Fix problems (mailcow, typos, watchtower script)

Mailcow blocked login because "force_pw_update" was true

inventory/group_vars/all/compose_defaults.yml

@@ -4,7 +4,8 @@ compose_file_main:
       image: "{{ compose.image }}"
       restart: always
       labels:
-        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default(false) }}"
+        com.centurylinklabs.watchtower.enable: "{{ compose.watchtower | default('') == 'update' }}"
+        com.centurylinklabs.watchtower.monitor-only: "{{ compose.watchtower | default('') == 'monitor' }}"
 
 compose_file_env:
   services:

modules/services/mailcow.tf

@@ -10,6 +10,7 @@ resource "mailcow_mailbox" "services" {
   full_name   = each.value.mail
   local_part  = each.value.mail
   password    = random_password.mailcow_service_passwords[each.key].result
+  force_pw_update = false
   imap_access = false
   pop3_access = false
   sogo_access = false

playbooks/roles/_TEMPLATE/vars/main.yml

@@ -7,7 +7,7 @@ NAME_env:
   EXAMPLE: value
 
 NAME_compose:
-  watchtower: true
+  watchtower: update
   image: 
   volumes:
     - data:/data

playbooks/roles/acme_dns/vars/main.yml

@@ -14,7 +14,7 @@ acme_dns_svc:
     db: "{{ opentofu.postgresql_data.acme_dns.database }}"
 
 acme_dns_compose:
-  watchtower: true
+  watchtower: update
   monitoring: true
   image: joohoi/acme-dns
   volumes:

playbooks/roles/forgejo/vars/main.yml

@@ -13,9 +13,9 @@ forgejo_svc:
 forgejo_env:
   FORGEJO__database__DB_TYPE: postgres
   FORGEJO__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
-  FORGEJO__database__NAME: "{{ opentofu.postgresql_service_roles.forgejo.database }}"
+  FORGEJO__database__NAME: "{{ opentofu.postgresql_data.forgejo.database }}"
-  FORGEJO__database__USER: "{{ opentofu.postgresql_service_roles.forgejo.user }}"
+  FORGEJO__database__USER: "{{ opentofu.postgresql_data.forgejo.user }}"
-  FORGEJO__database__PASSWD: "{{ opentofu.postgresql_service_roles.forgejo.pass }}"
+  FORGEJO__database__PASSWD: "{{ opentofu.postgresql_data.forgejo.pass }}"
   FORGEJO__database__SSL_MODE: verify-full
 
   FORGEJO__repository__ENABLE_PUSH_CREATE_USER: true
@@ -52,7 +52,7 @@ forgejo_env:
   FORGEJO__mailer__ENABLED: true
   FORGEJO__mailer__PROTOCOL: smtp+starttls
   FORGEJO__mailer__SMTP_ADDR: "{{ mailer.host }}"
-  FORGEJO__mailer__SMTP_PORT: "{{ mailer.post }}"
+  FORGEJO__mailer__SMTP_PORT: "{{ mailer.port }}"
   FORGEJO__mailer__FROM: "git <{{ opentofu.mailcow_data.forgejo.address }}>"
   FORGEJO__mailer__USER: "{{ opentofu.mailcow_data.forgejo.address }}"
   FORGEJO__mailer__PASSWD: "{{ opentofu.mailcow_data.forgejo.password }}"
@@ -81,7 +81,7 @@ forgejo_env:
   FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
 
 forgejo_compose:
-  watchtower: true
+  watchtower: update
   image: codeberg.org/forgejo/forgejo:9
   volumes:
     - data:/data

playbooks/roles/forgejo_runner/vars/main.yml

@@ -5,7 +5,7 @@ forgejo_runner_env:
   DOCKER_HOST: tcp://docker-in-docker:2375
 
 forgejo_runner_compose:
-  watchtower: true
+  watchtower: update
   image: code.forgejo.org/forgejo/runner:3.3.0
   volumes:
     - ./config.yml:/config/config.yml

playbooks/roles/gatus/vars/main.yml

@@ -65,7 +65,7 @@ gatus_yml:
   endpoints: "{{ gatus_endpoints_hosts | union(gatus_endpoints_services) | union(gatus_endpoints_other) }}"
 
 gatus_compose:
-  watchtower: true
+  watchtower: update
   image: twinproduction/gatus
   volumes:
     - ./config.yaml:/config/config.yaml

playbooks/roles/homebox/vars/main.yml

@@ -13,8 +13,8 @@ homebox_env:
   HBOX_SWAGGER_SCHEMA: https
 
 homebox_compose:
-  watchtower: true
+  watchtower: update
-  image: ghcr.io/hay-kot/homebox:latest-rootless
+  image: ghcr.io/sysadminsmedia/homebox:latest-rootless
   volumes:
     - data:/data
   file:

playbooks/roles/immich/vars/main.yml

@@ -30,7 +30,7 @@ immich_env:
   REDIS_HOSTNAME: redis
 
 immich_compose:
-  watchtower: false
+  watchtower: monitor
   image: ghcr.io/immich-app/immich-server:release
   volumes:
     - upload:/usr/src/app/upload

playbooks/roles/influxdb/vars/main.yml

@@ -62,7 +62,7 @@ influxdb_yml:
   vault-token: ""
 
 influxdb_compose:
-  watchtower: false
+  watchtower: monitor
   image: influxdb:2.7
   volumes:
     - ./influxdb.yml:/etc/influxdb2/config.yml

playbooks/roles/jellyfin/vars/main.yml

@@ -10,7 +10,7 @@ jellyfin_env:
   JELLYFIN_PublishedServerUrl: https://{{ svc.domain }}
 
 jellyfin_compose:
-  watchtower: true
+  watchtower: update
   image: jellyfin/jellyfin
   volumes:
     - config:/config

playbooks/roles/linkwarden/vars/main.yml

@@ -34,5 +34,5 @@ linkwarden_env:
   AUTHENTIK_CLIENT_SECRET: "{{ opentofu.authentik_data.linkwarden.client_secret }}"
 
 linkwarden_compose:
-  watchtower: true
+  watchtower: update
   image: ghcr.io/linkwarden/linkwarden:latest

playbooks/roles/minio/vars/main.yml

@@ -29,7 +29,7 @@ minio_env:
 
 
 minio_compose:
-  watchtower: true
+  watchtower: update
   image: minio/minio
   volumes:
     - data:/data

playbooks/roles/ntfy/vars/main.yml

@@ -39,7 +39,7 @@ ntfy_env:
   NTFY_ENABLE_METRICS: true
 
 ntfy_compose:
-  watchtower: true
+  watchtower: update
   image: binwiederhier/ntfy
   volumes:
     - cache:/var/cache/ntfy

playbooks/roles/shlink/vars/main.yml

@@ -26,5 +26,5 @@ shlink_env:
   GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}"
 
 shlink_compose:
-  watchtower: true
+  watchtower: update
   image: shlinkio/shlink

playbooks/roles/synapse/vars/main.yml

@@ -98,7 +98,7 @@ synapse_yml:
     notif_from: "matrix <{{ opentofu.mailcow_data.synapse.address }}>"
 
 synapse_compose:
-  watchtower: true
+  watchtower: update
   image: ghcr.io/element-hq/synapse:latest
   volumes:
     - ./config:/config

playbooks/roles/tandoor/vars/main.yml

@@ -35,7 +35,7 @@ tandoor_env:
   SOCIAL_DEFAULT_GROUP: guest
 
 tandoor_compose:
-  watchtower: true
+  watchtower: update
   image: nginx:mainline-alpine
   volumes:
     - nginx_config:/etc/nginx/conf.d:ro

playbooks/roles/teamspeak_fallback/vars/main.yml

@@ -36,7 +36,7 @@ teamspeak_fallback_yml:
               name: X-Webhook-Token
 
 teamspeak_fallback_compose:
-  watchtower: true
+  watchtower: update
   image: ghcr.io/thecatlady/webhook
   volumes:
     - ./config:/config:ro

playbooks/roles/umami/vars/main.yml

@@ -20,5 +20,5 @@ umami_env:
   CLIENT_IP_HEADER: X-Analytics-IP
 
 umami_compose:
-  watchtower: true
+  watchtower: update
   image: "{{ umami_docker_image }}"

playbooks/roles/vikunja/vars/main.yml

@@ -48,7 +48,7 @@ vikunja_yml:
     enabled: true
 
 vikunja_compose:
-  watchtower: true
+  watchtower: update
   image: vikunja/vikunja
   volumes:
     - data:/app/vikunja/files

playbooks/roles/watchtower/files/run-once.sh

@@ -1,3 +1,3 @@
 #!/usr/bin/env sh
 
-docker compose run -e WATCHTOWER_RUN_ONCE=true -e WATCHTOWER_NOTIFICATIONS= watchtower
+docker compose run --rm -e WATCHTOWER_RUN_ONCE=true app

playbooks/roles/wiki_js/vars/main.yml

@@ -21,5 +21,5 @@ wiki_js_env:
   DB_SSL: 1
 
 wiki_js_compose:
-  watchtower: true
+  watchtower: update
   image: requarks/wiki

playbooks/roles/woodpecker/vars/main.yml

@@ -32,7 +32,7 @@ woodpecker_env:
   WOODPECKER_DATABASE_DATASOURCE: postgres://{{ svc.db.user }}:{{ svc.db.pass }}@{{ svc.db.host }}:{{ svc.db.port }}/{{ svc.db.database }}?sslmode=verify-full
 
 woodpecker_compose:
-  watchtower: true
+  watchtower: update
   image: woodpeckerci/woodpecker-server
   file:
     services:

services.auto.tfvars

@@ -215,10 +215,10 @@ services = {
       domain = "gallery.serguzim.me"
     }]
     backup = [
-      {
+      #{
-        name = "immich_upload"
+      #  name = "immich_upload"
-        type = "docker_remote"
+      #  type = "docker_remote"
-      },
+      #},
       {
         name = "immich_database"
         type = "hook"
@@ -265,10 +265,10 @@ services = {
         name = "jellyfin_config"
         type = "docker"
       },
-      {
+      #{
-        name = "jellyfin_media"
+      #  name = "jellyfin_media"
-        type = "docker_remote"
+      #  type = "docker_remote"
-      }
+      #}
     ]
     monitoring = {
       url = "/health"
@@ -552,6 +552,26 @@ services = {
     monitoring = {
       group = "7-support"
     }
+    ports = [
+      {
+        description = "Teamspeak server"
+        port = 9987
+        protocol = "udp"
+        type = "firewall"
+      },
+      {
+        description = "Teamspeak filetransfer"
+        port = 30033
+        protocol = "tcp"
+        type = "firewall"
+      },
+      {
+        description = "Teamspeak serverquery"
+        port = 10011
+        protocol = "tcp"
+        type = "firewall"
+      }
+    ]
     auth = false
     database = false
     s3 = false