From 57f4fbe9f3bdd166475b76f2567aba1fab74b0b8 Mon Sep 17 00:00:00 2001 From: Aykhan Shahsuvarov Date: Sat, 25 Oct 2025 13:27:43 +0000 Subject: [PATCH] add watchtower --- caddy/docker-compose.yml | 16 ++-- croc/docker-compose.yml | 2 + ghost/docker-compose.yml | 58 ++++++------- gitea/docker-compose.yml | 12 +-- grafana/docker-compose.yml | 44 +++++----- immich/docker-compose.yml | 146 +++++++++++++++++---------------- main.sh | 18 ++++ memos/docker-compose.yaml | 16 ---- memos/docker-compose.yml | 16 ++++ prometheus/docker-compose.yml | 102 +++++++++++------------ sftpgo/docker-compose.yml | 4 +- slash/docker-compose.yml | 2 +- uptime_kuma/docker-compose.yml | 33 ++++---- watchtower/docker-compose.yml | 12 +++ wg_easy/docker-compose.yml | 82 +++++++++--------- 15 files changed, 305 insertions(+), 258 deletions(-) delete mode 100644 memos/docker-compose.yaml create mode 100644 memos/docker-compose.yml create mode 100644 watchtower/docker-compose.yml diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml index e17bcd7..ebff234 100644 --- a/caddy/docker-compose.yml +++ b/caddy/docker-compose.yml @@ -6,9 +6,11 @@ networks: services: caddy: - image: caddy:2.10.2-alpine + image: caddy:2-alpine container_name: caddy restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=true" networks: - caddy ports: @@ -16,11 +18,11 @@ services: - "80:80" - "443:443/udp" volumes: - - ./Caddyfile:/etc/caddy/Caddyfile - - ./Caddyfile.private:/etc/caddy/Caddyfile.private - - ./ssl:/etc/ssl/custom/ - - ./data/data:/data - - ./data/config:/config - - ../private_volume:/private_volume + - ./Caddyfile:/etc/caddy/Caddyfile + - ./Caddyfile.private:/etc/caddy/Caddyfile.private + - ./ssl:/etc/ssl/custom/ + - ./data/data:/data + - ./data/config:/config + - ../private_volume:/private_volume env_file: - ./.env diff --git a/croc/docker-compose.yml b/croc/docker-compose.yml index 13e2c62..a48e4cd 100644 --- a/croc/docker-compose.yml +++ b/croc/docker-compose.yml @@ -1,6 +1,8 @@ services: croc: image: schollz/croc:10 + labels: + - "com.centurylinklabs.watchtower.enable=true" ports: - "9009-9013:9009-9013" env_file: .env diff --git a/ghost/docker-compose.yml b/ghost/docker-compose.yml index 48f626a..2fe1809 100644 --- a/ghost/docker-compose.yml +++ b/ghost/docker-compose.yml @@ -1,31 +1,33 @@ networks: - caddy: - name: caddy - driver: bridge - external: true + caddy: + name: caddy + driver: bridge + external: true services: - ghost: - image: ghost:6-alpine - container_name: ghost - restart: unless-stopped - networks: - - caddy - environment: - # DB - database__client: sqlite3 - database__connection__filename: content/data/ghost.db - # App - NODE_ENV: production - url: ${URL} - # Mail - mail__options__host: ${MAIL_HOST} - mail__options__port: ${MAIL_PORT} - mail__options__secure: ${MAIL_SECURE} - mail__options__auth__user: ${MAIL_USERNAME} - mail__options__auth__pass: ${MAIL_PASSWORD} - mail__from: ${MAIL_FROM} - mail__options__service: SMTP - mail__transport: SMTP - volumes: - - ./data:/var/lib/ghost/content + ghost: + image: ghost:6-alpine + container_name: ghost + restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=true" + networks: + - caddy + environment: + # DB + database__client: sqlite3 + database__connection__filename: content/data/ghost.db + # App + NODE_ENV: production + url: ${URL} + # Mail + mail__options__host: ${MAIL_HOST} + mail__options__port: ${MAIL_PORT} + mail__options__secure: ${MAIL_SECURE} + mail__options__auth__user: ${MAIL_USERNAME} + mail__options__auth__pass: ${MAIL_PASSWORD} + mail__from: ${MAIL_FROM} + mail__options__service: SMTP + mail__transport: SMTP + volumes: + - ./data:/var/lib/ghost/content diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index f8fb494..260622f 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -8,8 +8,10 @@ networks: services: server: - image: gitea/gitea:1.24.6 + image: gitea/gitea:1 container_name: gitea + labels: + - "com.centurylinklabs.watchtower.enable=true" environment: - USER_UID=${USER_UID} - USER_GID=${USER_GID} @@ -22,12 +24,12 @@ services: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro deploy: - resources: - limits: - memory: 1G + resources: + limits: + memory: 1G act: - image: gitea/act_runner:0.2.11 + image: gitea/act_runner:0.2.13 container_name: gitea_act restart: unless-stopped environment: diff --git a/grafana/docker-compose.yml b/grafana/docker-compose.yml index 7c8361f..1868e0d 100644 --- a/grafana/docker-compose.yml +++ b/grafana/docker-compose.yml @@ -1,26 +1,28 @@ networks: - grafana: - name: grafana - driver: bridge - external: true - caddy: - name: caddy - driver: bridge - external: true + grafana: + name: grafana + driver: bridge + external: true + caddy: + name: caddy + driver: bridge + external: true services: - grafana: - image: grafana/grafana-enterprise:12.2.0 - container_name: grafana - restart: unless-stopped - networks: - - grafana - - caddy - volumes: - - grafana-data:/var/lib/grafana - - ./data/grafana/dashboards:/var/lib/grafana/dashboards - - ./data/provisioning/dashboard.yaml:/etc/grafana/provisioning/dashboards/dashboard.yaml - - ./data/provisioning/datasource.yaml:/etc/grafana/provisioning/datasources/datasource.yaml + grafana: + image: grafana/grafana-enterprise:12.2 + container_name: grafana + restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=true" + networks: + - grafana + - caddy + volumes: + - grafana-data:/var/lib/grafana + - ./data/grafana/dashboards:/var/lib/grafana/dashboards + - ./data/provisioning/dashboard.yaml:/etc/grafana/provisioning/dashboards/dashboard.yaml + - ./data/provisioning/datasource.yaml:/etc/grafana/provisioning/datasources/datasource.yaml volumes: - grafana-data: + grafana-data: diff --git a/immich/docker-compose.yml b/immich/docker-compose.yml index 2b1fadd..bd95bb7 100644 --- a/immich/docker-compose.yml +++ b/immich/docker-compose.yml @@ -1,80 +1,82 @@ networks: - immich: - external: false - caddy: - name: caddy - driver: bridge - external: true + immich: + external: false + caddy: + name: caddy + driver: bridge + external: true services: - immich-server: - container_name: immich_server - image: ghcr.io/immich-app/immich-server:v2.1.0 - volumes: - # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file - - ${UPLOAD_LOCATION}:/data - - /etc/localtime:/etc/localtime:ro - env_file: - - .env - ports: - - "2283:2283" - depends_on: - - redis - - database - networks: - - immich - - caddy - deploy: - resources: - limits: - cpus: "1.5" - memory: 1G - restart: unless-stopped - healthcheck: - disable: false + immich-server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:v2 + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file + - ${UPLOAD_LOCATION}:/data + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + depends_on: + - redis + - database + networks: + - immich + - caddy + deploy: + resources: + limits: + cpus: "1.5" + memory: 