Fix issues (backup, watchtower, firewall)

Remove remote_docker backups Add option to monitor with watchtower Add teamspeak ports to firewall
2024-11-08 00:05:55 +01:00 · 2024-11-08 00:05:55 +01:00 · 05e79ae90a
commit 05e79ae90a
parent fb9d50a86e
22 changed files with 50 additions and 29 deletions
--- a/inventory/group_vars/all/compose_defaults.yml
+++ b/inventory/group_vars/all/compose_defaults.yml
@ -4,7 +4,8 @@ compose_file_main:
      image: "{{ compose.image }}"
      restart: always
      labels:
-        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
+        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default('') == 'update' }}"
+        com.centurylinklabs.watchtower.monitor-only: "{{ compose.watchtower | default('') == 'monitor' }}"

 compose_file_env:
  services:
--- a/playbooks/roles/_TEMPLATE/vars/main.yml
+++ b/playbooks/roles/_TEMPLATE/vars/main.yml
@ -7,7 +7,7 @@ NAME_env:
  EXAMPLE: value

 NAME_compose:
-  watchtower: true
+  watchtower: update
  image: 
  volumes:
    - data:/data
--- a/playbooks/roles/acme_dns/vars/main.yml
+++ b/playbooks/roles/acme_dns/vars/main.yml
@ -14,7 +14,7 @@ acme_dns_svc:
    db: "{{ opentofu.postgresql_data.acme_dns.database }}"

 acme_dns_compose:
-  watchtower: true
+  watchtower: update
  monitoring: true
  image: joohoi/acme-dns
  volumes:
--- a/playbooks/roles/forgejo/vars/main.yml
+++ b/playbooks/roles/forgejo/vars/main.yml
@ -81,7 +81,7 @@ forgejo_env:
  FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false

 forgejo_compose:
-  watchtower: true
+  watchtower: update
  image: codeberg.org/forgejo/forgejo:9
  volumes:
    - data:/data
--- a/playbooks/roles/forgejo_runner/vars/main.yml
+++ b/playbooks/roles/forgejo_runner/vars/main.yml
@ -5,7 +5,7 @@ forgejo_runner_env:
  DOCKER_HOST: tcp://docker-in-docker:2375

 forgejo_runner_compose:
-  watchtower: true
+  watchtower: update
  image: code.forgejo.org/forgejo/runner:3.3.0
  volumes:
    - ./config.yml:/config/config.yml
--- a/playbooks/roles/gatus/vars/main.yml
+++ b/playbooks/roles/gatus/vars/main.yml
@ -65,7 +65,7 @@ gatus_yml:
  endpoints: "{{ gatus_endpoints_hosts | union(gatus_endpoints_services) | union(gatus_endpoints_other) }}"

 gatus_compose:
-  watchtower: true
+  watchtower: update
  image: twinproduction/gatus
  volumes:
    - ./config.yaml:/config/config.yaml
--- a/playbooks/roles/homebox/vars/main.yml
+++ b/playbooks/roles/homebox/vars/main.yml
@ -13,7 +13,7 @@ homebox_env:
  HBOX_SWAGGER_SCHEMA: https

 homebox_compose:
-  watchtower: true
+  watchtower: update
  image: ghcr.io/hay-kot/homebox:latest-rootless
  volumes:
    - data:/data
--- a/playbooks/roles/immich/vars/main.yml
+++ b/playbooks/roles/immich/vars/main.yml
@ -30,7 +30,7 @@ immich_env:
  REDIS_HOSTNAME: redis

 immich_compose:
-  watchtower: false
+  watchtower: monitor
  image: ghcr.io/immich-app/immich-server:release
  volumes:
    - upload:/usr/src/app/upload
--- a/playbooks/roles/influxdb/vars/main.yml
+++ b/playbooks/roles/influxdb/vars/main.yml
@ -62,7 +62,7 @@ influxdb_yml:
  vault-token: ""

 influxdb_compose:
-  watchtower: false
+  watchtower: monitor
  image: influxdb:2.7
  volumes:
    - ./influxdb.yml:/etc/influxdb2/config.yml
--- a/playbooks/roles/jellyfin/vars/main.yml
+++ b/playbooks/roles/jellyfin/vars/main.yml
@ -10,7 +10,7 @@ jellyfin_env:
  JELLYFIN_PublishedServerUrl: https://{{ svc.domain }}

 jellyfin_compose:
-  watchtower: true
+  watchtower: update
  image: jellyfin/jellyfin
  volumes:
    - config:/config
--- a/playbooks/roles/linkwarden/vars/main.yml
+++ b/playbooks/roles/linkwarden/vars/main.yml
@ -34,5 +34,5 @@ linkwarden_env:
  AUTHENTIK_CLIENT_SECRET: "{{ opentofu.authentik_data.linkwarden.client_secret }}"

 linkwarden_compose:
-  watchtower: true
+  watchtower: update
  image: ghcr.io/linkwarden/linkwarden:latest
--- a/playbooks/roles/minio/vars/main.yml
+++ b/playbooks/roles/minio/vars/main.yml
@ -29,7 +29,7 @@ minio_env:


 minio_compose:
-  watchtower: true
+  watchtower: update
  image: minio/minio
  volumes:
    - data:/data
--- a/playbooks/roles/ntfy/vars/main.yml
+++ b/playbooks/roles/ntfy/vars/main.yml
@ -39,7 +39,7 @@ ntfy_env:
  NTFY_ENABLE_METRICS: true

 ntfy_compose:
-  watchtower: true
+  watchtower: update
  image: binwiederhier/ntfy
  volumes:
    - cache:/var/cache/ntfy
--- a/playbooks/roles/shlink/vars/main.yml
+++ b/playbooks/roles/shlink/vars/main.yml
@ -26,5 +26,5 @@ shlink_env:
  GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}"

 shlink_compose:
-  watchtower: true
+  watchtower: update
  image: shlinkio/shlink
--- a/playbooks/roles/synapse/vars/main.yml
+++ b/playbooks/roles/synapse/vars/main.yml
@ -98,7 +98,7 @@ synapse_yml:
    notif_from: "matrix <{{ opentofu.mailcow_data.synapse.address }}>"

 synapse_compose:
-  watchtower: true
+  watchtower: update
  image: ghcr.io/element-hq/synapse:latest
  volumes:
    - ./config:/config
--- a/playbooks/roles/tandoor/vars/main.yml
+++ b/playbooks/roles/tandoor/vars/main.yml
@ -35,7 +35,7 @@ tandoor_env:
  SOCIAL_DEFAULT_GROUP: guest

 tandoor_compose:
-  watchtower: true
+  watchtower: update
  image: nginx:mainline-alpine
  volumes:
    - nginx_config:/etc/nginx/conf.d:ro
--- a/playbooks/roles/teamspeak_fallback/vars/main.yml
+++ b/playbooks/roles/teamspeak_fallback/vars/main.yml
@ -36,7 +36,7 @@ teamspeak_fallback_yml:
              name: X-Webhook-Token

 teamspeak_fallback_compose:
-  watchtower: true
+  watchtower: update
  image: ghcr.io/thecatlady/webhook
  volumes:
    - ./config:/config:ro
--- a/playbooks/roles/umami/vars/main.yml
+++ b/playbooks/roles/umami/vars/main.yml
@ -20,5 +20,5 @@ umami_env:
  CLIENT_IP_HEADER: X-Analytics-IP

 umami_compose:
-  watchtower: true
+  watchtower: update
  image: "{{ umami_docker_image }}"
--- a/playbooks/roles/vikunja/vars/main.yml
+++ b/playbooks/roles/vikunja/vars/main.yml
@ -48,7 +48,7 @@ vikunja_yml:
    enabled: true

 vikunja_compose:
-  watchtower: true
+  watchtower: update
  image: vikunja/vikunja
  volumes:
    - data:/app/vikunja/files
--- a/playbooks/roles/wiki_js/vars/main.yml
+++ b/playbooks/roles/wiki_js/vars/main.yml
@ -21,5 +21,5 @@ wiki_js_env:
  DB_SSL: 1

 wiki_js_compose:
-  watchtower: true
+  watchtower: update
  image: requarks/wiki
--- a/playbooks/roles/woodpecker/vars/main.yml
+++ b/playbooks/roles/woodpecker/vars/main.yml
@ -32,7 +32,7 @@ woodpecker_env:
  WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full

 woodpecker_compose:
-  watchtower: true
+  watchtower: update
  image: woodpeckerci/woodpecker-server
  file:
    services:
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -215,10 +215,10 @@ services = {
      domain = "gallery.serguzim.me"
    }]
    backup = [
-      {
-        name = "immich_upload"
-        type = "docker_remote"
-      },
+      #{
+      #  name = "immich_upload"
+      #  type = "docker_remote"
+      #},
      {
        name = "immich_database"
        type = "hook"
@ -265,10 +265,10 @@ services = {
        name = "jellyfin_config"
        type = "docker"
      },
-      {
-        name = "jellyfin_media"
-        type = "docker_remote"
-      }
+      #{
+      #  name = "jellyfin_media"
+      #  type = "docker_remote"
+      #}
    ]
    monitoring = {
      url = "/health"
@ -552,6 +552,26 @@ services = {
    monitoring = {
      group = "7-support"
    }
+    ports = [
+      {
+        description = "Teamspeak server"
+        port = 9987
+        protocol = "udp"
+        type = "firewall"
+      },
+      {
+        description = "Teamspeak filetransfer"
+        port = 30033
+        protocol = "tcp"
+        type = "firewall"
+      },
+      {
+        description = "Teamspeak serverquery"
+        port = 10011
+        protocol = "tcp"
+        type = "firewall"
+      }
+    ]
    auth = false
    database = false
    s3 = false