Update authentik

.archived/adguardhome-sync/docker-compose.yml

@@ -0,0 +1,22 @@
+# Docker Compose configuration for AdGuardHome Sync service
+
+services:
+  adguardhome-sync:
+    # Basic container configuration
+    container_name: adguardhome-sync
+    image: docker.io/linuxserver/adguardhome-sync:0.7.6
+    restart: unless-stopped
+    
+    # Environment configuration
+    environment:
+      - PUID=${PUID}  # User ID for the container
+      - PGID=${PGID}  # Group ID for the container
+      - TZ=${TZ}      # Timezone
+    
+    # Persistent storage configuration
+    volumes:
+      - ${CONFIG_PATH}:/config  # Maps host config directory to container
+    
+    # Network port configuration
+    ports:
+      - ${PORT}:8080  # Web interface port

.archived/gickup/docker-compose.yml

@@ -0,0 +1,18 @@
+# Gickup service configuration
+services:
+  gickup:
+    # Basic container configuration
+    container_name: gickup
+    image: ghcr.io/cooperspencer/gickup:0.10.38
+    restart: unless-stopped
+    
+    # Command to run when the container starts
+    command: ["/gickup/conf.yml"]  # Points to the configuration file inside the container
+    
+    # Environment variables
+    environment:
+      - TZ=${TZ}  # Timezone
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/gickup/conf.yml:/gickup/conf.yml

.archived/glance/docker-compose.yml

@@ -0,0 +1,22 @@
+# Glance - A modern dashboard for your self-hosted services
+# Documentation: https://glanceapp.io/docs
+
+services:
+  glance:
+    # Basic container configuration
+    container_name: glance
+    image: glanceapp/glance:v0.8.4  # Official Glance image with version
+    restart: unless-stopped  # Automatically restart unless explicitly stopped
+
+    # Environment variables configuration
+    environment:
+      - MY_SECRET_TOKEN=${MY_SECRET_TOKEN}  # Secret token for API authentication
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/glance/config:/app/config  # Configuration files
+      - ${APPDATA_PATH}/glance/assets:/app/assets  # Static assets and cache
+    
+    # Network configuration
+    ports:
+      - ${PORT}:8080  # Map host port to container port (host:container)

.archived/glance/glance.yml

@@ -0,0 +1,105 @@
+pages:
+  - name: Home
+    # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
+    # hide-desktop-navigation: true
+    columns:
+      - size: small
+        widgets:
+          - type: calendar
+            first-day-of-week: monday
+
+          - type: rss
+            limit: 10
+            collapse-after: 3
+            cache: 12h
+            feeds:
+              - url: https://selfh.st/rss/
+                title: selfh.st
+                limit: 4
+              - url: https://ciechanow.ski/atom.xml
+              - url: https://www.joshwcomeau.com/rss.xml
+                title: Josh Comeau
+              - url: https://samwho.dev/rss.xml
+              - url: https://ishadeed.com/feed.xml
+                title: Ahmad Shadeed
+
+          - type: twitch-channels
+            channels:
+              - theprimeagen
+              - j_blow
+              - piratesoftware
+              - cohhcarnage
+              - christitustech
+              - EJ_SA
+
+      - size: full
+        widgets:
+          - type: group
+            widgets:
+              - type: hacker-news
+              - type: lobsters
+
+          - type: videos
+            channels:
+              - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips
+              - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
+              - UCsBjURrPoezykLs9EqgamOA # Fireship
+              - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee
+              - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
+
+          - type: group
+            widgets:
+              - type: reddit
+                subreddit: technology
+                show-thumbnails: true
+              - type: reddit
+                subreddit: selfhosted
+                show-thumbnails: true
+
+      - size: small
+        widgets:
+          - type: weather
+            location: London, United Kingdom
+            units: metric # alternatively "imperial"
+            hour-format: 12h # alternatively "24h"
+            # Optionally hide the location from being displayed in the widget
+            # hide-location: true
+
+          - type: markets
+            markets:
+              - symbol: SPY
+                name: S&P 500
+              - symbol: BTC-USD
+                name: Bitcoin
+              - symbol: NVDA
+                name: NVIDIA
+              - symbol: AAPL
+                name: Apple
+              - symbol: MSFT
+                name: Microsoft
+
+          - type: releases
+            cache: 1d
+            # Without authentication the Github API allows for up to 60 requests per hour. You can create a
+            # read-only token from your Github account settings and use it here to increase the limit.
+            # token: ...
+            repositories:
+              - glanceapp/glance
+              - go-gitea/gitea
+              - immich-app/immich
+              - syncthing/syncthing
+
+  # Add more pages here:
+  # - name: Your page name
+  #   columns:
+  #     - size: small
+  #       widgets:
+  #         # Add widgets here
+
+  #     - size: full
+  #       widgets:
+  #         # Add widgets here
+
+  #     - size: small
+  #       widgets:
+  #         # Add widgets here

.archived/glance/home.yml

@@ -0,0 +1,88 @@
+- name: Home
+  # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
+  # hide-desktop-navigation: true
+  columns:
+    - size: small
+      widgets:
+        - type: calendar
+          first-day-of-week: monday
+
+        - type: rss
+          limit: 10
+          collapse-after: 3
+          cache: 12h
+          feeds:
+            - url: https://selfh.st/rss/
+              title: selfh.st
+            - url: https://ciechanow.ski/atom.xml
+            - url: https://www.joshwcomeau.com/rss.xml
+              title: Josh Comeau
+            - url: https://samwho.dev/rss.xml
+            - url: https://ishadeed.com/feed.xml
+              title: Ahmad Shadeed
+
+        - type: twitch-channels
+          channels:
+            - theprimeagen
+            - j_blow
+            - piratesoftware
+            - cohhcarnage
+            - christitustech
+            - EJ_SA
+
+    - size: full
+      widgets:
+        - type: group
+          widgets:
+            - type: hacker-news
+            - type: lobsters
+
+        - type: videos
+          channels:
+            - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips
+            - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
+            - UCsBjURrPoezykLs9EqgamOA # Fireship
+            - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee
+            - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
+
+        - type: group
+          widgets:
+            - type: reddit
+              subreddit: technology
+              show-thumbnails: true
+            - type: reddit
+              subreddit: selfhosted
+              show-thumbnails: true
+
+    - size: small
+      widgets:
+        - type: weather
+          location: London, United Kingdom
+          units: metric # alternatively "imperial"
+          hour-format: 12h # alternatively "24h"
+          # Optionally hide the location from being displayed in the widget
+          # hide-location: true
+
+        - type: markets
+          markets:
+            - symbol: SPY
+              name: S&P 500
+            - symbol: BTC-USD
+              name: Bitcoin
+            - symbol: NVDA
+              name: NVIDIA
+            - symbol: AAPL
+              name: Apple
+            - symbol: MSFT
+              name: Microsoft
+
+        - type: releases
+          cache: 1d
+          # Without authentication the Github API allows for up to 60 requests per hour. You can create a
+          # read-only token from your Github account settings and use it here to increase the limit.
+          # token: ...
+          repositories:
+            - glanceapp/glance
+            - go-gitea/gitea
+            - immich-app/immich
+            - syncthing/syncthing

authentik/docker-compose.yaml

@@ -1,16 +1,17 @@
 services:
-  authentik_postgres:
-    image: docker.io/library/postgres:17.5
-    container_name: authentik_postgres
+  authentik_db:
+    container_name: authentik_db
+    image: docker.io/library/postgres:17.5-alpine
+    restart: unless-stopped
     environment:
-      - POSTGRES_DB=${POSTGRES_DB}
+      # Database configuration
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
     volumes:
       - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data
     ports:
       - ${POSTGRES_PORT}:5432
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
       start_period: 20s
@@ -19,14 +20,12 @@ services:
       timeout: 5s
 
   authentik_valkey:
-    image: docker.io/valkey/valkey:8.1.2
     container_name: authentik_valkey
-    command: valkey-server --save 60 1 --loglevel warning --requirepass ${VALKEY_PASSWORD}
+    image: docker.io/valkey/valkey:8.1.3-alpine
+    restart: unless-stopped
+    command: valkey-server --save 60 1 --requirepass ${VALKEY_PASSWORD}
     volumes:
       - ${APPDATA_PATH}/authentik/valkey:/data
-    ports:
-      - ${VALKEY_PORT}:6379
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"]
       start_period: 20s
@@ -35,23 +34,30 @@ services:
       timeout: 3s
 
   authentik_server:
-    image: ghcr.io/goauthentik/server:2025.6.2
     container_name: authentik_server
+    image: ghcr.io/goauthentik/server:2025.6.3
+    restart: unless-stopped
     depends_on:
-      authentik_postgres:
+      authentik_db:
         condition: service_healthy
       authentik_valkey:
         condition: service_healthy
     command: server
     environment:
+      # Generic configuration
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+
+      # Database configuration
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      # Valkey cache configuration
       - AUTHENTIK_REDIS__HOST=authentik_valkey
       - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Email configuration
       - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
       - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
       - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
@@ -66,26 +72,33 @@ services:
     ports:
       - ${AUTHENTIK_HTTP_PORT}:9000
       - ${AUTHENTIK_HTTPS_PORT}:9443
-    restart: unless-stopped
 
