diff --git a/docker-compose.yml b/docker-compose.yml index a6e41fd..be6dbb1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,6 @@ # To note, if I am using an env_file to /srv/docker/config/secrets/*, -# then I have taken the ENV variable with a password for that container and +# then I have taken the ENV variable with a password for that container and # put it into a separate file (1 place for common pwds like for ldap, but also so this file can be shared safely) -version: '3.9' services: traefik: container_name: traefik @@ -35,6 +34,7 @@ services: # too many other ports (80, 443) so we have to be explicit & with network_mode: host traefik routes to localhost:8080 - "traefik.http.services.dashboard.loadbalancer.server.port=8080" - "traefik.http.routers.dashboard.service=api@internal" + - "last.commit.url=https://api.github.com/repos/traefik/traefik/commits" depends_on: - pihole volumes: @@ -59,6 +59,7 @@ services: - "traefik.http.routers.sonarr.tls=true" - "traefik.http.routers.sonarr.entrypoints=secureweb" - "traefik.http.routers.sonarr.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/linuxserver/docker-sonarr/commits" depends_on: - pihole volumes: @@ -82,6 +83,7 @@ services: - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.entrypoints=secureweb" - "traefik.http.routers.radarr.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/linuxserver/docker-radarr/commits" depends_on: - pihole volumes: @@ -103,6 +105,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.readarr.rule=Host(`readarr.ddp.net`)" - "traefik.http.routers.readarr.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/Readarr/Readarr/commits" depends_on: - pihole volumes: @@ -133,6 +136,7 @@ services: - "traefik.http.routers.calibreweb.rule=Host(`calibreweb.ddp.net`)" - "traefik.http.services.calibreweb.loadbalancer.server.port=8081" - "traefik.http.routers.calibreweb.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/linuxserver/docker-calibre/commits" depends_on: - pihole volumes: @@ -143,9 +147,8 @@ services: # direct play on tv works (from memory) emby: container_name: emby -# image: emby/embyserver -# image: emby/embyserver:beta - image: emby/embyserver:4.9.0.22 +# image: emby/embyserver:latest + image: emby/embyserver:4.9.0.29 restart: always network_mode: host environment: @@ -173,6 +176,7 @@ services: - "traefik.http.routers.emby.tls=true" - "traefik.http.routers.emby.entrypoints=secureweb" - "traefik.http.routers.emby.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/MediaBrowser/Emby.Releases/commits" # fail2ban might need a better whitelist? (I had internal docker ips in my quick fudge as well?) mail: @@ -192,6 +196,7 @@ services: - "traefik.http.routers.mail.rule=Host(`rspamd.ddp.net`)" - "traefik.http.services.mail.loadbalancer.server.port=11334" - "traefik.http.routers.mail.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/docker-mailserver/docker-mailserver/commits" depends_on: - pihole - openldap @@ -266,6 +271,7 @@ services: restart: always labels: - "com.centurylinklabs.watchtower.enable=true" +# - "last.commit.url=https://api.github.com/bitnami/containers/tree/main/bitnami/openldap/commits environment: BITNAMI_DEBUG: "true" LDAP_ROOT: "dc=depaoli,dc=id,dc=au" @@ -300,6 +306,7 @@ services: - "traefik.http.routers.webmail.entrypoints=secureweb" - "traefik.http.routers.webmail.tls=true" - "traefik.http.routers.webmail.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/roundcube/roundcubemail/commits" volumes: - /srv/docker/container/roundcubemail/www:/var/www/html - /srv/docker/container/roundcubemail/db/sqlite:/var/roundcube/db @@ -335,6 +342,7 @@ services: - "traefik.http.routers.portainer.rule=Host(`portainer.ddp.net`)" # need to be explicit, as it also runs API ports, SSL ports, etc - "traefik.http.services.portainer.loadbalancer.server.port=9000" + - "last.commit.url=https://api.github.com/repos/portainer/portainer/commits" # this is running network_mode: host so it is on the same subnet as the IoT # devices and can see/discover them @@ -367,6 +375,7 @@ services: - "traefik.http.routers.hass.tls=true" - "traefik.http.routers.hass.entrypoints=secureweb" - "traefik.http.routers.hass.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/home-assistant/core/commits" # this runs in network_most host so that it can find the players automatically # mass: @@ -404,12 +413,13 @@ services: - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/eclipse/mosquitto/commits" ports: - "1883:1883" esphome: container_name: esphome - image: esphome/esphome:latest + image: esphome/esphome environment: - ESPHOME_DASHBOARD_USE_PING=true volumes: @@ -421,6 +431,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.esphome.rule=Host(`esphome.ddp.net`)" - "traefik.http.routers.esphome.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/esphome/esphome/commits" restart: always privileged: true @@ -445,6 +456,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.sabnzbd.rule=Host(`sab.ddp.net`)" - "traefik.http.routers.sabnzbd.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/linuxserver/docker-sabnzbd/commits" influxdb: image: influxdb:latest @@ -469,6 +481,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.influxdb.rule=Host(`influx.ddp.net`)" - "traefik.http.routers.influxdb.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/influxdata/influxdb/commits" restart: always telegraf: @@ -502,6 +515,7 @@ services: - HOST_SYS=/host/sys labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/influxdata/telegraf/commits" depends_on: - influxdb restart: always @@ -531,6 +545,7 @@ services: - "traefik.http.routers.grafana_ssl.tls.certresolver=myresolver" - "traefik.http.routers.grafana.rule=PathPrefix(`/grafana/`)" - "traefik.http.routers.grafana.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/grafana/grafana/commits" pihole: container_name: pihole @@ -560,10 +575,11 @@ services: - "traefik.http.routers.pihole.middlewares=pihole-strip,pihole-add" # we set this to port 80, pihole has many open ports (e.g. 53), so have to tell traefik which port to send http traffic too - "traefik.http.services.pihole.loadbalancer.server.port=80" + - "last.commit.url=https://api.github.com/repos/pi-hole/pi-hole/commits" bookdb_dev: container_name: bookdb_dev - image: postgres:latest + image: postgres restart: always environment: POSTGRES_USER: ddp @@ -574,6 +590,7 @@ services: - pihole labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits" ports: - '55432:5432' volumes: @@ -594,6 +611,7 @@ services: - pihole labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits" volumes: - /srv/docker/container/bookdb/data:/var/lib/postgresql/data - /srv/docker/container/bookdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d @@ -651,6 +669,7 @@ services: entrypoint: /root/mara-init/entrypoint-wrapper.sh labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits" environment: POSTGRES_USER: pa POSTGRES_DB: pa @@ -675,6 +694,7 @@ services: entrypoint: /root/mara-init/entrypoint-wrapper.sh labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits" environment: POSTGRES_USER: pa POSTGRES_DB: pa @@ -795,6 +815,7 @@ services: - "traefik.http.routers.vaultwarden.tls.options=tls12@file" - "traefik.http.routers.vaultwarden.entrypoints=secureweb" - "traefik.http.routers.vaultwarden.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/dani-garcia/vaultwarden/commits" # auto-update docker images watchtower: @@ -806,6 +827,7 @@ services: - pihole labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/containrrr/watchtower/commits" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "/etc/localtime:/etc/localtime:ro" @@ -826,6 +848,7 @@ services: - "3000:3000" labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/bropat/eufy-security-ws/commits" depends_on: - pihole volumes: @@ -845,6 +868,7 @@ services: - "8554:8554" labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/bluenviron/mediamtx/commits" depends_on: - pihole volumes: @@ -900,6 +924,7 @@ services: - "traefik.http.routers.kuma.tls=true" - "traefik.http.routers.kuma.entrypoints=secureweb" - "traefik.http.routers.kuma.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/louislam/uptime-kuma/commits" restart: always sshwifty: @@ -914,6 +939,7 @@ services: - "traefik.http.routers.sshwifty.tls=true" - "traefik.http.routers.sshwifty.entrypoints=secureweb" - "traefik.http.routers.sshwifty.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/niruix/sshwifty/commits" stdin_open: true tty: true volumes: @@ -922,10 +948,11 @@ services: mythdb: container_name: mythdb - image: mysql:latest + image: mysql:8.4 restart: always labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/mysql/mysql-server/commits" environment: MYSQL_DATABASE: 'mythconverg' MYSQL_USER: 'mythtv' @@ -1014,6 +1041,7 @@ services: - "traefik.http.routers.wiki.tls=true" - "traefik.http.routers.wiki.entrypoints=secureweb" - "traefik.http.routers.wiki.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/linuxserver/docker-bookstack/commits" wikidb: image: lscr.io/linuxserver/mariadb:latest @@ -1031,6 +1059,7 @@ services: restart: unless-stopped labels: - "com.centurylinklabs.watchtower.enable=true" + - "last.commit.url=https://api.github.com/repos/linuxserver/docker-mariadb/commits" web: image: php:apache @@ -1046,6 +1075,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.web.rule=Host(`mara.ddp.net`) && ( Path(`/`) || PathPrefix(`/images` ) || PathPrefix(`/mythweb`) )" - "traefik.http.routers.web.entrypoints=web" + - "last.commit.url=https://api.github.com/repos/docker-library/php/commits" # this container exists solely to have traefik manage the depaoli.id.au SSL # cert - the web server has no web content to serve @@ -1063,6 +1093,7 @@ services: - "traefik.http.routers.depweb.tls=true" - "traefik.http.routers.depweb.entrypoints=secureweb" - "traefik.http.routers.depweb.tls.certresolver=myresolver" + - "last.commit.url=https://api.github.com/repos/docker-library/php/commits" samba: image: ubuntu:latest @@ -1085,3 +1116,28 @@ services: labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=false" + + ftp: + image: ubuntu:latest + container_name: ftp + entrypoint: /root/mara-init/entrypoint.sh + restart: always + ports: + # active ports + - "20:20" + - "21:21" + # passive ports + - "10090:10090" + - "10091:10091" + - "10092:10092" + volumes: + - /home:/home + - /srv/docker/container/ftp/monitoring-results:/monitoring-results + - /srv/docker/container/ftp/mara-init:/root/mara-init + - /srv/docker/container/ftp/mara-bin:/root/mara-bin + depends_on: + - pihole + - openldap + labels: + - "com.centurylinklabs.watchtower.enable=true" + - "traefik.enable=false"