env file is optional

change version for v-0.5
change db name

compute-1-mep/conduwuit/docker-compose.yaml

@@ -0,0 +1,75 @@
+# conduwuit - Behind Traefik Reverse Proxy
+
+services:
+  homeserver:
+    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
+    ### then you are ready to go.
+    image: girlbossceo/conduwuit:v0.5.0-rc3-b6e9dc3d98704c56027219d3775336910a0136c6
+    restart: unless-stopped
+    volumes:
+      - db:/var/lib/conduwuit
+      #- ./conduwuit.toml:/etc/conduwuit.toml
+    ports:
+      - 6167:6167
+    networks:
+      - proxy
+    environment:
+      CONDUWUIT_SERVER_NAME: matrix.gnous.eu
+      CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
+      CONDUWUIT_PORT: 6167 # pas touche, c'est le port de Docker
+      CONDUWUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
+      CONDUWUIT_ALLOW_REGISTRATION: 'true'
+      CONDUWUIT_ALLOW_FEDERATION: 'true'
+      CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+      CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+      CONDUWUIT_LOG: warn,state_res=warn
+      CONDUWUIT_ADDRESS: 0.0.0.0 # because in a container
+    env_file:
+      - path: .env
+        required: false
+
+    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
+    ulimits: # conduwuit uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
+      nofile:
+        soft: 1048567
+        hard: 1048567
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.mastodon-web.entrypoints=websecure"
+      - "traefik.http.routers.mastodon-web.rule=Host(`matrix.gnous.eu`)"
+      - "traefik.http.routers.mastodon-web.middlewares=proxyHeader@file,proxyError@file"
+
+      # volé depuis https://community.traefik.io/t/setting-up-conduit-matrix-server-with-traefik/19394
+      - "traefik.http.routers.to-conduit.middlewares=cors-headers@docker"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
+
+
+  ### Uncomment if you want to use your own Element-Web App.
+  ### Note: You need to provide a config.json for Element and you also need a second
+  ###       Domain or Subdomain for the communication between Element and conduwuit
+  ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
+  #element-web:
+  #    image: vectorim/element-web:latest
+  #    restart: unless-stopped
+  #    #volumes:
+  #    #    - ./element_config.json:/app/config.json
+  #    networks:
+  #        - proxy
+  #    ports:
+  #      - 3000:80
+  #    depends_on:
+  #        - homeserver
+
+volumes:
+  db:
+    driver: local
+
+networks:
+  # This is the network Traefik listens to, if your network has a different
+  # name, don't forget to change it here and in the docker-compose.override.yml
+  proxy:
+    external: true
+
+# vim: ts=2:sw=2:expandtab

compute-1-mep/forgejo/docker-compose.yaml

@@ -9,7 +9,7 @@ volumes:
 
 services:
   server:
-    image: codeberg.org/forgejo/forgejo:12.0.1
+    image: codeberg.org/forgejo/forgejo:10.0.1
     restart: always
     container_name: forgejo
     env_file:
@@ -82,7 +82,7 @@ services:
     depends_on:
       - cache
   cache:
-    image: "redis:8-alpine"
+    image: "redis:7-alpine"
     restart: always
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]

compute-1-mep/renovate/docker-compose.yaml

@@ -4,7 +4,7 @@ networks:
 
 services:
   renovate:
-    image: ghcr.io/renovatebot/renovate:41.43.2-full
+    image: ghcr.io/renovatebot/renovate:39.185.0-full
     restart: always
     environment:
       - LOG_LEVEL=info

compute-1-mep/restic/docker-compose.yaml

@@ -1,6 +1,6 @@
 services:
   backup:
-    image: mazzolino/restic:1.8.0
+    image: mazzolino/restic:1.7.2
     hostname: docker
     restart: unless-stopped
     environment:
@@ -31,7 +31,7 @@ services:
       - ./ssh:/run/secrets/.ssh:ro
 
   prune:
-    image: mazzolino/restic:1.8.0
+    image: mazzolino/restic:1.7.2
     hostname: docker
     restart: unless-stopped
     environment:

compute-1-mep/searx/docker-compose.yaml

@@ -8,7 +8,7 @@ volumes:
 
