added some details for offline coopcloud

It took me some time to figure out how to set up the server with abra, the right host names, and the wildcard-cert so I thought these info might help others to set up an offline coopcloud more easily.

docs/abra/hack.md

@@ -99,6 +99,53 @@ The drone configuration was wired up as follows:
 
 Please ask `@decentral1se` or on the Matrix channels for SSH access to the machine.
 
+### Running manually on the CI server
+
+It's convenient to be able reproduce the CI server environment yourself by SSHing to the machine and running the integration tests. Here's how you do it.
+
+SSH config details:
+
+```
+Host int.coopcloud.tech
+  Hostname 51.159.168.99
+  User root
+  Port 22
+  IdentityFile ~/.ssh/<private-key-part>
+```
+
+Once you're in, you can run the following:
+
+```
+sudo -su abra
+cd
+tmux ls # if there is a session, run: tmux attach
+        # this way, we don't crash into each other
+        # when we're running tests
+./run-ci-int
+```
+
+You can also `cd abra` and run `bats ...` directly to trigger specific subsets
+of tests. You'll need to export the env vars at the bottom of the `run-ci-int`
+script to reproduce the same settings.
+
+```
+export ABRA_DIR="$HOME/.abra_test"
+export TERM=xterm
+export TEST_SERVER=default
+export ABRA_CI=1
+```
+
+And then ensuring a clean state and running with the same flags:
+
+```
+rm -rf "$ABRA_DIR"
+bats -Tp tests/integration --filter-tags \!dns --print-output-on-failure
+```
+
+See the [`run-ci-int`](https://git.coopcloud.tech/toolshed/abra/src/branch/main/scripts/tests/run-ci-int) script for more.
+
+See below for more tips on how to run the tests.
+
 ### Running them locally
 
 #### Install dependencies
@@ -359,8 +406,31 @@ For developers, while using this `-beta` format, the `y` part is the "major" ver
 - Push the new tag (e.g. `git push && git push --tags`)
 - Wait until the build finishes on [build.coopcloud.tech](https://build.coopcloud.tech/toolshed/abra)
 - Deploy the new installer script (e.g. `cd ./scripts/installer && make`)
+- Clean up the changelog on the releases page so it includes most relevant
+  changes. See below for the announcement text that needs to be inserted above
+  the generated changelog. You can use something like `git shortlog -e -s -n
+  0.11.0-beta..HEAD` to get the list of authors.
+- Make sure there is a migration guide written in the docs (if necessary)
 - Check the release worked, (e.g. `abra upgrade; abra -v`)
-- Share the announcement:
+- Share the announcement on our General chat and fedi account:
+
+#### Release notes text
+
+```
+## Changelog   
+
+> 🎺🎺🎺 [`0.XX.x-beta` 👉 `0.XX.0-beta` **migration guide**](XXX) 🎺🎺🎺
+
+`abra` update `HOWTO` documentation is [here](https://docs.coopcloud.tech/abra/upgrade/).
+
+The project with all changes and discussions is [here](XXX).
+
+A huge thanks to all our `abra` hackers for this release 💖
+
+$git_shortlog_output
+```
+
+#### General announcement text
 
 ```
 📢📢📢 abra v0.XX  is finally here 📢📢📢
@@ -379,6 +449,8 @@ https://docs.coopcloud.tech/abra/upgrade/#XXx-beta-0XXx-beta
 A huge thanks to everyone who helped get this release done ❤️‍🔥
 
 Happy Hacking 🫂
+
+-- $handle
 ```
 
 ## Fork maintenance
@@ -387,6 +459,10 @@ Happy Hacking 🫂
 
 We maintain a fork of [godotenv](https://git.coopcloud.tech/toolshed/godotenv) because we need inline comment parsing for environment files. You can upgrade the version here by running `go get git.coopcloud.tech/toolshed/godotenv@0<COMMID>` where `<commit>` is the latest commit you want to pin to. See [`abra#391`](https://git.coopcloud.tech/toolshed/abra/pulls/391) for more.
 
+### `docker/cli`
+
+We maintain a fork of [docker-cli](https://git.coopcloud.tech/toolshed/docker-cli/) because we needed to [patch port exposing](https://git.coopcloud.tech/toolshed/docker-cli/commit/2fbb22f65866ac97b47e4d47d8f855fee8c98e2a) to fix this [bug](https://github.com/docker/cli/issues/2407). Once the [fix was upstreamed](https://github.com/docker/cli/pull/6799) we can remove this fork again. 
+
 ### `docker/client`
 
 A number of modules in [pkg/upstream](https://git.coopcloud.tech/toolshed/abra/src/branch/main/pkg/upstream) are copy/pasta'd from the upstream [docker/docker/client](https://pkg.go.dev/github.com/docker/docker/client). We had to do this because upstream are not exposing their API as public.

docs/abra/swarm.md

@@ -0,0 +1,55 @@
+---
+title: Swarm mode almanac
+---
+
+> !!! warning "This page is a Work In Progress :tm:"
+    A page to understand WTF is going on with [Swarm mode](https://docs.docker.com/engine/swarm/key-concepts/) and how we rely on it, how we might not rely on it and other related threads. Please add to this page as you see fit! If we can establish some shared understanding of what is going on under the hood, we can come up with a collective solution which meets everyones needs.
+
+## Support matrix
+
+In practice, this is what we currently rely on Swarm mode for.
+
+| Feature | Explanation |
+| ----------- | ----------- |
+| Encrypted secrets | When you run `abra secret generate`, it uses something like `printf foo | docker secret create foo -` under the hood. This feature only works if you have first run `docker swarm join`. Swarm mode [securely transports and stores your secret encrypted on the server](https://docs.docker.com/engine/swarm/secrets/#how-docker-manages-secrets). `docker compose` does not support encrypting or storing secrets because it only runs client-side. |
+| Template driver | If you use `template_driver: golang` in your `compose.yml` to insert secrets or environment variables into your configs, then you are using a template driver. This feature has almost 0 documentation and does not appear to be supported by [the actual Compose Spec](https://github.com/compose-spec/compose-spec/blob/main/08-configs.md) and is actually completely blocked by `docker compose` ([source](https://github.com/docker/compose/blob/f9828dfab909e9dd0dd489a49088c8619ec2ca7e/pkg/compose/create.go#L1095)). Several recipes use this feature and it seems quite crucial for our usage. |
+| Stacks | Firstly, [a service](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/) is key concept here. A stack is then a shared namespace of services with networks, volumes, configs etc. The concept of a stack is a [unique](https://docs.docker.com/engine/swarm/stack-deploy/) to Swarm mode. Any replacement for Swarm mode would have to implement this kind of namespacing feature for backwards compatibility purposes. See [`psviderski/uncloud#94`](https://github.com/psviderski/uncloud/discussions/94) for more. |
+| Orchestration | When you run `abra app deploy`, we're running a slightly customised `docker stack deploy` under the hood. Swarm mode is supposed to automagically handle zero downtime updates and rollbacks if things fail. However, we're seeing [the limitations of this approach](/abra/swarm/#limitations). |
+
+## Unsupport matrix
+
+| Feature | Explanation |
+| ----------- | ----------- |
+| Multi-node | It is possible but it doesn't seem like anyone in our community is really doing this. We believe the majority of Co-op Cloud installs are single node. There is also a lack of [CSI](https://github.com/olljanat/csi-plugins-for-docker-swarm?tab=readme-ov-file) support for coordinating storage across multiple hosts when using Swarm mode. This means we kind of throw out [the majority](https://docs.docker.com/engine/swarm/#feature-highlights) of the features of Swarm mode. |
+
+## Limitations
+
+* Swarm mode is still eerily underdeveloped and lacking features as a system. There are still some lurking network and stability bugs which are common. We're grateful for the undercover live reporting from people in-the-know adjacent to our network below. There are even folx inside Docker who are apparently calling it abandonware ([source](https://git.coopcloud.tech/toolshed/organising/issues/682#issuecomment-30235)). All this does not really put us at ease.
+
+!!! note "Docker whiskey leaks"
+
+    > https://www.mirantis.com/blog/mirantis-guarantees-long-term-support-for-swarm/
+    >
+    > Mirantis' relationship with "swarm" is very confusing! my understanding is that there are people (or one person? lol) at mirantis who do some work on the orchestration engine that is "docker swarm," but only to the extent that it supports mirantis' platform. i don't believe there's any active feature development beyond that. you're right that it's a misleading headline -- it sounds to me that they're just saying that they'll continue swarm support in their v3 kubernetes platform, not that they're committed to developing swarm as an orchestration system.
+    >
+    > Way back when (i guess in 2019? before my time!), docker sold off its enterprise platform which was called "swarm" to mirantis, so that's still a product that mirantis has and has developed in their way, but it's not the open-source swarm(kit) that's part of the docker cli. this is a good quick explanation: https://forums.docker.com/t/docker-swarmkit-and-the-mirantis-deal-not-docker-swarm/88886
+
+* The orchestration features of Swarm mode are opaque, causing failed deployments to be difficult to understand. This can cause a litany of a issues. For example, in the case where your database has been migrated and a rollback of your failing app doesn't support the new schema. This is being discussed extensively on [`organising#682`](https://git.coopcloud.tech/toolshed/organising/issues/682).
+
+## Potential alternatives
+
+* [`uncloud.run`](https://github.com/psviderski/uncloud): The Uncloud folks are creating a very different system. Something beyond compose but not k8s and not Swarm. This means they have to implement a lot of features of the orchestration from scratch. However, they're going for a nice approach: a straight-forward imperative deployment model (supports `depends_on` for predictable ordering during deployments). They're choosing which parts of the Compose Spec they implement and it's noteworthy that they [don't implement secrets yet](https://github.com/psviderski/uncloud/issues/75). See the [Compose support matrix](https://uncloud.run/docs/compose-file-reference/support-matrix) for more. They are however very focused on multi-node functionality. It's a system to [keep an eye on](https://github.com/psviderski/uncloud/milestone/1) with the hope that we can use some part of it in the future. Lines of communication [have been opened](https://github.com/psviderski/uncloud/discussions/255).
+
+* [`docker compose`](https://github.com/docker/compose): Plain old `docker compose`. A more elegant weapon for a more civilised age. It is however missing features we need such as encrypted secrets and `template_driver` support. There may be [more things missing](https://github.com/docker/compose/issues/11867). They are developing a promising [SDK](https://docs.docker.com/compose/compose-sdk/) exposes a public API for handling various operations. This would need some serious investigation and most likely some custom solutions for the features we're missing.
+
+## What we need
+
+* Something that is backwards compatible with our existing recipe configuration commons and the current deployments. We can't re-invent the wheel because we all rely on this system. So, we need to look towards incremental improvements or changes which are backwards compatible. We can always agree to change the config commons or some shared practices but then we need to establish a clear agreement with decision making. This is the social part.
+
+* Some way of conveniently using secrets when deploying services. This method should easily support working in a team which doesn't stray too far from our established Git Ops workflow of sharing `$ABRA_DIR`. They don't need to be encrypted and stored on the server (removing the need for Swarm mode handling) as long as they're mounted as secrets in the usual `/run/secret/<name>` manner at runtime.
+
+* Template driver support so we can template values into our configurations. This is used in enough recipes to warrant continued support.
+
+* A way to namespace services into a deployment, aka a "Docker Stack". This would appear to be a minor implementation detail after all is said and done. It's services all the way down and they have some linked networks/configs/volumes/etc. and a shared naming convention.
+
+* Some way to achieve [Fearless YunoHost-esque Upgrades](https://git.coopcloud.tech/toolshed/organising/issues/682#issuecomment-29302). In other words, some predictable way to deploy / upgrade / rollback and some way to intervene when things go wrong. It should be easy to understand for everyone and would enable real stability for operators. I think we want some sort of anti-orchestration implementation which is super simple.

docs/abra/trouble.md

@@ -105,4 +105,4 @@ $ git clone https://git.coopcloud.tech/coop-cloud/MyCoolRecipe.git ~/.abra/recip
 
 ## "only updates to Labels are allowed"
 
-See [Packaging handbook » What does "only updates to Labels are allowed" mean](maintainers/handbook/#what-does-only-updates-to-labels-are-allowed-mean).
+See [Packaging handbook » What does "only updates to Labels are allowed" mean](/maintainers/handbook/#what-does-only-updates-to-labels-are-allowed-mean).

docs/abra/upgrade.md

@@ -53,6 +53,12 @@ And test things work.
 
 > General release notes are [here](https://git.coopcloud.tech/toolshed/abra/releases/)
 
+### `0.11.x-beta` -> `0.12.x-beta`
+
+* `kadabra` has been archived and is no longer published alongside `abra`
+  releases. See [`#699`](https://git.coopcloud.tech/toolshed/abra/issues/699)
+  for more.
+
 ### `0.10.x-beta` -> `0.11.x-beta`
 
 * Timeouts are no longer used unless specifically set in the app `.env` file,

docs/federation/minutes/2025-12-28.md

@@ -0,0 +1,45 @@
+---
+title: 2025-12-28
+---
+
+## Coop-Cloud Meetup @ 39C3
+
+> Warning: this is no real protocol, since we did not really decide someone to
+> write down something (and what), but it was my try to summarize the
+> conclusive parts. For all attendees, please correct and extend on what i
+> wrote here, if something is missing or wrong :)
+
+### Talk about Coop-Cloud
+
+Simon and d1 are looking into the old state and maybe update it.
+
+### Alakazam workshop
+
+Tomorrow 16:15 at the coop-cloud table.
+
+### Daily things with coop-cloud (what is nice, what not)
+
+* Generally good experience
+* SSO stuff is cumbersome
+* Keeping an eye on recipe changes is a bit hard
+* Onboarding for new users could be easyer
+* Catalog has structural problems
+* All are using several workarounds
+* Upgrading a recipe is cumbersome (there is a proposal to make that better, just has to be implemented)
+
+### More cooperation in general/ reflect on kiteflying / talk about finances:
+
+* Me try to do it once a month with more static topics
+* The radmin role would maybe help to fix to get people payed for stuff through that
+* Draft from p4u1 and d1
+* Maybe a proposal gets made by kawaiipunk to rise the wage for internal tasks (discussions will follow to refine that idea)
+* We want to implement the maintainers proposal to more recipes
+* We should implement default guidelines for cooperation/contribution for the recipes, which can be "overwritten" by each reipe maintainers
+* We want to experiment with automated testing, for recipes, here it would be great to have some kind of a defined list of what should be tested
+* Maybe we could implement a language server for abra
+* Idea: Workaround sharing session or blog write ups about the workarounds used
+* Idea: move away from the env file in the future via defining a standard over alakazam without breaking the env (like upstream alakazam)
+
+### Political Statement in the Documentation
+
+d1 puts survey answers to a text and then we work together and decide it in a kiteflying.

