Merge branch 'master' into app/duckdns

README.md

@@ -21,6 +21,7 @@ This is the official repository for the Tipi App Store. It contains all the apps
 - [Booksonic](https://github.com/popeen/Booksonic-Air) - The selfhosted audiobook server
 - [Bookstack](https://github.com/BookStackApp/BookStack) - BookStack is a self-hosted platform for organising and storing information.
 - [Budibase](https://github.com/Budibase/budibase) - Internal tools made easy.
+- [Cal.com](https://github.com/calcom/cal.com) - Scheduling infrastructure for absolutely everyone.
 - [Calibre-Web - EBook Reader](https://github.com/janeczku/calibre-web) - Calibre-web is a web app providing a clean interface for browsing, reading and downloading eBooks using an existing Calibre database.
 - [ChangeDetection](https://github.com/dgtlmoon/changedetection.io) - Website change detection.
 - [ChatGPT UI](https://github.com/WongSaang/chatgpt-ui) - A ChatGPT web client that supports multiple users, multiple languages, and multiple database connections for persistent data storage
@@ -72,6 +73,7 @@ This is the official repository for the Tipi App Store. It contains all the apps
 - [Hammond](https://github.com/alfhou/hammond) - Self hosted vehicle and expense management system. Like Clarkson, but better
 - [Haven](https://github.com/havenweb/haven) - Self-hostable private blogging
 - [HedgeDoc](https://github.com/hedgedoc/hedgedoc) - A Collaborative Markdown and Note Taking App
+- [Heimdall](https://github.com/linuxserver/Heimdall) - Application Dashboard
 - [Hello World](https://github.com/crccheck/docker-hello-world) - Hello World web server in under 2 MB
 - [Homarr](https://github.com/ajnart/homarr) - Homarr is a simple and lightweight homepage for your server, that helps you easily access all of your services in one place.
 - [Home Assistant](https://github.com/home-assistant/core) - Open source home automation that puts local control and privacy first
@@ -128,6 +130,7 @@ This is the official repository for the Tipi App Store. It contains all the apps
 - [Netboot.xyz](https://github.com/netbootxyz/netboot.xyz) - Your favorite operating systems in one place.
 - [Netdata](https://github.com/netdata/netdata) - Open-source, real-time, performance and health monitoring.
 - [Nextcloud](https://github.com/nextcloud/server) - Productivity platform that keeps you in control
+- [NextGBA](https://github.com/meienberger/nextgba) - Gameboy in your browser
 - [Nginx](https://github.com/nginx/nginx) - Open-source simple and fast web server.
 - [Nitter](https://github.com/zedeus/nitter) - Twitter without annoyances!
 - [NocoDB](https://github.com/nocodb/nocodb) - Open Source Airtable Alternative

apps/2fauth/config.json

@@ -7,8 +7,8 @@
   "available": true,
   "exposable": true,
   "id": "2fauth",
-  "tipi_version": 12,
-  "version": "5.0.3",
+  "tipi_version": 13,
+  "version": "5.0.4",
   "categories": [
     "security"
   ],

apps/2fauth/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   2fauth:
-    image: 2fauth/2fauth:5.0.3
+    image: 2fauth/2fauth:5.0.4
     container_name: 2fauth
     volumes:
       - ${APP_DATA_DIR}/data:/2fauth

apps/activepieces/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "id": "activepieces",
   "description": "Your friendliest open source all-in-one automation tool.",
-  "tipi_version": 13,
-  "version": "0.18.2",
+  "tipi_version": 17,
+  "version": "0.20.3",
   "categories": [
     "automation"
   ],

apps/activepieces/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3.7'
 services:
   activepieces:
-    image: activepieces/activepieces:0.18.2
+    image: activepieces/activepieces:0.20.3
     container_name: activepieces
     restart: unless-stopped
     ports:

apps/adguard/config.json

@@ -3,8 +3,8 @@
   "name": "Adguard",
   "available": true,
   "exposable": true,
-  "tipi_version": 23,
-  "version": "0.107.43",
+  "tipi_version": 24,
+  "version": "0.107.44",
   "port": 8104,
   "id": "adguard",
   "categories": [

apps/adguard/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   adguard:
-    image: adguard/adguardhome:v0.107.43
+    image: adguard/adguardhome:v0.107.44
     container_name: adguard
     volumes:
       - "${APP_DATA_DIR}/data/work:/opt/adguardhome/work"

apps/atuin/config.json

@@ -5,12 +5,9 @@
   "exposable": true,
   "port": 8888,
   "id": "atuin",
-  "tipi_version": 1,
+  "tipi_version": 2,
   "version": "latest",
-  "categories": [
-    "utilities",
-    "development"
-  ],
+  "categories": ["utilities", "development"],
   "description": "Making your shell magical",
   "short_desc": "Magical Shell History",
   "author": "https://github.com/atuinsh",
@@ -33,8 +30,5 @@
       "env_variable": "ATUIN_ALLOW_REGISTRATION"
     }
   ],
-  "supported_architectures": [
-    "amd64",
-    "arm64"
-  ]
+  "supported_architectures": ["amd64", "arm64"]
 }

apps/atuin/docker-compose.yml

@@ -47,7 +47,7 @@ services:
     image: postgres:14
     restart: unless-stopped
     volumes: # Don't remove permanent storage for index database files!
-      - "${APP_DATA_DIR}/data:/var/lib/postgresql/data/"
+      - "${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data/"
     environment:
       POSTGRES_USER: atuin
       POSTGRES_PASSWORD: "${ATUIN_DB_PASSWORD}"

apps/audiobookshelf/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 13378,
   "id": "audiobookshelf",
-  "tipi_version": 11,
-  "version": "2.7.2",
+  "tipi_version": 12,
+  "version": "2.8.0",
   "categories": [
     "books",
     "media"

apps/audiobookshelf/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3.7'
 services:
   audiobookshelf:
     container_name: audiobookshelf
-    image: ghcr.io/advplyr/audiobookshelf:2.7.2
+    image: ghcr.io/advplyr/audiobookshelf:2.8.0
     restart: unless-stopped
     ports:
       - ${APP_PORT}:80

apps/authentik/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "authentik",
-  "tipi_version": 7,
-  "version": "2023.10.7",
+  "tipi_version": 9,
+  "version": "2024.2.1",
   "https": true,
   "categories": [
     "development"

apps/authentik/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   authentik:
-    image: ghcr.io/goauthentik/server:2023.10.7
+    image: ghcr.io/goauthentik/server:2024.2.1
     restart: unless-stopped
     command: server
     container_name: authentik
@@ -49,7 +49,7 @@ services:
       traefik.http.routers.authentik-local.service: authentik
       traefik.http.routers.authentik-local.tls: true
   authentik-worker:
-    image: ghcr.io/goauthentik/server:2023.10.7
+    image: ghcr.io/goauthentik/server:2024.2.1
     restart: unless-stopped
     command: worker
     container_name: authentik-worker

apps/autobrr/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "autobrr",
-  "tipi_version": 18,
-  "version": "1.36.0",
+  "tipi_version": 23,
+  "version": "1.39.1",
   "categories": [
     "media"
   ],

apps/autobrr/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3"
 services:
   autobrr:
     container_name: autobrr
-    image: ghcr.io/autobrr/autobrr:v1.36.0
+    image: ghcr.io/autobrr/autobrr:v1.39.1
     restart: unless-stopped
     ports:
       - ${APP_PORT}:7474

apps/bazarr/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 6767,
   "id": "bazarr",
-  "tipi_version": 12,
-  "version": "1.4.0",
+  "tipi_version": 14,
+  "version": "1.4.2",
   "categories": [
     "media",
     "utilities"

apps/bazarr/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   bazarr:
-    image: lscr.io/linuxserver/bazarr:1.4.0
+    image: lscr.io/linuxserver/bazarr:1.4.2
     container_name: bazarr
     environment:
       - PUID=1000

apps/bitmagnet/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "bitmagnet",
-  "tipi_version": 6,
-  "version": "0.5.1",
+  "tipi_version": 12,
+  "version": "0.7.7",
   "categories": [
     "media"
   ],

apps/bitmagnet/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   bitmagnet:
-    image: ghcr.io/bitmagnet-io/bitmagnet:0.5.1
+    image: ghcr.io/bitmagnet-io/bitmagnet:0.7.7
     restart: unless-stopped
     command:
       - worker

apps/bookstack/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8119,
   "id": "bookstack",
-  "tipi_version": 16,
-  "version": "23.12.20240115",
+  "tipi_version": 17,
+  "version": "24.02.20240228",
   "description": "BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information. Default login: admin@admin.com password: password",
   "short_desc": "BookStack is a self-hosted platform for organising and storing information.",
   "author": "Dan Brown",

apps/bookstack/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   bookstack:
-    image: lscr.io/linuxserver/bookstack:23.12.20240115
+    image: lscr.io/linuxserver/bookstack:24.02.20240228
     container_name: bookstack
     environment:
       - APP_URL=${APP_PROTOCOL:-http}://${APP_DOMAIN}

apps/budibase/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "budibase",
-  "tipi_version": 81,
-  "version": "2.17.3",
+  "tipi_version": 89,
+  "version": "2.20.12",
   "categories": [
     "development"
   ],

apps/budibase/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3.7'
 services:
   budibase:
-    image: budibase/budibase:2.17.3
+    image: budibase/budibase:2.20.12
     restart: unless-stopped
     container_name: budibase
     ports:

apps/calcom/config.json

@@ -0,0 +1,116 @@
+{
+  "author": "cal.com",
+  "available": true,
+  "categories": [
+    "calendar",
+    "social"
+  ],
+  "description": "The open source Calendly successor. You are in charge of your own data, workflow, and appearance.\nCalendly and other scheduling tools are awesome. It made our lives massively easier. We're using it for business meetings, seminars, yoga classes, and even calls with our families. However, most tools are very limited in terms of control and customization.\n    That's where Cal.com comes in. Self-hosted or hosted by us. White-label by design. API-driven and ready to be deployed on your own domain. Full control of your events and data.",
+  "exposable": true,
+  "form_fields": [
+    {
+      "env_variable": "CALCOM_NEXTAUTH_SECRET",
+      "label": "Next.js Auth secret. Generate one with `openssl rand -base64 32`",
+      "max": 1024,
+      "min": 1,
+      "required": true,
+      "type": "password"
+    },
+    {
+      "env_variable": "CALENDSO_ENCRYPTION_KEY",
+      "label": "Random string",
+      "max": 32,
+      "min": 32,
+      "type": "random"
+    },
+    {
+      "env_variable": "MS_GRAPH_CLIENT_ID",
+      "label": "MS Graph Client ID. Used for the Office 365 / Outlook.com Calendar integration",
+      "max": 1024,
+      "min": 1,
+      "required": false,
+      "type": "text"
+    },
+    {
+      "env_variable": "MS_GRAPH_CLIENT_SECRET",
+      "label": "MS Graph Client Secret. Used for the Office 365 / Outlook.com Calendar integration",
+      "max": 1024,
+      "min": 1,
+      "required": false,
+      "type": "password"
+    },
+    {
+      "env_variable": "ZOOM_CLIENT_ID",
+      "label": "Zoom Client ID. Used for the Zoom integration",
+      "max": 1024,
+      "min": 1,
+      "required": false,
+      "type": "text"
+    },
+    {
+      "env_variable": "ZOOM_CLIENT_SECRET",
+      "label": "Zoom Client Secret. Used for the Zoom integration",
+      "max": 1024,
+      "min": 1,
+      "required": false,
+      "type": "password"
+    },
+    {
+      "env_variable": "CALCOM_GOOGLE_API_CREDENTIALS",
+      "label": "Google API Credentials in JSON form. Used for the Google Calendar integration. See https://github.com/calcom/cal.com?tab=readme-ov-file#obtaining-the-google-api-credentials",
+      "required": false,
+      "text": "text"
+    },
+    {
+      "env_variable": "EMAIL_FROM",
+      "label": "Configures the global From: header whilst sending emails.",
+      "max": 1024,
+      "min": 1,
+      "required": true,
+      "type": "email"
+    },
+    {
+        "type": "email",
+        "label": "Email server username (SMTP)",
+        "required": true,
+        "min": 1,
+        "max": 1024,
+        "env_variable": "EMAIL_SERVER_USER"
+    },
+    {
+      "env_variable": "EMAIL_SERVER_HOST",
+      "label": "Email server host (SMTP)",
+      "max": 1024,
+      "min": 1,
+      "required": true,
+      "type": "fqdn"
+    },
+    {
+      "env_variable": "EMAIL_SERVER_PORT",
+      "label": "Email server port (SMTP)",
+      "max": 65535,
+      "min": 1,
+      "required": true,
+      "type": "number"
+    },
+    {
+      "env_variable": "EMAIL_SERVER_PASSWORD",
+      "label": "Email server password (SMTP)",
+      "max": 1024,
+      "min": 1,
+      "required": true,
+      "type": "password"
+    }
+  ],
+  "id": "calcom",
+  "name": "Cal.com",
+  "port": 8294,
+  "short_desc": "Scheduling infrastructure for absolutely everyone.",
+  "source": "https://github.com/calcom/cal.com",
+  "supported_architectures": [
+    "amd64"
+  ],
+  "tipi_version": 6,
+  "version": "3.7.16",
+  "website": "https://cal.com/"
+}

apps/calcom/docker-compose.yml

@@ -0,0 +1,75 @@
+version: '3.8'
+
+services:
+
+  calcom:
+    container_name: calcom
+    image: calcom/cal.com:v3.7.16
+    restart: unless-stopped
+    ports:
+      - ${APP_PORT}:3000
+    networks:
+      - tipi_main_network
+    depends_on:
+      - db-calcom
+    environment:
+      - DATABASE_HOST=db-calcom
+      - DATABASE_URL=postgresql://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@db-calcom/calcom
+      - DATABASE_DIRECT_URL=postgresql://${POSTGRES_USERNAME}:${POSTGRES_PASSWORD}@db-calcom/calcom
+      - POSTGRES_USER=${POSTGRES_USERNAME}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=calcom
+      - LICENSE=agree
+      - NEXT_PUBLIC_LICENSE_CONSENT=agree
+      - NEXT_PUBLIC_WEBAPP_URL=https://${APP_DOMAIN}
+      - NEXTAUTH_SECRET=${CALCOM_NEXTAUTH_SECRET}
+      - CALENDSO_ENCRYPTION_KEY=${CALENDSO_ENCRYPTION_KEY}
+      - MS_GRAPH_CLIENT_ID=${MS_GRAPH_CLIENT_ID}
+      - MS_GRAPH_CLIENT_SECRET=${MS_GRAPH_CLIENT_SECRET}
+      - ZOOM_CLIENT_ID=${ZOOM_CLIENT_ID}
+      - ZOOM_CLIENT_SECRET=${ZOOM_CLIENT_SECRET}
+      - GOOGLE_API_CREDENTIALS=${CALCOM_GOOGLE_API_CREDENTIALS}
+      - EMAIL_FROM=${EMAIL_FROM}
+      - EMAIL_SERVER_HOST=${EMAIL_SERVER_HOST}
+      - EMAIL_SERVER_PORT=${EMAIL_SERVER_PORT}
+      - EMAIL_SERVER_PASSWORD=${EMAIL_SERVER_PASSWORD}
+      - EMAIL_SERVER_USER=${EMAIL_SERVER_USER}
+      - NODE_ENV=production
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.calcom-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.calcom.loadbalancer.server.port: 3000
+      # Web
+      traefik.http.routers.calcom-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.calcom-insecure.entrypoints: web
+      traefik.http.routers.calcom-insecure.service: calcom
+      traefik.http.routers.calcom-insecure.middlewares: calcom-web-redirect
+      # Websecure
+      traefik.http.routers.calcom.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.calcom.entrypoints: websecure
+      traefik.http.routers.calcom.service: calcom
+      traefik.http.routers.calcom.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.calcom-local-insecure.rule: Host(`calcom.${LOCAL_DOMAIN}`)
+      traefik.http.routers.calcom-local-insecure.entrypoints: web
+      traefik.http.routers.calcom-local-insecure.service: calcom
+      traefik.http.routers.calcom-local-insecure.middlewares: calcom-web-redirect
+      # Local domain secure
+      traefik.http.routers.calcom-local.rule: Host(`calcom.${LOCAL_DOMAIN}`)
+      traefik.http.routers.calcom-local.entrypoints: websecure
+      traefik.http.routers.calcom-local.service: calcom
+      traefik.http.routers.calcom-local.tls: true
+
+  db-calcom:
+    container_name: db-calcom
+    image: postgres:16.1
+    restart: on-failure
+    volumes:
+      - ${APP_DATA_DIR}/data/db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_USER=${POSTGRES_USERNAME}
+      - POSTGRES_DB=calcom
+    networks:
+      - tipi_main_network

apps/changedetection/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "id": "changedetection",
   "description": "The best and simplest free open source website change detection, restock monitor and notification service.",
-  "tipi_version": 11,
-  "version": "0.45.13",
+  "tipi_version": 12,
+  "version": "0.45.14",
   "categories": [
     "utilities"
   ],

apps/changedetection/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   changedetection:
-    image: ghcr.io/dgtlmoon/changedetection.io:0.45.13
+    image: ghcr.io/dgtlmoon/changedetection.io:0.45.14
     container_name: changedetection
     hostname: changedetection
     volumes:

apps/cloudflared/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": false,
   "id": "cloudflared",
-  "tipi_version": 5,
-  "version": "2024.1.5",
+  "tipi_version": 7,
+  "version": "2024.2.1",
   "categories": [
     "utilities"
   ],

apps/cloudflared/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.9"
 
 services:
   cloudflared:
-    image: wisdomsky/cloudflared-web:2024.1.5
+    image: wisdomsky/cloudflared-web:2024.2.1
     container_name: cloudflared
     restart: unless-stopped
     network_mode: host

apps/code-server/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8138,
   "id": "code-server",
-  "tipi_version": 21,
-  "version": "4.20.1",
+  "tipi_version": 23,
+  "version": "4.21.2",
   "categories": [
     "development"
   ],

apps/code-server/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   code-server:
-    image: lscr.io/linuxserver/code-server:4.20.1
+    image: lscr.io/linuxserver/code-server:4.21.2
     container_name: code-server
     environment:
       - PUID=1000

apps/ctfd/config.json

@@ -1,43 +1,42 @@
 {
-    "$schema": "../schema.json",
-    "name": "CTFd",
-    "port": 8546,
-    "available": true,
-    "exposable": true,
-    "id": "ctfd",
-    "tipi_version": 1,
-    "version": "3.6.1",
-    "categories": [
-      "utilities"
-    ],
-    "description": "CTFd is a Capture The Flag framework focusing on ease of use and customizability.",
-    "short_desc": "Cyber Security Training made simple.",
-    "author": "CTFd",
-    "source": "https://github.com/CTFd/CTFd",
-    "website": "https://ctfd.io/",
-    "form_fields": [
-        {
-            "type": "random",
-            "label": "CTFD_MYSQL_DB_PASSWORD",
-            "min": 32,
-            "env_variable": "CTFD_MYSQL_DB_PASSWORD"
-        },
-        {
-            "type": "random",
-            "label": "CTFD_SECRET_KEY",
-            "min": 32,
-            "env_variable": "CTFD_SECRET_KEY"
-        },
-        {
-            "type": "random",
-            "label": "CTFD_MYSQL_ROOT_PASSWORD",
-            "min": 32,
-            "env_variable": "CTFD_MYSQL_ROOT_PASSWORD"
-        }
-    ],
-    "supported_architectures": [
-      "arm64",
-      "amd64"
-    ]
-  }
-  
+  "$schema": "../schema.json",
+  "name": "CTFd",
+  "port": 8546,
+  "available": true,
+  "exposable": true,
+  "id": "ctfd",
+  "tipi_version": 2,
+  "version": "3.7.0",
+  "categories": [
+    "utilities"
+  ],
+  "description": "CTFd is a Capture The Flag framework focusing on ease of use and customizability.",
+  "short_desc": "Cyber Security Training made simple.",
+  "author": "CTFd",
+  "source": "https://github.com/CTFd/CTFd",
+  "website": "https://ctfd.io/",
+  "form_fields": [
+    {
+      "type": "random",
+      "label": "CTFD_MYSQL_DB_PASSWORD",
+      "min": 32,
+      "env_variable": "CTFD_MYSQL_DB_PASSWORD"
+    },
+    {
+      "type": "random",
+      "label": "CTFD_SECRET_KEY",
+      "min": 32,
+      "env_variable": "CTFD_SECRET_KEY"
+    },
+    {
+      "type": "random",
+      "label": "CTFD_MYSQL_ROOT_PASSWORD",
+      "min": 32,
+      "env_variable": "CTFD_MYSQL_ROOT_PASSWORD"
+    }
+  ],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}

apps/ctfd/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   ctfd:
-    image: ctfd/ctfd:3.6.1
+    image: ctfd/ctfd:3.7.0
     container_name: ctfd
     restart: unless-stopped
     ports:

apps/dozzle/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8013,
   "id": "dozzle",
-  "tipi_version": 8,
-  "version": "6.1.1",
+  "tipi_version": 10,
+  "version": "6.2.5",
   "categories": [
     "development"
   ],

apps/dozzle/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   dozzle:
     container_name: dozzle
-    image: amir20/dozzle:v6.1.1
+    image: amir20/dozzle:v6.2.5
     restart: unless-stopped
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock

apps/drawio/config.json

@@ -6,8 +6,8 @@
   "url_suffix": "?offline=1",
   "id": "drawio",
   "description": "draw.io is a JavaScript, client-side editor for general diagramming and whiteboarding.",
-  "tipi_version": 20,
-  "version": "22.1.22",
+  "tipi_version": 22,
+  "version": "23.1.6",
   "categories": [
     "utilities"
   ],

apps/drawio/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   drawio:
-    image: jgraph/drawio:22.1.22
+    image: jgraph/drawio:23.1.6
     ports:
       - ${APP_PORT}:8080
     container_name: drawio

apps/eclipse-mosquitto/config.json

@@ -0,0 +1,34 @@
+{
+  "$schema": "../schema.json",
+  "name": "Eclipse Mosquitto",
+  "port": 8288,
+  "available": true,
+  "exposable": true,
+  "id": "eclipse-mosquitto",
+  "tipi_version": 1,
+  "version": "2.0.18",
+  "categories": [
+    "utilities", 
+    "automation"
+  ],
+  "description": "Eclipse Mosquitto is an open source message broker that implements the MQTT protocol.",
+  "short_desc": "open source message broker",
+  "author": "Eclipse Foundation",
+  "source": "https://github.com/eclipse/mosquitto/",
+  "website": "https://mosquitto.org/",
+  "form_fields": [
+    {
+      "type": "password",
+      "label": "MQTT Broker Admin Password",
+      "max": 50,
+      "min": 6,
+      "required": true,
+      "env_variable": "MQTT_ADMIN_PASSWORD"
+    }
+  ],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}
+

apps/eclipse-mosquitto/data/config/mosquitto.conf

@@ -0,0 +1,26 @@
+#    Copyright 2022 Shantanoo "Shan" Desai <shantanoo.desai@gmail.com>
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+# Mosquitto v2.0 Configuration File
+
+# Default Port
+listener 1883
+
+# Dynamic Security Plugin
+plugin /usr/lib/mosquitto_dynamic_security.so 
+
+# Path to the Dynamic Security JSON file, will be generated on first launch
+plugin_opt_config_file /mosquitto/config/dynamic-security.json
+
+# Ever User / Client should follow the given RBAC rules
+per_listener_settings false

apps/eclipse-mosquitto/data/scripts/dynsec-setup.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+#    Copyright 2022 Shantanoo "Shan" Desai <shantanoo.desai@gmail.com>
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+# Setup Script to be executed in a Docker Init Container
+
+# Set Default Admin Credentials for Dynamic Security Plugin Configuration
+DEFAULT_DYNSEC_ADMIN=admin
+DEFAULT_DYNSEC_PASSWORD=securePassword
+DYNSEC_FILE_PATH=/mosquitto/config/dynamic-security.json
+
+# Set values if provided via Environment Variables in the Docker Init Container
+MQTT_DYNSEC_ADMIN_USER=${MQTT_DYNSEC_ADMIN_USER:-$DEFAULT_DYNSEC_ADMIN}
+MQTT_DYNSEC_ADMIN_PASSWORD=${MQTT_DYNSEC_ADMIN_PASSWORD:-$DEFAULT_DYNSEC_PASSWORD}
+
+# echo "Admin/Pass: ${MQTT_DYNSEC_ADMIN_USER}/${MQTT_DYNSEC_ADMIN_PASSWORD}" ## DEBUG
+
+# Set the Admin Credentials for RBAC control via Dyamic Security Plugin
+mosquitto_ctrl dynsec init ${DYNSEC_FILE_PATH} ${MQTT_DYNSEC_ADMIN_USER} ${MQTT_DYNSEC_ADMIN_PASSWORD}
+
+chmod 700 ${DYNSEC_FILE_PATH}
+chown 1883:1883 ${DYNSEC_FILE_PATH}
+
+exec "$@"

apps/eclipse-mosquitto/docker-compose.yml

@@ -0,0 +1,69 @@
+version: '3.7'
+
+services:
+  eclipse-mosquitto:
+    image: eclipse-mosquitto:2.0.18
+    container_name: eclipse-mosquitto
+    environment:
+      - TZ=${TZ}
+      - MQTT_DYNSEC_ADMIN_USER=admin
+      - MQTT_DYNSEC_ADMIN_PASSWORD=${MQTT_ADMIN_PASSWORD}
+    ports:
+      - 1883:1883
+    command: ['/dynsec-setup.sh', '/usr/sbin/mosquitto', '-c', '/mosquitto/config/mosquitto.conf']
+    expose:
+      - 1883
+    volumes:
+      - ${APP_DATA_DIR}/data/data:/mosquitto/data
+      - ${APP_DATA_DIR}/data/config:/mosquitto/config
+      - ${APP_DATA_DIR}/data/scripts/dynsec-setup.sh:/dynsec-setup.sh
+    restart: unless-stopped
+    networks:
+      - tipi_main_network
+
+  mosquitto-management-center:
+    image: cedalo/management-center:dev
+    container_name: mosquitto-management-center
+    environment:
+      - TZ=${TZ}
+      - CEDALO_MC_BROKER_ID=mosquitto-broker
+      - CEDALO_MC_BROKER_NAME=mosquitto-broker-2
+      - CEDALO_MC_BROKER_URL=mqtt://mosquitto-broker:1883
+      - CEDALO_MC_BROKER_USERNAME=admin
+      - CEDALO_MC_BROKER_PASSWORD=${MQTT_ADMIN_PASSWORD}
+      - CEDALO_MC_USERNAME=admin
+      - CEDALO_MC_PASSWORD=admin
+    ports:
+      - ${APP_PORT}:8088
+    expose:
+      - 8088
+    depends_on:
+      - eclipse-mosquitto
+    networks:
+      - tipi_main_network
+    restart: unless-stopped
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.mosquitto-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.mosquitto.loadbalancer.server.port: 8088
+      # Web
+      traefik.http.routers.mosquitto-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.mosquitto-insecure.entrypoints: web
+      traefik.http.routers.mosquitto-insecure.service: mosquitto-web
+      traefik.http.routers.mosquitto-insecure.middlewares: mosquitto-web-redirect
+      # Websecure
+      traefik.http.routers.mosquitto.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.mosquitto.entrypoints: websecure
+      traefik.http.routers.mosquitto.service: mosquitto-web
+      traefik.http.routers.mosquitto.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.mosquitto-local-insecure.rule: Host(`mosquitto.${LOCAL_DOMAIN}`)
+      traefik.http.routers.mosquitto-local-insecure.entrypoints: web
+      traefik.http.routers.mosquitto-local-insecure.service: mosquitto-web
+      traefik.http.routers.mosquitto-local-insecure.middlewares: mosquitto-web-redirect
+      # Local domain secure
+      traefik.http.routers.mosquitto-local.rule: Host(`mosquitto.${LOCAL_DOMAIN}`)
+      traefik.http.routers.mosquitto-local.entrypoints: websecure
+      traefik.http.routers.mosquitto-local.service: mosquitto-web
+      traefik.http.routers.mosquitto-local.tls: true

apps/eclipse-mosquitto/metadata/description.md

@@ -0,0 +1,64 @@
+# Eclipse Mosquitto MQTT Broker with UI
+
+this app consists of two images providing an mqtt broker and an UI for managing access to the broker.
+The configuration is adapted from the github repo: [shantanoo-desai/mqtt-rbac-docker-init](https://github.com/shantanoo-desai/mqtt-rbac-docker-init)
+
+
+## Eclipse Mosquitto
+
+[Eclipse Mosquitto](https://mosquitto.org/) is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
+
+Mosquitto is part of the [Eclipse Foundation](https://eclipse.org/), and is an [iot.eclipse.org project](https://iot.eclipse.org/). The development is driven by Cedalo.
+
+The broker is configured by default that it listens to the port **1883** for tcp connections.
+To also use websocket connection you can enable it by edit the `/runtipi/app-date/eclipse-mosquitto/data/config/moscquitto.conf` with the following content:
+
+```
+listener 9001
+protocol websockets
+```
+
+**Note**
+WebSockets, while powerful, can introduce vulnerabilities if left unsecured. They should be secured using TLS/encryption.
+For more detailed information the [mosquitto documentation](https://mosquitto.org/man/mosquitto-conf-5.html). 
+
+
+## Cedalo Management Center
+
+[Cedalo Management Center](https://github.com/cedalo/management-center) allows to easily manage, monitor and inspect instances of Eclipse Mosquitto. There are some pro features that can only be activated by getting a license from cedalo.
+
+![caledo_mgm_center.png](caledo_mgm_center.png)
+
+By default the following features are provided:
+
+- A system dashboard to view key figures, showing broker traffic, license and client infos.
+- Table of clients, which have connected to the broker, for inspection purposes.
+- A topic tree, displaying those topics that have been addressed, while the MMC is running.
+- Management of broker security allowing to modify clients, group and roles.
+- A terminal to execute commands related to the dynamic security API
+- Management Center infos and settings
+
+The access to the broker is handled by the [dynamic-security plugin](https://mosquitto.org/documentation/dynamic-security/) in the mosquitto broker. The configuration is stored in the file `/runtipi/app-date/eclipse-mosquitto/data/config/dynamic-security.json`. This file is generated during the first launch of the the mosquitto image.
+
+
+## Links
+
+### See the following links for more information on MQTT:
+
+- Community page: [http://mqtt.org/](http://mqtt.org/)
+- MQTT v3.1.1 standard: [https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html](https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html)
+- MQTT v5.0 standard: [https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html](https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html)
+
+### Mosquitto project information is available at the following locations:
+
+- Main homepage: [https://mosquitto.org/](https://mosquitto.org/)
+- Find existing bugs or submit a new bug: [https://github.com/eclipse/mosquitto/issues](https://github.com/eclipse/mosquitto/issues)
+- Source code repository: [https://github.com/eclipse/mosquitto](https://github.com/eclipse/mosquitto)
+
+There is also a public test server available at [https://test.mosquitto.org/](https://test.mosquitto.org/)
+
+### More information about the management center is available at the following locations:
+
+- Main homepage: [https://cedalo.com/mqtt-broker-pro-mosquitto/](https://cedalo.com/mqtt-broker-pro-mosquitto/)
+- Documentation: [https://docs.cedalo.com/mosquitto/management-center/introduction](https://docs.cedalo.com/mosquitto/management-center/introduction)
+- Source code repository: [https://github.com/cedalo/management-center](https://github.com/cedalo/management-center)

apps/email-oauth2-proxy/config.json

@@ -6,8 +6,8 @@
   "no_gui": true,
   "port": 1999,
   "id": "email-oauth2-proxy",
-  "tipi_version": 3,
-  "version": "2024.01.24",
+  "tipi_version": 4,
+  "version": "2024.02.22",
   "categories": [
     "utilities",
     "security"

apps/email-oauth2-proxy/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.9"
 services:
   email-oauth2-proxy:
     container_name: email-oauth2-proxy
-    image: ghcr.io/blacktirion/email-oauth2-proxy-docker:2024.01.24
+    image: ghcr.io/blacktirion/email-oauth2-proxy-docker:2024.02.22
     ports:
       - ${APP_PORT}:80
     restart: unless-stopped

apps/emulatorjs/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "emulatorjs",
-  "tipi_version": 11,
-  "version": "1.8.7",
+  "tipi_version": 12,
+  "version": "1.8.8",
   "categories": [
     "gaming"
   ],

apps/emulatorjs/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.7"
 services:
   emulatorjs:
     container_name: emulatorjs
-    image: lscr.io/linuxserver/emulatorjs:1.8.7
+    image: lscr.io/linuxserver/emulatorjs:1.8.8
     ports:
       - ${APP_PORT}:80
       - 8165:3000

apps/flaresolverr/config.json

@@ -6,8 +6,8 @@
   "exposable": false,
   "no_gui": true,
   "id": "flaresolverr",
-  "tipi_version": 9,
-  "version": "3.3.13",
+  "tipi_version": 12,
+  "version": "3.3.16",
   "categories": [
     "media",
     "security",

apps/flaresolverr/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   flaresolverr:
     container_name: flaresolverr
-    image: ghcr.io/flaresolverr/flaresolverr:v3.3.13
+    image: ghcr.io/flaresolverr/flaresolverr:v3.3.16
     restart: unless-stopped
     environment:
       - LOG_LEVEL=${FLARESOLVERR_LOG_LEVEL-info}

apps/flatnotes/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "id": "flatnotes",
   "port": 8137,
-  "tipi_version": 18,
-  "version": "3.6.1",
+  "tipi_version": 19,
+  "version": "4.0.2",
   "categories": [
     "utilities"
   ],

apps/flatnotes/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3"
 services:
   flatnotes:
     container_name: flatnotes
-    image: dullage/flatnotes:v3.6.1
+    image: dullage/flatnotes:v4.0.2
     environment:
       FLATNOTES_AUTH_TYPE: ${FLATNOTES_AUTH_TYPE}
       FLATNOTES_USERNAME: ${FLATNOTES_USERNAME}

apps/flowise/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8009,
   "id": "flowise",
-  "tipi_version": 3,
-  "version": "1.4.12",
+  "tipi_version": 6,
+  "version": "1.6.0",
   "categories": [
     "ai",
     "automation"

apps/flowise/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
     flowise:
-        image: flowiseai/flowise:1.4.12
+        image: flowiseai/flowise:1.6.0
         restart: unless-stopped
         command: /bin/sh -c "sleep 3; flowise start"
         container_name: flowise

apps/forgejo/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "forgejo",
-  "tipi_version": 13,
-  "version": "1.21.5-0",
+  "tipi_version": 14,
+  "version": "1.21.6-0",
   "categories": [
     "development"
   ],

apps/forgejo/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
   forgejo:
-    image: codeberg.org/forgejo/forgejo:1.21.5-0
+    image: codeberg.org/forgejo/forgejo:1.21.6-0
     container_name: forgejo
     environment:
       - USER_UID=1000

apps/gandi-livedns/config.json

@@ -6,7 +6,7 @@
   "no_gui": true,
   "id": "gandi-livedns",
   "port": 8134,
-  "tipi_version": 1,
+  "tipi_version": 2,
   "version": "latest",
   "categories": ["network"],
   "description": "The purpose of this container is to update DNS zone records using Gandi's LiveDNS (http://doc.livedns.gandi.net/) with your WAN IP. This image is extremely lightweight (Alpine Linux based) and has very few dependencies. The actual DNS update program is coded in shell script only.",
@@ -16,11 +16,11 @@
   "form_fields": [
     {
       "type": "text",
-      "label": "Gandi API key",
-      "max": 24,
-      "min": 24,
+      "label": "Gandi Personal Access Token",
+      "max": 40,
+      "min": 40,
       "required": true,
-      "env_variable": "GANDI_LIVEDNS_APIKEY"
+      "env_variable": "GANDI_LIVEDNS_PAT"
     },
     {
       "type": "text",

apps/gandi-livedns/docker-compose.yml

@@ -5,7 +5,7 @@ services:
     container_name: gandi-livedns
     restart: unless-stopped
     environment:
-      APIKEY: ${GANDI_LIVEDNS_APIKEY}
+      GANDI_PAT: ${GANDI_LIVEDNS_PAT}
       RECORD_LIST: ${GANDI_LIVEDNS_RECORD_LIST}
       DOMAIN: ${GANDI_LIVEDNS_DOMAIN}
       REFRESH_INTERVAL: ${GANDI_LIVEDNS_REFRESH_INTERVAL}

apps/gandi-livedns/metadata/description.md

@@ -4,17 +4,20 @@ The purpose of this container is to update DNS zone records using Gandi's LiveDN
 
 This image is extremely lightweight  (Alpine Linux based) and has very few dependencies. The actual DNS update program is coded in shell script only.
 
+***Warning : update scripts have been updated to use Gandi's Personal Access Tokens (PATs).***
+
+You need to create a new Personal Access Token for this application, with at least the "Manage domain name technical configurations" premissions.
+See https://api.gandi.net/docs/authentication/
+
 ### Configuration
-
 Mandatory variables:
-
-* APIKEY: your Gandi API key
+* GANDI_PAT: your Gandi Personal Acces Token (be sure to enable "Manage domain name technical configurations")
+* APIKEY: *deprecated* provided for backward compatibility. Value will be used as GANDI_PAT if provided
 * DOMAIN: your Gandi domain
 * RECORD_LIST: DNS records to update separated by ";"
 
-Optional variables:
-
-* REFRESH_INTERVAL: Delay between updates (default: 10mn)
+Optional variables :
+* REFRESH_INTERVAL: Delay between updates in seconds (default: 10mn)
 * TTL: Set Time To Live for records (default: 300)
 * SET_IPV4: Update A record (default: yes)
 * SET_IPV6: Update AAAA record (default: no)
@@ -22,23 +25,18 @@ Optional variables:
 * FORCE_IPV6: Force the IPv6 address to be used in DNS AAAA records
 
 ### Examples
-
 The easiest way to run gandi-livedns is simply to *docker run* it from a computer in your network, leaving it running in the background with all the default settings.
-
-```shell
+```sh
 docker run -d \
-	-e "APIKEY=<YOUR_VERY_SECRET_API_KEY>" \
+	-e "GANDI_PAT=<YOUR_VERY_SECRET_PERSONAL_ACCESS_TOKEN>" \
 	-e "RECORD_LIST=blog;www;@" \
 	-e "DOMAIN=your-gandi-hosted-domain.com" \
 	jbbodart/gandi-livedns
 ```
-
 This will update **blog.your-gandi-hosted-domain.com**, **www.your-gandi-hosted-domain.com**, and **your-gandi-hosted-domain.com** with your internet-facing IP (IPv4) every 10 minutes
 
 An equivalent setup using docker-compose could look like this:  
-
 **docker-compose.yml**
-
 ```yml
 version: '3.7'
 ...
@@ -52,9 +50,8 @@ version: '3.7'
 ```
 
 **dyndns.env**
-
 ```properties
-APIKEY=<YOUR_VERY_SECRET_API_KEY>
+GANDI_PAT=<YOUR_VERY_SECRET_PERSONAL_ACCESS_TOKEN>
 RECORD_LIST=blog;www;@
 DOMAIN=your-gandi-hosted-domain.com
 ```

apps/ghost/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "ghost",
-  "tipi_version": 72,
-  "version": "5.78.0",
+  "tipi_version": 77,
+  "version": "5.79.6",
   "categories": [
     "social",
     "media"

apps/ghost/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.9"
 
 services:
   ghost:
-    image: ghost:5.78.0
+    image: ghost:5.79.6
     container_name: ghost
     depends_on:
       - ghostdb

apps/ghostfolio/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "ghostfolio",
-  "tipi_version": 45,
-  "version": "2.46.0",
+  "tipi_version": 56,
+  "version": "2.58.0",
   "categories": [
     "finance"
   ],

apps/ghostfolio/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.9"
 services:
   ghostfolio:
     container_name: ghostfolio
-    image: ghostfolio/ghostfolio:2.46.0
+    image: ghostfolio/ghostfolio:2.58.0
     restart: unless-stopped
     ports:
       - ${APP_PORT}:3333

apps/gitea/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "gitea",
-  "tipi_version": 21,
-  "version": "1.21.5",
+  "tipi_version": 23,
+  "version": "1.21.7",
   "categories": [
     "development"
   ],

apps/gitea/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   gitea:
-    image: gitea/gitea:1.21.5
+    image: gitea/gitea:1.21.7
     container_name: gitea
     environment:
       - USER_UID=1000

apps/gladys/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": false,
   "id": "gladys",
-  "tipi_version": 26,
-  "version": "4.35.0",
+  "tipi_version": 28,
+  "version": "4.37.0",
   "categories": [
     "automation"
   ],

apps/gladys/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3'
 services:
   gladys:
     container_name: gladys
-    image: gladysassistant/gladys:v4.35.0
+    image: gladysassistant/gladys:v4.37.0
     privileged: true
     restart: on-failure
     stop_grace_period: 1m

apps/gotosocial/config.json

@@ -6,10 +6,10 @@
   "exposable": true,
   "force_expose": true,
   "id": "gotosocial",
-  "tipi_version": 13,
+  "tipi_version": 15,
   "uid": 1000,
   "gid": 1000,
-  "version": "0.13.1",
+  "version": "0.13.3",
   "categories": [
     "social"
   ],

apps/gotosocial/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3"
 services:
   gotosocial:
     container_name: gotosocial
-    image: superseriousbusiness/gotosocial:0.13.1
+    image: superseriousbusiness/gotosocial:0.13.3
     user: 1000:1000
     ports:
       - ${APP_PORT}:8080

apps/grafana/config.json

@@ -5,8 +5,8 @@
   "available": true,
   "exposable": true,
   "id": "grafana",
-  "tipi_version": 22,
-  "version": "10.3.1",
+  "tipi_version": 23,
+  "version": "10.3.3",
   "categories": [
     "data"
   ],

apps/grafana/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3"
 services:
   grafana:
     container_name: grafana
-    image: grafana/grafana-oss:10.3.1
+    image: grafana/grafana-oss:10.3.3
     ports:
       - ${APP_PORT}:3000
     volumes:

apps/grist/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "id": "grist",
   "description": "Grist is a modern relational spreadsheet. It combines the flexibility of a spreadsheet with the robustness of a database to organize your data and make you more productive.",
-  "tipi_version": 9,
-  "version": "1.1.10",
+  "tipi_version": 10,
+  "version": "1.1.11",
   "categories": [
     "utilities"
   ],

apps/grist/docker-compose.yml

@@ -6,7 +6,7 @@ services:
     environment:
       - APP_HOME_URL=${APP_PROTOCOL:-http}://${APP_DOMAIN}
       - GRIST_SANDBOX_FLAVOR=${GRIST_SANDBOX_FLAVOR}
-    image: "gristlabs/grist:1.1.10"
+    image: "gristlabs/grist:1.1.11"
     ports:
       - "${APP_PORT}:8484"
     restart: always

apps/halo/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8092,
   "id": "halo",
-  "tipi_version": 18,
-  "version": "2.12.1",
+  "tipi_version": 21,
+  "version": "2.12.4",
   "description": "Halo is a powerful and easy-to-use open source website building tool.",
   "short_desc": "Halo - Open source website building tool.",
   "categories": [

apps/halo/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   halo:
-    image: halohub/halo:2.12.1
+    image: halohub/halo:2.12.4
     container_name: halo
     restart: unless-stopped
     depends_on:

apps/heimdall/config.json

@@ -0,0 +1,22 @@
+{
+  "name": "Heimdall",
+  "available": true,
+  "exposable": true,
+  "port": 8783,
+  "id": "heimdall",
+  "tipi_version": 2,
+  "version": "2.6.1",
+  "categories": [
+    "utilities"
+  ],
+  "description": "Heimdall is a way to organise all those links to your most used web sites and web applications in a simple way",
+  "short_desc": "Application Dashboard",
+  "author": "linuxserver",
+  "source": "https://github.com/linuxserver/Heimdall",
+  "website": "https://heimdall.site/",
+  "form_fields": [],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}

apps/heimdall/docker-compose.yml

@@ -0,0 +1,42 @@
+version: '3.9'
+
+services:
+  heimdall:
+    image: lscr.io/linuxserver/heimdall:2.6.1
+    container_name: heimdall
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=${TZ}
+    volumes:
+      - ${APP_DATA_DIR}/data/config:/config
+    ports:
+      - ${APP_PORT}:80
+    restart: unless-stopped
+    networks:
+      - tipi_main_network
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.heimdall-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.heimdall.loadbalancer.server.port: 3000
+      # Web
+      traefik.http.routers.heimdall-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.heimdall-insecure.entrypoints: web
+      traefik.http.routers.heimdall-insecure.service: heimdall
+      traefik.http.routers.heimdall-insecure.middlewares: heimdall-web-redirect
+      # Websecure
+      traefik.http.routers.heimdall.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.heimdall.entrypoints: websecure
+      traefik.http.routers.heimdall.service: heimdall
+      traefik.http.routers.heimdall.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.heimdall-local-insecure.rule: Host(`heimdall.${LOCAL_DOMAIN}`)
+      traefik.http.routers.heimdall-local-insecure.entrypoints: web
+      traefik.http.routers.heimdall-local-insecure.service: heimdall
+      traefik.http.routers.heimdall-local-insecure.middlewares: heimdall-web-redirect
+      # Local domain secure
+      traefik.http.routers.heimdall-local.rule: Host(`heimdall.${LOCAL_DOMAIN}`)
+      traefik.http.routers.heimdall-local.entrypoints: websecure
+      traefik.http.routers.heimdall-local.service: heimdall
+      traefik.http.routers.heimdall-local.tls: true

apps/heimdall/metadata/description.md

@@ -0,0 +1,7 @@
+## About
+
+As the name suggests Heimdall is a dashboard for all your web applications. It doesn't need to be limited to applications though, you can add links to anything you like.
+
+Heimdall is an elegant solution to organise all your web applications. It’s dedicated to this purpose so you won’t lose your links in a sea of bookmarks.
+
+Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.

apps/homarr/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8102,
   "id": "homarr",
-  "tipi_version": 24,
-  "version": "0.14.4",
+  "tipi_version": 26,
+  "version": "0.15.0",
   "categories": [
     "utilities"
   ],

apps/homarr/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 services:
   homarr:
     container_name: homarr
-    image: ghcr.io/ajnart/homarr:0.14.4
+    image: ghcr.io/ajnart/homarr:0.15.0
     restart: unless-stopped
     volumes:
       - ${APP_DATA_DIR}/data/config:/app/data/configs

apps/homeassistant-1/config.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "../schema.json",
+  "name": "Home Assistant",
+  "port": 8209,
+  "available": true,
+  "exposable": true,
+  "id": "homeassistant-1",
+  "tipi_version": 5,
+  "version": "2024.2.5",
+  "categories": [
+    "automation"
+  ],
+  "description": "Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.",
+  "short_desc": "Open source home automation that puts local control and privacy first",
+  "author": "Home Assistant",
+  "source": "https://github.com/home-assistant/core",
+  "form_fields": [],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}

apps/homeassistant-1/data/config/automations.yaml

@@ -0,0 +1 @@
+[]

apps/homeassistant-1/data/config/configuration.yaml

@@ -0,0 +1,17 @@
+# Loads default set of integrations. Do not remove.
+default_config:
+
+# Load frontend themes from the themes folder
+frontend:
+  themes: !include_dir_merge_named themes
+
+automation: !include automations.yaml
+script: !include scripts.yaml
+scene: !include scenes.yaml
+
+http:
+  use_x_forwarded_for: true
+  trusted_proxies:
+    - 127.0.0.1
+    - 172.16.0.0/12
+    - ::1

apps/homeassistant-1/docker-compose.yml

@@ -0,0 +1,41 @@
+version: '3'
+
+services:
+  homeassistant-1:
+    image: ghcr.io/home-assistant/home-assistant:2024.2.5
+    container_name: homeassistant-1
+    environment:
+      - TZ=${TZ}
+    restart: unless-stopped
+    ports:
+      - ${APP_PORT}:8123
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ${APP_DATA_DIR}/data/config:/config
+    networks:
+      - tipi_main_network
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.homeassistant-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.homeassistant.loadbalancer.server.port: 8123
+      # Web
+      traefik.http.routers.homeassistant-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.homeassistant-insecure.entrypoints: web
+      traefik.http.routers.homeassistant-insecure.service: homeassistant
+      traefik.http.routers.homeassistant-insecure.middlewares: homeassistant-web-redirect
+      # Websecure
+      traefik.http.routers.homeassistant.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.homeassistant.entrypoints: websecure
+      traefik.http.routers.homeassistant.service: homeassistant
+      traefik.http.routers.homeassistant.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.homeassistant-local-insecure.rule: Host(`homeassistant.${LOCAL_DOMAIN}`)
+      traefik.http.routers.homeassistant-local-insecure.entrypoints: web
+      traefik.http.routers.homeassistant-local-insecure.service: homeassistant
+      traefik.http.routers.homeassistant-local-insecure.middlewares: homeassistant-web-redirect
+      # Local domain secure
+      traefik.http.routers.homeassistant-local.rule: Host(`homeassistant.${LOCAL_DOMAIN}`)
+      traefik.http.routers.homeassistant-local.entrypoints: websecure
+      traefik.http.routers.homeassistant-local.service: homeassistant
+      traefik.http.routers.homeassistant-local.tls: true

apps/homeassistant-1/metadata/description.md

@@ -0,0 +1,30 @@
+# Home Assistant
+
+Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
+
+Check out [home-assistant.io](https://home-assistant.io) for a [demo](https://home-assistant.io/demo/), installation [instructions](https://home-assistant.io/getting-started/), [tutorials](https://home-assistant.io/getting-started/automation/) and [documentation](https://home-assistant.io/docs/)
+
+## Migration
+
+February 2024
+
+This version of Home Assistant can be exposed. To migrate from the non-exposable app, follow these steps:
+
+- stop the installed app
+- rename `runtipi/app-data/homeassistant` to `runtipi/app-data/__homeassistant`
+- make a backup of `runtipi/app-data/__homeassistant` to a safe location
+- uninstall the app
+- install Home Assistant from the App Store
+- stop the app
+- remove `runtipi/app-data/homeassistant-1`
+- rename `runtipi/app-data/__homeassistant` to `runtipi/app-data/homeassistant-1`
+- add the following section to `runtipi/app-data/homeassistant/data/config/configuration.yaml`
+  ```
+  http:
+    use_x_forwarded_for: true
+    trusted_proxies:
+      - 127.0.0.1
+      - 172.16.0.0/12
+      - ::1
+  ```
+- start the app

apps/homeassistant/config.json

@@ -1,16 +1,22 @@
 {
   "$schema": "../schema.json",
-  "name": "Home Assistant",
+  "name": "Home Assistant non exposed",
   "available": true,
+  "deprecated": true,
   "port": 8123,
-  "tipi_version": 2,
+  "tipi_version": 3,
   "version": "stable",
   "id": "homeassistant",
-  "categories": ["automation"],
+  "categories": [
+    "automation"
+  ],
   "description": "Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.",
   "short_desc": "Open source home automation that puts local control and privacy first",
   "author": "ArneNaessens",
   "source": "https://github.com/home-assistant/core",
   "form_fields": [],
-  "supported_architectures": ["arm64", "amd64"]
-}
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}

apps/homeassistant/metadata/description.md

@@ -1,7 +1,31 @@
-
 ## Open source home automation that puts local control and privacy first
 
 Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
 Check out [home-assistant.io](https://home-assistant.io) for a [demo](https://home-assistant.io/demo/), installation [instructions](https://home-assistant.io/getting-started/), [tutorials](https://home-assistant.io/getting-started/automation/) and [documentation](https://home-assistant.io/docs/)
 
-![Screenshot](https://raw.githubusercontent.com/home-assistant/core/master/docs/screenshots.png)
+![Screenshot](https://raw.githubusercontent.com/home-assistant/core/master/docs/screenshots.png)
+
+## Migration
+
+February 2024
+
+This version of Home Assistant can not be exposed. To migrate to the exposable app, follow these steps:
+
+- stop the installed app
+- rename `runtipi/app-data/homeassistant` to `runtipi/app-data/__homeassistant`
+- make a backup of `runtipi/app-data/__homeassistant` to a safe location
+- uninstall the app
+- install the new Home Assistant from the App Store
+- stop the app
+- remove `runtipi/app-data/homeassistant-1`
+- rename `runtipi/app-data/__homeassistant` to `runtipi/app-data/homeassistant-1`
+- add the following section to `runtipi/app-data/homeassistant/data/config/configuration.yaml`
+  ```
+  http:
+    use_x_forwarded_for: true
+    trusted_proxies:
+      - 127.0.0.1
+      - 172.16.0.0/12
+      - ::1
+  ```
+- start the app

apps/homepage/config.json

@@ -4,8 +4,8 @@
   "available": true,
   "exposable": true,
   "port": 8756,
-  "tipi_version": 5,
-  "version": "0.8.7",
+  "tipi_version": 6,
+  "version": "0.8.8",
   "id": "homepage",
   "categories": [
     "utilities"

apps/homepage/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.9"
 services:
   homepage:
-    image: ghcr.io/gethomepage/homepage:v0.8.7
+    image: ghcr.io/gethomepage/homepage:v0.8.8
     container_name: homepage
     restart: unless-stopped
     ports:

apps/immich/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8128,
   "id": "immich",
-  "tipi_version": 73,
-  "version": "1.94.1",
+  "tipi_version": 77,
+  "version": "1.97.0",
   "categories": [
     "data",
     "photography"

apps/immich/docker-compose.yml

@@ -1,10 +1,10 @@
-version: '3.7'
+version: "3.7"
 
 services:
   immich:
     container_name: immich
-    image: ghcr.io/immich-app/immich-server:v1.94.1
-    command: ['start-server.sh']
+    image: ghcr.io/immich-app/immich-server:v1.97.0
+    command: ["start-server.sh"]
     volumes:
       - ${ROOT_FOLDER_HOST}/media/data/images/immich:/usr/src/app/upload
     environment:
@@ -52,8 +52,8 @@ services:
 
   immich-microservices:
     container_name: immich-microservices
-    image: ghcr.io/immich-app/immich-server:v1.94.1
-    command: ['start-microservices.sh']
+    image: ghcr.io/immich-app/immich-server:v1.97.0
+    command: ["start-microservices.sh"]
     volumes:
       - ${ROOT_FOLDER_HOST}/media/data/images/immich:/usr/src/app/upload
     environment:
@@ -74,7 +74,7 @@ services:
 
   immich-machine-learning:
     container_name: immich-machine-learning
-    image: ghcr.io/immich-app/immich-machine-learning:v1.94.1
+    image: ghcr.io/immich-app/immich-machine-learning:v1.97.0
     volumes:
       - ${ROOT_FOLDER_HOST}/media/data/images/immich:/usr/src/app/upload
       - ${APP_DATA_DIR}/data/immich-ml-cache:/cache
@@ -100,7 +100,7 @@ services:
 
   immich-db:
     container_name: immich-db
-    image: tensorchord/pgvecto-rs:pg14-v0.1.11
+    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
     environment:
       POSTGRES_PASSWORD: ${DB_PASSWORD}
       POSTGRES_USER: tipi

apps/invoice-ninja/docker-compose.yml

@@ -42,7 +42,7 @@ services:
       traefik.http.routers.invoice-ninja-local.tls: true
 
   invoice-ninja-server:
-    image: invoiceninja/invoiceninja:5.8.21
+    image: invoiceninja/invoiceninja:5.8.30
     container_name: invoice-ninja-server
     restart: unless-stopped
     user: 1500:1500

apps/jellyfin/config.json

@@ -5,8 +5,8 @@
   "exposable": true,
   "port": 8091,
   "id": "jellyfin",
-  "tipi_version": 7,
-  "version": "10.8.11",
+  "tipi_version": 8,
+  "version": "10.8.13",
   "categories": [
     "media"
   ],