Update postgres Docker tag to v18

2025-12-18 00:01:57 +00:00
31 changed files with 106 additions and 819 deletions
--- a/audiobookshelf/docker-compose.yml
+++ b/audiobookshelf/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  audiobookshelf:
-    image: ghcr.io/advplyr/audiobookshelf:2.32.1
+    image: ghcr.io/advplyr/audiobookshelf:2.31.0
    restart: always
    ports:
      - 13378:80
--- a/audiomuse/docker-compose.yml
+++ b/audiomuse/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
  # Redis service for RQ (task queue)
  audiomuse-ai-redis:
-    image: redis:8-alpine
+    image: redis:7-alpine
    container_name: audiomuse-redis
    ports:
      - "6379:6379" # Expose Redis port to the host
@@ -13,7 +13,7 @@ services:
  # PostgreSQL database service
  audiomuse-ai-postgres:
-    image: postgres:15-alpine
+    image: postgres:18-alpine
    container_name: audiomuse-postgres
    env_file:
      - .env
@@ -21,8 +21,8 @@ services:
      POSTGRES_USER: ${AUDIOMUSE_POSTGRES_USER}
      POSTGRES_PASSWORD: ${AUDIOMUSE_POSTGRES_PASSWORD}
      POSTGRES_DB: ${AUDIOMUSE_POSTGRES_DB}
-    ports:
+#    ports:
-      - "5435:5432" # Expose PostgreSQL port to the host
+#      - "5432:5432" # Expose PostgreSQL port to the host
    volumes:
      - postgres-data:/var/lib/postgresql/data # Persistent storage for PostgreSQL data
    networks:
@@ -31,7 +31,7 @@ services:
  # AudioMuse-AI Flask application service
  audiomuse-ai-flask:
-    image: ghcr.io/neptunehub/audiomuse-ai:0.9.3 # Reflects deployment.yaml
+    image: ghcr.io/neptunehub/audiomuse-ai:0.8.2 # Reflects deployment.yaml
    container_name: audiomuse-ai-flask-app
    ports:
      - "8013:8000"
@@ -69,7 +69,7 @@ services:
  # AudioMuse-AI RQ Worker service
  audiomuse-ai-worker:
-    image: ghcr.io/neptunehub/audiomuse-ai:0.9.3 # Reflects deployment.yaml
+    image: ghcr.io/neptunehub/audiomuse-ai:0.8.2 # Reflects deployment.yaml
    container_name: audiomuse-ai-worker-instance
    env_file:
      - .env
--- a/baikal/.env.example
+++ b/baikal/.env.example
@@ -0,0 +1,2 @@
 BAIKAL_CONFIG_DIR=
 BAIKAL_DATA_DIR=
--- a/baikal/docker-compose.yml
+++ b/baikal/docker-compose.yml
@@ -0,0 +1,11 @@
 services:
  baikal:
    image: ckulka/baikal:0.10.1-nginx
    restart: always
    ports:
      - "8083:80"
    volumes:
      - ${BAIKAL_CONFIG_DIR}:/var/www/baikal/config
      - ${BAIKAL_DATA_DIR}:/var/www/baikal/Specific
    env_file:
      - .env
--- a/central-database/.env.example
+++ b/central-database/.env.example
@@ -1,11 +0,0 @@
 POSTGRES_ADMIN_PASSWORD=
 MATRIX_SYNAPSE_USER_PASSWORD=
 MATRIX_MAS_USER_PASSWORD=
 MATRIX_SIGNAL_USER_PASSWORD=
 MATRIX_WHATSAPP_USER_PASSWORD=
 PAPERLESS_USER_PASSWORD=
 IMMICH_USER_PASSWORD=
 SHLINK_USER_PASSWORD=
 SPLIIT_USER_PASSWORD=
 AUDIOMUSE_USER_PASSWORD=
--- a/central-database/Dockerfile
+++ b/central-database/Dockerfile
@@ -1,43 +0,0 @@
 # PostgreSQL 18 with pgvector and vectorchord extensions
 FROM postgres:18-alpine
 # Install build dependencies
 RUN apk add --no-cache --virtual .build-deps \
    gcc \
    musl-dev \
    postgresql-dev \
    make \
    git \
    cmake \
    clang \
    openssl-dev \
    libxml2-dev \
    libxslt-dev \
    python3 \
    py3-pip \
    build-base
 # Install pgvector extension
 RUN git clone --branch v0.7.3 https://github.com/pgvector/pgvector.git /tmp/pgvector \
    && cd /tmp/pgvector \
    && make \
    && make install
 # Install vectorchord extension (for Immich)
 RUN git clone --branch v0.3.0 https://github.com/vectorchord/pg_vectorscale.git /tmp/pg_vectorscale \
    && cd /tmp/pg_vectorscale \
    && make \
    && make install
 # Clean up build dependencies
 RUN apk del .build-deps \
    && rm -rf /tmp/* \
    && rm -rf /var/lib/apt/lists/*
 # Configure PostgreSQL to load extensions
 RUN echo "shared_preload_libraries = 'pg_vectorscale,vector'" >> /var/lib/postgresql/data/postgresql.conf
 COPY init-postgres.sh /docker-entrypoint-initdb.d/
 EXPOSE 5432
 CMD ["postgres"]
--- a/central-database/MIGRATION_GUIDE.md
+++ b/central-database/MIGRATION_GUIDE.md
@@ -1,215 +0,0 @@
 # Service Configuration Migration Guide
 This guide shows how to update each service to use the central PostgreSQL database.
