add watchtower

caddy/docker-compose.yml

@@ -6,9 +6,11 @@ networks:
 
 services:
   caddy:
-    image: caddy:2.10.2-alpine
+    image: caddy:2-alpine
     container_name: caddy
     restart: unless-stopped
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
     networks:
       - caddy
     ports:
@@ -16,11 +18,11 @@ services:
       - "80:80"
       - "443:443/udp"
     volumes:
-        - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./Caddyfile:/etc/caddy/Caddyfile
-        - ./Caddyfile.private:/etc/caddy/Caddyfile.private
+      - ./Caddyfile.private:/etc/caddy/Caddyfile.private
-        - ./ssl:/etc/ssl/custom/
+      - ./ssl:/etc/ssl/custom/
-        - ./data/data:/data
+      - ./data/data:/data
-        - ./data/config:/config
+      - ./data/config:/config
-        - ../private_volume:/private_volume
+      - ../private_volume:/private_volume
     env_file:
       - ./.env

croc/docker-compose.yml

@@ -1,6 +1,8 @@
 services:
   croc:
     image: schollz/croc:10
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
     ports:
       - "9009-9013:9009-9013"
     env_file: .env

ghost/docker-compose.yml

@@ -1,31 +1,33 @@
 networks:
-    caddy:
+  caddy:
-        name: caddy
+    name: caddy
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
 
 services:
-    ghost:
+  ghost:
-        image: ghost:6-alpine
+    image: ghost:6-alpine
-        container_name: ghost
+    container_name: ghost
-        restart: unless-stopped
+    restart: unless-stopped
-        networks:
+    labels:
-            - caddy
+      - "com.centurylinklabs.watchtower.enable=true"
-        environment:
+    networks:
-            # DB
+      - caddy
-            database__client: sqlite3
+    environment:
-            database__connection__filename: content/data/ghost.db
+      # DB
-            # App
+      database__client: sqlite3
-            NODE_ENV: production
+      database__connection__filename: content/data/ghost.db
-            url: ${URL}
+      # App
-            # Mail
+      NODE_ENV: production
-            mail__options__host: ${MAIL_HOST}
+      url: ${URL}
-            mail__options__port: ${MAIL_PORT}
+      # Mail
-            mail__options__secure: ${MAIL_SECURE}
+      mail__options__host: ${MAIL_HOST}
-            mail__options__auth__user: ${MAIL_USERNAME}
+      mail__options__port: ${MAIL_PORT}
-            mail__options__auth__pass: ${MAIL_PASSWORD}
+      mail__options__secure: ${MAIL_SECURE}
-            mail__from: ${MAIL_FROM}
+      mail__options__auth__user: ${MAIL_USERNAME}
-            mail__options__service: SMTP
+      mail__options__auth__pass: ${MAIL_PASSWORD}
-            mail__transport: SMTP
+      mail__from: ${MAIL_FROM}
-        volumes:
+      mail__options__service: SMTP
-            - ./data:/var/lib/ghost/content
+      mail__transport: SMTP
+    volumes:
+      - ./data:/var/lib/ghost/content

gitea/docker-compose.yml

@@ -8,8 +8,10 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:1.24.6
+    image: gitea/gitea:1
     container_name: gitea
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
     environment:
       - USER_UID=${USER_UID}
       - USER_GID=${USER_GID}
@@ -22,12 +24,12 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     deploy:
-        resources:
+      resources:
-            limits:
+        limits:
-                memory: 1G
+          memory: 1G
 
   act:
-    image: gitea/act_runner:0.2.11
+    image: gitea/act_runner:0.2.13
     container_name: gitea_act
     restart: unless-stopped
     environment:

grafana/docker-compose.yml

@@ -1,26 +1,28 @@
 networks:
-    grafana:
+  grafana:
-        name: grafana
+    name: grafana
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
-    caddy:
+  caddy:
-        name: caddy
+    name: caddy
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
 
 services:
-    grafana:
+  grafana:
-        image: grafana/grafana-enterprise:12.2.0
+    image: grafana/grafana-enterprise:12.2
-        container_name: grafana
+    container_name: grafana
-        restart: unless-stopped
+    restart: unless-stopped
-        networks:
+    labels:
-            - grafana
+      - "com.centurylinklabs.watchtower.enable=true"
-            - caddy
+    networks:
-        volumes:
+      - grafana
-            - grafana-data:/var/lib/grafana
+      - caddy
-            - ./data/grafana/dashboards:/var/lib/grafana/dashboards
+    volumes:
-            - ./data/provisioning/dashboard.yaml:/etc/grafana/provisioning/dashboards/dashboard.yaml
+      - grafana-data:/var/lib/grafana
-            - ./data/provisioning/datasource.yaml:/etc/grafana/provisioning/datasources/datasource.yaml
+      - ./data/grafana/dashboards:/var/lib/grafana/dashboards
+      - ./data/provisioning/dashboard.yaml:/etc/grafana/provisioning/dashboards/dashboard.yaml
+      - ./data/provisioning/datasource.yaml:/etc/grafana/provisioning/datasources/datasource.yaml
 
