chore: publish 5.1.2+v3.6.15 release

fix: matrix-federation entrypoint on :8448 to match published port
compose.matrix.yml publishes container port 8448, but the entrypoint was on :9001 — federation traffic hit no listener. :9001 also collided with the minio-console entrypoint.
2026-05-25 16:52:59 +00:00 · 2026-05-25 16:52:40 +00:00 · 2026-05-16 23:37:49 +00:00 · 2026-05-16 23:36:24 +00:00
6 changed files with 33 additions and 6 deletions
--- a/.env.sample
+++ b/.env.sample
@ -86,6 +86,15 @@ COMPOSE_FILE="compose.yml"
 #SECRET_PORKBUN_API_KEY_VERSION=v1
 #SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1

+## Cloudflare, htps://cloudflare.com
+## To insert your secrets:
+## abra app secret insert {myapp.example.coop} cf_email v1 "<CLOUDFLARE_EMAIL>"
+## abra app secret insert {myapp.example.coop} cf_api_key v1 "<CLOUDFLARE_API_KEY>"
+## cf_api_key is an account API key from Cloudflare that has DNS read + edit permission
+#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
+#SECRET_CLOUDFLARE_EMAIL_VERSION=v1 # generate=false
+#SECRET_CLOUDFLARE_API_KEY_VERSION=v1 # generate=false
+
 #####################################################################
 # Manual wildcard certificate insertion                             #
 #####################################################################
--- a/README.md
+++ b/README.md
@ -42,8 +42,8 @@ subdomains, like
 need to give Traefik access to your DNS provider so that it can carry out
 Letsencrypt DNS challenges.

-1. Use Gandi, OVH, DO, Azure, or PorkBun for DNS 🤡 (support for other providers
-   can be easily added, see
+1. Use Gandi, OVH, DO, Azure, PorkBun, or Cloudflare for DNS 🤡 (support for
+   other providers can be easily added, see
   [the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
 2. Run `abra app config YOURAPPDOMAIN`
 3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
--- a/abra.sh
+++ b/abra.sh
@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v30
+export TRAEFIK_YML_VERSION=v31
 export FILE_PROVIDER_YML_VERSION=v12
 export ENTRYPOINT_VERSION=v5
--- a/compose.cloudflare.yml
+++ b/compose.cloudflare.yml
@ -0,0 +1,18 @@
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - CLOUDFLARE_EMAIL_FILE=/run/secrets/cf_email
+      - CLOUDFLARE_API_KEY_FILE=/run/secrets/cf_api_key
+    secrets:
+      - cf_email
+      - cf_api_key
+  
+secrets:
+  cf_email:
+    name: ${STACK_NAME}_cf_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
+    external: true
+  cf_api_key:
+    name: ${STACK_NAME}_cf_api_key_${SECRET_CLOUDFLARE_API_KEY_VERSION}
+    external: true
--- a/compose.yml
+++ b/compose.yml
@ -55,12 +55,12 @@ services:
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.service=api@internal"
        - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=5.1.1+v3.6.15"
+        - "coop-cloud.${STACK_NAME}.version=5.1.2+v3.6.15"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"

  socket-proxy:
-    image: lscr.io/linuxserver/socket-proxy:3.2.17
+    image: lscr.io/linuxserver/socket-proxy:3.2.19
    deploy:
      endpoint_mode: dnsrr
    environment:
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@ -96,7 +96,7 @@ entrypoints:
  {{- end }}
  {{- if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
  matrix-federation:
-    address: ":9001"
+    address: ":8448"
  {{- end }}
  {{- if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }}
  nextcloud-talk-hpb:
Author	SHA1	Message	Date
notplants	88f1e61da2	chore: publish 5.1.2+v3.6.15 release Some checks failed continuous-integration/drone/pr Build is failing Details	2026-05-25 16:52:59 +00:00
notplants	53321a7700	fix: matrix-federation entrypoint on :8448 to match published port compose.matrix.yml publishes container port 8448, but the entrypoint was on :9001 — federation traffic hit no listener. :9001 also collided with the minio-console entrypoint.	2026-05-25 16:52:40 +00:00
Zigzagill	25cf7862ed	Add Cloudflare as DNS provider (#103 ) Some checks failed continuous-integration/drone/push Build is failing Details <!-- Thank you for doing recipe maintenance work! Please mark all checklist items which are relevant for your changes. Please remove the checklist items which are not relevant for your changes. Feel free to remove this comment. --> * [x] I have deployed and tested my changes LetsEncrypt challenges passed * [x] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash) No relevant versions to update * [x] I have made my environment variable changes [backwards compatible](https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes) Only new env vars were added * [ ] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes) Unsure if this is necessary but I'm happy to add notes if we want them 😄 Reviewed-on: #103 Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech> Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech> Co-authored-by: Zigzagill <zigzagill@proton.me> Co-committed-by: Zigzagill <zigzagill@proton.me>	2026-05-16 23:37:49 +00:00
Renovate Bot	7fc2cac6ff	chore(deps): update lscr.io/linuxserver/socket-proxy docker tag to v3.2.19 (#101 ) Some checks failed continuous-integration/drone/push Build is failing Details This PR contains the following updates: \| Package \| Update \| Change \| \|---\|---\|---\| \| [lscr.io/linuxserver/socket-proxy](https://github.com/linuxserver/docker-socket-proxy/packages) ([source](https://github.com/linuxserver/docker-socket-proxy)) \| patch \| `3.2.17` -> `3.2.19` \| > ❗ Important > > Release Notes retrieval for this PR were skipped because no github.com credentials were available. > If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes). --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> Reviewed-on: #101 Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech> Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech> Co-authored-by: Renovate Bot <renovate@coopcloud.tech> Co-committed-by: Renovate Bot <renovate@coopcloud.tech>	2026-05-16 23:36:24 +00:00