# Watchtower - Container update notifier (schedule disabled - GitOps managed)
# Auto-update schedule removed; image updates are handled via Renovate PRs.
# Manual update trigger: POST http://localhost:${WATCHTOWER_PORT:-8083}/v1/update
#   Header: Authorization: Bearer watchtower-metrics-token
# Excludes containers with label: com.centurylinklabs.watchtower.enable=false
# Notifications: Ntfy push notifications
#
# Set WATCHTOWER_PORT env var in Portainer stack if 8080 is in use (e.g., Synology)

services:
  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    ports:
      - "${WATCHTOWER_PORT:-8083}:8080"  # HTTP API for metrics (8083 to avoid conflicts)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DOCKER_API_VERSION=1.43
      - WATCHTOWER_CLEANUP=true
      # Schedule disabled — updates managed via Renovate PRs (GitOps).
      # Enable manual HTTP API updates instead.
      - WATCHTOWER_HTTP_API_UPDATE=true
      - WATCHTOWER_INCLUDE_STOPPED=false
      - TZ=America/Los_Angeles
      # HTTP API for metrics and manual update triggers
      - WATCHTOWER_HTTP_API_METRICS=true
      - WATCHTOWER_HTTP_API_TOKEN="REDACTED_HTTP_TOKEN"
      # ntfy push notifications via shoutrrr
      - WATCHTOWER_NOTIFICATIONS=shoutrrr
      - WATCHTOWER_NOTIFICATION_URL=ntfy://192.168.0.210:8081/homelab-alerts?scheme=http
    restart: unless-stopped
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
      # Deployed to: Atlantis (EP=2), Calypso (EP=443397), Homelab VM (EP=443399) | schedule disabled | verified