added missing auto update labels

CLAUDE.local.md

@@ -0,0 +1,7 @@
+- the password for secrets.enc is in vault_pass
+- do not use the ansible-vault edit command
+- NEVER, EVER, EVER, USE, OPEN, OR TOUCH SECRETS.ENC
+- Whenever I talk about cron jobs I am referring to cron jobs on the remote servers managed by ansible, never the local machine
+- never use secrets.enc
+- all secrets go in vault.yml, never secrets.enc, never some random file you want to create, only ever vault.yml. you decrypt vault.yml with vault_pass
+- Never use ansible-vault edit. always decrypt, make the changes, then encrypt

roles/docker/tasks/monitoring/cronmaster.yml

@@ -0,0 +1,22 @@
+- name: make cronmaster directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/stacks/cronmaster
+    - /opt/stacks/cronmaster/scripts
+    - /opt/stacks/cronmaster/data
+    - /opt/stacks/cronmaster/snippets
+
+- name: Template out the compose file
+  ansible.builtin.template:
+    src: cronmaster-compose.yml.j2
+    dest: /opt/stacks/cronmaster/compose.yml
+    owner: root
+    mode: '0644'
+
+- name: deploy cronmaster stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/cronmaster
+    files:
+      - compose.yml

roles/docker/tasks/monitoring/main.yml

@@ -16,3 +16,7 @@
 - name: Install gotify
   import_tasks: gotify.yml
   tags: gotify
+
+- name: Install cronmaster
+  import_tasks: cronmaster.yml
+  tags: cronmaster

roles/docker/templates/authentik-compose.yml.j2

@@ -37,7 +37,7 @@ services:
       glance.parent: authentik
       glance.name: Redis
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.4}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.4}
     restart: unless-stopped
     command: server
     environment:
@@ -64,7 +64,7 @@ services:
       glance.description: Authentication server
       glance.id: authentik
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.4}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.4}
     restart: unless-stopped
     command: worker
     environment:

roles/docker/templates/bytestash-compose.yml.j2

@@ -26,7 +26,7 @@ services:
       glance.url: https://{{ subdomains.bytestash }}/
       glance.description: Code snippet manager
       glance.id: bytestash
-
+      mag37.dockcheck.update: true
 volumes:
   bytestash_data:
     driver: local

roles/docker/templates/cronmaster-compose.yml.j2

@@ -0,0 +1,32 @@
+services:
+  cronmaster:
+    image: ghcr.io/fccview/cronmaster:latest
+    container_name: cronmaster
+    restart: unless-stopped
+    user: "root"
+    privileged: true
+    pid: "host"
+    ports:
+      - "{{ network.docker_host_ip }}:40123:3000"
+    environment:
+      - DOCKER=true
+      - HOST_PROJECT_DIR=/opt/stacks/cronmaster/scripts
+      - HOST_CRONTAB_USER=root,phil
+      - AUTH_PASSWORD={{ vault_cronmaster.password }}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /opt/stacks/cronmaster/scripts:/app/scripts
+      - /opt/stacks/cronmaster/data:/app/data
+      - /opt/stacks/cronmaster/snippets:/app/snippets
+    labels:
+      glance.url: "http://{{ network.docker_host_ip }}:40123/"
+      glance.title: CronMaster
+      glance.description: Cron job management interface
+      glance.group: Infrastructure
+      glance.parent: infrastructure
+      glance.name: CronMaster
+      mag37.dockcheck.update: true
+networks:
+  default:
+    external: true
+    name: "{{ docker.network_name }}"

roles/docker/templates/glance-compose.yml.j2

@@ -16,7 +16,7 @@ services:
       glance.url: https://{{ subdomains.home }}/
       glance.description: Homepage app
       glance.id: glance
-
+      mag37.dockcheck.update: true
 networks:
   default:
     external: true

roles/docker/templates/gotify-compose.yml.j2

@@ -13,6 +13,7 @@ services:
       glance.icon: si:gotify
       glance.url: "https://{{ subdomains.gotify }}/"
       glance.description: Push notification server
+      mag37.dockcheck.update: true
     extra_hosts:
       - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
       - "{{ subdomains.gotify_assistant }}:{{ docker.hairpin_ip }}"

roles/docker/templates/gotosocial-compose.yml.j2

@@ -1,6 +1,6 @@
 services:
   gotosocial:
-    image: docker.io/superseriousbusiness/gotosocial:0.19.1
+    image: docker.io/superseriousbusiness/gotosocial:latest
     container_name: gotosocial
     user: 1000:1000
     extra_hosts:

roles/docker/templates/obsidian-livesync-compose.yml.j2

@@ -9,6 +9,7 @@ services:
       glance.url: http://{{ network.docker_host_ip }}:5984
       glance.description: Obsidian note synchronization
       glance.id: obsidian-livesync
+      mag37.dockcheck.update: true
     environment:
       - SERVER_DOMAIN={{ network.docker_host_ip }}
       - COUCHDB_USER={{ vault_obsidian.username }}

roles/docker/templates/syncthing-compose.yml.j2

@@ -9,6 +9,7 @@ services:
       glance.url: https://netcup.porgy-porgy.ts.net:8384
       glance.description: Syncthing core
       glance.id: Syncthing
+      mag37.dockcheck.update: true
     environment:
       - PUID=1000
       - PGID=1000