 ## Service-Specific Configuration Updates
 ### 1. Synapse Matrix
 **Current configuration in `synapse/docker-compose.yml`:**
 ```yaml
 synapse_db:
  image: docker.io/library/postgres:17
  restart: always
  volumes:
    - ${SYNAPSE_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
  environment:
    POSTGRES_DB: ${SYNAPSE_POSTGRES_DB}
    POSTGRES_USER: ${SYNAPSE_POSTGRES_USER}
    POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
    POSTGRES_INITDB_ARGS: '--encoding=UTF-8  --locale=C'
  ports:
    - 5442:5432
 synapse:
  # ... other config ...
  environment:
    POSTGRES_HOST: synapse_db
    POSTGRES_PORT: 5432
    POSTGRES_DB: ${SYNAPSE_POSTGRES_DB}
    POSTGRES_USER: ${SYNAPSE_POSTGRES_USER}
    POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the synapse_db service entirely
 synapse:
  # ... other config ...
  environment:
    POSTGRES_HOST: postgres
    POSTGRES_PORT: 5432
    POSTGRES_DB: synapse
    POSTGRES_USER: synapse_user
    POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default  # Ensure same network as postgres container
 ```
 ### 2. Paperless
 **Current configuration in `paperless/docker-compose.yml`:**
 ```yaml
 db:
  image: docker.io/library/postgres:17
  restart: always
  volumes:
    - ${PAPERLESS_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
  environment:
    POSTGRES_DB: ${PAPERLESS_POSTGRES_DB}
    POSTGRES_USER: ${PAPERLESS_POSTGRES_USER}
    POSTGRES_PASSWORD: ${PAPERLESS_POSTGRES_PASSWORD}
  ports:
    - 5434:5432
 paperless:
  # ... other config ...
  environment:
    PAPERLESS_DBHOST: db
    PAPERLESS_DBNAME: ${PAPERLESS_POSTGRES_DB}
    PAPERLESS_DBUSER: ${PAPERLESS_POSTGRES_USER}
    PAPERLESS_DBPASS: ${PAPERLESS_POSTGRES_PASSWORD}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the db service entirely
 paperless:
  # ... other config ...
  environment:
    PAPERLESS_DBHOST: postgres
    PAPERLESS_DBNAME: paperless
    PAPERLESS_DBUSER: paperless_user
    PAPERLESS_DBPASS: ${PAPERLESS_POSTGRES_PASSWORD}
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default
 ```
 ### 3. Immich
 **Current configuration in `immich/docker-compose.yml`:**
 ```yaml
 database:
  container_name: immich_postgres
  image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
  environment:
    POSTGRES_USER: ${IMMICH_POSTGRES_USER}
    POSTGRES_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
    POSTGRES_DB: ${IMMICH_POSTGRES_DB}
    POSTGRES_INITDB_ARGS: '--data-checksums'
  ports:
    - 5433:5432
  volumes:
    - ${IMMICH_DB_LOCATION}:/var/lib/postgresql/data
 immich-server:
  # ... other config ...
  environment:
    DB_HOSTNAME: ${IMMICH_DB_HOSTNAME}
    DB_USERNAME: ${IMMICH_POSTGRES_USER}
    DB_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
    DB_DATABASE_NAME: ${IMMICH_POSTGRES_DB}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the database service entirely
 immich-server:
  # ... other config ...
  environment:
    DB_HOSTNAME: postgres
    DB_USERNAME: immich_user
    DB_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
    DB_DATABASE_NAME: immich
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default
 ```
 ### 4. Shlink
 **Current configuration in `shlink/docker-compose.yml`:**
 ```yaml
 shlink_db:
  image: postgres:17
  container_name: shlink_db
  restart: always
  volumes:
    - ${SHLINK_POSTGRES_DIR}:/var/lib/postgresql/data
  environment:
    POSTGRES_DB: ${SHLINK_POSTGRES_DB}
    POSTGRES_USER: ${SHLINK_POSTGRES_USER}
    POSTGRES_PASSWORD: ${SHLINK_POSTGRES_PASSWORD}
  ports:
    - 5436:5432
 shlink:
  # ... other config ...
  environment:
    DB_HOST: shlink_db
    DB_NAME: ${SHLINK_POSTGRES_DB}
    DB_USER: ${SHLINK_POSTGRES_USER}
    DB_PASSWORD: ${SHLINK_POSTGRES_PASSWORD}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the shlink_db service entirely
 shlink:
  # ... other config ...
  environment:
    DB_HOST: postgres
    DB_NAME: shlink
    DB_USER: shlink_user
    DB_PASSWORD: ${SHLINK_POSTGRES_PASSWORD}
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default
 ```
 ## General Pattern
 For each service:
 1. **Remove** the service-specific database container
 2. **Update** the main service container's environment variables:
   - `POSTGRES_HOST`/`DB_HOST` → `postgres`
   - `POSTGRES_PORT`/`DB_PORT` → `5432`
   - `POSTGRES_DB`/`DB_NAME` → `<service_name>` (e.g., `synapse`, `paperless`)
   - `POSTGRES_USER`/`DB_USER` → `<service_name>_user`
   - `POSTGRES_PASSWORD`/`DB_PASSWORD` → `${SERVICE_POSTGRES_PASSWORD}` (keep existing)
 3. **Add dependency** on `postgres` service
 4. **Update network** configuration if needed (ensure services can reach postgres container)
 ## Testing Migration
 After updating each service:
 1. **Stop the service**: `docker-compose down`
 2. **Start with new config**: `docker-compose up -d`
 3. **Check logs**: `docker-compose logs -f`
 4. **Test functionality**: Verify the service works correctly
 5. **Rollback plan**: Keep old database container until migration is confirmed successful
 ## Network Considerations
 Ensure all services are on the same Docker network or can reach the `central_postgres` container. You may need to:
 1. Add services to the same network
 2. Use Docker's internal DNS
 3. Configure network aliases if needed
 ## Password Management
 Keep using the same password variables but ensure they match the central database user passwords. The migration script preserves existing passwords for seamless transition.
--- a/central-database/README.md
+++ b/central-database/README.md
@@ -1,145 +0,0 @@
 # Central PostgreSQL Database Consolidation
 This directory contains the configuration for consolidating all PostgreSQL databases into a single PostgreSQL 18 instance with schema isolation.
 ## Architecture
 ### Before (Multiple Containers)
 ```
 ┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
 │ Synapse DB      │    │ Paperless DB    │    │ Immich DB       │
 │ PostgreSQL 17    │    │ PostgreSQL 17    │    │ PostgreSQL 14    │
 └─────────────────┘    └─────────────────┘    └─────────────────┘
      Port 5442          Port 5434          Port 5433
 ```
 ### After (Single Container)
 ```
 ┌─────────────────────────────────────────────────────┐
 │ PostgreSQL 18 (container name: postgres)          │
 │                                                     │
 │  ┌─────────────────┐  ┌─────────────────┐          │
 │  │ synapse        │  │ paperless       │          │
 │  │ database       │  │ database       │          │
 │  └─────────────────┘  └─────────────────┘          │
 │                                                     │
 │  ┌─────────────────┐  ┌─────────────────┐          │
 │  │ immich          │  │ shlink          │          │
 │  │ database       │  │ database       │          │
 │  └─────────────────┘  └─────────────────┘          │
 │                                                     │
 │  Extensions: vector, pg_vectorscale                │
 └─────────────────────────────────────────────────────┘
                     Port 5432
 ```
 ## Setup Instructions
 ### 1. Setup Environment
 ```bash
 cd central-database
 cp .env.template .env
 # Edit .env with your actual passwords (do not commit this file)
 ```
 ### 2. Build and Start PostgreSQL Container
 ```bash
 docker-compose up -d --build postgres
 ```
 ### 3. Verify Database is Running
 ```bash
 docker-compose logs -f postgres
 docker-compose exec postgres psql -U admin -c "\l"
 ```
 ### 4. Migrate Services
 Use the generic migration script for each service:
 ```bash
 # Set environment variables (or use .env file)
 export SYNAPSE_POSTGRES_PASSWORD="your_actual_password"
 # Example: Migrate Synapse
 ./migrate_service.sh synapse localhost 5442 synapse synapse_password synapse
 # Example: Migrate Paperless
 ./migrate_service.sh paperless localhost 5434 paperless paperless_password paperless
 ```
 ### 5. Update Service Configurations
 After migration, update each service's docker-compose.yml to point to the central postgres container:
 ```yaml
 # Example for Synapse
 environment:
  POSTGRES_HOST: postgres
  POSTGRES_PORT: 5432
  POSTGRES_DB: synapse
  POSTGRES_USER: synapse_user
  POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
 ```
 ## Migration Order Recommendation
 1. **Non-critical services first**: shlink, spliit
 2. **Document management**: paperless
 3. **Media services**: immich, audiomuse
 4. **Matrix ecosystem**: mas, signal, whatsapp, synapse
 ## Backup Strategy
 ### Full Backup (all databases)
 ```bash
 docker-compose exec postgres pg_dumpall -U admin > full_backup_$(date +%Y%m%d).sql
 ```
 ### Individual Database Backup
 ```bash
 # Backup specific database
 docker-compose exec postgres pg_dump -U synapse_user -d synapse > synapse_backup_$(date +%Y%m%d).sql
 # Backup all databases individually
 for db in synapse mas signal whatsapp paperless immich shlink spliit audiomuse; do
  docker-compose exec postgres pg_dump -U ${db}_user -d $db > ${db}_backup_$(date +%Y%m%d).sql
 done
 ```
 ### Automated Backup (add to cron)
 ```bash
 #!/bin/bash
 # Daily backup script
 BACKUP_DIR="/backups/postgres"
 mkdir -p $BACKUP_DIR
 # Full backup
 docker-compose -f /path/to/central-database/docker-compose.yml exec postgres pg_dumpall -U admin | gzip > $BACKUP_DIR/full_backup_$(date +%Y%m%d_%H%M%S).sql.gz
 # Individual database backups
 for db in synapse mas signal whatsapp paperless immich shlink spliit audiomuse; do
  docker-compose -f /path/to/central-database/docker-compose.yml exec postgres pg_dump -U ${db}_user -d $db | gzip > $BACKUP_DIR/${db}_backup_$(date +%Y%m%d_%H%M%S).sql.gz
 done
 # Keep last 7 days
 find $BACKUP_DIR -name "*.sql.gz" -mtime +7 -delete
 ```
 ## Troubleshooting
 ### Connection Issues
 - Verify central database is running: `docker-compose ps`
 - Check logs: `docker-compose logs central_postgres`
 - Test connection: `psql -h localhost -p 5432 -U admin -d central_db`
 ### Permission Issues
 - Ensure service users have correct permissions on their schemas
 - Check schema ownership: `\dn+` in psql
 ### Extension Issues
 - Verify extensions are loaded: `\dx` in psql
 - Check PostgreSQL logs for extension errors
 ## Security Notes
 - Use strong passwords for all service users
 - Rotate passwords after migration
 - Consider using PostgreSQL role attributes for additional security
 - Enable SSL for production environments
--- a/central-database/docker-compose.yml
+++ b/central-database/docker-compose.yml
@@ -1,23 +0,0 @@
 services:
  postgres:
    build: .
    container_name: postgres
    restart: always
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: admin
      POSTGRES_PASSWORD: ${POSTGRES_ADMIN_PASSWORD}
    ports:
      - "5432:5432"
    networks:
      - default
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U admin"]
      interval: 5s
      timeout: 5s
      retries: 5
 volumes:
  postgres_data:
    driver: local
--- a/central-database/init-postgres.sh
+++ b/central-database/init-postgres.sh
@@ -1,39 +0,0 @@
 #!/bin/bash
 set -e
 echo "Waiting for PostgreSQL to start..."
 until pg_isready -U admin -h localhost; do
  sleep 2
 done
 echo "PostgreSQL is ready. Creating databases and users..."
 # Create databases
 for db in matrix_synapse matrix_mas matrix_signal matrix_whatsapp paperless immich shlink spliit audiomuse; do
  echo "Creating database: $db"
  createdb -U admin "$db"
 done
 # Create users and set permissions
 for db in matrix_synapse matrix_mas matrix_signal matrix_whatsapp paperless immich shlink spliit audiomuse; do
  user="${db}_user"
  password_var="${user^^}_PASSWORD"
  password=${!password_var}
  if [ -z "$password" ]; then
    echo "Warning: Password for $user not set. Using default."
    password="default_password"
  fi
  echo "Creating user: $user"
  psql -U admin -c "CREATE USER $user WITH PASSWORD '$password';"
  psql -U admin -c "GRANT ALL PRIVILEGES ON DATABASE $db TO $user;"
  psql -U admin -c "ALTER DATABASE $db OWNER TO $user;"
 done
 # Enable extensions in immich database
 echo "Enabling extensions in immich database..."
 psql -U admin -d immich -c "CREATE EXTENSION IF NOT EXISTS vector;"
 psql -U admin -d immich -c "CREATE EXTENSION IF NOT EXISTS pg_vectorscale;"
 echo "PostgreSQL initialization complete!"
--- a/central-database/migrate_service.sh
+++ b/central-database/migrate_service.sh
@@ -1,106 +0,0 @@
 #!/bin/bash
 # Generic PostgreSQL service migration script
 # Usage: ./migrate_service.sh <service_name> <old_host> <old_port> <old_user> <old_password> <old_db>
 set -e
 if [ "$#" -ne 6 ]; then
    echo "Usage: $0 <service_name> <old_host> <old_port> <old_user> <old_password> <old_db>"
    exit 1
 fi
 SERVICE_NAME=$1
 OLD_HOST=$2
 OLD_PORT=$3
 OLD_USER=$4
 OLD_PASSWORD=$5
 OLD_DB=$6
 # Map service names to database names and users
 case $SERVICE_NAME in
    synapse)
        NEW_DB="synapse"
        NEW_USER="synapse_user"
        NEW_PASSWORD="${SYNAPSE_POSTGRES_PASSWORD}"
        ;;
    mas)
        NEW_DB="mas"
        NEW_USER="mas_user"
        NEW_PASSWORD="${MAS_POSTGRES_PASSWORD}"
        ;;
    signal)
        NEW_DB="signal"
        NEW_USER="signal_user"
        NEW_PASSWORD="${MAUTRIX_SIGNAL_POSTGRES_PASSWORD}"
        ;;
    whatsapp)
        NEW_DB="whatsapp"
        NEW_USER="whatsapp_user"
        NEW_PASSWORD="${MAUTRIX_WHATSAPP_POSTGRES_PASSWORD}"
        ;;
    paperless)
        NEW_DB="paperless"
        NEW_USER="paperless_user"
        NEW_PASSWORD="${PAPERLESS_POSTGRES_PASSWORD}"
        ;;
    immich)
        NEW_DB="immich"
        NEW_USER="immich_user"
        NEW_PASSWORD="${IMMICH_POSTGRES_PASSWORD}"
        ;;
    shlink)
        NEW_DB="shlink"
        NEW_USER="shlink_user"
        NEW_PASSWORD="${SHLINK_POSTGRES_PASSWORD}"
        ;;
    spliit)
        NEW_DB="spliit"
        NEW_USER="spliit_user"
        NEW_PASSWORD="${SPLIIT_POSTGRES_PASSWORD}"
        ;;
    audiomuse)
        NEW_DB="audiomuse"
        NEW_USER="audiomuse_user"
        NEW_PASSWORD="${AUDIOMUSE_POSTGRES_PASSWORD}"
        ;;
    *)
        echo "Unknown service: $SERVICE_NAME"
        exit 1
        ;;
 esac
 echo "Starting migration for $SERVICE_NAME to database $NEW_DB..."
 # Export from old database
 echo "Exporting data from $OLD_DB..."
 PGPASSWORD="$OLD_PASSWORD" pg_dump \
    -h "$OLD_HOST" \
    -p "$OLD_PORT" \
    -U "$OLD_USER" \
    -d "$OLD_DB" \
    -F custom \
    -f "/tmp/${SERVICE_NAME}_dump.custom"
 # Import to new database
 echo "Importing data to $NEW_DB database..."
 PGPASSWORD="$NEW_PASSWORD" pg_restore \
    -h localhost \
    -p 5432 \
    -U "$NEW_USER" \
    -d "$NEW_DB" \
    --clean \
    --if-exists \
    "/tmp/${SERVICE_NAME}_dump.custom"
 echo "Migration completed for $SERVICE_NAME!"
 # Clean up
 rm -f "/tmp/${SERVICE_NAME}_dump.custom"
 echo "You can now update your $SERVICE_NAME service configuration to use:"
 echo "  Host: localhost"
 echo "  Port: 5432"
 echo "  Database: $NEW_DB"
 echo "  User: $NEW_USER"
 echo "  Password: ***"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,10 @@
 include:
  - audiobookshelf/docker-compose.yml
  - audiomuse/docker-compose.yml
  - baikal/docker-compose.yml
  - gitea/docker-compose.yml
  - immich/docker-compose.yml
  - jellyfin/docker-compose.yml
  - monitoring/docker-compose.yml
  - nextcloud/docker-compose.yml
  - paperless/docker-compose.yml
  - pihole/docker-compose.yml
@@ -13,5 +13,5 @@ include:
  - spliit/docker-compose.yml
  - shlink/docker-compose.yml
  - synapse/docker-compose.yml
-#  - updater/docker-compose.yml
+  - updater/docker-compose.yml
  - vaultwarden/docker-compose.yml
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -14,7 +14,7 @@ services:
      - "3000:3000"
      - "2222:2222"
  gitea-runner:
-    image: gitea/act_runner:0.3.0
+    image: gitea/act_runner:0.2.13
    restart: always
    environment:
      CONFIG_FILE: /config.yaml
--- a/immich/.env.example
+++ b/immich/.env.example
@@ -8,8 +8,3 @@ IMMICH_POSTGRES_USER=
 IMMICH_POSTGRES_PASSWORD=
 REDIS_HOSTNAME=
 IMMICH_EXTERNAL_MEDIA_LOCATION=
 # Default timezone for images without a timezone set
 TZ=
--- a/immich/docker-compose.yml
+++ b/immich/docker-compose.yml
@@ -1,13 +1,13 @@
 services:
  immich-server:
    container_name: immich_server
-    image: ghcr.io/immich-app/immich-server:v2.6.1
+    image: ghcr.io/immich-app/immich-server:v2.3.1
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
      - ${UPLOAD_LOCATION}:/data
      - ${IMMICH_EXTERNAL_MEDIA_LOCATION}:/external:ro
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -25,7 +25,7 @@ services:
  immich-machine-learning:
    container_name: immich_machine_learning
-    image: ghcr.io/immich-app/immich-machine-learning:v2.6.1
+    image: ghcr.io/immich-app/immich-machine-learning:v2.3.1
    volumes:
      - model-cache:/cache
    env_file:
--- a/jellyfin/docker-compose.yml
+++ b/jellyfin/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  jellyfin:
-    image: jellyfin/jellyfin:10.11.6
+    image: jellyfin/jellyfin:10.11.5
    user: ${JELLYFIN_USER_UID}:${JELLYFIN_USER_GID}
    network_mode: 'host'
    restart: always
--- a/monitoring/.env.example
+++ b/monitoring/.env.example
@@ -1,27 +0,0 @@
 GRAFANA_ADMIN_USER=
 GRAFANA_ADMIN_PASSWORD=
 GRAFANA_DOMAIN=
 GRAFANA_ROOT_URL=
 GRAFANA_DISABLE_LOGIN_FORM=false
 GRAFANA_SMTP_ENABLED=true
 GRAFANA_SMTP_HOST=
 GRAFANA_SMTP_USER=
 GRAFANA_SMTP_PASSWORD=
 GRAFANA_SMTP_FROM=
 GRAFANA_DATA_DIR=
 PROMETHEUS_CONFIG_PATH=
 PROMETHEUS_DATA_DIR=
 BLACKBOX_CONFIG_PATH=
 LOKI_CONFIG_PATH=
 LOKI_DATA_DIR=
 ALLOY_CONFIG_PATH=
 GMF_MATRIX_HOMESERVER=
 GMF_MATRIX_USER=
 GMF_MATRIX_TOKEN=
--- a/monitoring/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@@ -1,115 +0,0 @@
 services:
  # Prometheus - Metrics Collection
  prometheus:
    image: prom/prometheus:v3.10.0
    restart: unless-stopped
    ports:
      - "9091:9090"
    volumes:
      - ${PROMETHEUS_CONFIG_PATH}:/etc/prometheus/prometheus.yml:ro
      - ${PROMETHEUS_DATA_DIR}:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'
      - '--storage.tsdb.retention.time=200h'
      - '--web.enable-lifecycle'
      - '--web.enable-admin-api'
  # Grafana - Visualization Dashboard
  grafana:
    image: grafana/grafana:12.4.1
    restart: unless-stopped
    ports:
      - "3002:3000"
    volumes:
      - ${GRAFANA_DATA_DIR}:/var/lib/grafana
    environment:
      - GF_SECURITY_ADMIN_USER=${GRAFANA_ADMIN_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
      - GF_USERS_ALLOW_SIGN_UP=false
      - GF_SERVER_DOMAIN=${GRAFANA_DOMAIN}
      - GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL}
      - GF_AUTH_DISABLE_LOGIN_FORM=${GRAFANA_DISABLE_LOGIN_FORM}
      - GF_SMTP_ENABLED=${GRAFANA_SMTP_ENABLED}
      - GF_SMTP_HOST=${GRAFANA_SMTP_HOST}
      - GF_SMTP_USER=${GRAFANA_SMTP_USER}
      - GF_SMTP_PASSWORD=${GRAFANA_SMTP_PASSWORD}
      - GF_SMTP_FROM_ADDRESS=${GRAFANA_SMTP_FROM}
    depends_on:
      - prometheus
  loki:
    image: grafana/loki:3.6.7
    restart: unless-stopped
    ports:
      - "3100:3100"
    volumes:
      - ${LOKI_CONFIG_PATH}:/etc/loki/local-config.yaml
      - ${LOKI_DATA_DIR}:/loki
    command:
      - '-config.file=/etc/loki/local-config.yaml'
      - '-target=all'
  alloy:
    image: grafana/alloy:v1.14.1
    restart: unless-stopped
    ports:
      - "12345:12345"
    volumes:
      - ${ALLOY_CONFIG_PATH}:/etc/alloy/config.alloy:ro
      - /var/log:/var/log:ro
  # Node Exporter - Host System Metrics
  node_exporter:
    image: prom/node-exporter:v1.10.2
    restart: unless-stopped
    ports:
      - "9100:9100"
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
    command:
      - '--path.procfs=/host/proc'
      - '--path.rootfs=/rootfs'
      - '--path.sysfs=/host/sys'
      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
  # cAdvisor - Container Metrics
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:v0.55.1
    restart: unless-stopped
    privileged: true
    ports:
      - "8081:8080"
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
    devices:
      - /dev/kmsg
    command:
      - '--housekeeping_interval=30s'
      - '--max_housekeeping_interval=35s'
      - '--event_storage_event_limit=default=0'
      - '--event_storage_age_limit=default=0'
      - '--disable_metrics=disk,diskIO,tcp,udp,percpu,sched,process,hugetlb,referenced_memory'
      - '--docker_only=true'
  # Blackbox Exporter - Endpoint Monitoring
  blackbox_exporter:
    image: prom/blackbox-exporter:v0.28.0
    restart: unless-stopped
    ports:
      - "9115:9115"
    volumes:
      - ${BLACKBOX_CONFIG_PATH}:/etc/blackbox_exporter/config.yml
  grafana-matrix-forwarder:
    build: ./grafana-matrix-forwarder
    restart: unless-stopped
    env_file:
      - .env
--- a/monitoring/grafana-matrix-forwarder/Dockerfile
+++ b/monitoring/grafana-matrix-forwarder/Dockerfile
@@ -1,9 +0,0 @@
 FROM alpine
 # Create main app folder to run from
 WORKDIR /app
 # Copy compiled binary to release image
 COPY grafana-matrix-forwarder /app/grafana-matrix-forwarder
 ENTRYPOINT ["/app/grafana-matrix-forwarder"]
--- a/monitoring/grafana-matrix-forwarder/grafana-matrix-forwarder
+++ b/monitoring/grafana-matrix-forwarder/grafana-matrix-forwarder
--- a/nextcloud/.env.example
+++ b/nextcloud/.env.example
@@ -1,2 +1,12 @@
-NEXTCLOUD_AIO_DIR=
+NEXTCLOUD_DOMAIN=
 NEXTCLOUD_DATA_DIR=
 NEXTCLOUD_POSTGRES_DATA_DIR=
 NEXTCLOUD_POSTGRES_DB=
 NEXTCLOUD_POSTGRES_USER=
 NEXTCLOUD_POSTGRES_PASSWORD=
 COLLABORA_DOMAIN=
 COLLABORA_USER=
 COLLABORA_PASSWORD=
--- a/nextcloud/docker-compose.yml
+++ b/nextcloud/docker-compose.yml
@@ -1,40 +1,50 @@
 services:
-  nextcloud-aio-mastercontainer:
+  nextcloud_db:
-    image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
+    image: docker.io/library/postgres:17
-    init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
+    restart: always
    restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+      - ${NEXTCLOUD_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
+    environment:
-    network_mode: bridge
+      POSTGRES_DB: ${NEXTCLOUD_POSTGRES_DB}
      POSTGRES_USER: ${NEXTCLOUD_POSTGRES_USER}
      POSTGRES_PASSWORD: ${NEXTCLOUD_POSTGRES_PASSWORD}
    ports:
-      - 8014:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
+      - 5438:5432
-    environment: # Is needed when using any of the options below
+    networks:
-      # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      - nextcloud
-      APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  nextcloud:
-      # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    image: nextcloud:32.0.3
-      # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    restart: always
-      # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
+    ports:
-      # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      - 8081:80
-      # DOCKER_API_VERSION: 1.44 # You can adjust the internally used docker api version with this variable. ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version
+    links:
-      # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
+      - db
-      NEXTCLOUD_DATADIR: ${NEXTCLOUD_DATA_DIR} # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+    volumes:
-      # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      - ${NEXTCLOUD_DATA_DIR}:/var/www/html
-      # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+    environment:
-      # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      - POSTGRES_HOST=nextcloud_db
-      # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      - POSTGRES_DB=${NEXTCLOUD_POSTGRES_DB}
-      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      - POSTGRES_USER=${NEXTCLOUD_POSTGRES_USER}
-      # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      - POSTGRES_PASSWORD=${NEXTCLOUD_POSTGRES_PASSWORD}
-      # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
+      - REDIS_HOST=nextcloud-redis
-      # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      - REDIS_PORT=6379
-      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
+      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
-      # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
+    networks:
-      # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+      - nextcloud
-      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
+  cron:
-      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+    image: nextcloud:32.0.3
    container_name: nextcloud-cron
    volumes:
      - ${NEXTCLOUD_DATA_DIR}:/var/www/html
    entrypoint: /cron.sh
    restart: always
    networks:
      - nextcloud
  nextcloud-redis:
    image: redis:7
    restart: always
    networks:
      - nextcloud
-
+networks:
-volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
+  nextcloud:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
--- a/paperless/docker-compose.yml
+++ b/paperless/docker-compose.yml
@@ -18,7 +18,7 @@ services:
      - 5434:5432
  paperless:
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.12
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.2
    restart: always
    depends_on:
      - db
@@ -49,7 +49,7 @@ services:
      PAPERLESS_REDIRECT_LOGIN_TO_SSO: true
  gotenberg:
-    image: docker.io/gotenberg/gotenberg:8.28.0
+    image: docker.io/gotenberg/gotenberg:8.25.1
    restart: always
    # The gotenberg chromium route is used to convert .eml files. We do not
--- a/pihole/docker-compose.yml
+++ b/pihole/docker-compose.yml