 volumes:
-    grafana-data:
+  grafana-data:

immich/docker-compose.yml

@@ -1,80 +1,82 @@
 networks:
-    immich:
+  immich:
-        external: false
+    external: false
-    caddy:
+  caddy:
-        name: caddy
+    name: caddy
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
 
 services:
-    immich-server:
+  immich-server:
-        container_name: immich_server
+    container_name: immich_server
-        image: ghcr.io/immich-app/immich-server:v2.1.0
+    image: ghcr.io/immich-app/immich-server:v2
-        volumes:
+    labels:
-            # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
+      - "com.centurylinklabs.watchtower.enable=true"
-            - ${UPLOAD_LOCATION}:/data
+    volumes:
-            - /etc/localtime:/etc/localtime:ro
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-        env_file:
+      - ${UPLOAD_LOCATION}:/data
-            - .env
+      - /etc/localtime:/etc/localtime:ro
-        ports:
+    env_file:
-            - "2283:2283"
+      - .env
-        depends_on:
+    depends_on:
-            - redis
+      - redis
-            - database
+      - database
-        networks:
+    networks:
-            - immich
+      - immich
-            - caddy
+      - caddy
-        deploy:
+    deploy:
-            resources:
+      resources:
-                limits:
+        limits:
-                    cpus: "1.5"
+          cpus: "1.5"
-                    memory: 1G
+          memory: 1G
-        restart: unless-stopped
+    restart: unless-stopped
-        healthcheck:
+    healthcheck:
-            disable: false
+      disable: false
 
-    immich-machine-learning:
+  immich-machine-learning:
-        container_name: immich_machine_learning
+    container_name: immich_machine_learning
-        image: ghcr.io/immich-app/immich-machine-learning:release
+    image: ghcr.io/immich-app/immich-machine-learning:release
-        volumes:
+    labels:
-            - model-cache:/cache
+      - "com.centurylinklabs.watchtower.enable=true"
-        env_file:
+    volumes:
-            - .env
+      - model-cache:/cache
-        networks:
+    env_file:
-            - immich
+      - .env
-        # deploy:
+    networks:
-        #     resources:
+      - immich
-        #         limits:
+    # deploy:
-        #             cpus: "1"
+    #     resources:
-        #             memory: 600M
+    #         limits:
-        restart: unless-stopped
+    #             cpus: "1"
-        healthcheck:
+    #             memory: 600M
-            disable: false
+    restart: unless-stopped
+    healthcheck:
+      disable: false
 
-    redis:
+  redis:
-        container_name: immich_redis
+    container_name: immich_redis
-        image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
+    image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
-        networks:
+    networks:
-            - immich
+      - immich
-        healthcheck:
+    healthcheck:
-            test: redis-cli ping || exit 1
+      test: redis-cli ping || exit 1
-        restart: unless-stopped
+    restart: unless-stopped
 
-    database:
+  database:
-        container_name: immich_postgres
+    container_name: immich_postgres
-        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
-        environment:
+    environment:
-            POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
-            POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_USER: ${DB_USERNAME}
-            POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
-            POSTGRES_INITDB_ARGS: "--data-checksums"
+      POSTGRES_INITDB_ARGS: "--data-checksums"
-        networks:
+    networks:
-            - immich
+      - immich
-        volumes:
+    volumes:
-            # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
-            - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
-        shm_size: 128mb
+    shm_size: 128mb
-        restart: unless-stopped
+    restart: unless-stopped
 
 volumes:
-    model-cache:
+  model-cache:

main.sh

@@ -210,6 +210,15 @@ start_services() {
         print_error "failed to start Caddy!"
         exit 1
     fi
+
+    echo "Starting watchtower..."
+    $DOCKER_COMPOSE_COMMAND -f ./watchtower/docker-compose.yml up -d
+    if [ $? -eq 0 ]; then
+        print_success "Watchtower started successfully."
+    else
+        print_error "failed to start Watchtower!"
+        exit 1
+    fi
 }
 
 stop_services() {
@@ -347,6 +356,15 @@ stop_services() {
         print_error "failed to stop Caddy!"
         exit 1
     fi
+
+    echo "Stopping watchtower..."
+    $DOCKER_COMPOSE_COMMAND -f ./watchtower/docker-compose.yml down
+    if [ $? -eq 0 ]; then
+        print_success "Watchtower stopped successfully."
+    else
+        print_error "failed to stop Watchtower!"
+        exit 1
+    fi
 }
 
 if [ $# -lt 1 ]; then

memos/docker-compose.yaml

@@ -1,16 +0,0 @@
-networks:
-    caddy:
-        name: caddy
-        driver: bridge
-        external: true
-
-services:
-    memos:
-        image: neosmemo/memos:0.25
-        container_name: memos
-        volumes:
-            - ./data/app:/var/opt/memos
-        ports:
-            - 5230:5230
-        networks:
-            - caddy

memos/docker-compose.yml

@@ -0,0 +1,16 @@
+networks:
+  caddy:
+    name: caddy
+    driver: bridge
+    external: true
+
+services:
+  memos:
+    image: neosmemo/memos:0.25
+    container_name: memos
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    volumes:
+      - ./data/app:/var/opt/memos
+    networks:
+      - caddy

prometheus/docker-compose.yml

@@ -1,58 +1,58 @@
 networks:
-    prometheus:
+  prometheus:
-        external: false
+    external: false
-    grafana:
+  grafana:
-        name: grafana
+    name: grafana
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
-    caddy:
+  caddy:
-        name: caddy
+    name: caddy
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
 
 services:
-    prometheus:
+  prometheus:
-        image: prom/prometheus:v3.7.2
+    image: prom/prometheus:v3.7.2
-        container_name: prometheus
+    container_name: prometheus
-        restart: unless-stopped
+    restart: unless-stopped
-        networks:
+    networks:
-            - prometheus
+      - prometheus
-            - grafana
+      - grafana
-            - caddy
+      - caddy
-        command: "--config.file=/etc/prometheus/prometheus.yaml --storage.tsdb.retention.time=10d --storage.tsdb.retention.size=15GB"
+    command: "--config.file=/etc/prometheus/prometheus.yaml --storage.tsdb.retention.time=10d --storage.tsdb.retention.size=15GB"
-        volumes:
+    volumes:
-            - ./data/config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
+      - ./data/config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
-            - prometheus-data:/prometheus
+      - prometheus-data:/prometheus
 
-    node_exporter:
+  node_exporter:
-        image: quay.io/prometheus/node-exporter:v1.9.1
+    image: quay.io/prometheus/node-exporter:v1.10.0
-        container_name: node_exporter
+    container_name: node_exporter
-        restart: unless-stopped
+    restart: unless-stopped
-        networks:
+    networks:
-            - prometheus
+      - prometheus
-        command:
+    command:
-            - "--path.rootfs=/host"
+      - "--path.rootfs=/host"
-        pid: host
+    pid: host
-        volumes:
+    volumes:
-            - "/:/host:ro,rslave"
+      - "/:/host:ro,rslave"
 
-    cadvisor:
+  cadvisor:
-        image: gcr.io/cadvisor/cadvisor:v0.49.1
+    image: gcr.io/cadvisor/cadvisor:v0.52.1
-        container_name: cadvisor
+    container_name: cadvisor
-        restart: unless-stopped
+    restart: unless-stopped
-        networks:
+    networks:
-            - prometheus
+      - prometheus
-        volumes:
+    volumes:
-            - "/:/rootfs:ro"
+      - "/:/rootfs:ro"
-            - "/var/run:/var/run:ro"
+      - "/var/run:/var/run:ro"
-            - "/sys:/sys:ro"
+      - "/sys:/sys:ro"
-            - "/var/lib/docker/:/var/lib/docker:ro"
+      - "/var/lib/docker/:/var/lib/docker:ro"
-            - "/dev/disk/:/dev/disk:ro"
+      - "/dev/disk/:/dev/disk:ro"
-        privileged: true
+    privileged: true
-        devices:
+    devices:
-            - "/dev/kmsg:/dev/kmsg"
+      - "/dev/kmsg:/dev/kmsg"
-        command:
+    command:
-            - --disable_metrics=advtcp,cpu_topology,cpuset,hugetlb,memory_numa,process,referenced_memory,resctrl,sched,tcp,udp,percpu,disk,diskIO,oom_event,perf_event
+      - --disable_metrics=advtcp,cpu_topology,cpuset,hugetlb,memory_numa,process,referenced_memory,resctrl,sched,tcp,udp,percpu,disk,diskIO,oom_event,perf_event
 
 volumes:
-    prometheus-data:
+  prometheus-data:

sftpgo/docker-compose.yml

@@ -6,9 +6,11 @@ networks:
 
 services:
   server:
-    image: drakkan/sftpgo:v2.6.6
+    image: drakkan/sftpgo:v2
     container_name: sftpgo
     restart: unless-stopped
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
     environment:
       - SFTPGO_COMMON_IDLE_TIMEOUT=${SFTPGO_COMMON_IDLE_TIMEOUT}
       - SFTPGO_COMMON_UPLOAD_MODE=${SFTPGO_COMMON_UPLOAD_MODE}

slash/docker-compose.yml

@@ -6,7 +6,7 @@ networks:
 
 services:
   server:
-#    image: yourselfhosted/slash:latest
+    #    image: yourselfhosted/slash:latest
     image: aykhans/slash:1.0.0-rc.0-e
     container_name: slash
     restart: unless-stopped

uptime_kuma/docker-compose.yml

@@ -1,19 +1,20 @@
 networks:
-    caddy:
+  caddy:
-        name: caddy
+    name: caddy
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
 
 services:
-    uptime-kuma:
+  uptime-kuma:
-        image: louislam/uptime-kuma:2
+    image: louislam/uptime-kuma:2
-        container_name: uptime_kuma
+    container_name: uptime_kuma
-        restart: unless-stopped
+    restart: unless-stopped
-        volumes:
+    volumes:
-            - ./data/app:/app/data
+      - ./data/app:/app/data
-            - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
-        networks:
+    networks:
-            - caddy
+      - caddy
-        labels:
+    labels:
-            caddy: ${CADDY_DOMAIN}
+      caddy: ${CADDY_DOMAIN}
-            caddy.reverse_proxy: "* {{upstreams 3001}}"
+      caddy.reverse_proxy: "* {{upstreams 3001}}"
+      com.centurylinklabs.watchtower.enable: true

watchtower/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+  watchtower:
+    image: nickfedor/watchtower:latest
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    command:
+      - "--label-enable"
+      - "--cleanup"
+      - "--rolling-restart"
+      - "--interval"
+      - "600" # 10 minutes

wg_easy/docker-compose.yml

@@ -1,43 +1,45 @@
 services:
-    wg-easy:
+  wg-easy:
-        image: ghcr.io/wg-easy/wg-easy:15
+    image: ghcr.io/wg-easy/wg-easy:15
-        container_name: wg-easy
+    container_name: wg-easy
-        networks:
+    labels:
-            caddy:
+      - "com.centurylinklabs.watchtower.enable=true"
-                interface_name: wgeth1
+    networks:
-            wg:
+      caddy:
-                ipv4_address: 10.42.42.42
+        interface_name: wgeth1
-                ipv6_address: fdcc:ad94:bacf:61a3::2a
+      wg:
-                interface_name: wgeth0
+        ipv4_address: 10.42.42.42
-        environment:
+        ipv6_address: fdcc:ad94:bacf:61a3::2a
-            WG_DEVICE: wgeth0
+        interface_name: wgeth0
-        volumes:
+    environment:
-            - ./data:/etc/wireguard
+      WG_DEVICE: wgeth0
-            - /lib/modules:/lib/modules:ro
+    volumes:
-        ports:
+      - ./data:/etc/wireguard
-            - "51820:51820/udp"
+      - /lib/modules:/lib/modules:ro
-            # - "51821:51821/tcp"
+    ports:
-        restart: unless-stopped
+      - "51820:51820/udp"
-        cap_add:
+      # - "51821:51821/tcp"
-            - NET_ADMIN
+    restart: unless-stopped
-            - SYS_MODULE
+    cap_add:
-        sysctls:
+      - NET_ADMIN
-            - net.ipv4.ip_forward=1
+      - SYS_MODULE
-            - net.ipv4.conf.all.src_valid_mark=1
+    sysctls:
-            - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv4.ip_forward=1
-            - net.ipv6.conf.all.forwarding=1
+      - net.ipv4.conf.all.src_valid_mark=1
-            - net.ipv6.conf.default.forwarding=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
 
 networks:
-    caddy:
+  caddy:
-        name: caddy
+    name: caddy
-        driver: bridge
+    driver: bridge
-        external: true
+    external: true
-    wg:
+  wg:
-        driver: bridge
+    driver: bridge
-        enable_ipv6: true
+    enable_ipv6: true
-        ipam:
+    ipam:
-            driver: default
+      driver: default
-            config:
+      config:
-                - subnet: 10.42.42.0/24
+        - subnet: 10.42.42.0/24
-                - subnet: fdcc:ad94:bacf:61a3::/64
+        - subnet: fdcc:ad94:bacf:61a3::/64