diff --git a/docker-compose/act-runner/docker-compose.yml.j2 b/docker-compose/act-runner/docker-compose.yml.j2
index c0894897..ff76964a 100644
--- a/docker-compose/act-runner/docker-compose.yml.j2
+++ b/docker-compose/act-runner/docker-compose.yml.j2
@@ -6,8 +6,11 @@ services:
     image: gitea/act_runner:0.2.11
     restart: unless-stopped
     pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     volumes:
diff --git a/docker-compose/authelia/docker-compose.yml.j2 b/docker-compose/authelia/docker-compose.yml.j2
index ea2f2eda..0b2676dd 100644
--- a/docker-compose/authelia/docker-compose.yml.j2
+++ b/docker-compose/authelia/docker-compose.yml.j2
@@ -7,8 +7,11 @@ services:
     container_name: authelia
     restart: unless-stopped
     pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     environment:
@@ -46,8 +49,11 @@ services:
     container_name: authelia-redis
     restart: unless-stopped
     pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     environment:
@@ -67,8 +73,11 @@ services:
     command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
     restart: unless-stopped
     pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     volumes:
diff --git a/docker-compose/gramps/docker-compose.yml.j2 b/docker-compose/gramps/docker-compose.yml.j2
index b7dfc359..04f1d5a2 100644
--- a/docker-compose/gramps/docker-compose.yml.j2
+++ b/docker-compose/gramps/docker-compose.yml.j2
@@ -5,6 +5,11 @@ services:
     image: ghcr.io/gramps-project/grampsweb:v24.12.2  # version
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     ports:
@@ -38,6 +43,11 @@ services:
   grampsweb_celery:
     <<: *grampsweb  # YAML merge key copying the entire grampsweb service config
     ports: []
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "1024M"
     container_name: grampsweb-celery
     depends_on:
       - grampsweb_redis
@@ -49,6 +59,11 @@ services:
     container_name: grampsweb-redis
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     healthcheck:
diff --git a/docker-compose/lldap/docker-compose.yml.j2 b/docker-compose/lldap/docker-compose.yml.j2
index d6d6dc52..4c01b05a 100644
--- a/docker-compose/lldap/docker-compose.yml.j2
+++ b/docker-compose/lldap/docker-compose.yml.j2
@@ -4,6 +4,11 @@ services:
     container_name: lldap
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     ports:
@@ -27,6 +32,11 @@ services:
     image: "postgres:17.2"
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     environment:
diff --git a/docker-compose/miniflux/docker-compose.yml.j2 b/docker-compose/miniflux/docker-compose.yml.j2
index dba10621..4ce395ae 100644
--- a/docker-compose/miniflux/docker-compose.yml.j2
+++ b/docker-compose/miniflux/docker-compose.yml.j2
@@ -5,6 +5,11 @@ services:
     image: "ghcr.io/miniflux/miniflux:2.2.4"
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     depends_on:
@@ -39,6 +44,11 @@ services:
     image: "postgres:17.2"
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     environment:
@@ -62,6 +72,11 @@ services:
       - miniflux
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "4"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     environment:
diff --git a/docker-compose/navidrome/docker-compose.yml.j2 b/docker-compose/navidrome/docker-compose.yml.j2
index d4b3f115..73dc9219 100644
--- a/docker-compose/navidrome/docker-compose.yml.j2
+++ b/docker-compose/navidrome/docker-compose.yml.j2
@@ -5,6 +5,11 @@ services:
     image: "deluan/navidrome:0.54.3"
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "4"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     environment:
diff --git a/docker-compose/nextcloud/docker-compose.yml.j2 b/docker-compose/nextcloud/docker-compose.yml.j2
index 48749c9d..32dda574 100644
--- a/docker-compose/nextcloud/docker-compose.yml.j2
+++ b/docker-compose/nextcloud/docker-compose.yml.j2
@@ -6,6 +6,11 @@ services:
     command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     volumes:
@@ -41,6 +46,11 @@ services:
       - internal
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
@@ -56,6 +66,11 @@ services:
     image: "registry.mgrote.net/nextcloud-cronjob:latest"
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     network_mode: none
@@ -72,6 +87,11 @@ services:
     container_name: nextcloud-app
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "4"
+          memory: "1024M"
     security_opt:
       - no-new-privileges=true
     depends_on:
diff --git a/docker-compose/postfix/docker-compose.yml.j2 b/docker-compose/postfix/docker-compose.yml.j2
index eaed1a6d..fe3aa906 100644
--- a/docker-compose/postfix/docker-compose.yml.j2
+++ b/docker-compose/postfix/docker-compose.yml.j2
@@ -4,6 +4,11 @@ services:
     container_name: postfix
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     ports:
diff --git a/docker-compose/registry/docker-compose.yml.j2 b/docker-compose/registry/docker-compose.yml.j2
index 5a99370e..19909b3f 100644
--- a/docker-compose/registry/docker-compose.yml.j2
+++ b/docker-compose/registry/docker-compose.yml.j2
@@ -2,6 +2,11 @@ services:
   oci-registry:
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     container_name: oci-registry
diff --git a/docker-compose/routeros-config-export/docker-compose.yml b/docker-compose/routeros-config-export/docker-compose.yml
index 2ccfa401..afe7f88a 100644
--- a/docker-compose/routeros-config-export/docker-compose.yml
+++ b/docker-compose/routeros-config-export/docker-compose.yml
@@ -3,6 +3,11 @@ services:
     container_name: routeros-config-export
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     image: "registry.mgrote.net/routeros-config-export:latest"
diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2
index b2f61d3d..531208d5 100644
--- a/docker-compose/traefik/docker-compose.yml.j2
+++ b/docker-compose/traefik/docker-compose.yml.j2
@@ -7,6 +7,11 @@ services:
     image: "traefik:v3.2.3"
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     volumes:
diff --git a/docker-compose/unifi-network-application/docker-compose.yml.j2 b/docker-compose/unifi-network-application/docker-compose.yml.j2
index f22e2f04..731bd0e3 100644
--- a/docker-compose/unifi-network-application/docker-compose.yml.j2
+++ b/docker-compose/unifi-network-application/docker-compose.yml.j2
@@ -28,6 +28,11 @@ services:
       - 5514:5514/udp #optional
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "1024M"
     security_opt:
       - no-new-privileges=true
     networks:
diff --git a/docker-compose/wiki/docker-compose.yml.j2 b/docker-compose/wiki/docker-compose.yml.j2
index 60863f88..5d683b0b 100644
--- a/docker-compose/wiki/docker-compose.yml.j2
+++ b/docker-compose/wiki/docker-compose.yml.j2
@@ -4,6 +4,11 @@ services:
     image: "registry.mgrote.net/httpd:latest"
     restart: unless-stopped
     pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
     security_opt:
       - no-new-privileges=true
     networks: