Docker: Watchtower (#480)

Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #480
2023-03-21 19:00:37 +01:00 · 2023-03-21 19:00:37 +01:00 · 6b17b33533
commit 6b17b33533
parent b92b32a49f
12 changed files with 79 additions and 5 deletions
--- a/docker-compose/drone/docker-compose.yml.j2
+++ b/docker-compose/drone/docker-compose.yml.j2
@ -21,7 +21,8 @@ services:
        image: 'drone/drone:latest'
        networks:
          - intern
-
+        labels:
+          - com.centurylinklabs.watchtower.enable=true

 # runner
    drone-runner-docker:
@ -41,6 +42,8 @@ services:
        image: 'drone/drone-runner-docker:latest'
        networks:
          - intern
+        labels:
+          - com.centurylinklabs.watchtower.enable=true

 ######## Volumes ########
 volumes:
--- a/docker-compose/homer/docker-compose.yml.j2
+++ b/docker-compose/homer/docker-compose.yml.j2
@ -14,3 +14,5 @@ services:
      - ./assets/:/www/assets
    ports:
      - 333:8080
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
--- a/docker-compose/httpd/docker-compose.yml.j2
+++ b/docker-compose/httpd/docker-compose.yml.j2
@ -10,3 +10,5 @@ services:
      - "${PWD}/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro"
    ports:
      - 3344:80
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
--- a/docker-compose/miniflux/docker-compose.yml.j2
+++ b/docker-compose/miniflux/docker-compose.yml.j2
@ -28,6 +28,9 @@ services:
      - traefik.http.routers.miniflux.tls.certresolver=resolver_letsencrypt
      - traefik.http.routers.miniflux.entrypoints=entry_https
      - traefik.http.services.miniflux.loadbalancer.server.port=8080
+      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.depends-on=mf-db
+
 ######## PostGreSQL ########
  db:
    container_name: "mf-db"
@ -42,7 +45,9 @@ services:
    networks:
      - intern
    labels:
-      - com.centurylinklabs.watchtower.enable="false"
+      - com.centurylinklabs.watchtower.enable=false
+      - com.centurylinklabs.watchtower.monitor-only=true
+
 ######## Miniflux-Filter ########
  mf-filter:
    container_name: mf-filter
@ -58,6 +63,10 @@ services:
      - ./filter.txt:/data/filter.txt
    networks:
      - intern
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.depends-on=mf-frontend
+
 ######## RSS-Bridge ########
  rssbridge:
    container_name: "mf-bridge"
@ -71,6 +80,9 @@ services:
      - intern
    ports: #um neue Feeds einzufügen
      - 3001:80
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+
 ######## changedetection ########
  changedetection.io:
    image: ghcr.io/dgtlmoon/changedetection.io
@ -86,6 +98,8 @@ services:
    restart: always
    networks:
      - intern
+    labels:
+      - com.centurylinklabs.watchtower.enable=true

 ######## Volumes ########
 volumes:
--- a/docker-compose/munin/docker-compose.yml.j2
+++ b/docker-compose/munin/docker-compose.yml.j2
@ -36,6 +36,8 @@ services:
      - cache:/var/cache/munin
    ports:
      - 1234:80
+    labels:
+      - com.centurylinklabs.watchtower.enable=true

 volumes:
  db:
--- a/docker-compose/navidrome/docker-compose.yml.j2
+++ b/docker-compose/navidrome/docker-compose.yml.j2
@ -35,6 +35,8 @@ services:
      - traefik.http.routers.navidrome-mg.tls.certresolver=resolver_letsencrypt
      - traefik.http.routers.navidrome-mg.entrypoints=entry_https
      - traefik.http.services.navidrome-mg.loadbalancer.server.port=4533
+      
+      - com.centurylinklabs.watchtower.enable=true
    ports:
      - "4533:4533"

--- a/docker-compose/nextcloud/docker-compose.yml.j2
+++ b/docker-compose/nextcloud/docker-compose.yml.j2
@ -19,7 +19,8 @@ services:
    networks:
      - intern
    labels:
-      - com.centurylinklabs.watchtower.enable="false"
+      - com.centurylinklabs.watchtower.enable=true
+
 ######## Redis ########
  nextcloud-redis:
    image: redis:alpine
@ -30,7 +31,8 @@ services:
    restart: unless-stopped
    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
    labels:
-      - com.centurylinklabs.watchtower.enable="false"
+      - com.centurylinklabs.watchtower.enable=true
+
 ######## cron ########
  cron:
    container_name: nextcloud-cron
@ -45,6 +47,9 @@ services:
    environment:
    - NEXTCLOUD_CONTAINER_NAME=nextcloud-app
    - NEXTCLOUD_CRON_MINUTE_INTERVAL=1
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+
 ######## Nextcloud ########
  nextcloud-app:
    image: nextcloud:${NC_MAJOR_VERSION}
@ -83,6 +88,9 @@ services:
      - intern
      - traefik
    labels:
+      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.depends-on=nextcloud-redis,nextcloud-db
+
      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.mgrote.net`)
      - traefik.enable=true
      - traefik.http.routers.nextcloud.tls=true
--- a/docker-compose/oxidized/docker-compose.yml.j2
+++ b/docker-compose/oxidized/docker-compose.yml.j2
@ -13,6 +13,8 @@ services:
      - ./config:/root/.config/oxidized/config
      - ./ssh:/ssh/
      - oxidized:/var/lib/oxidized
+    labels:
+      - com.centurylinklabs.watchtower.enable=true

 ######## Volumes ########
 volumes:
--- a/docker-compose/traefik/docker-compose.yml.j2
+++ b/docker-compose/traefik/docker-compose.yml.j2
@ -19,6 +19,8 @@ services:
      - "2222:2222" # SSH
    environment:
      - TZ=Europe/Berlin
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
 ######## Networks ########
 networks:
  traefik:
--- a/docker-compose/unifi-controller/docker-compose.yml.j2
+++ b/docker-compose/unifi-controller/docker-compose.yml.j2
@ -21,7 +21,8 @@ services:
      - 5514:5514/udp #optional
    restart: always
    labels:
-      - com.centurylinklabs.watchtower.enable="false"
+      - com.centurylinklabs.watchtower.enable=false
+      - com.centurylinklabs.watchtower.monitor-only=true
 ######## Volumes ########
 volumes:
  data:
--- a/docker-compose/watchtower/docker-compose.yml.j2
+++ b/docker-compose/watchtower/docker-compose.yml.j2
@ -0,0 +1,34 @@
+version: "3"
+services:
+  watchtower:
+    container_name: watchtower
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - TZ=Europe/Berlin
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_INCLUDE_RESTARTING=true
+      - WATCHTOWER_INCLUDE_STOPPED=true
+      - WATCHTOWER_REVIVE_STOPPED=false
+      - WATCHTOWER_POLL_INTERVAL=86400 # (24 hours)
+      - WATCHTOWER_LABEL_ENABLE=true
+      - WATCHTOWER_NOTIFICATIONS=email
+      - WATCHTOWER_NOTIFICATION_EMAIL_FROM=info@mgrote.net
+      - WATCHTOWER_NOTIFICATION_EMAIL_TO=michael.grote@posteo.de
+      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.strato.de
+      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
+      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=info@mgrote.net
+      - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
+      - WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2
+      - WATCHTOWER_NO_STARTUP_MESSAGE=true
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+
+# monitore diesen Container nur
+#   labels:
+#     - com.centurylinklabs.watchtower.monitor-only=true
+# dieser container hängt von x ab
+#     - com.centurylinklabs.watchtower.depends-on=mf-db
+# aktualisiere container
+#     - com.centurylinklabs.watchtower.enable=true
--- a/host_vars/docker10.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@ -73,6 +73,8 @@
      state: absent
    - name: librenms
      state: absent
+    - name: watchtower
+      state: present

  #### mgrote.set_permissions
  dir_permissions: