diff --git a/README.md b/README.md
index dedd1f8..44ed2b5 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,9 @@
 A home for configuring all of my homelab containers on a Debian Linux machine.
 This assumes a Debian Linux machine with Docker and Docker Compose installed.
 
+My particular setup is based on a [jailmaker](https://github.com/Jip-Hop/jailmaker) container
+running on top of TrueNAS SCALE, separating all the docker stuff from the appliance.
+
 # Notes
 
 ## IPv6
@@ -16,3 +19,29 @@ that uses the IP of this host as the gateway.
 This is a limitation of my current ISP, I only have a single /64 subnet for my lab network.
 I'd like to get a /56 or /48, perhaps using Hurricane Electric's tunnel broker.
 *Sigh* ISPs being stingy with the 2^48 prefixes they're afraid of running out of.
+
+## Upgrading Postgres
+Upgrading the postgres container for a given stack requires a dump and restore.
+
+After making a snapshot or backup of postgres data directory,
+in the compose directory for a given stack, run the following commands:
+```bash
+docker compose down
+docker compose up -d <db_service>
+docker compose exec -it <db_service> pg_dumpall -U <db_user> | tee /tmp/dump.sql
+docker compose down
+
+rm -r <postgres_data_dir>/*  # as root
+# Edit the docker-compose.yml file to use the new postgres image
+docker compose up -d <db_service>
+# For some reason, compose exec doesn't like the input redirection
+docker exec -i <db_container_name> psql -U <db_user> < /tmp/dump.sql
+docker compose up -d
+rm /tmp/dump.sql
+```
+
+Additionally, if upgrading from postgres <= 13, it is necessary to upgrade the
+password hashes. This can be done by running the following command:
+```bash
+docker compose exec -it <db_service> psql -U <db_user> -c "\password"
+```
diff --git a/roles/alpina/templates/apps/gitea/docker-compose.yml.j2 b/roles/alpina/templates/apps/gitea/docker-compose.yml.j2
index 230f0ab..cf0fc76 100644
--- a/roles/alpina/templates/apps/gitea/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/gitea/docker-compose.yml.j2
@@ -7,7 +7,7 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:1.21
+    image: gitea/gitea:1.22
     container_name: gitea_server
     labels:
       - {{ helpers.traefik_labels('gitea', port='3000') | indent(6) }}
@@ -22,7 +22,7 @@ services:
     depends_on:
       - db
   db:
-    image: postgres:14-alpine
+    image: postgres:16-alpine
     container_name: gitea_db
     restart: unless-stopped
     env_file:
diff --git a/roles/alpina/templates/apps/nextcloud/.env.j2 b/roles/alpina/templates/apps/nextcloud/.env.j2
index c013a26..b3a1e38 100644
--- a/roles/alpina/templates/apps/nextcloud/.env.j2
+++ b/roles/alpina/templates/apps/nextcloud/.env.j2
@@ -1 +1 @@
-NEXTCLOUD_VERSION=28-fpm-alpine
+NEXTCLOUD_VERSION=29-fpm-alpine
diff --git a/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2 b/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2
index b9effce..9a75151 100644
--- a/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2
+++ b/roles/alpina/templates/apps/nextcloud/docker-compose.yml.j2
@@ -54,7 +54,7 @@ services:
       - {{ base_volume_path }}/nextcloud/nextcloud_data:/var/www/html/data
 
   db:
-    image: postgres:13-alpine
+    image: postgres:16-alpine
     container_name: nextcloud_db
     restart: unless-stopped
     env_file:
diff --git a/roles/alpina/templates/services/authentik/docker-compose.yml.j2 b/roles/alpina/templates/services/authentik/docker-compose.yml.j2
index e205b52..c48e64e 100644
--- a/roles/alpina/templates/services/authentik/docker-compose.yml.j2
+++ b/roles/alpina/templates/services/authentik/docker-compose.yml.j2
@@ -37,7 +37,7 @@ services:
       - {{ base_volume_path }}/authentik/certs:/certs
 
   postgres:
-    image: postgres:12-alpine
+    image: postgres:16-alpine
     container_name: authentik_postgres
     restart: unless-stopped
     env_file: