Sanitized mirror from private repository - 2026-04-18 12:12:12 UTC

2026-04-18 12:12:12 +00:00
commit a63c410ce3
1418 changed files with 359957 additions and 0 deletions
--- a/common/watchtower-agent-updater.yaml
+++ b/common/watchtower-agent-updater.yaml
@@ -0,0 +1,17 @@
+# Watchtower - Auto-update Portainer Edge Agent only
+# Schedule: Sundays at 3:00 AM
+# Only updates the portainer_edge_agent container
+
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    container_name: watchtower-agent-updater
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_SCHEDULE=0 0 3 * * 0
+      - WATCHTOWER_ROLLING_RESTART=true
+      - TZ=America/Los_Angeles
+    command: portainer_edge_agent
+    restart: unless-stopped
--- a/common/watchtower-enhanced.yaml
+++ b/common/watchtower-enhanced.yaml
@@ -0,0 +1,38 @@
+# Watchtower - Enhanced Configuration with Multiple Notification Options
+# Schedule: Daily at 4:00 AM
+# HTTP API: POST to http://localhost:${WATCHTOWER_PORT:-8080}/v1/update
+# Excludes containers with label: com.centurylinklabs.watchtower.enable=false
+# Notifications: Multiple ntfy endpoints for redundancy
+#
+# Set WATCHTOWER_PORT env var in Portainer stack if 8080 is in use (e.g., Synology)
+
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    container_name: watchtower
+    ports:
+      - "${WATCHTOWER_PORT:-8080}:8080"  # HTTP API for manual triggers
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_SCHEDULE=0 0 4 * * *
+      - WATCHTOWER_INCLUDE_STOPPED=false
+      - TZ=America/Los_Angeles
+      # HTTP API for metrics only (not updates to allow scheduled runs)
+      - WATCHTOWER_HTTP_API_METRICS=true
+      - WATCHTOWER_HTTP_API_TOKEN="REDACTED_HTTP_TOKEN"
+      # Notifications disabled to avoid configuration issues
+      # - WATCHTOWER_NOTIFICATIONS=shoutrrr
+      # Option 1: Local only (most reliable, no external dependencies)
+      # - WATCHTOWER_NOTIFICATION_URL=ntfy://localhost:8081/updates
+      # Option 2: External only (get notifications when away from home)
+      # - WATCHTOWER_NOTIFICATION_URL=ntfy://ntfy.vish.gg/homelab-alerts
+      # Option 3: Both local and external (redundancy - uncomment to use)
+      # - WATCHTOWER_NOTIFICATION_URL=ntfy://localhost:8081/updates?insecure=yes,ntfy://ntfy.vish.gg/homelab-alerts
+      # Option 4: Local IP (if localhost doesn't work)
+      # - WATCHTOWER_NOTIFICATION_URL=ntfy://192.168.0.210:8081/updates?insecure=yes
+    restart: unless-stopped
+    labels:
+      # Exclude watchtower from updating itself (prevent self-restart loops)
+      - "com.centurylinklabs.watchtower.enable=false"
--- a/common/watchtower-full.yaml
+++ b/common/watchtower-full.yaml
@@ -0,0 +1,35 @@
+# Watchtower - Container update notifier (schedule disabled - GitOps managed)
+# Auto-update schedule removed; image updates are handled via Renovate PRs.
+# Manual update trigger: POST http://localhost:${WATCHTOWER_PORT:-8083}/v1/update
+#   Header: Authorization: Bearer watchtower-metrics-token
+# Excludes containers with label: com.centurylinklabs.watchtower.enable=false
+# Notifications: Ntfy push notifications
+#
+# Set WATCHTOWER_PORT env var in Portainer stack if 8080 is in use (e.g., Synology)
+
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    container_name: watchtower
+    ports:
+      - "${WATCHTOWER_PORT:-8083}:8080"  # HTTP API for metrics (8083 to avoid conflicts)
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - DOCKER_API_VERSION=1.43
+      - WATCHTOWER_CLEANUP=true
+      # Schedule disabled — updates managed via Renovate PRs (GitOps).
+      # Enable manual HTTP API updates instead.
+      - WATCHTOWER_HTTP_API_UPDATE=true
+      - WATCHTOWER_INCLUDE_STOPPED=false
+      - TZ=America/Los_Angeles
+      # HTTP API for metrics and manual update triggers
+      - WATCHTOWER_HTTP_API_METRICS=true
+      - WATCHTOWER_HTTP_API_TOKEN="REDACTED_HTTP_TOKEN"
+      # ntfy push notifications via shoutrrr
+      - WATCHTOWER_NOTIFICATIONS=shoutrrr
+      - WATCHTOWER_NOTIFICATION_URL=ntfy://192.168.0.210:8081/homelab-alerts?scheme=http
+    restart: unless-stopped
+    labels:
+      - "com.centurylinklabs.watchtower.enable=false"
+      # Deployed to: Atlantis (EP=2), Calypso (EP=443397), Homelab VM (EP=443399) | schedule disabled | verified