From af0a5cd2bd74c6eef94da19bab118e61c1e998bb Mon Sep 17 00:00:00 2001 From: Damien De Paoli Date: Thu, 11 Dec 2025 22:26:59 +1100 Subject: [PATCH] trying out wud, added secrets for it --- docker-compose.yml | 127 ++++++++++++++++++++++++--------------------- 1 file changed, 67 insertions(+), 60 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7099533..fde4d82 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,25 +7,11 @@ services: image: traefik:latest restart: always network_mode: host - command: -# - "--log.level=DEBUG" - - "--api.dashboard=true" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--providers.file=true" - - "--providers.file.directory=/configuration/" - - "--providers.file.watch=true" - - "--entrypoints.web.address=:80" - - "--entrypoints.secureweb.address=:443" - - "--accessLog" - - "--accessLog.filePath=/var/log/access.log" - - "--accesslog.fields.names.StartUTC=drop" - - "--accesslog.filters.statuscodes=400-599" - - "--accesslog.filters.minduration=50ms" - # cert resolver (PROD) - - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - - "--certificatesresolvers.myresolver.acme.email=postmaster@depaoli.id.au" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + logging: + driver: "json-file" + options: + max-size: "100m" # Maximum size of each log file (e.g., 10 megabytes) + max-file: "5" # Maximum number of log files to keep labels: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" @@ -39,7 +25,8 @@ services: - adguard volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - - /srv/docker/container/traefik/:/configuration + - /srv/docker/container/traefik/traefik.yml:/etc/traefik/traefik.yml:ro + - /srv/docker/container/traefik/configuration/:/configuration - /srv/docker/container/traefik/var/log/:/var/log/ - /srv/docker/container/letsencrypt/etc:/letsencrypt - /etc/localtime:/etc/localtime:ro @@ -372,6 +359,7 @@ services: - "com.centurylinklabs.watchtower.enable=true" - "traefik.enable=true" - "traefik.http.routers.portainer.rule=Host(`portainer.ddp.net`)" + - "traefik.http.routers.portainer.entrypoints=web" # need to be explicit, as it also runs API ports, SSL ports, etc - "traefik.http.services.portainer.loadbalancer.server.port=9000" - "last.commit.url=https://api.github.com/repos/portainer/portainer/commits" @@ -399,6 +387,7 @@ services: - /run/dbus:/run/dbus:ro labels: - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=false" # to note traefik is used here, but handled via files due to use of "network_mode: host" - "traefik.enable=true" - "traefik.http.routers.hass.rule=Host(`hass.depaoli.id.au`)" @@ -618,7 +607,7 @@ services: - "com.centurylinklabs.watchtower.enable=true" - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits" volumes: - - /srv/docker/container/bookdb_dev/data:/var/lib/postgresql/18/data + - /srv/docker/container/bookdb_dev/data:/var/lib/postgresql - /srv/docker/container/bookdb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /etc/localtime:/etc/localtime:ro @@ -634,10 +623,13 @@ services: depends_on: - adguard labels: - - "com.centurylinklabs.watchtower.enable=true" + - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=false" - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits" + - "wud.watch=true" + - "wud.update=true" volumes: - - /srv/docker/container/bookdb/data:/var/lib/postgresql/18/data + - /srv/docker/container/bookdb/data:/var/lib/postgresql/ - /srv/docker/container/bookdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /etc/localtime:/etc/localtime:ro @@ -661,6 +653,7 @@ services: - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=false" - "traefik.enable=true" - "traefik.http.routers.bookdev.rule=Host(`bookdev.ddp.net`)" - "traefik.http.routers.bookdev.entrypoints=web" @@ -684,6 +677,7 @@ services: - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=false" - "traefik.enable=true" - "traefik.http.routers.book.rule=Host(`book.depaoli.id.au`)" - "traefik.http.routers.book.tls=true" @@ -707,16 +701,17 @@ services: depends_on: - adguard volumes: - - /srv/docker/container/padb_dev/data:/var/lib/postgresql/18/data + - /srv/docker/container/padb_dev/data:/var/lib/postgresql - /srv/docker/container/padb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /srv/docker/container/padb_dev/mara-init:/root/mara-init - /srv/docker/container/padb_dev/mara-bin:/root/mara-bin - /etc/localtime:/etc/localtime:ro healthcheck: test: ["CMD", "pg_isready", "-U", "pa"] - interval: 30s - timeout: 10s - retries: 5 + interval: 5s + timeout: 2s + retries: 10 + start_period: 2s padb: container_name: padb @@ -735,16 +730,17 @@ services: depends_on: - adguard volumes: - - /srv/docker/container/padb/data:/var/lib/postgresql/18/data + - /srv/docker/container/padb/data:/var/lib/postgresql - /srv/docker/container/padb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - /srv/docker/container/padb/mara-init:/root/mara-init - /srv/docker/container/padb/mara-bin:/root/mara-bin - /etc/localtime:/etc/localtime:ro healthcheck: test: ["CMD", "pg_isready", "-U", "pa"] - interval: 30s - timeout: 10s + interval: 5s + timeout: 2s retries: 5 + start_period: 2s padev: container_name: padev @@ -769,16 +765,14 @@ services: test: ["CMD-SHELL", "wget -qO- http://localhost/health || (echo 'Healthcheck failed'; exit 1)"] interval: 5s timeout: 2s - retries: 5 + retries: 10 start_period: 2s labels: - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=false" - "traefik.enable=true" - "traefik.http.routers.padev.rule=Host(`padev.ddp.net`)" - "traefik.http.routers.padev.entrypoints=web" - - "traefik.http.services.padev.loadbalancer.healthcheck.path=/health" - - "traefik.http.services.padev.loadbalancer.healthcheck.interval=5s" - - "traefik.http.services.padev.loadbalancer.healthcheck.timeout=2s" pa: container_name: pa @@ -798,34 +792,18 @@ services: - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=false" - "traefik.enable=true" - "traefik.http.routers.pa.rule=Host(`pa.depaoli.id.au`)" - "traefik.http.routers.pa.tls=true" - "traefik.http.routers.pa.entrypoints=secureweb" - "traefik.http.routers.pa.tls.certresolver=myresolver" - patst: - container_name: patst - restart: always - build: - context: '/home/ddp/src/photoassistant' - args: - # uid for mythtv (for prod) - PA_ID: "500" - environment: - ENV: "production" - depends_on: - padb: - condition: service_healthy - volumes: - - /export/docker/storage:/export/docker/storage - - /etc/localtime:/etc/localtime:ro - labels: - - "com.centurylinklabs.watchtower.enable=false" - - "traefik.enable=true" - - "traefik.http.routers.pa.rule=Host(`pa.depaoli.id.au`)" - - "traefik.http.routers.pa.tls=true" - - "traefik.http.routers.pa.entrypoints=secureweb" - - "traefik.http.routers.pa.tls.certresolver=myresolver" + healthcheck: + test: ["CMD-SHELL", "wget -qO- http://localhost/health || (echo 'Healthcheck failed'; exit 1)"] + interval: 5s + timeout: 2s + retries: 2 + start_period: 2s finplan: container_name: finplan @@ -844,9 +822,19 @@ services: - /srv/docker/container/finplan:/data labels: - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=false" - "traefik.enable=true" - "traefik.http.routers.finplan.rule=Host(`finplan.ddp.net`)" - "traefik.http.routers.finplan.entrypoints=web" + # --- Traefik-level healthcheck --- + - "traefik.http.services.finplan.loadbalancer.server.port=8080" + - "traefik.http.services.finplan.loadbalancer.healthcheck.path=/health" + healthcheck: + test: ["CMD-SHELL", "wget -qO- http://localhost:8080/health || (echo 'Healthcheck failed'; exit 1)"] + interval: 5s + timeout: 2s + retries: 1 + start_period: 1s vaultwarden: image: vaultwarden/server:latest @@ -876,7 +864,7 @@ services: # auto-update docker images watchtower: - image: containrrr/watchtower:latest-dev + image: beatkind/watchtower:latest container_name: watchtower restart: "always" command: --schedule "0 0 3 * * *" --debug --stop-timeout 60s --label-enable --cleanup @@ -884,7 +872,7 @@ services: - adguard labels: - "com.centurylinklabs.watchtower.enable=true" - - "last.commit.url=https://api.github.com/repos/containrrr/watchtower/commits" + - "last.commit.url=https://api.github.com/repos/beatkind/watchtower/commits" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "/etc/localtime:/etc/localtime:ro" @@ -932,7 +920,7 @@ services: - "/etc/localtime:/etc/localtime:ro" mon: - image: louislam/uptime-kuma:beta + image: louislam/uptime-kuma:2.0.2 container_name: mon restart: always volumes: @@ -1235,6 +1223,7 @@ services: - adguard labels: - "com.centurylinklabs.watchtower.enable=false" + - "wud.watch=true" cdpdev: image: node:latest @@ -1270,3 +1259,21 @@ services: - "traefik.http.routers.homarr.entrypoints=web" - "traefik.http.services.homarr.loadbalancer.server.port=7575" - "last.commit.url=https://api.github.com/repos/homarr-labs/homarr/commits" + + wud: + image: getwud/wud + container_name: wud + restart: unless-stopped + ports: + - "13000:3000" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + env_file: + - /srv/docker/config/secrets/wud + environment: + - WUD_WATCHER_DOCKER_WATCHBYDEFAULT=true + - WUD_TRIGGER_DOCKER_UPDATE_AUTO=false + - WUD_TRIGGER_DOCKER_UPDATE_PRUNE=false + - WUD_REGISTRY_HUB_PUBLIC_LOGIN=dockerhubaccdep + - WUD_REGISTRY_HUB_PUBLIC_TOKEN=dckr_pat_zQ5Gv3n2MzI6qu9l2ILV0hRc74Y + - WUD_WATCHER_DOCKER_CRON=0 3 * * *