diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml
index 954a40a..d02b253 100644
--- a/.woodpecker/lint.yml
+++ b/.woodpecker/lint.yml
@@ -20,7 +20,7 @@ steps:
       - rm -rf output.txt
       - apt-get update
       - apt-get install -y curl
-      - curl -SL https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
+      - curl -SL https://github.com/docker/compose/releases/download/v2.33.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
       - chmod +x /usr/local/bin/docker-compose
       - bash .ci/lint_wrap.sh
   comment_2:
diff --git a/cicd-worker-pub-mep/woodpecker-runner/docker-compose.yaml b/cicd-worker-pub-mep/woodpecker-runner/docker-compose.yaml
index 8e6f763..2a91c8d 100644
--- a/cicd-worker-pub-mep/woodpecker-runner/docker-compose.yaml
+++ b/cicd-worker-pub-mep/woodpecker-runner/docker-compose.yaml
@@ -8,7 +8,7 @@ volumes:
 
 services:
   agent:
-    image: woodpeckerci/woodpecker-agent:latest
+    image: woodpeckerci/woodpecker-agent:next
     container_name: woodpecker_agent
     environment:
       - WOODPECKER_SERVER=grpc.cicd.gnous.eu:443
@@ -16,7 +16,8 @@ services:
       - WOODPECKER_GRPC_SECURE=true
       - WOODPECKER_GRPC_VERIFY=true
     env_file:
-      - .env
+      - path: .env
+        required: false
     restart: always
     volumes:
       - agent:/etc/woodpecker
diff --git a/compute-1-mep/forgejo/docker-compose.yaml b/compute-1-mep/forgejo/docker-compose.yaml
index c9d6469..39d221e 100644
--- a/compute-1-mep/forgejo/docker-compose.yaml
+++ b/compute-1-mep/forgejo/docker-compose.yaml
@@ -13,7 +13,8 @@ services:
     restart: always
     container_name: forgejo
     env_file:
-      - .env
+      - path: .env
+        required: false
     environment:
       - USER_UID=1000
       - USER_GID=1000
@@ -70,8 +71,6 @@ services:
       # web server
       - "traefik.http.services.forgejo-service-gnous.loadbalancer.server.port=3001"
       - "traefik.http.routers.forgejognous.rule=(Host(`git.gnous.eu`)  && !Path(`/metrics`))"
-      - "traefik.http.routers.forgejognous.tls=true"
-      - "traefik.http.routers.forgejognous.tls.certresolver=defaultacme"
       - "traefik.http.routers.forgejognous.entrypoints=websecure"
       - "traefik.http.routers.forgejognous.service=forgejo-service-gnous"
       - "traefik.http.routers.forgejognous.middlewares=proxyHeader@file,proxyError@file"
diff --git a/compute-1-mep/freshrss/docker-compose.yaml b/compute-1-mep/freshrss/docker-compose.yaml
index 29c954c..f2d1746 100644
--- a/compute-1-mep/freshrss/docker-compose.yaml
+++ b/compute-1-mep/freshrss/docker-compose.yaml
@@ -25,8 +25,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.freshrss.entryPoints=websecure"
       - "traefik.http.routers.freshrss.rule=Host(`rss.gnous.eu`)"
-      - "traefik.http.routers.freshrss.tls=true"
-      - "traefik.http.routers.freshrss.tls.certresolver=defaultacme"
       - "traefik.http.routers.freshrss.middlewares=proxyHeader@file,proxyError@file"
     env_file:
       - path: .env
diff --git a/compute-1-mep/haste/docker-compose.yaml b/compute-1-mep/haste/docker-compose.yaml
index a7ff82c..677e287 100644
--- a/compute-1-mep/haste/docker-compose.yaml
+++ b/compute-1-mep/haste/docker-compose.yaml
@@ -18,8 +18,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.gnoushaste.entryPoints=websecure"
       - "traefik.http.routers.gnoushaste.rule=Host(`haste.gnous.eu`)"
-      - "traefik.http.routers.gnoushaste.tls=true"
-      - "traefik.http.routers.gnoushaste.tls.certresolver=defaultacme"
       - "traefik.http.routers.gnoushaste.middlewares=proxyHeader@file,proxyError@file"
     env_file:
       - path: .env
diff --git a/compute-1-mep/renovate/docker-compose.yaml b/compute-1-mep/renovate/docker-compose.yaml
index 7a0e759..3c1e660 100644
--- a/compute-1-mep/renovate/docker-compose.yaml
+++ b/compute-1-mep/renovate/docker-compose.yaml
@@ -4,7 +4,7 @@ networks:
 
 services:
   renovate:
-    image: ghcr.io/renovatebot/renovate:39.170.2-full
+    image: ghcr.io/renovatebot/renovate:39.182.3-full
     restart: always
     environment:
       - LOG_LEVEL=info
@@ -14,4 +14,5 @@ services:
       - RENOVATE_GIT_AUTHOR=Renovate bot <renovate@gnous.eu>
       - RENOVATE_TOKEN=${RENOVATE_TOKEN}
     env_file:
-      - .env
+      - path: .env
+        required: false
\ No newline at end of file
diff --git a/compute-1-mep/searx/docker-compose.yaml b/compute-1-mep/searx/docker-compose.yaml
index a8c8dab..ec1b1a2 100644
--- a/compute-1-mep/searx/docker-compose.yaml
+++ b/compute-1-mep/searx/docker-compose.yaml
@@ -35,8 +35,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.searx.entryPoints=websecure"
       - "traefik.http.routers.searx.rule=Host(`searx.gnous.eu`)"
-      - "traefik.http.routers.searx.tls=true"
-      - "traefik.http.routers.searx.tls.certresolver=defaultacme"
       - "traefik.http.routers.searx.middlewares=proxyHeader@file,proxyError@file"
   redis:
     image: "redis:7.4-alpine"
diff --git a/compute-1-mep/traefik-kop/docker-compose.yaml b/compute-1-mep/traefik-kop/docker-compose.yaml
index 9385059..0981c74 100644
--- a/compute-1-mep/traefik-kop/docker-compose.yaml
+++ b/compute-1-mep/traefik-kop/docker-compose.yaml
@@ -5,6 +5,7 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     env_file:
-      - .env
+      - path: .env
+        required: false
     environment:
       - BIND_IP=10.100.2.2
diff --git a/compute-1-mep/wallabag/docker-compose.yaml b/compute-1-mep/wallabag/docker-compose.yaml
index 52fb18a..f14970a 100644
--- a/compute-1-mep/wallabag/docker-compose.yaml
+++ b/compute-1-mep/wallabag/docker-compose.yaml
@@ -48,8 +48,6 @@ services:
       # web server
       - "traefik.http.services.wallabag-service-gnous.loadbalancer.server.port=3009"
       - "traefik.http.routers.wallabaggnous.rule=Host(`bag.gnous.eu`)"
-      - "traefik.http.routers.wallabaggnous.tls=true"
-      - "traefik.http.routers.wallabaggnous.tls.certresolver=defaultacme"
       - "traefik.http.routers.wallabaggnous.entrypoints=websecure"
       - "traefik.http.routers.wallabaggnous.service=wallabag-service-gnous"
       - "traefik.http.routers.wallabaggnous.middlewares=proxyHeader@file,proxyError@file"
diff --git a/compute-1-mep/wiki/docker-compose.yaml b/compute-1-mep/wiki/docker-compose.yaml
index 9e0d7fd..3f68741 100644
--- a/compute-1-mep/wiki/docker-compose.yaml
+++ b/compute-1-mep/wiki/docker-compose.yaml
@@ -12,7 +12,5 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.wiki.entryPoints=websecure"
       - "traefik.http.routers.wiki.rule=Host(`wiki.gnous.eu`)"
-      - "traefik.http.routers.wiki.tls=true"
-      - "traefik.http.routers.wiki.tls.certresolver=defaultacme"
       - "traefik.http.routers.wiki.middlewares=proxyHeader@file,proxyError@file"
 
diff --git a/compute-2-mep/gitlab/docker-compose.yaml b/compute-2-mep/gitlab/docker-compose.yaml
index e4a9b5b..68a2eee 100644
--- a/compute-2-mep/gitlab/docker-compose.yaml
+++ b/compute-2-mep/gitlab/docker-compose.yaml
@@ -12,7 +12,7 @@ volumes:
 
 services:
   gitlab:
-    image: gitlab/gitlab-ce:17.9.0-ce.0
+    image: gitlab/gitlab-ce:17.9.1-ce.0
     container_name: gitlab
     restart: always
     hostname: "gitlab.gnous.eu"
@@ -48,16 +48,12 @@ services:
       # Web
       - "traefik.http.services.gitlab-gnous.loadbalancer.server.port=3005"
       - "traefik.http.routers.gitlabgnous.rule=Host(`gitlab.gnous.eu`)"
-      - "traefik.http.routers.gitlabgnous.tls=true"
-      - "traefik.http.routers.gitlabgnous.tls.certresolver=defaultacme"
       - "traefik.http.routers.gitlabgnous.entrypoints=websecure"
       - "traefik.http.routers.gitlabgnous.service=gitlab-gnous"
       - "traefik.http.routers.gitlabgnous.middlewares=proxyHeader@file,proxyError@file"
       # Registry
       - "traefik.http.services.registry-gnous.loadbalancer.server.port=3006"
       - "traefik.http.routers.registrygnous.rule=Host(`pkg.gnous.eu`)"
-      - "traefik.http.routers.registrygnous.tls=true"
-      - "traefik.http.routers.registrygnous.tls.certresolver=defaultacme"
       - "traefik.http.routers.registrygnous.entrypoints=websecure"
       - "traefik.http.routers.registrygnous.service=registry-gnous"
       - "traefik.http.routers.registrygnous.middlewares=proxyHeader@file,proxyError@file"
@@ -65,4 +61,8 @@ services:
       - "traefik.tcp.routers.gitlabssh.entrypoints=sshgitlab"
       - "traefik.tcp.routers.gitlabssh.rule=HostSNI(`*`)"
       - "traefik.tcp.routers.gitlabssh.service=gitlab-ssh"
-      - "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=3007"
+      - "traefik.tcp.services.gitlab-ssh.loadbalancer.server.address=gitlab:3007"
+      - "traefik.tcp.services.gitlab-ssh.loadbalancer.serversTransport=gitlabtransport"
+
+      # Define ServersTransport
+      - "traefik.tcp.serversTransports.gitlabtransport.terminationDelay=0"
\ No newline at end of file
diff --git a/compute-2-mep/gnous_frontend/docker-compose.yaml b/compute-2-mep/gnous_frontend/docker-compose.yaml
index 0f61b8b..d3f2ffb 100644
--- a/compute-2-mep/gnous_frontend/docker-compose.yaml
+++ b/compute-2-mep/gnous_frontend/docker-compose.yaml
@@ -13,6 +13,4 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.gnousdoteu.entryPoints=websecure"
       - "traefik.http.routers.gnousdoteu.rule=Host(`gnous.eu`)"
-      - "traefik.http.routers.gnousdoteu.tls=true"
-      - "traefik.http.routers.gnousdoteu.tls.certresolver=defaultacme"
       - "traefik.http.routers.gnousdoteu.middlewares=proxyHeader@file,proxyError@file"
diff --git a/compute-2-mep/mastodon/docker-compose.yaml b/compute-2-mep/mastodon/docker-compose.yaml
index 8ed3fa9..c73163f 100644
--- a/compute-2-mep/mastodon/docker-compose.yaml
+++ b/compute-2-mep/mastodon/docker-compose.yaml
@@ -33,8 +33,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.mastodon-web.entrypoints=websecure"
       - "traefik.http.routers.mastodon-web.rule=Host(`toot.gnous.eu`)"
-      - "traefik.http.routers.mastodon-web.tls=true"
-      - "traefik.http.routers.mastodon-web.tls.certresolver=defaultacme"
       - "traefik.http.routers.mastodon-web.middlewares=proxyHeader@file,proxyError@file"
       # Cron
       - "ofelia.enabled=true"
@@ -64,9 +62,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
       - "traefik.http.routers.mastodon-streaming.rule=(Host(`toot.gnous.eu`) && PathPrefix(`/api/v1/streaming`))"
-      - "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.mastodon-streaming.tls=true"
-      - "traefik.http.routers.mastodon-streaming.tls.certresolver=defaultacme"
       - "traefik.http.routers.mastodon-streaming.middlewares=proxyHeader@file,proxyError@file"
 
   sidekiq:
diff --git a/compute-2-mep/traefik-kop/docker-compose.yaml b/compute-2-mep/traefik-kop/docker-compose.yaml
index f2aca06..d54de00 100644
--- a/compute-2-mep/traefik-kop/docker-compose.yaml
+++ b/compute-2-mep/traefik-kop/docker-compose.yaml
@@ -5,6 +5,7 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     env_file:
-      - .env
+      - path: .env
+        required: false
     environment:
       - BIND_IP=10.100.2.3
diff --git a/compute-2-mep/vaultwarden/docker-compose.yaml b/compute-2-mep/vaultwarden/docker-compose.yaml
index 264601b..1c5d4ed 100644
--- a/compute-2-mep/vaultwarden/docker-compose.yaml
+++ b/compute-2-mep/vaultwarden/docker-compose.yaml
@@ -24,8 +24,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.vaultwarden.entryPoints=websecure"
       - "traefik.http.routers.vaultwarden.rule=Host(`pass.gnous.eu`)"
-      - "traefik.http.routers.vaultwarden.tls=true"
-      - "traefik.http.routers.vaultwarden.tls.certresolver=defaultacme"
       - "traefik.http.routers.vaultwarden.middlewares=proxyHeader@file,proxyError@file"
     restart: always
     volumes:
diff --git a/compute-2-mep/woodpecker/docker-compose.yaml b/compute-2-mep/woodpecker/docker-compose.yaml
index 0b9041d..941463b 100644
--- a/compute-2-mep/woodpecker/docker-compose.yaml
+++ b/compute-2-mep/woodpecker/docker-compose.yaml
@@ -9,7 +9,7 @@ volumes:
 
 services:
   server:
-    image: woodpeckerci/woodpecker-server:v3.1.0
+    image: woodpeckerci/woodpecker-server:v3.2.0
     container_name: woodpecker_server
     environment:
       - WOODPECKER_OPEN=true
@@ -40,8 +40,6 @@ services:
       # web server
       - "traefik.http.services.woodpecker-service-gnous.loadbalancer.server.port=4001"
       - "traefik.http.routers.woodpeckergnous.rule=Host(`cicd.gnous.eu`)"
-      - "traefik.http.routers.woodpeckergnous.tls=true"
-      - "traefik.http.routers.woodpeckergnous.tls.certresolver=defaultacme"
       - "traefik.http.routers.woodpeckergnous.entrypoints=websecure"
       - "traefik.http.routers.woodpeckergnous.service=woodpecker-service-gnous"
       - "traefik.http.routers.woodpeckergnous.middlewares=proxyHeader@file,proxyError@file"
@@ -49,8 +47,6 @@ services:
       - "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.port=4002"
       - "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.scheme=h2c"
       - "traefik.http.routers.woodpecker-grpc-gnous.rule=Host(`grpc.cicd.gnous.eu`)"
-      - "traefik.http.routers.woodpecker-grpc-gnous.tls=true"
-      - "traefik.http.routers.woodpecker-grpc-gnous.tls.certresolver=defaultacme"
       - "traefik.http.routers.woodpecker-grpc-gnous.entrypoints=websecure"
       - "traefik.http.routers.woodpecker-grpc-gnous.service=woodpecker-grpc-gnous"
       - "traefik.http.routers.woodpecker-grpc-gnous.middlewares=woodpecker-grpc-redirect@docker"
diff --git a/internals/komodo/docker-compose.yaml b/internals/komodo/docker-compose.yaml
index 9bec574..e2548a8 100644
--- a/internals/komodo/docker-compose.yaml
+++ b/internals/komodo/docker-compose.yaml
@@ -18,6 +18,7 @@ services:
     env_file:
       - path: ./core.env
       - path: ./.env
+        required: false
   core:
     image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
     restart: unless-stopped
@@ -32,6 +33,7 @@ services:
     env_file:
       - path: ./core.env
       - path: ./.env
+        required: false
     environment:
       KOMODO_DATABASE_ADDRESS: mongo:27017
       KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
@@ -43,8 +45,6 @@ services:
       - "traefik.http.routers.komodo.entryPoints=websecure"
       - "traefik.http.routers.komodo.rule=Host(`deploy.net.enpls.org`)"
       - "traefik.http.routers.komodo.tls=true"
-      - "traefik.http.routers.komodo.tls.certresolver=defaultacme"
-      - "traefik.http.routers.komodo.middlewares=proxyHeader@file,proxyError@file"
       - "komodo.skip:"
 
   periphery:
@@ -59,6 +59,7 @@ services:
     env_file:
       - path: ./core.env
       - path: ./.env
+        required: false
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /proc:/proc
diff --git a/internals/semaphore/docker-compose.yaml b/internals/semaphore/docker-compose.yaml
index 6fcfb7e..774a79c 100644
--- a/internals/semaphore/docker-compose.yaml
+++ b/internals/semaphore/docker-compose.yaml
@@ -6,7 +6,8 @@ services:
     volumes: 
      - db:/var/lib/postgresql/data
     env_file:
-      - .env
+      - path: .env
+        required: false
     environment:
      POSTGRES_USER: semaphore
      POSTGRES_DB: semaphore
@@ -16,7 +17,8 @@ services:
       - 8085:3000
     image: semaphoreui/semaphore:v2.12.14
     env_file:
-      - .env
+      - path: .env
+        required: false
     environment:
       SEMAPHORE_DB_USER: semaphore
       SEMAPHORE_DB_HOST: postgres
@@ -31,8 +33,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.services.semaphore-service.loadbalancer.server.port=8085"
       - "traefik.http.routers.semaphore.rule=Host(`semaphore.net.enpls.org`)"
-      - "traefik.http.routers.semaphore.tls=true"
-      - "traefik.http.routers.semaphore.tls.certresolver=defaultacme"
       - "traefik.http.routers.semaphore.entrypoints=websecure"
       - "traefik.http.routers.semaphore.service=semaphore-service"
       - "traefik.http.routers.semaphore.middlewares=proxyHeader@file,proxyError@file"
diff --git a/internals/traefik-kop/docker-compose.yaml b/internals/traefik-kop/docker-compose.yaml
index 1d7de67..69e9368 100644
--- a/internals/traefik-kop/docker-compose.yaml
+++ b/internals/traefik-kop/docker-compose.yaml
@@ -5,6 +5,7 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     env_file:
-      - .env
+      - path: .env
+        required: false
     environment:
       - BIND_IP=10.100.2.5
diff --git a/internals/wikijs/docker-compose.yaml b/internals/wikijs/docker-compose.yaml
index 9da6f4d..e645ef2 100644
--- a/internals/wikijs/docker-compose.yaml
+++ b/internals/wikijs/docker-compose.yaml
@@ -1,8 +1,9 @@
 services:
   db:
-    image: postgres:14
+    image: postgres:17
     env_file:
-      - .env
+      - path: .env
+        required: false
     logging:
       driver: "none"
     restart: unless-stopped
@@ -18,7 +19,8 @@ services:
       DB_HOST: db
       DB_PORT: 5432
     env_file:
-      - .env
+      - path: .env
+        required: false 
     restart: unless-stopped
     ports:
       - "8082:3000"
@@ -26,8 +28,6 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.wikijs.entryPoints=websecure"
       - "traefik.http.routers.wikijs.rule=Host(`doc.net.enpls.org`)"
-      - "traefik.http.routers.wikijs.tls=true"
-      - "traefik.http.routers.wikijs.tls.certresolver=defaultacme"
       - "traefik.http.routers.wikijs.middlewares=proxyHeader@file,proxyError@file"
 
 volumes:
diff --git a/internals/woodpecker-worker/docker-compose.yaml b/internals/woodpecker-worker/docker-compose.yaml
index 9494964..72addfb 100644
--- a/internals/woodpecker-worker/docker-compose.yaml
+++ b/internals/woodpecker-worker/docker-compose.yaml
@@ -12,7 +12,8 @@ services:
       - WOODPECKER_GRPC_SECURE=true
       - WOODPECKER_GRPC_VERIFY=true
     env_file:
-      - .env
+      - path: .env
+        required: false
     restart: always
     volumes:
       - agent:/etc/woodpecker
diff --git a/internals/woodpecker/docker-compose.yaml b/internals/woodpecker/docker-compose.yaml
index 7cbd98b..290f027 100644
--- a/internals/woodpecker/docker-compose.yaml
+++ b/internals/woodpecker/docker-compose.yaml
@@ -10,7 +10,7 @@ volumes:
 
 services:
   server:
-    image: woodpeckerci/woodpecker-server:v3.1.0
+    image: woodpeckerci/woodpecker-server:v3.2.0
     container_name: woodpecker_server
     environment:
       - WOODPECKER_OPEN=false
@@ -24,8 +24,10 @@ services:
       - WOODPECKER_GITEA=true
       - WOODPECKER_GITEA_URL=https://git.gnous.eu
       - WOODPECKER_DATABASE_DRIVER=postgres
+      - WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.2
     env_file:
-      - .env
+      - path: .env
+        required: false
     restart: always
     networks:
       - woodpecker
@@ -39,8 +41,6 @@ services:
       # web server
       - "traefik.http.services.woodpecker-service.loadbalancer.server.port=8083"
       - "traefik.http.routers.woodpecker.rule=Host(`build.net.enpls.org`)"
-      - "traefik.http.routers.woodpecker.tls=true"
-      - "traefik.http.routers.woodpecker.tls.certresolver=defaultacme"
       - "traefik.http.routers.woodpecker.entrypoints=websecure"
       - "traefik.http.routers.woodpecker.service=woodpecker-service"
       - "traefik.http.routers.woodpecker.middlewares=proxyHeader@file,proxyError@file"
@@ -48,8 +48,6 @@ services:
       - "traefik.http.services.woodpecker-grpc.loadbalancer.server.port=8084"
       - "traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme=h2c"
       - "traefik.http.routers.woodpecker-grpc-secure.rule=Host(`grpc.build.net.enpls.org`)"
-      - "traefik.http.routers.woodpecker-grpc-secure.tls=true"
-      - "traefik.http.routers.woodpecker-grpc-secure.tls.certresolver=defaultacme"
       - "traefik.http.routers.woodpecker-grpc-secure.entrypoints=websecure"
       - "traefik.http.routers.woodpecker-grpc-secure.service=woodpecker-grpc"
       - "traefik.http.routers.woodpecker-grpc.middlewares=woodpecker-grpc-redirect@docker"
@@ -58,10 +56,11 @@ services:
       - db
 
   db:
-    image: postgres:14-alpine
+    image: postgres:17-alpine
     restart: always
     env_file:
-      - .env
+      - path: .env
+        required: false
     networks:
       - woodpecker
     volumes: