Update docker.io/library/postgres Docker tag to v18

2025-12-25 00:02:44 +00:00
30 changed files with 52 additions and 904 deletions
--- a/aiworkshop.md
+++ b/aiworkshop.md
--- a/audiobookshelf/docker-compose.yml
+++ b/audiobookshelf/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  audiobookshelf:
-    image: ghcr.io/advplyr/audiobookshelf:2.33.1
+    image: ghcr.io/advplyr/audiobookshelf:2.31.0
    restart: always
    ports:
      - 13378:80
--- a/audiomuse/docker-compose.yml
+++ b/audiomuse/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
  # Redis service for RQ (task queue)
  audiomuse-ai-redis:
-    image: redis:8-alpine
+    image: redis:7-alpine
    container_name: audiomuse-redis
    ports:
      - "6379:6379" # Expose Redis port to the host
@@ -21,8 +21,8 @@ services:
      POSTGRES_USER: ${AUDIOMUSE_POSTGRES_USER}
      POSTGRES_PASSWORD: ${AUDIOMUSE_POSTGRES_PASSWORD}
      POSTGRES_DB: ${AUDIOMUSE_POSTGRES_DB}
-    ports:
+#    ports:
-      - "5435:5432" # Expose PostgreSQL port to the host
+#      - "5432:5432" # Expose PostgreSQL port to the host
    volumes:
      - postgres-data:/var/lib/postgresql/data # Persistent storage for PostgreSQL data
    networks:
@@ -31,7 +31,7 @@ services:
  # AudioMuse-AI Flask application service
  audiomuse-ai-flask:
-    image: ghcr.io/neptunehub/audiomuse-ai:0.9.5 # Reflects deployment.yaml
+    image: ghcr.io/neptunehub/audiomuse-ai:0.8.2 # Reflects deployment.yaml
    container_name: audiomuse-ai-flask-app
    ports:
      - "8013:8000"
@@ -69,7 +69,7 @@ services:
  # AudioMuse-AI RQ Worker service
  audiomuse-ai-worker:
-    image: ghcr.io/neptunehub/audiomuse-ai:0.9.5 # Reflects deployment.yaml
+    image: ghcr.io/neptunehub/audiomuse-ai:0.8.2 # Reflects deployment.yaml
    container_name: audiomuse-ai-worker-instance
    env_file:
      - .env
@@ -123,4 +123,4 @@ volumes:
  postgres-data:
 networks:
-  audiomuse:
+  audiomuse:
--- a/baikal/.env.example
+++ b/baikal/.env.example
@@ -0,0 +1,2 @@
 BAIKAL_CONFIG_DIR=
 BAIKAL_DATA_DIR=
--- a/baikal/docker-compose.yml
+++ b/baikal/docker-compose.yml
@@ -0,0 +1,11 @@
 services:
  baikal:
    image: ckulka/baikal:0.10.1-nginx
    restart: always
    ports:
      - "8083:80"
    volumes:
      - ${BAIKAL_CONFIG_DIR}:/var/www/baikal/config
      - ${BAIKAL_DATA_DIR}:/var/www/baikal/Specific
    env_file:
      - .env
--- a/central-database/.env.example
+++ b/central-database/.env.example
@@ -1,11 +0,0 @@
 POSTGRES_ADMIN_PASSWORD=
 MATRIX_SYNAPSE_USER_PASSWORD=
 MATRIX_MAS_USER_PASSWORD=
 MATRIX_SIGNAL_USER_PASSWORD=
 MATRIX_WHATSAPP_USER_PASSWORD=
 PAPERLESS_USER_PASSWORD=
 IMMICH_USER_PASSWORD=
 SHLINK_USER_PASSWORD=
 SPLIIT_USER_PASSWORD=
 AUDIOMUSE_USER_PASSWORD=
--- a/central-database/Dockerfile
+++ b/central-database/Dockerfile
@@ -1,43 +0,0 @@
 # PostgreSQL 18 with pgvector and vectorchord extensions
 FROM postgres:18-alpine
 # Install build dependencies
 RUN apk add --no-cache --virtual .build-deps \
    gcc \
    musl-dev \
    postgresql-dev \
    make \
    git \
    cmake \
    clang \
    openssl-dev \
    libxml2-dev \
    libxslt-dev \
    python3 \
    py3-pip \
    build-base
 # Install pgvector extension
 RUN git clone --branch v0.7.3 https://github.com/pgvector/pgvector.git /tmp/pgvector \
    && cd /tmp/pgvector \
    && make \
    && make install
 # Install vectorchord extension (for Immich)
 RUN git clone --branch v0.3.0 https://github.com/vectorchord/pg_vectorscale.git /tmp/pg_vectorscale \
    && cd /tmp/pg_vectorscale \
    && make \
    && make install
 # Clean up build dependencies
 RUN apk del .build-deps \
    && rm -rf /tmp/* \
    && rm -rf /var/lib/apt/lists/*
 # Configure PostgreSQL to load extensions
 RUN echo "shared_preload_libraries = 'pg_vectorscale,vector'" >> /var/lib/postgresql/data/postgresql.conf
 COPY init-postgres.sh /docker-entrypoint-initdb.d/
 EXPOSE 5432
 CMD ["postgres"]
--- a/central-database/MIGRATION_GUIDE.md
+++ b/central-database/MIGRATION_GUIDE.md
@@ -1,215 +0,0 @@
 # Service Configuration Migration Guide
 This guide shows how to update each service to use the central PostgreSQL database.