docs/federation/resolutions/in-progress/035.md

@@ -0,0 +1,33 @@
+---
+title: "Resolution 035: Budget 016: Sutty Website Proposal"
+---
+
+- Topic: Budget 016: Sutty Website Proposal
+- Date: 2026-02-12
+- Deadline: 2026-02-26
+- Size: Large
+
+## Summary
+
+Budget 016 proposes to:
+
+1. Compensate Sutty and Co-op Cloud community members `@edu` & `@eli` 250 USD (500 USD total) each according to their own proposed compensation.
+1. Compensate `@diatom` for up to 30 hours to participate in the generative process as Co-op Cloud community delegate.
+
+Please see [the full proposal text](https://vvvvvvaria.org/~decentral1se/cc/CoopCloud-2025WebsiteProposal-Sutty.pdf) for more details. See `Capítulo 3 > Resources estimations` for the section regarding financial estimations. The Co-op Cloud community and federation are to be consulted during this process for decision making around choosing a new website proposal. `@diatom` agrees to be a bridge between the work of `@edu`/`@eli` and the Co-op Cloud community.
+
+## Details (Budget 016)
+
+This resolution follows the Good Work of `@sef`/`@edu`/`@eli` in carrying out the Co-op Cloud Community Website Survey. The idea is that `@edu` and `@eli` (with the blessing of `@sef`) will now bring forward a concrete proposal for the new Co-op Cloud website based on their proposed generative process. Please see [the full proposal text](https://vvvvvvaria.org/~decentral1se/cc/CoopCloud-2025WebsiteProposal-Sutty.pdf) for all details.
+
+#### Budget
+
+`@edu`/`@eli`/`@diatom` will carry out this work.
+
+Please join `#coop-cloud-new-website:autonomic.zone` to participate in this process. All community members are welcome.
+
+The budget total is:
+
+* 500 USD (423 EUR)
+* 30 hrs * 20 EUR = 600 EUR
+* **Total**: 1023 EUR

docs/federation/resolutions/in-progress/037.md

@@ -0,0 +1,26 @@
+---
+title: "Resolution 037: Adopt alakazam as an official project in the Co-op Cloud Federation"
+---
+
+- Topic: Resolution 037: Adopt alakazam as an official project in the Co-op Cloud Federation
+- Date: 12-02-2026
+- Deadline: 26-02-2026
+- Size: medium
+
+## Summary
+
+We want to adopt the abra wrapper Alakazam (https://git.coopcloud.tech/moritz/alakazam) , which is used by KolliCloud (https://kollicloud.de) as an official project in the Co-op Cloud Federation
+
+## Details
+
+As we already disscussed on our Meetup and the Alakazam workshop at 39C3 end of 2025, we want to adopt the abra wrapper Alakazam (https://git.coopcloud.tech/moritz/alakazam), which is used by KolliCloud (https://kollicloud.de) as an official project in the Co-op Cloud Federation. This way, we want to start collaborative effort on teaching, writing docs, writing tests.
+
+This includes the following (in the long run):
+
+* tranfering the Alakazam repository to https://git.coopcloud.tech/toolshed
+* creating a space in the docs for alakazam and moving the contents of the readme and the nessecary contents of https://wiki.local-it.org/s/kollicloud-wiki/doc/installation-wVp2LfBbg7
+* get others to try alakazam (future Kite-Flying sessions for this)
+* write tests for alakazam
+* implement the option to use more than one deployment of the same application in one instance
+* migrate alaconnect.yml files for the recipe (we have to figure out how multiple instances would allow this in regards to the multiple same apps in one instance)
+* migrate the features (that makes sense) into abra

docs/federation/resolutions/passed/034.md

@@ -1,5 +1,5 @@
 ---
-title: Resolution 034
+title: "Resolution 034: Extra budget for Escuela Común recipes"
 ---
 
 - Topic: Budget 015: Extra budget for recipes needed by Escuela Común

docs/federation/resolutions/passed/036.md

@@ -0,0 +1,28 @@
+---
+title: "Resolution 036: Democratic Tech Fund joins the Co-op Cloud Federation"
+---
+
+- Topic: Resolution 036: Democratic Tech Fund joins the Co-op Cloud Federation
+- Date: 2026-01-19
+- Deadline: 2026-02-02
+- Size: Large
+
+## Summary
+
+The Democratic Tech Fund (DTF) is a Project-In-The-Making which has close affinity with Co-op Cloud in culture and stated goals. `@mikemh` and `@wtebbens` are active members of the community and can represent the Democratic Tech Fund. The DTF would like to join the Co-op Cloud Federation in order to establish a solid base for future collaboration.
+
+The DTF is set up as a co-operative federation, with multi-stakeholder membership: to allow both individual as organisational membership, operational members (i.e. workers), collaborator members, council of steward members (elected) and institutional members (public and private funders).
+
+A brief summary of the the intended goals of the DTF are as follows:
+
+* **Build and provide the tech**: Generating working configurations of tech infrastructure and services that address actual, perceived needs, drawing on the reserves of free-libre open- source software and constructing practices of material infrastructure that are under the review and steering of the communities they service. 
+
+* **Mobilise awareness towards adoption**: highlighting the clear and present danger and our collective capacity to resist, re-make and re-imagine. There's a need for campaign work, media and visuals, and for intelligence and news about what has already been done. 
+
+* **Build the community**: nurturing local, regional and trans-regional communities and networks that are capable to articulate these alternatives, to make the change together and to sustain the economic base for radically re-oriented infrastructure.
+
+Please see the latest Work-In-Progress [DTF concept note - v0.3](https://oficina.commonscloud.coop/s/No93qBkpxAsgYqE) for more details. Founding members include the [Free Knowledge Institute](https://freeknowledge.eu), [Commons Network](https://www.commonsnetwork.org) and [Fundación Platoniq / Goteo.org](https://goteo.org). The Free Knowledge Institute is also the fiscal host of the DTF. Please see the website of the [DTF](https://democratictech.fund) itself for more information.
+
+DTF are happy to pay the current recommended federation membership fee.
+
+Please feel free to join `#dtf2026:matrix.org` to keep up with DTF project developments.

docs/maintainers/handbook.md

@@ -53,6 +53,12 @@ I.e. `compose.smtp.yml`. These are used to provide non-essential functionality s
 
 If you look at a `compose.yml` file and see a `configs` section, that means this compose file is putting files in the container. This might be used for changing default (vendor) configuration, such as this [fpm-tune.ini file](https://git.coopcloud.tech/coop-cloud/nextcloud/src/commit/28425b6138603067021757de28c639ad464e9cf8/fpm-tune.ini) used to adjust `php-fpm.` See [this handbook entry](/maintainers/handbook/#manage-configs) for more.
 
+### Special environment variables
+
+#### STACK_NAME
+
+Our deployment runtime expects a specific naming convention for Co-op Cloud apps when they are deployed on the server. This is a case of lowercasing/underscoring the domain name, e.g. "foo.coopcloud.tech" -> "foo_coopcloud_tech". This is for the most part an internal implementation detail. However, it is sometimes useful to expose this variable to template configurations when trying to connect apps together via runtime networking. See ["How do I reference serices in configs"](/maintainers/handbook/#how-do-i-reference-services-in-configs) for a practical example.
+
 ## Manage configs
 
 To add additional files into the container, you can use [Docker configs](https://docs.docker.com/engine/swarm/configs/). This usually involves the following:
@@ -323,18 +329,15 @@ Sometimes the containers don't even have Bash installed on them. You had better
 
 When referencing an `app` service in a config file, you should prefix with the `STACK_NAME` to avoid namespace conflicts (because all these containers sit on the traefik overlay network). You might want to do something like this `{{ env "STACK_NAME" }}_app` (using  the often obscure dark magic of the Golang templating language). You can find examples of this approach used in the [Peertube recipe](https://git.coopcloud.tech/coop-cloud/peertube/src/commit/d1b297c5a6a23a06bf97bb954104ddfd7f736568/nginx.conf.tmpl#L9).
 
-!!! warning "Here be timing dragons 🐉"
+!!! warning "Here be `STACK_NAME` dragons 🐉"
 
-    Due to how `STACK_NAME` as an environment variable is initialized within `abra`, it won't be available *early enough* for use within config templates (`*.tmpl`) unless you **use it as an environment variable for one of your compose services**.
-    Ideally this is addressed in a newer version of `abra`, but for now, this workaround suffices ✅
+    `STACK_NAME` is a [**special environment variable**](/maintainers/handbook/#special-environment-variables) which `abra` generates for you and in the format the runtime deployment expects to see. If you want to expose this environment variable in your template configurations, you need to expose it explicitly to the `env: ...` stanza in your recipe compose configuration. An example follows below.
 
-    E.g.
-    ```
+    ```yaml
       services:
         web:
           image: nginx:1.29.3
           environment:
-            - ...
             - STACK_NAME
     ```
 
