diff --git a/README.md b/README.md index 4d3a8212..15d542e0 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ just a stock Ubuntu install, some clever Ansible config and a bunch of Docker co - [Telegraf](https://github.com/influxdata/telegraf) - Metrics collection agent - [Traefik](https://traefik.io/) - Web proxy and SSL certificate manager - [Transmission](https://transmissionbt.com/) BitTorrent client (with OpenVPN if you have a supported VPN provider) + - [Watchtower](https://github.com/v2tec/watchtower) Monitor your Docker containers and update them if a new version is available - [ZNC](https://wiki.znc.in/ZNC) - IRC bouncer to stay connected to favourite IRC networks and channels ## What This Could Do diff --git a/group_vars/all.yml.dist b/group_vars/all.yml.dist index 37be3f2a..2cccd41c 100644 --- a/group_vars/all.yml.dist +++ b/group_vars/all.yml.dist @@ -34,6 +34,7 @@ glances_enabled: true stats_enabled: false guacamole_enabled: false netdata_enabled: false +watchtower_enabled: false # Backup & Restore duplicati_enabled: true @@ -66,6 +67,37 @@ ansible_nas_email: me@example.com # Applications will have subdomain SSL certificates created, eg ansible-nas., nextcloud. ansible_nas_domain: example.com +### +### Watchtower +### +# Sets the 6 field cron schedule to use for checks and updates +# Keep in mind that this will stop and start containers if there is an update +# So probably best not to do it every 10 minutes unless you want your plex stream +# interrupted +# Default below is every day at 5am (local time if you have set +# your local timezone above) +watchtower_cron_schedule: "0 0 5 * * *" + +## Notifications +# If enabling notifications, you MUST correctly setup the relevant +# section below +watchtower_notifications_enabled: false +# Set the type of notification. email or slack +watchtower_notifications_type: email +# Set the notifications level. panic, fatal, error, warn, info (default) or debug +watchtower_notifications_level: info + +# Email +watchtower_email_from: "{{ ansible_nas_email }}" +watchtower_email_to: "{{ ansible_nas_email }}" +watchtower_email_server: smtp.gmail.com +watchtower_email_server_user: "{{ ansible_nas_email }}" +watchtower_email_server_password: abcd1234 + +# Slack +watchtower_slack_hook_url: https://hooks.slack.com/services/???/???/??? +watchtower_slack_identifier: "watchtower-{{ ansible_nas_hostname }}" + ### ### Docker ### diff --git a/nas.yml b/nas.yml index ba99b530..c0a17e72 100644 --- a/nas.yml +++ b/nas.yml @@ -34,6 +34,10 @@ when: portainer_enabled tags: portainer + - import_tasks: tasks/watchtower.yml + when: watchtower_enabled == true + tags: watchtower + - import_tasks: tasks/plex.yml when: plex_enabled tags: plex diff --git a/tasks/netdata.yml b/tasks/netdata.yml index 59b8ec62..4dda6a1c 100644 --- a/tasks/netdata.yml +++ b/tasks/netdata.yml @@ -1,28 +1,27 @@ -###### Create -- name: Get docker group id - group: - name: docker - register: docker_group - -- name: Netdata Docker Container - docker_container: - name: netdata - hostname: "{{ ansible_nas_hostname }}.{{ ansible_nas_domain }}" - image: netdata/netdata - state: started - pull: true - ports: - - "19999:19999" - volumes: - - "/proc:/host/proc:ro" - - "/sys:/host/sys:ro" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - env: - PGID: "{{ docker_group.gid }}" - capabilities: - - SYS_PTRACE - security_opts: - - apparmor:unconfined - restart_policy: unless-stopped - memory: 1g - +###### Create +- name: Get docker group id + group: + name: docker + register: docker_group + +- name: Netdata Docker Container + docker_container: + name: netdata + hostname: "{{ ansible_nas_hostname }}.{{ ansible_nas_domain }}" + image: netdata/netdata + state: started + pull: true + ports: + - "19999:19999" + volumes: + - "/proc:/host/proc:ro" + - "/sys:/host/sys:ro" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + env: + PGID: "{{ docker_group.gid }}" + capabilities: + - SYS_PTRACE + security_opts: + - apparmor:unconfined + restart_policy: unless-stopped + memory: 1g diff --git a/tasks/watchtower.yml b/tasks/watchtower.yml new file mode 100644 index 00000000..b591726e --- /dev/null +++ b/tasks/watchtower.yml @@ -0,0 +1,57 @@ +--- +- name: Watchtower Docker Container + when: watchtower_notifications_enabled == false + docker_container: + name: watchtower + image: v2tec/watchtower + pull: true + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + env: + TZ: "{{ ansible_nas_timezone }}" + command: --schedule "{{ watchtower_cron_schedule }}" + restart_policy: unless-stopped + memory: 1g + +- name: Watchtower Docker Container w/ Email Notifications + when: + - watchtower_notifications_enabled == true + - watchtower_notifications_type == 'email' + docker_container: + name: watchtower + image: v2tec/watchtower + pull: true + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + env: + TZ: "{{ ansible_nas_timezone }}" + WATCHTOWER_NOTIFICATIONS: email + WATCHTOWER_NOTIFICATIONS_LEVEL: "{{ watchtower_notifications_level }}" + WATCHTOWER_NOTIFICATION_EMAIL_FROM: "{{ watchtower_email_from }}" + WATCHTOWER_NOTIFICATION_EMAIL_TO: "{{ watchtower_email_to }}" + WATCHTOWER_NOTIFICATION_EMAIL_SERVER: "{{ watchtower_email_server }}" + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: "{{ watchtower_email_server_user }}" + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "{{ watchtower_email_server_password }}" + command: --schedule "{{ watchtower_cron_schedule }}" + restart_policy: unless-stopped + memory: 1g + +- name: Watchtower Docker Container w/ Slack Notifications + when: + - watchtower_notifications_enabled == true + - watchtower_notifications_type == 'slack' + docker_container: + name: watchtower + image: v2tec/watchtower + pull: true + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + env: + TZ: "{{ ansible_nas_timezone }}" + WATCHTOWER_NOTIFICATIONS_LEVEL: "{{ watchtower_notifications_level }}" + WATCHTOWER_NOTIFICATIONS: slack + WATCHTOWER_NOTIFICATION_SLACK_HOOK_URL: "{{ watchtower_slack_hook_url }}" + WATCHTOWER_NOTIFICATION_SLACK_IDENTIFIER: "{{ watchtower_slack_identifier }}" + command: --schedule "{{ watchtower_cron_schedule }}" + restart_policy: unless-stopped + memory: 1g