 services:
   server:
-    image: "searxng/searxng:2025.4.24-c6c6d3027"
+    image: "searxng/searxng:2025.1.6-6dab7fe78"
     depends_on:
       - "redis"
     environment:
@@ -37,7 +37,7 @@ services:
       - "traefik.http.routers.searx.rule=Host(`searx.gnous.eu`)"
       - "traefik.http.routers.searx.middlewares=proxyHeader@file,proxyError@file"
   redis:
-    image: "redis:8.0-alpine"
+    image: "redis:7.4-alpine"
     command: 'redis-server --save "" --appendonly "no"'
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]

compute-1-mep/traefik-kop/docker-compose.yaml

@@ -1,6 +1,6 @@
 services:
   traefik-kop:
-    image: "ghcr.io/jittering/traefik-kop:0.17"
+    image: "ghcr.io/jittering/traefik-kop:0.14"
     restart: unless-stopped
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock

compute-1-mep/wallabag/docker-compose.yaml

@@ -8,7 +8,7 @@ volumes:
 
 services:
   wallabag:
-    image: wallabag/wallabag:2.6.13
+    image: wallabag/wallabag:2.6.10
     restart: unless-stopped
     environment:
       - SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql

compute-2-mep/gitlab/docker-compose.yaml

@@ -12,7 +12,7 @@ volumes:
 
 services:
   gitlab:
-    image: gitlab/gitlab-ce:18.2.1-ce.0
+    image: gitlab/gitlab-ce:17.9.1-ce.0
     container_name: gitlab
     restart: always
     hostname: "gitlab.gnous.eu"

compute-2-mep/mastodon/.env.production

@@ -19,7 +19,7 @@ SMTP_FROM_ADDRESS=Mastodon <service@gnous.eu>
 S3_ENABLED=true
 S3_BUCKET=gnoustoot
 S3_REGION=fr-par
-S3_HOSTNAME=cdn.gnous.eu
+S3_HOSTNAME=obiwan.gnous.eu
 S3_ENDPOINT=https://s3.fr-par.scw.cloud
 
 ES_ENABLED=false

compute-2-mep/mastodon/docker-compose.yaml

@@ -5,7 +5,7 @@ networks:
 
 services:
   redis:
-    image: redis:8-alpine
+    image: redis:7-alpine
     restart: always
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
@@ -13,7 +13,7 @@ services:
       - mastodon
 
   web:
-    image: ghcr.io/mastodon/mastodon:v4.4.2
+    image: ghcr.io/mastodon/mastodon:v4.3.4
     restart: always
     env_file:
       - path: .env.production
@@ -42,7 +42,7 @@ services:
       - "ofelia.job-exec.clean-account.command=tootctl accounts cull"
 
   streaming:
-    image: ghcr.io/mastodon/mastodon-streaming:v4.4.2
+    image: ghcr.io/mastodon/mastodon-streaming:v4.3.4
     restart: always
     env_file:
       - path: .env.production
@@ -65,7 +65,7 @@ services:
       - "traefik.http.routers.mastodon-streaming.middlewares=proxyHeader@file,proxyError@file"
 
   sidekiq:
-    image: ghcr.io/mastodon/mastodon:v4.4.2
+    image: ghcr.io/mastodon/mastodon:v4.3.4
     restart: always
     env_file:
       - path: .env.production

compute-2-mep/restic/docker-compose.yaml

@@ -1,6 +1,6 @@
 services:
   backup:
-    image: mazzolino/restic:1.8.0
+    image: mazzolino/restic:1.7.2
     hostname: docker
     restart: unless-stopped
     environment:
@@ -28,7 +28,7 @@ services:
       - ./ssh:/run/secrets/.ssh:ro
 
   prune:
-    image: mazzolino/restic:1.8.0
+    image: mazzolino/restic:1.7.2
     hostname: docker
     restart: unless-stopped
     environment:

compute-2-mep/traefik-kop/docker-compose.yaml

@@ -1,6 +1,6 @@
 services:
   traefik-kop:
-    image: "ghcr.io/jittering/traefik-kop:0.17"
+    image: "ghcr.io/jittering/traefik-kop:0.14"
     restart: unless-stopped
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock

compute-2-mep/vaultwarden/docker-compose.yaml

@@ -8,7 +8,7 @@ volumes:
 
 services:
   vaultwarden:
-    image: vaultwarden/server:1.34.1
+    image: vaultwarden/server:1.33.2
     container_name: vaultwarden
     environment:
       - WEBSOCKET_ENABLED=true # Enable WebSocket notifications.

compute-2-mep/woodpecker/docker-compose.yaml

@@ -9,7 +9,7 @@ volumes:
 
 services:
   server:
-    image: woodpeckerci/woodpecker-server:v3.8.0
+    image: woodpeckerci/woodpecker-server:v3.2.0
     container_name: woodpecker_server
     environment:
       - WOODPECKER_OPEN=true

compute-gra/traefik/.env

@@ -1,20 +0,0 @@
-TRAEFIK_KOP_REDIS_ADDR=[[TRAEFIK_KOP_REDIS_ADDR]]
-TRAEFIK_KOP_REDIS_PASS=[[TRAEFIK_KOP_REDIS_PASS]]
-
-# TRACS3 ENV 
-TRACS_AWS_REGION=[[TRACS_AWS_REGION]]
-TRACS_S3_ENDPOINT=[[TRACS_S3_ENDPOINT]]
-TRACS_S3_ACCESS_KEY_ID=[[TRACS_S3_ACCESS_KEY_ID]]
-TRACS_S3_SECRET=[[TRACS_S3_SECRET]]
-TRACS_CLOSET_BUCKET=[[TRACS_CLOSET_BUCKET]]
-TRACS_CLOSET_PASSWORD=[[TRACS_CLOSET_PASSWORD]]
-AWS_CONFIGURE_PLUGINS=awscli_plugin_endpoint
-AWS_REQUEST_CHECKSUM_CALCULATION=WHEN_REQUIRED
-AWS_S3_SIGNATURE_VERSION=s3v4
-TRAEFIK_LOCAL_STORE=/certificates/
-TRAEFIK_OUTPUT_FILE=/configs/certificates.toml
-TRAEFIK_CERTIFICATE_DIR=/certificates/
-
-# TRACING
-OLTP_HTTP_ENDPOINT=[[OLTP_HTTP_ENDPOINT]]
-OLTP_HTTP_BASIC_AUTH=[[OLTP_HTTP_BASIC_AUTH]]

compute-gra/traefik/docker-compose.yaml

@@ -1,110 +0,0 @@
-services:
-  traefik:
-    image: "traefik:v3.5.0"
-    container_name: "traefik"
-    command:
-      - "--log.level=info"
-      - "--log.maxsize=100"
-      - "--log.maxage=3"
-
-      - "--metrics.prometheus=true"
-
-      - "--entryPoints.web.address=:80"
-      - "--entryPoints.web.http.redirections.entryPoint.to=webpublic"
-      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
-      - "--entryPoints.web.http.redirections.entryPoint.permanent=true"
-      - "--entryPoints.web.allowACMEByPass=true"
-      - "--entryPoints.websecure.address=:446"
-      - "--entryPoints.websecure.proxyProtocol.trustedIPs=172.0.0.0/8"
-      - "--entryPoints.webpublic.address=:443"
-      - "--entryPoints.webpublic.http.tls=true"
-      - "--entryPoints.webpublic.forwardedHeaders.trustedIPs=172.0.0.0/8"
-      - "--entryPoints.ssh.address=:2222"
-      - "--entryPoints.sshgitlab.address=:2223"
-
-      - "--providers.file.directory=/traefik"
-      - "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
-      - "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
-
-      - "--tracing=true"
-      - "--tracing.otlp=true"
-      - "--tracing.otlp.http=true"
-      - "--tracing.serviceName=traefik"
-      - "--tracing.sampleRate=0.2"
-      - "--tracing.otlp.http.endpoint=${OLTP_HTTP_ENDPOINT}"
-      - "--tracing.otlp.http.headers.Authorization=Basic ${OLTP_HTTP_BASIC_AUTH}"
-    restart: always
-    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "/etc/traefik/sites:/traefik"
-      - "certificates:/certificates"
-    network_mode: host
-
-  epee:
-    image: "git.gnous.eu/enpls/epee-service:stable"
-    restart: always
-    container_name: "epee"
-    ports:
-      - "5900:5900"
-    networks:
-      - traefik_internal
-
-  varnish:
-    image: varnish:7.7.1
-    restart: always
-    command: -F -a :445,PROXY -f /etc/varnish/default.vcl -T 127.0.0.1:6082 -t 120 -p thread_pool_min=50 -p thread_pool_max=1000 -p thread_pool_timeout=120 -i varnish -s malloc,2048M -n varnish
-    ports:
-      - 445:445
-    volumes:
-      - /etc/varnish:/etc/varnish
-      - "workdir:/var/lib/varnish"
-
-
-  tracs3:
-    image: ghcr.io/outout14/traefik-acme-s3:main
-    env_file:
-      - tracs3.env
-    command:
-      - "sync"
-    volumes:
-      - "/etc/traefik/sites:/configs"
-      - "certificates:/certificates"
-    network_mode: "host"
-    environment:
-      - AWS_REGION=${TRACS_AWS_REGION}
-      - AWS_DEFAULT_REGION=${TRACS_AWS_REGION}
-      - AWS_ENDPOINT_URL=${TRACS_S3_ENDPOINT}
-      - AWS_S3_ENDPOINT=${TRACS_S3_ENDPOINT}
-      - AWS_S3API_ENDPOINT=${TRACS_S3_ENDPOINT}
-
-      - AWS_ACCESS_KEY_ID=${TRACS_S3_ACCESS_KEY_ID}
-      - AWS_SECRET_ACCESS_KEY=${TRACS_S3_SECRET}
-
-      - CLOSET_BUCKET=${TRACS_CLOSET_BUCKET}
-      - CLOSET_PASSWORD=${TRACS_CLOSET_PASSWORD}
-
-  tracs3-certificate-sync:
-    image: mcuadros/ofelia:latest
-    restart: always
-    depends_on:
-      tracs3:
-        condition: service_completed_successfully
-    command: daemon --docker
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    labels:
-      ofelia.job-run.certificate-rotate.schedule: "@every 10m"
-      ofelia.job-run.certificate-rotate.command:  "sh -c 'docker restart front-http-par-tracs3-1'"
-      ofelia.job-run.certificate-rotate.image:  "docker:cli"
-      ofelia.job-run.certificate-rotate.volume:  "/var/run/docker.sock:/var/run/docker.sock"
-
-volumes:
-  certificates:
-  workdir:
-    driver: local
-    driver_opts:
-      type: tmpfs
-      device: tmpfs
-networks:
-  traefik_internal:
-    enable_ipv6: true

compute-vel/traefik/.env

@@ -14,7 +14,3 @@ AWS_S3_SIGNATURE_VERSION=s3v4
 TRAEFIK_LOCAL_STORE=/certificates/
 TRAEFIK_OUTPUT_FILE=/configs/certificates.toml
 TRAEFIK_CERTIFICATE_DIR=/certificates/
-
-# TRACING
-OLTP_HTTP_ENDPOINT=[[OLTP_HTTP_ENDPOINT]]
-OLTP_HTTP_BASIC_AUTH=[[OLTP_HTTP_BASIC_AUTH]]

compute-vel/traefik/docker-compose.yaml

@@ -1,7 +1,10 @@
 services:
   traefik:
-    image: "traefik:v3.5.0"
+    image: "traefik:v3.3"
     container_name: "traefik"
+    depends_on:
+      tracs3:
+        condition: service_completed_successfully
     command:
       - "--log.level=info"
       - "--log.maxsize=100"
@@ -9,57 +12,57 @@ services:
 
       - "--metrics.prometheus=true"
 
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+
       - "--entryPoints.web.address=:80"
-      - "--entryPoints.web.http.redirections.entryPoint.to=webpublic"
+      - "--entryPoints.name.allowACMEByPass=true"
-      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
+      - "--entryPoints.websecure.address=:443"
-      - "--entryPoints.web.http.redirections.entryPoint.permanent=true"
+      - "--entryPoints.websecure.http3"
-      - "--entryPoints.web.allowACMEByPass=true"
+      - "--entryPoints.websecure.http.tls=true"
-      - "--entryPoints.websecure.address=:446"
-      - "--entryPoints.websecure.proxyProtocol.trustedIPs=172.0.0.0/8"
-      - "--entryPoints.webpublic.address=:443"
-      - "--entryPoints.webpublic.http.tls=true"
-      - "--entryPoints.webpublic.forwardedHeaders.trustedIPs=172.0.0.0/8"
       - "--entryPoints.ssh.address=:2222"
       - "--entryPoints.sshgitlab.address=:2223"
 
+      - "--providers.docker=true"
       - "--providers.file.directory=/traefik"
       - "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
       - "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
-
+    ports:
-      - "--tracing=true"
+      - target: 80
-      - "--tracing.otlp=true"
+        published: 80
-      - "--tracing.otlp.http=true"
+        protocol: tcp
-      - "--tracing.serviceName=traefik"
+        mode: host
-      - "--tracing.sampleRate=0.2"
+      - target: 443
-      - "--tracing.otlp.http.endpoint=${OLTP_HTTP_ENDPOINT}"
+        published: 443
-      - "--tracing.otlp.http.headers.Authorization=Basic ${OLTP_HTTP_BASIC_AUTH}"
+        protocol: tcp
-    restart: always
+        mode: host
+      - target: 443
+        published: 443
+        protocol: udp
+        mode: host
+      - target: 2222
+        published: 2222
+        protocol: tcp
+        mode: host
+      - target: 2223
+        published: 2223
+        protocol: tcp
+        mode: host
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "/etc/traefik/sites:/traefik"
       - "certificates:/certificates"
-    network_mode: host
+    networks:
+      - traefik_internal
   
   epee: 
     image: "git.gnous.eu/enpls/epee-service:stable"
-    restart: always
     container_name: "epee"
     ports:
       - "5900:5900"
     networks:
       - traefik_internal
 
-  varnish:
-    image: varnish:7.7.1
-    restart: always
-    command: -F -a :445,PROXY -f /etc/varnish/default.vcl -T 127.0.0.1:6082 -t 120 -p thread_pool_min=50 -p thread_pool_max=1000 -p thread_pool_timeout=120 -i varnish -s malloc,2048M -n varnish
-    ports:
-      - 445:445
-    volumes:
-      - /etc/varnish:/etc/varnish
-      - "workdir:/var/lib/varnish"
-
-
   tracs3:
     image: ghcr.io/outout14/traefik-acme-s3:main
     env_file:
@@ -100,11 +103,6 @@ services:
 
 volumes:
   certificates:
-  workdir:
-    driver: local
-    driver_opts:
-      type: tmpfs
-      device: tmpfs
 networks:
   traefik_internal:
     enable_ipv6: true

internals/semaphore/docker-compose.yaml

@@ -15,7 +15,7 @@ services:
     restart: unless-stopped
     ports:
       - 8085:3000
-    image: semaphoreui/semaphore:v2.15.4
+    image: semaphoreui/semaphore:v2.12.14
     env_file:
       - path: .env
         required: false

internals/traefik-kop/docker-compose.yaml

@@ -1,6 +1,6 @@
 services:
   traefik-kop:
-    image: "ghcr.io/jittering/traefik-kop:0.17"
+    image: "ghcr.io/jittering/traefik-kop:0.14"
     restart: unless-stopped
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock

internals/wikijs/docker-compose.yaml

@@ -11,7 +11,7 @@ services:
       - db-data:/var/lib/postgresql/data
 
   server:
-    image: ghcr.io/requarks/wiki:2.5.307
+    image: ghcr.io/requarks/wiki:2.5.306
     depends_on:
       - db
     environment:

internals/woodpecker/docker-compose.yaml

@@ -10,7 +10,7 @@ volumes:
 
 services:
   server:
-    image: woodpeckerci/woodpecker-server:v3.8.0
+    image: woodpeckerci/woodpecker-server:v3.2.0
     container_name: woodpecker_server
     environment:
       - WOODPECKER_OPEN=false