   authentik_worker:
-    image: ghcr.io/goauthentik/server:2025.6.2
     container_name: authentik_worker
+    image: ghcr.io/goauthentik/server:2025.6.3
+    restart: unless-stopped
     depends_on:
-      authentik_postgres:
+      authentik_db:
         condition: service_healthy
       authentik_valkey:
         condition: service_healthy
     command: worker
+    user: ${PUID}:${PGID}
     environment:
+      # Generic configuration
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+
+      # Database configuration
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      # Valkey cache configuration
       - AUTHENTIK_REDIS__HOST=authentik_valkey
       - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Email configuration
       - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
       - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
       - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
@@ -98,4 +111,3 @@ services:
       - ${APPDATA_PATH}/authentik/media:/media
       - ${APPDATA_PATH}/authentik/certs:/certs
       - ${APPDATA_PATH}/authentik/custom-templates:/templates
-    restart: unless-stopped

homeassistant/docker-compose.yml

@@ -13,3 +13,10 @@ services:
     volumes:
       - ${APPDATA_PATH}/homeassistant/config:/config  # Configuration files
       - /etc/localtime:/etc/localtime:ro  # Sync host timezone for proper logging
+
+    # Health check configuration
+    healthcheck:
+      test: "curl --connect-timeout 10 --silent -f http://127.0.0.1:8123/ || exit 1"
+      interval: 45s
+      timeout: 30s
+      retries: 3

minio/docker-compose.yml

@@ -26,6 +26,13 @@ services:
     ports:
       - ${API_PORT}:9000  # MinIO API port
 
+    # Health check configuration
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
   # MinIO Console Service (separate from main server)
   minio-console:
     # Basic container configuration
@@ -33,6 +40,11 @@ services:
     image: ghcr.io/georgmangold/console:v1.8.1  # Community console UI
     restart: unless-stopped  # Auto-restart on failure
     
+    # Service dependencies
+    depends_on:
+      minio:
+        condition: service_healthy
+    
     # Environment configuration
     environment:
       - CONSOLE_MINIO_SERVER=http://minio:9000  # Points to MinIO server

portainer-agent/docker-compose.yml

@@ -3,14 +3,14 @@ services:
   portainer-agent:
     # Basic container configuration
     container_name: portainer-agent
-    image: docker.io/portainer/agent:latest
+    image: docker.io/portainer/agent:alpine
     restart: unless-stopped
 
     # System access configuration
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock  # Docker API access
       - /var/lib/docker/volumes:/var/lib/docker/volumes  # Volume management
-    
+
     # Network port configuration
     ports:
       - 9001:9001  # Agent communication port

portainer/docker-compose.yml

@@ -3,16 +3,24 @@ services:
   portainer:
     # Basic container configuration
     container_name: portainer
-    image: docker.io/portainer/portainer-ee:latest
+    image: docker.io/portainer/portainer-ee:alpine
     restart: unless-stopped
-    
+
     # Persistent storage and system access configuration
     volumes:
       - ./data:/data  # Portainer configuration and database
       - /etc/localtime:/etc/localtime:ro  # Sync host timezone
       - /var/run/docker.sock:/var/run/docker.sock  # Docker API access
-    
+
     # Network ports configuration
     ports:
       - 8000:8000  # Edge agent communication port
       - 9443:9443  # Web UI HTTPS port
+
+    # Health check configuration
+    healthcheck:
+      test: "wget --no-verbose --tries=1 --spider http://localhost:9000/api/system/status || exit 1"
+      start_period: 10s  # Initial delay before checks
+      interval: 10s  # Check interval
+      timeout: 5s  # Check timeout
+      retries: 3  # Allowed retries

stirling-pdf/docker-compose.yml

@@ -27,3 +27,11 @@ services:
     # Network configuration
     ports:
       - ${PORT}:8080  # Web interface port
+
+    # Health check configuration
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP'" ]
+      interval: 5s
+      timeout: 10s
+      retries: 5
+      start_period: 120s

syncyomi/docker-compose.yml

@@ -18,3 +18,10 @@ services:
     # Network configuration
     ports:
       - ${PORT}:8282  # Web interface port
+
+    # Health check configuration
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8282"]
+      interval: 10s
+      timeout: 10s
+      retries: 3