@@ -2,7 +2,7 @@
 services:
  pihole:
    container_name: pihole
-    image: pihole/pihole:2026.02.0
+    image: pihole/pihole:2025.11.1
    ports:
      # DNS Ports
      - "53:53/tcp"
--- a/pocketid/.env.example
+++ b/pocketid/.env.example
@@ -3,5 +3,3 @@ TRUST_PROXY=
 MAXMIND_LICENSE_KEY=
 PUID=
 PGID=
 ENCRYPTION_KEY=
 POCKETID_DATA_DIR=
--- a/pocketid/docker-compose.yml
+++ b/pocketid/docker-compose.yml
@@ -1,12 +1,13 @@
 services:
  pocket-id:
-    image: ghcr.io/pocket-id/pocket-id:v2.4.0
+    image: ghcr.io/pocket-id/pocket-id:v1.16.0
    restart: always
    env_file: .env
    ports:
      - "3043:1411"
    volumes:
-      - ${POCKETID_DATA_DIR}:/app/data
+      #TODO change this to a more appropriate location
      - ./data:/app/data
    # Optional healthcheck
    healthcheck:
      test: "curl -f http://localhost:1411/healthz"
--- a/shlink/docker-compose.yml
+++ b/shlink/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  shlink:
-    image: shlinkio/shlink:5.0
+    image: shlinkio/shlink:4.6
    container_name: shlink
    restart: always
    ports:
@@ -18,7 +18,7 @@ services:
    depends_on:
      - shlink_db
  shlink_db:
-    image: postgres:17
+    image: postgres:18
    container_name: shlink_db
    restart: always
    volumes:
--- a/spliit/docker-compose.yml
+++ b/spliit/docker-compose.yml
@@ -16,7 +16,7 @@ services:
      POSTGRES_USER: ${SPLIIT_POSTGRES_USER}
      POSTGRES_PASSWORD: ${SPLIIT_POSTGRES_PASSWORD}
  spliit_db:
-    image: postgres:17
+    image: postgres:18
    restart: always
    volumes:
      - ${SPLIIT_POSTGRES_DIR}:/var/lib/postgresql/data
--- a/synapse/docker-compose.yml
+++ b/synapse/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  element-call-auth-service:
-    image: ghcr.io/element-hq/lk-jwt-service:0.4.1
+    image: ghcr.io/element-hq/lk-jwt-service:0.4.0
    container_name: element-call-jwt
    hostname: auth-server
    environment:
@@ -13,7 +13,7 @@ services:
    ports:
      - 8071:8080
  element-call-livekit:
-    image: livekit/livekit-server:v1.10.0
+    image: livekit/livekit-server:v1.9.8
    command: --config /etc/livekit.yaml
    ports:
      - "7880:7880/tcp"
@@ -25,7 +25,7 @@ services:
      - ${LIVEKIT_CONFIG_DIR}/config.yaml:/etc/livekit.yaml:ro
  mautrix-signal:
    container_name: mautrix-signal
-    image: dock.mau.dev/mautrix/signal:v0.2603.0
+    image: dock.mau.dev/mautrix/signal:v0.2512.0
    restart: always
    volumes:
      - ${MAUTRIX_SIGNAL_DATA_DIR}:/data
@@ -42,7 +42,7 @@ services:
      - 5439:5432
  mautrix-whatsapp:
    container_name: mautrix-whatsapp
-    image: dock.mau.dev/mautrix/whatsapp:v0.2603.0
+    image: dock.mau.dev/mautrix/whatsapp:v0.2512.0
    #image: petersmit27/mautrix-whatsapp:latest
    restart: always
    volumes:
@@ -61,7 +61,7 @@ services:
    ports:
      - 5440:5432
  mas:
-    image: ghcr.io/element-hq/matrix-authentication-service:1.13.0
+    image: ghcr.io/element-hq/matrix-authentication-service:1.8.0
    restart: always
    working_dir: /config
    volumes:
@@ -97,7 +97,7 @@ services:
      - 5442:5432
  synapse:
    container_name: synapse
-    image: matrixdotorg/synapse:v1.149.1
+    image: matrixdotorg/synapse:v1.144.0
    restart: always
    volumes:
      - ${SYNAPSE_CONFIG_DIR}:/data
@@ -107,10 +107,3 @@ services:
      - synapse_db
      - mas
      - mautrix-whatsapp
  element-admin:
    image: oci.element.io/element-admin:0.1.11
    restart: unless-stopped
    ports:
      - "8079:8080"
    environment:
      - SERVER_NAME=${MATRIX_DOMAIN}
--- a/updater/Dockerfile
+++ b/updater/Dockerfile
@@ -1,5 +1,5 @@
 # Use the official PHP image with Apache
-FROM php:8.5-apache
+FROM php:8.4-apache
 # Add Docker's official GPG key:
 RUN apt-get update &&\
@@ -16,7 +16,7 @@ RUN echo \
 # Install git and docker-compose
 RUN apt-get update && \
-    apt-get install -y git docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-model-plugin && \
+    apt-get install -y git docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
    rm -rf /var/lib/apt/lists/*
 # Create .docker directory and set permissions
--- a/vaultwarden/docker-compose.yml
+++ b/vaultwarden/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
  vaultwarden:
    container_name: vaultwarden
-    image: vaultwarden/server:1.35.4
+    image: vaultwarden/server:1.34.3
    restart: always
    volumes:
      - ${VAULTWARDEN_DATA_LOCATION}:/data/