chore: Tag all images

ansible/roles/swarm-bootstrap/templates/portainer/docker-stack.yml.j2

@@ -5,7 +5,7 @@ networks:
 
 services:
   agent:
-    image: portainer/agent:latest
+    image: portainer/agent:2.16.2
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /var/lib/docker/volumes:/var/lib/docker/volumes
@@ -21,7 +21,7 @@ services:
         constraints: [node.platform.os == linux]
 
   portainer:
-    image: portainer/portainer:latest
+    image: portainer/portainer-ce:2.21.5
     command: "-H tcp://tasks.agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password {{portainer_htpasswd}}"
     ports:
       - "9000:9000"

docker/compose/media/docker-compose.yml

@@ -14,7 +14,7 @@ volumes:
 
 services:
   transmission-openvpn:
-    image: haugene/transmission-openvpn
+    image: haugene/transmission-openvpn:5.3.1
     cap_add:
       - NET_ADMIN
     networks:
@@ -43,6 +43,7 @@ services:
       - TRANSMISSION_WEB_UI=flood-for-transmission
       - TZ=America/Vancouver
       - LOCAL_NETWORK=10.0.0.0/16
+    restart: unless-stopped
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.transmission_openvpn.rule=Host(`${TRANSMISSION_HOST:-tovpn.jumper.mnke.org}`)"
@@ -60,7 +61,7 @@ services:
           memory: 64M
 
   prowlarr:
-    image: lscr.io/linuxserver/prowlarr
+    image: lscr.io/linuxserver/prowlarr:1.30.2
     environment:
       - PUID=${PUID:-8796}
       - PGID=${PGID:-3005}
@@ -70,6 +71,7 @@ services:
       - traefik
     volumes:
       - prowlarr_config:/config
+    restart: unless-stopped
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.prowlarr.rule=Host(`${PROWLARR_HOST:-prowlarr.jumper.mnke.org}`)"
@@ -87,7 +89,7 @@ services:
           memory: 64M
 
   radarr:
-    image: lscr.io/linuxserver/radarr
+    image: lscr.io/linuxserver/radarr:5.18.4
     environment:
       - PUID=${PUID:-8796}
       - PGID=${PGID:-3005}
@@ -101,6 +103,7 @@ services:
     depends_on:
       transmission-openvpn:
         condition: service_healthy
+    restart: unless-stopped
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.radarr.rule=Host(`${RADARR_HOST:-radarr.jumper.mnke.org}`)"
@@ -119,7 +122,7 @@ services:
           memory: 64M
 
   sonarr:
-    image: lscr.io/linuxserver/sonarr
+    image: lscr.io/linuxserver/sonarr:4.0.12
     environment:
       - PUID=${PUID:-8796}
       - PGID=${PGID:-3005}
@@ -133,6 +136,7 @@ services:
     depends_on:
       transmission-openvpn:
         condition: service_healthy
+    restart: unless-stopped
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.sonarr.rule=Host(`${SONARR_HOST:-sonarr.jumper.mnke.org}`)"
@@ -150,7 +154,7 @@ services:
           memory: 64M
 
   flaresolverr:
-    image: ghcr.io/flaresolverr/flaresolverr
+    image: ghcr.io/flaresolverr/flaresolverr:v3.3.21
     environment:
       - LOG_LEVEL=${FLARESOLVERR_LOG_LEVEL:-info}
       - LOG_HTML=${FLARESOLVERR_LOG_HTML:-false}
@@ -160,6 +164,7 @@ services:
       - media
     # ports:
       # - "${PORT:-8191}:8191"
+    restart: unless-stopped
     deploy:
       resources:
         limits:
@@ -170,7 +175,7 @@ services:
           memory: 64M
 
   jellyseerr:
-    image: fallenbagel/jellyseerr
+    image: fallenbagel/jellyseerr:2.3.0
     environment:
       # - LOG_LEVEL=debug
       - TZ=America/Vancouver
@@ -184,6 +189,7 @@ services:
         condition: service_started
       sonarr:
         condition: service_started
+    restart: unless-stopped
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.jellyseerr.rule=Host(`${JELLYSEERR_HOST:-seerr.jumper.mnke.org}`)"

docker/compose/portainer/docker-compose.yml

@@ -6,7 +6,7 @@ networks:
 
 services:
   agent:
-    image: portainer/agent:latest
+    image: portainer/agent:2.16.2
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /mnt/docker/docker-root/volumes:/var/lib/docker/volumes
@@ -19,8 +19,8 @@ services:
     restart: unless-stopped
 
   portainer:
-    image: portainer/portainer:latest
+    image: portainer/portainer-ce:2.21.5
-    command: -H tcp://agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password $$2y$$05$$JU48mcf9WWtewdrEbPhcIeCtZx5asCeeSV.Ew.4CJDB.2YyDZd21K
+    command: -H tcp://agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password ${PORTAINER_HTPASSWD}
     ports:
       - "9000:9000"
       - "8000:8000"

docker/compose/traefik/docker-compose.yml

@@ -7,6 +7,9 @@ networks:
 services:
   traefik:
     image: traefik:v3.3
+    # This seems to be needed to solve the DNS challenge. Otherwise our own
+    # DNS server is used, which isn't correctly configured to allow checking
+    # the DNS entries have been propagated
     dns:
       - 1.1.1.1
       - 1.0.0.1

docker/stacks/authentik/docker-stack.yml

@@ -5,26 +5,9 @@ networks:
   traefik:
     external: true
   authentik:
+    name: authentik
 
 volumes:
-  authentik_media:
-    driver: local
-    driver_opts:
-      o: bind
-      type: none
-      device: ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}
-  authentik_certs:
-    driver: local
-    driver_opts:
-      o: bind
-      type: none
-      device: ${AUTHENTIK_CERTS_DIRECTORY:-/mnt/stingray/authentik/certs}
-  authentik_templates:
-    driver: local
-    driver_opts:
-      o: bind
-      type: none
-      device: ${AUTHENTIK_TEMPLATES_DIRECTORY:-/mnt/stingray/authentik/custom-templates}
   redis_data:
     driver: local
     driver_opts:
@@ -34,7 +17,7 @@ volumes:
 
 services:
   redis:
-    image: docker.io/library/redis:alpine
+    image: docker.io/library/redis:7.4.2-alpine
     command: --save 60 1 --loglevel warning
     networks:
       - authentik
@@ -65,8 +48,8 @@ services:
       AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:-password}
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:-supersecretkey}
     volumes:
-      - authentik_media:/media
+      - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/media
-      - authentik_certs:/templates
+      - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/templates
     networks:
       - authentik
       - traefik
@@ -114,9 +97,9 @@ services:
       - authentik
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - authentik_media:/media
+      - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/media
-      - authentik_certs:/certs
+      - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/certs
-      - authentik_templates:/templates
+      - ${AUTHENTIK_MEDIA_DIRECTORY:-/mnt/stingray/authentik/media}:/templates
     depends_on:
       - redis
     deploy:

docker/stacks/db-ui/docker-stack.yml

@@ -7,7 +7,7 @@ networks:
 
 services:
   phpmyadmin:
-    image: phpmyadmin
+    image: phpmyadmin:5.2.2-apache
     environment:
       - PMA_HOST=${DB_HOST:-db.home.mnke.org}
     networks:
@@ -33,7 +33,7 @@ services:
           memory: 32M
 
   pgadmin:
-    image: dpage/pgadmin4
+    image: dpage/pgadmin4:9.0.0
     environment:
       - PGADMIN_DEFAULT_EMAIL=${PGADMIN_EMAIL:-tony@mnke.org}
       - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD:-password}

docker/stacks/infisical/docker-stack.yml

@@ -4,7 +4,7 @@ version: "3"
 services:
   db-migration:
     container_name: infisical-db-migration
-    image: infisical/infisical:latest-postgres
+    image: infisical/infisical:v0.108.1-postgres
     environment:
       # Keys
       # Required key for platform encryption/decryption ops
@@ -33,7 +33,7 @@ services:
     depends_on:
       - redis
       - db-migration
-    image: infisical/infisical:latest-postgres
+    image: infisical/infisical:v0.108.1-postgres
     environment:
       - NODE_ENV=production
       - PORT=8080
@@ -71,7 +71,7 @@ services:
           memory: 128M
 
   redis:
-    image: redis
+    image: redis:7.4.2-alpine
     container_name: infisical-dev-redis
     restart: always
     environment:
@@ -95,6 +95,7 @@ services:
 
 networks:
   infisical:
+    name: infisical
   traefik:
     external: true