chore(deps): update squidfunk/mkdocs-material docker tag to v9.4.10

- capitalize first letter for each point
- finish all the points with a dot
- add one point to 'Pros' for Docker-compose
- move 'Cons' for Docker-compose into appropriate section

Dockerfile

@@ -1,4 +1,4 @@
-FROM squidfunk/mkdocs-material:8.2.16
+FROM squidfunk/mkdocs-material:9.4.10
 
 EXPOSE 8000
 
@@ -8,4 +8,6 @@ WORKDIR /docs
 
 RUN apk add --no-cache curl
 
-RUN pip install mkdocs-awesome-pages-plugin mkdocs-material-extensions
+RUN pip install \
+  mkdocs-awesome-pages-plugin==2.9.1 \
+  mkdocs-material-extensions==1.1.1

custom_theme/partials/header.html

@@ -1,19 +1,61 @@
 {#-
   This file was copied from the Material theme
-  You can find the file in .venv/lib/python3.10/site-packages/material/partials/header.html
+  You can find the file in https://raw.githubusercontent.com/squidfunk/mkdocs-material/master/src/partials/header.html
 -#}
+<!--
+  Copyright (c) 2016-2023 Martin Donath <martin.donath@squidfunk.com>
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to
+  deal in the Software without restriction, including without limitation the
+  rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+  sell copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+  IN THE SOFTWARE.
+-->
+
+<!-- Determine base classes -->
 {% set class = "md-header" %}
 {% if "navigation.tabs.sticky" in features %}
-  {% set class = class ~ " md-header--lifted" %}
+  {% set class = class ~ " md-header--shadow md-header--lifted" %}
+{% elif "navigation.tabs" not in features %}
+  {% set class = class ~ " md-header--shadow" %}
 {% endif %}
+
+<!-- Header -->
 <header class="{{ class }}" data-md-component="header">
-  <nav class="md-header__inner md-grid" aria-label="{{ lang.t('header.title') }}">
-    <a href="{{ config.extra.homepage | d(nav.homepage.url, true) | url }}" title="{{ config.site_name | e }}" class="md-header__button md-logo" aria-label="{{ config.site_name }}" data-md-component="logo">
+  <nav
+    class="md-header__inner md-grid"
+    aria-label="{{ lang.t('header') }}"
+  >
+
+    <!-- Link to home -->
+    <a
+      href="{{ config.extra.homepage | d(nav.homepage.url, true) | url }}"
+      title="{{ config.site_name | e }}"
+      class="md-header__button md-logo"
+      aria-label="{{ config.site_name }}"
+      data-md-component="logo"
+    >
       {% include "partials/logo.html" %}
     </a>
+
+    <!-- Button to open drawer -->
     <label class="md-header__button md-icon" for="__drawer">
       {% include ".icons/material/menu" ~ ".svg" %}
     </label>
+
+    <!-- Header title -->
     <div class="md-header__title" data-md-component="header-title">
       <div class="md-header__ellipsis">
         <div class="md-header__topic">
@@ -23,7 +65,7 @@
         </div>
         <div class="md-header__topic" data-md-component="header-topic">
           <span class="md-ellipsis">
-            {% if page and page.meta and page.meta.title %}
+            {% if page.meta and page.meta.title %}
               {{ page.meta.title }}
             {% else %}
               {{ page.title }}
@@ -32,53 +74,94 @@
         </div>
       </div>
     </div>
-    {% if not config.theme.palette is mapping %}
-      <form class="md-header__option" data-md-component="palette">
-        {% for option in config.theme.palette %}
-          {% set primary = option.primary | replace(" ", "-") | lower %}
-          {% set accent  = option.accent  | replace(" ", "-") | lower %}
-          <input class="md-option" data-md-color-media="{{ option.media }}" data-md-color-scheme="{{ option.scheme }}" data-md-color-primary="{{ primary }}" data-md-color-accent="{{ accent }}" {% if option.toggle %} aria-label="{{ option.toggle.name }}" {% else %} aria-hidden="true" {% endif %} type="radio" name="__palette" id="__palette_{{ loop.index }}">
-          {% if option.toggle %}
-            <label class="md-header__button md-icon" title="{{ option.toggle.name }}" for="__palette_{{ loop.index0 or loop.length }}" hidden>
-              {% include ".icons/" ~ option.toggle.icon ~ ".svg" %}
-            </label>
-          {% endif %}
-        {% endfor %}
-      </form>
+
+    <!-- Color palette -->
+    {% if config.theme.palette %}
+      {% if not config.theme.palette is mapping %}
+        <form class="md-header__option" data-md-component="palette">
+          {% for option in config.theme.palette %}
+            {% set scheme  = option.scheme  | d("default", true) %}
+            {% set primary = option.primary | d("indigo", true) %}
+            {% set accent  = option.accent  | d("indigo", true) %}
+            <input
+              class="md-option"
+              data-md-color-media="{{ option.media }}"
+              data-md-color-scheme="{{ scheme | replace(' ', '-') }}"
+              data-md-color-primary="{{ primary | replace(' ', '-') }}"
+              data-md-color-accent="{{ accent | replace(' ', '-') }}"
+              {% if option.toggle %}
+                aria-label="{{ option.toggle.name }}"
+              {% else  %}
+                aria-hidden="true"
+              {% endif %}
+              type="radio"
+              name="__palette"
+              id="__palette_{{ loop.index }}"
+            />
+            {% if option.toggle %}
+              <label
+                class="md-header__button md-icon"
+                title="{{ option.toggle.name }}"
+                for="__palette_{{ loop.index0 or loop.length }}"
+                hidden
+              >
+                {% include ".icons/" ~ option.toggle.icon ~ ".svg" %}
+              </label>
+            {% endif %}
+          {% endfor %}
+        </form>
+      {% endif %}
     {% endif %}
+
+    <!-- Site language selector -->
     {% if config.extra.alternate %}
       <div class="md-header__option">
         <div class="md-select">
           {% set icon = config.theme.icon.alternate or "material/translate" %}
-          <button class="md-header__button md-icon" aria-label="{{ lang.t('select.language.title') }}">
+          <button
+            class="md-header__button md-icon"
+            aria-label="{{ lang.t('select.language') }}"
+          >
             {% include ".icons/" ~ icon ~ ".svg" %}
           </button>
           <div class="md-select__inner">
             <ul class="md-select__list">
               {% for alt in config.extra.alternate %}
                 <li class="md-select__item">
-                  <a href="{{ alt.link | url }}" hreflang="{{ alt.lang }}" class="md-select__link">
+                  <a
+                    href="{{ alt.link | url }}"
+                    hreflang="{{ alt.lang }}"
+                    class="md-select__link"
+                  >
                     {{ alt.name }}
                   </a>
                 </li>
-                {% endfor %}
+              {% endfor %}
             </ul>
           </div>
         </div>
       </div>
     {% endif %}
+
+    <!-- Button to open search modal -->
+    {% if "material/search" in config.plugins %}
+      <label class="md-header__button md-icon" for="__search">
+        {% include ".icons/material/magnify.svg" %}
+      </label>
+
+      <!-- Search interface -->
+      {% include "partials/search.html" %}
+    {% endif %}
+
+    <!-- Repository information -->
     {% if config.repo_url %}
       <div class="md-header__source">
         {% include "partials/source.html" %}
       </div>
     {% endif %}
-    {% if "search" in config["plugins"] %}
-      <label class="md-header__button md-icon" for="__search">
-        {% include ".icons/material/magnify.svg" %}
-      </label>
-      {% include "partials/search.html" %}
-    {% endif %}
   </nav>
+
+  <!-- Navigation tabs (sticky) -->
   {% if "navigation.tabs.sticky" in features %}
     {% if "navigation.tabs" in features %}
       {% include "partials/tabs.html" %}

docs/abra/cheat-sheet.md

@@ -1,5 +1,5 @@
 ---
-tags: coop-cloud
+title: Cheat sheet
 ---
 
 # Abra cheat sheet
@@ -28,8 +28,7 @@ flags: `-f/--force`, `-C/--chaos`
 flags: `-f/--force`, `-V/--volumes`
 
 ### add/remove server
-- `abra server add $SERVER $USERNAME $SSH_PORT`
-flags: `-p/--provision`, `-l/--local`
+- `abra server add $SERVER`
 - `abra server remove $SERVER`
 flags: `-s/--server`
 
@@ -50,3 +49,31 @@ flags: `-p/--publish`, `-r/--dry-run`, `-x,y,z`
 - deploy the changed version to your test instance
 - determine how serious your change is (semver.org for reference)
 - `abra recipe release $RECIPE [$VERSION]`
+
+### Advanced Listing using `jq`
+
+Several `abra` commands can output JSON formatted tables, and can thus be queried and filtered with the tool [jq](https://stedolan.github.io/jq/ "jq JSON Query tool"). We can also format these outputs with [tv](https://github.com/uzimaru0000/tv "tv Table Viewer") into a pretty table. 
+
+
+Currently, `abra recipe ls`, `abra server ls`, and `abra app ls` support the `-m` machine readable output flag which outputs JSON.
+
+#### Filter recipes by "category"
+
+`abra recipe ls -m | jq '[.[] | select(.category == "Utilities") ]' | tv`
+
+As you can see we, we're selecting all recipes where category is "Utilities".
+
+#### Filter apps by state `deployed`
+
+!!! info 
+    `abra app ls -S` queries each server in your added server list, where as without the `-S` it only lists from your local copy of the sever files (thus providing no information about actual state of the apps)
+
+!!! info 
+    `abra app ls` lists apps grouped into a server object, with statistics about the server. In `jq` we can select the entire apps list with `.[].apps[]`.
+
+`abra app ls -m -S |jq '[.[].apps[] | select(.status == "deployed") | del(.upgrade)]' |tv`
+
+The `del(.upgrade)` filter filters out available versions for the recipe in question for that row. It could be useful to leave in if you want a list of deployed apps that need an upgrade.
+
+
+

docs/abra/hack.md

@@ -16,11 +16,172 @@ Install [Go >= 1.16](https://golang.org/doc/install) and then:
 - `make install` will install it to `$GOPATH/bin`
 - `go get <package>` and `go mod tidy` to add a new dependency
 
-Our [Drone CI configuration](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/.drone.yml) runs a number of sanity on each pushed commit. See the [Makefile](./Makefile) for more handy targets.
+Our [Drone CI configuration](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/.drone.yml) runs a number of checks on each pushed commit. See the [Makefile](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/Makefile) for more handy targets.
 
 Please use the [conventional commit format](https://www.conventionalcommits.org/en/v1.0.0/) for your commits so we can automate our change log.
 
-### Cross-compiling
+## Unit tests
+
+### Run tests
+
+Run the entire suite.
+
+```
+make test
+```
+
+### Filter tests
+
+Run a specific test.
+
+```
+go test ./pkg/recipe -v -run TestGetVersionLabelLocalDoesNotUseTimeoutLabel
+```
+
+## Integration tests
+
+### Install dependencies
+
+We use [`bats`](https://bats-core.readthedocs.io/en/stable/), you can install
+the required dependencies with the following. You also need a working
+installation of Docker and Go (not covered in this section).
+
+```
+apt install bats-file bats-assert bats-support jq make git
+```
+
+Unfortunately, the latest `bats` version in Debian stable does not have the
+"filter tests by tags" feature, which is very handy for running a subset of the
+tests. For this, we need to install `bats` from source. It's easy.
+
+```
+apt purge -y bats
+git clone https://github.com/bats-core/bats-core.git
+cd bats-core
+sudo ./install.sh /usr/local
+```
+
+### Run tests
+
+Then you can run the integration test suite with the following.
+
+```
+export ABRA_TEST_DOMAIN="test.example.com"
+export ABRA_DIR="$HOME/.abra_test"
+bats -Tp tests/integration # DO NOT run this just yet, read below...
+```
+
+`ABRA_TEST_DOMAIN` should also have a DNS A record for `*.test.example.com`
+which points to the same server so that the test suite can deploy apps freely.
+It's advised that you re-use the same server and therefore the same Traefik
+deployment for running your integration tests. The test suite does not deploy
+Traefik for you. Then you'll have more stable results.
+
+You probably don't want to run the entire test suite though, it takes a while.
+Try the following for starters.
+
+```
+bats -Tp tests/integration/autocomplete.bats
+```
+
+### Tagging tests
+
+When a test actually deploys something to a server, we tag it with the following:
+
+```
+# bats test_tags=slow
+@test "..." {
+  ...
+}
+```
+
+Then we can use [filters](#filter-tests) (see below) to pick out a subset of
+tests which do/do not use a live server. Feel free to come up with your own
+tags. See the `bats-core`
+[docs](https://bats-core.readthedocs.io/en/stable/writing-tests.html#tagging-tests)
+for more.
+
+### Filter tests
+
+You can run a specific file.
+
+```
+bats -Tp tests/integration/autocomplete.bats
+```
+
+For example, if you want to check that all `abra recipe ...` tests remain working.
+
+```
+bats -Tp tests/integration/recipe_*
+```
+
+You can filter on test names to run specific kinds of tests.
+
+```
+bats -Tp tests/integration --filter "validate app argument"
+```
+
+You can filter on tags.
+
+```
+bats -Tp tests/integration --filter-tags "\!slow" # only fast tests
+bats -Tp tests/integration --filter-tags "slow"   # only slow tests
+```
+
+You can also only run the previously failed tests.
+
+```
+bats -TP tests/integration --filter-status failed
+```
+
+### Debug tests
+
+If you're running into issues and want to debug stuff, you can pass `-x` to
+`bats` to trace all commands run in the test. You can add `echo '...' >&3`
+debug statements to your test to output stuff also.
+
+## Using the `abra` public API
+
+Warning, there is currently no stability promise for the `abra` public API! Most of the internals are exposed in order to allow a free hand for developers to try build stuff. If people start to build things then we can start the discussion on what is useful to have open/closed and keep stable etc. Please let us know if you depend on the APIs!
+
+The `pkg.go.dev` documentation is [here](https://pkg.go.dev/coopcloud.tech/abra). Here's a brief example to get you going:
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	abraClient "coopcloud.tech/abra/pkg/client"
+	dockerClient "github.com/docker/docker/client"
+)
+
+func getClient(serverName string) (*dockerClient.Client, error) {
+	cl, err := abraClient.New(serverName)
+	if err != nil {
+		return nil, fmt.Errorf("getClient: %s", err)
+	}
+	return cl, nil
+}
+
+func main() {
+	cl, err := getClient("foo.example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+    // do stuff with the client...
+    // https://pkg.go.dev/github.com/docker/docker/client
+}
+```
+
+Some tools that are making use of the API so far are:
+
+* [`kadabra`](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/cmd/kadabra/main.go)
+
+## Cross-compiling
 
 If there's no official release for the architecture you use, you can cross-compile `abra` very easily. Clone the source code from [here](https://git.coopcloud.tech/coop-cloud/abra) and then:
 
@@ -29,18 +190,31 @@ If there's no official release for the architecture you use, you can cross-compi
 - run `git checkout <tag>`, where `<tag>` is the latest version
 - run `GOOS=<os> GOARCH=<arch> [GOARM=<arm>] make build`. You only have to use `GOARM` if you're building for ARM, this specifies the ARM version (5,6,7 etc). See [this](https://go.dev/doc/install/source#environment) for a list of all supported OS'es and architectures.
 
+## Building in Docker
+
+If you are living under a curse of constant Go environment problems, it might be easier to build `abra` using Docker:
+
+```
+sudo setenforce 0  # SELinux probably won't allow Docker to access files
+docker run -it -v $PWD:/abra golang:1.19.6 bash
+cd /abra
+. .envrc
+git config --global --add safe.directory /abra  # work around funky file permissions
+make build
+```
 
 ## Release management
 
-We use [goreleaser](https://goreleaser.com) to help us automate releases. We use [semver](https://semver.org) for versioning all releases of the tool. While we are still in the public alpha release phase, we will maintain a `0.y.z-alpha` format. Change logs are generated from our commit logs. We are still working this out and aim to refine our release praxis as we go.
+We use [goreleaser](https://goreleaser.com) to help us automate releases. We use [semver](https://semver.org) for versioning all releases of the tool. While we are still in the public beta release phase, we will maintain a `0.y.z-beta` format. Change logs are generated from our commit logs. We are still working this out and aim to refine our release praxis as we go.
 
-For developers, while using this `-alpha` format, the `y` part is the "major" version part. So, if you make breaking changes, you increment that and _not_ the `x` part. So, if you're on `0.1.0-alpha`, then you'd go to `0.1.1-alpha` for a backwards compatible change and `0.2.0-alpha` for a backwards incompatible change.
+For developers, while using this `-beta` format, the `y` part is the "major" version part. So, if you make breaking changes, you increment that and _not_ the `x` part. So, if you're on `0.1.0-beta`, then you'd go to `0.1.1-beta` for a backwards compatible change and `0.2.0-beta` for a backwards incompatible change.
 
 ### Making a new release
 
-- Change `ABRA_VERSION` to match the new tag in [`scripts`](./scripts/installer/installer) (use [semver](https://semver.org))
-- Commit that change (e.g. `git commit -m 'chore: publish next tag x.y.z-alpha'`)
-- Make a new tag (e.g. `git tag -a x.y.z-alpha`)
+- Run the [integration test suite](#integration-tests) and the unit tests (`make test`) (takes a while!)
+- Change `ABRA_VERSION` in [`scripts/installer/installer`](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/scripts/installer/installer) to match the new tag (use [semver](https://semver.org))
+- Commit that change (e.g. `git commit -m 'chore: publish next tag x.y.z-beta'`)
+- Make a new tag (e.g. `git tag -a x.y.z-beta`)
 - Push the new tag (e.g. `git push && git push --tags`)
 - Wait until the build finishes on [build.coopcloud.tech](https://build.coopcloud.tech/coop-cloud/abra)
 - Deploy the new installer script (e.g. `cd ./scripts/installer && make`)
@@ -54,4 +228,8 @@ We maintain a fork of [godotenv](https://github.com/Autonomic-Cooperative/godote
 
 ### `docker/client`
 
-A number of modules in [pkg/upstream](./pkg/upstream) are copy/pasta'd from the upstream [docker/docker/client](https://pkg.go.dev/github.com/docker/docker/client). We had to do this because upstream are not exposing their API as public.
+A number of modules in [pkg/upstream](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/pkg/upstream) are copy/pasta'd from the upstream [docker/docker/client](https://pkg.go.dev/github.com/docker/docker/client). We had to do this because upstream are not exposing their API as public.
+
+### `github.com/schultz-is/passgen`
+
+Due to [`coop-cloud/organising#358`](https://git.coopcloud.tech/coop-cloud/organising/issues/358).

docs/abra/index.md

@@ -4,7 +4,11 @@ title: Abra
 
 <a href="https://github.com/egonelbre/gophers"><img align="right" width="250" src="https://github.com/egonelbre/gophers/raw/master/.thumb/sketch/adventure/poking-fire.png"/></a>
 
-`abra` is our flagship client & command-line tool which has been developed specifically in the context of the Co-op Cloud project for the purpose of making the day-to-day operations of operators and maintainers pleasant & convenient. It is libre software, written in Go and maintained and extended by the community :heart:
+[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/abra/status.svg?ref=refs/heads/main)](https://build.coopcloud.tech/coop-cloud/abra)
+[![Go Report Card](https://goreportcard.com/badge/git.coopcloud.tech/coop-cloud/abra)](https://goreportcard.com/report/git.coopcloud.tech/coop-cloud/abra)
+[![Go Reference](https://pkg.go.dev/badge/coopcloud.tech/abra.svg)](https://pkg.go.dev/coopcloud.tech/abra)
+
+`abra` is the flagship client & command-line for Co-op Cloud. It has been developed specifically for the purpose of making the day-to-day operations of operators and maintainers pleasant & convenient. It is libre software, written in Go and maintained and extended by the community :heart:
 
 Once you've got `abra` installed, you can start your own Co-op Cloud deployment. `abra` allows you to create, deploy and maintain libre software apps. It supports working with existing servers or can create new servers (supported providers: [Servers.coop](https://servers.coop/) & [Hetzner](https://hetzner.com)). It can also help you manage your DNS configuration (supported providers: [Gandi](https://gandi.net)).
 

docs/abra/install.md

@@ -2,6 +2,10 @@
 title: Install
 ---
 
+!!! warning
+
+    We've seen reports that `abra` under [WSL](https://learn.microsoft.com/en-us/windows/wsl/about) doesn't work due to an underlying bug in Docker context handling. See [`coop-cloud/organising#406`](https://git.coopcloud.tech/coop-cloud/organising/issues/406) and [`docker/for-win#13180`](https://github.com/docker/for-win/issues/13180) for more.
+
 ## Stable release
 
 ```
@@ -17,3 +21,17 @@ curl https://install.abra.coopcloud.tech | bash -s -- --rc
 ## Installer script source
 
 You can view that [here](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/scripts/installer/installer).
+
+## Using Docker
+
+```
+docker run \
+	-v $HOME/.abra:/.abra \
+	git.coopcloud.tech/coop-cloud/abra app ls
+```
+
+!!! note
+	If you're using symlinks, e.g. for [sharing
+	`~/.abra`](/operators/handbook/#sharing-abra), add more `-v` options for each
+	directory you're symlinking to, e.g. `-v
+	$HOME/Projects/CoopCloud/apps:/home/user/Projects/CoopCloud/apps`

docs/abra/trouble.md

@@ -4,55 +4,25 @@ title: Troubleshoot
 
 ## Where do I report `abra` bugs / feature requests?
 
-You can use [this issue tracker](https://git.coopcloud.tech/coop-cloud/abra/issues/new).
+You can use [this issue tracker](https://git.coopcloud.tech/coop-cloud/organising/issues/new/choose).
 
 ## SSH connection issues?
 
-`abra` tries its best to learn from your system configuration or command-line input what the correct SSH connection details are for a given server. This doesn't always work out. Here are some things to try to fix it.
+When you run `abra server add <host>`, `abra` will read from your `~/.ssh/config` and try to match a `Host <host>` entry. If you can `ssh <host>` then you should be able to `abra server add <host>`.
 
-First, ensure that you can `ssh <my-server>` and things work. If you can't SSH to your server then neither can `abra`. If you have a password protected SSH key, then you'll need to make sure your `ssh-agent` is running and you've added your SSH key part:
+For example, if you do `abra server add example.com`, you should have a matching entry that looks like this:
 
 ```
-eval $(ssh-agent -k)
-ssh-add ~/.ssh/<my-secret-key-part>
-ssh-add -L # validate loaded keys
+Host example.com
+  Hostname example.com
+  User exampleUser
+  Port 12345
+  IdentityFile ~/.ssh/example@somewhere
 ```
 
-The first thing `abra` will check for is the connection details listed in `abra server ls`. Check those details are correct. If you haven't managed to `abra server add` your server yet, then no details will appear in that list. You may need to take a look at [this entry](/abra/trouble/#abra-server-ls-shows-the-wrong-details) to clean up old values depending on your situation.
-
-`abra` will then try to read your `~/.ssh/config` entries and match the server domain against a `Host` entry. So, if you do `ssh myserver.com` and you have:
-
-```
-Host myserver.com
-  Hostname myserver.com
-  User myuser
-  Port 222
-  IdentityFile ~/.ssh/my@myserver.com
-```
-
-Then `abra` should have all it needs to build a working SSH connection. You can validate this by passing `-d/--debug` to your commands.
-
-However, sometimes, you use an alias in your SSH configuration, say:
-
-```
-Host mys
-...
-```
-
-So that you can simply type `ssh mys`. `abra` won't be able to match against those entries to discover connection details. You can use aliases to remedy this:
-
-```
-Host mys, myserver.com
-...
-```
-
-`abra` will try to read the relevant `IdentityFile` entry from your `~/.ssh/config` but if it can't make a match, it will rely on your key being added to the `ssh-agent`.
-
-Due to a limitation in our implementation, `abra` uses 2 methods of making SSH connections, the main `abra` -> `remote docker` connection using `/usr/bin/ssh` which can seamlessly pick up loaded SSH keys. However, for SSH host key checking, `abra` uses an SSH library & Golang SSH internals. We're working on resolving this to a single implementation but it is tricky work.
-
 ## "abra server ls" shows the wrong details?
 
-You can use `abra server rm` to remove the incorrect details. Make sure to take a backup of your `~/.abra/servers/<domain>` first. You can then try to re-create by using `abra server add ...` again, making sure to take care if you need to use `<user> <port>`, see `abra server add -h` for more help on this.
+You can use `abra server rm` to remove the incorrect details. Make sure to take a backup of your `~/.abra/servers/<domain>` first. You can then try to re-create by using `abra server add ...` again.
 
 However, if you have Docker installed on the same machine you have `abra`, then there might be some confusion. If you run `docker context ls` you'll see that Docker uses context connection strings also. `abra` simply uses this approach. Sometimes, your Docker defined context details & your `abra` context details can get out of sync. You can use `docker context rm` to resolve this.
 
@@ -62,7 +32,7 @@ If you need to create a new context from Docker, you can do:
 docker context create <domain> --docker "host=ssh://<user>@<domain>:<port>"
 ```
 
-(This is what we used to before we wrote `abra` to make it more convenient.)
+This is what we used to before we wrote `abra` to make it more convenient.
 
 ## Command-line flag handling is weird?
 
@@ -89,7 +59,7 @@ We're still waiting for upstream patch which resovles this.
 
 We're sorry, it's an issue with an upstream dependency. See [`#291`](https://git.coopcloud.tech/coop-cloud/organising/issues/291) for more.
 
-## I need some feature from the old depreciated bash abra?
+## I need some feature from the old deprecated bash abra?
 
 There is an archive of the [old code here](https://git.coopcloud.tech/coop-cloud/abra-bash).
 
@@ -100,6 +70,10 @@ git clone https://git.coopcloud.tech/coop-cloud/abra-bash ~/.abra/bash-src
 ln -s ~/.abra/bash-src/abra ~/.local/bin/babra
 ```
 
-## I am seeing very weird `lookup <domain> on <ip>: write udp <ip>: write: operation not permitted` errors
+## "Network not found" when deploying?
 
-You should turn off your VPN. `abra` has trouble dealing with it right now. We welcome change sets to make it work though!
+This appears to be an upstream issue for which we can't do much in `abra` to solve. See [`coop-cloud/organising#420`](https://git.coopcloud.tech/coop-cloud/organising/issues/420) for more info. The work-around is to leave more time in between undeploy/deploy operations so the runtime can catch up.
+
+## Caller path in debug stacktrace doesn't exist
+
+Debug stacktrace currently begins with `/drone/` due to CI. Remove the initial `/drone/` and the path is relative to the abra project root.

docs/abra/upgrade.md

@@ -18,6 +18,65 @@ abra upgrade --rc
 
 ## Migration guides
 
+> General release notes are [here](https://git.coopcloud.tech/coop-cloud/abra/releases/)
+
+### `0.7.x-beta` -> `0.8.x-beta`
+
+- We now have an `--offline` flag instead of relying on internal logic to try
+  to decide when offline/online works best. It's up to you! A lot of `abra`
+  operations require network access, so it is not really truly "offline". The
+  logic prefers local filesystem access when this flag is passed. E.g. if there
+  is a local copy of the catalogue, then don't `git pull`.
+
+- There is more `--chaos`! There is more consistent flag handling for manually
+  overriding when to update the local recipe or leave it alone when hacking on
+  changes.
+
+- Secrets are now only generated by reading the recipe config, not the env
+  vars. This should hopefully not affect you. If you're seeing weird behaviour,
+  please see [`#464`](https://git.coopcloud.tech/coop-cloud/organising/issues/464).
+
+- There is a new linting rule for catching invalid tags in recipe versions.
+  This is an seemingly unavoidable issue that requires some maintenance work.
+  If you run into the error, here's some
+  [docs](https://docs.coopcloud.tech/maintainers/handbook/#r014-invalid-lightweight-tag)
+  to help work through it.
+
+- `~/.abra/catalogue` is now *only* updated via `git pull`. You may need to
+  `cd ~/.abra/catalogue && git checkout .` to get `abra` to stop complaining about
+  unstaged changes.
+
+- `abra record ...` & `abra server new` have been removed! Following a usage poll, these
+  features were not being relied on. They were also alpha prototypes which we
+  feel can be reconsidered once other more critical parts of Abra are more
+  stable.
+
+### `0.6.x-beta` -> `0.7.x-beta`
+
+- **ALERTA, ALERTA**, security related issue: all `$domain.env` env vars are now exposed to the deployment via the `app` service container. Each `FOO=BAR` is exported within the context of the container. If you have any privately committed secrets in your `.env` files, please migrate them to the `secrets: ...` configuration in the recipe. This change was made to facilitate tooling which can support auto-upgrading of apps in a deployment.
+
+- `abra` can no longer install Docker, initialise swarm mode and the proxy network. It will check if a Docker install exists and is in swarm mode or not and error out accordingly. We leave the provisioning to tools that are designed for that and reduce the command-line surface that we have to maintain going forward.
+
+- `abra server add <host> <args>` 👉 `abra server add <host>`. We have finally removed the custom SSH handling code and now solely rely on invoking `/usr/bin/ssh` directly and reading from the `~/.ssh/config`. The `<host>` argument should correspond to a `Host <host>` entry in your `~/.ssh/config` or in an `Include <file>` statement (hosts are retrieved via `ssh -G <host>`). This means "how does `abra` interact with SSH is 1) do you have an `~/.ssh/config` entry for `<host>` 2) can you `ssh <host>` successfully? 3) there is no 3. It's an easier mental model and also the way `abra-bash` works, hence, less weird obscure errors. `<host>` being public a domain name is still required.
+
+- `abra` no longer tries to do the TOFU host key verification prompt. We follow the praxis of the Docker CLI and just give up when host keys are not validated. We leave it to folks to SSH in and verify themselves.
+
+- Digests have been removed from the catalogue generation. They are not being used elsewhere and were significantly slowing down generation.
+
+### `0.5.x-beta` -> `0.6.x-beta`
+
+- Using `{{ .Domain }}` in recipe `.envrc.sample` files went away because it
+  was portable enough. We revert to replacing e.g `gitea.example.com` with the
+  domain. See
+  [`8fad34e`](https://git.coopcloud.tech/coop-cloud/abra/commit/8fad34e) for
+  more.
+
+- If your `abra.sh` scripts depend on `/bin/sh` and `/bin/bash` is available in
+  the container then `/bin/bash` will be used from now on. `/bin/sh` is only
+  now used if `/bin/bash` is not available. See
+  [`7f745ff`](https://git.coopcloud.tech/coop-cloud/abra/commit/7f745ff) for
+  more.
+
 ### `v0.4.x` -> `v0.5.x`
 
 - The only breaking change was making `abra` understand that the JSON dump for the recipes listing lives on [recipes.coopcloud.tech/recipes.json](https://recipes.coopcloud.tech) instead of [recipes.coopcloud.tech](https://recipes.coopcloud.tech).

docs/democracy/decisions.md

@@ -1,5 +0,0 @@
----
-title: Decisions
----
-
-Placeholder for all the wonderful decisions we will make together.

docs/democracy/index.md

@@ -1,5 +0,0 @@
----
-title: Democracy
----
-
-Placeholder for all the wonderful things we will do together.

docs/federation/faq.md

@@ -0,0 +1,28 @@
+---
+title: FAQ
+---
+
+## What is the Co-op Cloud Federation?
+
+> We're still working things out, here's what know so far!
+
+* It's membership based
+* It's operates democratically
+* It's about mutualising resources and sharing
+* We want to do nice things together
+
+## How many votes makes quorom for a Large Decision?
+
+According to [Resolution 001](/federation/resolutions/passed/001), large decisions can pass when:
+
+> more than 50% of total number of federation members :+1: votes
+
+Please see [the membership docs](/federation/membership) to get the up-to-date membership listing and find the final count for quorom.
+
+## How do I join the federation?
+
+According to [Resolution 002](/federation/resolutions/passed/002):
+
+> To join the federation an existing member must create a large decision to approve of the new member (paid or solidarity).
+
+So, please [get in touch](/intro/contact) if you'd like to join!

docs/federation/finance.md

@@ -0,0 +1,75 @@
+---
+title: Finance
+---
+
+> If you have any questions or run into problems, please chat with us on
+> `#coopcloud-finance:autonomic.zone`
+
+## Agreeing to spend money (Budgets)
+
+
+
+## Sending and receiving money
+
+It's slightly complicated, because money is complicated, but here's how it works. There are two moving parts:
+
+* The Co-op Cloud Open Collective
+* The Autonomic Wise account
+
+Autonomic is [the fiscal host](https://docs.opencollective.com/help/fiscal-hosts/fiscal-hosts) for the Co-op Cloud Open Collective (OC).
+
+OC helps us make all expenses and transfers transparent to the Federation. No actual money is handled via the OC interface. All payments are done via the Autonomic [Wise](https://wise.com) account. The total sum of the available funds shows on the OC page is the actual amount that is held in the Autonomic Wise account.
+
+Autonomic Co-op members commit to support the federation by doing the financial adminstration work for the time being. Autonomic is publicy registered, has a bank account, files taxes etc. All financial comings/goings are kept on the books internally at Autonomic. This could be further mutualised or another collective could pick this up in the future.
+
+Autonomic does not eat the transfer costs from the Wise account when paying out expense for members. That is charged to the Federation common fund.
+
+### How to get paid via Open Collective
+
+* [Create an account on Open Collective](https://opencollective.com/create-account)
+* Go to the [Co-op Cloud Open Collective](https://opencollective.com/coop-cloud)
+* Click [SUBMIT EXPENSE](https://opencollective.com/coop-cloud/expenses/new)
+
+**Important** Please include bank details in your expense so that we can make a bank transfer. We do not currently support payments via Paypal and other platforms.
+
+If you urgently need the money, please let us know on the Co-op Cloud Finance channel.
+
+Finally, please let us know what your username/email is for your Open Collective account so we can add you to the team. This helps us build up the view of our community from the perspective of our Open Collective page.
+
+### How to pay someone via Wise
+
+> **Note**: only Autonomic Co-op members can do this
+
+* First off, be wary of two things: 1) the currency conversion 2) the transaction fees of Wise. For 1) we have the complicating factor that the OC represents the common fund in GBP but our internal Wise jar is EUR. Then you're getting deeper into trouble if someone wants to get paid in e.g. USD.
+
+* In order to cover the transaction fee, you need to fake do the transfer to see what you'll be charged and then add that to what you withdraw from the jar. This is because Autonomic does not eat the cost of the transfer from Wise, that is charged to the Federation.
+
+* First step is to withdraw cash from the Co-op Cloud jar. It will automatically be transferred to the general EUR jar because the Co-op Cloud jar is also in EUR.
+
+* To transfer to USD, you don't have to use USD, you can use GBP/EUR directly. It's easier to make the direct payment from the jar you transferred it to. This is purely because it is easier to follow it in the accounting bookkeeping later on.
+
+* When making the payment, do the following:
+    * Select international transfer, choose your requird `$currency`
+    * Put correct amount in "recipient gets exactly" to get Wise to figure out the correct amount
+    * Open the invoice in Open Collective and look for the expense number, e.g. "Expense #132373" and put this in the reference number of the payment
+    * Note how long the transfer will take (Wise should tell you)
+
+* Mark the expense as paid in Open Collective. Use the "manual" method.
+
+* Let the member know the payment is on the way and how long it will take (if you have time).
+
+#### FAQ
+
+##### Where are the bank details of federation members?
+
+Please see [`Finance.md` in the internal Federation Wiki](https://git.coopcloud.tech/Federation/organising/wiki/Finance)
+
+##### What transfer type do we use for USD?
+
+`ACH`. If you see `Abartn`, that is the `ACH routing number`.
+
+### Tiers on Open Collective
+
+* Infrastructure Sustainability: Folks who are making use of Co-op Cloud digital infrastructure (e.g. [git.coopcloud.tech](https://git.coopcloud.tech)) and want to help out with maintenance costs. All recurring donations are spent directly on running costs and system adminstration labour. Thanks for considering!
+
+* Federation Membership: Dues paid by members of the Co-op Cloud Federation. Please see "Resolution 002: Membership/Dues 2023-03-22" for more information. There may be further decisions made around dues, please refer to the Federation documentation on [docs.coopcloud.tech/federation](https://docs.coopcloud.tech/federation).

docs/federation/index.md

@@ -0,0 +1,14 @@
+---
+title: Federation
+---
+
+Welcome to the Co-op Cloud Federation documentation!
+
+This is the public facing page where we publish all things federation in the open.
+
+- [FAQ](/federation/faq): Take a look if you're curious about the Federation is about 🤓
+- [Resolutions](/federation/resolutions): All draft, in-progress and passed resolutions ✊
+- [Finance](/federation/finance): How we deal with money 💸
+- [Membership](/federation/membership): See who's already joined in 🥰
+- [Minutes](/federation/minutes): All minutes from our meetings 📒
+- [Digital tools](/federation/tools): Tools we use to organise online 🔌

docs/federation/membership.md

@@ -0,0 +1,17 @@
+---
+title: Membership
+---
+
+> Are you also interested in joining the federation? Please see [Resolution 002](/federation/resolutions/passed/002/) for our process on how to join. If you have any questions, [drop us a line](/intro/contact/) with us for a chat
+
+| Name | Dues paid up? | Notes | Contact |
+| -------- | -------- | -------- |-------- |
+| Agaric | - | - | `@wolcen:matrix.org` |
+| Flancia | - | - | `@vera:fairydust.space` |
+| Autonomic | - | - | `@3wc` `@cas` `@decentral1se` `@knoflook` `@travvy` |
+| Bonfire | - | - | `@mayel:matrix.org` + Ivan (`@cambriale:matrix.org`) |
+| Doop.coop | - | - | `@yusf:gottsnack.net` |
+| Local IT | - | - | Philipp (`@yksflip:matrix.kaputt.cloud`) + `@moritz:matrix.local-it.org` |
+| ruangrupa | - | - | Henry `@babystepper:matrix.org` |
+| UTAW | - | - | `@javielico:matrix.org` |
+| ??? | - | - | `@mirsal:1312.media` |

docs/federation/minutes/2022-03-03.md

@@ -0,0 +1,319 @@
+---
+title: 2022-03-03
+---
+
+## Co-op Cloud Federation Bootstrapping
+
+_Please add any suggested agenda items here. We'll add meeting notes to this page after the meeting has happened_
+
+## Metadata
+
+* Time / date: March 3 @ 1500-1630 UTC https://time.is/0300PM_3_Mar_2023_in_UTC
+* Location: https://meet.jit.si/coop-cloud-federation-bootstrap-meeting
+* Real-time note taking will happen at: https://pad.autonomic.zone/XVhRKvAaRHmaEIR14KBxLA# (and be migrated here after the meeting)
+
+## Agenda
+
+(All times UTC, as sharp as possible)
+
+| Start | End | Topic | Time |
+| -------- | -------- | -------- | -------- |
+| 1500 | - | Meeting opens | - |
+| 1500 | 1510 | introductions | 10m |
+| 1510 | 1520 | confirming the agenda | 10m |
+| 1520 | 1540 | decision-making process | 20m |
+| 1540 | 1450 | break | 10m |
+| 1450 | 1610 | small-group discussions | 20m |
+| 1610 | 1630 | report-back / next steps | 20m |
+
+Suggested topics for small-group discussions:
+
+1. What software tools do we want to use for our organising?
+2. How should the finances of the federation work?
+3. Where else can we promote Co-op Cloud?
+4. Development priorities
+
+## Meeting notes
+
+### Agenda
+
+(All times UTC, as sharp as possible)
+
+| Start | End | Topic | Time |
+| -------- | -------- | -------- | -------- |
+| 1500 | - | Meeting opens | - |
+| 1500 | 1510 | introductions | 10m |
+| 1510 | 1520 | confirming the agenda | 10m |
+| 1520 | 1540 | decision-making process | 20m |
+| 1540 | 1450 | break | 10m |
+| 1450 | 1610 | small-group discussions | 20m |
+| 1610 | 1630 | report-back / next steps | 20m |
+
+Suggested topics for small-group discussions:
+
+1. What software tools do we want to use for our organising?
+2. How should the finances of the federation work?
+3. Where else can we promote Co-op Cloud?
+4. Development priorities
+
+### Introductions
+
+- name
+- pronouns
+- co-op you're part of
+- favorite natural place
+
+Attending:
+
+* Trav (Autonomic) [facilitation]
+* dc1 (Autonomic)
+* Phillip (Local-IT)
+* kawaiipunk (Autonomic)
+* V (Flancia [coop] - https://anagora.org [software platform])
+* Cas (Autonomic) [main notes]
+* Josef (Doop-Coop)
+* Wolcen (Agaric)
+* Ivan (Bonfire)
+* Mayel (Bonfire)
+* Calix (Autonomic) [facilitation]
+* Jamie (FarmOS)
+* Mirsal
+
+### Confirming Agenda
+
+- V: Question about overall objective.
+- Calix: Any suggested answers?
+- dc1: To see who wants to come with on setting up the fed. Getting going making descisions together. Also how people see themselves participating on an ongoing basis.
+- Calix: Any other intentions?
+
+[Mirsal joins]
+
+Recap:
+- How to make Decisions
+
+- Wolcen: Is there an existing org or is this the start?
+- Trav: This is the kick off. We start here.
+- dc1: Points to proposal. Mostly from Autonomic's viewpoint, which we hope to build on.
+
+- V: Asking about transcription bots.
+- Calix: Suggests that we table for now for later discussion.
+
+### decision-making process
+
+proposal: https://git.coopcloud.tech/Federation/Federation/wiki/Proposals
+
+- Trav: We adapted an old proposal for descision making process.
+- https://pad.autonomic.zone/s/MLafJE2jC#Overview
+- https://coopcloud.tech/blog/federation-proposal/
+
+- Trav: We consider this an important step in group formation. Summary: Proposal is written up and posted on channel, voting occurs via emoji reactions and after a time period it is passed.
+- dc1: Context: Autonomic has been initiating the project heretofor and has made all descisions, but we want the community to have that power rather than Autonomic.
+
+- Calix: We are in bootstraps as far as descision making so we have hope we can do it ad hoc this time.
+
+- V: Question about using Loomio.
+
+- kawaiipunk: Loomio while it is good seems to have a lot of bloat to it and the complexity of the forum functionality. Proposes we try to the most minimal mechanics possible. Autonomic uses this process.
+Calix: We don't have SSO for Coopcloud that we all have access. Gitea is a good platform for bootstrapping since it has its own accounts and almost everyone already has accounts on it for functional reasons.
+Wolcen: keeping things in as few places as possible seems better.
+- dc1: +1 for minimal. We are at the start, and all things are vague so we perhaps just do the minimal possible and keep going with what we have
+
+- V: As a member of not autonomic lacking context. tnx to dc1 for clarifying.
+
+- Wolcen: Asks about technology for automating the gitea+wiki->matrix crossover.
+- dc1: No automation current we can always change that later
+
+- kawaiipunk: Would the voting proposal come into effect after this meeting. Propose that it should. - Explanation that we operate more on a consent basis than exactly a consensus and this proposal continues that.
+
+- Wolcen: Asks about how to determine the magnitude of a descision and when the proposal can be acted on based on votes.
+- dc1: General descions are made as more than one person. This informs how to do the calculation for the magnitude.
+- kawaiipunk: Medium descisions can pass without everyone interacting with them. Good descisions are transparent and reversable. Controversial things generally have more than one blocker.
+
+### break time
+
+### Roundup about breakouts
+
+### Checking on qualified yes answers on poll about descision making
+
+1 qualified yes. Giving space for the qualifications. No takers.
+
+- V: Suggests that Autonomic lead that choice.
+- kawaiipunk: Agrees. If we're following consensus, unless anyone blocks it passes.
+
+**We pass the descision making process.**
+
+### Breakouts
+
+* Calix: Suggestions for other breakout topics?
+
+* Wolcen: 1 & 4 seem closely tied and should be merged.
+
+* dc1: Membership should be a topic.
+
+* We vote on poll now.
+
+#### Breakout 1 + 3 (technology and technology)
+
+> (See notes below)
+
+We summarized where we're at, what technologies are being used for organizing, what are the dependencies for coop cloud, and what is being developed.
+
+A couple of little things that are interesting from the perspective of development priorities:
+
+- debug / entrypoint tools
+- catalog normalization
+
+#### Breakout 2 (finances)
+
+> (See notes below)
+
+Summary: Federation model has tried and failed several times. Priority should be getting some money in. Give what you can should be the main thing and we can see if we need to tweak that.
+
+#### Breakout 4 (membership)
+
+> (See notes below)
+
+Broke down what membership means. Three classes of membership and what their powers are.
+
+- Community member (individual level)
+- Recipe maintainer
+- Federation members - which is the main descion making member.
+
+Discussed the processes involved in creating members, as in notes.
+
+MVP is protection from capital interest. Existing members vote on new members? Minimal and lean.
+
+### We vote on next meeting time
+
+### Checkout process
+
+> How do you feel? What about future?
+
+* Calix: Feeling inspired. Topics would love to talk about: Working groups? What comms channels are needed?
+
+* V: Feeling amazing. In one month?
+
+* dc1: Feeling great, very productive. Looking forward to future.
+
+* Trav: Great! THink this works well. Good that we can actually make descisions. Excited and optimistic for future.
+
+* Mayel: Feel good about meeting.  Really good to see energies. Great awesome keep going.
+
+* Wolcen: Feels great. Good to see it making progress. Missed meeting pad - having official links for future meetings would be nice to have.
+
+* Cas: Great. Looking forward to nitty gritty stuff.
+
+* kawaiipunk: Tired, but good. Good discussions. Excited to have it open up to other people. Maybe we could hack on technical stuff. Interested in recipes and doing more formal organization.
+
+* Phillipp: Excited this was really great. Language barrier made it a little challenging. Next meeting has a lot of questions and things to do.
+
+### Poll
+
+* 1 month wins for next meeting.
+
+### Breakout room minutes
+
+#### Breakout room #1
+
+We have a rambling discussion about things related to software.
+
+List of technologies currently in use:
+
+- gitea [wiki, source repo, kanban?]
+- matrix [chat, community organization]
+
+Technologies under development/coop cloud
+
+- Abra
+- Recipes
+- Recipe catalog
+
+Technology dependencies
+
+- Docker + swarm
+
+Technology decision considerations
+
+- What about using other 'containers', 'virtual instances', etc?
+    - Part of the value proposition is that it operates on current standards.
+
+Development priorities
+
+- Standardizing recipe catalog acquisition
+- Debug/other hooks/entrypoints
+
+#### Breakout room #2
+
+Breakout Room #2: How should the finances of the federation work?
+
+* Present: Trav, Mayel, yksflip, d1, V
+* trav taking notes
+
+* d1: want to map what we're already doing. At first unpaid then back-paid. Grant money is gone. Now asking clients to contribute 50% of fee towards Co-op Cloud development. Have not dumped money into OC yet.
+
+* V: why tell clients? Transparency?
+
+* d1: yeah transparency, helps get paid out and helps groups understand what they're contributing to.
+
+* m: some part of revenue goes back to maintain commons. we know theres more than the config, we have admin, meetings, more services/tools/etc. besides membership dues, I would draft some suggestions/templates for how hosters can split revenue between infra/config/upstream project development...
+
+* yksflip: contribute time to co-op cloud atm. but happy to shuffle money directly to open collective. main funding is public funding, funders need to see who is working on what, transparency/overview stuff. they also have money to give to freelancers. could we have ways to say we give % of the project to the open collective of the fedi. still trying to make local-it sustainable. funding until july and then open question how to go on sustainably.
+
+* t: concern on finances is, having enough. paying for meetings is noble but we'll lose money fast. having a prioritisation of where money goes would be great. then as we have cash we put it where we want.
+
+* d1: contribute comensurate to number of members in co-op? what would be a practical model? do we attach it to membership (dues?).
+
+* v: dues and per-x contribution? are these two differen things?
+
+* d1: 2 approaches, end goal is the same, have members contribute to the project
+
+* V: we are amalgum, hard to quantify member #s
+
+* yksflip: best to start with something easy. Co-ops of this size/# of instance, guidelines. Try it and then discuss again in a few months. Compensating meetings is great but maybe some things are more urgent.
+
+* V: how does Autonomic do this currently?
+
+* d1: simpler for us as 1 org vs fed. All funds into 1 pot. Tricky to get right. Did call with Co-op Cycle, bike delivery. Start with financial contribution from the start. Money makes things happen.
+
+#### Breakout #3 did not happen
+
+#### Breakout #4: Membership
+
+* Jamie (facilitating)
+* Kawaiipunk
+* Calix (notes)
+
+What are we hoping to learn / decide?
+
+* kp: 3 levels of membership:
+  * community member
+  * maintainers of recipes
+  * federation members
+
+* question: boundaries around co-operativeness. open to organisations / individuals? what org. structures permitted for members. co-ops only? worker co-ops only? allied orgs? capitalist orgs? do we allow co-ops
+
+* calix: Q: what is the process for deciding any of above questions? new members, dues, etc.
+
+* j: is there a way for e.g. corporate members to be community members? any previous steps towards decision-making with co-op cloud?
+
+* Calix: Cooperative Technologists [...] when someone wants to joing it's a network-wide process, case-by-case, open to anyone to in the group; then w/ Autonomic, it's a 2-step process where someone joins provisionally, then as full member after a period of time.
+
+* j: B-Corp, somewhat controversial category at this point as to whether it means anything or not. Consideration to take network approach to avoid "legalistic" approach, strict "by the books".
+
+* kp: might also be a problem of assessing what counts as a cooperative for international members, different legal formations around the world.
+
+* c: Proposal: the 3 cats, fed-members should be cooperatively run, and aligned with values of the federation. Large decision among federation members to add a new one.
+
+* J: Like it. Open it as a question.
+
+* c: Could use our new decision making process? Ask for comments before it goes live.
+
+* kp: Seems quite fundamental. Best to keep simple and iterate.
+
+* calix: should there be a federation members only matrix channel to discuss federation decisions?
+
+* kp: guess there'd have to be under current plans. or does it set up too much of an "in group"? proposals could be posted publicly, voting could be in secret, results public? emoji voting in a private channel. transparency = positive.
+
+* jamie: public "who voted how"
+
+* kp: maybe literally just collecting of voting

docs/federation/minutes/index.md

@@ -0,0 +1,3 @@
+---
+title: Minutes
+---

docs/federation/resolutions/drafts/index.md

@@ -0,0 +1,3 @@
+---
+title: Drafts
+---

docs/federation/resolutions/in-progress/index.md

@@ -0,0 +1,3 @@
+---
+title: In progress
+---

docs/federation/resolutions/index.md

@@ -0,0 +1,18 @@
+---
+title: Resolutions
+---
+
+### Resolution Template
+
+```javascript
+## Resolution <number>: <title> - <date>
+
+- Deadline: Date
+- Size: large or medium
+
+### Summary
+Who this affects, and what it does
+
+### Details
+A narrative with details
+```

docs/federation/resolutions/passed/001.md

@@ -0,0 +1,59 @@
+---
+title: "Proposal 001: Decision Making Process - 2023-03-03"
+---
+
+- Deadline: 2023-03-03 (live voting)
+- Size: large
+
+### Summary
+
+Institute descision making process as per below. Special consensus voting in organization meeting rather than the below process.
+
+### Decision Making Process
+
+* Write up a proposal using the below template, and add to the [Proposals wiki page](https://git.coopcloud.tech/Federation/Federation/wiki/Proposals).
+* Specify if they are a large or medium proposal
+* Votes are done via emoji-reaction in the Community Organising Matrix channel (<https://matrix.to/#/#coopcloud-comm-org:autonomic.zone>)
+* List the decision on the [decisions page](https://docs.coopcloud.tech/federation/resolutions) on our documentation
+* Decisions can be split intro three categories: Small, Medium and Large.
+* Votes can be in favour :+1:, against :-1: (block),  or abstain :shrug:
+* Announce the result in the [Federation chat (#coop-cloud-fedi:autonomic.zone)](https://docs.coopcloud.tech/intro/contact/#matrix) and record it on the [decisions page](https://docs.coopcloud.tech/federation/resolutions) of the documentation
+
+### Types of Proposals
+
+#### Small - “Get on and do a thing”
+
+* Up to individual members to decide if they should just make the decision, or share it with the rest of the members to seek consensus.
+
+#### Medium - “consensus pending objections”
+
+* Potentially about shared tools, recipes, abra, etc.
+* Doesn’t have an effect on the direction or operation of Co-op Cloud as a whole.
+* If any member of Co-op Cloud thinks it’s a Large decision, achieve Maximum Consensus™ (see [below](https://pad.autonomic.zone/PtNbWo-7Tt-CKXvC6kxvZQ?view#Large---Maximum-Consensus-%E2%84%A2))
+* proposals must have a minimum deadline of 2 weeks from when they are proposed
+* Pass requirements:
+  * at least one :+1: vote
+  * no :-1: votes
+
+#### Large - “Maximum Consensus ™”
+
+* Important decisions affecting the operation, direction, working conditions and finances of Co-op Cloud.
+* proposals must have a minimum deadline of 2 weeks from when they are proposed
+* Pass requirements:
+  * more than 50% of total number of federation members :+1: votes
+  * no :-1: votes
+
+### Proposal Template
+
+```javascript
+## Resolution <number>: <title> - <date>
+
+- Deadline: Date
+- Size: large or medium
+
+### Summary
+Who this affects, and what it does
+
+### Details
+A narritive with details
+```

docs/federation/resolutions/passed/002.md

@@ -0,0 +1,25 @@
+---
+title: "Resolution 002: Membership/Dues - 2023-03-22"
+---
+
+* Deadline: 2023-04-11
+* Passed on 2023-04-13
+* Size: Large
+
+### Summary
+
+1. Set membership dues for the Co-op Cloud Federation at EUR 10/month, to be reviewed in 6 months’ time, in October 2023.
+2. Approval of new members requires a Large decision
+3. Groups who had a member attend the first federation meeting are all founding members (are already in the federation, do not require a decision to be added)
+
+### Details
+
+Obviously this plan is not long-term financially sustainable. The idea is to use Autonomic’s remaining funds for the federation to collectivise the process of working this out over the next few months.
+
+#### Dues
+
+Members are required to make a minimum monthly EUR 10 (or EUR 60/year) donation through Open Collective. Members who are able are encouraged to donate more. Individuals/groups wanting to join Co-op Cloud who aren’t able to make a financial contribution may request a solidarity free membership.
+
+#### Membership
+
+To join the federation an existing member must create a large decision to approve of the new member (paid or solidarity). All collectives who attended the first federation meeting are already granted membership and are asked to setup recurring donations as soon as possible.

docs/federation/resolutions/passed/003.md

@@ -0,0 +1,17 @@
+---
+title: "Resolution 003: Paid work - 2023-03-22"
+---
+
+* Deadline: 2023-04-11
+* Passed on 2023-04-13
+* Size: Large
+
+### Summary
+
+1. Set the wage for Co-op Cloud Federation work at €20/h. Review these numbers in 6 months’ time, in October 2023.
+
+### Details
+
+Work is paid at EUR 20/hour. This may be increased via future decisions if so desired by the collective.
+
+Members must do their own taxes for wages earned. To get paid, worker members must invoice via the Co-op Cloud Open Collective. Invoices need to include times and descriptions.

docs/federation/resolutions/passed/004.md

@@ -0,0 +1,38 @@
+---
+title: "Resolution 004: Budget 001: Budgeting - 2023-03-22"
+---
+
+* Deadline: 2023-04-11
+* Passed on 2023-04-13
+* Size: Large
+
+### Summary
+
+1. All paid work must be within a Budget
+2. The first Budget as 8 hours / month, for member groups’ participation in organising meetings
+
+### Details
+
+All paid work must be within a Budget, agreed using a Large Decision. Budgets are ideally clumped as much as possible to reduce decision fatigue. Budgets include “who will do the work”. The agreed person can give the task to another Federation member.
+
+Participation in organising meetings is paid for up to one person per member organisation. Additional people are welcome to attend; we encourage member organisations to pay for their additional attendees’ time themselves, if possible.
+
+#### Budget: Monthly meetings
+
+> **Budget amount:** EUR 960
+>
+> **Who will implement this:** Up to 1 person from each member organisation
+>
+> **When will the money be spent:** Over the next 6 months, until the meeting in October 2023.
+>
+> **What is the money for:** Paying attendees of monthly organising meetings
+
+#### Budget template:
+
+```
+**Budget name:** Buying ponies
+**Budget amount:** EUR 100,000
+**Who will implement this:** Ade from Ponies.coop
+**When will the work happen:** Tomorrow
+**What is the money for:: Buying one pony for each member organisation
+```

docs/federation/resolutions/passed/005.md

@@ -0,0 +1,19 @@
+---
+title: "Resolution 005: Public federation membership, notes and decisions - 2023-04-14"
+---
+
+* Deadline: 2023-04-17
+* Passed: 2023-04-18
+* Size: medium
+
+### Summary
+
+The following federation info will be made public on [`docs.coopcloud.tech/federation`](https://docs.coopcloud.tech/federation/):
+
+- Federation membership
+- Meeting minutes
+- Decisions which have passed
+
+### Details
+
+This will make the process of documenting easier to mutualise and increase transparency for those interested in joining. The [`git.coopcloud.tech/Federation`](https://git.coopcloud.tech/Federation/Federation/wiki/) wiki can still be used for storing private details such as bank account information. If members do not want to be listed, they can do so even when this decision passes.

docs/federation/resolutions/passed/006.md

@@ -0,0 +1,25 @@
+---
+title: "Resolution 006: Budget 002: Resolution Writing-up - 2023-05-29"
+---
+
+# Resolution 006: Budget 002: Resolution Writing-up - 2023-05-29
+
+- Deadline: 2022-06-12
+- Size: Large
+
+### Summary
+
+Agree Budget 002, for €100 for @decentral1se to write up 2 resolutions.
+
+### Details (Budget YYY)
+
+**Budget amount**: EUR 100
+
+**Who will implement this**: @decentral1se
+
+**When will the money be spent**: By 2023-07-03
+
+**What is the money for**: Writing up two Resolutions:
+
+1. A buffer for federation common fund.
+2. To set up a standing critical fixes budget each month until the buffer in (1) is hit

docs/federation/resolutions/passed/007.md

@@ -0,0 +1,17 @@
+---
+title: "Resolution 007: 1 year dues waiver for Doop.coop - 2023-06-19"
+---
+
+- Deadline: 2023-07-03
+- Size: Medium
+
+### Summary
+
+Waive membership dues for Doop.coop for the first year of their membership, from July 2023 to June 2024.
+
+### Details
+
+Yusf said:
+
+> Hai! As our coop is a side gig, we've had a very low turnaround in the coop last fiscal. As such we've hadn't had the time to raise our revenue yet in this cycle so my question for the federation is:
+> Is it possible for us (already joined), Doop Coop, to apply for this solidarity free membership the first year after which we'll be able to put in the fee?

docs/federation/resolutions/passed/008.md

@@ -0,0 +1,24 @@
+---
+title: "Resolution 008: Budget 003: Paying invoices - 2023-06-19"
+---
+
+- Deadline: 2022-07-03
+- Size: Large
+
+### Summary
+
+Agree Budget 003, for up to €20/month for an Autonomic member to pay invoices submitted for Co-op Cloud Federation work.
+
+### Details (Budget 003)
+
+**Budget amount**: EUR €20/month
+
+**Who will implement this**: Autonomic
+
+**When will the money be spent**: Monthly
+
+**What is the money for**: Paying for the work involved in paying invoices submitted via OpenCollective.
+
+## A note about decentralisation
+
+Unfortunately, there doesn't seem to be a good way to open this task to other Co-op Cloud Federation members, until we get a dedicated bank account for the Federation, but if anyone has ideas about this, please let us know!

docs/federation/resolutions/passed/009.md

@@ -0,0 +1,22 @@
+---
+title: "Resolution 009: Federation common fund buffer - 2023-07-03"
+---
+
+## Resolution 009: Federation common fund buffer - 2023-07-03
+
+- Deadline: 2023-07-17
+- Size: Large
+
+### Summary
+
+The Co-op Cloud Federation has [a common fund](https://opencollective.com/coop-cloud#category-BUDGET) which can be used by federation members by proposing [budgets](https://docs.coopcloud.tech/federation/resolutions/passed/004/).
+
+With Resolution 009, we want to introduce the idea of a common fund buffer.
+
+This buffer is proposed to be set at 1,500 EUR. When the buffer is reached, no more budgets can be proposed. When the fund increases once more, budgets can resume.
+
+The buffer is in place to reserve funds for critical collective spending when we have limited income.
+
+### Details
+
+1,500 EUR is fairly arbitrarily chosen but seems to be a reasonable amount of money to cover situations where, e.g. we need to pay for servers, domains, mail accounts or other common critical infrastructure.

docs/federation/resolutions/passed/010.md

@@ -0,0 +1,32 @@
+---
+title: "Resolution 010: Budget 004: Critical fixes - 2023-07-03"
+---
+
+## Resolution 010: Budget 004: Critical fixes - 2023-07-03
+
+- Deadline: 2023-07-17
+- Size: Large
+
+### Summary
+
+We propose to have a standing budget of 10 hrs / month available for fixes in Abra, Co-op Cloud recipes and other critical tools (e.g. recipes.coopcloud.tech) in the Co-op Cloud ecosystem.
+
+A fix is deemed critial when it is listed on this coop-cloud/organising board:
+
+> https://git.coopcloud.tech/coop-cloud/organising/projects/24
+
+This board is collectively gardened by Co-op Cloud participants (both federation members and not). The process for adding a ticket to the board requires getting confirmation from at least one other member of the federation.
+
+This budget can be claimed by any volunteer who would like to develop the fix. If the volunteer is not a Co-op Cloud federation member, they must first be "vouched for" by a federation member. This is an informal process which can be arranged via the Matrix chat. This aims to assure agreement on timing and what the fix should contain beforehand.
+
+Fixes can be claimed by assiging yourself to the ticket. If within 1 week there is no updates on the ticket, another volunteer can propose to take over. This process is also informal: please @ the original volunteer and give some reasonable time for them to reply (suggested: 1 day).
+
+If the fix is urgent and things need to move faster, please state so on the ticket. Please consult with at least one other member of the federation to confirm that there is indeed agreement on the urgency of the fix.
+
+### Details (Budget 004)
+
+This budget stands open and available for use until the common fund buffer is reached. Please see [Resolution 009](https://docs.coopcloud.tech/federation/resolutions/passed/009/) for further details on the buffer.
+
+Please see [Resolution 003](https://docs.coopcloud.tech/federation/resolutions/passed/003/) for details on the hourly rate for this work.
+
+Invoices can be submitted via the Co-op Cloud Open Collective. Please see [these docs](https://docs.coopcloud.tech/federation/finance/#how-to-get-paid-via-open-collective) for how to do that.

docs/federation/resolutions/passed/011.md

@@ -0,0 +1,22 @@
+---
+title: "Resolution 011: Budget 005: Backup improvements - 2023-07-23"
+---
+
+- Deadline: 2022-08-06
+- Size: Large
+
+### Summary
+
+Agree Budget 005, for up to 10 hours (€200) to implement changes to the Co-op Cloud backup system, including `abra`, and `backup-bot-two`.
+
+More information, including background to the changes, and breakdown of the work, can be found here: https://pad.local-it.org/4chDYXkBQZywXKj0zs_Ymg#
+
+### Details (Budget 005)
+
+**Budget amount**: Up to EUR €200
+
+**Who will implement this**: Calix/3wc, decentral1se, Philipp and Moritz
+
+**When will the money be spent**: Before the end of August 2023.
+
+**What is the money for**: Improvements to Co-op Cloud backup tools

docs/federation/resolutions/passed/012.md

@@ -0,0 +1,31 @@
+---
+title: "Resolution 012: Budget 006: Abra integration test suite - 2023-09-09"
+---
+
+- Deadline: 2023-09-23
+- Size: Large
+
+### Summary
+
+Recent attempts to continue developing features and fixes have lead to several regressions in Abra. It's more difficult to make progress and it's unclear if changes will create more bugs. Abra has always had bugs and we've relied on user testing to smoke those out.
+
+However, we're reaching a scale where it's very difficult to test all changes with just user testing. Also, there is only so far you can go with user testing before bug fatigue and frustration is the norm.
+
+It's time to build a robust Abra integration test suite which can help us stop regressions from happening and rely less on user testing. This will help us move forward with larger changes in Abra which we can then test and have confidence that the base functionality is not broken.
+
+### Details (Budget 006)
+
+References so far:
+- [3wc & myself (d1) have had a planning meeting](https://pad.autonomic.zone/kdLrPXMSSb2TZezCBhdYtw?edit)
+- [The first PR and proof of concept has landed in Abra](https://git.coopcloud.tech/coop-cloud/abra/pulls/347)
+- [Initial documentation has been written](https://docs.coopcloud.tech/abra/hack/#integration-tests)
+
+With some further experimentation, I'm relatively confident that this approach will allow us to implement an integration test suite which covers the majority of the Abra functionality. It's *a lot* of work. I'm estimating this to come in at 30 hours of work.
+
+**Budget amount**: 600 EUR (30 hrs * 20 EUR/hr)
+
+**Who will implement this**: decentral1se
+
+**When will the money be spent**: Before the end of October 2023.
+
+**What is the money for**: Implementing an Abra integration test suite.

docs/federation/tools.md

@@ -0,0 +1,11 @@
+---
+title: Digital tools
+---
+
+- [Public documentation](https://docs.coopcloud.tech/federation)
+- [Organising repository (private)](https://git.coopcloud.tech/Federation/organising)
+- [Wiki (private)](https://git.coopcloud.tech/Federation/organising/wiki)
+- [Git hosting](https://git.coopcloud.tech/)
+- [Matrix Space](https://matrix.to/#/#coop-cloud-space:autonomic.zone)
+- [Website](https://coopcloud.tech/)
+- [Drone CI/CD](https://build.coopcloud.tech)

docs/get-involved/index.md

@@ -12,15 +12,11 @@ We are happy to have designers, critical thinkers, artists, hackers, documenters
 
 There are a number of "roles" such as "operator", "maintainer", "organiser" which we've tried to come up with to make it more clear how you can relate to the project and how you can find ways to be involved which suit your interests. If you don't fit one of these roles, that is fine.
 
-We have [a weekly check-in](/get-involved/#kite-flying-hours) for contributors of this project to let each other know what we're working on, how much time we've spent on it and how to coordinate further work.
+We have [an irregular online check-in](/organisers/handbook/#kite-flying-hours) for contributors of this project to let each other know what we're working on, how much time we've spent on it and how to coordinate further work.
 
 We have a [status page](/intro/bikemap) showing what we are aiming to achieve in the near future. That gives a good overview of where we're going together.
 
-From this status page, we use an [issue tracker](https://git.coopcloud.tech/coop-cloud/organising/issues) where we hold discussions about what we want to do. We categorise these issues according to the bike map using these [milestones](https://git.coopcloud.tech/coop-cloud/organising/milestones). Finally, use this [board](https://git.coopcloud.tech/coop-cloud/organising/projects/8) to keep track of what we're working on right now. We collectively review these things on a weekly/monthly basis to keep track of our time spent vs. budget available.
-
-Once you've found something to work on and are introduced, we'll give you an account on our [time tracking infrastructure](https://kimai.autonomic.zone) where you can log your times. This helps us reduce the burden of financial and time keeping admin falling on one person.
-
-We have received funding via [the ECF](https://culturalfoundation.eu/initiatives/culture-of-solidarity-fund) and can offer £16 hourly rate for your work. We've written more on why we think it is important to compensate all contributions for this project below.
+We use [issue trackers](https://git.coopcloud.tech/coop-cloud/organising/issues) and [project boards](https://git.coopcloud.tech/coop-cloud/organising/projects) to keep track of what we're working on right now. We collectively review these, to keep track of our time spent vs. budget available.
 
 ## Compensation
 

docs/glossary/index.md

@@ -12,11 +12,11 @@ An app is a libre software that you use, e.g. Wordpress, Gitea, Jitsi, Nextcloud
 
 ## Container
 
-A [Docker](/glossary#docker) term: a running instance of an [image](/glossary#image), running processes that are isolated from the host system.
+A [Docker](#docker) term: a running instance of an [image](#image), running processes that are isolated from the host system.
 
 ## Deployment
 
-When you run `abra app deploy <domain>`, `abra` reads a [recipe](/glossary#recipe) configuration and creates an [app](/glossary#app).
+When you run `abra app deploy <domain>`, `abra` reads a [recipe](#recipe) configuration and creates an [app](#app).
 
 ## Docker
 
@@ -24,36 +24,36 @@ When you run `abra app deploy <domain>`, `abra` reads a [recipe](/glossary#recip
 
 ## Environment variables
 
-Variables passed from the shell to processes invoked by it. They are used for configuring [services](/glossary#service).
+Variables passed from the shell to processes invoked by it. They are used for configuring [services](#service).
 
 ## Environment file
 
-A file contained in a [recipe](/glossary#recipe) describing the contents of [environmental variables](/glossary#environment-variables).
+A file contained in a [recipe](#recipe) describing the contents of [environment variables](#environment-variables).
 
 ## Image
 
-A [Docker](/glossary#docker) term: a template for creating [containers](/glossary#container), describing their file structure and installed binaries.
+A [Docker](#docker) term: a template for creating [containers](#container), describing their file structure and installed binaries.
 
 ## Proxy network
 
-A [Docker](glossary#docker) related concept: a virtual network created on the server machine used for communicating between [services](/glossary#service). Any [service](/glossary#service) can be plugged into more than one [network](/glossary#network), allowing for control over data sharing between them.
+A [Docker](#docker) related concept: a virtual network created on the server machine used for communicating between [services](#service). Any [service](#service) can be plugged into more than one [network](#network), allowing for control over data sharing between them.
 
 ## Recipe
 
-A recipe is what we call the configuration files that are used to deploy an [app](/glossary#app). When you run `abra app deploy <domain>`, `abra` is reading a recipe configuration, such as [the gitea recipe](https://git.coopcloud.tech/coop-cloud/gitea), in order to know how to deploy a new Gitea instance. When we speak of a "digital configuraiton commons", we're primarily referring to the [growing collection of recipes](https://git.coopcloud.tech/coop-cloud).
+A recipe is what we call the configuration files that are used to deploy an [app](#app). When you run `abra app deploy <domain>`, `abra` is reading a recipe configuration, such as [the gitea recipe](https://git.coopcloud.tech/coop-cloud/gitea), in order to know how to deploy a new Gitea instance. When we speak of a "digital configuration commons", we're primarily referring to the [growing collection of recipes](https://recipes.coopcloud.tech).
 
 ## Secret
 
-A [Docker](/glossary#docker) related concept: A way to store passwords encrypted on disk and mounted inside the [containers](/glossary#container) as files that can be read that contain the secret. See the [Docker secrets documentation for more](https://docs.docker.com/engine/swarm/secrets/). `abra` makes use of this approach to store secrets for deployed [apps](/glossary#app).
+A [Docker](#docker) related concept: A way to store passwords encrypted on disk and mounted inside the [containers](#container) as files that can be read that contain the secret. See the [Docker secrets documentation for more](https://docs.docker.com/engine/swarm/secrets/). `abra` makes use of this approach to store secrets for deployed [apps](#app).
 
 ## Service
 
-A [Docker](glossary#docker) term: a single [container](/glossary#container) that is a part of a [stack](glossary#stack).
+A [Docker](#docker) term: a single [container](#container) that is a part of a [stack](#stack).
 
 ## Stack
 
-A [Docker](glossary#docker) term: one or more [services](/glossary#service) running together to provide a functionality.
+A [Docker](#docker) term: one or more [services](#service) running together to provide a functionality.
 
 ## Volume
 
-A [Docker](/glossary#docker) term: a directory that can be mounted inside a [container](/glossary#container) to store data. Because [containers](/glossary#container) are meant to be non-changeable and disposable, any data that is supposed to not be lost between updates or restarts is stored in volumes.
+A [Docker](#docker) term: a directory that can be mounted inside a [container](#container) to store data. Because [containers](#container) are meant to be non-changeable and disposable, any data that is supposed to not be lost between updates or restarts is stored in volumes.

docs/index.md

@@ -16,9 +16,9 @@ We'd be happy to hear feedback about our documentation, if it was helpful, what
 
 !!! danger "Here be dragons"
 
-    This project is still [alpha quality software](https://en.wikipedia.org/wiki/Software_release_life_cycle#Alpha) :bomb: Please take that into consideration if you are thinking about using this system in production. We're working hard to make Co-op Cloud stable. In the meantime, this is a good time to help us out with initial testing, feedback, ideas or [join in with development](/get-involved/).
+    This project is still [beta quality software](https://en.wikipedia.org/wiki/Software_release_life_cycle#Beta) :bomb: Please take that into consideration if you are thinking about using this system in production. We're working hard to make Co-op Cloud stable. In the meantime, this is a good time to help us out with initial testing, feedback, ideas or [join in with development](/get-involved/).
 
-- [Operators guide](/operators/): You run a Co-op Cloud deployment or want to do so :computer:
+- [Operators guide](/operators/): You run a Co-op Cloud based deployment or want to do so :computer:
 
 - [Maintainers guide](/maintainers/): You maintain recipes and ensure things run smoothly for operators :tools:
 

docs/intro/bikemap.md

@@ -2,8 +2,8 @@
 title: Bike map
 ---
 
-- The project is currently in an [alpha quality](https://en.wikipedia.org/wiki/Software_release_life_cycle#Alpha) release state.
+- The project is currently in a [beta quality](https://en.wikipedia.org/wiki/Software_release_life_cycle#Beta) release state.
 
-- We are working towards a [beta release](https://en.wikipedia.org/wiki/Software_release_life_cycle#Beta). Our public Beta goals are listed in the following pad: [Beta Bike Map](https://pad.autonomic.zone/s/C3uuqfSCk).
+- We are working towards a stable `1.0.0` release.
 
-- What we're currently working on is listed on this issue tracker: [`coop-cloud/organising`](https://git.autonomic.zone/coop-cloud/organising/issues).
+- What we're currently working on is listed on this issue tracker: [`coop-cloud/organising`](https://git.coopcloud.tech/coop-cloud/organising/issues).

docs/intro/contact.md

@@ -12,14 +12,6 @@ title: Get in touch
 
 Here is a link to the [Matrix space](https://matrix.to/#/!xSMwGbdVehScXcIFwS:autonomic.zone?via=autonomic.zone&via=matrix.org&via=1312.media) to see all channels.
 
-- [`#coopcloud:autonomic.zone`](https://matrix.to/#/!JSVYWCRXSVMrAzgeKB:autonomic.zone?via=autonomic.zone) General chat and announcements (low traffic)
-- [`#coopcloud-tech:autonomic.zone`](https://matrix.to/#/!DfXPgKLoYCvjHithgS:autonomic.zone?via=autonomic.zone) Technical discussions (some techno babble)
-- [`#coopcloud-dev:autonomic.zone`](https://matrix.to/#/!IFazIpLtxiScqbHqoa:autonomic.zone?via=autonomic.zone) Intense developer chat (a lot of techno babble)
-
-### XMPP
-
-> Coming Soon :tm:
-
 ## Forum
 
 [`community.coops.tech`](https://community.coops.tech/)

docs/intro/credits.md

@@ -6,8 +6,8 @@ title: Credits & thanks
 
 Special thanks to:
 
-- [Doop Coop](mailto:cluck@doop.coop), for making a transparent version of the Co-op Cloud logo, and helping with OSX alpha testing.
+- [Doop Coop](mailto:cluck@doop.coop), for making a transparent version of the Co-op Cloud logo, Matrix room avatars and helping with OSX alpha testing.
 - [Social.coop](https://social.coop), for warmly welcoming us onto [`social.coop/@coopcloud`](https://social.coop/@coopcloud).
 - [Servers.coop](https://servers.coop), for hosting our digital infrastructure (website, builds, git hosting, etc.).
-- Every single last one of you heroic & patient alpha/beta testers, you are all comrades of the highest order of kropotkin :heart:
+- Every single last one of you heroic & patient beta testers, you are all comrades of the highest order of kropotkin :heart:
 - [`egonelbre/gophers`](https://github.com/egonelbre/gophers) for the rad gopher logos

docs/intro/faq.md

@@ -14,27 +14,27 @@ The project was started by workers at [Autonomic](https://autonomic.zone/) which
 
 #### Pros
 
-- 👍 Thin "ease of use" layer on top of already standardised tooling
-- 👍 Extremely modular
-- 👍 Collective commons based configuration via public git repos
-- 👍 Focussed on hosting providers
-- 👍 Uses upstream published containers (no duplication on packaging)
-- 👍 Now and always libre software
-- 👍 Command line focussed
-- 👍 Horizontal and vertical scaling
+- 👍 Thin "ease of use" layer on top of already standardised tooling.
+- 👍 Extremely modular.
+- 👍 Collective commons based configuration via public git repos.
+- 👍 Focussed on hosting providers.
+- 👍 Uses upstream published containers (no duplication on packaging).
+- 👍 Now and always libre software.
+- 👍 Command line focussed.
+- 👍 Horizontal and vertical scaling.
 
 #### Cons
 
-- 👎 Still a very young project
-- 👎 Limited availability of well tested apps
-- 👎 Requires command line knowledge to use
-- 👎 Currently x86 only (see [this FAQ question](#why-only-x86-support) for more)
+- 👎 Still a very young project.
+- 👎 Limited availability of well tested apps.
+- 👎 Requires command line knowledge to use.
+- 👎 Currently x86 only (see [this FAQ question](#why-only-x86-support) for more).
 
 ## Why start another project?
 
 Please read our [initial project announcement post](https://autonomic.zone/blog/co-op-cloud/) for more on this.
 
-Also see our [strategy page](/strategy/).
+Also see our [strategy page](../strategy/).
 
 ## How do I make a recipe for (package) an app?
 
@@ -53,16 +53,16 @@ Here is a short overview of the pros/cons we see, in relation to our goals and n
 - 👍 Decent web interface for app, domain & user management.
 - 👍 Large library of apps.
 - 👍 Built-in SSO using LDAP, which is compatible with more apps and often has a better user interface than OAuth.
-- 👍 apps are actively maintained by the Cloudron team.
+- 👍 Apps are actively maintained by the Cloudron team.
 
 #### Cons
 
 - 👎 Moving away from open source. The core is now proprietary software.
-- 👎 libre tier has a single app limit.
+- 👎 Libre tier has a single app limit.
 - 👎 Based on Docker images, not stacks, so multi-process apps (e.g. parsoid visual editor for Mediawiki) are a non-starter.
 - 👎 Difficult to extend apps.
 - 👎 Only supported on Ubuntu LTS.
-- 👎 Upstreams libre software communities aren't involved in packaging.
+- 👎 Upstream libre software communities aren't involved in packaging.
 - 👎 Limited to vertical scaling.
 - 👎 Tension between needs of hosting provider and non-technical user.
 - 👎 LDAP introduces security problems - one vulnerable app can expose a user's password for all apps.
@@ -113,8 +113,8 @@ Here is a short overview of the pros/cons we see, in relation to our goals and n
 
 #### Cons
 
-- 👎 Upstream libre software communities aren't publishing Ansible roles
-- 👎 Lots of manual work involved in things like app isolation, backups, updates
+- 👎 Upstream libre software communities aren't publishing Ansible roles.
+- 👎 Lots of manual work involved in things like app isolation, backups, updates.
 
 ### Kubernetes
 
@@ -132,6 +132,10 @@ Here is a short overview of the pros/cons we see, in relation to our goals and n
 
 #### Pros
 
+- 👍 Quick to set up and familiar for many developers.
+
+#### Cons
+
 - 👎 Manual work required for process monitoring.
 - 👎 Secret storage not available yet.
 - 👎 [Swarm is the new best practice](https://github.com/BretFisher/ama/issues/8#issuecomment-367575011).
@@ -176,13 +180,13 @@ This means that we can patch our app containers directly in conversation with up
 
 We definitely recommend using best-in-class security auditing tools like [docker-bench-security](https://github.com/docker/docker-bench-security), IDS systems like [OSSEC](https://www.ossec.net/), security profiles like [Apparmor](https://docs.docker.com/engine/security/apparmor/) and hooking these into your existing monitoring, alert and update maintenance flows.
 
-It's up to how you want to arrange your system. For example, Co-op Cloud also allows you to compartmentalise different apps onto different servers. You could stack a bunch of apps on one big server or you could deploy one app per server.
+It's up to you how you want to arrange your system. For example, Co-op Cloud also allows you to compartmentalise different apps onto different servers. You could stack a bunch of apps on one big server or you could deploy one app per server.
 
 These are organisational concerns that Co-op Cloud can't solve for you which any software system will require. See this [additional question](/intro/faq/#what-is-important-to-consider-when-running-containers-in-production) for further information.
 
 ## What is important to consider when running containers in production?
 
-The Co-op Cloud uses [containers](/faq/#why-containers) as a fundamental building block. Therefore it is important to be aware of some general principles for container management in production environments. These are typically things that you will want to discuss within your co-op or democratic collective about how to prioritise and build up process for.
+The Co-op Cloud uses [containers](#why-containers) as a fundamental building block. Therefore it is important to be aware of some general principles for container management in production environments. These are typically things that you will want to discuss within your co-op or democratic collective about how to prioritise and build up process for.
 
 However, as the Co-op Cloud project is still very young, we're also still thinking about how we can make the platform itself mitigate problematic issues and make the maintenance of containers a more stable experience.
 
@@ -216,7 +220,7 @@ While the industry is bordering on a [k8s](https://kubernetes.io/) obsession and
 
 We hope to see a container orchestrator tool that is not directly linked to a for-profit company emerge soon but for now, this is what we have.
 
-If you want to learn more, see [dockerswarm.rocks](https://dockerswarm.rocks/) for a nice guide.
+If you want to learn more, see [dockerswarm.rocks](https://dockerswarm.rocks/) for a nice guide. See also [`BretFisher/awesome-swarm`](https://github.com/BretFisher/awesome-swarm).
 
 ## What licensing model do you use?
 
@@ -226,7 +230,7 @@ The Co-op Cloud is and will always be available under [copyleft licenses](https:
 
 It is true that if you install 3 apps and each one requires a MySQL database, then you will have 3 installations of MySQL on your system, running in containers.
 
-Systems like [YunoHost](/faq/#yunohost) mutualise every part of the system for maximum resource efficiency - if there is a MySQL instance available on the system, then just make a new database there and share the MySQL instance instead of creating more.
+Systems like [YunoHost](#yunohost) mutualise every part of the system for maximum resource efficiency - if there is a MySQL instance available on the system, then just make a new database there and share the MySQL instance instead of creating more.
 
 However, as we see it, this creates a tight coupling between apps on the database level - running a migration on one app where you need to turn the database off takes down the other apps.
 
@@ -248,6 +252,18 @@ Yes! Horizontal scaling is one of the ways Co-op Cloud can really shine. `abra`
 
 ## Why only x86 support?
 
-We would love to do ARM support and hope to get there! We've been testing this and [ran into some issues](https://git.autonomic.zone/coop-cloud/organising/issues/25). The TLDR; is that a lot of upstream libre app developer communities are not publishing container builds that support ARM. If they are, there are typically subtle differences in the conventions used to build the image as they are mostly done by community members and not directly taken on by the upstream project themselves. Since one of the core goals is to coordinate and reuse upstream packaging work, we see that ARM support requires a lot of organising and community engagement. Perhaps projects themselves will not want to take on this burden? It is not the role of the Co-op Cloud to set up an entire ARM publishing work flow at this moment in time. We see the benefits of supporting ARM and if you've got ideas / thoughts / approaches for how to make progress here, [please get in touch](/intro/contact/).
+We would love to do ARM support and hope to get there! We've been testing this and [ran into some issues](https://git.coopcloud.tech/coop-cloud/organising/issues/25). The TLDR; is that a lot of upstream libre app developer communities are not publishing container builds that support ARM. If they are, there are typically subtle differences in the conventions used to build the image as they are mostly done by community members and not directly taken on by the upstream project themselves. Since one of the core goals is to coordinate and reuse upstream packaging work, we see that ARM support requires a lot of organising and community engagement. Perhaps projects themselves will not want to take on this burden? It is not the role of the Co-op Cloud to set up an entire ARM publishing work flow at this moment in time. We see the benefits of supporting ARM and if you've got ideas / thoughts / approaches for how to make progress here, [please get in touch](/intro/contact/).
 
 Update: [Can I run Co-op Cloud on ARM?](/operators/handbook/#can-i-run-co-op-cloud-on-arm)
+
+## Why would an activist group use Co-op Cloud infrastructure over private cloud infrastructure (e.g. AWS, Azure, GCP)?
+
+If your group is powerful enough to have generated opposition, it's not implausible that some law enforcement body may be trying to stymie your group's advances. To do this, law enforcement bodies may and probably will collaborate with big tech. Indeed, Big Tech has consistently shown a quick willingness to cooperate with Law Enforcement agencies (a la Snowden-revealed NSA subpoenas, [disallowing Signal to domain front](https://techcrunch.com/2018/05/02/signal-could-get-kicked-out-of-amazon-web-services/) and other such incidents where [Big Tech aided governments in hunting activists](http://discourse.leagueofconcernedusers.org/t/activist-infrastructures/69?u=themoonisblue)).
+
+If your group has ambitions that generate enough fury in your opposition, you should think twice about where you store your data and whose services you rely on to store your data.
+
+By using Co-op Cloud infrastructure over private cloud infrastructure, you create a few possibilities:
+
+- You may interact with a server provider that is more ethical than Big Tech. Although the server provider may still succumb to law enforcement, you might place more trust in some providers than in private cloud providers (e.g. AWS).
+
+- You may be able to situate your servers in locations that are relatively more impervious to law enforcement attempts to dismantle your infrastructure. Indeed, if you deployed your infrastructure in a relatively secure setting such as Switzerland, then you would weather a greater chance of keeping your infrastructure alive than if you deployed it in, say, the United States. Protonmail and [Extinction Rebellion (XR)](https://www.youtube.com/watch?v=I_O3zj3p52A) choose Switzerland for their servers, for reasons along these lines.

docs/intro/managed.md

@@ -6,6 +6,8 @@ title: Managed hosting
 
     If you're a co-operative or a tech collective who wants to appear on this list, please [get in touch](/intro/contact/)! We want to expand the number of service providers using the Co-op Cloud so that project is more widely available to end-users and organisations who can influence the direction and co-fund the development.
 
-The Co-op Cloud is still [alpha quality software](https://en.wikipedia.org/wiki/Software_release_life_cycle#Alpha) :bomb: but you can still work with a tech co-op or collective to host some part or all of your online digital services with it. Organisations who want to support the project can get in touch with Co-op Cloud service providers via the following list for a quote on what they're looking for and how much it will cost. Service providers can then factor in some percentage of the cost to co-fund the development of this project.
+The Co-op Cloud is still [beta quality software](https://en.wikipedia.org/wiki/Software_release_life_cycle#Beta) :bomb: but you can still work with a tech co-op or collective to host some part or all of your online digital services with it. Organisations who want to support the project can get in touch with Co-op Cloud service providers via the following list for a quote on what they're looking for and how much it will cost. Service providers can then factor in some percentage of the cost to co-fund the development of this project.
 
 - [Autonomic Co-op](https://autonomic.zone) (contact: [`helo@autonomic.zone`](mailto:helo@autonomic.zone))
+- [Local-IT](https://local-it.org/) (contact [`info@local-it.org`](mailto:info@local-it.org))
+- [Solisoft](https://solisoft.top) (contact [`contact@solisoft.top`](mailto:contact@solisoft.top))

docs/maintainers/handbook.md

@@ -8,7 +8,16 @@ You can run `abra recipe new <recipe>` to generate a new `~/.abra/recipes/<recip
 
 ## Hacking on an existing recipe
 
-If you want to make changes to an existing recipe then you can simply edit the files in `~/.abra/recipes/<recipe-name>` and run pass `--chaos` to the `deploy` command when deploying those changes. `abra` will not deploy unstaged changes to avoid instability but you can tell it to do so with `--chaos`. This means ou can simple hack away on the existing recipe files on your local file system and then when something is working, submit a change request to the recipe upstream.
+!!! warning
+
+    It is *very advisable* to disable any `healthcheck: ...` configuration
+    while hacking on new recipes. This is because it is very easy to mess up
+    and it will stop Traefik or other web proxies routing the app. You can
+    enable a specific healthcheck later when your recipe is stable. The default
+    "unconfigured" healthcheck behaviour is much less strict and it's faster to
+    get something up and running.
+
+If you want to make changes to an existing recipe then you can simply edit the files in `~/.abra/recipes/<recipe-name>` and run pass `--chaos` to the `deploy` command when deploying those changes. `abra` will not deploy unstaged changes to avoid instability but you can tell it to do so with `--chaos`. This means you can simply hack away on the existing recipe files on your local file system and then when something is working, submit a change request to the recipe upstream.
 
 ## How is a recipe structured?
 
@@ -30,7 +39,7 @@ After docker creates the filesystem and copies files into a new container it run
 
 For a simple example check the [entrypoint.sh for `croc`](https://git.coopcloud.tech/coop-cloud/croc/src/commit/2f06e8aac52a3850d527434a26de0a242bea0c79/entrypoint.sh). In this case, `croc` needs the password to be exported as an environmental variable called `CROC_PASS`, and that is exactly what the entrypoint does before running vendor entrypoint.
 
-If you write your own entrypoint, it needs to be specified in the `config` section of compose.yml. See [this handbook entry](http://localhost:8000/maintainers/handbook/#entrypoints) for more.
+If you write your own entrypoint, it needs to be specified in the `config` section of compose.yml. See [this handbook entry](/maintainers/handbook/#how-do-i-set-a-custom-entrypoint) for more.
 
 ### `releases/` directory
 
@@ -79,13 +88,26 @@ export NGINX_CONFIG_VERSION=v1
 
 ## Manage environment variables
 
-When you define an environment variable in a `.env.sample` for a recipe, such as:
+!!! warning
+
+    Please read this section carefully to avoid deployment footguns for the
+    operators who deploy your recipe configuration. It's important to
+    understand how to add new env vars into the recipe configuration in a
+    non-breaking manner. Thanks for reading!
+
+When you define an environment variable in an `.env.sample` for a recipe, such as:
 
 ```bash
 FOO=123
 ```
 
-And you pass this via the `environment` stanza of a service config in the recipe like so:
+This defines an env var which then needs to be added by an operator to their app env file. If you would like to add an env var which is optional, you can do:
+
+```bash
+#FOO=123
+```
+
+In order to expose this env var to recipe configuration, you pass this via the `environment` stanza of a service config in the recipe like so:
 
 ```yaml
 service:
@@ -102,6 +124,16 @@ You can also access it in your configs using the following syntax:
 {{ env "FOO" }}
 ```
 
+### Global environment variables
+
+- `TYPE`: specifies the recipe name
+- `DOMAIN`: specifies the app domain
+- `LETS_ENCRYPT_ENV`: TODO
+- `TIMEOUT`: specifies the time in seconds to wait until all services have started and passed the health checks
+- `ENABLE_AUTO_UPDATE`: if set to `true`, the auto-updater `kadabra` can update this app (see [this auto updater entry](/operators/tutorial/#automatic-upgrades) for more)
+- `POST_DEPLOY_CMDS="<container> <command> <arguments>|<container> <command> <arguments>|... "` specifies commands that should be executed after each `abra app deploy`
+- `POST_UPGRADE_CMDS="<container> <command> <arguments>|<container> <command> <arguments>|... "` specifies commands that should be executed after each `abra app upgrade`
+
 ## Manage secret data
 
 Adding a secret to your recipe is done:
@@ -224,11 +256,11 @@ file_env "DB_PASSWORD"
 Sometimes the containers don't even have Bash installed on them. You had better just use `/bin/sh` or, in your entrypoint script, install Bash :upside_down: The entrypoint secrets hack listed above doesn't work in this case (as it requires Bash), so instead you can just do `export FOO=$(cat /run/secrets/<secret-name>)`.
 
 
-## Reference services in configs?
+## How do I reference services in configs?
 
 When referencing an `app` service in a config file, you should prefix with the `STACK_NAME` to avoid namespace conflicts (because all these containers sit on the traefik overlay network). You might want to do something like this `{{ env "STACK_NAME" }}_app` (using  the often obscure dark magic of the Golang templating language). You can find examples of this approach used in the [Peertube recipe](https://git.coopcloud.tech/coop-cloud/peertube/src/commit/d1b297c5a6a23a06bf97bb954104ddfd7f736568/nginx.conf.tmpl#L9).
 
-## How are recipes are versioned?
+## How are recipes versioned?
 
 We'll use an example to work through this. Let's use [Gitea](https://hub.docker.com/r/gitea/gitea).
 
@@ -364,7 +396,7 @@ mkdir -p releases
 
 And then create a text file which corresponds to the version release, e.g. `1.1.0+5.9.0` and write some notes. `abra` will show these when another operator runs `abra app deploy` / `abra app upgrade`.
 
-## Generate the recipe catalogue
+## How do I generate the recipe catalogue
 
 To generate an entire new copy of the catalogue:
 
@@ -393,7 +425,7 @@ You can pass `--publish` to have `abra` automatically publish those changes.
 
     In order to have `abra` publish changes for you automatically, you'll have to have write permissons to the git.coopcloud.tech repository and your account must have a working SSH key configuration. `abra` will use the SSH based URL connection details for Git by automagically creating an `origin-ssh` remote in the repository and pushing to it.
 
-## Enable healthchecks
+## How do I enable healthchecks
 
 A healthcheck is an important and often overlooked part of the recipe configuration. It is part of the configuration that the runtime uses to figure out if a container is really up-and-running. You can tweak what command to run, how often and how many times to try until you assume the container is not up.
 
@@ -410,7 +442,7 @@ If you're just starting off with packaging a recipe, you can use `healthcheck: d
 
 `abra app errors -w <domain>` will show what errors are being reported from a failing healtcheck setup.
 
-## Tuning deploy configs
+## How do I tune deploy configs?
 
 A bit like healtchecks, there is no universal setup. A good default seems to be the following configuration:
 
@@ -431,13 +463,13 @@ Setting a restart policy is also good so that the runtime doesn't try to restart
 
 Best to [read](https://docs.docker.com/engine/reference/builder/#healthcheck) [the docs](https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck) on this one.
 
-## Tuning resource limits
+## How do I tune resource limits?
 
-If you don't place resource limits on your app it will assume it can use the entire capacity of the server it is on. This can cause issues such as OOM eerors for your entire swarm.
+If you don't place resource limits on your app it will assume it can use the entire capacity of the server it is on. This can cause issues such as Out-Of Memory errors for your entire swarm.
 
 See the [Docker documentation](https://docs.docker.com/config/containers/resource_constraints/) to get into this topic and check the other recipes to see what other maintainers are doing.
 
-## Enable A+ SSL ratings
+## How do I enable A+ SSL ratings?
 
 If you want to get the highest rating on SSL certs, you can use the following traefik labels which use a tweaked Traefik configuration.
 
@@ -448,7 +480,7 @@ If you want to get the highest rating on SSL certs, you can use the following tr
 
 See [this PR](https://git.coopcloud.tech/coop-cloud/traefik/pulls/8/files) for the technical details
 
-## Tweaking secret generation length
+## How do I change secret generation length?
 
 It is possible to tell `abra` which length it should generate secrets with from your recipe config.
 
@@ -469,12 +501,13 @@ of passwords which admins have to type out in database shells.
 
 ## How are recipes added to the catalogue?
 
-> This is so far a manual process which requires a member of Autonomic. This is
-> a temporary situation, we want to open out this process & also introduce some
-> automation to support making thie process more convenient. Please nag us to
-> move things along.
+> This is so far a manual process which requires someone who's been added to the
+> `coop-cloud` "Organisation" on https://git.coopcloud.tech. This is a temporary
+> situation, we want to open out this process & also introduce some automation
+> to support making thie process more convenient. Please nag us to move things
+> along.
 
-- Publish your new recipe on the [git.coopcloud.tech](https://git.coopcloud.tech/coop-cloud) listing
+- Publish your new recipe on the [git.coopcloud.tech](https://git.coopcloud.tech/coop-cloud) "Organisation"
 - Run `abra catalogue generate <recipe> -p`
 - Run `cd ~/.abra/catalogue && make`
 
@@ -483,7 +516,7 @@ the [recipe release publishing dance](https://docs.coopcloud.tech/maintainers/ha
 which will then extend the `versions: [...]` section of the published JSON in the catalogue.
 
 Recipes that are not included in the catalogue can still be deployed. It is not
-required to add your recipes to the catalogue but this will improve the
+required to add your recipes to the catalogue, but this will improve the
 visibility for other co-op hosters & end-users.
 
 For now, it is best to [get in touch](https://docs.coopcloud.tech/intro/contact/) if you want to add your recipe to the catalogue.
@@ -502,14 +535,14 @@ Two of the current "blessed" options are
 [`backup-bot-two`](https://git.coopcloud.tech/coop-cloud/backup-bot-two) &
 [`abra`](https://git.coopcloud.tech/coop-cloud/abra).
 
-#### `abra`
-
-`abra` will read labels and store backups in `~/.abra/backups/...`.
-
 #### `backup-bot-two`
 
 Please see the [`README.md`](https://git.coopcloud.tech/coop-cloud/backup-bot-two#backupbot-ii) for the full docs.
 
+#### `abra`
+
+`abra` will read labels and store backups in `~/.abra/backups/...`.
+
 ### Backup
 
 For backup, here are the labels & some examples:
@@ -538,3 +571,162 @@ You can use [this `docker-compose` trick](https://docs.docker.com/compose/extend
 If you have a recipe that is using a `mysql` service and you'd like to use `postgresql` instead, you can create a `compose.psql.yml`!
 
 An example of this is the [`selfoss`](https://git.coopcloud.tech/coop-cloud/selfoss) recipe. The default is `sqlite` but there is a `postgresql` compose configuration there too.
+
+## How do I set a custom entrypoint?
+
+For more context, see the [`entrypoint.sh`](/maintainers/handbook/#entrypointsh) section. The following configuration example is ripped from the [`coop-cloud/peertube`](https://git.coopcloud.tech/coop-cloud/peertube) recipe but shortened down. Here are more or less the steps you need to take:
+
+Define a config:
+
+```yaml
+  app:
+    ...
+    configs:
+      - source: app_entrypoint
+        target: /docker-entrypoint.sh
+        mode: 0555
+    ...
+
+configs:
+  app_entrypoint:
+    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
+    file: entrypoint.sh.tmpl
+    template_driver: golang
+```
+
+Define a `entrypoint.sh.tmpl`:
+
+```
+#!/bin/bash
+
+set -e
+
+file_env() {
+   local var="$1"
+   local fileVar="${var}_FILE"
+   local def="${2:-}"
+
+   if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+      echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+      exit 1
+   fi
+
+   local val="$def"
+
+   if [ "${!var:-}" ]; then
+      val="${!var}"
+   elif [ "${!fileVar:-}" ]; then
+      val="$(< "${!fileVar}")"
+   fi
+
+   export "$var"="$val"
+   unset "$fileVar"
+}
+
+file_env "PEERTUBE_DB_PASSWORD"
+
+{{ if eq (env "PEERTUBE_SMTP_ENABLED") "1" }}
+file_env "PEERTUBE_SMTP_PASSWORD"
+{{ end }}
+
+{{ if eq (env "PEERTUBE_LIVE_CHAT_ENABLED") "1" }}
+apt -y update && apt install -y prosody && apt -y clean
+mkdir -p /run/prosody && chown prosody:prosody /run/prosody
+{{ end }}
+
+# Copy the client files over to a named volume
+# so that they may be served by nginx directly
+cp -ar /app/client/dist /srv/client
+
+# upstream entrypoint
+# https://github.com/Chocobozzz/PeerTube/blob/66f77f63437c6774acbd72584a9839a7636ea167/support/docker/production/entrypoint.sh
+/usr/local/bin/entrypoint.sh "$@"
+```
+
+Please note:
+
+1. The `file_env` / `_FILE` hack is to pass secrets into the container runtime without exposing them in plaintext in the configuration. See [this entry](/maintainers/handbook/#exposing-secrets) for more.
+
+1. In order to pass execution back to the original entrypoint, it's a good idea to find the original entrypoint script and run it from your own entrypoint script. If there is none, you may want to reference the `CMD` definition or if that isn't working, try to actually specify `cmd: ...` in the `compose.yml` definition (there are other recipes which do this).
+
+1. If you're feeling reckless, you can also use the Golang templating engine to do things conditionally.
+
+Then, wire up the vendored config version:
+
+```
+# abra.sh
+export APP_ENTRYPOINT_VERSION=v5
+```
+
+You should be able to deploy this overriden configuration now.
+
+## Linting rules
+
+### R014: "invalid lightweight tag"
+
+This is an issue related to the way Git/`go-git` handle Git tags internally. We
+need to use "annotated tags" and not "lightweight tags" for our recipe versions
+tags. Otherwise, `abra` has a hard time parsing what is going on.
+
+The `R01O4` linting error happens because the recipe in question has a
+lightweight tag. This needs to be replaced. This is a manual process. Here's a
+practical example with the Gitea recipe when we had this issue.
+
+You can validate what kind of tag is which by running the following:
+
+```
+git for-each-ref refs/tags
+734045872a57d795cd54b1992a1753893a4934f1 tag    refs/tags/1.0.0+1.14.5-rootless
+b2cefa5ccf2f2f77dae54cf6c304cccecb3547ca tag    refs/tags/1.1.0+1.15.0-rootless
+6d669112d8caafcdcf4eb1485f2d6afdb54a8e30 tag    refs/tags/1.1.1+1.15.3-rootless
+64761ad187cc7a3984a37dd9abd4fa16979f97b9 tag    refs/tags/1.1.2+1.15.6-rootless
+1ccb1cb6a63a08eebf6ba5508b676eaaccba7ed8 tag    refs/tags/1.1.3+1.15.10-rootless
+b86e1f6dfef3c464b16736274b3cd95f8978f66b tag    refs/tags/1.2.0+1.16.3-rootless
+b1d22f3c39ca768a4efa1a0b9b9f780268c924b3 tag    refs/tags/1.2.1+1.16.8-rootless
+85a45aa749427822a73ef62b6362d57bae1a61af tag    refs/tags/1.3.0+1.17.2-rootless
+f35689989c0b57575b8362e1252476d8133dc961 commit refs/tags/1.3.1+1.17.3-rootless
+df015fae592fca7728a3f0835217e110da4dbafc tag    refs/tags/2.0.0+1.18.0-rootless
+71920adb0c25a59f7678894e39f1a705f0ad08dd tag    refs/tags/2.0.1+1.18.2-rootless
+1ab9a96922341c8e54bdb6d60850630cce4b9587 tag    refs/tags/2.1.0+1.18.5-rootless
+1e612d84a2ad7c9beb7aa064701a520c7e91eecc commit refs/tags/2.1.2+1.19.3-rootless
+0bee99615a8bbd534a66a315ee088af3124e054b tag    refs/tags/2.2.0+1.19.3-rootless
+699378f53501b2d5079fa62cc7f8e79930da7540 tag    refs/tags/2.3.0+1.20.1-rootless
+c0dc5f82930d875c0a6e29abc016b4f6a53b83dd tag    refs/tags/2.3.1+1.20.1-rootless
+```
+
+Where `f35689989c0b57575b8362e1252476d8133dc961` &
+`1e612d84a2ad7c9beb7aa064701a520c7e91eecc` need to be removed ("commit"). We
+will deal with `refs/tags/1.3.1+1.17.3-rootless` in this example.
+
+```
+# find the tag hash
+git show 1.3.1+1.17.3-rootless
+commit f35689989c0b57575b8362e1252476d8133dc961 (tag: 1.3.1+1.17.3-rootless)
+Merge: af97db8 1d4dc8e
+Author: decentral1se <decentral1se@noreply.git.coopcloud.tech>
+Date:   Sun Nov 13 21:54:01 2022 +0000
+
+    Merge pull request 'Adding Oauth2 options and up on versions' (#29) from javielico/gitea:master into master
+
+    Reviewed-on: https://git.coopcloud.tech/coop-cloud/gitea/pulls/29
+
+# delete the tag locally / remotely
+git tag -d 1.3.1+1.17.3-rootless
+git push origin 1.3.1+1.17.3-rootless --delete
+
+# re-tag, this time with `-a` (annotated)
+git checkout f35689989c0b57575b8362e1252476d8133dc961
+git tag -a 1.3.1+1.17.3-rootless
+
+# push new tag
+git checkout master # might be main on other recipes!
+git push origin master --tags
+
+# check everything works
+git for-each-ref refs/tags | grep 1.3.1+1.17.3-rootless
+964f1680000fbba6daa520aa8d533a53ad151ab8 tag refs/tags/1.3.1+1.17.3-rootless
+```
+
+That's it! Spread the word, use `-a` when tagging recipe versions manually! Or
+just use `abra` which should handle this issue automagically for you in all
+cases 🎉

docs/maintainers/tutorial.md

@@ -14,14 +14,14 @@ Depending on your familiarity with recipes, it might be worth reading [how a rec
 
 ### Making a plan
 
-The idea scenario is when the upstream project provides both the packaged image and a compose configuration which we can build from. If you're in luck, you'll typically find a `Dockerfile` and a `docker-compose.yml` file in the root of the upstream Git repository for the app.
+The ideal scenario is when the upstream project provides both the packaged image and a compose configuration which we can build from. If you're in luck, you'll typically find a `Dockerfile` and a `docker-compose.yml` file in the root of the upstream Git repository for the app.
 
 - **Tired**: Write your own image and compose file from scratch
 - **Wired**: Use someone else's image (& maybe compose file)
 - **Inspired**: Upstream image, someone else's compose file
 - **On fire**: Upstream image, upstream compose file
 
-### Writing the `compose.yml`
+### Writing / adapting the `compose.yml`
 
 Let's take a practical example, [Matomo web analytics](https://matomo.org/). We'll be making a Docker "swarm-mode" `compose.yml` file.
 
@@ -43,9 +43,9 @@ wget https://raw.githubusercontent.com/matomo-org/docker/master/.examples/apache
 
 Open the `compose.yml` in your favourite editor and have a gander 🦢. There are a few things we're looking for, but some immediate changes could be:
 
-1. Let's bump the version to `3.8`, to make sure we can use all the latest swarm coolness
-2. We load environment variables separately via [`abra`](/abra/), so we'll strip out `env_file`
-3. The `/var/www/html` volume definition on L21 is a bit overzealous; it means a copy of Matomo will be stored separately per app instance, which is a waste of space in most cases. We'll narrow it down according to the documentation. The developers have been nice enough to suggest `logs` and `config` volumes instead, which is a decent start
+1. Let's bump the version to `3.8`, to make sure we can use all the latest swarm coolness.
+2. We load environment variables separately via [`abra`](/abra/), so we'll strip out `env_file`.
+3. The `/var/www/html` volume definition on L21 is a bit overzealous; it means a copy of Matomo will be stored separately per app instance, which is a waste of space in most cases. We'll narrow it down according to the documentation. The developers have been nice enough to suggest `logs` and `config` volumes instead, which is a decent start.
 4. The MySQL passwords are sent as variables which is fine for basic use, but if we replace them with Docker secrets we can keep them out of our env files if we want to publish those more widely.
 5. The MariaDB service doesn't need to be exposed to the internet, so we can define an `internal` network for it to communicate with Matomo.
 6. Lastly, we want to use `deploy.labels` and remove the `ports:` definition, to tell Traefik to forward requests to Matomo based on hostname and generate an SSL certificate.
@@ -66,8 +66,8 @@ abra app new matomo --secrets \
  --server swarm.example.com
 ```
 
-Depending on whether you defined any extra environment variables, we didn't so
-far, in this example, you might want to run `abra app config swarm.example.com`
+Depending on whether you defined any extra environment variables -- we didn't so
+far, in this example -- you might want to run `abra app config swarm.example.com`
 to check the configuration.
 
 Otherwise, or once you've done that, go ahead and deploy the app:
@@ -80,4 +80,4 @@ Then, open the `DOMAIN` you configured (you might need to wait a while for Traef
 
 ### Finishing up
 
-You've probably got more questions, check out the [maintainers handbook](/maintainers/handbook)!
+You've probably got more questions, check out the [packaging handbook](/maintainers/handbook)!

docs/operators/handbook.md

@@ -82,6 +82,18 @@ Then, tell your collaborators (e.g. in the repository's `README.md`), to run `ma
 
     We don't currently recommend this, because it might set inaccurate expectations about the security model – remember that, by default, **any user who can deploy apps to a Docker Swarm can manage _any_ app in that swarm**.
 
+### Migrating a server into a repository
+
+Even if you've got your existing server configs in version control, by default, `abra server add` will define the server locally. To move it -- taking the example of `newserver.example.com`:
+
+```
+mv ~/.abra/servers/newserver.example.com ~/coop-cloud-apps/
+cd ~/coop-cloud-apps
+git add newserver.example.com
+git commit
+make link
+```
+
 ## Running abra server side
 
 If you're on an environment where it's hard to run Docker, or command-line programs in general, you might want to install `abra` on a server instead of your local work station.
@@ -151,11 +163,11 @@ So, given how [secret versions](/operators/handbook/#secret-versions) work, here
 1. Find out the current version number of the secret, e.g. by running `abra app config <domain>`, and choose a new one. Let's assume it's currently `v1`, so by convention the new secret will be `v2`
 2. Generate or insert the new secret: `abra app secret generate <domain> db_password v2` or `abra app secret insert <domain> db_password v2 "foobar"`
 3. Edit the app configuration to change which secret version the app will use: `abra app config <domain>`
-4. Re-reploy the app with the new secret version: `abra app deploy <domain>`
+4. Re-deploy the app with the new secret version: `abra app deploy <domain>`
 
 ### Storing secrets in `pass`
 
-The Co-op Cloud authors use the [UNIX `pass` tool][pass] to share sensitive data, including Co-op Cloud secrets, and `abra app secret ...` commands include a `--pass` option to automatically manage generated / inserted secrets:
+The Co-op Cloud authors use the [UNIX `pass` tool](https://www.passwordstore.org) to share sensitive data, including Co-op Cloud secrets, and `abra app secret ...` commands include a `--pass` option to automatically manage generated / inserted secrets:
 
 ```
 # Store generated secrets in `pass`:
@@ -179,19 +191,19 @@ This functionality currently relies on our specific `pass` storage conventions;
 
 ### Traefik networking
 
-[Traefik](https://doc.traefik.io/traefik/) is our core web proxy, all traffic on a Co-op Cloud deployment goes through a running Traefik container. When setting up a new Co-op Cloud delpyment, `abra` creates a "global" [overlay network](https://docs.docker.com/network/overlay/) which traefik is hooked up to. This is the network that other apps use to speak to traefik and get traffic routed to them. Not every service in every app is also included in this network and hence not internet-facing (by convention, we name this network `internal`, see more below).
+[Traefik](https://doc.traefik.io/traefik/) is our core web proxy, all traffic on a Co-op Cloud deployment goes through a running Traefik container. When setting up a new Co-op Cloud deployment, `abra` creates a "global" [overlay network](https://docs.docker.com/network/overlay/) which traefik is hooked up to. This is the network that other apps use to speak to traefik and get traffic routed to them. Not every service in every app is also included in this network and hence not internet-facing (by convention, we name this network `internal`, see more below).
 
 ### App networking
 
-By convention, the main `app` service is wired up to the "global" traefik overlay network. This container is the one that should be publicy reachable on the internet. The other services in the app such as the database and caches should be not be publicly reachable or visible to other apps on the same instance.
+By convention, the main `app` service is wired up to the "global" traefik overlay network. This container is the one that should be publicy reachable on the internet. The other services in the app such as the database and caches should not be publicly reachable or visible to other apps on the same instance.
 
 To deal with this, we make an additional "internal" network for each app which is namespaced to that app. So, if you deploy a Wordpress instance called `my_wordpress_blog` then there will be a network called `my_wordpress_blog_internal` created. This allows all the services in an app to speak to each other but not be reachable on the public internet.
 
 ## Multiple apps on the same domain?
 
-At time of writing (Jan 2022), we think there is a limitation in our design which doesn't support multiple apps sharing the same domain (e.g. `example.com/app1/` & `example.com/app2/`). `abra` treats each domain as unique and as the singler reference for a single app.
+At time of writing (Jan 2022), we think there is a limitation in our design which doesn't support multiple apps sharing the same domain (e.g. `example.com/app1/` & `example.com/app2/`). `abra` treats each domain as unique and as the single reference for a single app.
 
-This may be possible to overcome if someone really needs it, we encourage people to investigate. We've found that often, there are limitations in the actual software which don't support this anyway and several of the current operators simply use a new domain per app.
+This may be possible to overcome if someone really needs it, we encourage people to investigate. We've found that often there are limitations in the actual software which don't support this anyway and several of the current operators simply use a new domain per app.
 
 ## Validating `abra` binary checksums
 
@@ -231,14 +243,16 @@ The requirements are:
 wget -O- https://get.docker.com | bash
 
 # add user to docker group
-usermod -aG docker $YOURUSERNAMEHERE
+usermod -aG docker $USER
 
 # setup swarm
 docker swarm init
 docker network create -d overlay proxy
-```
 
-`abra` will do this for you when you run `abra server add --provision`.
+# on debian machines as of 2023-02-17
+apt install apparmor
+systemctl restart docker containerd
+```
 
 ## Managing DNS entries
 
@@ -250,7 +264,7 @@ docker network create -d overlay proxy
 
 `abra` supports creating, listing and removing DNS entries if the 3rd party integration supports it.
 
-If you want to teach `abra` how to support your favourite server hosting provider, we'd glady accept patches.
+If you want to teach `abra` how to support your favourite DNS service provider, we'd glady accept patches.
 
 ## How do I persist container logs after they go away?
 
@@ -300,7 +314,7 @@ Also, for more system wide analysis stuff:
 
 `abra` uses plain 'ol SSH under the hood and aims to make use of your existing SSH configurations in `~/.ssh/config` and interfaces with your running `ssh-agent` for password protected secret key files.
 
-The `server add` command listed above assumes that that you make SSH connections on port 22 using your current username. If that is not he case, pass the new values as positional arguments. See `abra server add -h` for more on this.
+The `server add` command listed above assumes that that you make SSH connections on port 22 using your current username. If that is not the case, pass the new values as positional arguments. See `abra server add -h` for more on this.
 
 ```bash
 abra server add <domain> <user> <port> -p
@@ -312,6 +326,10 @@ Running `server add` with `-d/--debug` should help you debug what is going on un
 
 If you need to run a command within a running container you can use `abra app run <domain> <service> <command>`. For example, you could run `abra app run cloud.lumbung.space app bash` to open a new bash terminal session inside your remote container.
 
+## How do I attach on a non-running container?
+
+If you need to run a command on a container that won't start (eg. the container is stuck in a restart loop) you can temporarily disable its default entrypoint by setting it in `compose.yml` to something like ['tail', '-f', '/dev/null'], then redeploy the stack (with `--force --chaos` so you don't need to commit), then [get into the now running container](#how-do-i-attach-to-a-running-container), do your business, and when done revert the compose.yml change and redeploy again.
+
 ## Can I run Co-op Cloud on ARM?
 
 `@Mayel`:
@@ -327,7 +345,132 @@ See [`#312`](https://git.coopcloud.tech/coop-cloud/organising/issues/312) for mo
 
 ## How do I backup/restore my app?
 
-If you're app [supports backup/restore](/handbook/#how-do-i-configure-backuprestore) then you have two options: [`backup-bot-two`](https://git.coopcloud.tech/coop-cloud/backup-bot-two) & [`abra`](https://git.coopcloud.tech/coop-cloud/abra).
+If you're app [supports backup/restore](/maintainers/handbook/#how-do-i-configure-backuprestore) then you have two options: [`backup-bot-two`](https://git.coopcloud.tech/coop-cloud/backup-bot-two) & [`abra`](https://git.coopcloud.tech/coop-cloud/abra).
 
 With `abra`, you can simply run `abra app backup ...` & `abra app restore ...`.
 Pass `-h` for more information on the specific flags & arguments.
+
+## How do I take a manual database backup?
+
+MySQL / MariaDB:
+
+```
+abra app run foo.bar.com db mysqldump -u root <database> | gzip > ~/.abra/backups/foo.bar.com_db_`date +%F`.sql.gz
+```
+
+Postgres:
+
+```
+abra app run foo.bar.com db pg_dump -u root <database> | gzip > ~/.abra/backups/foo.bar.com_db_`date +%F`.sql.gz
+```
+
+If you get errors about database access:
+- Make sure you've specified the right database user (`root` above) and db name
+- If you have a database password set, you might need to load it from a secret,
+    something like this:
+
+```
+abra app run foo.bar.com db bash -c 'mysqldump -u root -p"$(cat /run/secrets/db_oot_password)" <database>' | gzip > ~/.abra/backups/foo.bar.com_db_`date +%F`.sql.gz
+```
+
+## Can I deploy a recipe without `abra`?
+
+Yes! It's a design goal to keep the recipes not dependent on `abra` or any
+single tool that we develop. This means that the configuration commons can
+still be useful beyond this project. You can deploy a recipe with standard
+commands like so:
+
+```
+set -a
+source example.com.env
+cd ~/.abra/recipes/myrecipe
+docker stack deploy -c compose.yml example_com
+```
+
+`abra` makes all of this more convenient.
+
+## Proxying apps outside of Co-op Cloud with Traefik?
+
+It's possible! It's actually always been possible but we just didn't have
+spoons to investigate. Co-op Cloud can co-exist on the same server as bare
+metal apps, non-swarm containers (plain `docker-compose up` deployments!),
+Nginx installs etc. It's a bit gnarly with the networking but doable.
+
+Enable the following in your Traefik `$domain.env` configuration:
+
+```
+FILE_PROVIDER_DIRECTORY_ENABLED=1
+```
+
+You must also have host mode networking enabled for Traefik:
+
+```
+COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
+```
+
+And re-deploy your `traefik` app. You now have full control over the [file
+provider](https://doc.traefik.io/traefik/providers/file/#directory)
+configuration of Traefik. This also means you lost the defaults of the
+`file-provider.yml.tmpl`, so this is a more involved approach.
+
+The main change is that there is now a `/etc/traefik/file-providers` volume
+being watched by Traefik for provider configurations. You can re-enable the
+recipe defaults by copying the original over to the volume (this assumes you've
+deployed `traefik` already without `FILE_PROVIDER_DIRECTORY_ENABLED`, which is
+required for the following command):
+
+```
+abra app run $your-traefik app \
+  cp /etc/traefik/file-provider.yml /etc/traefik/file-providers/
+```
+
+You don't need to re-deploy Traefik, it should automatically pick this up.
+
+You can route requests to a bare metal / non-docker service by making a
+`/etc/traefik/file-providers/$YOUR-SERVICE.yml` and putting something like this in
+it:
+
+```yaml
+http:
+  routers:
+    myservice:
+      rule: "Host(`my-service.example.com`)"
+      service: "myservice"
+      entryPoints:
+        - web-secure
+      tls:
+        certResolver: production
+
+  services:
+    myservice:
+      loadBalancer:
+        servers:
+          - url: "http://$YOUR-HOST-IP:8080/"
+```
+
+Where you should replace all instances of `myservice`.
+
+You must use your host level IP address (replace `$YOUR-HOST-IP` in the
+example). With host mode networking, your deployment can route out of the swarm
+to the host.
+
+If you're running a firewall (e.g. UFW) then it will likely block traffic from
+the swarm to the host. You can typically add a specific UFW to route from the
+swarm (typically, your `docker_gwbridge`) to the specific port of your bare
+metal / non-docker app:
+
+```
+docker network inspect docker_gwbridge --format='{{( index .IPAM.Config 0).Gateway}}'
+172.18.0.1
+ufw allow from 172.18.0.0/16 proto tcp to any port $YOUR-APP-PORT
+```
+
+Notice that we turn `172.18.0.1` into `172.18.0.0/16`. It's advised to open the
+firewall on a port by port case to avoid expanding your attack surface.
+
+Traefik should handle the usual automagic HTTPS certificate generation and
+route requests after. You're free to make as many `$whatever.yml` files in your
+`/etc/traefik/file-providers` directory. It should Just Work ™
+
+ Please note that we have to hardcode `production` and `web-secure` which are
+ typically configurable when not using `FILE_PROVIDER_DIRECTORY_ENABLED`.

docs/operators/tutorial.md

@@ -94,22 +94,22 @@ The tutorial tries to help you make choices about which server and which DNS set
 
 ### Server setup
 
-Co-op Cloud has itself near zero system requirements. You only need to worry about the system resource usage of your apps and the overhead of running containers with the docker runtime (often negligible. If you want to know more, see [this FAQ entry](/faq/#isnt-running-everything-in-containers-inefficient)).
+Co-op Cloud has itself near zero system requirements. You only need to worry about the system resource usage of your apps and the overhead of running containers with the docker runtime (often negligible. If you want to know more, see [this FAQ entry](/intro/faq/#isnt-running-everything-in-containers-inefficient)).
 
-We will deploy a new Nextcloud instance in this guide, so you will only need 1GB of RAM according to [their documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html). You may also be interested in this [FAQ entry](/faq/#arent-containers-horrible-from-a-security-perspective) if you are curious about security in the context of containers.
+We will deploy a new Nextcloud instance in this guide, so you will only need 1GB of RAM according to [their documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html). You may also be interested in this [FAQ entry](/intro/faq/#arent-containers-horrible-from-a-security-perspective) if you are curious about security in the context of containers.
 
 Most Co-op Cloud deployments have been run on Debian machines so far. Some experiments have been done on single board computers & servers with low resource capacities.
 
 You need to keep port `:80` and `:443` free on your server for web proxying to your apps. Typically, you don't need to keep any other ports free as the core web proxy ([Traefik](https://traefik.io)) keeps all app ports internal to its network. Sometimes however, you need to expose an app port when you need to use a transport which would perform better or more reliably without proxying.
 
-`abra` has support for both creating servers (`abra server new`) & provisioning them (passing `--provision` to `abra server add`) but those are more advanced automation options which are covered in the [handbook](/operators/handbook). For this tutorial, we'll focus on the basics. Assuming you've managed to create a testing VPS with some `$hosting_provider`, you'll need to install Docker, add your user to the Docker group & setup swarm mode:
+`abra` has support for creating servers (`abra server new`) but that is a more advanced automation feature which is covered in the [handbook](/operators/handbook). For this tutorial, we'll focus on the basics. Assuming you've managed to create a testing VPS with some `$hosting_provider`, you'll need to install Docker, add your user to the Docker group & setup swarm mode:
 
 ```
 # docker install convenience script
 wget -O- https://get.docker.com | bash
 
 # add user to docker group
-usermod -aG docker $YOURUSERNAMEHERE
+sudo usermod -aG docker $USER
 
 # setup swarm
 docker swarm init
@@ -162,14 +162,13 @@ If you run into issues during installation, [please report a ticket](https://git
 
 #### Add your server
 
-Now you can connect `abra` with your server. You need to have a working SSH configuration before you can do this. That means you can run `ssh <server-domain>` on your command-line and everything Works :tm:.
+Now you can connect `abra` with your server. You should have a working SSH configuration before you can do this (e.g. a matching `Host <server-domain>` entry in `~/.ssh/config` with the correct SSH connection details). That means you can run `ssh <server-domain>` on your command-line and everything Works :tm:.
 
 ```bash
-abra server add <server-domain> -p
+ssh <server-domain> # make sure it works
+abra server add <server-domain>
 ```
 
-The `-p` or `--provision` flag means that `abra` will install Docker and initialise the [new single-host swarm](https://docs.docker.com/engine/swarm/key-concepts/) on your server. If you've already followed the steps in [the server setup](/operators/tutorial/#server-setup) step, then `abra` should not need to do any work.
-
 It is important to note that `<domain>` here is a publicy accessible domain name which points to your server IP address. `abra` does make sure this is the case and this is done to avoid issues with HTTPS certificate rate limiting.
 
 You will now have a new `~/.abra/` folder on your local file system which stores all the configuration of your Co-op Cloud instance.
@@ -184,10 +183,6 @@ abra server ls
 
     `abra` uses plain 'ol SSH under the hood and aims to make use of your existing SSH configurations in `~/.ssh/config` and interfaces with your running `ssh-agent` for password protected secret key files.
 
-    The `server add` command listed above assumes that that you make SSH connections on port 22 using your current username. If that is not he case, pass the new values as positional arguments. See `abra server add -h` for more on this.
-
-        abra server add <domain> <user> <port> -p
-
     Running `server add` with `-d/--debug` should help you debug what is going on under the hood. It's best to take a moment to read [this troubleshooting entry](/abra/trouble/#ssh-connection-issues) if you're running into SSH connection issues with `abra`.
 
 !!! question "How do I share my configs in `~/.abra`?"
@@ -211,7 +206,7 @@ Choose your newly registered server and specify a domain name.
 You will want to take a look at your generated configuration and tweak the `LETS_ENCRYPT_EMAIL` value. You can do that by running `abra app config`:
 
 ```bash
-abra app config traefik
+abra app config <traefik-domain>
 ```
 
 Every app you deploy will have one of these `.env` files, which contains variables which will be injected into app configurations when deployed. Variables starting with `#` are optional, others are required.
@@ -252,8 +247,45 @@ abra app errors -w <nextcloud-domain> # error catcher
 
 Your new `traefik` instance will detect that a new app is coming up and generate SSL certificates for it. You can see what `traefik` is up to using the same commands above but replacing `<netcloud-domain>` with the `<traefik-domain>` you chose earlier (`abra app ls` will remind you what domains you chose :grinning:).
 
+### Upgrade Nextcloud
+
+To upgrade an app manually to the newest available version run:
+
+```bash
+abra app upgrade <nextcloud-domain>
+```
+
+### Automatic Upgrades
+
+`kadabra` the auto-updater is still under development, use it with care and don't use it in production environments. To setup the auto-updater copy the `kadabra` binary to the server and configure a cronjob for regular app upgrades. The following script will configure ssmtp for email notifications and setup a cronjob. This cronjob checks daily for new app versions, notifies if any kind of update is available and upgrades all apps to the latest patch/minor version.
+
+
+```bash
+apt install ssmtp
+
+cat > /etc/ssmtp/ssmtp.conf << EOF
+mailhub=$MAIL_SERVER:587
+hostname=$MAIL_DOMAIN
+AuthUser=$USER
+AuthPass=$PASSWORD
+FromLineOverride=yes
+UseSTARTTLS=yes
+EOF
+
+cat > /etc/cron.d/abra_updater << EOF
+MAILTO=admin@example.com
+MAILFROM=noreply@example.com
+
+0  6 * * *       root    ~/kadabra notify --major
+30 4 * * *       root    ~/kadabra upgrade --all
+EOF
+
+```
+
+Add `ENABLE_AUTO_UPDATE=true` to the env config (`abra app config <app name>`) to enable the auto-updater for a specific app.
+
 ## Finishing up
 
 Hopefully you got something running! Well done! The [operators handbook](/operators/handbook) would probably be the next place to go check out if you're looking for more help. Especially on topics of ongoing maintenance.
 
-If not, please [get in touch](/intro/contact) or [raise a ticket](https://git.coopcloud.tech/coop-cloud/abra/issues/new) and we'll try to help out. We want our operator onboarding to be as smooth as possible, so we do appreciate any feedback we receive.
+If not, please [get in touch](/intro/contact) or [raise a ticket](https://git.coopcloud.tech/coop-cloud/organising/issues/new/choose) and we'll try to help out. We want our operator onboarding to be as smooth as possible, so we do appreciate any feedback we receive.

docs/organisers/funding-applications/culture-of-solidarity.md

@@ -0,0 +1,5 @@
+---
+title: Culture of Solidarity (ECF)
+---
+
+> **TODO**

docs/organisers/funding-applications/ford-foundation.md

@@ -0,0 +1,535 @@
+---
+title: Ford foundation
+---
+
+# Ford foundation
+
+> Status: **pending**
+
+* [Previous material](https://notes.bonfire.cafe/nlnet-bonfire-coopcloud-hosting)
+* [Application](https://fordfoundation.forms.fm/2023-digital-infrastructure-insights-fund-rfp/forms/9724)
+
+## Is this concept note primarily focused on research or implementation?
+
+- Implementation
+
+## What is your research question? (30 words)
+
+How can an open co-operative ecosystem foster a sustainable, resilient
+infrastructure for FLOSS (Free/Libre Open Source software) development,
+hosting, and tech support, while enhancing data ownnership, transparency and
+co-operation?
+
+## Why is this question important to answer and how does it relate to our fund? (500 words)
+
+This is a challenge of paramount importance as it aims to design and test a
+model for a sustainable, resilient open co-operative ecosystem amidst a digital
+landscape overshadowed by large centralized profit-driven entities.
+
+The hegemony of a few colossal platforms has led to myriad challenges
+including, but not limited to, data privacy infringements, misinformation
+dissemination, and a significant digital divide. Such challenges thwart the
+internet's potential to act as a public commons and hinder the growth of a
+democratic, open, and inclusive digital infrastructure.
+
+The envisioned open co-operative ecosystem is a step towards remedying the
+prevalent issues of centralization and lack of inclusivity in the digital
+domain. It proposes a holistic approach encompassing technical innovation,
+co-operative economics, and community-centric governance - where software,
+infrastructure and communities are not isolated entities, but are part of a
+common ecosystem.
+
+This aligns profoundly with this fund's objective of exploring and remedying
+the issues of under-maintenance and occasional undermining of FLOSS. The
+proposed self-sustaining economic model is aimed at ensuring the longevity and
+resilience of both the open co-operative ecosystem and all the actors involved:
+FLOSS developers and designers, sysadmins and hosting providers, and all the
+other figures that struggle to reach sustainability by working in and for the
+FLOSS sector.
+
+Furthermore, the proposed project is not merely a technical endeavor but a
+multi-dimensional initiative aimed at fostering a digital infrastructure that
+is equitable, sustainable, secure, and entrenched in the public interest.
+
+Our proposed integration aims to simplify the setup, hosting and operating of
+FLOSS software, through an open dashboard that automates the whole software
+life cycle. This dashboard will act as a gateway to an ecosystem of developers
+and hosting providers, which will work together to provide users and
+communities with:
+
+- Openness: Designers, developers, and sysadmins can join the ecosystem to
+  provide services and receive compensation;
+
+- Mutualism: Projects and communities that meet specific criteria may exchange
+  services in-kind, or benefit from special rates;
+
+- Flexibility: From a personal instance to a large community, the open
+  ecosystem will guide the user based on their specific needs and budget;
+
+- Inclusivity: Users and communities can collectively shape the ecosystem's
+  roadmaps, by co-designing and funding desired features.
+
+From the other side, the dashboard will also operate as an economic network to
+track each contribution and distribute the available funds according to value
+equation formulas as democratically defined by the ecosystem stakeholders.
+
+## What research methods will you use to answer this question? (Please describe the methodologies and scope of your proposed research (500 words))
+
+To comprehensively address the research question, a blend of interdisciplinary
+methods will be employed to ensure a thorough analysis, development, and
+evaluation of the proposed integrated Bonfire and Co-op Cloud ecosystem. The
+methodologies are outlined as follows:
+
+- Literature Review:
+
+An extensive literature review will be conducted to gather insights on existing
+models of open co-operative ecosystems, challenges and best practices in FLOSS
+development, hosting, and funding, and the impact of decentralized digital
+infrastructures on promoting inclusivity and co-operation.
+
+- Surveys & Interviews:
+
+By using mixed methods we aim to gather insights from relevant parties such as
+instance administrators, app maintainers, and FOSS contributors.
+
+- User-Centered Design (UCD):
+
+Utilizing UCD principles, we will engage potential users and stakeholders in
+the design and development process. This will include conducting surveys,
+interviews, and usability testing to gather user requirements, preferences, and
+feedback on prototype iterations.
+
+- Technical Development and Prototyping:
+
+The core of the research involves the technical development and prototyping of
+the integrated dashboard that facilitates the setup, hosting, and operation of
+custom Bonfire instances (the first FOSS application to be integrated in the
+open dashboard). Agile development methodologies, including iterative design
+and development cycles, will be employed to ensure a user-centric approach and
+to allow for continuous feedback and improvement.
+
+- Case Studies:
+
+Detailed case studies of relevant initiatives will be conducted to glean
+insights into best practices, challenges, and success factors. Comparative
+analysis will help in understanding the potential impact and sustainability of
+the proposed ecosystem. We already have communities willing to participate in
+these case studies, that span from citizen science projects
+(https://niboe.info), hacker spaces (https://www.facebook.com/Zer081),
+bioregional communities (driftless area), and more...
+
+- Economic Modeling:
+
+Economic modeling will be employed to devise a transparent value equation for
+revenue distribution among stakeholders. This will also involve exploring
+sustainable funding models that ensure the longevity and resilience of the
+proposed ecosystem. We will make use of the ValueFlows protocol to test several
+value equations: https://www.valueflo.ws/algorithms/equations/
+
+- Policy and Legal Analysis:
+
+An examination of the policy and legal frameworks that could impact, or be
+impacted by, the proposed ecosystem will be conducted. This includes analyzing
+data privacy laws, open-source licensing, and cooperative economic regulations.
+
+- Dissemination and Feedback:
+
+Sharing the findings and prototypes with the broader community through various
+channels including conferences, blog posts, social media, and project websites
+for feedback and further refinement.
+
+## What data or other resources will you use to answer the question? (500 words)
+
+- Domain Experts and Stakeholder Interviews:
+
+Insights from domain experts in FLOSS development, digital co-operatives,
+hosting solutions, and decentralized digital infrastructures. Interviews with
+stakeholders including developers, hosting providers, and potential users of
+the proposed ecosystem.
+
+- Economic Models and Financial Data:
+
+Economic models pertinent to revenue distribution, funding, and sustainability
+of open cooperative ecosystems. Financial data of similar initiatives to
+understand their economic sustainability and impact.
+
+- Legal and Policy Documents:
+
+Legal documents, open-source licenses, and policy frameworks relevant to data
+privacy, digital rights, and co-operative economic structures.
+
+- Technical Documentation:
+
+Technical documentation of Bonfire, Co-op Cloud, and other open-source projects
+pertinent to the research. Documentation on protocols, standards, and best
+practices in FLOSS development, hosting, and support.
+
+- Open Source Software Repositories:
+
+Access to open-source software repositories to study existing solutions,
+libraries, and frameworks that could be leveraged for the technical development
+of the proposed ecosystem.
+
+- Prototyping Tools and Development Platforms:
+
+Utilization of prototyping tools and development platforms for designing,
+developing, and testing the integrated dashboard and associated features.
+
+## If applicable: What is the research finding that you are moving into practice? (500 words)
+
+The findings we are acting upon highlight the pressing necessity for a digital
+ecosystem that prioritizes sustainability, decentralization, and cooperation
+while advancing open-source software development, hosting, support, and
+funding.
+
+Existing research and case studies have highlighted the challenges posed by the
+large centralized and profit-driven digital platforms, which often compromise
+data privacy, inclusivity, and the democratic ethos of the digital realm.
+
+Noteworthy findings from prior researches that underpin our project include:
+
+- Co-operative Ecosystems:
+
+Research on co-operative models -- notably "Proposal for a Cooperative Model
+for Digital Infrastructure and Recommendations to Adopt It" by Tierra Comun in
+2022 -- has revealed the potential for fostering sustainable and equitable
+digital ecosystems. Co-operative structures, grounded in principles of
+mutualism and collective governance, have shown promise in promoting economic
+sustainability and community-centric development.
+
+- Need for Decentralization:
+
+Studies have underscored the benefits of decentralized digital infrastructures
+in promoting data sovereignty, reducing censorship, and fostering innovation
+through open standards and interoperability as well as ("Accounting and Billing
+for Federated Cloud Infrastructures", Elmroth et al., 2009 Eighth International
+Conference on Grid and Cooperative Computing) the specific challenges in
+tracking and distributing financial costs across these decentralized networks.
+
+- Open Source as a Public Good:
+
+The literature has extensively documented the value of FLOSS as a public good,
+which can drive down costs, promote technical innovation, and foster a shared
+digital commons.
+
+- Challenges in FLOSS Sustainability:
+
+Several reports (e.g. "Roads and Bridges: The Unseen Labor Behind Our Digital
+Infrastructure", Nadia Eghbal, "The labor of maintaining and scaling free and
+open-source software projects", Geiger et al, Proceedings of the ACM on
+human-computer interaction 5.CSCW1, and "The coproduction of open source
+software by volunteers and big tech firms", O'Neil et al., News and Media
+Research Centre, 2021) have highlighted the challenges in sustaining open
+source projects, often due to lack of funding, technical support, and a viable
+economic model.
+
+- User-Centric Design:
+
+The importance of user-centric design in the development of digital platforms
+to ensure accessibility, usability, and adoption has been well-documented.
+
+- Community Engagement:
+
+Engaging communities in design, development, and governance of platforms has
+been found to promote inclusivity, trust, and long-term sustainability.
+
+Moving these findings into practice, our proposal outlines a collaborative
+endeavor between Bonfire and Co-op Cloud to develop an integrated open
+dashboard that automates the setup, hosting, and operation of custom Bonfire
+instances.
+
+Practical implementations include:
+
+- Developing a technical infrastructure that facilitates decentralized hosting
+  and operation of digital platforms, reducing reliance on centralized
+  entities.
+
+- Establishing a co-operative economic model to ensure the financial
+  sustainability of the ecosystem, based on a transparent value equation for
+  revenue distribution among stakeholders.
+
+- Engaging the community and potential users in the design and development
+  process to ensure the ecosystem meets their needs and preferences.
+
+- Fostering a collaborative environment where developers, hosting providers,
+  and users can mutually benefit from the shared digital infrastructure.
+
+- Implementing user-centric design principles to ensure the accessibility and
+  usability of the open dashboard, thus promoting broader adoption.
+
+- Disseminating the developed prototypes and findings to the broader community
+  for feedback, further refinement, and adoption.
+
+## What is the specific context / project / community that will be targeted with your research or its implementation - and why is it needed? (600 words)
+
+RESEARCH (Phase 1):
+
+A study on "Understanding the Open Infrastructure Ecosystem, with a Focus on
+Federation," will set about comprehensively exploring practices and challenges
+within the Federated ("Fediverse") and FOSS communities, It will investigate
+co-design and development, documentation and onboarding, hosting,
+configuration, maintenance, tech support, continuous integration, deployment
+and upgrades, backups, community feedback and bug reporting, and governance.
+
+This vital research addresses the centralization and monopolization of
+platforms, barriers to entry, sustainability challenges, community empowerment,
+knowledge sharing, and resilience and longevity of FOSS projects, to provide a
+holistic understanding of the open infrastructure ecosystem.
+
+We hope to identify common challenges faced by these communities, exploring
+motivations for contributing or maintaining infrastructure, uncovering best
+practices and potential solutions.
+
+IMPLEMENTATION (Phase 2):
+
+This above study will inform the development of a federated and cooperative
+hosting ecosystem, helping to better align with the specific needs of instance
+administrators, app maintainers and FOSS contributors. By initially focusing on
+federated platforms and progresstively expanding to the broader ecosystem of
+open infrastructure, the ecosystem can foster collaboration, enhance community
+support, and contribute to the overall growth and sustainability of the
+Fediverse and FOSS communities.
+
+The implementation will start with Co-op Cloud, a software stack that
+simplifies the hosting of FOSS applications, and Bonfire, a federated social
+networking toolkit. These projects represent a microcosm of the broader open
+source and cooperative ecosystem, and can serve as the initial building blocks
+for user-friendly solutions and transparent, cooperative economic models,
+ensuring accessibility and autonomy for all users.
+
+This phase serves as a pragmatic step towards addressing identified needs, like
+reducing technical barriers, fostering sustainability, and empowering
+communities. It embodies a proactive shift towards a more decentralized,
+cooperative, and equitable digital landscape, in response to the pressing
+challenges and unmet needs within the FLOSS community and the broader digital
+realm, and actively combats the issues of centralization, data control, and
+sustainable revenue models, benefiting open source projects and communities
+alike.
+
+The integration of Bonfire and Co-op Cloud via a user-friendly dashboard will
+significantly lower the technical barrier to entry, allowing a broader spectrum
+of users to set up, host, and operate their own instances. Engaging their
+communities, as well as the broader FLOSS community, in the design,
+development, and governance of the proposed ecosystem to ensure it meets the
+diverse needs and preferences of its stakeholders.
+
+We'll also craft transparent value equations and economic models to foster a
+sustainable, co-operative economic ecosystem where revenues are fairly
+distributed among developers, hosting providers, and others.
+
+DISSEMINATION (Phase 3):
+
+Research findings will be compiled into a comprehensive report, offering
+valuable insights to guide the evolution of the hosting ecosystem and
+contribute to the knowledge base of open infrastructure practices and
+challenges. This knowledge will be shared with the FOSS community and beyond,
+promoting wider dialogue, feedback, and collaboration. This approach aligns
+with the need for alternative economic models, transparency, and equitable
+value distribution, and addresses the challenges of the current digital
+landscape by advocating for decentralized, cooperative, and equitable
+alternatives.
+
+## Please summarize your proposed work and the key activities that you will undertake (500 words)
+
+- Resarch study:
+
+A study "Understanding the Open Infrastructure Ecosystem, with a Focus on
+Federation" will be conducted as detailed above.
+
+- Federation design & development:
+
+We'll write an ecosystem federation proposal and resources to help others build
+their own. A "start your federation cookbook" with analysis from a technical,
+economic, legal, and governance perspective.
+
+- Pilots:
+
+We will work with several pilot users and organisations to provide feedback and
+test our designs and solutions at every stage of the process. The various
+pilots will help co-designing and test the open dashboard, by setupping custom
+bonfire instances
+
+- Capacity building and Architecture of Participation:
+
+The capacity building activity will discover together with pilots and
+participants how to draft a good governance and economic model to make all of
+this work nicely.
+
+- Protocol and platform integration:
+
+Defining libre, reusable methods and systems for automatic DNS (across various
+domain name registrars / DNS hosts) and server hosting provisioning (using e.g.
+https://capsul.org), automated software installation and updates (using Co-op
+Cloud's command-line tool Abra: https://docs.coopcloud.tech/abra/), backup and
+data migrations (e.g. using http://tahoe-lafs.org/), user resource usage
+measurement, payment integration, and dashboard UIs.
+
+- Dissemination and communication:
+
+This activity will focus on communicating with the world about our work, and
+disseminate project outcomes and results through various channels, including
+articles, conferences, social media, and project websites.
+
+All the code produced will be documented, and publicly available with an open
+source license. We will continue our outreach through our respective activity
+on federated social media platforms including Bonfire itself, Mastodon,
+Scuttlebutt, and Matrix.
+
+## What partnerships and programs are critical to this work and how do you envision outreach activities? (400 words)
+
+The proposed integration of Bonfire and Co-op Cloud is significantly enriched
+by forming strategic partnerships with key entities in the open-source and
+cooperative digital ecosystem. Here's how these partnerships are critical and
+the envisioned outreach activities:
+
+- Co-op Cloud Federation: partnership significance: Co-op Cloud Federation is
+  crucial for implementing the hosting and management of FOSS apps. This
+  partnership brings in vital technical expertise, hosting solutions, and the
+  potential for scaling the initiative across a federated network of service
+  providers. Outreach: Promoting the integrated solution through Co-op Cloud's
+  federated network, collaborating on joint marketing campaigns, and leveraging
+  the federation's channels to spread awareness and drive adoption.
+
+- Bonfire Networks: partnership significance: Bonfire Networks provides the
+  foundational social networking toolkit that will be integrated with Co-op
+  Cloud. This partnership ensures technical synergy and collaborative
+  development, fostering an environment conducive to innovation and
+  user-centric design. Outreach: Engaging the existing community around Bonfire
+  Networks in workshops, webinars, and forums to introduce the integrated
+  solution, gather feedback, and foster active participation in its development
+  and utilization.
+
+- Servers Co-op: partnership Significance: Servers.coop can play a key role as
+  a hosting provider within the ecosystem, offering reliable and cooperative
+  hosting solutions to users. Their involvement can help establish a network of
+  trustworthy hosting providers committed to cooperative principles. Outreach:
+  Joint campaigns promoting the benefits of cooperative hosting, showcasing
+  success stories, and educating communities on the advantages of
+  decentralized, cooperative digital infrastructures.
+
+- Co-operative Computer: partnership Significance: Cooperative Computer can
+  provide valuable insights, technical expertise, and support in promoting
+  cooperative digital practices. This partnership can foster a shared learning
+  environment and potentially lead to collaborative projects enhancing the
+  integrated solution and actively participating in the open coop ecosystem.
+  Outreach: Hosting joint educational events, technical workshops, and online
+  discussions to explore cooperative computing models and their application in
+  the proposed ecosystem.
+
+## What is your vision of success and what impact might it have? (400 words)
+
+The vision of success for this initiative revolves around the establishment of
+a self-sustaining, decentralized, and co-operative digital ecosystem that
+significantly enhances the accessibility, usability, and economic
+sustainability of FLOSS for all stakeholders.
+
+The following are the key indicators of success and the potential impact of
+this initiative:
+
+- Ease of Access and Usability:
+
+A successful implementation of the integrated dashboard that simplifies the
+setup, hosting, and management of Bonfire instances, enabling a broader
+spectrum of users, including those with limited technical skills, to leverage
+FLOSS solutions effortlessly and in a trusted ecosystem.
+
+- Economic Sustainability:
+
+Establishment of a transparent and equitable economic model that ensures fair
+revenue distribution among developers, hosting providers, and other
+stakeholders, fostering financial sustainability and continued growth of the
+Bonfire and Co-op Cloud ecosystems.
+
+- Community Engagement and Governance:
+
+Active engagement of the community in the decision-making processes,
+development, and governance of the ecosystem, reflecting a vibrant,
+participatory, and democratic digital co-operative environment.
+
+- Increased Adoption and Experimentation:
+
+A noticeable increase in the adoption of Bonfire and Co-op Cloud solutions,
+alongside a proliferation of innovative projects and experiments emanating from
+the co-operative ecosystem, contributing to a richer and more diverse digital
+commons.
+
+- Knowledge Sharing and Collaboration:
+
+A thriving culture of knowledge sharing, collaborative development, and mutual
+support within the ecosystem, facilitating continuous learning, innovation, and
+problem-solving.
+
+- Resilience and Longevity:
+
+Demonstrated resilience of the co-operative digital ecosystem to evolving
+economic, technical, and social challenges, ensuring its longevity and ongoing
+relevance.
+
+- Dissemination and Replication:
+
+Effective dissemination of the insights, learnings, and models developed
+through this initiative to the broader FLOSS community, encouraging replication
+and adaptation of the co-operative model in other contexts.
+
+In a broader sense, the success of this initiative could significantly
+contribute to the reimagining and reshaping of the digital landscape in
+alignment with the principles of openness, co-operation, and community-centric
+development, echoing the core values and aspirations of the FLOSS community.
+
+## Tell us more about the project team and collaborators (500 words)
+
+The project is a multi-team effort between different stakeholders in the FLOSS
+ecosystem. The project will be developed by a collaboration between two
+projects: Bonfire and Co-op Cloud.
+
+* Bonfire (https://bonfirenetworks.org) is an extensible open source federated
+  social networking toolkit, that empowers communities easily configure their
+  spaces from the ground up, according to a variety of needs and visions.
+  Bonfire envisions a web of independent but interconnected social networks
+  (using a wide definition, since we consider the social compoments of
+  activities in the economic, educational, and political spheres as well) -
+  able to speak and transfer information among each other, according to their
+  own boundaries and preferences.
+
+* Co-op Cloud (https://coopcloud.tech/) is federation of democratic collectives
+  (including worker-owned co-operatives, an international radical art
+  collective, a labor union, and representatives from FLOSS software projects).
+  The federation is centred around a software stack that aims to make hosting
+  libre software applications simpler, aimed at organisations wanting to manage
+  their own infrastracture, as well as small service providers such as tech
+  co-operatives who are looking to standardise around an open, transparent and
+  scalable infrastructure -- but is also developing as community of practice
+  around these themes, beyond the specific technology stack.
+
+## In which cost tier do you expect this work to sit?
+
+- [ ] Between 50 and 75
+- [ ] Between 75 and 100
+- [x] Between 100 and 125
+
+## How many months do you expect this work to take?
+
+- 12 months
+- more than 12 months (exception goes up to 18 months for part-time projects)
+
+## Extras
+
+### Research links
+
+* https://apo.org.au/node/312607 - O’Neil, Mathieu, et al. The coproduction of open source software by volunteers and big tech firms. News and Media Research Centre, 2021.
+
+* https://dl.acm.org/doi/10.1145/3449249 - Geiger, R. Stuart, Dorothy Howard, and Lilly Irani. "The labor of maintaining and scaling free and open-source software projects." Proceedings of the ACM on human-computer interaction 5.CSCW1 (2021): 1-28.
+
+* https://www.fordfoundation.org/wp-content/uploads/2020/12/regional-foss-communities_final-report_ahossain-1.pdf - Hossain, Anushah. "Regional Open Source Software Communities: The View From Dhaka, Bangladesh." (2021).
+
+* https://digitalinfrastructure.fund/projects/cooperative-model-for-digital-infrastructure/ - Tierra Comun, Mexico, 2022
+
+* https://ieeexplore.ieee.org/abstract/document/5279594 - E. Elmroth, F. G. Marquez, D. Henriksson and D. P. Ferrera, "Accounting and Billing for Federated Cloud Infrastructures," 2009 Eighth International Conference on Grid and Cooperative Computing, Lanzhou, China, 2009
+
+* https://ieeexplore.ieee.org/abstract/document/7523331 - K. Chard and K. Bubendorfer, "Co-Operative Resource Allocation: Building an Open Cloud Market Using Shared Infrastructure," in IEEE Transactions on Cloud Computing, 2019
+
+* https://ieeexplore.ieee.org/abstract/document/6253530 - F. Paraiso, N. Haderer, P. Merle, R. Rouvoy and L. Seinturier, "A Federated Multi-cloud PaaS Infrastructure," 2012 IEEE Fifth International Conference on Cloud Computing, Honolulu, HI, USA, 2012
+
+* https://www.proquest.com/openview/d0bb1812450db201b4b67c84eca8cc50/1?pq-origsite=gscholar&cbl=18750&diss=y - Amini, Lisa D. "Models and algorithms for resource management in distributed computing cooperatives," Columbia University, 2004
+
+* https://hal.science/hal-03177060/document - Sébastien Broca, Laura Aufrère, Philippe Eynaud, Cynthia Srnec et Corinne Vercher-Chaptal, "Framasoft : de la plateforme à l’archipel", 2021

docs/organisers/funding-applications/index.md

@@ -0,0 +1,3 @@
+---
+title: Funding applications
+---

docs/organisers/funding-applications/private-funder.md

@@ -0,0 +1,80 @@
+---
+title: Private funder
+---
+
+# Private funder
+
+> Status: **accepted**
+
+## Project Title
+
+Co-op Cloud Federation & abra critical bug fixes
+
+## Explain the project and its expected outcome(s).
+
+We are requesting support to tackle two important tasks in Co-op Cloud, to improve the project’s long-term sustainability:
+
+* Formalising, and publicly launching the “Co-op Cloud Federation”,
+* Fixing critical usability issues in abra which are hindering further adoption.
+
+### The Federation
+In April 2022, we announced our proposal for how the Co-op Cloud federation could function:
+
+* [Public announcement blogpost](https://coopcloud.tech/blog/federation-proposal/)
+* [Actual proposal text](https://pad.autonomic.zone/s/MLafJE2jC#)
+
+We’ve gathered feedback from community members and are ready to take the proposal forward. This period of feedback gathering went beyond our [ECF Culture of Solidarity funding timeline](https://culturalfoundation.eu/stories/culture-of-solidarity-fund/), so we are happy to receive support to finalise it now.
+
+This will mean formalising our decision-making structure, clarifying membership in the federation and helping lay the foundations for economic self-sufficiency through agreed membership and user group fees.
+
+We propose a series of meetings with active community members to achieve this.
+
+### Critical abra bug fixes
+We have identified a few bugs in theabra commandline tool that, once sorted, will greatly improve adoption of Co-op Cloud. This support will help us fix these bugs which takes us one step closer to a stable 1.0 release.
+
+* Making  abra resilient to outages in git.coopcloud.tech and the machine-readable `recipes.coopcloud.tech/recipes.json` (issue `#292`)
+
+* Supporting language translations for the Co-op Cloud website and documentation (issue `coop-cloud/organising#74`)
+
+* Bringing per-recipe documentation up-to-date with the latest abra syntax (issue `coop-cloud/organising#356`)
+
+* Solidifying the machine-readable `recipes.coopcloud.tech/recipes.json` deployment (issue `coop-cloud/recipes-catalogue-json#3`)
+
+* Making some usability tweaks to abra’s interface (issue `coop-cloud/organising#335` and issue `coop-cloud/organising#308)`
+
+* Stabilising how abra interacts with SSH (issue `coop-cloud/organising#345`)
+
+## Requested Amount
+
+* 9,240 GBP
+
+## Explain what the requested budget will be used for?
+
+* Participation of all members at a series of meetings to discuss the proposal
+    * 60 GBP * 1 member from 8 member collectives * 6 hrs (3 meetings, 2 hr a meet) = 2880GBP
+
+* Paying wages for 5 Autonomic members to collect feedback, amend the proposal & publish it
+    * 60 GBP * 5 members * 6 hrs = 1800GBP (collective meets)
+    * 60 GBP * 5 members * 4 hrs  = 1200GBP (internal meets)
+    * 60 GBP * 1 member * 5 hrs = 300GBP (finance admin)
+
+* Paying wages for 3 external contributors helping in the process (bug fix, writing, etc)
+    * 60 GBP * 3 members * 5 hrs = 900GBP
+
+* Implementing the proposal: 3 months of admin time until which point we have enough members to support ongoing admin costs
+    * 60 GBP * 1 member * 2 hrs * 3 months = 360 GBP
+
+* abra critical usability fixes
+    * 60 GBP * 2 members * 15 hrs = 1800 GBP
+
+## What are significant challenges you expect to face?
+
+Designing and settling on a format for the federation will be our main challenge. We expect that working together within a diversity of co-operatives and group members will present a spectrum of opinions on how the federation ought to function. Finding common ground amongst ourselves may pose a challenge. Finding a sufficient number of members for a functioning federation may be difficult.
+
+While we all have a lot of experience with group decision-making through our involvement in Autonomic and other multi-stakeholder co-operatives, it could be a challenge to settle on a decision making system.
+
+# Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes?
+
+Several collectives are using Co-op Cloud as their preferred hosting method for example [Bonfire](https://bonfirenetworks.org/) and [Local-IT](https://local-it.org/) (see "Co-op Cloud “The Organisation”" on [The Co-op Cloud Public Beta](https://coopcloud.tech/blog/beta-release/) for the full list of participants).
+
+We have over 500 followers on [Mastodon](https://social.coop/@coopcloud/), but our primary communication and recruitment relies on word of mouth, and people inviting each other to our Matrix channel. The community members have already [written](https://cgalo.dev/pages/from-coop-cloud-to-plain-docker-swarm/) [articles](https://gnulinux.ch/selfhosting-mit-co-op-cloud-und-abra) about Co-op Cloud and we expect this to happen again.

docs/organisers/funding-applications/sovereign-tech-fund.md

@@ -0,0 +1,105 @@
+---
+title: Sovereign Tech Fund
+---
+
+# Sovereign Tech Fund
+
+> Status: **rejected**
+
+## Project title
+
+Critical fixes & enhancements for Abra, the Co-op Cloud command-line interface
+
+## Describe your project in a sentence.
+
+Abra is the flagship command-line interface for Co-op Cloud, built to support the day-to-day workflow of deployment operators and recipe (app configuration) maintainers.
+
+## Describe your project more in-depth. Why is it critical?
+
+The core technical work of the Co-op Cloud project involves democratic tech collectives hosting open source apps on self-managed servers. These apps empower digital sovereignty for members of our own collectives, and the wider community of partners, allies and clients for whom we operate these privacy-preserving, commons-based services. This is vital at a time of increasing surveillance predation and centralisation by "Big Tech" firms – including widespread regulatory capture – but also as public awareness of these issues grows, to facilitate concrete and meaningful action.
+
+Day-to-day operation of Co-op Cloud uses the "Abra"command-line interface to interact with the app packaging & maintenance ecosystem, run app deployments and support long-term app maintenance (backup, restore, monitoring, etc.).
+
+Since the Beta launch of Co-op Cloud in May 2022, we've formed a federation with 10 founding members, 2 of which run large-scale deployments (100+ apps in production) managed using Abra. Each open source app requires maintaining a shared app configuration ("recipe") using Abra, collectivising the federation members' experience into the digital commons.
+
+Abra is a critical infrastructural resource because operators and recipe maintainers rely on it to do their work, share their work and operate and maintain their Co-op Cloud deployments and recipes. Abra is increasingly being relied upon for daily operations by more democratic tech collectives as the Co-op Cloud project scales up membership.
+
+## Link to project repository
+
+[`git.coopcloud.tech/coop-cloud/abra`](https://git.coopcloud.tech/coop-cloud/abra)
+
+## Link to project website
+
+[`coopcloud.tech`](https://coopcloud.tech)
+
+## Please provide a brief overview over your project’s own dependencies.
+
+The design of Abra is based on the idea of wrapping existing APIs and interfaces to provide a more convenient and efficient workflow for operators and maintainers. In this way, Abra relies directly on integrations with core Linux tooling such as Docker, Git and SSH.
+
+Abra relies primarily on interacting with the Docker Engine APIs using the Go programming language, in order to interact and control container runtimes on the self-managed servers. Abra speaks directly to the Docker daemon on the server using those APIs. Abra also relies on several non-public APIs from Docker and Mobdy related packages.
+
+Abra provides [library APIs for clients](https://pkg.go.dev/coopcloud.tech/abra) which are currently available for experimental use. Tools such as [Kadabra](https://docs.coopcloud.tech/operators/tutorial/#automatic-upgrades) consume the Abra API in order to provide server-side automation, e.g. automatic upgrades. Furthermore, [cctuip](https://git.coopcloud.tech/decentral1se/cctuip), a prototype text-based user interface for operators also consumes the Abra APIs.
+
+Both Kadabra and cctuip are being developed by members of the Co-op Cloud federation. Both tools are actively being used, tested and developed within the context of production deployments.
+
+Abra relies on self-hosted Gitea (code hosting) & Drone (continuous integration / continuous deployment) systems to provide binary builds and release automation.
+
+Operators and maintainers who rely on Abra for daily operations are as follows:
+
+- [Autonomic co-operative](https://autonomic.zone)
+- [Local-IT](https://local-it.org/)
+- [Solisoft](https://solisoft.top)
+- [Flancia](https://flancia.org/)
+- [Social.coop](https://social.coop)
+- [Bonfire](https://bonfirenetworks.org/)
+- [ruangrupa](https://documenta-fifteen.de/en/lumbung-space/)
+- [UTAW](https://utaw.tech/about/)
+- [Kotec co-operative](https://kotec.space/)
+
+## Which target groups does your project address (who are its users?) and how do they benefit from the funding (directly and indirectly)?
+
+The intended public of the Co-op Cloud project are established democratic tech collectives, such as technology co-operatives, who are already involved in public service providing. This focus allows us to situate our work within the specific requirements of this community, of which we are also a member.
+
+Collectives would immediately benefit from the funding of critical fixes and enhancements in Abra: the fixes and enhancements listed in this proposal are generated through our bug reports, discussions and proposals for change. Receiving funding to proceed with this work will bring the exact changes required to improve the day-to-day operations and maintenance of the Co-op Cloud technical community.
+
+Collectives face issues of scale when trying to achieve financial sustainability. As a consequence of Big Tech, end-users are accustomed to receive services for free or at very little charge. Small service providers need to scale out usership to make ends meet, which brings the risk of becoming overwhelmed with maintenance tasks, e.g. responsibility to backup data correctly across several apps/servers/groups.
+
+Tools such as Abra play a key role in reducing the maintenance burden and expanding collaboration within the responsible collectives, because it is designed to do so by the community itself. In this sense, an improved and stable Abra increases the chances that end-users receive a stable and reliable service, which in turn helps with further outreach to grow the number of users benefiting from privacy-preserving, user-friendly, and community-directed software systems.
+
+## How was the work on the project made possible so far (structurally, financially, including volunteer work)? If applicable, list others sources of funding that you applied for and/or received.
+
+Co-op Cloud, including Abra, was initiated by members of [Autonomic Co-operative](https://autonomic.zone/blog/2021/03/the-co-operative-cloud/) – initially on a volunteer basis, and then financially compensated from Autonomic's revenue once Abra reached an initial alpha release, including nominal back-pay for the volunteer work.
+
+Shortly afterwards, Co-op Cloud received 32,986 EUR in funding from the [European Cultural Foundation](https://culturalfoundation.eu/stories/cosround4-autonomic-co-operative) to bring the project to public beta, and more widespread adoption by tech collectives. Autonomic Co-operative, who applied for the funding and continued to manage Co-op Cloud & Abra development during this period, helped distribute this funding to community members, to help avoid the frequent reliance of commons technology projects on volunteer labour.
+
+Following the public beta launch, the project received 10,000 GBP in funding from a private donor to support the launch of the Co-op Cloud Federation, a nascent multi-stakeholder co-operative modelled after the [CoopCycle model](https://coopcycle.org/en/federation/).
+
+We also applied for the [NLNet User-Operated Internet Fund](https://nlnet.nl/useroperated/) for funding to work on an web-based operator interface but were unsuccesful.
+
+Currently, the project's main sources of funding is the membership dues of 10 federation members who pay 10 GBP / month to the federation common fund, and the ~5000 EUR left over from the private donation.
+
+## What do you plan to implement with the support from STF?
+
+The Co-op Cloud project is reaching a point where a significant number of democratic tech collectives rely on Abra for daily operations of their large scale production deployments.
+
+This brings new technical challenges in two directions.
+
+The first is handling the increase in bug reports. The challenge here is the increasing scale, diversity and collective triage and discussion required to fix the bugs. We're seeing that these new fixes must be nuanced in their implementation and aware of diverse needs of operators/maintainers. This can often result in democratic decision-making to achieve consensus on a fix that is agreeable to those involved.
+
+The second is a new challenge in which we must implement larger scale enhancements in Abra. We're seeing changing workflows, new approaches to deployments and discussion which result in proposals for significant changes in Abra. These changes often risk major disruption in workflows, e.g. for the app maintainer ecosystem and require a period of consensus building and democratic decision making around a proposal. Furthermore, the deployment of these changes typically require a pre-release and early adopter testing phase before rolling them out fully in a new release of Abra.
+
+We currently categorise these two development trajectories under the following project boards:
+
+* [Critical fixes (15 tickets at time of writing)](https://git.coopcloud.tech/coop-cloud/organising/projects/24)
+
+* [Medium/large enhancements (15 tickets at time of writing)](https://git.coopcloud.tech/coop-cloud/organising/projects/25)
+
+Abra has proven itself as a resilient toolset over 3 years of development and adoption. However, with the increase in scope of fixes and proposals for large scale changes, is at risk of falling behind and at worst, becoming an obstacle to day-to-day operations as the ecosystem of open source infrastructure management continues to change.
+
+With the support of STF we can ensure the continued resilience of the project by implementing the fixes and changes generated by the Co-op Cloud community of operators and maintainers.
+
+## Who (maintainer, contributor, organization) would be most qualified to implement this work/receive the support and why?
+
+Abra currently has 7 maintainers who work infrequently on Abra alongside their existing responsibilities in their own tech collectives. 2 of these developers have been involved in the first implementation of Abra, including the original Bash implementation. 4 tech collectives are represented in this development team.
+
+We believe we have the expertise within the existing maintenance team to carry out the proposed changes in Abra. In our estimations, we expect that 2 developers can engage significantly in Abra development on a more dedicated basis over the course of 8 months.

docs/organisers/funding-applications/user-operated-internet.md

@@ -0,0 +1,91 @@
+---
+title: User-Operated Internet Fund
+---
+
+# User-Operated Internet Fund
+
+> Status: **rejected** ([Link to open call](https://nlnet.nl/useroperated/))
+
+## Questions
+
+> Please be short and to the point in your answers; focus primarily on the what and how, not so much on the why. Add longer descriptions as attachments (see below). If English isn't your first language, don't worry - our reviewers don't care about spelling errors, only about great ideas. We apologise for the inconvenience of having to submit in English. On the up side, you can be as technical as you need to be (but you don't have to). Do stay concrete. Use plain text in your reply only, if you need any HTML to make your point please include this as attachment.
+
+### 1. Abstract: Can you explain the whole project and its expected outcome(s). (1200 chars)
+
+We're seeking financial support to build a web interface for [The Co-operative Cloud](https://coopcloud.tech), an open platform for public interest infrastructure. This will allow us to accelerate our plans to bring Co-op Cloud to end users, expanding the model from community hosting to self-hosting.
+
+The command-line version of Co-op Cloud is already helping empower democratic collectives to run their own applications securely and reliably -- from file-sharing to broadcasting to real-time chat. We released the CLI in alpha form in March 2021, and we're currently working towards a beta release in November 2022.
+
+Our current plan is to develop a web interface within the next 3-5 years, using income from providing managed Co-op Cloud hosting, to remove the requirement to be familiar with a shell prompt, and provide an open version of the "one click apps" available with some corporate providers.
+
+### 2. Have you been involved with projects or organisations relevant to this project before? And if so, can you tell us a bit about your contributions? (??)
+
+We have participated in the [Yunohost](https://yunohost.org) and [Librehosters](https://libreho.st) projects, which aim to address some of the same challenges as Co-op Cloud, and our experiences with those organisations informed our design. More broadly than those very similar projects, we have also contributed to libre software applications like Discourse, Drupal and Peertube, and we're helping with community stewardship of the Mailu libre email project.
+
+### 3. Requested Amount (5000 to 50,000 EUR)
+
+46,000
+
+### 3A. Explain what the requested budget will be used for?
+
+- Brand design, UI research & design: 10%
+- UX testing: 5%
+- Software architecture and implementation: 40%
+- Project management: 10%
+- Community engagement & outreach: 5%
+- Security audit & bug bounties: 20%
+- Language translations: 10%
+
+### 3B. Does the project have other funding sources, both past and present?
+
+We are currently receiving funding from the European Culture of Solidarity Foundation under the "Infodemic" call, to build the beta version of the Co-op Cloud platform, €31,000 in total from July 2021 - November 2022.
+
+Beyond our grant funding, and support in terms of time and technical resources from Autonomic Co-operative, Co-op Cloud is also supported by 11 co-funding partner organisations who are now running some or all of their technology infrastructure using the platform: [ruangrupa](https://ruangrupa.id) -- curators of the upcoming ["documenta fifteen" event](https://www.documenta.de/en/documenta-fifteen/#) -- [WASHNote](https://washnote.com), [Social Media Analysis Toolkit (SMAT)](https://www.smat-app.com), [Neuronic Games](https://www.neuronicgames.com), [Third Sector Accountancy](https://www.thirdsectoraccountancy.coop), [Biobulkbende](https://biobulkbende.org), [Anarchy Rules](https://anarchyrules.info), [Fashion Revolution](https://fashionrevolution.org), the [Industrial Workers of the World](https://iww.org.uk), [Shaping Our Lives](https://www.shapingourlives.org.uk/) and [United Tech and Allied Workers](https://utaw.tech).
+
+### 4. Compare your own project with existing or historical efforts. (eg what is new, more thorough, or otherwise different)
+
+We maintain an ongoing analysis of Co-op Cloud compared to other options in the [Co-op Cloud documentation](https://docs.coopcloud.tech/faq/#what-about-alternative).
+
+Overall, Co-op Cloud has architectural and organisational advantages over existing libre options like Yunohost and [Caprover](https://caprover.com), and our open governance and libre licencing make Co-op Cloud a better long-term, pro-social choice than proprietary platforms like [Cloudron](https://cloudron.io). Versus options like [Ansible](https://ansible.com) or [Kubernetes](https://kubernetes.io), Co-op Cloud aims to be usable by less-technical users, to reduce their reliance on third parties to manage their data and tools.
+
+### 5. What are significant technical challenges you expect to solve during the project, if any?
+
+The main challenge that we aim to overcome in building this web application is making some of the complex concepts around self-hosting accessibile to non-technical users, simplifying and automating DNS, backups, application updates, and updates of the Co-op Cloud web application itself.
+
+A key secondary technical challenge will be ensuring up-to-date, high-quality translations, which we plan to achieve by closely integrating Weblate with our code and documentation management systems.
+
+Another goal is to ensure the web application is resource-efficient, while remaining delightful to use, to maximise the range of hardware that it can be used on.
+
+Lastly, we hope to continue the project of user education around the concept of data sovereignty, as well as provide the technical tools to help people migrate away from, and stay away from, big-tech surveillance.
+
+In terms of technical risks in the project, we see:
+
+- security (mitigated by an in-depth security review before launch, and the going bug bounty program)
+- configuration management (mitigated by using the existing git-based configuration management system from Co-op Cloud's command-line interface)
+- support (mitigated by continuing to grow the Co-op Cloud community, to maximise the opportunity for peer assistance)
+
+### 6. Describe the ecosystem of the project, and how you will engage with relevant actors and promote the outcomes? (Eg which actors will you involve? Who should deploy or run your solution to make it a success?)
+
+We plan to build on our existing, successful, outreach strategy throughout our networks. We will make use of:
+
+.. forums such as [CoTech](https://community.coops.tech, 581 members) and [International Co-operative Alliance](https://patio.ica.coop, 250 members) to make the project visible for technology co-operatives. Estimated 861 technology co-operative members, representing over 100 different co-operatives.
+
+.. the [CHATONS](https://chatons.org, 70 members) and [Librehosters](https://libreho.st, 21 members) networks to maximise our reach amongst democratic technology collectives based in Europe. Estimated 91 collectives.
+
+.. Cyberia Computer Club, an international network with whom we've already collaborated on integrations between their software and Co-op Cloud. Approximately 260 people.
+
+.. both [traditional](https://twitter.com/autonomiccoop, 220 followers) and [alternative social media](https://sunbeam.city/@autonomic, 119 followers) to reach open source developers and other wider comunity members. Estimated 339 followers.
+
+.. our own [co-operative website](https://autonomic.zone), which is visited by a wide range of potential clients, partners, and members. Estimated 1,000 visitors / month.
+
+.. our self-hosted Matrix channel for [Co-op Cloud](#coop-cloud:autonomic.zone). 44 members (and growing), including representatives of some international organisations.
+
+.. our personal relationships with democratic technologists internationally, including in Pakistan, India, Brazil, Canada, Spain, the USA, and others. Estimated ~50 unique contacts.
+
+Our goal would be to see at least 3 other democratic collectives, from anywhere within these networks, using Co-op Cloud by the time of the launch of the beta web application, and to see a further 20 people join our Matrix chat as individual users. We also hope to see at least one strategic alliance with an initiative like Freedombox, or Cyberia's Greenhouse, to integrate Co-op Cloud with other efforts to improve the self-hosting landscape.
+
+### Attachments
+
+Attachments: add any additional information about the project that may help us to gain more insight into the proposed effort, for instance a more detailed task description, a justification of costs or relevant endorsements. Attachments should only contain background information, please make sure that the proposal without attachments is self-contained and concise. Don't waste too much time on this. Really.
+
+We have attached a budget document.

docs/organisers/handbook.md

@@ -12,7 +12,7 @@ We still haven't worked this out. We're working on it.
 
 ## Gathering new case studies
 
-We try to gather as many "case studies" as possible, stories & concrete examples of Co-op Cloud being used For Good :tm: See [coopcloud.tech](https://coopcloud.tech) for our existing examples. These studies help people identify what the purpose of the project is for.
+We try to gather as many "case studies" as possible, stories & concrete examples of Co-op Cloud being used For Good :tm: See [coopcloud.tech](https://coopcloud.tech) for our existing examples. These studies help people identify what the purpose of the project is.
 
 ## Monthly updates
 

docs/organisers/index.md

@@ -2,7 +2,7 @@
 title: Organisers Guide
 ---
 
-Welcome to the organisers guide! Organisers are folks who focus on the social work in the project. Speaking for the project at talks, helping new tech co-ops & collectives join, keeping an eye out for funding opportunities, seeing what things up come up in the community chats, etc. It's important work.
+Welcome to the organisers guide! Organisers are folks who focus on the social work in the project. Speaking for the project at talks, helping new tech co-ops & collectives join, keeping an eye out for funding opportunities, seeing what things come up in the community chats, etc. It's important work.
 
 We're still working out what it looks like to do this kind of work in the project. If you like the idea of this kinda of work and/or are already doing it, please send patches to improve this documentation :rocket:
 

docs/organisers/proposals/federation.md

@@ -0,0 +1,243 @@
+---
+title: The Co-op Cloud Federation Proposal
+---
+
+# The Co-op Cloud Federation Proposal
+
+## Table of Contents
+
+- [Goal](#Goal)
+- [Overview](#Overview)
+- [Process](#Process)
+- [The Federation Proposal](#The-Federation-Proposal)
+- [The Code of Co-operation Proposal](#The-Code-of-Co-operation-Proposal)
+
+## Goal
+
+This document is for the folks who are curious about what is means to "join the Co-op Cloud". You may already be lurking the Matrix channels, have deployed some apps with `abra` or support the project and want it to succeed :heart:
+
+If this is the first time you're seeing the project, please do take a look at [coopcloud.tech](https://coopcloud.tech) & maybe [docs.coopcloud.tech](https://docs.coopcloud.tech) for more of a technical deep dive. You're also more than welcome to join the project!
+
+## Overview
+
+As part of the [beta bikemap goals](https://pad.autonomic.zone/s/C3uuqfSCk) we are aiming to formalise the idea of what ["Co-op Cloud 'The Organisation'"](https://pad.autonomic.zone/s/C3uuqfSCk#Co-op-Cloud-%E2%80%9CThe-Organisation%E2%80%9D) could mean concretely. Here is what we wrote in our bike map originally:
+
+> One of the core goals of Co-op Cloud is to have the project run and managed by a diverse group of tech co-ops and collectives who are invested into building, maintaining and extending this digital configuraton commons. In order to open the project up we need to work on shared governance guidelines, codes of conduct, building community trust and working towards economic sustainability.
+
+Now that we are reaching the moment where we can make the beta release, we are ready to publish this proposal for feedback, discussion & amendments.
+
+## Process
+
+In terms of feedback, we don't think we have to figure it all out now. What is more important is to lay the foundations for democratically working it out as we go on. Any red flags, major concerns & blockers to participation would be great to discover at this early stage. All comments, feedback & constructive criticism is welcome!
+
+We are happy to receive this on any of the communication channels that we have. Please see our [contact docs](https://docs.coopcloud.tech/intro/contact/) for more. We will gather all feedback, discussions & follow up with people by the end of April 2022. We are aiming to publish this proposal by mid May 2022.
+
+---
+
+## The Federation Proposal
+
+### Members
+
+Co-op Cloud is a federation of co-operative hosters centred around the [Co-op Cloud project](https://coopcloud.tech). By Co-operative hosters, we mean worker- or user-owned co-operatives, or other democratic collectives who are operating in the public interest.
+
+### Vision
+
+A world where it's much easier to host technology services, creating local, community-run and participatory tech hosters, enabling more and more people to use services provided in the public interest, instead of ones operated by predatory advertising or planned obsolescence companies.
+
+### Aims
+
+1. Develop the Co-op Cloud technical app platform, including the [abra](https://docs.coopcloud.tech/abra/) command-line tool, the [application recipe catalogue](https://recipes.coopcloud.tech), and the [documentation](https://docs.coopcloud.tech).
+1. Maintain a community of mutual support between co-operative hosters.
+1. Facilitate communication between users and developers of libre software.
+1. Create a support and knowledge sharing network to make setting up new co-operatives easier.
+
+### Benefits
+
+As a member of Co-op Cloud, you'll be able to:
+
+- Participate in decision-making -- about the direction of Co-op Cloud, and how to distribute income from grants and donations.
+
+- Get listed as a recommended service provider [on the Co-op Cloud website](https://coopcloud.tech).
+
+- Receive announcements about opportunities for funded work on Co-op Cloud early, before they're sent out to the wider community.
+
+- Use shared Co-op Cloud services, including code hosting ([git.coopcloud.tech](https://git.coopcloud.tech)), continuous deployment ([builds.coopcloud.tech](https://builds.coopcloud.tech)) and any future digital infrastructure we all decide to set up.
+
+### Responsibilities
+
+**Co-op Cloud members are expected to:**
+
+- participate in all Large decisions,
+
+- pay a financial contribution of £10/month or more via our [Open Collective](https://opencollective.com/coop-cloud),
+
+- uphold the Code of Co-operation (see [below](#The-Code-of-Co-operation-Proposal))
+
+### Decision-making
+
+We propose to follow the decision making method of [Autonomic Co-op](https://autonomic.zone) which is explained in [this blog post](https://autonomic.zone/blog/how-we-make-decisions/) and adapted here for review.  Decisions can be split intro three categories: Small, Medium and Large.
+
+#### Small - "Get on and do a thing"
+
+- No one cares.
+
+- Made by an individual within the federation.
+
+- Could be in any area.
+
+- Up to individual members to decide if they should just make the decision, or share it with the rest of the members to seek consensus.
+
+#### Medium - "consensus pending objections"
+
+- Potentially about shared tools, recipes, `abra`, etc.
+
+- Doesn’t have an effect on the direction or operation of Co-op Cloud as a whole.
+
+- Give a deadline: unless other members object or ask for more time by then, it goes ahead.
+
+- The deadline must be reasonable (a week by default).
+
+- If any member of Co-op Cloud thinks it’s a Large decision, achieve Maximum Consensus™ (see [below](#Large---Maximum-Consensus-™)).
+
+#### Large - "Maximum Consensus ™"
+
+- Important decisions affecting the operation, direction, working conditions and finances of Co-op Cloud.
+
+- Consensus voting: addressing any concerns.
+
+- Can be requested by any member of Co-op Cloud for any decision.
+
+- Input from every Co-op Cloud member.
+
+- Whoever proposes Large decisions is responsible for chasing up members for votes.
+
+- Votes can be in favour, against, abstain (stand aside) or block.
+
+- One member (individual or organisation) = 1 vote
+
+#### Process
+
+For Medium and Large decisions:
+
+- Write up a proposal somewhere publicly accessible on the internet.
+
+- Announce the decision in the [General chat (`#coopcloud:autonomic.zone`)](https://docs.coopcloud.tech/intro/contact/#matrix) on Matrix
+
+- List the decision on the [decisions page](https://docs.coopcloud.tech/democracy/decisions) on our documentation
+
+- Announce the result in the [General chat (`#coopcloud:autonomic.zone`)](https://docs.coopcloud.tech/intro/contact/#matrix) and record it on the [decisions page](https://docs.coopcloud.tech/democracy/decisions) of the documentation
+
+#### Proposal format
+
+(For Medium and Large decisions).
+
+- What you want to change.
+
+- Who it affects.
+
+- Size (Medium / Large).
+
+- Decision number
+
+- Deadline.
+
+- What chat channel you want discussion to happen in.
+
+#### Example Proposal
+
+**Large decision 001**: *Change the name of Co-op Cloud to Co-op Sun*
+
+This decision affects everyone who uses and contributes to the project. I think the current name is too corporate.
+
+The voting deadline for this decision is **January 1st 1970**.
+
+Please discuss this proposal in `#coopcloud-comm-org:autonomic.zone`.
+
+---
+
+## The Code of Co-operation Proposal
+
+> Huge thanks to the folks at [Varia](https://varia.zone/) & [LURK](https://lurk.org) who carefully prepared wonderful Code of Conduct documents which we have adapted for our needs (with permission). See the original documents [here](https://varia.zone/en/pages/code-of-conduct.html) and [there](https://lurk.org/TOS.txt).
+
+Co-op Cloud is used by several communities coming from a variety of cultural, ethnic and professional backgrounds. We strive for to be welcoming to people of these various backgrounds and provide a non-toxic and harassment-free environment.
+
+The Code of Conduct is a set of guidelines that help establish shared values and ensure that behaviour that may harm participants is avoided.
+
+We acknowledge that we come from different backgrounds and all have certain biases and privileges. Therefore, this Code of Conduct cannot account for all the ways that people might feel excluded, unsafe or uncomfortable. We commit to open dialogues, and as such this Code of Conduct is never finished and should change whenever needed. We amend this document over time so it reflects the priorities and sensitivities of the community as it changes.
+
+It is a collective responsibility for all of us to enact the behaviour described in this document.
+
+## Expected behaviour
+
+We expect each other to:
+
+### Be considerate...
+
+...of each other, the space we enter, the Co-op Cloud community and the practices that it houses.
+
+### Be open and generous...
+
+...while trying not to make assumptions about others. This can include assumptions about identity, knowledge, experiences or preferred pronouns. Be generous with our time and our abilities, when we are able to. Help others, but ask first. There are many ways to contribute to a collective practice, which may differ from our individual ways.
+
+### Be respectful...
+
+...of different viewpoints and experiences. Respect physical and emotional boundaries. Be respectful of each others' limited time and energy. Take each other and each other's practices seriously. Acknowledge that this might lead to disagreement. However, disagreement is no excuse for poor manners.
+
+### Be responsible....
+
+...for the promises we make, meaning that we follow up on our commitments. We take responsibility for the good things we do, but also for the bad ones. We listen to and act upon respectful feedback. We correct ourselves when necessary, keeping in mind that the impact of our words and actions on other people doesn't always match our intent.
+
+### Be dedicated...
+
+...which means not letting the group happen to us, but making the group together. We participate in the group with self-respect and don't exhaust ourselves. This might mean saying how we feel, setting boundaries, being clear about our expectations. Nobody is expected to be perfect in this community. Asking questions early avoids problems later. Those who are asked should be responsive and helpful.
+
+### Be empathetic...
+
+..by actively listening to others and not dominating discussions. We give each other the chance to improve and let each other step up into positions of responsibility. We make room for others. We are aware of each other's feelings, provide support where necessary, and know when to step back. One's idea of caring may differ from how others want to be cared for. We ask to make sure that our actions are wanted.
+
+### Foster an inclusive environment...
+
+...by trying to create opportunities for others to express views, share skills and make other contributions. Being together is something we actively work on and requires negotiation. We recognize that not everyone has the same opportunities, therefore we must be sensitive to the context we operate in. There are implicit hierarchies that we can challenge, and we should strive to do so. When we organize something (projects, events, etc.), we think about how we can consider degrees of privilege, account for the needs of others, promote an activist stance and support other voices.
+
+## Unacceptable behaviour
+
+### No structural or personal discrimination
+
+Attitudes or comments promoting or reinforcing the oppression of any groups or people based on gender, gender identity and expression, race, ethnicity, nationality, sexuality, sexual orientation, religion, disability, mental illness, neurodiversity, personal appearance, physical appearance, body size, age, or class. Do not claim “reverse-isms”, for example “reverse racism”.
+
+### No harrassment
+
+Neither public nor private. Also no deliberate intimidation, stalking, following, harassing photography or recording, disruption of events, aggressive, slanderous, derogatory, or threatening comments online or in person and unwanted physical or electronic contact or sexual attention. No posting or disseminating libel, slander, or other disinformation.
+
+### No violation of privacy
+
+Namely publishing others’ private information, such as a physical or electronic address, without explicit permission. Do not take or publish photos or recordings of others after their request to not do so. Delete recordings if asked.
+
+### No unwelcome sexual conduct
+
+Including unwanted sexual language, imagery, actions, attention or advances.
+
+### No destructive behaviour
+
+Or any other conduct which could reasonably be considered inappropriate. This includes (but is not exclusive to) depictions of violence without content warnings, consistently and purposely derailing or disrupting conversations, or other behaviour that persistently disrupts the ability of others to engage in the group or space.
+
+## Intervention procedure
+
+**Immediate intervention (help is needed now!)**
+
+If you are feeling unsafe, you can immediately contact the Co-op Cloud members who are tasked with making sure the code of co-operation is respected.
+
+These contact people are members of Co-op Cloud who will do their best to help, or to find the correct assistance if relevant/necessary. Here is the list so far. If you would like to help in this task, please also feel free to volunteer to be a support member.
+
+> handle: `decentral1se`
+> contact: [helo@coopcloud.tech](mailto:helo@coopcloud.tech)
+> handle: `3wc`
+> contact: [helo@coopcloud.tech](mailto:helo@coopcloud.tech)
+
+For example, something happened during a still-ongoing online event and needs to be acted upon right away. Action is taken immediately when this violation of the code of co-operation is reported. This could involve removing an attendee from said event.
+
+## Non-immediate intervention (a situation that requires more time)
+
+Other violations need to be considered and consulted upon with more people or in a more measured way. For example: If you experience an ongoing pattern of harrassment; if you witness structurally unacceptable behaviour; if somebody keeps "accidentally" using discriminatory language, after being asked to stop.
+
+If you feel comfortable or able, discuss the issues with the involved parties before consulting a mediator. We prefer to constructively resolve disagreements together and work to right the wrong, when it is possible and safe to do so. However, if the problems still persist, those who are responsible for enforcing the code of co-operation can help you deal with these kinds of problems. Contact the members listed above. Information will be handled with sensitivity.

docs/organisers/proposals/index.md

@@ -0,0 +1,3 @@
+---
+title: Proposals
+---

docs/recipes/index.md

@@ -15,6 +15,65 @@ It aims to be a helpful place to understand the status of apps, who is taking ca
 
 The recipe catalogue is available on [recipes.coopcloud.tech](https://recipes.coopcloud.tech/).
 
+## Status / features / scoring
+
+Each recipe README has a "metadata" section, to help communicate the overall status of the recipe, and which features are supported. Here's an example, from [the Wordpress recipe](https://git.coopcloud.tech/coop-cloud/wordpress/):
+
+```
+<!-- metadata -->
+
+* **Category**: Apps
+* **Status**: 3, stable
+* **Image**: [`wordpress`](https://hub.docker.com/_/wordpress), 4, upstream
+* **Healthcheck**: Yes
+* **Backups**: Yes
+* **Email**: 3
+* **Tests**: 2
+* **SSO**: No
+
+<!-- endmetadata -->
+```
+
+Currently, recipe maintainers need to update the scores in this section manually. The specific meanings of the scores are:
+
+### Status (overall score)
+
+- 5: everything in 4 + Single-Sign-On
+- 4: upstream image, backups, email, healthcheck, integration testing
+- 3: upstream image, missing 1-2 items from 4
+- 2: missing 3-4 items from 4 or no upstream image
+- 1: alpha
+
+### Image
+
+- 4: official upstream image
+- 3: semi-official / actively-maintained image
+- 2: 3rd-party image
+- 1: our own custom image
+
+### Email
+
+- 3: automatic (using environment variables)
+- 2: mostly automatic
+- 1: manual
+- 0: none
+- N/A: app doesn't send email
+
+### CI
+
+- 3: as 2, plus healthcheck
+- 2: auto secrets + networks
+- 1: basic deployment using `stack-ssh-deploy`, manual secrets + networks
+- 0: none
+
+### Single-Sign-On
+
+- 3: automatic (using environment variables)
+- 2: mostly automatic
+- 1: manual
+- 0: none
+- N/A: app doesn't support SSO
+
 ## Wishlist
 
 If you'd like to see a new recipe packaged, make a request on the [recipes-wishlist](https://git.coopcloud.tech/coop-cloud/recipes-wishlist) repository issue tracker.

mkdocs.yml

@@ -2,16 +2,20 @@
 site_author: Co-op Cloud
 site_name: "Co-op Cloud: Public Interest Infrastructure"
 site_url: https://docs.coopcloud.tech
+use_directory_urls: true
 
 theme:
   name: material
   features:
+    - content.action.edit
     - navigation.expand
+    - navigation.indexes
     - navigation.instant
+    - navigation.path
     - navigation.sections
     - navigation.tabs
     - navigation.tabs.sticky
-    - navigation.indexes
+    - navigation.tracking
   palette:
     primary: light pink
     accent: purple
@@ -19,7 +23,7 @@ theme:
   favicon: img/favicon.ico
   custom_dir: custom_theme/
 
-copyright: Copyleft 🄯 2022 Co-op Cloud
+copyright: Copyleft 2023 Co-op Cloud
 
 markdown_extensions:
   - meta
@@ -57,6 +61,16 @@ nav:
   - "Organisers Guide":
       - organisers/index.md
       - "Organising handbook": organisers/handbook.md
+      - "Funding applications":
+        - organisers/funding-applications/index.md
+        - organisers/funding-applications/culture-of-solidarity.md
+        - organisers/funding-applications/ford-foundation.md
+        - organisers/funding-applications/private-funder.md
+        - organisers/funding-applications/sovereign-tech-fund.md
+        - organisers/funding-applications/user-operated-internet.md
+      - "Proposals":
+        - organisers/proposals/index.md
+        - organisers/proposals/federation.md
   - "Recipes":
     - recipes/index.md
   - "Abra":
@@ -69,18 +83,44 @@ nav:
       - "Cheat Sheet": abra/cheat-sheet.md
   - "Get Involved":
       - get-involved/index.md
-  - "Democracy":
-      - democracy/index.md
-      - "Decisions": democracy/decisions.md
+  - "Federation":
+      - federation/index.md
+      - "FAQ": federation/faq.md
+      - "Resolutions":
+        - federation/resolutions/index.md
+        - "Passed":
+          - federation/resolutions/passed/001.md
+          - federation/resolutions/passed/002.md
+          - federation/resolutions/passed/003.md
+          - federation/resolutions/passed/004.md
+          - federation/resolutions/passed/005.md
+          - federation/resolutions/passed/006.md
+          - federation/resolutions/passed/007.md
+          - federation/resolutions/passed/008.md
+          - federation/resolutions/passed/009.md
+          - federation/resolutions/passed/010.md
+          - federation/resolutions/passed/011.md
+          - federation/resolutions/passed/012.md
+        - "In progress":
+          - federation/resolutions/in-progress/index.md
+        - "Draft":
+          - federation/resolutions/drafts/index.md
+      - "Finance": federation/finance.md
+      - "Membership": federation/membership.md
+      - "Minutes":
+        - federation/minutes/index.md
+        - "2022":
+          - federation/minutes/2022-03-03.md
+      - "Digital tools": federation/tools.md
   - "Glossary":
     - glossary/index.md
 
 plugins:
-  - search
   - awesome-pages
+  - search
 
 repo_name: coop-cloud/docs.coopcloud.tech
-repo_url: https://git.coopcloud.tech/coop-cloud/docs.coopcloud.tech
+repo_url: https://git.coopcloud.tech/coop-cloud/docs.coopcloud.tech/
 edit_uri: _edit/main/docs/
 
 extra_css:

renovate.json

@@ -1,3 +1,7 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [{
+    "matchUpdateTypes": ["minor", "patch"],
+    "automerge": true
+  }]
 }

requirements.txt

@@ -1,4 +1,4 @@
-mkdocs-awesome-pages-plugin==2.7.0
-mkdocs-material-extensions==1.0.3
-mkdocs-material==8.2.16
-mkdocs==1.3.0
+mkdocs-awesome-pages-plugin==2.9.2
+mkdocs-material-extensions==1.3
+mkdocs-material==9.4.10
+mkdocs==1.5.3