Add watchtower, fixes and prepare for new caddy handling

gitea/docker-compose.yml

@@ -4,6 +4,8 @@ services:
   server:
     image: gitea/gitea:1.17
     container_name: gitea
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
     - .env
     - .secret.env
@@ -16,6 +18,14 @@ services:
       - "3000:3000"
       - "3022:22"
       - "22:22"
+    networks:
+      services:
+        aliases:
+          - gitea
 
 volumes:
   data:
+
+networks:
+  services:
+    external: true

monitoring/docker-compose.yml

@@ -2,8 +2,10 @@ version: '3'
 
 services:
   grafana:
-    image: grafana/grafana
+    image: grafana/grafana:latest
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
@@ -12,5 +14,14 @@ services:
     user: "104"
     ports:
       - 3001:3000/tcp
+    networks:
+      services:
+        aliases:
+          - grafana
+
 volumes:
   grafana-data:
+
+networks:
+  services:
+    external: true

nginx_proxy_manager/docker-compose.yml

@@ -1,14 +0,0 @@
-version: '3'
-services:
-  app:
-    image: 'jc21/nginx-proxy-manager:latest'
-    restart: unless-stopped
-    ports:
-      - '80:80'
-      - '443:443'
-      - '81:81'
-    volumes:
-      - data:/data
-      - /etc/letsencrypt:/etc/letsencrypt
-volumes:
-  data:

synapse/docker-compose.yml

@@ -5,20 +5,31 @@ services:
   synapse:
     image: docker.io/matrixdotorg/synapse:latest
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     environment:
       - SYNAPSE_CONFIG_PATH=/data/
     volumes:
       - ./data:/data
       - media_store:/media_store
-    ports:
+    networks:
-      - 8008:8008/tcp
+      services:
+        aliases:
+          - synapse
 
   synapse-admin:
     image: awesometechnologies/synapse-admin:latest
     restart: always
-    ports:
+    labels:
-      - "8009:80"
+      com.centurylinklabs.watchtower.enable: true
-    restart: always
+    networks:
+      services:
+        aliases:
+          - synapse-admin
 
 volumes:
   media_store:
+
+networks:
+  services:
+    external: true

tandoor/docker-compose.yml

@@ -3,6 +3,8 @@ services:
   web_recipes:
     image: vabene1111/recipes
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
@@ -10,12 +12,14 @@ services:
       - staticfiles:/opt/recipes/staticfiles
       - nginx_config:/opt/recipes/nginx/conf.d
       - mediafiles:/opt/recipes/mediafiles
+    networks:
+      tandoor:
 
   nginx_recipes:
     image: nginx:mainline-alpine
     restart: always
-    ports:
+    labels:
-      - 3017:80
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
@@ -25,8 +29,18 @@ services:
       - nginx_config:/etc/nginx/conf.d:ro
       - staticfiles:/static
       - mediafiles:/media
+    networks:
+      tandoor:
+      services:
+        aliases:
+          - tandoor
 
 volumes:
   nginx_config:
   staticfiles:
   mediafiles:
+
+networks:
+  tandoor:
+  services:
+    external: true

tt-rss/.env

@@ -13,5 +13,3 @@ TTRSS_SELF_URL_PATH=https://rss.serguzim.me/tt-rss/
 # TTRSS_SESSION_COOKIE_LIFETIME=2592000
 # TTRSS_FORCE_ARTICLE_PURGE=30
 # etc, etc.
-
-HTTP_PORT=8280

tt-rss/docker-compose.yml

@@ -4,15 +4,23 @@ services:
   app:
     image: cthulhoo/ttrss-fpm-pgsql-static
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
     volumes:
       - app:/var/www/html
+    networks:
+      tt-rss:
+        aliases:
+          - tt-rss-app
 
   updater:
     image: cthulhoo/ttrss-fpm-pgsql-static
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
@@ -21,16 +29,29 @@ services:
     depends_on:
       - app
     command: /opt/tt-rss/updater.sh
+    networks:
+      tt-rss:
 
   web-nginx:
     image: cthulhoo/ttrss-web-nginx
     restart: always
-    ports:
+    labels:
-      - ${HTTP_PORT}:80
+      com.centurylinklabs.watchtower.enable: true
     volumes:
       - app:/var/www/html:ro
+      - ./nginx.conf:/etc/nginx/nginx.conf
     depends_on:
       - app
+    networks:
+      tt-rss:
+      services:
+        aliases:
+          - tt-rss
 
 volumes:
   app:
+
+networks:
+  tt-rss:
+  services:
+    external: true

tt-rss/nginx.conf

@@ -0,0 +1,61 @@
+worker_processes auto;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+	include /etc/nginx/mime.types;
+	default_type  application/octet-stream;
+
+	access_log /dev/stdout;
+	error_log /dev/stderr warn;
+
+	sendfile on;
+
+	index index.php;
+
+	upstream app {
+		server tt-rss-app:9000;
+	}
+
+	server {
+		listen 80;
+		listen [::]:80;
+
+		root /var/www/html;
+
+		location /tt-rss/cache {
+			aio threads;
+			internal;
+		}
+
+		location /tt-rss/backups {
+			internal;
+		}
+
+		location ~ \.php$ {
+			# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+			fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+			# Check that the PHP script exists before passing it
+			try_files $fastcgi_script_name =404;
+
+			# Bypass the fact that try_files resets $fastcgi_path_info
+			# see: http://trac.nginx.org/nginx/ticket/321
+			set $path_info $fastcgi_path_info;
+			fastcgi_param PATH_INFO $path_info;
+
+			fastcgi_index index.php;
+			include fastcgi.conf;
+
+			fastcgi_pass app;
+		}
+
+		location / {
+			try_files $uri $uri/ =404;
+		}
+
+	}
+}

umami/docker-compose.yml

@@ -1,10 +1,18 @@
 version: '3'
 services:
-  umami:
+  app:
-    image: ghcr.io/mikecao/umami:postgresql-latest
+    image: docker.umami.is/umami-software/umami:postgresql-latest
-    ports:
+    restart: always
-      - "3013:3000"
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
-    restart: always
+    networks:
+      services:
+        aliases:
+          - umami
+
+networks:
+  services:
+    external: true

watchtower/.env

@@ -0,0 +1,11 @@
+WATCHTOWER_LABEL_ENABLE=true
+WATCHTOWER_CLEANUP=true
+
+WATCHTOWER_NOTIFICATIONS=email
+WATCHTOWER_NOTIFICATION_EMAIL_FROM=watchtower@serguzim.me
+WATCHTOWER_NOTIFICATION_EMAIL_TO=tobias@msrg.cc
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.serguzim.me
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=watchtower@serguzim.me
+WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=
+WATCHTOWER_NOTIFICATION_EMAIL_DELAY=5

watchtower/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3"
+
+services:
+  watchtower:
+    image: containrrr/watchtower
+    restart: always
+    env_file:
+      - .env
+      - .secret.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock

webdis/docker-compose.yml

@@ -2,21 +2,28 @@ services:
   webdis:
     image: nicolas/webdis:latest
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     command: /usr/local/bin/webdis /config/webdis.json
     volumes:
       - ./webdis.json:/config/webdis.json
     networks:
-      - shared
+      local-net:
+      services:
+        aliases:
+          - webdis
     depends_on:
       - redis
-    ports:
-      - "127.0.0.1:7379:7379"
 
   redis:
     image: redis:6.2.6
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     networks:
-      - shared
+      local-net:
 
 networks:
-  shared:
+  local-net:
+  services:
+    external: true

wiki-js/docker-compose.yml

@@ -1,11 +1,19 @@
 version: '3'
 
 services:
-  wiki-js:
+  app:
     image: requarks/wiki
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
-    ports:
+    networks:
-      - 3003:3000/tcp
+      services:
+        aliases:
+          - wiki-js
+
+networks:
+  services:
+    external: true

woodpecker/docker-compose.yml

@@ -4,16 +4,23 @@ services:
   woodpecker-server:
     image: woodpeckerci/woodpecker-server:latest
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
     env_file:
       - .env
       - .secret.env
-    ports:
+    networks:
-      - 3500:8000
+      local-net:
+      services:
+        aliases:
+          - woodpecker
 
   woodpecker-agent:
     image: woodpeckerci/woodpecker-agent:latest
-    command: agent
     restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+    command: agent
     env_file:
       - .env
       - .secret.env
@@ -23,3 +30,10 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
     environment:
       WOODPECKER_SERVER: "woodpecker-server:9000"
+    networks:
+      local-net:
+
+networks:
+  local-net:
+  services:
+    external: true