITEA_CLIENT_KEY=${OG_GITEA_CLIENT_KEY}
-      - OG_GITEA_SECRET=${OG_GITEA_SECRET}
-      - OG_GITEA_URL=${OG_GITEA_URL}
-      - OG_GITEA_NAME=${OG_GITEA_NAME}
-      - OG_CUSTOM_STATIC_LINK_0_NAME=${OG_CUSTOM_STATIC_LINK_0_NAME}
-      - OG_CUSTOM_STATIC_LINK_0_PATH=${OG_CUSTOM_STATIC_LINK_0_PATH}
-    volumes:
-      - ${APPDATA_PATH}/opengist/data:/opengist
-    ports:
-      - ${SERVER_PORT}:6157
-    networks:
-      - frontend
-      - backend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true
-  backend:
-    external: true

opengist/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   opengist_db:
-    image: docker.io/library/postgres:17.5
     container_name: opengist_db
+    image: docker.io/library/postgres:17.5
+    restart: unless-stopped
     environment:
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
@@ -10,19 +11,17 @@ services:
       - ${APPDATA_PATH}/opengist/db:/var/lib/postgresql/data
     ports:
       - ${DB_PORT}:5432
-    networks:
-      - backend
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
-      start_period: 10s
       interval: 10s
       timeout: 5s
       retries: 3
+      start_period: 10s
 
   opengist_server:
-    image: ghcr.io/thomiceli/opengist:1.10.0
     container_name: opengist_server
+    image: ghcr.io/thomiceli/opengist:1.10.0
+    restart: unless-stopped
     depends_on:
       opengist_db:
         condition: service_healthy
@@ -44,13 +43,4 @@ services:
       - ${APPDATA_PATH}/opengist/data:/opengist
     ports:
       - ${SERVER_PORT}:6157
-    networks:
+      - 2222:2222
-      - frontend
-      - backend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true
-  backend:
-    external: true

palmr/docker-compose-minio.yml

@@ -0,0 +1,22 @@
+services:
+  palmr:
+    container_name: palmr
+    image: docker.io/kyantech/palmr:v3.1.3-beta
+    restart: unless-stopped
+    environment:
+      - ENABLE_S3=true
+      - S3_ENDPOINT=${S3_ENDPOINT}
+      - S3_USE_SSL=true
+      - S3_ACCESS_KEY=${S3_ACCESS_KEY}
+      - S3_SECRET_KEY=${S3_SECRET_KEY}
+      - S3_REGION=us-east-1
+      - S3_BUCKET_NAME=${S3_BUCKET_NAME}
+      - S3_FORCE_PATH_STYLE=true
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
+      - SECURE_SITE=${SECURE_SITE}
+      - PALMR_UID=${PUID}
+      - PALMR_GID=${PGID}
+    volumes:
+      - ${APPDATA_PATH}/palmr/server:/app/server
+    ports:
+      - ${PORT}:5487

palmr/docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  palmr:
+    container_name: palmr
+    image: docker.io/kyantech/palmr:v3.1.3-beta
+    restart: unless-stopped
+    environment:
+      - ENABLE_S3=false
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
+      - SECURE_SITE=${SECURE_SITE}
+      - PALMR_UID=${PUID}
+      - PALMR_GID=${PGID}
+    volumes:
+      - ${APPDATA_PATH}/palmr/server:/app/server
+    ports:
+      - ${PORT}:5487

portainer-agent/docker-compose.yml

@@ -1,37 +1,10 @@
 services:
   portainer-agent:
-    image: docker.io/portainer/agent:latest
     container_name: portainer-agent
+    image: docker.io/portainer/agent:alpine
+    restart: unless-stopped
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /var/lib/docker/volumes:/var/lib/docker/volumes
     ports:
       - 9001:9001
-    networks:
-      - frontend
-      - backend
-      - internal
-    restart: unless-stopped
-
-networks:
-  frontend:
-    name: frontend
-    driver: bridge
-    ipam:
-     config:
-       - subnet: 172.30.10.0/24
-         gateway: 172.30.10.1
-  backend:
-    name: backend
-    driver: bridge
-    ipam:
-     config:
-       - subnet: 172.30.20.0/24
-         gateway: 172.30.20.1
-  internal:
-    name: internal
-    driver: bridge
-    ipam:
-     config:
-       - subnet: 172.30.30.0/24
-         gateway: 172.30.30.1

portainer/docker-compose.yml

@@ -1,7 +1,8 @@
 services:
   portainer:
-    image: docker.io/portainer/portainer-ee:latest
     container_name: portainer
+    image: docker.io/portainer/portainer-ee:alpine
+    restart: unless-stopped
     volumes:
       - ./data:/data
       - /etc/localtime:/etc/localtime:ro
@@ -9,31 +10,9 @@ services:
     ports:
       - 8000:8000
       - 9443:9443
-    networks:
+    healthcheck:
-      - frontend
+      test: "wget --no-verbose --tries=1 --spider http://localhost:9000/api/system/status || exit 1"
-      - backend
+      start_period: 10s
-      - internal
+      interval: 10s
-    restart: unless-stopped
+      timeout: 5s
-
+      retries: 3
-networks:
-  frontend:
-    name: frontend
-    driver: bridge
-    ipam:
-     config:
-       - subnet: 172.30.10.0/24
-         gateway: 172.30.10.1
-  backend:
-    name: backend
-    driver: bridge
-    ipam:
-     config:
-       - subnet: 172.30.20.0/24
-         gateway: 172.30.20.1
-  internal:
-    name: internal
-    driver: bridge
-    ipam:
-     config:
-       - subnet: 172.30.30.0/24
-         gateway: 172.30.30.1

radicale/docker-compose.yml

@@ -1,18 +1,19 @@
 services:
   radicale:
-    image: docker.io/tomsquest/docker-radicale:3.5.4.0
     container_name: radicale
+    image: docker.io/tomsquest/docker-radicale:3.5.4.0
+    restart: unless-stopped
     init: true
     read_only: true
-    security_opt:
-      - no-new-privileges:true
-    cap_drop:
-      - ALL
     cap_add:
-      - SETUID
-      - SETGID
       - CHOWN
       - KILL
+      - SETGID
+      - SETUID
+    cap_drop:
+      - ALL
+    security_opt:
+      - no-new-privileges:true
     deploy:
       resources:
         limits:
@@ -23,14 +24,7 @@ services:
       - ${APPDATA_PATH}/radicale/config:/config:ro
     ports:
       - ${PORT}:5232
-    networks:
-      - frontend
-    restart: unless-stopped
     healthcheck:
       test: curl -f http://127.0.0.1:5232 || exit 1
       interval: 30s
       retries: 3
-
-networks:
-  frontend:
-    external: true

renovate.json

@@ -15,7 +15,13 @@
       }
     ],
     "ignorePaths": [
-      "archived/"
+      ".archived/"
+    ],
+    "packageRules": [
+      {
+        "matchPackageNames": "docker.io/minio/minio",
+        "versioning": "regex:^RELEASE\\.(?<major>\\d{4})-(?<minor>\\d{2})-(?<patch>\\d{2})T\\d{2}-\\d{2}-\\d{2}Z$"
+      }
     ]
   }
 }

stirling-pdf/docker-compose.yml

@@ -1,11 +1,16 @@
 services:
   stirling-pdf:
-    image: ghcr.io/stirling-tools/stirling-pdf:1.0.0-fat
     container_name: stirling-pdf
+    image: ghcr.io/stirling-tools/stirling-pdf:1.0.2-fat
+    restart: unless-stopped
     environment:
+      - DISABLE_ADDITIONAL_FEATURES=${DISABLE_ADDITIONAL_FEATURES}
       - DOCKER_ENABLE_SECURITY=${DOCKER_ENABLE_SECURITY}
       - SECURITY_ENABLELOGIN=${SECURITY_ENABLELOGIN}
       - LANGS=${LANGS}
+      - SHOW_SURVEY=false
+      - DISABLE_PIXEL=true
+      - SYSTEM_ENABLEANALYTICS=false
     volumes:
       - ${APPDATA_DATA}/stirling-pdf/training_data:/usr/share/tessdata
       - ${APPDATA_DATA}/stirling-pdf/config:/configs
@@ -14,10 +19,9 @@ services:
       - ${APPDATA_DATA}/stirling-pdf/pipeline:/pipeline/
     ports:
       - ${PORT}:8080
-    networks:
+    healthcheck:
-      - frontend
+      test: [ "CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP'" ]
-    restart: unless-stopped
+      interval: 5s
-
+      timeout: 10s
-networks:
+      retries: 5
-  frontend:
+      start_period: 120s
-    external: true

syncyomi/docker-compose.yml

@@ -2,6 +2,7 @@ services:
   syncyomi:
     container_name: syncyomi
     image: ghcr.io/syncyomi/syncyomi:v1.1.4
+    restart: unless-stopped
     environment:
       - TZ=${TZ}
     volumes:
@@ -9,10 +10,8 @@ services:
       - ${APPDATA_PATH}/syncyomi/log:/log
     ports:
       - ${PORT}:8282
-    networks:
+    healthcheck:
-      - frontend
+      test: ["CMD", "curl", "-f", "http://localhost:8282"]
-    restart: unless-stopped
+      interval: 10s
-
+      timeout: 10s
-networks:
+      retries: 3
-  frontend:
-    external: true

uptime-kuma/docker-compose.yml

@@ -1,15 +1,9 @@
 services:
   uptime-kuma:
-    image: docker.io/louislam/uptime-kuma:1.23.16
     container_name: uptime-kuma
+    image: docker.io/louislam/uptime-kuma:1.23.16
+    restart: unless-stopped
     volumes:
       - ${APPDATA_PATH}/uptime-kuma/config:/app/data
     ports:
       - ${PORT}:3001
-    networks:
-      - frontend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true

vaultwarden/docker-compose.yml

@@ -1,52 +0,0 @@
-services:
-  vaultwarden_db:
-    image: docker.io/library/postgres:17.5
-    container_name: vaultwarden_db
-    environment:
-      - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB=${POSTGRES_DB}
-    volumes:
-      - ${APPDATA_PATH}/vaultwarden/db:/var/lib/postgresql/data
-    ports:
-      - ${DB_PORT}:5432
-    networks:
-      - backend
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
-      start_period: 20s
-      interval: 30s
-      retries: 5
-      timeout: 5s
-
-  vaultwarden_server:
-    image: vaultwarden/server:1.34.1
-    container_name: vaultwarden_server
-    depends_on:
-      vaultwarden_db:
-        condition: service_healthy
-    environment:
-      - PUID=${PUID}
-      - PGID=${PGID}
-      - TZ=${TZ}
-      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@vaultwarden_db:5432/${POSTGRES_DB}
-      - DOMAIN="${DOMAIN}"
-      - WEBSOCKET_ENABLED=${WEBSOCKET_ENABLED}
-      - SIGNUPS_ALLOWED=${SIGNUPS_ALLOWED}
-      - ADMIN_TOKEN=${ADMIN_TOKEN}
-      - LOG_FILE=/data/vaultwarden.log
-    volumes:
-      - ${APPDATA_PATH}/vaultwarden/data:/data/
-    ports:
-      - ${SERVER_PORT}:80
-    networks:
-      - frontend
-      - backend
-    restart: unless-stopped
-
-networks:
-  frontend:
-    external: true
-  backend:
-    external: true