Update redis Docker tag to v8

audiobookshelf/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   audiobookshelf:
-    image: ghcr.io/advplyr/audiobookshelf:2.32.1
+    image: ghcr.io/advplyr/audiobookshelf:2.30.0
     restart: always
     ports:
       - 13378:80

audiomuse/docker-compose.yml

@@ -1,3 +1,4 @@
+version: '3.8'
 services:
   # Redis service for RQ (task queue)
   audiomuse-ai-redis:
@@ -21,8 +22,8 @@ services:
       POSTGRES_USER: ${AUDIOMUSE_POSTGRES_USER}
       POSTGRES_PASSWORD: ${AUDIOMUSE_POSTGRES_PASSWORD}
       POSTGRES_DB: ${AUDIOMUSE_POSTGRES_DB}
-    ports:
+#    ports:
-      - "5435:5432" # Expose PostgreSQL port to the host
+#      - "5432:5432" # Expose PostgreSQL port to the host
     volumes:
       - postgres-data:/var/lib/postgresql/data # Persistent storage for PostgreSQL data
     networks:
@@ -31,7 +32,7 @@ services:
 
   # AudioMuse-AI Flask application service
   audiomuse-ai-flask:
-    image: ghcr.io/neptunehub/audiomuse-ai:0.8.9 # Reflects deployment.yaml
+    image: ghcr.io/neptunehub/audiomuse-ai:latest # Reflects deployment.yaml
     container_name: audiomuse-ai-flask-app
     ports:
       - "8013:8000"
@@ -69,7 +70,7 @@ services:
 
   # AudioMuse-AI RQ Worker service
   audiomuse-ai-worker:
-    image: ghcr.io/neptunehub/audiomuse-ai:0.8.9 # Reflects deployment.yaml
+    image: ghcr.io/neptunehub/audiomuse-ai:latest # Reflects deployment.yaml
     container_name: audiomuse-ai-worker-instance
     env_file:
       - .env

baikal/.env.example

@@ -0,0 +1,2 @@
+BAIKAL_CONFIG_DIR=
+BAIKAL_DATA_DIR=

baikal/docker-compose.yml

@@ -0,0 +1,11 @@
+services:
+  baikal:
+    image: ckulka/baikal:0.10.1-nginx
+    restart: always
+    ports:
+      - "8083:80"
+    volumes:
+      - ${BAIKAL_CONFIG_DIR}:/var/www/baikal/config
+      - ${BAIKAL_DATA_DIR}:/var/www/baikal/Specific
+    env_file:
+      - .env

docker-compose.yml

@@ -1,17 +1,18 @@
 include:
   - audiobookshelf/docker-compose.yml
   - audiomuse/docker-compose.yml
+  - baikal/docker-compose.yml
   - gitea/docker-compose.yml
   - immich/docker-compose.yml
   - jellyfin/docker-compose.yml
-  - monitoring/docker-compose.yml
   - nextcloud/docker-compose.yml
   - paperless/docker-compose.yml
   - pihole/docker-compose.yml
   - pingvin/docker-compose.yml
   - pocketid/docker-compose.yml
+  - postgres/docker-compose.yml
   - spliit/docker-compose.yml
   - shlink/docker-compose.yml
   - synapse/docker-compose.yml
-#  - updater/docker-compose.yml
+  - updater/docker-compose.yml
   - vaultwarden/docker-compose.yml

gitea/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   gitea:
     container_name: gitea
-    image: gitea/gitea:1.25.2-rootless
+    image: gitea/gitea:1.25.1-rootless
     restart: always
     volumes:
       - ${GITEA_DATA_LOCATION}:/var/lib/gitea
@@ -14,7 +14,7 @@ services:
       - "3000:3000"
       - "2222:2222"
   gitea-runner:
-    image: gitea/act_runner:0.3.0
+    image: gitea/act_runner:0.2.13
     restart: always
     environment:
       CONFIG_FILE: /config.yaml

immich/.env.example

@@ -8,8 +8,3 @@ IMMICH_POSTGRES_USER=
 IMMICH_POSTGRES_PASSWORD=
 
 REDIS_HOSTNAME=
-
-IMMICH_EXTERNAL_MEDIA_LOCATION=
-
-# Default timezone for images without a timezone set
-TZ=

immich/docker-compose.updated.yml

@@ -0,0 +1,48 @@
+services:
+  immich-server:
+    container_name: immich_server
+    image: ghcr.io/immich-app/immich-server:v2.2.3
+    volumes:
+      - ${UPLOAD_LOCATION}:/data
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - .env
+    environment:
+      DB_HOSTNAME: shared-postgres
+      DB_PORT: 5432
+      DB_USERNAME: ${IMMICH_POSTGRES_USER}
+      DB_PASSWORD: ${IMMICH_POSTGRES_PASSWORD}
+      DB_DATABASE_NAME: ${IMMICH_POSTGRES_DB}
+    ports:
+      - '2283:2283'
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+      redis:
+        condition: service_started
+    restart: always
+    networks:
+      - postgres-network
+
+  immich-machine-learning:
+    container_name: immich_machine_learning
+    image: ghcr.io/immich-app/immich-machine-learning:v2.2.3
+    volumes:
+      - model-cache:/cache
+    env_file:
+      - .env
+    restart: always
+
+  redis:
+    container_name: immich_redis
+    image: docker.io/redis:7.4-alpine@sha256:1bf97f21f01b0e7bd4b7b34a26d3b9d8086e41e70c10f262e8a9e0b49b5116a0
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: always
+
+volumes:
+  model-cache:
+
+networks:
+  postgres-network:
+    external: true

immich/docker-compose.yml

@@ -1,13 +1,13 @@
 services:
   immich-server:
     container_name: immich_server
-    image: ghcr.io/immich-app/immich-server:v2.5.6
+    image: ghcr.io/immich-app/immich-server:v2.3.1
     # extends:
     #   file: hwaccel.transcoding.yml
     #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
       - ${UPLOAD_LOCATION}:/data
-      - ${IMMICH_EXTERNAL_MEDIA_LOCATION}:/external:ro
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
@@ -25,7 +25,7 @@ services:
 
   immich-machine-learning:
     container_name: immich_machine_learning
-    image: ghcr.io/immich-app/immich-machine-learning:v2.5.6
+    image: ghcr.io/immich-app/immich-machine-learning:v2.3.1
     volumes:
       - model-cache:/cache
     env_file:
@@ -34,7 +34,7 @@ services:
 
   redis:
     container_name: immich_redis
-    image: docker.io/valkey/valkey:9@sha256:fb8d272e529ea567b9bf1302245796f21a2672b8368ca3fcb938ac334e613c8f
+    image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
     healthcheck:
       test: redis-cli ping || exit 1
     restart: always

jellyfin/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   jellyfin:
-    image: jellyfin/jellyfin:10.11.6
+    image: jellyfin/jellyfin:10.11.3
     user: ${JELLYFIN_USER_UID}:${JELLYFIN_USER_GID}
     network_mode: 'host'
     restart: always

monitoring/.env.example

@@ -1,27 +0,0 @@
-GRAFANA_ADMIN_USER=
-GRAFANA_ADMIN_PASSWORD=
-GRAFANA_DOMAIN=
-GRAFANA_ROOT_URL=
-GRAFANA_DISABLE_LOGIN_FORM=false
-
-GRAFANA_SMTP_ENABLED=true
-GRAFANA_SMTP_HOST=
-GRAFANA_SMTP_USER=
-GRAFANA_SMTP_PASSWORD=
-GRAFANA_SMTP_FROM=
-
-GRAFANA_DATA_DIR=
-
-PROMETHEUS_CONFIG_PATH=
-PROMETHEUS_DATA_DIR=
-
-BLACKBOX_CONFIG_PATH=
-
-LOKI_CONFIG_PATH=
-LOKI_DATA_DIR=
-
-ALLOY_CONFIG_PATH=
-
-GMF_MATRIX_HOMESERVER=
-GMF_MATRIX_USER=
-GMF_MATRIX_TOKEN=