@@ -590,7 +593,7 @@ SECRET_JWT_SECRET_VERSION=v1 # charset=default,special
 ```
 
 Options are:
-* `default`: [source](https://github.com/decentral1se/passgen/blob/8404cb922dea92efa8c3514f0ec8c37ce12a880f/const.go#L23)
+
 * `special`: [source](https://github.com/decentral1se/passgen/blob/8404cb922dea92efa8c3514f0ec8c37ce12a880f/const.go#L22C29-L22C43)
 * `safespecial`: [source](https://git.coopcloud.tech/toolshed/abra/src/commit/6abaf7a094df1a96599af2c4cbae1769821ad17c/pkg/secret/secret.go#L182)
 * `default,special`: mix of `default` and `special`

docs/maintainers/index.md

@@ -2,16 +2,28 @@
 title: Maintainers
 ---
 
-Welcome to the maintainers guide! Maintainers are typically individuals who have a stake in building up and maintaining our digital configuration commons, the recipe configurations. Maintainers help keep recipes configurations up to date, respond to issues in a timely manner, help new users within the community and recruit new maintainers when possible.
+Welcome to the recipe maintainers guide! Recipe maintainers help build up and maintain our recipe configuration commons based on [`R025`](https://docs.coopcloud.tech/federation/resolutions/passed/025/).
 
 <div class="grid cards" markdown>
 
-- __New Maintainers Tutorial__
+- __How to Become a Recipe Maintainer™__
 
-    If you want to package a recipe and/or become a maintainer, start here :rocket:
+    If you want to become a recipe maintainer, start here :heart:
+
+    [Learn more](/maintainers/maintain){ .md-button .md-button--primary }
+
+- __Package your First Recipe Tutorial__
+
+    If you want to package a recipe, start here :rocket:
 
     [Get Started](/maintainers/tutorial){ .md-button .md-button--primary }
 
+- __How to Upgrade a Recipe__
+
+    If you want to upgrade a recipe, start here 🤸‍♀️
+
+    [Start upgrading](/maintainers/upgrade){ .md-button .md-button--primary }
+
 - __Packaging Handbook__
 
     One-stop shop for all you need to know to package recipes :package:

docs/maintainers/maintain.md

@@ -0,0 +1,82 @@
+---
+title: How to Become a Recipe Maintainer
+---
+
+!!! warning
+
+    This guide is a work-in-progress following [`R025`](https://docs.coopcloud.tech/federation/resolutions/passed/025/) and the work to to implement this in [`#60`](https://git.coopcloud.tech/coop-cloud/traefik/issues/60) for the [traefik recipe](https://git.coopcloud.tech/coop-cloud/traefik). Please help us update this documentation with new conventions and practices that emerge.
+
+## What does a recipe maintainer do?
+
+A recipe maintainer takes care of one or more recipes. This includes reviewing issues and pull requests and applying application upgrades which are published upstream. The general expectations for what a recipe maintainer should carry out are defined in [`R025`](https://docs.coopcloud.tech/federation/resolutions/passed/025/).
+
+If recipes are maintained by several maintainers, there is a greater chance of stability for all operators who deploy those recipe upgrades for end-users. Please consider becoming a maintainer for recipes which you rely on!
+
+!!! note "We need More Recipe Maintainers!"
+
+    Since the publishing of [`R025`](https://docs.coopcloud.tech/federation/resolutions/passed/025/) there is a growing consensus that it is critically important that we recruit more recipe maintainers. The recipe configuration commons on its own is not enough. We also need to coordinate our maintenance work to ensure that everyone can benefit from smooth and stable upgrades.
+
+## You can become a recipe maintainer!
+
+Anyone who deploys a recipe can become a recipe maintainer. If you want to ensure that a recipe becomes stable and reliable, then you can become the maintainer. If you maintain a recipe alone, ask for help and encourage others to join in. The only way we can reduce the endless workload of application updates is to coordinate our work together.
+
+### `README.md` and `MAINTENANCE.md`
+
+You can start by reading The Maintainers Proposal: [`R025`](https://docs.coopcloud.tech/federation/resolutions/passed/025/). Check if there are maintainers mentioned in the `README.md` of the recipe repository and if there is a `MAINTENANCE.md` present. For example, for the traefik recipe, here is [the list of maintainers in the `README.md`](https://git.coopcloud.tech/coop-cloud/traefik/src/commit/8eaee04b5d9980a99fdad57677a4c72d7796da10/README.md?display=source#L8) and the maintainers guidelines in the [`MAINTENANCE.md`](https://git.coopcloud.tech/coop-cloud/traefik/src/commit/8eaee04b5d9980a99fdad57677a4c72d7796da10/MAINTENANCE.md). If there is no `MAINTENANCE.md`, copy the template below and create your own.
+
+### Maintainers Team
+
+It is important that only recipe maintainers have write permissions to the repository. As it currently stands, every member of the [Co-operators Team](https://git.coopcloud.tech/org/coop-cloud/teams/co-operators) has write permissions to all recipe repositories for convenience while we are missing enough maintainers.
+
+To change this, create a new team on [`git.coopcloud.tech/coop-cloud/teams`](https://git.coopcloud.tech/org/coop-cloud/teams) for your specific recipe, e.g. `mycoolrecipe-maintainers`. Add yourself and any other maintainers and don't forget to add the recipe repository itself on the repositories tab. Remove your recipe repository from the [list of repositories for the Co-operators Team](https://git.coopcloud.tech/org/coop-cloud/teams/co-operators/repositories) so that write permissions are removed.
+
+### Repository Permissions
+
+Under `Branch Protection` in the recipe repository settings, create a new rule
+for the `main` / `master` branch of your repository. Add your maintainer team
+to the following list of permissions.
+
+* Allow only maintainers to push directly to the main branch
+    * `Allowlist Restricted Push` > `Allowlisted teams for pushing`
+* Allow only maintainers to approve pull requests
+    * `Restrict approvals to allowlisted users or teams` > `Allowlisted teams for reviews`
+* Allow only maintainers to merge pull requests
+    * `Enable Merge Allowlist` > `Allowlisted  teams for merging`
+
+## Templates
+
+### `MAINTENANCE.md` template
+
+!!! warning
+
+    We are still considering if it is a good idea to create a `MAINTENANCE.md`
+    for every recipe repository. Maybe it is a better idea to make a single
+    `MAINTENANCE.md` on [docs.coopcloud.tech](https://docs.coopcloud.tech). We
+    look forward to seeing feedback on this from new maintainers.
+
+See the [`MAINTENANCE.md`](https://git.coopcloud.tech/coop-cloud/traefik/raw/branch/master/MAINTENANCE.md) of the Traefik recipe.
+
+### Pull request template
+
+See the [`.gitea/PULL_REQUEST_TEMPLATE.md`](https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/.gitea/PULL_REQUEST_TEMPLATE.md) of the Traefik recipe.
+
+
+## Where can maintainers find support?
+
+### Chat
+
+An active community exists in the [`#coopcloud-tech`](https://matrix.to/#/#coopcloud-tech:autonomic.zone?via=autonomic.zone) channel, which can answer your questions and help with issues. Please be patient when asking for support.
+
+### Recipe Issue Tracker
+
+If you're stuck on a problem, create an issue in your recipe's issue tracker. Users of your repository may contribute PRs, otherwise you can ask the community for support.
+
+### Toolshed
+
+If you're blocked by a problem in Coop Cloud's tooling, write a ticket to one of the [Toolshed](https://git.coopcloud.tech/toolshed) issue trackers. For example:
+
+* [abra](https://git.coopcloud.tech/toolshed/abra/issues)
+* [docs.coopcloud.tech](https://git.coopcloud.tech/toolshed/docs.coopcloud.tech/issues)
+* [recipes.coopcloud.tech](https://git.coopcloud.tech/toolshed/recipes.coopcloud.tech/issues)
+
+If you cannot find a repository to match your problem, you can write in the [organizing issues](https://git.coopcloud.tech/toolshed/organising/issues) tracker. (See: [migration notice](https://git.coopcloud.tech/toolshed/organising/issues/667))

docs/maintainers/upgrade.md

@@ -0,0 +1,15 @@
+---
+title: How to Upgrade a Recipe
+---
+
+## Updating versions in the `abra.sh`
+
+`#TODO`
+
+## Backwards compatible environment variable changes
+
+`#TODO`
+
+## Creating new release notes
+
+`#TODO`

docs/operators/handbook.md

@@ -118,7 +118,7 @@ Then `$ABRA_DIR` will be automatically picked up as `$PWD`. This is useful when
 
 If you're on an environment where it's hard to run Docker, or command-line programs in general, you might want to install `abra` on a server instead of your local computer.
 
-To install `abra` on the same server where you'll be hosting your apps, just follow [getting started guide](/operators/tutorial#deploy-your-first-app) as normal except for one difference. Instead of providing your SSH connection details when you run `abra server add ...`, just pass `--local`.
+To install `abra` on the same server where you'll be hosting your apps, just follow [getting started guide](/operators/tutorial#deploy-your-first-app) as normal except for one difference. Instead of providing your SSH connection details when you run `abra server add ...`, just pass `--local` and specify the domain during deployment.
 
