From 8b9b0e985389493f70a8130a19587e162be0ad47 Mon Sep 17 00:00:00 2001 From: chriswin23 Date: Mon, 29 Dec 2025 01:55:59 +0100 Subject: [PATCH] renovate workflow and replace all by latest version --- .gitea/workflows/renovate.yaml | 23 ++++++++++ project/db/adminer/adminer.yml | 8 ++-- project/db/lldap/lldap.yml | 8 ++-- project/db/mariadb/mariadb.yml | 7 +--- project/db/pgadmin/pgadmin.yml | 8 ++-- project/db/postgres/postgres.yml | 12 ++---- project/db/redis/redis.yml | 7 +--- project/infrastructure/authelia/authelia.yml | 21 +++++----- project/infrastructure/crowdsec/crowdsec.yml | 7 +--- project/infrastructure/homepage/homepage.yml | 6 +-- project/infrastructure/ntfy/ntfy.yml | 16 ++++--- .../infrastructure/speedtest/speedtest.yml | 16 ++++--- .../infrastructure/syncthing/syncthing.yml | 6 +-- project/infrastructure/traefik/traefik.yml | 16 +++---- .../uptime-kuma/uptime-kuma.yml | 4 +- .../media/audiobookshelf/audiobookshelf.yml | 6 +-- project/media/calibre/calibre.yml | 14 +++---- project/media/immich/immich.yml | 18 +++----- project/media/kiwix/kiwix.yml | 12 +++--- project/media/lidarr/lidarr.yml | 10 ++--- project/media/navidrome/navidrome.yml | 6 +-- project/media/prowlarr/prowlarr.yml | 7 ++-- project/media/qbittorrent/qbittorrent.yml | 6 +-- project/media/readarr/readarr.yml | 4 +- project/media/slskd/slskd.yml | 10 ++--- project/media/soularr/soularr.yml | 4 +- project/monitoring/dozzle/dozzle.yml | 9 ++-- project/monitoring/grafana/grafana.yml | 7 ++-- project/monitoring/loki/loki.yml | 11 ++--- project/monitoring/prometheus/prometheus.yml | 7 ++-- project/service/freshrss/freshrss.yml | 6 +-- project/service/ghost/ghost.yml | 5 ++- project/service/gitea/gitea.yml | 24 +++++++++-- .../service/home-assistant/home-assistant.yml | 9 ++-- project/service/it-tools/it-tools.yml | 9 ++-- .../jupyter-notebook/jupyter-notebook.yml | 6 +-- project/service/linkwarden/linkwarden.yml | 8 ++-- project/service/mealie/mealie.yml | 8 ++-- project/service/n8n/n8n.yml | 8 ++-- project/service/ollama/ollama.yml | 6 +-- .../service/paperless-ngx/paperless-ngx.yml | 4 +- project/service/pdf/pdf.yml | 6 +-- project/service/radicale/radicale.yml | 4 +- project/service/vaultwarden/vaultwarden.yml | 12 +++--- project/service/vikunja/vikunja.yml | 13 +++--- renovate.json | 42 +++++++++++++++++++ 46 files changed, 227 insertions(+), 239 deletions(-) create mode 100644 .gitea/workflows/renovate.yaml create mode 100644 renovate.json diff --git a/.gitea/workflows/renovate.yaml b/.gitea/workflows/renovate.yaml new file mode 100644 index 0000000..1ae7ecd --- /dev/null +++ b/.gitea/workflows/renovate.yaml @@ -0,0 +1,23 @@ +name: renovate + +on: + workflow_dispatch: # allows the workflow to be run manually when desired + branches: + - main + schedule: # runs this workflow at the scheduled time (uses UTC, adjust for your timezone) + - cron: "0 12 * * *" + push: # runs this workflow when pushes to the main branch are made + branches: + - main + +jobs: + renovate: + runs-on: ubuntu-latest + container: ghcr.io/renovatebot/renovate:latest + steps: + - uses: actions/checkout@v4 + - run: renovate + env: + RENOVATE_CONFIG_FILE: ${{ gitea.workspace }}/config.js + LOG_LEVEL: "debug" + RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} diff --git a/project/db/adminer/adminer.yml b/project/db/adminer/adminer.yml index e14daba..b80f010 100644 --- a/project/db/adminer/adminer.yml +++ b/project/db/adminer/adminer.yml @@ -4,16 +4,14 @@ services: file: ${TEMPLATES_PATH} service: default image: adminer:latest - container_name: adminer + container_name: adminer:5.4.1 ports: - 8085:8080 - networks: + networks: - ip4net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.adminer.rule=Host(`adminer.${LOCAL_DOMAIN}`)" - "traefik.http.routers.adminer.entrypoints=https" - - "traefik.http.routers.adminer.tls=true" \ No newline at end of file + - "traefik.http.routers.adminer.tls=true" diff --git a/project/db/lldap/lldap.yml b/project/db/lldap/lldap.yml index 495a270..83b37c9 100644 --- a/project/db/lldap/lldap.yml +++ b/project/db/lldap/lldap.yml @@ -9,7 +9,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - container_name: lldap + container_name: lldap:0.6.2 image: lldap/lldap:latest ports: # For LDAP, not recommended to expose, see Usage section. @@ -18,7 +18,7 @@ services: # - "6360:6360" # For the web front-end - "17170:17170" - networks: + networks: - ip6net - ip4net volumes: @@ -34,8 +34,6 @@ services: # You can also set a different database: - LLDAP_DATABASE_URL=postgres://lldap:${LLDAP_DB_PASSWORD}@postgres/lldap labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.lldap.rule=Host(`ldap.