Update authentik

Reviewed-on: #18

.archived/adguardhome-sync/docker-compose.yml

@@ -0,0 +1,22 @@
+# Docker Compose configuration for AdGuardHome Sync service
+
+services:
+  adguardhome-sync:
+    # Basic container configuration
+    container_name: adguardhome-sync
+    image: docker.io/linuxserver/adguardhome-sync:0.7.6
+    restart: unless-stopped
+    
+    # Environment configuration
+    environment:
+      - PUID=${PUID}  # User ID for the container
+      - PGID=${PGID}  # Group ID for the container
+      - TZ=${TZ}      # Timezone
+    
+    # Persistent storage configuration
+    volumes:
+      - ${CONFIG_PATH}:/config  # Maps host config directory to container
+    
+    # Network port configuration
+    ports:
+      - ${PORT}:8080  # Web interface port

.archived/gickup/docker-compose.yml

@@ -0,0 +1,18 @@
+# Gickup service configuration
+services:
+  gickup:
+    # Basic container configuration
+    container_name: gickup
+    image: ghcr.io/cooperspencer/gickup:0.10.38
+    restart: unless-stopped
+    
+    # Command to run when the container starts
+    command: ["/gickup/conf.yml"]  # Points to the configuration file inside the container
+    
+    # Environment variables
+    environment:
+      - TZ=${TZ}  # Timezone
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/gickup/conf.yml:/gickup/conf.yml

.archived/glance/docker-compose.yml

@@ -0,0 +1,22 @@
+# Glance - A modern dashboard for your self-hosted services
+# Documentation: https://glanceapp.io/docs
+
+services:
+  glance:
+    # Basic container configuration
+    container_name: glance
+    image: glanceapp/glance:v0.8.4  # Official Glance image with version
+    restart: unless-stopped  # Automatically restart unless explicitly stopped
+
+    # Environment variables configuration
+    environment:
+      - MY_SECRET_TOKEN=${MY_SECRET_TOKEN}  # Secret token for API authentication
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/glance/config:/app/config  # Configuration files
+      - ${APPDATA_PATH}/glance/assets:/app/assets  # Static assets and cache
+    
+    # Network configuration
+    ports:
+      - ${PORT}:8080  # Map host port to container port (host:container)

.archived/glance/glance.yml

@@ -0,0 +1,105 @@
+pages:
+  - name: Home
+    # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
+    # hide-desktop-navigation: true
+    columns:
+      - size: small
+        widgets:
+          - type: calendar
+            first-day-of-week: monday
+
+          - type: rss
+            limit: 10
+            collapse-after: 3
+            cache: 12h
+            feeds:
+              - url: https://selfh.st/rss/
+                title: selfh.st
+                limit: 4
+              - url: https://ciechanow.ski/atom.xml
+              - url: https://www.joshwcomeau.com/rss.xml
+                title: Josh Comeau
+              - url: https://samwho.dev/rss.xml
+              - url: https://ishadeed.com/feed.xml
+                title: Ahmad Shadeed
+
+          - type: twitch-channels
+            channels:
+              - theprimeagen
+              - j_blow
+              - piratesoftware
+              - cohhcarnage
+              - christitustech
+              - EJ_SA
+
+      - size: full
+        widgets:
+          - type: group
+            widgets:
+              - type: hacker-news
+              - type: lobsters
+
+          - type: videos
+            channels:
+              - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips
+              - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
+              - UCsBjURrPoezykLs9EqgamOA # Fireship
+              - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee
+              - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
+
+          - type: group
+            widgets:
+              - type: reddit
+                subreddit: technology
+                show-thumbnails: true
+              - type: reddit
+                subreddit: selfhosted
+                show-thumbnails: true
+
+      - size: small
+        widgets:
+          - type: weather
+            location: London, United Kingdom
+            units: metric # alternatively "imperial"
+            hour-format: 12h # alternatively "24h"
+            # Optionally hide the location from being displayed in the widget
+            # hide-location: true
+
+          - type: markets
+            markets:
+              - symbol: SPY
+                name: S&P 500
+              - symbol: BTC-USD
+                name: Bitcoin
+              - symbol: NVDA
+                name: NVIDIA
+              - symbol: AAPL
+                name: Apple
+              - symbol: MSFT
+                name: Microsoft
+
+          - type: releases
+            cache: 1d
+            # Without authentication the Github API allows for up to 60 requests per hour. You can create a
+            # read-only token from your Github account settings and use it here to increase the limit.
+            # token: ...
+            repositories:
+              - glanceapp/glance
+              - go-gitea/gitea
+              - immich-app/immich
+              - syncthing/syncthing
+
+  # Add more pages here:
+  # - name: Your page name
+  #   columns:
+  #     - size: small
+  #       widgets:
+  #         # Add widgets here
+
+  #     - size: full
+  #       widgets:
+  #         # Add widgets here
+
+  #     - size: small
+  #       widgets:
+  #         # Add widgets here

.archived/glance/home.yml

@@ -0,0 +1,88 @@
+- name: Home
+  # Optionally, if you only have a single page you can hide the desktop navigation for a cleaner look
+  # hide-desktop-navigation: true
+  columns:
+    - size: small
+      widgets:
+        - type: calendar
+          first-day-of-week: monday
+
+        - type: rss
+          limit: 10
+          collapse-after: 3
+          cache: 12h
+          feeds:
+            - url: https://selfh.st/rss/
+              title: selfh.st
+            - url: https://ciechanow.ski/atom.xml
+            - url: https://www.joshwcomeau.com/rss.xml
+              title: Josh Comeau
+            - url: https://samwho.dev/rss.xml
+            - url: https://ishadeed.com/feed.xml
+              title: Ahmad Shadeed
+
+        - type: twitch-channels
+          channels:
+            - theprimeagen
+            - j_blow
+            - piratesoftware
+            - cohhcarnage
+            - christitustech
+            - EJ_SA
+
+    - size: full
+      widgets:
+        - type: group
+          widgets:
+            - type: hacker-news
+            - type: lobsters
+
+        - type: videos
+          channels:
+            - UCXuqSBlHAE6Xw-yeJA0Tunw # Linus Tech Tips
+            - UCR-DXc1voovS8nhAvccRZhg # Jeff Geerling
+            - UCsBjURrPoezykLs9EqgamOA # Fireship
+            - UCBJycsmduvYEL83R_U4JriQ # Marques Brownlee
+            - UCHnyfMqiRRG1u-2MsSQLbXA # Veritasium
+
+        - type: group
+          widgets:
+            - type: reddit
+              subreddit: technology
+              show-thumbnails: true
+            - type: reddit
+              subreddit: selfhosted
+              show-thumbnails: true
+
+    - size: small
+      widgets:
+        - type: weather
+          location: London, United Kingdom
+          units: metric # alternatively "imperial"
+          hour-format: 12h # alternatively "24h"
+          # Optionally hide the location from being displayed in the widget
+          # hide-location: true
+
+        - type: markets
+          markets:
+            - symbol: SPY
+              name: S&P 500
+            - symbol: BTC-USD
+              name: Bitcoin
+            - symbol: NVDA
+              name: NVIDIA
+            - symbol: AAPL
+              name: Apple
+            - symbol: MSFT
+              name: Microsoft
+
+        - type: releases
+          cache: 1d
+          # Without authentication the Github API allows for up to 60 requests per hour. You can create a
+          # read-only token from your Github account settings and use it here to increase the limit.
+          # token: ...
+          repositories:
+            - glanceapp/glance
+            - go-gitea/gitea
+            - immich-app/immich
+            - syncthing/syncthing

authentik/docker-compose.yml

@@ -1,57 +1,68 @@
+# Authentik Identity Provider Configuration
+
 services:
-  authentik_postgres:
+  authentik_db:
-    image: docker.io/library/postgres:17.5
+    container_name: authentik_db
-    container_name: authentik_postgres
+    image: docker.io/library/postgres:17.5-alpine
+    restart: unless-stopped
     environment:
-      - POSTGRES_DB=${POSTGRES_DB}
+      # Database configuration
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
     volumes:
       - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data
     ports:
       - ${POSTGRES_PORT}:5432
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
-      start_period: 20s
+      start_period: 10s
-      interval: 30s
+      interval: 5s
       retries: 5
       timeout: 5s
 
   authentik_valkey:
-    image: docker.io/valkey/valkey:8.1.2
     container_name: authentik_valkey
-    command: valkey-server --save 60 1 --loglevel warning --requirepass ${VALKEY_PASSWORD}
+    image: docker.io/valkey/valkey:8.1.3-alpine
+    restart: unless-stopped
+    command: valkey-server --save 60 1 --requirepass ${VALKEY_PASSWORD}
     volumes:
       - ${APPDATA_PATH}/authentik/valkey:/data
-    ports:
-      - ${VALKEY_PORT}:6379
-    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"]
-      start_period: 20s
+      start_period: 10s
-      interval: 30s
+      interval: 5s
       retries: 5
-      timeout: 3s
+      timeout: 5s
 
   authentik_server:
-    image: ghcr.io/goauthentik/server:2025.6.2
     container_name: authentik_server
+    image: ghcr.io/goauthentik/server:2025.6.3
+    restart: unless-stopped
     depends_on:
-      authentik_postgres:
+      authentik_db:
         condition: service_healthy
       authentik_valkey:
         condition: service_healthy
     command: server
     environment:
+      # Generic configuration
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
+      - AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Database configuration
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      # Valkey cache configuration
       - AUTHENTIK_REDIS__HOST=authentik_valkey
       - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Email configuration
       - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
       - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
       - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
@@ -66,26 +77,36 @@ services:
     ports:
       - ${AUTHENTIK_HTTP_PORT}:9000
       - ${AUTHENTIK_HTTPS_PORT}:9443
-    restart: unless-stopped
 
   authentik_worker:
-    image: ghcr.io/goauthentik/server:2025.6.2
     container_name: authentik_worker
+    image: ghcr.io/goauthentik/server:2025.6.3
+    restart: unless-stopped
     depends_on:
-      authentik_postgres:
+      authentik_db:
         condition: service_healthy
       authentik_valkey:
         condition: service_healthy
     command: worker
+    user: ${PUID}:${PGID}
     environment:
+      # Generic configuration
       - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
-      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=${AUTHENTIK_DISABLE_STARTUP_ANALYTICS}
+      - AUTHENTIK_DISABLE_UPDATE_CHECK=${AUTHENTIK_DISABLE_UPDATE_CHECK}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Database configuration
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_db
       - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
       - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
       - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+
+      # Valkey cache configuration
       - AUTHENTIK_REDIS__HOST=authentik_valkey
       - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
-      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+
+      # Email configuration
       - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
       - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
       - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
@@ -98,4 +119,3 @@ services:
       - ${APPDATA_PATH}/authentik/media:/media
       - ${APPDATA_PATH}/authentik/certs:/certs
       - ${APPDATA_PATH}/authentik/custom-templates:/templates
-    restart: unless-stopped

homeassistant/docker-compose.yml

@@ -3,7 +3,7 @@ services:
   homeassistant:
     # Basic container configuration
     container_name: homeassistant
-    image: docker.io/homeassistant/home-assistant:2025.7.1  # Official Home Assistant image
+    image: docker.io/homeassistant/home-assistant:2025.7.2  # Official Home Assistant image
     restart: unless-stopped  # Auto-restart on failure
 
     # Network configuration (host mode for full local network access)
@@ -13,3 +13,10 @@ services:
     volumes:
       - ${APPDATA_PATH}/homeassistant/config:/config  # Configuration files
       - /etc/localtime:/etc/localtime:ro  # Sync host timezone for proper logging
+
+    # Health check configuration
+    healthcheck:
+      test: "curl --connect-timeout 10 --silent -f http://127.0.0.1:8123/ || exit 1"
+      interval: 45s
+      timeout: 30s
+      retries: 3

minio/docker-compose.yml

@@ -4,7 +4,7 @@ services:
   minio:
     # Basic container configuration
     container_name: minio
-    image: docker.io/minio/minio:RELEASE.2025-06-13T11-33-47Z  # Official MinIO image
+    image: docker.io/minio/minio:RELEASE.2025-07-18T21-56-31Z  # Official MinIO image
     restart: unless-stopped  # Auto-restart on failure
     
     # Runtime command and user permissions
@@ -26,6 +26,13 @@ services:
     ports:
       - ${API_PORT}:9000  # MinIO API port
 
+    # Health check configuration
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
   # MinIO Console Service (separate from main server)
   minio-console:
     # Basic container configuration
@@ -33,6 +40,11 @@ services:
     image: ghcr.io/georgmangold/console:v1.8.1  # Community console UI
     restart: unless-stopped  # Auto-restart on failure
     
+    # Service dependencies
+    depends_on:
+      minio:
+        condition: service_healthy
+    
     # Environment configuration
     environment:
       - CONSOLE_MINIO_SERVER=http://minio:9000  # Points to MinIO server

palmr/docker-compose-minio.yml

@@ -0,0 +1,37 @@
+# Palmr File Transfer Service Configuration
+services:
+  palmr:
+    # Basic container configuration
+    container_name: palmr
+    image: docker.io/kyantech/palmr:v3.1.3-beta
+    restart: unless-stopped
+    
+    # Application settings
+    environment:
+      # Storage Configuration
+      - ENABLE_S3=true  # Set to 'true' to enable S3-compatible storage backend, 'false' for local filesystem
+      
+      # S3 Configuration
+      - S3_ENDPOINT=${S3_ENDPOINT}  # S3 endpoint (you have to set this to the s3 endpoint of the s3 server) CHANGE THIS TO YOUR S3 ENDPOINT
+      - S3_USE_SSL=true  # Use ssl for the s3 server always true for s3
+      - S3_ACCESS_KEY=${S3_ACCESS_KEY}  # S3 access key
+      - S3_SECRET_KEY=${S3_SECRET_KEY}  # S3 secret key
+      - S3_REGION=us-east-1  # S3 region (us-east-1 is the default region) but it depends on your s3 server region
+      - S3_BUCKET_NAME=${S3_BUCKET_NAME}  # Bucket name for the S3 storage
+      - S3_FORCE_PATH_STYLE=true  # For MinIO compatibility we have to set this to true
+
+      # Security Settings
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}  # Data encryption key for security
+      - SECURE_SITE=${SECURE_SITE}  # Set to 'true' to enable HTTPS and security headers
+      
+      # User/Group Permissions
+      - PALMR_UID=${PUID}  # User ID under which the application runs
+      - PALMR_GID=${PGID}  # Group ID under which the application runs
+    
+    # Persistent storage configuration
+    volumes:
+      - ${APPDATA_PATH}/palmr/server:/app/server  # Database directory
+    
+    # Network configuration
+    ports:
+      - ${PORT}:5487  # Web interface port

palmr/docker-compose.yml

@@ -3,21 +3,25 @@ services:
   palmr:
     # Basic container configuration
     container_name: palmr
-    image: docker.io/kyantech/palmr:v3.1.1-beta
+    image: docker.io/kyantech/palmr:v3.1.3-beta
     restart: unless-stopped
     
     # Application settings
     environment:
-      - ENABLE_S3=${ENABLE_S3}  # Enable/Disable S3-compatible storage backend
+      # Storage Configuration
+      - ENABLE_S3=false
+
+      # Security Settings
       - ENCRYPTION_KEY=${ENCRYPTION_KEY}  # Data encryption key for security
       - SECURE_SITE=${SECURE_SITE}  # Enable/Disable HTTPS security features
+
+      # User/Group Permissions
       - PALMR_UID=${PUID}  # User ID for proper file permissions
       - PALMR_GID=${PGID}  # Group ID for proper file permissions
     
     # Persistent storage configuration
     volumes:
-      - ${APPDATA_PATH}/palmr/db:/app/server/prisma  # Transfer metadata database
+      - ${APPDATA_PATH}/palmr/server:/app/server  # Database and File storage directory
-      - ${DATA_PATH}/palmr/data:/app/server  # File storage directory
     
     # Network configuration
     ports:

portainer-agent/docker-compose.yml

@@ -3,7 +3,7 @@ services:
   portainer-agent:
     # Basic container configuration
     container_name: portainer-agent
-    image: docker.io/portainer/agent:latest
+    image: docker.io/portainer/agent:alpine
     restart: unless-stopped
 
     # System access configuration

portainer/docker-compose.yml

@@ -3,7 +3,7 @@ services:
   portainer:
     # Basic container configuration
     container_name: portainer
-    image: docker.io/portainer/portainer-ee:latest
+    image: docker.io/portainer/portainer-ee:alpine
     restart: unless-stopped
 
     # Persistent storage and system access configuration
@@ -16,3 +16,11 @@ services:
     ports:
       - 8000:8000  # Edge agent communication port
       - 9443:9443  # Web UI HTTPS port
+
+    # Health check configuration
+    healthcheck:
+      test: "wget --no-verbose --tries=1 --spider http://localhost:9000/api/system/status || exit 1"
+      start_period: 10s  # Initial delay before checks
+      interval: 10s  # Check interval
+      timeout: 5s  # Check timeout
+      retries: 3  # Allowed retries

renovate.json

@@ -20,7 +20,7 @@
     "packageRules": [
       {
         "matchPackageNames": "docker.io/minio/minio",
-        "versioning": "regex:^RELEASE\\.(?<major>\\d{4})-(?<minor>\\d{2})-(?<patch>\\d{2})"
+        "versioning": "regex:^RELEASE\\.(?<major>\\d{4})-(?<minor>\\d{2})-(?<patch>\\d{2})T\\d{2}-\\d{2}-\\d{2}Z$"
       }
     ]
   }

stirling-pdf/docker-compose.yml

@@ -27,3 +27,11 @@ services:
     # Network configuration
     ports:
       - ${PORT}:8080  # Web interface port
+
+    # Health check configuration
+    healthcheck:
+      test: [ "CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP'" ]
+      interval: 5s
+      timeout: 10s
+      retries: 5
+      start_period: 120s

syncyomi/docker-compose.yml

@@ -18,3 +18,10 @@ services:
     # Network configuration
     ports:
       - ${PORT}:8282  # Web interface port
+
+    # Health check configuration
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8282"]
+      interval: 10s
+      timeout: 10s
+      retries: 3