diff --git a/ansible/roles/swarm-bootstrap/templates/portainer/docker-stack.yml.j2 b/ansible/roles/swarm-bootstrap/templates/portainer/docker-stack.yml.j2 index d9889bf..d6fdfd4 100644 --- a/ansible/roles/swarm-bootstrap/templates/portainer/docker-stack.yml.j2 +++ b/ansible/roles/swarm-bootstrap/templates/portainer/docker-stack.yml.j2 @@ -5,7 +5,7 @@ networks: services: agent: - image: portainer/agent:latest + image: portainer/agent:2.16.2 volumes: - /var/run/docker.sock:/var/run/docker.sock - /var/lib/docker/volumes:/var/lib/docker/volumes @@ -21,7 +21,7 @@ services: constraints: [node.platform.os == linux] portainer: - image: portainer/portainer:latest + image: portainer/portainer-ce:2.21.5 command: "-H tcp://tasks.agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password {{portainer_htpasswd}}" ports: - "9000:9000" diff --git a/docker/compose/media/docker-compose.yml b/docker/compose/media/docker-compose.yml index 7600d33..a6f4d5d 100644 --- a/docker/compose/media/docker-compose.yml +++ b/docker/compose/media/docker-compose.yml @@ -14,7 +14,7 @@ volumes: services: transmission-openvpn: - image: haugene/transmission-openvpn + image: haugene/transmission-openvpn:5.3.1 cap_add: - NET_ADMIN networks: @@ -43,6 +43,7 @@ services: - TRANSMISSION_WEB_UI=flood-for-transmission - TZ=America/Vancouver - LOCAL_NETWORK=10.0.0.0/16 + restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.transmission_openvpn.rule=Host(`${TRANSMISSION_HOST:-tovpn.jumper.mnke.org}`)" @@ -60,7 +61,7 @@ services: memory: 64M prowlarr: - image: lscr.io/linuxserver/prowlarr + image: lscr.io/linuxserver/prowlarr:1.30.2 environment: - PUID=${PUID:-8796} - PGID=${PGID:-3005} @@ -70,6 +71,7 @@ services: - traefik volumes: - prowlarr_config:/config + restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.prowlarr.rule=Host(`${PROWLARR_HOST:-prowlarr.jumper.mnke.org}`)" @@ -87,7 +89,7 @@ services: memory: 64M radarr: - image: lscr.io/linuxserver/radarr + image: lscr.io/linuxserver/radarr:5.18.4 environment: - PUID=${PUID:-8796} - PGID=${PGID:-3005} @@ -101,6 +103,7 @@ services: depends_on: transmission-openvpn: condition: service_healthy + restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.radarr.rule=Host(`${RADARR_HOST:-radarr.jumper.mnke.org}`)" @@ -119,7 +122,7 @@ services: memory: 64M sonarr: - image: lscr.io/linuxserver/sonarr + image: lscr.io/linuxserver/sonarr:4.0.12 environment: - PUID=${PUID:-8796} - PGID=${PGID:-3005} @@ -133,6 +136,7 @@ services: depends_on: transmission-openvpn: condition: service_healthy + restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.sonarr.rule=Host(`${SONARR_HOST:-sonarr.jumper.mnke.org}`)" @@ -150,7 +154,7 @@ services: memory: 64M flaresolverr: - image: ghcr.io/flaresolverr/flaresolverr + image: ghcr.io/flaresolverr/flaresolverr:v3.3.21 environment: - LOG_LEVEL=${FLARESOLVERR_LOG_LEVEL:-info} - LOG_HTML=${FLARESOLVERR_LOG_HTML:-false} @@ -160,6 +164,7 @@ services: - media # ports: # - "${PORT:-8191}:8191" + restart: unless-stopped deploy: resources: limits: @@ -170,7 +175,7 @@ services: memory: 64M jellyseerr: - image: fallenbagel/jellyseerr + image: fallenbagel/jellyseerr:2.3.0 environment: # - LOG_LEVEL=debug - TZ=America/Vancouver @@ -184,6 +189,7 @@ services: condition: service_started sonarr: condition: service_started + restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.jellyseerr.rule=Host(`${JELLYSEERR_HOST:-seerr.jumper.mnke.org}`)" diff --git a/docker/compose/portainer/docker-compose.yml b/docker/compose/portainer/docker-compose.yml index 0b80e0a..acb292c 100644 --- a/docker/compose/portainer/docker-compose.yml +++ b/docker/compose/portainer/docker-compose.yml @@ -6,7 +6,7 @@ networks: services: agent: - image: portainer/agent:latest + image: portainer/agent:2.16.2 volumes: - /var/run/docker.sock:/var/run/docker.sock - /mnt/docker/docker-root/volumes:/var/lib/docker/volumes @@ -19,8 +19,8 @@ services: restart: unless-stopped portainer: - image: portainer/portainer:latest - command: -H tcp://agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password $$2y$$05$$JU48mcf9WWtewdrEbPhcIeCtZx5asCeeSV.Ew.4CJDB.2YyDZd21K + image: portainer/portainer-ce:2.21.5 + command: -H tcp://agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password ${PORTAINER_HTPASSWD} ports: - "9000:9000" - "8000:8000" diff --git a/docker/compose/traefik/docker-compose.yml b/docker/compose/traefik/docker-compose.yml index e44e9d5..84d347a 100644 --- a/docker/compose/traefik/docker-compose.yml +++ b/docker/compose/traefik/docker-compose.yml @@ -7,6 +7,9 @@ networks: services: traefik: image: traefik:v3.3 + # This seems to be needed to solve the DNS challenge. Otherwise our own + # DNS server is used, which isn't correctly configured to allow checking + # the DNS entries have been propagated dns: - 1.1.1.1 - 1.0.0.1 diff --git a/docker/stacks/authentik/docker-stack.yml b/docker/stacks/authentik/docker-stack.yml index 2741a17..e54ee82 100644 --- a/docker/stacks/authentik/docker-stack.yml +++ b/docker/stacks/authentik/docker-stack.yml @@ -5,26 +5,9 @@ networks: traefik: external: true authentik: + name: authentik volumes: - authentik_media: - driver: local - driver_opts: - o: bind - type: none - device: ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media} - authentik_certs: - driver: local - driver_opts: - o: bind - type: none - device: ${AUTHENTIK_CERTS_DIRECTORY:-/mnt/stingray/authentik/certs} - authentik_templates: - driver: local - driver_opts: - o: bind - type: none - device: ${AUTHENTIK_TEMPLATES_DIRECTORY:-/mnt/stingray/authentik/custom-templates} redis_data: driver: local driver_opts: @@ -34,7 +17,7 @@ volumes: services: redis: - image: docker.io/library/redis:alpine + image: docker.io/library/redis:7.4.2-alpine command: --save 60 1 --loglevel warning networks: - authentik @@ -65,8 +48,8 @@ services: AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-password} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-supersecretkey} volumes: - - authentik_media:/media - - authentik_certs:/templates + - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/media + - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/templates networks: - authentik - traefik @@ -114,9 +97,9 @@ services: - authentik volumes: - /var/run/docker.sock:/var/run/docker.sock - - authentik_media:/media - - authentik_certs:/certs - - authentik_templates:/templates + - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/media + - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/certs + - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/templates depends_on: - redis deploy: diff --git a/docker/stacks/db-ui/docker-stack.yml b/docker/stacks/db-ui/docker-stack.yml index 6256198..818edef 100644 --- a/docker/stacks/db-ui/docker-stack.yml +++ b/docker/stacks/db-ui/docker-stack.yml @@ -7,7 +7,7 @@ networks: services: phpmyadmin: - image: phpmyadmin + image: phpmyadmin:5.2.2-apache environment: - PMA_HOST=${DB_HOST:-db.home.mnke.org} networks: @@ -33,7 +33,7 @@ services: memory: 32M pgadmin: - image: dpage/pgadmin4 + image: dpage/pgadmin4:9.0.0 environment: - PGADMIN_DEFAULT_EMAIL=${PGADMIN_EMAIL:-tony@mnke.org} - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD:-password} diff --git a/docker/stacks/infisical/docker-stack.yml b/docker/stacks/infisical/docker-stack.yml index a73d12c..5e9afaf 100644 --- a/docker/stacks/infisical/docker-stack.yml +++ b/docker/stacks/infisical/docker-stack.yml @@ -4,7 +4,7 @@ version: "3" services: db-migration: container_name: infisical-db-migration - image: infisical/infisical:latest-postgres + image: infisical/infisical:v0.108.1-postgres environment: # Keys # Required key for platform encryption/decryption ops @@ -33,7 +33,7 @@ services: depends_on: - redis - db-migration - image: infisical/infisical:latest-postgres + image: infisical/infisical:v0.108.1-postgres environment: - NODE_ENV=production - PORT=8080 @@ -71,7 +71,7 @@ services: memory: 128M redis: - image: redis + image: redis:7.4.2-alpine container_name: infisical-dev-redis restart: always environment: @@ -95,6 +95,7 @@ services: networks: infisical: + name: infisical traefik: external: true