1G + restart: unless-stopped + healthcheck: + disable: false - immich-machine-learning: - container_name: immich_machine_learning - image: ghcr.io/immich-app/immich-machine-learning:release - volumes: - - model-cache:/cache - env_file: - - .env - networks: - - immich - # deploy: - # resources: - # limits: - # cpus: "1" - # memory: 600M - restart: unless-stopped - healthcheck: - disable: false + immich-machine-learning: + container_name: immich_machine_learning + image: ghcr.io/immich-app/immich-machine-learning:release + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - model-cache:/cache + env_file: + - .env + networks: + - immich + # deploy: + # resources: + # limits: + # cpus: "1" + # memory: 600M + restart: unless-stopped + healthcheck: + disable: false - redis: - container_name: immich_redis - image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11 - networks: - - immich - healthcheck: - test: redis-cli ping || exit 1 - restart: unless-stopped + redis: + container_name: immich_redis + image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11 + networks: + - immich + healthcheck: + test: redis-cli ping || exit 1 + restart: unless-stopped - database: - container_name: immich_postgres - image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a - environment: - POSTGRES_PASSWORD: ${DB_PASSWORD} - POSTGRES_USER: ${DB_USERNAME} - POSTGRES_DB: ${DB_DATABASE_NAME} - POSTGRES_INITDB_ARGS: "--data-checksums" - networks: - - immich - volumes: - # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file - - ${DB_DATA_LOCATION}:/var/lib/postgresql/data - shm_size: 128mb - restart: unless-stopped + database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: "--data-checksums" + networks: + - immich + volumes: + # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + restart: unless-stopped volumes: - model-cache: + model-cache: diff --git a/main.sh b/main.sh index 0a2e56e..4e77621 100755 --- a/main.sh +++ b/main.sh @@ -210,6 +210,15 @@ start_services() { print_error "failed to start Caddy!" exit 1 fi + + echo "Starting watchtower..." + $DOCKER_COMPOSE_COMMAND -f ./watchtower/docker-compose.yml up -d + if [ $? -eq 0 ]; then + print_success "Watchtower started successfully." + else + print_error "failed to start Watchtower!" + exit 1 + fi } stop_services() { @@ -347,6 +356,15 @@ stop_services() { print_error "failed to stop Caddy!" exit 1 fi + + echo "Stopping watchtower..." + $DOCKER_COMPOSE_COMMAND -f ./watchtower/docker-compose.yml down + if [ $? -eq 0 ]; then + print_success "Watchtower stopped successfully." + else + print_error "failed to stop Watchtower!" + exit 1 + fi } if [ $# -lt 1 ]; then diff --git a/memos/docker-compose.yaml b/memos/docker-compose.yaml deleted file mode 100644 index 0ef6cc2..0000000 --- a/memos/docker-compose.yaml +++ /dev/null @@ -1,16 +0,0 @@ -networks: - caddy: - name: caddy - driver: bridge - external: true - -services: - memos: - image: neosmemo/memos:0.25 - container_name: memos - volumes: - - ./data/app:/var/opt/memos - ports: - - 5230:5230 - networks: - - caddy diff --git a/memos/docker-compose.yml b/memos/docker-compose.yml new file mode 100644 index 0000000..ee13919 --- /dev/null +++ b/memos/docker-compose.yml @@ -0,0 +1,16 @@ +networks: + caddy: + name: caddy + driver: bridge + external: true + +services: + memos: + image: neosmemo/memos:0.25 + container_name: memos + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - ./data/app:/var/opt/memos + networks: + - caddy diff --git a/prometheus/docker-compose.yml b/prometheus/docker-compose.yml index e0cc8b7..a4c691d 100644 --- a/prometheus/docker-compose.yml +++ b/prometheus/docker-compose.yml @@ -1,58 +1,58 @@ networks: - prometheus: - external: false - grafana: - name: grafana - driver: bridge - external: true - caddy: - name: caddy - driver: bridge - external: true + prometheus: + external: false + grafana: + name: grafana + driver: bridge + external: true + caddy: + name: caddy + driver: bridge + external: true services: - prometheus: - image: prom/prometheus:v3.7.2 - container_name: prometheus - restart: unless-stopped - networks: - - prometheus - - grafana - - caddy - command: "--config.file=/etc/prometheus/prometheus.yaml --storage.tsdb.retention.time=10d --storage.tsdb.retention.size=15GB" - volumes: - - ./data/config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro - - prometheus-data:/prometheus + prometheus: + image: prom/prometheus:v3.7.2 + container_name: prometheus + restart: unless-stopped + networks: + - prometheus + - grafana + - caddy + command: "--config.file=/etc/prometheus/prometheus.yaml --storage.tsdb.retention.time=10d --storage.tsdb.retention.size=15GB" + volumes: + - ./data/config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro + - prometheus-data:/prometheus - node_exporter: - image: quay.io/prometheus/node-exporter:v1.9.1 - container_name: node_exporter - restart: unless-stopped - networks: - - prometheus - command: - - "--path.rootfs=/host" - pid: host - volumes: - - "/:/host:ro,rslave" + node_exporter: + image: quay.io/prometheus/node-exporter:v1.10.0 + container_name: node_exporter + restart: unless-stopped + networks: + - prometheus + command: + - "--path.rootfs=/host" + pid: host + volumes: + - "/:/host:ro,rslave" - cadvisor: - image: gcr.io/cadvisor/cadvisor:v0.49.1 - container_name: cadvisor - restart: unless-stopped - networks: - - prometheus - volumes: - - "/:/rootfs:ro" - - "/var/run:/var/run:ro" - - "/sys:/sys:ro" - - "/var/lib/docker/:/var/lib/docker:ro" - - "/dev/disk/:/dev/disk:ro" - privileged: true - devices: - - "/dev/kmsg:/dev/kmsg" - command: - - --disable_metrics=advtcp,cpu_topology,cpuset,hugetlb,memory_numa,process,referenced_memory,resctrl,sched,tcp,udp,percpu,disk,diskIO,oom_event,perf_event + cadvisor: + image: gcr.io/cadvisor/cadvisor:v0.52.1 + container_name: cadvisor + restart: unless-stopped + networks: + - prometheus + volumes: + - "/:/rootfs:ro" + - "/var/run:/var/run:ro" + - "/sys:/sys:ro" + - "/var/lib/docker/:/var/lib/docker:ro" + - "/dev/disk/:/dev/disk:ro" + privileged: true + devices: + - "/dev/kmsg:/dev/kmsg" + command: + - --disable_metrics=advtcp,cpu_topology,cpuset,hugetlb,memory_numa,process,referenced_memory,resctrl,sched,tcp,udp,percpu,disk,diskIO,oom_event,perf_event volumes: - prometheus-data: + prometheus-data: diff --git a/sftpgo/docker-compose.yml b/sftpgo/docker-compose.yml index f50e59b..b7df0cc 100644 --- a/sftpgo/docker-compose.yml +++ b/sftpgo/docker-compose.yml @@ -6,9 +6,11 @@ networks: services: server: - image: drakkan/sftpgo:v2.6.6 + image: drakkan/sftpgo:v2 container_name: sftpgo restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=true" environment: - SFTPGO_COMMON_IDLE_TIMEOUT=${SFTPGO_COMMON_IDLE_TIMEOUT} - SFTPGO_COMMON_UPLOAD_MODE=${SFTPGO_COMMON_UPLOAD_MODE} diff --git a/slash/docker-compose.yml b/slash/docker-compose.yml index 176685f..d66c505 100644 --- a/slash/docker-compose.yml +++ b/slash/docker-compose.yml @@ -6,7 +6,7 @@ networks: services: server: -# image: yourselfhosted/slash:latest + # image: yourselfhosted/slash:latest image: aykhans/slash:1.0.0-rc.0-e container_name: slash restart: unless-stopped diff --git a/uptime_kuma/docker-compose.yml b/uptime_kuma/docker-compose.yml index 6044126..ddf1daf 100644 --- a/uptime_kuma/docker-compose.yml +++ b/uptime_kuma/docker-compose.yml @@ -1,19 +1,20 @@ networks: - caddy: - name: caddy - driver: bridge - external: true + caddy: + name: caddy + driver: bridge + external: true services: - uptime-kuma: - image: louislam/uptime-kuma:2 - container_name: uptime_kuma - restart: unless-stopped - volumes: - - ./data/app:/app/data - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - caddy - labels: - caddy: ${CADDY_DOMAIN} - caddy.reverse_proxy: "* {{upstreams 3001}}" + uptime-kuma: + image: louislam/uptime-kuma:2 + container_name: uptime_kuma + restart: unless-stopped + volumes: + - ./data/app:/app/data + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - caddy + labels: + caddy: ${CADDY_DOMAIN} + caddy.reverse_proxy: "* {{upstreams 3001}}" + com.centurylinklabs.watchtower.enable: true diff --git a/watchtower/docker-compose.yml b/watchtower/docker-compose.yml new file mode 100644 index 0000000..1f13d80 --- /dev/null +++ b/watchtower/docker-compose.yml @@ -0,0 +1,12 @@ +services: + watchtower: + image: nickfedor/watchtower:latest + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock + command: + - "--label-enable" + - "--cleanup" + - "--rolling-restart" + - "--interval" + - "600" # 10 minutes diff --git a/wg_easy/docker-compose.yml b/wg_easy/docker-compose.yml index c35f636..8a32d03 100644 --- a/wg_easy/docker-compose.yml +++ b/wg_easy/docker-compose.yml @@ -1,43 +1,45 @@ services: - wg-easy: - image: ghcr.io/wg-easy/wg-easy:15 - container_name: wg-easy - networks: - caddy: - interface_name: wgeth1 - wg: - ipv4_address: 10.42.42.42 - ipv6_address: fdcc:ad94:bacf:61a3::2a - interface_name: wgeth0 - environment: - WG_DEVICE: wgeth0 - volumes: - - ./data:/etc/wireguard - - /lib/modules:/lib/modules:ro - ports: - - "51820:51820/udp" - # - "51821:51821/tcp" - restart: unless-stopped - cap_add: - - NET_ADMIN - - SYS_MODULE - sysctls: - - net.ipv4.ip_forward=1 - - net.ipv4.conf.all.src_valid_mark=1 - - net.ipv6.conf.all.disable_ipv6=0 - - net.ipv6.conf.all.forwarding=1 - - net.ipv6.conf.default.forwarding=1 + wg-easy: + image: ghcr.io/wg-easy/wg-easy:15 + container_name: wg-easy + labels: + - "com.centurylinklabs.watchtower.enable=true" + networks: + caddy: + interface_name: wgeth1 + wg: + ipv4_address: 10.42.42.42 + ipv6_address: fdcc:ad94:bacf:61a3::2a + interface_name: wgeth0 + environment: + WG_DEVICE: wgeth0 + volumes: + - ./data:/etc/wireguard + - /lib/modules:/lib/modules:ro + ports: + - "51820:51820/udp" + # - "51821:51821/tcp" + restart: unless-stopped + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv6.conf.all.forwarding=1 + - net.ipv6.conf.default.forwarding=1 networks: - caddy: - name: caddy - driver: bridge - external: true - wg: - driver: bridge - enable_ipv6: true - ipam: - driver: default - config: - - subnet: 10.42.42.0/24 - - subnet: fdcc:ad94:bacf:61a3::/64 + caddy: + name: caddy + driver: bridge + external: true + wg: + driver: bridge + enable_ipv6: true + ipam: + driver: default + config: + - subnet: 10.42.42.0/24 + - subnet: fdcc:ad94:bacf:61a3::/64