${PUBLIC_DOMAIN}`)" @@ -46,4 +44,4 @@ services: - "traefik.http.services.lldap-service.loadbalancer.server.port=17170" - "traefik.http.services.lldap-service.loadbalancer.server.scheme=http" # middlewares - - "traefik.http.routers.lldap.middlewares=crowdsec-bouncer@file" \ No newline at end of file + - "traefik.http.routers.lldap.middlewares=crowdsec-bouncer@file" diff --git a/project/db/mariadb/mariadb.yml b/project/db/mariadb/mariadb.yml index 17c9128..62b8e8a 100644 --- a/project/db/mariadb/mariadb.yml +++ b/project/db/mariadb/mariadb.yml @@ -3,10 +3,10 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: mariadb:latest + image: mariadb:12.1.2 container_name: mariadb command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci - networks: + networks: - ip4net environment: MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} @@ -14,6 +14,3 @@ services: - ${DB_PATH}/mariadb/data:/var/lib/mysql # init db - ${DB_PATH}/mariadb/init:/docker-entrypoint-initdb.d - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/db/pgadmin/pgadmin.yml b/project/db/pgadmin/pgadmin.yml index 00c2a0d..65300a0 100644 --- a/project/db/pgadmin/pgadmin.yml +++ b/project/db/pgadmin/pgadmin.yml @@ -7,10 +7,10 @@ services: file: ${TEMPLATES_PATH} service: default container_name: pgadmin - image: dpage/pgadmin4:latest + image: dpage/pgadmin4:9.11.0 ports: - 8082:80 - networks: + networks: - ip4net secrets: [pgadmin_default_password] volumes: @@ -19,10 +19,8 @@ services: PGADMIN_DEFAULT_EMAIL: ${EMAIL} PGADMIN_DEFAULT_PASSWORD_FILE: /run/secrets/pgadmin_default_password labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.pgadmin.rule=Host(`pgadmin.${LOCAL_DOMAIN}`)" - "traefik.http.routers.pgadmin.entrypoints=https" - - "traefik.http.routers.pgadmin.tls=true" \ No newline at end of file + - "traefik.http.routers.pgadmin.tls=true" diff --git a/project/db/postgres/postgres.yml b/project/db/postgres/postgres.yml index 095b4c4..0154445 100644 --- a/project/db/postgres/postgres.yml +++ b/project/db/postgres/postgres.yml @@ -1,4 +1,4 @@ -secrets: +secrets: postgres_default_password: file: ${DB_PATH}/postgres/secrets/default_password.txt services: @@ -10,7 +10,7 @@ services: image: postgres:16.4 ports: - 5432:5432 - networks: + networks: - ip4net - ip6net secrets: [postgres_default_password] @@ -23,9 +23,6 @@ services: volumes: - ${DB_PATH}/postgres/data/postgres:/var/lib/postgresql/data - ${DB_PATH}/postgres/init/postgres:/docker-entrypoint-initdb.d - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" postgres-with-pg-vector: extends: @@ -35,7 +32,7 @@ services: image: tensorchord/pgvecto-rs:pg16-v0.3.0 ports: - 5433:5432 - networks: + networks: - ip4net - ip6net secrets: [postgres_default_password] @@ -48,6 +45,3 @@ services: volumes: - ${DB_PATH}/postgres/data/postgres-with-pg-vector:/var/lib/postgresql/data - ${DB_PATH}/postgres/init/postgres-with-pg-vector:/docker-entrypoint-initdb.d - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/db/redis/redis.yml b/project/db/redis/redis.yml index df305b7..1cbf9b1 100644 --- a/project/db/redis/redis.yml +++ b/project/db/redis/redis.yml @@ -4,12 +4,9 @@ services: file: ${TEMPLATES_PATH} service: default container_name: redis - image: redis:latest - networks: + image: redis:8.4.0 + networks: - ip4net - ip6net volumes: - ${DB_PATH}/redis/data:/data - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/infrastructure/authelia/authelia.yml b/project/infrastructure/authelia/authelia.yml index 8918520..15cda45 100644 --- a/project/infrastructure/authelia/authelia.yml +++ b/project/infrastructure/authelia/authelia.yml @@ -13,14 +13,15 @@ services: file: ${TEMPLATES_PATH} service: default container_name: authelia - image: authelia/authelia:latest + image: authelia/authelia:4.39.15 ports: - 9959:9959 # metrics prometheus - networks: + networks: - ip6net expose: - 9091 - secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY] + secrets: + [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY] environment: AUTHELIA_JWT_SECRET_FILE: /run/secrets/JWT_SECRET AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET @@ -32,15 +33,13 @@ services: - ${INFRA_PATH}/authelia/config:/config - "/var/log/authelia/:/config/log" labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - - 'traefik.enable=true' - - 'traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)' + - "traefik.enable=true" + - "traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.authelia.tls.certresolver=myresolver" - - 'traefik.http.routers.authelia.entryPoints=https' - - 'traefik.http.routers.authelia.tls=true' - - 'traefik.http.routers.authelia.service=authelia-svc' - - 'traefik.http.services.authelia-svc.loadbalancer.server.port=9091' + - "traefik.http.routers.authelia.entryPoints=https" + - "traefik.http.routers.authelia.tls=true" + - "traefik.http.routers.authelia.service=authelia-svc" + - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091" # Middleware - "traefik.http.routers.authelia.middlewares=crowdsec-bouncer@file" diff --git a/project/infrastructure/crowdsec/crowdsec.yml b/project/infrastructure/crowdsec/crowdsec.yml index 675ed11..2be701c 100644 --- a/project/infrastructure/crowdsec/crowdsec.yml +++ b/project/infrastructure/crowdsec/crowdsec.yml @@ -4,7 +4,7 @@ services: file: ${TEMPLATES_PATH} service: default container_name: crowdsec - image: crowdsecurity/crowdsec:latest + image: crowdsecurity/crowdsec:1.7.4 environment: COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY} @@ -12,7 +12,7 @@ services: ports: - 6061:8080 - 6060:6060 - networks: + networks: - ip4net - ip6net volumes: @@ -22,6 +22,3 @@ services: - /var/log/crowdsec:/var/log/crowdsec:ro - /var/log/syslog:/var/log/syslog:ro - /var/log/kern.log:/var/log/kern.log:ro - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/infrastructure/homepage/homepage.yml b/project/infrastructure/homepage/homepage.yml index ee75dc0..2ece662 100644 --- a/project/infrastructure/homepage/homepage.yml +++ b/project/infrastructure/homepage/homepage.yml @@ -3,11 +3,11 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghcr.io/gethomepage/homepage:latest + image: ghcr.io/gethomepage/homepage:v1.8.0 container_name: homepage ports: - 3030:3000 - networks: + networks: - ip4net environment: HOMEPAGE_VAR_LOCAL_DOMAIN: ${LOCAL_DOMAIN} @@ -20,8 +20,6 @@ services: - ${EXTERNAL_STORAGE}:/disks/e - /var/run/docker.sock:/var/run/docker.sock:ro # optional, for docker integrations labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.homepage.rule=Host(`homepage.${LOCAL_DOMAIN}`)" diff --git a/project/infrastructure/ntfy/ntfy.yml b/project/infrastructure/ntfy/ntfy.yml index 80895ee..7ef9910 100644 --- a/project/infrastructure/ntfy/ntfy.yml +++ b/project/infrastructure/ntfy/ntfy.yml @@ -3,11 +3,11 @@ services: extends: file: ${TEMPLATES_PATH} service: default - container_name: ntfy - image: binwiederhier/ntfy + container_name: ntfy + image: binwiederhier/ntfy:2.15.0 ports: - "4023:80" - networks: + networks: - ip4net command: - serve @@ -16,12 +16,10 @@ services: - ${INFRA_PATH}/ntfy/config:/etc/ntfy - ${INFRA_PATH}/ntfy/data:/var/lib/ntfy labels: - # Watchtower - - 'com.centurylinklabs.watchtower.enable=true' # Traefik - - 'traefik.enable=true' - - 'traefik.http.routers.ntfy.rule=Host(`ntfy.${PUBLIC_DOMAIN}`)' - - 'traefik.http.routers.ntfy.entrypoints=https' - - 'traefik.http.routers.ntfy.tls=true' + - "traefik.enable=true" + - "traefik.http.routers.ntfy.rule=Host(`ntfy.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.ntfy.entrypoints=https" + - "traefik.http.routers.ntfy.tls=true" # Middlewares - "traefik.http.routers.ntfy.middlewares=crowdsec-bouncer@file" diff --git a/project/infrastructure/speedtest/speedtest.yml b/project/infrastructure/speedtest/speedtest.yml index c9e6308..a66d717 100644 --- a/project/infrastructure/speedtest/speedtest.yml +++ b/project/infrastructure/speedtest/speedtest.yml @@ -4,18 +4,16 @@ services: file: ${TEMPLATES_PATH} service: default container_name: speedtest - image: openspeedtest/latest + image: openspeedtest/latest:2.0.6 ports: - "4001:3001" # webport mapping (host:container) - "3999:3001" # webport mapping (host:container) - networks: + networks: - ip4net labels: - # Watchtower - - 'com.centurylinklabs.watchtower.enable=true' # Traefik - - 'traefik.enable=true' - - 'traefik.http.routers.speedtest.rule=Host(`speedtest.${LOCAL_DOMAIN}`)' - - 'traefik.http.routers.speedtest.entrypoints=https' - - 'traefik.http.routers.speedtest.tls=true' - - 'traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000' \ No newline at end of file + - "traefik.enable=true" + - "traefik.http.routers.speedtest.rule=Host(`speedtest.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.speedtest.entrypoints=https" + - "traefik.http.routers.speedtest.tls=true" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=10000000000" diff --git a/project/infrastructure/syncthing/syncthing.yml b/project/infrastructure/syncthing/syncthing.yml index 2ae65e1..d61b1bc 100644 --- a/project/infrastructure/syncthing/syncthing.yml +++ b/project/infrastructure/syncthing/syncthing.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: syncthing/syncthing + image: syncthing/syncthing:2.0.12 container_name: syncthing volumes: - ${EXTERNAL_STORAGE}/notes/Obsidian-sync:/var/syncthing-data/Obsidian-sync @@ -14,12 +14,10 @@ services: - 22000:22000/tcp # TCP file transfers - 22000:22000/udp # QUIC file transfers - 21027:21027/udp # Receive local discovery broadcasts - networks: + networks: - ip4net - ip6net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.syncthing.rule=Host(`syncthing.${LOCAL_DOMAIN}`)" diff --git a/project/infrastructure/traefik/traefik.yml b/project/infrastructure/traefik/traefik.yml index 91838fc..f801ed6 100644 --- a/project/infrastructure/traefik/traefik.yml +++ b/project/infrastructure/traefik/traefik.yml @@ -3,8 +3,8 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: "traefik:latest" - container_name: "traefik" + image: traefik:3.6.5 + container_name: traefik ports: - "80:80" - "443:443" @@ -28,8 +28,6 @@ services: - "${INFRA_PATH}/traefik/html/ban.html:/ban.html" - "${INFRA_PATH}/traefik/html/captcha.html:/captcha.html" labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.traefik.service=api@internal" @@ -41,15 +39,13 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: traefik/whoami:latest - container_name: "traefik-whoami" - networks: + image: traefik/whoami:1.11 + container_name: traefik-whoami + networks: - ip4net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # traefik - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.${LOCAL_DOMAIN}`)" - "traefik.http.routers.whoami.entrypoints=https" - - 'traefik.http.routers.whoami.tls=true' + - "traefik.http.routers.whoami.tls=true" diff --git a/project/infrastructure/uptime-kuma/uptime-kuma.yml b/project/infrastructure/uptime-kuma/uptime-kuma.yml index b902a39..eefb723 100644 --- a/project/infrastructure/uptime-kuma/uptime-kuma.yml +++ b/project/infrastructure/uptime-kuma/uptime-kuma.yml @@ -5,7 +5,7 @@ services: # extends: # file: ${TEMPLATES_PATH} # service: default - image: louislam/uptime-kuma + image: louislam/uptime-kuma:2.0.2 container_name: uptime-kuma restart: unless-stopped security_opt: @@ -21,8 +21,6 @@ services: - ip4net - ip6net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.${LOCAL_DOMAIN}`)" diff --git a/project/media/audiobookshelf/audiobookshelf.yml b/project/media/audiobookshelf/audiobookshelf.yml index 9555124..9648f5b 100644 --- a/project/media/audiobookshelf/audiobookshelf.yml +++ b/project/media/audiobookshelf/audiobookshelf.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghcr.io/advplyr/audiobookshelf:latest + image: ghcr.io/advplyr/audiobookshelf:2.32.1 container_name: audiobookshelf ports: - 13378:80 @@ -14,13 +14,11 @@ services: - ${MEDIA_PATH}/audiobookshelf/config:/config - ${MEDIA_PATH}/audiobookshelf/data/metadata:/metadata labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.audiobookshelf.entrypoints=https" - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver" - - 'traefik.http.routers.audiobookshelf.tls=true' + - "traefik.http.routers.audiobookshelf.tls=true" # Middlewares - "traefik.http.routers.audiobookshelf.middlewares=crowdsec-bouncer@file" diff --git a/project/media/calibre/calibre.yml b/project/media/calibre/calibre.yml index ee7c0b3..d3ad286 100644 --- a/project/media/calibre/calibre.yml +++ b/project/media/calibre/calibre.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: lscr.io/linuxserver/calibre:latest + image: lscr.io/linuxserver/calibre:8.16.2 container_name: calibre environment: - PASSWORD= #optional @@ -18,20 +18,18 @@ services: networks: - ip4net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.calibre.rule=Host(`calibre.${LOCAL_DOMAIN}`)" - "traefik.http.routers.calibre.entrypoints=https" - - 'traefik.http.routers.calibre.tls=true' - - 'traefik.http.services.calibre.loadbalancer.server.port=8080' + - "traefik.http.routers.calibre.tls=true" + - "traefik.http.services.calibre.loadbalancer.server.port=8080" calibre-web: extends: file: ${TEMPLATES_PATH} service: default - image: lscr.io/linuxserver/calibre-web:latest + image: lscr.io/linuxserver/calibre-web:0.6.25 container_name: calibre-web environment: - DOCKER_MODS=linuxserver/mods:universal-calibre #optional @@ -44,10 +42,8 @@ services: networks: - ip6net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.calibre-web.rule=Host(`calibre-web.${LOCAL_DOMAIN}`)" - "traefik.http.routers.calibre-web.entrypoints=https" - - 'traefik.http.routers.calibre-web.tls=true' + - "traefik.http.routers.calibre-web.tls=true" diff --git a/project/media/immich/immich.yml b/project/media/immich/immich.yml index 53dba3d..7b9300e 100644 --- a/project/media/immich/immich.yml +++ b/project/media/immich/immich.yml @@ -4,7 +4,7 @@ services: file: ${TEMPLATES_PATH} service: default container_name: immich_server - image: ghcr.io/immich-app/immich-server:release + image: ghcr.io/immich-app/immich-server:v2.4.1 environment: DB_PASSWORD: ${IMMICH_DB_PASSWORD} DB_HOSTNAME: postgres-with-pg-vector @@ -21,14 +21,12 @@ services: networks: - ip6net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.immich-server.rule=Host(`immich.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.immich-server.entrypoints=https" - "traefik.http.routers.immich-server.tls.certresolver=myresolver" - - 'traefik.http.routers.immich-server.tls=true' + - "traefik.http.routers.immich-server.tls=true" # Middlewares - "traefik.http.routers.immich-server.middlewares=crowdsec-bouncer@file" @@ -37,24 +35,21 @@ services: file: ${TEMPLATES_PATH} service: default container_name: immich_machine_learning - image: ghcr.io/immich-app/immich-machine-learning:release + image: ghcr.io/immich-app/immich-machine-learning:v2.4.1 ports: - 3003:3003 volumes: - ${MEDIA_PATH}/immich/data/model-cache:/cache - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # https://github.com/Salvoxia/immich-folder-album-creator - # one time run: + # one time run: # docker run -e -e API_URL="https://immich.crescentec.xyz/api/" -e API_KEY="qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA" -e ROOT_PATH="/usr/src/app/external" -e LOG_LEVEL="DEBUG" salvoxia/immich-folder-album-creator:latest /script/immich_auto_album.sh immich-folder-album-creator: extends: file: ${TEMPLATES_PATH} service: default container_name: immich_folder_album_creator - image: salvoxia/immich-folder-album-creator:latest + image: salvoxia/immich-folder-album-creator:0.24.0 environment: API_URL: https://immich.crescentec.xyz/api API_KEY: qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA @@ -65,6 +60,3 @@ services: #UNATTENDED: 1 volumes: - /usr/src/app/external:/usr/src/app/external - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" diff --git a/project/media/kiwix/kiwix.yml b/project/media/kiwix/kiwix.yml index 5a6dbcf..91e078c 100644 --- a/project/media/kiwix/kiwix.yml +++ b/project/media/kiwix/kiwix.yml @@ -3,8 +3,8 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghcr.io/kiwix/kiwix-serve - container_name: kiwix + image: ghcr.io/kiwix/kiwix-serve:3.8.1 + container_name: kiwix ports: - 2009:8080 networks: @@ -12,13 +12,11 @@ services: volumes: - ${EXTERNAL_STORAGE}/wikipedia/:/data command: - - '*.zim' + - "*.zim" labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.kiwix.rule=Host(`wikipedia.${LOCAL_DOMAIN}`)" - "traefik.http.routers.kiwix.entrypoints=https" - - 'traefik.http.routers.kiwix.tls=true' - - 'traefik.http.services.kiwix.loadbalancer.server.port=8080' + - "traefik.http.routers.kiwix.tls=true" + - "traefik.http.services.kiwix.loadbalancer.server.port=8080" diff --git a/project/media/lidarr/lidarr.yml b/project/media/lidarr/lidarr.yml index 9601e76..a917d56 100644 --- a/project/media/lidarr/lidarr.yml +++ b/project/media/lidarr/lidarr.yml @@ -3,13 +3,13 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: lscr.io/linuxserver/lidarr - container_name: lidarr + image: lscr.io/linuxserver/lidarr:3.1.0 + container_name: lidarr ports: - 2010:8686 networks: - ip4net - dns: + dns: - 8.8.8.8 - 1.1.1.1 volumes: @@ -17,10 +17,8 @@ services: - ${MEDIA_PATH}/data:/data - ${EXTERNAL_STORAGE}/media/music:/music labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.lidarr.rule=Host(`lidarr.${LOCAL_DOMAIN}`)" - "traefik.http.routers.lidarr.entrypoints=https" - - 'traefik.http.routers.lidarr.tls=true' + - "traefik.http.routers.lidarr.tls=true" diff --git a/project/media/navidrome/navidrome.yml b/project/media/navidrome/navidrome.yml index ab26c8d..b98b1e3 100644 --- a/project/media/navidrome/navidrome.yml +++ b/project/media/navidrome/navidrome.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: deluan/navidrome + image: deluan/navidrome:0.59.0 container_name: navidrome ports: - 2011:4533 @@ -16,13 +16,11 @@ services: ND_REVERSEPROXYWHITELIST: 0.0.0.0/0 ND_ENABLEUSEREDITING: false labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.navidrome.rule=Host(`navidrome.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.navidrome.entrypoints=https" - - 'traefik.http.routers.navidrome.tls=true' + - "traefik.http.routers.navidrome.tls=true" # Middlewares - "traefik.http.routers.navidrome.middlewares=crowdsec-bouncer@file, authelia@file" # Subsonic endpoint use basic authentication middleware from authelia diff --git a/project/media/prowlarr/prowlarr.yml b/project/media/prowlarr/prowlarr.yml index 18912f9..3167061 100644 --- a/project/media/prowlarr/prowlarr.yml +++ b/project/media/prowlarr/prowlarr.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: lscr.io/linuxserver/prowlarr:develop + image: lscr.io/linuxserver/prowlarr:2.3.0 container_name: prowlarr ports: - 2004:9696 @@ -12,10 +12,9 @@ services: volumes: - ${MEDIA_PATH}/prowlarr/config:/config labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.prowlarr.rule=Host(`prowlarr.${LOCAL_DOMAIN}`)" - "traefik.http.routers.prowlarr.entrypoints=https" - - 'traefik.http.routers.prowlarr.tls=true' \ No newline at end of file + - "traefik.http.routers.prowlarr.tls=true" + diff --git a/project/media/qbittorrent/qbittorrent.yml b/project/media/qbittorrent/qbittorrent.yml index 3a7129d..f44e6d2 100644 --- a/project/media/qbittorrent/qbittorrent.yml +++ b/project/media/qbittorrent/qbittorrent.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: lscr.io/linuxserver/qbittorrent:latest + image: lscr.io/linuxserver/qbittorrent:5.1.4 container_name: qbittorrent ports: - 2002:2002 @@ -22,10 +22,8 @@ services: - ${EXTERNAL_STORAGE}/media/audiobooks:/data/downloaded/audiobooks - ${EXTERNAL_STORAGE}/media/music:/data/downloaded/music labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.qbittorrent.rule=Host(`qbittorrent.${LOCAL_DOMAIN}`)" - "traefik.http.routers.qbittorrent.entrypoints=https" - - 'traefik.http.routers.qbittorrent.tls=true' + - "traefik.http.routers.qbittorrent.tls=true" diff --git a/project/media/readarr/readarr.yml b/project/media/readarr/readarr.yml index e1b0eb1..63cddbe 100644 --- a/project/media/readarr/readarr.yml +++ b/project/media/readarr/readarr.yml @@ -15,10 +15,8 @@ services: - ${EXTERNAL_STORAGE}/media/audiobooks:/data/media/audiobooks - ${EXTERNAL_STORAGE}/media/books:/data/media/books labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.readarr.rule=Host(`readarr.${LOCAL_DOMAIN}`)" - "traefik.http.routers.readarr.entrypoints=https" - - 'traefik.http.routers.readarr.tls=true' + - "traefik.http.routers.readarr.tls=true" diff --git a/project/media/slskd/slskd.yml b/project/media/slskd/slskd.yml index dcf76b3..5f089e4 100644 --- a/project/media/slskd/slskd.yml +++ b/project/media/slskd/slskd.yml @@ -3,9 +3,9 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: slskd/slskd + image: slskd/slskd:0.24.1 container_name: slskd - user: ${PUID}:${PGID} + user: ${PUID}:${PGID} ports: - 2013:5031 # http - 2014:5030 # https @@ -19,11 +19,9 @@ services: - ${MEDIA_PATH}/data/slskd_downloads:/app/downloads - ${EXTERNAL_STORAGE}/media/music:/app/library labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.slskd.rule=Host(`slskd.${LOCAL_DOMAIN}`)" - "traefik.http.routers.slskd.entrypoints=https" - - 'traefik.http.routers.slskd.tls=true' - - 'traefik.http.services.slskd.loadbalancer.server.port=5030' + - "traefik.http.routers.slskd.tls=true" + - "traefik.http.services.slskd.loadbalancer.server.port=5030" diff --git a/project/media/soularr/soularr.yml b/project/media/soularr/soularr.yml index 6a8a5d6..ace6817 100644 --- a/project/media/soularr/soularr.yml +++ b/project/media/soularr/soularr.yml @@ -3,9 +3,9 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: mrusse08/soularr + image: mrusse08/soularr:latest container_name: soularr - user: ${PUID}:${PGID} + user: ${PUID}:${PGID} networks: - ip4net volumes: diff --git a/project/monitoring/dozzle/dozzle.yml b/project/monitoring/dozzle/dozzle.yml index 4e94c9b..45490db 100644 --- a/project/monitoring/dozzle/dozzle.yml +++ b/project/monitoring/dozzle/dozzle.yml @@ -4,18 +4,17 @@ services: file: ${TEMPLATES_PATH} service: default container_name: dozzle - image: amir20/dozzle:latest + image: amir20/dozzle:8.14.12 ports: - 8083:8080 - networks: + networks: - ip4net volumes: - /var/run/docker.sock:/var/run/docker.sock labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.dozzle.rule=Host(`dozzle.${LOCAL_DOMAIN}`)" - "traefik.http.routers.dozzle.entrypoints=https" - - "traefik.http.routers.dozzle.tls=true" \ No newline at end of file + - "traefik.http.routers.dozzle.tls=true" + diff --git a/project/monitoring/grafana/grafana.yml b/project/monitoring/grafana/grafana.yml index 7f2dd03..e952801 100644 --- a/project/monitoring/grafana/grafana.yml +++ b/project/monitoring/grafana/grafana.yml @@ -4,7 +4,7 @@ services: file: ${TEMPLATES_PATH} service: default container_name: grafana - image: grafana/grafana-oss:latest + image: grafana/grafana-oss:12.3.1 ports: - 8090:3000 networks: @@ -12,10 +12,9 @@ services: volumes: - ${MONITORING_PATH}/grafana/data:/var/lib/grafana labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.grafana.rule=Host(`grafana.${LOCAL_DOMAIN}`)" - "traefik.http.routers.grafana.entrypoints=https" - - "traefik.http.routers.grafana.tls=true" \ No newline at end of file + - "traefik.http.routers.grafana.tls=true" + diff --git a/project/monitoring/loki/loki.yml b/project/monitoring/loki/loki.yml index e4e4dff..de2b15d 100644 --- a/project/monitoring/loki/loki.yml +++ b/project/monitoring/loki/loki.yml @@ -4,7 +4,7 @@ services: file: ${TEMPLATES_PATH} service: default container_name: loki - image: grafana/loki + image: grafana/loki:3.5.9 ports: - 8094:3100 networks: @@ -12,8 +12,6 @@ services: volumes: - ${MONITORING_PATH}/loki/config/loki-config.yml:/etc/loki/local-config.yaml labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.loki.rule=Host(`loki.${LOCAL_DOMAIN}`)" @@ -24,14 +22,11 @@ services: extends: file: ${TEMPLATES_PATH} service: default - container_name: promtail - image: grafana/promtail + container_name: promtail + image: grafana/promtail:3.5.9 networks: - ip4net volumes: - ${MONITORING_PATH}/loki/config/promtail-config.yml:/etc/promtail/config.yml - /var/log:/var/log - /var/run/docker.sock:/var/run/docker.sock:ro - labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" diff --git a/project/monitoring/prometheus/prometheus.yml b/project/monitoring/prometheus/prometheus.yml index 65c5eea..aa6f420 100644 --- a/project/monitoring/prometheus/prometheus.yml +++ b/project/monitoring/prometheus/prometheus.yml @@ -4,7 +4,7 @@ services: file: ${TEMPLATES_PATH} service: default container_name: prometheus - image: prom/prometheus:latest + image: prom/prometheus:3.8.1 ports: - 9090:9090 networks: @@ -12,10 +12,9 @@ services: volumes: - ${MONITORING_PATH}/prometheus/config:/etc/prometheus labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.prometheus.rule=Host(`prometheus.${LOCAL_DOMAIN}`)" - "traefik.http.routers.prometheus.entrypoints=https" - - "traefik.http.routers.prometheus.tls=true" \ No newline at end of file + - "traefik.http.routers.prometheus.tls=true" + diff --git a/project/service/freshrss/freshrss.yml b/project/service/freshrss/freshrss.yml index 0aa744c..a9014c7 100644 --- a/project/service/freshrss/freshrss.yml +++ b/project/service/freshrss/freshrss.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: freshrss/freshrss:latest + image: freshrss/freshrss:1.28.0 container_name: freshrss ports: - 4014:80 @@ -13,11 +13,9 @@ services: - ${SERVICE_PATH}/freshrss/data:/var/www/FreshRSS/data - ${SERVICE_PATH}/freshrss/extensions:/var/www/FreshRSS/extensions environment: - CRON_MIN: '3,33' + CRON_MIN: "3,33" TRUSTED_PROXY: 172.16.0.1/12 192.168.0.1/16 labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.freshrss.rule=Host(`rss.${PUBLIC_DOMAIN}`)" diff --git a/project/service/ghost/ghost.yml b/project/service/ghost/ghost.yml index 14efabe..e7e1608 100644 --- a/project/service/ghost/ghost.yml +++ b/project/service/ghost/ghost.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghost:latest + image: ghost:6.10.3-alpine container_name: ghost ports: - 4016:2368 @@ -30,4 +30,5 @@ services: environment: MYSQL_ROOT_PASSWORD: example volumes: - - ${SERVICE_PATH}/ghost/data/db:/var/lib/mysql \ No newline at end of file + - ${SERVICE_PATH}/ghost/data/db:/var/lib/mysql + diff --git a/project/service/gitea/gitea.yml b/project/service/gitea/gitea.yml index f4674f8..1bc5122 100644 --- a/project/service/gitea/gitea.yml +++ b/project/service/gitea/gitea.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: gitea/gitea:latest + image: gitea/gitea:1.25 container_name: gitea environment: - APP_NAME="Gitea" @@ -37,8 +37,6 @@ services: expose: - 4002 labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.gitea.rule=Host(`gitea.${PUBLIC_DOMAIN}`)" @@ -48,4 +46,22 @@ services: - "traefik.http.routers.gitea.service=gitea-service" - "traefik.http.services.gitea-service.loadbalancer.server.port=4002" # Middlewares - - "traefik.http.routers.gitea.middlewares=crowdsec-bouncer@file" \ No newline at end of file + - "traefik.http.routers.gitea.middlewares=crowdsec-bouncer@file" + + gitea-runner: + extends: + file: ${TEMPLATES_PATH} + service: default + image: gitea/act_runner:0.2.13 + container_name: gitea_runner + depends_on: + - gitea + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${SERVICE_PATH}/gitea/config/runner-config.yaml:/config.yaml + - ${SERVICE_PATH}/gitea/data/runner-data:/data + environment: + - CONFIG_FILE=/config.yaml + - GITEA_INSTANCE_URL=gitea + - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN} + - GITEA_RUNNER_NAME=gitea-runner diff --git a/project/service/home-assistant/home-assistant.yml b/project/service/home-assistant/home-assistant.yml index 613780f..542c317 100644 --- a/project/service/home-assistant/home-assistant.yml +++ b/project/service/home-assistant/home-assistant.yml @@ -3,21 +3,20 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghcr.io/home-assistant/home-assistant:stable + image: ghcr.io/home-assistant/home-assistant:2025.12.4 container_name: home-assistant networks: - ip4net ports: - - 4012:8123 + - 4012:8123 volumes: - ${SERVICE_PATH}/home-assistant/config:/config - /etc/localtime:/etc/localtime:ro - /run/dbus:/run/dbus:ro labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.home-assistant.rule=Host(`ha.${LOCAL_DOMAIN}`)" - "traefik.http.routers.home-assistant.entrypoints=https" - - "traefik.http.routers.home-assistant.tls=true" \ No newline at end of file + - "traefik.http.routers.home-assistant.tls=true" + diff --git a/project/service/it-tools/it-tools.yml b/project/service/it-tools/it-tools.yml index 4991034..7228a62 100644 --- a/project/service/it-tools/it-tools.yml +++ b/project/service/it-tools/it-tools.yml @@ -3,17 +3,16 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: corentinth/it-tools:latest + image: corentinth/it-tools:2024.10.22-7ca5933 container_name: it-tools ports: - - '4007:80' + - "4007:80" networks: - ip4net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.it-tools.rule=Host(`it-tools.${LOCAL_DOMAIN}`)" - "traefik.http.routers.it-tools.entrypoints=https" - - "traefik.http.routers.it-tools.tls=true" \ No newline at end of file + - "traefik.http.routers.it-tools.tls=true" + diff --git a/project/service/jupyter-notebook/jupyter-notebook.yml b/project/service/jupyter-notebook/jupyter-notebook.yml index b90aff0..4e48b1f 100644 --- a/project/service/jupyter-notebook/jupyter-notebook.yml +++ b/project/service/jupyter-notebook/jupyter-notebook.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: quay.io/jupyter/base-notebook:latest + image: quay.io/jupyter/base-notebook:ubuntu-24.04 container_name: jupyter volumes: - ${SERVICE_PATH}/jupyter-notebook/data:/home/jovyan/work @@ -13,10 +13,8 @@ services: - ip4net command: start-notebook.py --NotebookApp.token='aToken1234' labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.jupyter.rule=Host(`jupyter.${LOCAL_DOMAIN}`)" - "traefik.http.routers.jupyter.entrypoints=https" - - "traefik.http.routers.jupyter.tls=true" \ No newline at end of file + - "traefik.http.routers.jupyter.tls=true" diff --git a/project/service/linkwarden/linkwarden.yml b/project/service/linkwarden/linkwarden.yml index 22d438c..f83fd69 100644 --- a/project/service/linkwarden/linkwarden.yml +++ b/project/service/linkwarden/linkwarden.yml @@ -3,8 +3,8 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghcr.io/linkwarden/linkwarden:latest - container_name: linkwarden + image: ghcr.io/linkwarden/linkwarden:v2.13.5 + container_name: linkwarden ports: - 4020:3000 networks: @@ -24,8 +24,6 @@ services: - AUTHELIA_CLIENT_ID=linkwarden - AUTHELIA_CLIENT_SECRET=${LINKWARDEN_OIDC_CLIENT_SECRET} labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.linkwarden.rule=Host(`linkwarden.${PUBLIC_DOMAIN}`)" @@ -36,7 +34,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: getmeili/meilisearch:latest + image: getmeili/meilisearch:1.31.0 container_name: linkwarden_meili networks: - ip4net diff --git a/project/service/mealie/mealie.yml b/project/service/mealie/mealie.yml index 72322f0..9a61e0a 100644 --- a/project/service/mealie/mealie.yml +++ b/project/service/mealie/mealie.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghcr.io/mealie-recipes/mealie:latest + image: ghcr.io/mealie-recipes/mealie:v3.8.0 container_name: mealie ports: - "4006:9000" @@ -23,14 +23,12 @@ services: POSTGRES_DB: mealie # OIDC using authelia OIDC_AUTH_ENABLED: true - OIDC_SIGNUP_ENABLED: false + OIDC_SIGNUP_ENABLED: false OIDC_CONFIGURATION_URL: https://auth.${PUBLIC_DOMAIN}/.well-known/openid-configuration OIDC_CLIENT_ID: mealie - OIDC_CLIENT_SECRET: ${MEALIE_OIDC_CLIENT_SECRET} + OIDC_CLIENT_SECRET: ${MEALIE_OIDC_CLIENT_SECRET} OIDC_AUTO_REDIRECT: false labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.mealie.rule=Host(`mealie.${PUBLIC_DOMAIN}`)" diff --git a/project/service/n8n/n8n.yml b/project/service/n8n/n8n.yml index 55c8ac0..c38fe43 100644 --- a/project/service/n8n/n8n.yml +++ b/project/service/n8n/n8n.yml @@ -3,8 +3,8 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: docker.n8n.io/n8nio/n8n - container_name: n8n + image: docker.n8n.io/n8nio/n8n:2.1.4 + container_name: n8n ports: - 4022:5678 networks: @@ -18,10 +18,8 @@ services: user: root volumes: - ${SERVICE_PATH}/n8n/data:/home/node/.n8n - entrypoint: /home/node/.n8n/script/entrypoint.sh + entrypoint: /home/node/.n8n/script/entrypoint.sh labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.n8n.rule=Host(`n8n.${LOCAL_DOMAIN}`)" diff --git a/project/service/ollama/ollama.yml b/project/service/ollama/ollama.yml index 5cd9123..7120810 100644 --- a/project/service/ollama/ollama.yml +++ b/project/service/ollama/ollama.yml @@ -3,8 +3,8 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ollama/ollama - container_name: ollama + image: ollama/ollama:0.13.5 + container_name: ollama ports: - 4019:11434 networks: @@ -12,8 +12,6 @@ services: volumes: - ${SERVICE_PATH}/ollama/data:/root/.ollama labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.ollama.rule=Host(`ollama.${PUBLIC_DOMAIN}`)" diff --git a/project/service/paperless-ngx/paperless-ngx.yml b/project/service/paperless-ngx/paperless-ngx.yml index e545258..679c52e 100644 --- a/project/service/paperless-ngx/paperless-ngx.yml +++ b/project/service/paperless-ngx/paperless-ngx.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: ghcr.io/paperless-ngx/paperless-ngx:latest + image: ghcr.io/paperless-ngx/paperless-ngx:2.20.3 container_name: paperless-ngx ports: - "4009:8000" @@ -37,8 +37,6 @@ services: # PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect" # PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.crescentec.xyz","token_auth_method":"client_secret_basic"}}]}}' labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.paperless.rule=Host(`paperless.${PUBLIC_DOMAIN}`)" diff --git a/project/service/pdf/pdf.yml b/project/service/pdf/pdf.yml index 2ba3108..5d6d584 100644 --- a/project/service/pdf/pdf.yml +++ b/project/service/pdf/pdf.yml @@ -3,15 +3,13 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: bentopdf/bentopdf-simple + image: bentopdf/bentopdf-simple:1.15.1 container_name: pdf ports: - - '4003:8080' + - "4003:8080" networks: - ip6net labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.pdf.rule=Host(`pdf.${PUBLIC_DOMAIN}`)" diff --git a/project/service/radicale/radicale.yml b/project/service/radicale/radicale.yml index 5a63e6d..73db091 100644 --- a/project/service/radicale/radicale.yml +++ b/project/service/radicale/radicale.yml @@ -3,7 +3,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: tomsquest/docker-radicale + image: tomsquest/docker-radicale:3.5.10.0 container_name: radicale ports: - 4017:5232 @@ -26,8 +26,6 @@ services: - ${SERVICE_PATH}/radicale/config:/config/ - ${EXTERNAL_STORAGE}/calendars-contacts:/data labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)" diff --git a/project/service/vaultwarden/vaultwarden.yml b/project/service/vaultwarden/vaultwarden.yml index 8187f78..2128457 100644 --- a/project/service/vaultwarden/vaultwarden.yml +++ b/project/service/vaultwarden/vaultwarden.yml @@ -3,18 +3,18 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: vaultwarden/server - container_name: vaultwarden + image: vaultwarden/server:1.35.0 + container_name: vaultwarden ports: - 4018:80 networks: - ip6net environment: DOMAIN: "https://vaultwarden.${PUBLIC_DOMAIN}" - SIGNUPS_ALLOWED: false + SIGNUPS_ALLOWED: false INVITATIONS_ALLOWED: false - SSO_ENABLED: false # for now sso does only help companies for role management and the master password is still necessary - SSO_ONLY: false + SSO_ENABLED: false # for now sso does only help companies for role management and the master password is still necessary + SSO_ONLY: false SSO_AUTHORITY: https://auth.${PUBLIC_DOMAIN} SSO_SCOPES: profile email offline_access SSO_CLIENT_ID: vaultwarden @@ -22,8 +22,6 @@ services: volumes: - ${EXTERNAL_STORAGE}/passwords:/data/ labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${PUBLIC_DOMAIN}`)" diff --git a/project/service/vikunja/vikunja.yml b/project/service/vikunja/vikunja.yml index 75c99cf..0f5456a 100644 --- a/project/service/vikunja/vikunja.yml +++ b/project/service/vikunja/vikunja.yml @@ -1,4 +1,4 @@ -secrets: +secrets: vikunja_jwt_secret: file: ${SERVICE_PATH}/vikunja/secrets/vikunja_jwt_secret.txt services: @@ -6,7 +6,7 @@ services: extends: file: ${TEMPLATES_PATH} service: default - image: vikunja/vikunja:latest + image: vikunja/vikunja:0.24.6 container_name: vikunja secrets: [vikunja_jwt_secret] environment: @@ -19,17 +19,16 @@ services: VIKUNJA_SERVICE_PUBLICURL: https://vikunja.${PUBLIC_DOMAIN} networks: - ip6net - volumes: + volumes: - ${SERVICE_PATH}/vikunja/data:/app/vikunja/files - ${SERVICE_PATH}/vikunja/config:/etc/vikunja labels: - # Watchtower - - "com.centurylinklabs.watchtower.enable=true" # Traefik - "traefik.enable=true" - "traefik.http.routers.vikunja.rule=Host(`vikunja.${PUBLIC_DOMAIN}`)" - "traefik.http.routers.vikunja.entrypoints=https" - "traefik.http.routers.vikunja.tls.certresolver=myresolver" - - 'traefik.http.routers.vikunja.tls=true' + - "traefik.http.routers.vikunja.tls=true" # Middlewares - - "traefik.http.routers.vikunja.middlewares=crowdsec-bouncer@file" \ No newline at end of file + - "traefik.http.routers.vikunja.middlewares=crowdsec-bouncer@file" + diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..841fe19 --- /dev/null +++ b/renovate.json @@ -0,0 +1,42 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ], + "dependencyDashboard": true, + "dependencyDashboardTitle": "Renovate Dashboard", + "assignees": [ + "chriswin" + ], + "labels": [ + "renovate" + ], + "configMigration": true, + "prHourlyLimit": 0, + "docker-compose": { + "hostRules": [ + { + "matchHost": "docker.io", + "concurrentRequestLimit": 2 + } + ], + "packageRules": [ + { + "matchPackageNames": "tensorchord/pgvecto-rs", + "enabled": false + }, + { + "matchPackageNames": "mysql", + "enabled": false + }, + { + "matchPackageNames": "mrusse08/soularr", + "enabled": false + }, + { + "matchPackageNames": "mysql", + "enabled": false + } + ] + } +}