From db9284fe1c996647c42277907f569a3095614bbf Mon Sep 17 00:00:00 2001
From: Michael Grote <michael.grote@posteo.de>
Date: Thu, 1 Feb 2024 21:23:44 +0100
Subject: [PATCH] docker: add healtchecks (#709)

Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/709
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
---
 .../mail-relay/docker-compose.yml.j2          | 45 ++++++++++---------
 docker-compose/miniflux/docker-compose.yml.j2 |  6 +++
 docker-compose/registry/docker-compose.yml.j2 | 15 +++++++
 .../docker-compose.yml.j2                     | 10 +++++
 4 files changed, 56 insertions(+), 20 deletions(-)

diff --git a/docker-compose/mail-relay/docker-compose.yml.j2 b/docker-compose/mail-relay/docker-compose.yml.j2
index 55bae066..459a2300 100644
--- a/docker-compose/mail-relay/docker-compose.yml.j2
+++ b/docker-compose/mail-relay/docker-compose.yml.j2
@@ -1,25 +1,30 @@
 version: '3.3'
 services:
-    postfix:
-      image: "registry.mgrote.net/postfix:master@sha256:fa2af0bc8edacfff05be461370c1591d480ae48ce3027a8322f80dba950cb9a7"
-      container_name: mail-relay
-      restart: always
-      labels:
-        com.centurylinklabs.watchtower.enable: true
-      ports:
-          - 1025:25
-      environment:
-        SMTP_SERVER: smtp.strato.de
-        SMTP_USERNAME: info@mgrote.net
-        SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
-        SERVER_HOSTNAME: mgrote.net
-        # DEBUG: "yes" # literal
-        ALWAYS_ADD_MISSING_HEADERS: "no" # literal
-        # LOG_SUBJECT: "yes" # literal
-        INET_PROTOCOL: ipv4
-        SMTP_GENERIC_MAP: "/.*/ info@mgrote.net"
-      networks:
-        - mail-relay
+  postfix:
+    image: "registry.mgrote.net/postfix:master@sha256:fa2af0bc8edacfff05be461370c1591d480ae48ce3027a8322f80dba950cb9a7"
+    container_name: mail-relay
+    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+    ports:
+        - 1025:25
+    environment:
+      SMTP_SERVER: smtp.strato.de
+      SMTP_USERNAME: info@mgrote.net
+      SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
+      SERVER_HOSTNAME: mgrote.net
+      # DEBUG: "yes" # literal
+      ALWAYS_ADD_MISSING_HEADERS: "no" # literal
+      # LOG_SUBJECT: "yes" # literal
+      INET_PROTOCOL: ipv4
+      SMTP_GENERIC_MAP: "/.*/ info@mgrote.net"
+    networks:
+      - mail-relay
+    healthcheck:
+      test: ["CMD", "sh", "-c", "echo 'EHLO localhost' | nc -w 1 localhost 25 | grep -q '220 '"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
 
 ######## Networks ########
 networks:
diff --git a/docker-compose/miniflux/docker-compose.yml.j2 b/docker-compose/miniflux/docker-compose.yml.j2
index fc460cc3..91a7cbab 100644
--- a/docker-compose/miniflux/docker-compose.yml.j2
+++ b/docker-compose/miniflux/docker-compose.yml.j2
@@ -21,6 +21,8 @@ services:
     networks:
       - intern
       - traefik
+    healthcheck:
+      test: ["CMD", "/usr/bin/miniflux", "-healthcheck", "auto"]
     labels:
       traefik.http.routers.miniflux.rule: Host(`miniflux.mgrote.net`)
       traefik.enable: true
@@ -46,6 +48,10 @@ services:
       - db16:/var/lib/postgresql/data
     networks:
       - intern
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "miniflux"]
+      interval: 10s
+      start_period: 30s
     labels:
       com.centurylinklabs.watchtower.enable: true
 
diff --git a/docker-compose/registry/docker-compose.yml.j2 b/docker-compose/registry/docker-compose.yml.j2
index 055336da..30a4e452 100644
--- a/docker-compose/registry/docker-compose.yml.j2
+++ b/docker-compose/registry/docker-compose.yml.j2
@@ -13,6 +13,11 @@ services:
     depends_on:
       - oci-registry-ui
       - oci-registry-redis
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5000/v2/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
     environment:
       TZ: Europe/Berlin
       REGISTRY_AUTH: none
@@ -61,6 +66,11 @@ services:
       MAXMEMORY POLICY: allkeys-lru
     labels:
       com.centurylinklabs.watchtower.enable: true
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
 
   oci-registry-ui:
     restart: always
@@ -77,6 +87,11 @@ services:
     networks:
       - traefik
       - intern
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
     labels:
       traefik.http.routers.registry-ui.rule: Host(`registry.mgrote.net`)&&PathPrefix(`/ui`) # mache unter /ui erreichbar, damit wird demPfad dieser Prefix hinzugefügt, die Anwendung "hört" dort abrer nicht
       traefik.http.routers.registry-ui.middlewares: registry-ui-strip-prefix,registry-ui-ipwhitelist # also entferne den Prefix danach wieder
diff --git a/docker-compose/unifi-network-application/docker-compose.yml.j2 b/docker-compose/unifi-network-application/docker-compose.yml.j2
index 6eeae035..f34a49d6 100644
--- a/docker-compose/unifi-network-application/docker-compose.yml.j2
+++ b/docker-compose/unifi-network-application/docker-compose.yml.j2
@@ -34,6 +34,11 @@ services:
     networks:
       - mail-relay
       - unifi-internal
+    healthcheck:
+      test: ["CMD", "curl", "-f", "--insecure", "https://localhost:8443"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
 
   unifi-db:
     # Starte Container OHNE init-script
@@ -52,6 +57,11 @@ services:
       com.centurylinklabs.watchtower.enable: true
     networks:
       - unifi-internal
+    healthcheck:
+      test: ["CMD", "mongosh", "--eval", "db.stats().ok"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
 
 ######## Volumes ########
 volumes: