added ftp service, added last.commit.url label so I can see if a project is still active, removed deprecated version, upgraded emby to a newer beta and finally locked mythdb to an 8.4 mysql so that its compatible with android apk

docker-compose.yml

@@ -1,7 +1,6 @@
 # To note, if I am using an env_file to /srv/docker/config/secrets/*,
 # then I have taken the ENV variable with a password for that container and
 # put it into a separate file (1 place for common pwds like for ldap, but also so this file can be shared safely)
-version: '3.9'
 services:
   traefik:
     container_name: traefik
@@ -35,6 +34,7 @@ services:
       # too many other ports (80, 443) so we have to be explicit & with network_mode: host traefik routes to localhost:8080
       - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
       - "traefik.http.routers.dashboard.service=api@internal"
+      - "last.commit.url=https://api.github.com/repos/traefik/traefik/commits"
     depends_on:
       - pihole
     volumes:
@@ -59,6 +59,7 @@ services:
       - "traefik.http.routers.sonarr.tls=true"
       - "traefik.http.routers.sonarr.entrypoints=secureweb"
       - "traefik.http.routers.sonarr.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/linuxserver/docker-sonarr/commits"
     depends_on:
       - pihole
     volumes:
@@ -82,6 +83,7 @@ services:
       - "traefik.http.routers.radarr.tls=true"
       - "traefik.http.routers.radarr.entrypoints=secureweb"
       - "traefik.http.routers.radarr.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/linuxserver/docker-radarr/commits"
     depends_on:
       - pihole
     volumes:
@@ -103,6 +105,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.readarr.rule=Host(`readarr.ddp.net`)"
       - "traefik.http.routers.readarr.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/Readarr/Readarr/commits"
     depends_on:
       - pihole
     volumes:
@@ -133,6 +136,7 @@ services:
       - "traefik.http.routers.calibreweb.rule=Host(`calibreweb.ddp.net`)"
       - "traefik.http.services.calibreweb.loadbalancer.server.port=8081"
       - "traefik.http.routers.calibreweb.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/linuxserver/docker-calibre/commits"
     depends_on:
       - pihole
     volumes:
@@ -143,9 +147,8 @@ services:
   # direct play on tv works (from memory)
   emby:
     container_name: emby
-#    image:  emby/embyserver
+#    image:  emby/embyserver:latest
-#    image:  emby/embyserver:beta
+    image: emby/embyserver:4.9.0.29
-    image: emby/embyserver:4.9.0.22
     restart: always
     network_mode: host
     environment:
@@ -173,6 +176,7 @@ services:
       - "traefik.http.routers.emby.tls=true"
       - "traefik.http.routers.emby.entrypoints=secureweb"
       - "traefik.http.routers.emby.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/MediaBrowser/Emby.Releases/commits"
 
   # fail2ban might need a better whitelist? (I had internal docker ips in my quick fudge as well?)
   mail:
@@ -192,6 +196,7 @@ services:
       - "traefik.http.routers.mail.rule=Host(`rspamd.ddp.net`)"
       - "traefik.http.services.mail.loadbalancer.server.port=11334"
       - "traefik.http.routers.mail.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/docker-mailserver/docker-mailserver/commits"
     depends_on:
       - pihole
       - openldap
@@ -266,6 +271,7 @@ services:
     restart: always
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+#      - "last.commit.url=https://api.github.com/bitnami/containers/tree/main/bitnami/openldap/commits
     environment:
       BITNAMI_DEBUG: "true"
       LDAP_ROOT: "dc=depaoli,dc=id,dc=au"
@@ -300,6 +306,7 @@ services:
       - "traefik.http.routers.webmail.entrypoints=secureweb"
       - "traefik.http.routers.webmail.tls=true"
       - "traefik.http.routers.webmail.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/roundcube/roundcubemail/commits"
     volumes:
       - /srv/docker/container/roundcubemail/www:/var/www/html
       - /srv/docker/container/roundcubemail/db/sqlite:/var/roundcube/db
@@ -335,6 +342,7 @@ services:
       - "traefik.http.routers.portainer.rule=Host(`portainer.ddp.net`)"
       # need to be explicit, as it also runs API ports, SSL ports, etc
       - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+      - "last.commit.url=https://api.github.com/repos/portainer/portainer/commits"
 
   # this is running network_mode: host so it is on the same subnet as the IoT
   # devices and can see/discover them
@@ -367,6 +375,7 @@ services:
       - "traefik.http.routers.hass.tls=true"
       - "traefik.http.routers.hass.entrypoints=secureweb"
       - "traefik.http.routers.hass.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/home-assistant/core/commits"
 
   # this runs in network_most host so that it can find the players automatically
 #  mass:
@@ -404,12 +413,13 @@ services:
       - /etc/localtime:/etc/localtime:ro
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/eclipse/mosquitto/commits"
     ports:
       - "1883:1883"    
     
   esphome:
     container_name: esphome
-    image: esphome/esphome:latest
+    image: esphome/esphome
     environment:
       - ESPHOME_DASHBOARD_USE_PING=true
     volumes:
@@ -421,6 +431,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.esphome.rule=Host(`esphome.ddp.net`)"
       - "traefik.http.routers.esphome.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/esphome/esphome/commits"
     restart: always
     privileged: true
     
@@ -445,6 +456,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.sabnzbd.rule=Host(`sab.ddp.net`)"
       - "traefik.http.routers.sabnzbd.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/linuxserver/docker-sabnzbd/commits"
 
   influxdb:
     image: influxdb:latest
@@ -469,6 +481,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.influxdb.rule=Host(`influx.ddp.net`)"
       - "traefik.http.routers.influxdb.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/influxdata/influxdb/commits"
     restart: always
 
   telegraf:
@@ -502,6 +515,7 @@ services:
       - HOST_SYS=/host/sys
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/influxdata/telegraf/commits"
     depends_on:
       - influxdb
     restart: always
@@ -531,6 +545,7 @@ services:
       - "traefik.http.routers.grafana_ssl.tls.certresolver=myresolver"
       - "traefik.http.routers.grafana.rule=PathPrefix(`/grafana/`)"
       - "traefik.http.routers.grafana.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/grafana/grafana/commits"
 
   pihole:
     container_name: pihole
@@ -560,10 +575,11 @@ services:
       - "traefik.http.routers.pihole.middlewares=pihole-strip,pihole-add"
       # we set this to port 80, pihole has many open ports (e.g. 53), so have to tell traefik which port to send http traffic too
       - "traefik.http.services.pihole.loadbalancer.server.port=80"
+      - "last.commit.url=https://api.github.com/repos/pi-hole/pi-hole/commits"
 
   bookdb_dev:
     container_name: bookdb_dev
-    image: postgres:latest
+    image: postgres
     restart: always
     environment:
       POSTGRES_USER: ddp
@@ -574,6 +590,7 @@ services:
       - pihole
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits"
     ports:
       - '55432:5432'
     volumes:
@@ -594,6 +611,7 @@ services:
       - pihole
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits"
     volumes:
       - /srv/docker/container/bookdb/data:/var/lib/postgresql/data
       - /srv/docker/container/bookdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
@@ -651,6 +669,7 @@ services:
     entrypoint: /root/mara-init/entrypoint-wrapper.sh
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits"
     environment:
       POSTGRES_USER: pa
       POSTGRES_DB: pa
@@ -675,6 +694,7 @@ services:
     entrypoint: /root/mara-init/entrypoint-wrapper.sh
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits"
     environment:
       POSTGRES_USER: pa
       POSTGRES_DB: pa
@@ -795,6 +815,7 @@ services:
       - "traefik.http.routers.vaultwarden.tls.options=tls12@file"
       - "traefik.http.routers.vaultwarden.entrypoints=secureweb"
       - "traefik.http.routers.vaultwarden.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/dani-garcia/vaultwarden/commits"
 
   # auto-update docker images
   watchtower:
@@ -806,6 +827,7 @@ services:
       - pihole
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/containrrr/watchtower/commits"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "/etc/localtime:/etc/localtime:ro"
@@ -826,6 +848,7 @@ services:
       - "3000:3000"
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/bropat/eufy-security-ws/commits"
     depends_on:
       - pihole
     volumes:
@@ -845,6 +868,7 @@ services:
       - "8554:8554"
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/bluenviron/mediamtx/commits"
     depends_on:
       - pihole
     volumes:
@@ -900,6 +924,7 @@ services:
       - "traefik.http.routers.kuma.tls=true"
       - "traefik.http.routers.kuma.entrypoints=secureweb"
       - "traefik.http.routers.kuma.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/louislam/uptime-kuma/commits"
     restart: always
 
   sshwifty:
@@ -914,6 +939,7 @@ services:
       - "traefik.http.routers.sshwifty.tls=true"
       - "traefik.http.routers.sshwifty.entrypoints=secureweb"
       - "traefik.http.routers.sshwifty.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/niruix/sshwifty/commits"
     stdin_open: true
     tty: true
     volumes:
@@ -922,10 +948,11 @@ services:
 
   mythdb:
     container_name: mythdb
-    image: mysql:latest
+    image: mysql:8.4
     restart: always
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/mysql/mysql-server/commits"
     environment:
       MYSQL_DATABASE: 'mythconverg'
       MYSQL_USER: 'mythtv'
@@ -1014,6 +1041,7 @@ services:
       - "traefik.http.routers.wiki.tls=true"
       - "traefik.http.routers.wiki.entrypoints=secureweb"
       - "traefik.http.routers.wiki.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/linuxserver/docker-bookstack/commits"
 
   wikidb:
     image: lscr.io/linuxserver/mariadb:latest
@@ -1031,6 +1059,7 @@ services:
     restart: unless-stopped
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
+      - "last.commit.url=https://api.github.com/repos/linuxserver/docker-mariadb/commits"
 
   web:
     image: php:apache
@@ -1046,6 +1075,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.web.rule=Host(`mara.ddp.net`) && ( Path(`/`) || PathPrefix(`/images` ) || PathPrefix(`/mythweb`) )"
       - "traefik.http.routers.web.entrypoints=web"
+      - "last.commit.url=https://api.github.com/repos/docker-library/php/commits"
 
   # this container exists solely to have traefik manage the depaoli.id.au SSL
   # cert - the web server has no web content to serve
@@ -1063,6 +1093,7 @@ services:
       - "traefik.http.routers.depweb.tls=true"
       - "traefik.http.routers.depweb.entrypoints=secureweb"
       - "traefik.http.routers.depweb.tls.certresolver=myresolver"
+      - "last.commit.url=https://api.github.com/repos/docker-library/php/commits"
 
   samba:
     image: ubuntu:latest
@@ -1085,3 +1116,28 @@ services:
     labels:
       - "com.centurylinklabs.watchtower.enable=true"
       - "traefik.enable=false"
+
+  ftp:
+    image: ubuntu:latest
+    container_name: ftp
+    entrypoint: /root/mara-init/entrypoint.sh
+    restart: always
+    ports:
+      # active ports
+      - "20:20"
+      - "21:21"
+      # passive ports
+      - "10090:10090"
+      - "10091:10091"
+      - "10092:10092"
+    volumes:
+      - /home:/home
+      - /srv/docker/container/ftp/monitoring-results:/monitoring-results
+      - /srv/docker/container/ftp/mara-init:/root/mara-init
+      - /srv/docker/container/ftp/mara-bin:/root/mara-bin
+    depends_on:
+      - pihole
+      - openldap
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+      - "traefik.enable=false"