 ```
 abra server add --local
@@ -320,6 +320,36 @@ If you need to run a command within a running container you can use `abra app ru
 
 If you need to run a command on a container that won't start (eg. the container is stuck in a restart loop) you can temporarily disable its default entrypoint by setting it in `compose.yml` to something like ['tail', '-f', '/dev/null'], then redeploy the stack (with `--force --chaos` so you don't need to commit), then [get into the now running container](#how-do-i-attach-to-a-running-container), do your business, and when done revert the compose.yml change and redeploy again.
 
+## How can I modify/override the `compose.yml-file`?
+
+If you need a customization of the `compose`-file, e.g., override a specific, hard coded value that is not present in the sample-env, add a custom volume, or add an environment variable that the image knows but which is not (yet) included in the `compose.yml` of the recipe, you can do so by using the `COMPOSE_FILE` environment variable ([more details in Docker docs](https://docs.docker.com/compose/how-tos/environment-variables/envvars/#compose_file)).
+
+For details about how the two compose files are merged, consult the official [Docker docs](https://docs.docker.com/compose/how-tos/multiple-compose-files/merge/).
+
+If it's not a special or edge case, perhaps consider modifying the original recipe / racing a feature request so everyone can benefit from your conceptual work?
+
+### Example 
+The upstream image of your `app` allows you to modify the SMTP port with an environment variable called `SMTP_PORT`, but the recipe's maintainers didn't include it in the compose file because they didn't have in mind anyone would need a non-standard port. So you can't simply add `SMTP_PORT` to your `yourapp.example.com.env`, because it won't find its way into the running container.
+
+For a quick fix, you could now create a file, e.g. `yourapp.example.com.compose.override.yml` (naming is up to you) with the content:
+
+```
+services:
+  app:
+    environment:
+      SMTP_PORT: 25
+```
+
+and add to your `yourapp.example.com.env`
+
+```
+COMPOSE_FILE="compose.yml:../../servers/<YOUR-SERVER>/yourapp.example.com.compose.override.yml
+```
+_Make sure you include the original `compose.yml` and place the `yourapp.domain.compose.override.yml` directly alongside of your `yourapp.example.com.env`, or change the (relative) path respectively._
+
+This will now add/overwrite the `SMTP_PORT` environment variable of the `app` container.
+
+`
 ## Can I run Co-op Cloud on ARM?
 
 `@Mayel`:
@@ -491,7 +521,9 @@ Yes, as of [`#585`](https://git.coopcloud.tech/toolshed/abra/pulls/585), this is
 ## Running an offline coop-cloud server 
 
 You may want to run a coop-cloud directly on your device (or in a VM or machine on your LAN), whether that's for testing a recipe or to run coop-cloud apps outside of the cloud ;-)
-In that case you might simply add some names to `/etc/hosts` (e.g `127.0.0.1 myapp.localhost`), or configure them on a local DNS server - which means `traefik` won't be able to use `letsencrypt` to generate and verify SSL certificates. Here's what you can do instead:
+
+In that case you might set up your server with `abra add server --local` like you would do it [running abra server side](#running-abra-server-side) (without a specific server name).
+Then you could simply add some names to `/etc/hosts` (e.g `127.0.0.1 myapp.localhost`, `127.0.0.1 coopcloud.local`, `127.0.0.1 *.coopcloud.local`), or configure them on a local DNS server - which means `traefik` won't be able to use `letsencrypt` to generate and verify SSL certificates. Here's what you can do instead:
 1. In your traefik .env file, edit/uncomment the following lines:
 ```
 LETS_ENCRYPT_ENV=staging
@@ -500,7 +532,8 @@ SECRET_WILDCARD_CERT_VERSION=v1
 SECRET_WILDCARD_KEY_VERSION=v1
 COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
 ```
-2. Generate a self-signed certificate using the [command listed here](https://letsencrypt.org/docs/certificates-for-localhost/#making-and-trusting-your-own-certificates). Unless using `localhost` you may want to edit that where it appears in the command, and/or add multiple (sub)domains to the certificate e.g: `subjectAltName=DNS:localhost,DNS:myapp.localhost`
+2. Generate a self-signed certificate using the [command listed here](https://letsencrypt.org/docs/certificates-for-localhost/#making-and-trusting-your-own-certificates). Unless using `localhost` you may want to edit that where it appears in the command, and/or add multiple (sub)domains to the certificate e.g: `subjectAltName=DNS:localhost,DNS:myapp.localhost`. You can also use wildcard-subdomains if you want to be more flexible later one, which apps to deploy: `subjectAltName=DNS:coopcloud.local,DNS:*.coopcloud.local`. 
+
 3. Run these commands:
 ```
 abra app secret insert localhost ssl_cert v1 localhost.crt -f

docs/operators/tutorial.md

@@ -36,7 +36,8 @@ Otherwise, here are the step required:
 ssh <server-domain>
 
 # docker install convenience script
-wget -O- https://get.docker.com | bash
+# not suitable for production environments - refer to the script header for alternatives
+curl https://get.docker.com | bash
 
 # check that docker was installed correctly
 sudo docker run hello-world
@@ -84,6 +85,10 @@ Where `116.203.211.204` can be replaced with the IP address of your server.
 
     You can use a tool like `dig` on the command-line to check if your server has the necessary DNS records set up. Something like `dig +short <domain>` should show the IP address of your server if things are working.
 
+??? question "Can I use DynDNS with a home server?"
+
+    Yes. If your DNS provider does not allow you to set a *. A-Record, you may still be able to use a *. CNAME-Record to your example.com domain.
+
 ### Install `abra`
 
 Now we can install [`abra`](/abra) locally on your machine and hook it up to your server. We support a script-based installation method ([script source](https://git.coopcloud.tech/toolshed/abra/src/branch/main/scripts/installer/installer)):
@@ -183,9 +188,8 @@ You need to keep port `:80` and `:443` free on your server for web proxying to y
 
 ??? question "Do you support multiple web proxies?"
 
-   Yes, this is possible. See [this handbook
-   entry](/operators/handbook/#proxying-apps-outside-of-co-op-cloud-with-traefik)
-   for more. Be warned, this is a relatively advanced topic.
+    Yes, this is possible. See [this handbook entry](/operators/handbook/#proxying-apps-outside-of-co-op-cloud-with-traefik)
+    for more. Be warned, this is a relatively advanced topic.
 
 **1. To get started, you'll need to create a new app:**
 
@@ -258,7 +262,6 @@ abra app deploy <nextcloud-domain>
 ```
 abra app ps -w <nextcloud-domain>     # status check
 abra app logs <nextcloud-domain>      # logs trailing
-abra app errors -w <nextcloud-domain> # error catcher
 ```
 
 Your new `traefik` instance will detect that a new app is coming up and generate TLS certificates for it. You can see what `traefik` is up to using the same commands above but replacing `<nextcloud-domain>` with the `<traefik-domain>` you chose earlier (`abra app ls` will remind you what domains you chose :grinning:).

mkdocs.yml

@@ -94,6 +94,8 @@ nav:
         - federation/proposals/federation.md
       - "Resolutions":
           - federation/resolutions/index.md
+          - "Draft":
+              - federation/resolutions/index.md
           - "Passed":
               - federation/resolutions/passed/001.md
               - federation/resolutions/passed/002.md
@@ -126,19 +128,23 @@ nav:
               - federation/resolutions/passed/032.md
               - federation/resolutions/passed/031.md
               - federation/resolutions/passed/033.md
+              - federation/resolutions/passed/034.md
+              - federation/resolutions/passed/036.md
           - "Stalled":
               - federation/resolutions/stalled/013.md
               - federation/resolutions/stalled/030.md
           - "In Progress":
               - federation/resolutions/index.md
-              - federation/resolutions/in-progress/034.md
+              - federation/resolutions/in-progress/035.md
+              - federation/resolutions/in-progress/037.md
       - "Minutes":
           - federation/minutes/index.md
           - "Recently":
+              - federation/minutes/2025-12-28.md
+          - "Archive":
               - federation/minutes/2024-08-15.md
               - federation/minutes/2024-04-17.md
               - federation/minutes/2024-03-29.md
-          - "Archive":
               - federation/minutes/2024-02-01.md
               - federation/minutes/2022-03-03.md
               - federation/minutes/2023-05-03.md
@@ -160,6 +166,7 @@ nav:
       - "Hack": abra/hack.md
       - "Troubleshoot": abra/trouble.md
       - "Cheat Sheet": abra/cheat-sheet.md
+      - "Swarm mode almanac": abra/swarm.md
   - "Specifications":
       - specs/index.md
       - "Backups":

requirements.txt

@@ -1,6 +1,6 @@
 mkdocs~=1.6.1
 
-mkdocs-material==9.5.49
+mkdocs-material==9.6.20
 mkdocs-material-extensions==1.3.1
 mkdocs-awesome-pages-plugin==2.10.1
 pygments==2.19.1