Maintenant

Improvements

Anonymous install telemetry (opt-out)

maintenant now sends an anonymous, opt-out usage snapshot once an hour to https://metrics.kolapsis.com. Each snapshot contains only counts (containers_total, endpoints_total, heartbeats_total, certificates_total, webhooks_total, status_components_total), the edition (community or pro), basic runtime context (OS, arch, CPU cores, Go version, deployment mode, memory, goroutines, uptime), and an opaque installation identifier persisted to /data/shm/shm_identity.json.

Nothing else is transmitted: no hostnames, IPs, container names, endpoint URLs, certificates, webhook targets, status-page component names, license keys, or operator-supplied free-form strings of any kind.

Why opt-out — we collect basic usage data to understand how maintenant is used in the field. That's it. Disable it with one environment variable if you'd rather not contribute.

To disable:

services:
  maintenant:
    environment:
      MAINTENANT_DISABLE_TELEMETRY: "1"

Truthy values: 1, t, true, y, yes, on (case-insensitive). When disabled, exactly one log line is emitted at startup (telemetry disabled reason=opt-out) — no goroutine, no DNS lookup, no outbound packets toward the metrics endpoint.

Container entrypoint now drops privileges via setpriv

The official image used to pin USER 65534:65534 directly in the Dockerfile. The new image installs a small entrypoint that runs as root just long enough to fix bind-mount ownership for /data/shm, then drops to uid 65534 via setpriv --keep-groups. This is functionally equivalent to before — the binary still runs as nobody:nobody, read_only: true and no-new-privileges: true are still respected — but two operator pain points go away:

• Bind-mounting a host directory at /data/shm no longer requires a manual chown 65534:65534 on the host. The entrypoint chowns it on every start, so the SHM identity file can be persisted on the host filesystem without prep work.
• Supplementary GIDs injected by Compose group_add (typically the host docker socket group) are now preserved through the privilege drop. The previous su-exec candidate cleared supplementary groups when an explicit GID was provided, which would have broken docker socket access.

Documentation

• README and the public docs site (docs/getting-started/configuration.md) now document MAINTENANT_DISABLE_TELEMETRY, what each snapshot field contains, and the persistent-identity requirement.
• docs/security.md reflects the entrypoint-based privilege drop in the hardening checklist and table.

Upgrading from v1.2.6

docker compose pull && docker compose up -d --force-recreate

No database migrations, no configuration changes required. Telemetry activates on first start; set MAINTENANT_DISABLE_TELEMETRY=1 before starting the new image if you want to opt out without a single snapshot being sent.