# Watchtower - Enhanced Configuration with Multiple Notification Options
# Schedule: Daily at 4:00 AM
# HTTP API: POST to http://localhost:${WATCHTOWER_PORT:-8080}/v1/update
# Excludes containers with label: com.centurylinklabs.watchtower.enable=false
# Notifications: Multiple ntfy endpoints for redundancy
#
# Set WATCHTOWER_PORT env var in Portainer stack if 8080 is in use (e.g., Synology)

services:
  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    ports:
      - "${WATCHTOWER_PORT:-8080}:8080"  # HTTP API for manual triggers
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_SCHEDULE=0 0 4 * * *
      - WATCHTOWER_INCLUDE_STOPPED=false
      - TZ=America/Los_Angeles
      # HTTP API for metrics only (not updates to allow scheduled runs)
      - WATCHTOWER_HTTP_API_METRICS=true
      - WATCHTOWER_HTTP_API_TOKEN="REDACTED_HTTP_TOKEN"
      # Notifications disabled to avoid configuration issues
      # - WATCHTOWER_NOTIFICATIONS=shoutrrr
      # Option 1: Local only (most reliable, no external dependencies)
      # - WATCHTOWER_NOTIFICATION_URL=ntfy://localhost:8081/updates
      # Option 2: External only (get notifications when away from home)
      # - WATCHTOWER_NOTIFICATION_URL=ntfy://ntfy.vish.gg/homelab-alerts
      # Option 3: Both local and external (redundancy - uncomment to use)
      # - WATCHTOWER_NOTIFICATION_URL=ntfy://localhost:8081/updates?insecure=yes,ntfy://ntfy.vish.gg/homelab-alerts
      # Option 4: Local IP (if localhost doesn't work)
      # - WATCHTOWER_NOTIFICATION_URL=ntfy://192.168.0.210:8081/updates?insecure=yes
    restart: unless-stopped
    labels:
      # Exclude watchtower from updating itself (prevent self-restart loops)
      - "com.centurylinklabs.watchtower.enable=false"