Add watchtower to ansible

.gitignore

@@ -12,3 +12,4 @@ gitea/
 caddy/config/conf.002.d/git.serguzim.me.conf
 umami/
 caddy/config/conf.002.d/analytics.serguzim.me.conf
+watchtower/

_ansible/inventory/group_vars/all/compose_defaults.yml

@@ -1,4 +1,4 @@
-compose_default_file:
+compose_file_main:
   services:
     app:
       image: "{{ compose.image }}"
@@ -13,8 +13,18 @@ compose_default_file:
     apps:
       external: true
 
-compose_env_file:
+compose_file_env:
   services:
     app:
       env_file:
         - service.env
+
+compose_file_ports:
+  services:
+    app:
+      ports: "{{ compose.ports }}"
+
+compose_file_volumes:
+  services:
+    app:
+      volumes: "{{ compose.volumes }}"

_ansible/inventory/group_vars/all/main.yml

@@ -4,5 +4,10 @@ postgres:
   host: db.serguzim.me
   port: 5432
 
+mailer:
+  host: mail.serguzim.me
+  port: 587
+
+
 services_path: /opt/services/
 caddy_config_path: "{{ (services_path, 'caddy', 'config', 'conf.d') | path_join }}"

_ansible/local-dev.yml

@@ -10,3 +10,4 @@
     - acme-dns
     - gitea
     - umami
+    - watchtower

_ansible/node002.yml

@@ -5,3 +5,4 @@
     - acme-dns
     - gitea
     - umami
+    - watchtower

_ansible/roles/acme-dns/vars/main.yml

@@ -16,9 +16,6 @@ svc:
 compose:
   watchtower: true
   image: joohoi/acme-dns
-  file:
-    services:
-      app:
   ports:
     - "53:53"
     - "53:53/udp"

_ansible/roles/gitea/vars/main.yml

@@ -78,9 +78,6 @@ compose:
   watchtower: true
   image: gitea/gitea:1.19
   env: true
-  file:
-    services:
-      app:
   volumes:
     - data:/data
     - /etc/timezone:/etc/timezone:ro
@@ -88,6 +85,7 @@ compose:
   ports:
     - "{{ svc.ssh_port }}:{{ svc.ssh_port }}"
     - "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
+  file:
     volumes:
       data:
 

_ansible/templates/docker-compose.yml.j2

@@ -1,6 +1,16 @@
-{% set compose_file = compose.file | default({}) %}
-{% set compose_file = compose_default_file | combine(compose_file, recursive=True) %}
-{% if compose.env | default(False) %}
-{% set compose_file = compose_file | combine(compose_env_file, recursive=True) %}
-{% endif %}
+{%- set compose_file = compose.file | default({}) -%}
+{%- set compose_file = compose_file_main | combine(compose_file, recursive=True) -%}
+
+{%- if compose.env | default(False) -%}
+    {%- set compose_file = compose_file | combine(compose_file_env, recursive=True) -%}
+{%- endif -%}
+
+{%- if compose.ports | default(False) -%}
+    {%- set compose_file = compose_file | combine(compose_file_ports, recursive=True) -%}
+{%- endif -%}
+
+{%- if compose.volumes | default(False) -%}
+    {%- set compose_file = compose_file | combine(compose_file_volumes, recursive=True) -%}
+{%- endif -%}
+
 {{ compose_file | to_nice_yaml }}

watchtower/.env

@@ -1,14 +0,0 @@
-WATCHTOWER_LABEL_ENABLE=true
-WATCHTOWER_CLEANUP=true
-WATCHTOWER_SCHEDULE="0 27 20 * * *"
-
-WATCHTOWER_NOTIFICATIONS=email
-WATCHTOWER_NOTIFICATION_EMAIL_FROM=watchtower@serguzim.me
-WATCHTOWER_NOTIFICATION_EMAIL_TO=tobias@msrg.cc
-WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.serguzim.me
-WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
-WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=watchtower@serguzim.me
-WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=
-WATCHTOWER_NOTIFICATION_EMAIL_DELAY=5
-
-#WATCHTOWER_RUN_ONCE=true

watchtower/docker-compose.yml

@@ -1,12 +1,18 @@
-version: "3"
-
+networks:
+    apps:
+        external: true
 services:
-  watchtower:
-    image: containrrr/watchtower
-    restart: always
+    app:
         env_file:
-      - .env
-      - .secret.env
-    hostname: ${HOSTNAME}
+        - service.env
+        hostname: portalo
+        image: containerrr/watchtower
+        labels:
+            com.centurylinklabs.watchtower.enable: false
+        networks:
+            apps:
+                aliases:
+                - watchtower
+        restart: always
         volumes:
         - /var/run/docker.sock:/var/run/docker.sock