monitoring/docker-compose.yml

@@ -1,115 +0,0 @@
-services:
-  # Prometheus - Metrics Collection
-  prometheus:
-    image: prom/prometheus:v3.9.1
-    restart: unless-stopped
-    ports:
-      - "9091:9090"
-    volumes:
-      - ${PROMETHEUS_CONFIG_PATH}:/etc/prometheus/prometheus.yml:ro
-      - ${PROMETHEUS_DATA_DIR}:/prometheus
-    command:
-      - '--config.file=/etc/prometheus/prometheus.yml'
-      - '--storage.tsdb.path=/prometheus'
-      - '--web.console.libraries=/etc/prometheus/console_libraries'
-      - '--web.console.templates=/etc/prometheus/consoles'
-      - '--storage.tsdb.retention.time=200h'
-      - '--web.enable-lifecycle'
-      - '--web.enable-admin-api'
-
-  # Grafana - Visualization Dashboard
-  grafana:
-    image: grafana/grafana:12.4.0
-    restart: unless-stopped
-    ports:
-      - "3002:3000"
-    volumes:
-      - ${GRAFANA_DATA_DIR}:/var/lib/grafana
-    environment:
-      - GF_SECURITY_ADMIN_USER=${GRAFANA_ADMIN_USER}
-      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
-      - GF_USERS_ALLOW_SIGN_UP=false
-      - GF_SERVER_DOMAIN=${GRAFANA_DOMAIN}
-      - GF_SERVER_ROOT_URL=${GRAFANA_ROOT_URL}
-      - GF_AUTH_DISABLE_LOGIN_FORM=${GRAFANA_DISABLE_LOGIN_FORM}
-      - GF_SMTP_ENABLED=${GRAFANA_SMTP_ENABLED}
-      - GF_SMTP_HOST=${GRAFANA_SMTP_HOST}
-      - GF_SMTP_USER=${GRAFANA_SMTP_USER}
-      - GF_SMTP_PASSWORD=${GRAFANA_SMTP_PASSWORD}
-      - GF_SMTP_FROM_ADDRESS=${GRAFANA_SMTP_FROM}
-    depends_on:
-      - prometheus
-
-  loki:
-    image: grafana/loki:3.6.7
-    restart: unless-stopped
-    ports:
-      - "3100:3100"
-    volumes:
-      - ${LOKI_CONFIG_PATH}:/etc/loki/local-config.yaml
-      - ${LOKI_DATA_DIR}:/loki
-    command:
-      - '-config.file=/etc/loki/local-config.yaml'
-      - '-target=all'
-
-  alloy:
-    image: grafana/alloy:v1.13.2
-    restart: unless-stopped
-    ports:
-      - "12345:12345"
-    volumes:
-      - ${ALLOY_CONFIG_PATH}:/etc/alloy/config.alloy:ro
-      - /var/log:/var/log:ro
-
-  # Node Exporter - Host System Metrics
-  node_exporter:
-    image: prom/node-exporter:v1.10.2
-    restart: unless-stopped
-    ports:
-      - "9100:9100"
-    volumes:
-      - /proc:/host/proc:ro
-      - /sys:/host/sys:ro
-      - /:/rootfs:ro
-    command:
-      - '--path.procfs=/host/proc'
-      - '--path.rootfs=/rootfs'
-      - '--path.sysfs=/host/sys'
-      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
-
-  # cAdvisor - Container Metrics
-  cadvisor:
-    image: gcr.io/cadvisor/cadvisor:v0.55.1
-    restart: unless-stopped
-    privileged: true
-    ports:
-      - "8081:8080"
-    volumes:
-      - /:/rootfs:ro
-      - /var/run:/var/run:ro
-      - /sys:/sys:ro
-      - /var/lib/docker/:/var/lib/docker:ro
-    devices:
-      - /dev/kmsg
-    command:
-      - '--housekeeping_interval=30s'
-      - '--max_housekeeping_interval=35s'
-      - '--event_storage_event_limit=default=0'
-      - '--event_storage_age_limit=default=0'
-      - '--disable_metrics=disk,diskIO,tcp,udp,percpu,sched,process,hugetlb,referenced_memory'
-      - '--docker_only=true'
-
-  # Blackbox Exporter - Endpoint Monitoring
-  blackbox_exporter:
-    image: prom/blackbox-exporter:v0.28.0
-    restart: unless-stopped
-    ports:
-      - "9115:9115"
-    volumes:
-      - ${BLACKBOX_CONFIG_PATH}:/etc/blackbox_exporter/config.yml
-
-  grafana-matrix-forwarder:
-    build: ./grafana-matrix-forwarder
-    restart: unless-stopped
-    env_file:
-      - .env

monitoring/grafana-matrix-forwarder/Dockerfile

@@ -1,9 +0,0 @@
-FROM alpine
-
-# Create main app folder to run from
-WORKDIR /app
-
-# Copy compiled binary to release image
-COPY grafana-matrix-forwarder /app/grafana-matrix-forwarder
-
-ENTRYPOINT ["/app/grafana-matrix-forwarder"]

nextcloud/.env.example

@@ -1,2 +1,12 @@
-NEXTCLOUD_AIO_DIR=
+NEXTCLOUD_DOMAIN=
+
 NEXTCLOUD_DATA_DIR=
+
+NEXTCLOUD_POSTGRES_DATA_DIR=
+NEXTCLOUD_POSTGRES_DB=
+NEXTCLOUD_POSTGRES_USER=
+NEXTCLOUD_POSTGRES_PASSWORD=
+
+COLLABORA_DOMAIN=
+COLLABORA_USER=
+COLLABORA_PASSWORD=

nextcloud/docker-compose.updated.yml

@@ -0,0 +1,47 @@
+services:
+  nextcloud_db:
+    # Remove this service - using shared-postgres instead
+
+  nextcloud:
+    image: nextcloud:31.0.9
+    restart: always
+    ports:
+      - 8081:80
+    volumes:
+      - ${NEXTCLOUD_DATA_DIR}:/var/www/html
+    environment:
+      - POSTGRES_HOST=shared-postgres
+      - POSTGRES_PORT=5432
+      - POSTGRES_DB=${NEXTCLOUD_POSTGRES_DB}
+      - POSTGRES_USER=${NEXTCLOUD_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${NEXTCLOUD_POSTGRES_PASSWORD}
+      - REDIS_HOST=nextcloud-redis
+      - REDIS_PORT=6379
+      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+    networks:
+      - nextcloud
+      - postgres-network
+
+  cron:
+    image: nextcloud:31.0.9
+    container_name: nextcloud-cron
+    volumes:
+      - ${NEXTCLOUD_DATA_DIR}:/var/www/html
+    entrypoint: /cron.sh
+    restart: always
+    networks:
+      - nextcloud
+
+  nextcloud-redis:
+    image: redis:7
+    restart: always
+    networks:
+      - nextcloud
+
+networks:
+  nextcloud:
+  postgres-network:
+    external: true

nextcloud/docker-compose.yml

@@ -1,40 +1,50 @@
 services:
-  nextcloud-aio-mastercontainer:
+  nextcloud_db:
-    image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
+    image: docker.io/library/postgres:17
-    init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
+    restart: always
-    restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
-    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+      - ${NEXTCLOUD_POSTGRES_DATA_DIR}:/var/lib/postgresql/data
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
+    environment:
-    network_mode: bridge
+      POSTGRES_DB: ${NEXTCLOUD_POSTGRES_DB}
+      POSTGRES_USER: ${NEXTCLOUD_POSTGRES_USER}
+      POSTGRES_PASSWORD: ${NEXTCLOUD_POSTGRES_PASSWORD}
     ports:
-      - 8014:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
+      - 5438:5432
-    environment: # Is needed when using any of the options below
+    networks:
-      # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      - nextcloud
-      APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  nextcloud:
-      # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    image: nextcloud:32.0.1
-      # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    restart: always
-      # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
+    ports:
-      # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      - 8081:80
-      # DOCKER_API_VERSION: 1.44 # You can adjust the internally used docker api version with this variable. ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version
+    links:
-      # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
+      - db
-      NEXTCLOUD_DATADIR: ${NEXTCLOUD_DATA_DIR} # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+    volumes:
-      # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      - ${NEXTCLOUD_DATA_DIR}:/var/www/html
-      # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+    environment:
-      # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      - POSTGRES_HOST=nextcloud_db
-      # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      - POSTGRES_DB=${NEXTCLOUD_POSTGRES_DB}
-      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+      - POSTGRES_USER=${NEXTCLOUD_POSTGRES_USER}
-      # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      - POSTGRES_PASSWORD=${NEXTCLOUD_POSTGRES_PASSWORD}
-      # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
+      - REDIS_HOST=nextcloud-redis
-      # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      - REDIS_PORT=6379
-      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
+      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_DOMAIN}
-      # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
+    networks:
-      # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+      - nextcloud
-      # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
+  cron:
-      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+    image: nextcloud:32.0.1
+    container_name: nextcloud-cron
+    volumes:
+      - ${NEXTCLOUD_DATA_DIR}:/var/www/html
+    entrypoint: /cron.sh
+    restart: always
+    networks:
+      - nextcloud
+  nextcloud-redis:
+    image: redis:8
+    restart: always
+    networks:
+      - nextcloud
 
-
+networks:
-volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
+  nextcloud:
-  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work

paperless/docker-compose.updated.yml

@@ -0,0 +1,54 @@
+services:
+  broker:
+    image: docker.io/library/redis:7
+    restart: always
+    volumes:
+      - ${PAPERLESS_REDIS_DATA_DIR}:/data
+
+  paperless:
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.18.4
+    restart: always
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+      broker:
+        condition: service_started
+      gotenberg:
+        condition: service_started
+      tika:
+        condition: service_started
+    ports:
+      - "8070:8000"
+    volumes:
+      - ${PAPERLESS_DATA_DIR}:/usr/src/paperless/data
+      - ${PAPERLESS_MEDIA_DIR}:/usr/src/paperless/media
+      - ${PAPERLESS_EXPORT_DIR}/export:/usr/src/paperless/export
+      - ${PAPERLESS_CONSUME_DIR}:/usr/src/paperless/consume
+    env_file: .env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_DBHOST: shared-postgres
+      PAPERLESS_DBPORT: 5432
+      PAPERLESS_DBNAME: ${PAPERLESS_POSTGRES_DB}
+      PAPERLESS_DBUSER: ${PAPERLESS_POSTGRES_USER}
+      PAPERLESS_DBPASS: ${PAPERLESS_POSTGRES_PASSWORD}
+      PAPERLESS_TIKA_ENABLED: 1
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
+      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+      PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
+      USE_X_FORWARD_HOST: true
+      USE_X_FORWARDED_PORT: true
+      PAPERLESS_DISABLE_REGULAR_LOGIN: true
+      PAPERLESS_REDIRECT_LOGIN_TO_SSO: true
+    networks:
+      - postgres-network
+
+  gotenberg:
+    # ... existing gotenberg configuration ...
+
+  tika:
+    # ... existing tika configuration ...
+
+networks:
+  postgres-network:
+    external: true

paperless/docker-compose.yml

@@ -18,7 +18,7 @@ services:
       - 5434:5432
 
   paperless:
-    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.10
+    image: ghcr.io/paperless-ngx/paperless-ngx:2.19.4
     restart: always
     depends_on:
       - db
@@ -49,7 +49,7 @@ services:
       PAPERLESS_REDIRECT_LOGIN_TO_SSO: true
 
   gotenberg:
-    image: docker.io/gotenberg/gotenberg:8.27.0
+    image: docker.io/gotenberg/gotenberg:8.24.0
     restart: always
 
     # The gotenberg chromium route is used to convert .eml files. We do not

pihole/docker-compose.yml

@@ -2,7 +2,7 @@
 services:
   pihole:
     container_name: pihole
-    image: pihole/pihole:2026.02.0
+    image: pihole/pihole:2025.11.0
     ports:
       # DNS Ports
       - "53:53/tcp"

pocketid/.env.example

@@ -3,5 +3,3 @@ TRUST_PROXY=
 MAXMIND_LICENSE_KEY=
 PUID=
 PGID=
-ENCRYPTION_KEY=
-POCKETID_DATA_DIR=

pocketid/docker-compose.yml

@@ -1,12 +1,13 @@
 services:
   pocket-id:
-    image: ghcr.io/pocket-id/pocket-id:v2.3.0
+    image: ghcr.io/pocket-id/pocket-id:v1.15.0
     restart: always
     env_file: .env
     ports:
       - "3043:1411"
     volumes:
-      - ${POCKETID_DATA_DIR}:/app/data
+      #TODO change this to a more appropriate location
+      - ./data:/app/data
     # Optional healthcheck
     healthcheck:
       test: "curl -f http://localhost:1411/healthz"

postgres/.env.example

@@ -0,0 +1,2 @@
+SHARED_DB_PASSWORD=
+SHARED_DB_DATA_DIR=

postgres/docker-compose.yml

@@ -0,0 +1,35 @@
+services:
+  shared-postgres:
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
+    container_name: shared-postgres
+    restart: always
+    env_file:
+      # Env files for all services using this shared database
+      - ../spliit/.env
+      - ../shlink/.env
+      - ../immich/.env
+      - ../nextcloud/.env
+      - ../paperless/.env
+      - ../synapse/.env
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: ${SHARED_DB_PASSWORD}
+      POSTGRES_DB: postgres
+      POSTGRES_INITDB_ARGS: '--encoding=UTF-8 --locale=C --data-checksums'
+    volumes:
+      - ${SHARED_DB_DATA_DIR}:/var/lib/postgresql/data
+      - ./init-scripts:/docker-entrypoint-initdb.d:ro
+    ports:
+      - "5431:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - postgres-network
+
+networks:
+  postgres-network:
+    name: postgres-network
+    driver: bridge

postgres/init-scripts/01-init-databases.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+set -e
+
+# This script initializes all databases and users for the homelab services
+# It runs automatically when the PostgreSQL container starts for the first time
+
+echo "Creating databases and users for homelab services..."
+
+# Function to create database and user with restricted permissions
+create_db_and_user() {
+    local db_name=$1
+    local db_user=$2
+    local db_password=$3
+
+    echo "Creating database: $db_name with user: $db_user"
+
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+        -- Create database
+        CREATE DATABASE "$db_name";
+
+        -- Create user with password
+        CREATE USER "$db_user" WITH ENCRYPTED PASSWORD '$db_password';
+
+        -- Grant connection to the specific database only
+        GRANT CONNECT ON DATABASE "$db_name" TO "$db_user";
+
+        -- Make user owner of the database
+        ALTER DATABASE "$db_name" OWNER TO "$db_user";
+
+        -- Connect to the specific database to set schema permissions
+        \c "$db_name"
+
+        -- Grant schema permissions
+        GRANT ALL ON SCHEMA public TO "$db_user";
+        GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "$db_user";
+        GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO "$db_user";
+        GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO "$db_user";
+
+        -- Set default privileges for future objects
+        ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO "$db_user";
+        ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO "$db_user";
+        ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO "$db_user";
+
+        -- Switch back to postgres database
+        \c postgres
+EOSQL
+}
+
+# Create databases for each service
+# Using environment variables that will be set in your .env file
+
+# Spliit
+create_db_and_user "${SPLIIT_POSTGRES_DB}" "${SPLIIT_POSTGRES_USER}" "${SPLIIT_POSTGRES_PASSWORD}"
+
+# Shlink
+create_db_and_user "${SHLINK_POSTGRES_DB}" "${SHLINK_POSTGRES_USER}" "${SHLINK_POSTGRES_PASSWORD}"
+
+# Immich
+create_db_and_user "${IMMICH_POSTGRES_DB}" "${IMMICH_POSTGRES_USER}" "${IMMICH_POSTGRES_PASSWORD}"
+
+# Nextcloud
+create_db_and_user "${NEXTCLOUD_POSTGRES_DB}" "${NEXTCLOUD_POSTGRES_USER}" "${NEXTCLOUD_POSTGRES_PASSWORD}"
+
+# Paperless
+create_db_and_user "${PAPERLESS_POSTGRES_DB}" "${PAPERLESS_POSTGRES_USER}" "${PAPERLESS_POSTGRES_PASSWORD}"
+
+# Matrix and co
+create_db_and_user "${SYNAPSE_POSTGRES_DB}" "${SYNAPSE_POSTGRES_USER}" "${SYNAPSE_POSTGRES_PASSWORD}"
+create_db_and_user "${MAS_POSTGRES_DB}" "${MAS_POSTGRES_USER}" "${MAS_POSTGRES_PASSWORD}"
+create_db_and_user "${MAUTRIX_SIGNAL_POSTGRES_DB}" "${MAUTRIX_SIGNAL_POSTGRES_USER}" "${MAUTRIX_SIGNAL_POSTGRES_PASSWORD}"
+create_db_and_user "${MAUTRIX_WHATSAPP_POSTGRES_DB}" "${MAUTRIX_WHATSAPP_POSTGRES_USER}" "${MAUTRIX_WHATSAPP_POSTGRES_PASSWORD}"
+
+echo "Database initialization completed successfully!"

postgres/init-scripts/02-immich-extensions.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+# Enable vector extensions for Immich database
+echo "Enabling vector extensions for Immich database..."
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "${IMMICH_POSTGRES_DB}" <<-EOSQL
+    -- Create extensions as superuser
+    CREATE EXTENSION IF NOT EXISTS vectors;
+    CREATE EXTENSION IF NOT EXISTS earthdistance CASCADE;
+
+    -- Grant usage on the extension schemas to immich user
+    GRANT USAGE ON SCHEMA vectors TO ${IMMICH_POSTGRES_USER};
+    GRANT USAGE ON SCHEMA earthdistance TO ${IMMICH_POSTGRES_USER};
+
+    -- Grant all privileges on extension objects to immich user
+    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO ${IMMICH_POSTGRES_USER};
+    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA vectors TO ${IMMICH_POSTGRES_USER};
+    GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA vectors TO ${IMMICH_POSTGRES_USER};
+
+    GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA earthdistance TO ${IMMICH_POSTGRES_USER};
+    GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA earthdistance TO ${IMMICH_POSTGRES_USER};
+    GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA earthdistance TO ${IMMICH_POSTGRES_USER};
+
+    -- Set default privileges for future extension objects
+    ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON TABLES TO ${IMMICH_POSTGRES_USER};
+    ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON SEQUENCES TO ${IMMICH_POSTGRES_USER};
+    ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON FUNCTIONS TO ${IMMICH_POSTGRES_USER};
+
+    ALTER DEFAULT PRIVILEGES IN SCHEMA earthdistance GRANT ALL ON TABLES TO ${IMMICH_POSTGRES_USER};
+    ALTER DEFAULT PRIVILEGES IN SCHEMA earthdistance GRANT ALL ON SEQUENCES TO ${IMMICH_POSTGRES_USER};
+    ALTER DEFAULT PRIVILEGES IN SCHEMA earthdistance GRANT ALL ON FUNCTIONS TO ${IMMICH_POSTGRES_USER};
+EOSQL
+
+echo "Immich vector extensions enabled successfully!"

renovate.json

@@ -23,9 +23,7 @@
         "matrixdotorg/synapse",
         "ghcr.io/element-hq/matrix-authentication-service",
         "dock.mau.dev/mautrix/whatsapp",
-        "dock.mau.dev/mautrix/signal",
+        "dock.mau.dev/mautrix/signal"
-        "ghcr.io/element-hq/lk-jwt-service",
-        "livekit/livekit-server"
       ]
     }
   ]

shlink/docker-compose.updated.yml

@@ -0,0 +1,27 @@
+services:
+  shlink:
+    image: shlinkio/shlink:4.6
+    container_name: shlink
+    restart: always
+    ports:
+      - "8085:8080"
+    environment:
+      DEFAULT_DOMAIN: ${SHLINK_DOMAIN}
+      IS_HTTPS_ENABLED: ${SHLINK_IS_HTTPS_ENABLED}
+      GEOLITE_LICENSE_KEY: ${SHLINK_GEOIP_LICENSE_KEY}
+      INITIAL_API_KEY: ${SHLINK_API_KEY}
+      DB_DRIVER: postgres
+      DB_HOST: shared-postgres
+      DB_PORT: 5432
+      DB_NAME: ${SHLINK_POSTGRES_DB}
+      DB_USER: ${SHLINK_POSTGRES_USER}
+      DB_PASSWORD: ${SHLINK_POSTGRES_PASSWORD}
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+    networks:
+      - postgres-network
+
+networks:
+  postgres-network:
+    external: true

shlink/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   shlink:
-    image: shlinkio/shlink:5.0
+    image: shlinkio/shlink:4.6
     container_name: shlink
     restart: always
     ports:

spliit/docker-compose.updated.yml

@@ -0,0 +1,24 @@
+services:
+  spliit:
+    image: ghcr.io/spliit-app/spliit:1.19.0
+    restart: always
+    ports:
+      - 3001:3000
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+    env_file:
+      - .env
+    environment:
+      TZ: ${TZ}
+      POSTGRES_HOST: shared-postgres
+      POSTGRES_PORT: 5432
+      POSTGRES_DB: ${SPLIIT_POSTGRES_DB}
+      POSTGRES_USER: ${SPLIIT_POSTGRES_USER}
+      POSTGRES_PASSWORD: ${SPLIIT_POSTGRES_PASSWORD}
+    networks:
+      - postgres-network
+
+networks:
+  postgres-network:
+    external: true

spliit/docker-compose.yml

@@ -1,7 +1,6 @@
 services:
   spliit:
-    #image: ghcr.io/spliit-app/spliit:1.19.1
+    image: ghcr.io/spliit-app/spliit:1.19.1
-    image: petersmit27/spliit:latest
     restart: always
     ports:
       - 3001:3000

synapse/docker-compose.updated.yml

@@ -0,0 +1,105 @@
+services:
+  element-call-auth-service:
+    image: ghcr.io/element-hq/lk-jwt-service:0.3.0
+    container_name: element-call-jwt
+    hostname: auth-server
+    environment:
+      - LK_JWT_PORT=8080
+      - LIVEKIT_URL=https://${LIVEKIT_DOMAIN}/livekit/sfu
+      - LIVEKIT_KEY=devkey
+      - LIVEKIT_SECRET=${LIVEKIT_SECRET_KEY}
+      - LIVEKIT_FULL_ACCESS_HOMESERVERS=${MATRIX_DOMAIN}
+    restart: always
+    ports:
+      - 8071:8080
+
+  element-call-livekit:
+    image: livekit/livekit-server:v1.9.3
+    command: --config /etc/livekit.yaml
+    ports:
+      - "7880:7880/tcp"
+      - "7881:7881/tcp"
+      - "7882:7882/tcp"
+      - "50100-50200:50100-50200/udp"
+    restart: always
+    volumes:
+      - ${LIVEKIT_CONFIG_DIR}/config.yaml:/etc/livekit.yaml:ro
+
+  mautrix-signal:
+    container_name: mautrix-signal
+    image: dock.mau.dev/mautrix/signal:v0.2511.0
+    restart: always
+    volumes:
+      - ${MAUTRIX_SIGNAL_DATA_DIR}:/data
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+    environment:
+      # Configure database connection for mautrix-signal
+      MAUTRIX_SIGNAL_DATABASE_TYPE: postgres
+      MAUTRIX_SIGNAL_DATABASE_URI: postgresql://${MAUTRIX_SIGNAL_POSTGRES_USER}:${MAUTRIX_SIGNAL_POSTGRES_PASSWORD}@shared-postgres:5432/${MAUTRIX_SIGNAL_POSTGRES_DB}?sslmode=disable
+    networks:
+      - postgres-network
+
+  mautrix-whatsapp:
+    container_name: mautrix-whatsapp
+    image: dock.mau.dev/mautrix/whatsapp:v0.2511.0
+    restart: always
+    volumes:
+      - ${MAUTRIX_WHATSAPP_DATA_DIR}:/data
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+    environment:
+      # Configure database connection for mautrix-whatsapp
+      MAUTRIX_WHATSAPP_DATABASE_TYPE: postgres
+      MAUTRIX_WHATSAPP_DATABASE_URI: postgresql://${MAUTRIX_WHATSAPP_POSTGRES_USER}:${MAUTRIX_WHATSAPP_POSTGRES_PASSWORD}@shared-postgres:5432/${MAUTRIX_WHATSAPP_POSTGRES_DB}?sslmode=disable
+    networks:
+      - postgres-network
+
+  mas:
+    image: ghcr.io/element-hq/matrix-authentication-service:1.6.0
+    restart: always
+    working_dir: /config
+    volumes:
+      - ${MAS_CONFIG_DIR}:/config
+    environment:
+      MAS_CONFIG: /config/config.yaml
+      # Database connection will be configured in the MAS config file
+      MAS_DATABASE_URL: postgresql://${MAS_POSTGRES_USER}:${MAS_POSTGRES_PASSWORD}@shared-postgres:5432/${MAS_POSTGRES_DB}?sslmode=disable
+    ports:
+      - "8090:8090"
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+    networks:
+      - postgres-network
+
+  synapse:
+    container_name: synapse
+    image: matrixdotorg/synapse:v1.142.1
+    restart: always
+    volumes:
+      - ${SYNAPSE_CONFIG_DIR}:/data
+    ports:
+      - "8008:8008"
+    environment:
+      # Synapse database connection will be configured in homeserver.yaml
+      SYNAPSE_DATABASE_HOST: shared-postgres
+      SYNAPSE_DATABASE_PORT: 5432
+      SYNAPSE_DATABASE_USER: ${SYNAPSE_POSTGRES_USER}
+      SYNAPSE_DATABASE_PASSWORD: ${SYNAPSE_POSTGRES_PASSWORD}
+      SYNAPSE_DATABASE_NAME: ${SYNAPSE_POSTGRES_DB}
+    depends_on:
+      shared-postgres:
+        condition: service_healthy
+      mas:
+        condition: service_started
+      mautrix-whatsapp:
+        condition: service_started
+    networks:
+      - postgres-network
+
+networks:
+  postgres-network:
+    external: true

synapse/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   element-call-auth-service:
-    image: ghcr.io/element-hq/lk-jwt-service:0.4.1
+    image: ghcr.io/element-hq/lk-jwt-service:0.3.0
     container_name: element-call-jwt
     hostname: auth-server
     environment:
@@ -13,7 +13,7 @@ services:
     ports:
       - 8071:8080
   element-call-livekit:
-    image: livekit/livekit-server:v1.9.11
+    image: livekit/livekit-server:v1.9.3
     command: --config /etc/livekit.yaml
     ports:
       - "7880:7880/tcp"
@@ -25,7 +25,7 @@ services:
       - ${LIVEKIT_CONFIG_DIR}/config.yaml:/etc/livekit.yaml:ro
   mautrix-signal:
     container_name: mautrix-signal
-    image: dock.mau.dev/mautrix/signal:v0.2602.1
+    image: dock.mau.dev/mautrix/signal:v0.2511.0
     restart: always
     volumes:
       - ${MAUTRIX_SIGNAL_DATA_DIR}:/data
@@ -42,7 +42,7 @@ services:
       - 5439:5432
   mautrix-whatsapp:
     container_name: mautrix-whatsapp
-    image: dock.mau.dev/mautrix/whatsapp:v0.2602.0
+    image: dock.mau.dev/mautrix/whatsapp:v0.2511.0
     #image: petersmit27/mautrix-whatsapp:latest
     restart: always
     volumes:
@@ -61,7 +61,7 @@ services:
     ports:
       - 5440:5432
   mas:
-    image: ghcr.io/element-hq/matrix-authentication-service:1.12.0
+    image: ghcr.io/element-hq/matrix-authentication-service:1.6.0
     restart: always
     working_dir: /config
     volumes:
@@ -97,7 +97,7 @@ services:
       - 5442:5432
   synapse:
     container_name: synapse
-    image: matrixdotorg/synapse:v1.148.0
+    image: matrixdotorg/synapse:v1.142.1
     restart: always
     volumes:
       - ${SYNAPSE_CONFIG_DIR}:/data
@@ -107,10 +107,3 @@ services:
       - synapse_db
       - mas
       - mautrix-whatsapp
-  element-admin:
-    image: oci.element.io/element-admin:0.1.10
-    restart: unless-stopped
-    ports:
-      - "8079:8080"
-    environment:
-      - SERVER_NAME=${MATRIX_DOMAIN}

updater/Dockerfile

@@ -1,5 +1,5 @@
 # Use the official PHP image with Apache
-FROM php:8.5-apache
+FROM php:8.4-apache
 
 # Add Docker's official GPG key:
 RUN apt-get update &&\
@@ -16,7 +16,7 @@ RUN echo \
 
 # Install git and docker-compose
 RUN apt-get update && \
-    apt-get install -y git docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-model-plugin && \
+    apt-get install -y git docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
     rm -rf /var/lib/apt/lists/*
 
 # Create .docker directory and set permissions

vaultwarden/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   vaultwarden:
     container_name: vaultwarden
-    image: vaultwarden/server:1.35.4
+    image: vaultwarden/server:1.34.3
     restart: always
     volumes:
       - ${VAULTWARDEN_DATA_LOCATION}:/data/