 ## Service-Specific Configuration Updates
 ### 1. Synapse Matrix
 **Current configuration in `synapse/docker-compose.yml`:**
 ```yaml
 synapse_db:
  image: docker.io/library/postgres:17
  restart: always
  volumes:
    - ${SYNAPSE_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
  environment:
    POSTGRES_DB: ${SYNAPSE_POSTGRES_DB}
    POSTGRES_USER: ${SYNAPSE_POSTGRES_USER}
    POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
    POSTGRES_INITDB_ARGS: '--encoding=UTF-8  --locale=C'
  ports:
    - 5442:5432
 synapse:
  # ... other config ...
  environment:
    POSTGRES_HOST: synapse_db
    POSTGRES_PORT: 5432
    POSTGRES_DB: ${SYNAPSE_POSTGRES_DB}
    POSTGRES_USER: ${SYNAPSE_POSTGRES_USER}
    POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the synapse_db service entirely
 synapse:
  # ... other config ...
  environment:
    POSTGRES_HOST: postgres
    POSTGRES_PORT: 5432
    POSTGRES_DB: synapse
    POSTGRES_USER: synapse_user
    POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default  # Ensure same network as postgres container
 ```
 ### 2. Paperless
 **Current configuration in `paperless/docker-compose.yml`:**
 ```yaml
 db:
  image: docker.io/library/postgres:17
  restart: always
  volumes:
    - ${PAPERLESS_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
  environment:
    POSTGRES_DB: ${PAPERLESS_POSTGRES_DB}
    POSTGRES_USER: ${PAPERLESS_POSTGRES_USER}
    POSTGRES_PASSWORD: ${PAPERLESS_POSTGRES_PASSWORD}
  ports:
    - 5434:5432
 paperless:
  # ... other config ...
  environment:
    PAPERLESS_DBHOST: db
    PAPERLESS_DBNAME: ${PAPERLESS_POSTGRES_DB}
    PAPERLESS_DBUSER: ${PAPERLESS_POSTGRES_USER}
    PAPERLESS_DBPASS: ${PAPERLESS_POSTGRES_PASSWORD}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the db service entirely
 paperless:
  # ... other config ...
  environment:
    PAPERLESS_DBHOST: postgres
    PAPERLESS_DBNAME: paperless
    PAPERLESS_DBUSER: paperless_user
    PAPERLESS_DBPASS: ${PAPERLESS_POSTGRES_PASSWORD}
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default
 ```
 ### 3. Immich
 **Current configuration in `immich/docker-compose.yml`:**
 ```yaml
 database:
  container_name: immich_postgres
  image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
  environment:
    POSTGRES_USER: ${IMMICH_POSTGRES_USER}
    POSTGRES_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
    POSTGRES_DB: ${IMMICH_POSTGRES_DB}
    POSTGRES_INITDB_ARGS: '--data-checksums'
  ports:
    - 5433:5432
  volumes:
    - ${IMMICH_DB_LOCATION}:/var/lib/postgresql/data
 immich-server:
  # ... other config ...
  environment:
    DB_HOSTNAME: ${IMMICH_DB_HOSTNAME}
    DB_USERNAME: ${IMMICH_POSTGRES_USER}
    DB_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
    DB_DATABASE_NAME: ${IMMICH_POSTGRES_DB}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the database service entirely
 immich-server:
  # ... other config ...
  environment:
    DB_HOSTNAME: postgres
    DB_USERNAME: immich_user
    DB_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
    DB_DATABASE_NAME: immich
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default
 ```
 ### 4. Shlink
 **Current configuration in `shlink/docker-compose.yml`:**
 ```yaml
 shlink_db:
  image: postgres:17
  container_name: shlink_db
  restart: always
  volumes:
    - ${SHLINK_POSTGRES_DIR}:/var/lib/postgresql/data
  environment:
    POSTGRES_DB: ${SHLINK_POSTGRES_DB}
    POSTGRES_USER: ${SHLINK_POSTGRES_USER}
    POSTGRES_PASSWORD: ${SHLINK_POSTGRES_PASSWORD}
  ports:
    - 5436:5432
 shlink:
  # ... other config ...
  environment:
    DB_HOST: shlink_db
    DB_NAME: ${SHLINK_POSTGRES_DB}
    DB_USER: ${SHLINK_POSTGRES_USER}
    DB_PASSWORD: ${SHLINK_POSTGRES_PASSWORD}
 ```
 **Updated configuration:**
 ```yaml
 # Remove the shlink_db service entirely
 shlink:
  # ... other config ...
  environment:
    DB_HOST: postgres
    DB_NAME: shlink
    DB_USER: shlink_user
    DB_PASSWORD: ${SHLINK_POSTGRES_PASSWORD}
  depends_on:
    - postgres  # Add this dependency
  networks:
    - default
 ```
 ## General Pattern
 For each service:
 1. **Remove** the service-specific database container
 2. **Update** the main service container's environment variables:
   - `POSTGRES_HOST`/`DB_HOST` → `postgres`
   - `POSTGRES_PORT`/`DB_PORT` → `5432`
   - `POSTGRES_DB`/`DB_NAME` → `<service_name>` (e.g., `synapse`, `paperless`)
   - `POSTGRES_USER`/`DB_USER` → `<service_name>_user`
   - `POSTGRES_PASSWORD`/`DB_PASSWORD` → `${SERVICE_POSTGRES_PASSWORD}` (keep existing)
 3. **Add dependency** on `postgres` service
 4. **Update network** configuration if needed (ensure services can reach postgres container)
 ## Testing Migration
 After updating each service:
 1. **Stop the service**: `docker-compose down`
 2. **Start with new config**: `docker-compose up -d`
 3. **Check logs**: `docker-compose logs -f`
 4. **Test functionality**: Verify the service works correctly
 5. **Rollback plan**: Keep old database container until migration is confirmed successful
 ## Network Considerations
 Ensure all services are on the same Docker network or can reach the `central_postgres` container. You may need to:
 1. Add services to the same network
 2. Use Docker's internal DNS
 3. Configure network aliases if needed
 ## Password Management
 Keep using the same password variables but ensure they match the central database user passwords. The migration script preserves existing passwords for seamless transition.
--- a/central-database/README.md
+++ b/central-database/README.md
@@ -1,145 +0,0 @@
 # Central PostgreSQL Database Consolidation
 This directory contains the configuration for consolidating all PostgreSQL databases into a single PostgreSQL 18 instance with schema isolation.
 ## Architecture
 ### Before (Multiple Containers)
 ```
 ┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
 │ Synapse DB      │    │ Paperless DB    │    │ Immich DB       │
 │ PostgreSQL 17    │    │ PostgreSQL 17    │    │ PostgreSQL 14    │
 └─────────────────┘    └─────────────────┘    └─────────────────┘
      Port 5442          Port 5434          Port 5433
 ```
 ### After (Single Container)
 ```
 ┌─────────────────────────────────────────────────────┐
 │ PostgreSQL 18 (container name: postgres)          │
 │                                                     │
 │  ┌─────────────────┐  ┌─────────────────┐          │
 │  │ synapse        │  │ paperless       │          │
 │  │ database       │  │ database       │          │
 │  └─────────────────┘  └─────────────────┘          │
 │                                                     │
 │  ┌─────────────────┐  ┌─────────────────┐          │
 │  │ immich          │  │ shlink          │          │
 │  │ database       │  │ database       │          │
 │  └─────────────────┘  └─────────────────┘          │
 │                                                     │
 │  Extensions: vector, pg_vectorscale                │
 └─────────────────────────────────────────────────────┘
                     Port 5432
 ```
 ## Setup Instructions
 ### 1. Setup Environment
 ```bash
 cd central-database
 cp .env.template .env
 # Edit .env with your actual passwords (do not commit this file)
 ```
 ### 2. Build and Start PostgreSQL Container
 ```bash
 docker-compose up -d --build postgres
 ```
 ### 3. Verify Database is Running
 ```bash
 docker-compose logs -f postgres
 docker-compose exec postgres psql -U admin -c "\l"
 ```
 ### 4. Migrate Services
 Use the generic migration script for each service:
 ```bash
 # Set environment variables (or use .env file)
 export SYNAPSE_POSTGRES_PASSWORD="your_actual_password"
 # Example: Migrate Synapse
 ./migrate_service.sh synapse localhost 5442 synapse synapse_password synapse
 # Example: Migrate Paperless
 ./migrate_service.sh paperless localhost 5434 paperless paperless_password paperless
 ```
 ### 5. Update Service Configurations
 After migration, update each service's docker-compose.yml to point to the central postgres container:
 ```yaml
 # Example for Synapse
 environment:
  POSTGRES_HOST: postgres
  POSTGRES_PORT: 5432
  POSTGRES_DB: synapse
  POSTGRES_USER: synapse_user
  POSTGRES_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
 ```
 ## Migration Order Recommendation
 1. **Non-critical services first**: shlink, spliit
 2. **Document management**: paperless
 3. **Media services**: immich, audiomuse
 4. **Matrix ecosystem**: mas, signal, whatsapp, synapse
 ## Backup Strategy
 ### Full Backup (all databases)
 ```bash
 docker-compose exec postgres pg_dumpall -U admin > full_backup_$(date +%Y%m%d).sql
 ```
 ### Individual Database Backup
 ```bash
 # Backup specific database
 docker-compose exec postgres pg_dump -U synapse_user -d synapse > synapse_backup_$(date +%Y%m%d).sql
 # Backup all databases individually
 for db in synapse mas signal whatsapp paperless immich shlink spliit audiomuse; do
  docker-compose exec postgres pg_dump -U ${db}_user -d $db > ${db}_backup_$(date +%Y%m%d).sql
 done
 ```
 ### Automated Backup (add to cron)
 ```bash
 #!/bin/bash
 # Daily backup script
 BACKUP_DIR="/backups/postgres"
 mkdir -p $BACKUP_DIR
 # Full backup
 docker-compose -f /path/to/central-database/docker-compose.yml exec postgres pg_dumpall -U admin | gzip > $BACKUP_DIR/full_backup_$(date +%Y%m%d_%H%M%S).sql.gz
 # Individual database backups
 for db in synapse mas signal whatsapp paperless immich shlink spliit audiomuse; do
  docker-compose -f /path/to/central-database/docker-compose.yml exec postgres pg_dump -U ${db}_user -d $db | gzip > $BACKUP_DIR/${db}_backup_$(date +%Y%m%d_%H%M%S).sql.gz
 done
 # Keep last 7 days
 find $BACKUP_DIR -name "*.sql.gz" -mtime +7 -delete
 ```
 ## Troubleshooting
 ### Connection Issues
 - Verify central database is running: `docker-compose ps`
 - Check logs: `docker-compose logs central_postgres`
 - Test connection: `psql -h localhost -p 5432 -U admin -d central_db`
 ### Permission Issues
 - Ensure service users have correct permissions on their schemas
 - Check schema ownership: `\dn+` in psql
 ### Extension Issues
 - Verify extensions are loaded: `\dx` in psql
 - Check PostgreSQL logs for extension errors
 ## Security Notes
 - Use strong passwords for all service users
 - Rotate passwords after migration
 - Consider using PostgreSQL role attributes for additional security
 - Enable SSL for production environments
--- a/central-database/docker-compose.yml
+++ b/central-database/docker-compose.yml
@@ -1,23 +0,0 @@
 services:
  postgres:
    build: .
    container_name: postgres
    restart: always
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: admin
      POSTGRES_PASSWORD: ${POSTGRES_ADMIN_PASSWORD}
    ports:
      - "5432:5432"
    networks:
      - default
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U admin"]
      interval: 5s
      timeout: 5s
      retries: 5
 volumes:
  postgres_data:
    driver: local
--- a/central-database/init-postgres.sh
+++ b/central-database/init-postgres.sh
@@ -1,39 +0,0 @@
 #!/bin/bash
 set -e
 echo "Waiting for PostgreSQL to start..."
 until pg_isready -U admin -h localhost; do
  sleep 2
 done
 echo "PostgreSQL is ready. Creating databases and users..."
 # Create databases
 for db in matrix_synapse matrix_mas matrix_signal matrix_whatsapp paperless immich shlink spliit audiomuse; do
  echo "Creating database: $db"
  createdb -U admin "$db"
 done
 # Create users and set permissions
 for db in matrix_synapse matrix_mas matrix_signal matrix_whatsapp paperless immich shlink spliit audiomuse; do
  user="${db}_user"
  password_var="${user^^}_PASSWORD"
  password=${!password_var}
  if [ -z "$password" ]; then
    echo "Warning: Password for $user not set. Using default."
    password="default_password"
  fi
  echo "Creating user: $user"
  psql -U admin -c "CREATE USER $user WITH PASSWORD '$password';"
  psql -U admin -c "GRANT ALL PRIVILEGES ON DATABASE $db TO $user;"
  psql -U admin -c "ALTER DATABASE $db OWNER TO $user;"
 done
 # Enable extensions in immich database
 echo "Enabling extensions in immich database..."
 psql -U admin -d immich -c "CREATE EXTENSION IF NOT EXISTS vector;"
 psql -U admin -d immich -c "CREATE EXTENSION IF NOT EXISTS pg_vectorscale;"
 echo "PostgreSQL initialization complete!"
--- a/central-database/migrate_service.sh
+++ b/central-database/migrate_service.sh
@@ -1,106 +0,0 @@
 #!/bin/bash
 # Generic PostgreSQL service migration script
 # Usage: ./migrate_service.sh <service_name> <old_host> <old_port> <old_user> <old_password> <old_db>
 set -e
 if [ "$#" -ne 6 ]; then
    echo "Usage: $0 <service_name> <old_host> <old_port> <old_user> <old_password> <old_db>"
    exit 1
 fi
 SERVICE_NAME=$1
 OLD_HOST=$2
 OLD_PORT=$3
 OLD_USER=$4
 OLD_PASSWORD=$5
 OLD_DB=$6
 # Map service names to database names and users
 case $SERVICE_NAME in
    synapse)
        NEW_DB="synapse"
        NEW_USER="synapse_user"
        NEW_PASSWORD="${SYNAPSE_POSTGRES_PASSWORD}"
        ;;
    mas)
        NEW_DB="mas"
        NEW_USER="mas_user"
        NEW_PASSWORD="${MAS_POSTGRES_PASSWORD}"
        ;;
    signal)
        NEW_DB="signal"
        NEW_USER="signal_user"
        NEW_PASSWORD="${MAUTRIX_SIGNAL_POSTGRES_PASSWORD}"
        ;;
    whatsapp)
        NEW_DB="whatsapp"
        NEW_USER="whatsapp_user"
        NEW_PASSWORD="${MAUTRIX_WHATSAPP_POSTGRES_PASSWORD}"
        ;;
    paperless)
        NEW_DB="paperless"
        NEW_USER="paperless_user"
        NEW_PASSWORD="${PAPERLESS_POSTGRES_PASSWORD}"
        ;;
    immich)
        NEW_DB="immich"
        NEW_USER="immich_user"
        NEW_PASSWORD="${IMMICH_POSTGRES_PASSWORD}"
        ;;
    shlink)
        NEW_DB="shlink"
        NEW_USER="shlink_user"
        NEW_PASSWORD="${SHLINK_POSTGRES_PASSWORD}"
        ;;
    spliit)
        NEW_DB="spliit"
        NEW_USER="spliit_user"
        NEW_PASSWORD="${SPLIIT_POSTGRES_PASSWORD}"
        ;;
    audiomuse)
        NEW_DB="audiomuse"
        NEW_USER="audiomuse_user"
        NEW_PASSWORD="${AUDIOMUSE_POSTGRES_PASSWORD}"
        ;;
    *)
        echo "Unknown service: $SERVICE_NAME"
        exit 1
        ;;
 esac
 echo "Starting migration for $SERVICE_NAME to database $NEW_DB..."
 # Export from old database
 echo "Exporting data from $OLD_DB..."
 PGPASSWORD="$OLD_PASSWORD" pg_dump \
    -h "$OLD_HOST" \
    -p "$OLD_PORT" \
    -U "$OLD_USER" \
    -d "$OLD_DB" \
    -F custom \
    -f "/tmp/${SERVICE_NAME}_dump.custom"
 # Import to new database
 echo "Importing data to $NEW_DB database..."
 PGPASSWORD="$NEW_PASSWORD" pg_restore \
    -h localhost \
    -p 5432 \
    -U "$NEW_USER" \
    -d "$NEW_DB" \
    --clean \
    --if-exists \
    "/tmp/${SERVICE_NAME}_dump.custom"
 echo "Migration completed for $SERVICE_NAME!"
 # Clean up
 rm -f "/tmp/${SERVICE_NAME}_dump.custom"
 echo "You can now update your $SERVICE_NAME service configuration to use:"
 echo "  Host: localhost"
 echo "  Port: 5432"
 echo "  Database: $NEW_DB"
 echo "  User: $NEW_USER"
 echo "  Password: ***"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,17 +1,17 @@
 include:
  - audiobookshelf/docker-compose.yml
  - audiomuse/docker-compose.yml
  - baikal/docker-compose.yml
  - gitea/docker-compose.yml
  - immich/docker-compose.yml
  - jellyfin/docker-compose.yml
  - monitoring/docker-compose.yml
  - nextcloud/docker-compose.yml
  - paperless/docker-compose.yml
  - pihole/docker-compose.yml
  - pingvin/docker-compose.yml
  - pocketid/docker-compose.yml
-#  - spliit/docker-compose.yml migrated to k8s
+  - spliit/docker-compose.yml
  - shlink/docker-compose.yml
  - synapse/docker-compose.yml
-#  - updater/docker-compose.yml
+  - updater/docker-compose.yml
-#  - vaultwarden/docker-compose.yml
+  - vaultwarden/docker-compose.yml
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -14,7 +14,7 @@ services:
      - "3000:3000"
      - "2222:2222"
  gitea-runner:
-    image: gitea/act_runner:0.3.1
+    image: gitea/act_runner:0.2.13
    restart: always
    environment:
      CONFIG_FILE: /config.yaml
@@ -24,4 +24,4 @@ services:
    volumes:
      - ./runner-config.yaml:/config.yaml
      - ${GITEA_RUNNER_DATA_LOCATION}:/data
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock
--- a/immich/.env.example
+++ b/immich/.env.example
@@ -8,8 +8,3 @@ IMMICH_POSTGRES_USER=
 IMMICH_POSTGRES_PASSWORD=
 REDIS_HOSTNAME=
 IMMICH_EXTERNAL_MEDIA_LOCATION=
 # Default timezone for images without a timezone set
 TZ=
--- a/immich/docker-compose.yml
+++ b/immich/docker-compose.yml
@@ -1,13 +1,13 @@
 services:
  immich-server:
    container_name: immich_server
-    image: ghcr.io/immich-app/immich-server:v2.7.5
+    image: ghcr.io/immich-app/immich-server:v2.4.1
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
      - ${UPLOAD_LOCATION}:/data
      - ${IMMICH_EXTERNAL_MEDIA_LOCATION}:/external:ro
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -25,7 +25,7 @@ services:
  immich-machine-learning:
    container_name: immich_machine_learning
-    image: ghcr.io/immich-app/immich-machine-learning:v2.7.5
+    image: ghcr.io/immich-app/immich-machine-learning:v2.4.1
    volumes:
      - model-cache:/cache
    env_file:
--- a/jellyfin/docker-compose.yml
+++ b/jellyfin/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  jellyfin:
-    image: jellyfin/jellyfin:10.11.8
+    image: jellyfin/jellyfin:10.11.5
    user: ${JELLYFIN_USER_UID}:${JELLYFIN_USER_GID}
    network_mode: 'host'
    restart: always
--- a/monitoring/.env.example
+++ b/monitoring/.env.example
@@ -1,27 +0,0 @@
 GRAFANA_ADMIN_USER=
 GRAFANA_ADMIN_PASSWORD=
 GRAFANA_DOMAIN=
 GRAFANA_ROOT_URL=
 GRAFANA_DISABLE_LOGIN_FORM=false
 GRAFANA_SMTP_ENABLED=true
 GRAFANA_SMTP_HOST=
 GRAFANA_SMTP_USER=
 GRAFANA_SMTP_PASSWORD=
 GRAFANA_SMTP_FROM=
 GRAFANA_DATA_DIR=
 PROMETHEUS_CONFIG_PATH=
 PROMETHEUS_DATA_DIR=
 BLACKBOX_CONFIG_PATH=
 LOKI_CONFIG_PATH=
 LOKI_DATA_DIR=
 ALLOY_CONFIG_PATH=
 GMF_MATRIX_HOMESERVER=
 GMF_MATRIX_USER=
 GMF_MATRIX_TOKEN=
--- a/monitoring/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@@ -1,115 +0,0 @@
 services:
  # Prometheus - Metrics Collection
  prometheus:
    image: prom/prometheus:v3.10.0
    restart: unless-stopped
    ports:
      - "9091:9090"
    volumes:
      - ${PROMETHEUS_CONFIG_PATH}:/etc/prometheus/prometheus.yml:ro
      - ${PROMETHEUS_DATA_DIR}:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'
      - '--storage.tsdb.retention.time=200h'
      - '--web.enable-lifecycle'
      - '--web.enable-admin-api'
  # Grafana - Visualization Dashboard
  grafana:
    image: grafana/grafana:12.4.2
    restart: unless-stopped
    ports:
      - "3002:3000"
    volumes:
      - ${GRAFANA_DATA_DIR}:/var/lib/grafana
    environment:
      - GF_SECURITY_ADMIN_USER=${GRAFANA_ADMIN_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
      - GF_USERS_ALLOW_SIGN_UP=false
      - GF_SERVER_DOMAIN=${GRAFANA_DOMAIN}
      - GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL}
      - GF_AUTH_DISABLE_LOGIN_FORM=${GRAFANA_DISABLE_LOGIN_FORM}
      - GF_SMTP_ENABLED=${GRAFANA_SMTP_ENABLED}
      - GF_SMTP_HOST=${GRAFANA_SMTP_HOST}
      - GF_SMTP_USER=${GRAFANA_SMTP_USER}
      - GF_SMTP_PASSWORD=${GRAFANA_SMTP_PASSWORD}
      - GF_SMTP_FROM_ADDRESS=${GRAFANA_SMTP_FROM}
    depends_on:
      - prometheus
  loki:
    image: grafana/loki:3.7.1
    restart: unless-stopped
    ports:
      - "3100:3100"
    volumes:
      - ${LOKI_CONFIG_PATH}:/etc/loki/local-config.yaml
      - ${LOKI_DATA_DIR}:/loki
    command:
      - '-config.file=/etc/loki/local-config.yaml'
      - '-target=all'
  alloy:
    image: grafana/alloy:v1.16.0
    restart: unless-stopped
    ports:
      - "12345:12345"
    volumes:
      - ${ALLOY_CONFIG_PATH}:/etc/alloy/config.alloy:ro
      - /var/log:/var/log:ro
  # Node Exporter - Host System Metrics
  node_exporter:
    image: prom/node-exporter:v1.10.2
    restart: unless-stopped
    ports:
      - "9100:9100"
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
    command:
      - '--path.procfs=/host/proc'
      - '--path.rootfs=/rootfs'
      - '--path.sysfs=/host/sys'
      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
  # cAdvisor - Container Metrics
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:v0.55.1
    restart: unless-stopped
    privileged: true
    ports:
      - "8081:8080"
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
    devices:
      - /dev/kmsg
    command:
      - '--housekeeping_interval=30s'
      - '--max_housekeeping_interval=35s'
      - '--event_storage_event_limit=default=0'
      - '--event_storage_age_limit=default=0'
      - '--disable_metrics=disk,diskIO,tcp,udp,percpu,sched,process,hugetlb,referenced_memory'
      - '--docker_only=true'
  # Blackbox Exporter - Endpoint Monitoring
  blackbox_exporter:
    image: prom/blackbox-exporter:v0.28.0
    restart: unless-stopped
    ports:
      - "9115:9115"
    volumes:
      - ${BLACKBOX_CONFIG_PATH}:/etc/blackbox_exporter/config.yml
  grafana-matrix-forwarder:
    build: ./grafana-matrix-forwarder
    restart: unless-stopped
    env_file:
      - .env
--- a/monitoring/grafana-matrix-forwarder/Dockerfile
+++ b/monitoring/grafana-matrix-forwarder/Dockerfile
@@ -1,9 +0,0 @@
 FROM alpine
 # Create main app folder to run from
 WORKDIR /app
 # Copy compiled binary to release image
 COPY grafana-matrix-forwarder /app/grafana-matrix-forwarder
 ENTRYPOINT ["/app/grafana-matrix-forwarder"]
--- a/monitoring/grafana-matrix-forwarder/grafana-matrix-forwarder
+++ b/monitoring/grafana-matrix-forwarder/grafana-matrix-forwarder
--- a/paperless/docker-compose.yml
+++ b/paperless/docker-compose.yml
@@ -6,7 +6,7 @@ services:
      - ${PAPERLESS_REDIS_DATA_DIR}:/data
  db:
-    image: docker.io/library/postgres:17
+    image: docker.io/library/postgres:18
    restart: always
    volumes:
      - ${PAPERLESS_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
@@ -18,7 +18,7 @@ services:
      - 5434:5432
  paperless:
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.13
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.2
    restart: always
    depends_on:
      - db
@@ -49,7 +49,7 @@ services:
      PAPERLESS_REDIRECT_LOGIN_TO_SSO: true
  gotenberg:
-    image: docker.io/gotenberg/gotenberg:8.29.1
+    image: docker.io/gotenberg/gotenberg:8.25.1
    restart: always
    # The gotenberg chromium route is used to convert .eml files. We do not
@@ -60,5 +60,5 @@ services:
      - "--chromium-allow-list=file:///tmp/.*"
  tika:
-    image: docker.io/apache/tika:3.3.0.0
+    image: docker.io/apache/tika:3.2.3.0
    restart: always
--- a/pihole/docker-compose.yml
+++ b/pihole/docker-compose.yml
@@ -2,7 +2,7 @@
 services:
  pihole:
    container_name: pihole
-    image: pihole/pihole:2026.04.0
+    image: pihole/pihole:2025.11.1
    ports:
      # DNS Ports
      - "53:53/tcp"
--- a/pocketid/.env.example
+++ b/pocketid/.env.example
@@ -3,5 +3,3 @@ TRUST_PROXY=
 MAXMIND_LICENSE_KEY=
 PUID=
 PGID=
 ENCRYPTION_KEY=
 POCKETID_DATA_DIR=
--- a/pocketid/docker-compose.yml
+++ b/pocketid/docker-compose.yml
@@ -1,16 +1,17 @@
 services:
  pocket-id:
-    image: ghcr.io/pocket-id/pocket-id:v2.5.0
+    image: ghcr.io/pocket-id/pocket-id:v1.16.0
    restart: always
    env_file: .env
    ports:
      - "3043:1411"
    volumes:
-      - ${POCKETID_DATA_DIR}:/app/data
+      #TODO change this to a more appropriate location
      - ./data:/app/data
    # Optional healthcheck
    healthcheck:
      test: "curl -f http://localhost:1411/healthz"
      interval: 1m30s
      timeout: 5s
      retries: 2
-      start_period: 10s
+      start_period: 10s
--- a/shlink/docker-compose.yml
+++ b/shlink/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  shlink:
-    image: shlinkio/shlink:5.0
+    image: shlinkio/shlink:4.6
    container_name: shlink
    restart: always
    ports:
--- a/spliit/spliit.yaml
+++ b/spliit/spliit.yaml
@@ -1,119 +0,0 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: spliit
 ---
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: spliit-db
  namespace: spliit
 spec:
  instances: 1
  storage:
    size: 2Gi
  bootstrap:
    initdb:
      database: spliit
      owner: spliit
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: spliit
  namespace: spliit
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: spliit
  template:
    metadata:
      labels:
        app: spliit
    spec:
      containers:
        - name: spliit
          image: petersmit27/spliit:latest
          ports:
            - containerPort: 3000
          env:
            - name: POSTGRES_PRISMA_URL
              valueFrom:
                secretKeyRef:
                  name: spliit-db-app
                  key: uri
            - name: POSTGRES_URL_NON_POOLING
              valueFrom:
                secretKeyRef:
                  name: spliit-db-app
                  key: uri
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: spliit
  namespace: spliit
 spec:
  selector:
    app: spliit
  ports:
    - port: 3000
      targetPort: 3000
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: spliit
  namespace: spliit
 spec:
  parentRefs:
    - name: main
      namespace: envoy-gateway-system
      sectionName: https-smittenfeld
  hostnames:
    - split.smittenfeld.nl
  rules:
    - backendRefs:
        - name: spliit
          port: 3000
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: spliit-create-group
  namespace: spliit
 spec:
  parentRefs:
    - name: main
      namespace: envoy-gateway-system
      sectionName: https-smittenfeld
  hostnames:
    - split.smittenfeld.nl
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /groups/create
      backendRefs:
        - name: spliit
          port: 3000
 ---
 apiVersion: gateway.envoyproxy.io/v1alpha1
 kind: SecurityPolicy
 metadata:
  name: spliit-create-ip-restriction
  namespace: spliit
 spec:
  targetRefs:
    - group: gateway.networking.k8s.io
      kind: HTTPRoute
      name: spliit-create-group
  authorization:
    defaultAction: Deny
    rules:
      - action: Allow
        principal:
          clientCIDRs:
            - 188.91.195.91/32
--- a/synapse/docker-compose.yml
+++ b/synapse/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  element-call-auth-service:
-    image: ghcr.io/element-hq/lk-jwt-service:0.4.3
+    image: ghcr.io/element-hq/lk-jwt-service:0.4.0
    container_name: element-call-jwt
    hostname: auth-server
    environment:
@@ -13,7 +13,7 @@ services:
    ports:
      - 8071:8080
  element-call-livekit:
-    image: livekit/livekit-server:v1.11.0
+    image: livekit/livekit-server:v1.9.8
    command: --config /etc/livekit.yaml
    ports:
      - "7880:7880/tcp"
@@ -25,12 +25,12 @@ services:
      - ${LIVEKIT_CONFIG_DIR}/config.yaml:/etc/livekit.yaml:ro
  mautrix-signal:
    container_name: mautrix-signal
-    image: dock.mau.dev/mautrix/signal:v26.02.2
+    image: dock.mau.dev/mautrix/signal:v0.2512.0
    restart: always
    volumes:
      - ${MAUTRIX_SIGNAL_DATA_DIR}:/data
  mautrix-signal_db:
-    image: docker.io/library/postgres:17
+    image: docker.io/library/postgres:18
    restart: always
    volumes:
      - ${MAUTRIX_SIGNAL_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
@@ -42,7 +42,7 @@ services:
      - 5439:5432
  mautrix-whatsapp:
    container_name: mautrix-whatsapp
-    image: dock.mau.dev/mautrix/whatsapp:v0.2604.0
+    image: dock.mau.dev/mautrix/whatsapp:v0.2512.0
    #image: petersmit27/mautrix-whatsapp:latest
    restart: always
    volumes:
@@ -50,7 +50,7 @@ services:
    depends_on:
      - mautrix-whatsapp_db
  mautrix-whatsapp_db:
-    image: docker.io/library/postgres:17
+    image: docker.io/library/postgres:18
    restart: always
    volumes:
      - ${MAUTRIX_WHATSAPP_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
@@ -61,7 +61,7 @@ services:
    ports:
      - 5440:5432
  mas:
-    image: ghcr.io/element-hq/matrix-authentication-service:1.15.0
+    image: ghcr.io/element-hq/matrix-authentication-service:1.8.0
    restart: always
    working_dir: /config
    volumes:
@@ -73,7 +73,7 @@ services:
    depends_on:
      - mas_db
  mas_db:
-    image: docker.io/library/postgres:17
+    image: docker.io/library/postgres:18
    restart: always
    volumes:
      - ${MAS_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
@@ -84,7 +84,7 @@ services:
    ports:
      - 5441:5432
  synapse_db:
-    image: docker.io/library/postgres:17
+    image: docker.io/library/postgres:18
    restart: always
    volumes:
      - ${SYNAPSE_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
@@ -97,7 +97,7 @@ services:
      - 5442:5432
  synapse:
    container_name: synapse
-    image: matrixdotorg/synapse:v1.151.0
+    image: matrixdotorg/synapse:v1.144.0
    restart: always
    volumes:
      - ${SYNAPSE_CONFIG_DIR}:/data
@@ -107,10 +107,3 @@ services:
      - synapse_db
      - mas
      - mautrix-whatsapp
  element-admin:
    image: oci.element.io/element-admin:0.1.11
    restart: unless-stopped
    ports:
      - "8079:8080"
    environment:
      - SERVER_NAME=${MATRIX_DOMAIN}
--- a/updater/Dockerfile
+++ b/updater/Dockerfile
@@ -16,7 +16,7 @@ RUN echo \
 # Install git and docker-compose
 RUN apt-get update && \
-    apt-get install -y git docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-model-plugin && \
+    apt-get install -y git docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
    rm -rf /var/lib/apt/lists/*
 # Create .docker directory and set permissions
--- a/vaultwarden/docker-compose.yml
+++ b/vaultwarden/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
  vaultwarden:
    container_name: vaultwarden
-    image: vaultwarden/server:1.35.4
+    image: vaultwarden/server:1.34.3
    restart: always
    volumes:
      - ${VAULTWARDEN_DATA_LOCATION}:/data/