added cronmaster

feat: update service versions - Authentik v2025.8.3 and GoToSocial latest
- Authentik: upgrade from v2025.6.4 to v2025.8.3 for latest security fixes and features - GoToSocial: switch from pinned v0.19.1 to latest tag for ongoing updates 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-17 23:42:02 -06:00 · 2025-09-16 16:17:01 -06:00 · 2025-09-08 17:40:30 -06:00 · 2025-09-08 17:26:16 -06:00
13 changed files with 100 additions and 18 deletions
--- a/roles/docker/tasks/monitoring/cronmaster.yml
+++ b/roles/docker/tasks/monitoring/cronmaster.yml
@@ -0,0 +1,22 @@
+- name: make cronmaster directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/stacks/cronmaster
+    - /opt/stacks/cronmaster/scripts
+    - /opt/stacks/cronmaster/data
+    - /opt/stacks/cronmaster/snippets
+
+- name: Template out the compose file
+  ansible.builtin.template:
+    src: cronmaster-compose.yml.j2
+    dest: /opt/stacks/cronmaster/compose.yml
+    owner: root
+    mode: '0644'
+
+- name: deploy cronmaster stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/cronmaster
+    files:
+      - compose.yml
--- a/roles/docker/tasks/monitoring/main.yml
+++ b/roles/docker/tasks/monitoring/main.yml
@@ -15,4 +15,8 @@

 - name: Install gotify
  import_tasks: gotify.yml
-  tags: gotify
+  tags: gotify
+
+- name: Install cronmaster
+  import_tasks: cronmaster.yml
+  tags: cronmaster
--- a/roles/docker/templates/appriseapi-compose.yml.j2
+++ b/roles/docker/templates/appriseapi-compose.yml.j2
@@ -19,7 +19,7 @@ services:
      glance.url: https://{{ subdomains.appriseapi }}/
      glance.description: Apprise api server
      glance.id: apprise
-    
+      mag37.dockcheck.update: true
 volumes:
  config:
  attach:
--- a/roles/docker/templates/authentik-compose.yml.j2
+++ b/roles/docker/templates/authentik-compose.yml.j2
@@ -37,7 +37,7 @@ services:
      glance.parent: authentik
      glance.name: Redis
  server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.3}
    restart: unless-stopped
    command: server
    environment:
@@ -64,7 +64,7 @@ services:
      glance.description: Authentication server
      glance.id: authentik
  worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.3}
    restart: unless-stopped
    command: worker
    environment:
--- a/roles/docker/templates/baikal-compose.yml.j2
+++ b/roles/docker/templates/baikal-compose.yml.j2
@@ -10,7 +10,7 @@ services:
      glance.icon: si:protoncalendar
      glance.url: https://{{ subdomains.cal }}/
      glance.description: CalDav server
-
+      mag37.dockcheck.update: true
 volumes:
  config:
  data:
--- a/roles/docker/templates/cronmaster-compose.yml.j2
+++ b/roles/docker/templates/cronmaster-compose.yml.j2
@@ -0,0 +1,32 @@
+services:
+  cronmaster:
+    image: ghcr.io/fccview/cronmaster:latest
+    container_name: cronmaster
+    restart: unless-stopped
+    user: "root"
+    privileged: true
+    pid: "host"
+    ports:
+      - "{{ network.docker_host_ip }}:40123:3000"
+    environment:
+      - DOCKER=true
+      - HOST_PROJECT_DIR=/opt/stacks/cronmaster/scripts
+      - HOST_CRONTAB_USER=root,phil
+      - AUTH_PASSWORD={{ vault_cronmaster.password }}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /opt/stacks/cronmaster/scripts:/app/scripts
+      - /opt/stacks/cronmaster/data:/app/data
+      - /opt/stacks/cronmaster/snippets:/app/snippets
+    labels:
+      glance.url: "http://{{ network.docker_host_ip }}:40123/"
+      glance.title: CronMaster
+      glance.description: Cron job management interface
+      glance.group: Infrastructure
+      glance.parent: infrastructure
+      glance.name: CronMaster
+
+networks:
+  default:
+    external: true
+    name: "{{ docker.network_name }}"
--- a/roles/docker/templates/dawarich-compose.yml.j2
+++ b/roles/docker/templates/dawarich-compose.yml.j2
@@ -36,7 +36,7 @@ services:
      timeout: 10s

  dawarich_app:
-    image: freikin/dawarich:0.28.1
+    image: freikin/dawarich:latest
    container_name: dawarich_app
    labels:
      glance.name: Dawarich
@@ -95,7 +95,7 @@ services:
          cpus: '0.50'
          memory: '2G'
  dawarich_sidekiq:
-    image: freikin/dawarich:0.28.1
+    image: freikin/dawarich:latest
    container_name: dawarich_sidekiq
    labels:
      glance.parent: dawarich
--- a/roles/docker/templates/gotify-compose.yml.j2
+++ b/roles/docker/templates/gotify-compose.yml.j2
@@ -32,6 +32,7 @@ services:
      glance.icon: si:apple
      glance.url: "https://{{ subdomains.gotify_assistant }}/"
      glance.description: iOS notification assistant
+      mag37.dockcheck.update: true
    extra_hosts:
      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
      - "{{ subdomains.gotify }}:{{ docker.hairpin_ip }}"
--- a/roles/docker/templates/gotosocial-compose.yml.j2
+++ b/roles/docker/templates/gotosocial-compose.yml.j2
@@ -1,6 +1,6 @@
 services:
  gotosocial:
-    image: docker.io/superseriousbusiness/gotosocial:0.19.1
+    image: docker.io/superseriousbusiness/gotosocial:latest
    container_name: gotosocial
    user: 1000:1000
    extra_hosts:
@@ -44,23 +44,19 @@ services:
    labels:
      glance.parent: gotosocial
      glance.name: Backup
+      mag37.dockcheck.update: true
    environment:
-      BACKUP_FILENAME: backup-gts-%Y-%m-%dT%H-%M-%S.tar.gz
-      BACKUP_LATEST_SYMLINK: backup-latest.tar.gz
+      BACKUP_FILENAME: gts-backup-%Y-%m-%dT%H-%M-%S.tar.gz
      BACKUP_CRON_EXPRESSION: "0 9 * * *"
-      BACKUP_PRUNING_PREFIX: backup-
-      BACKUP_RETENTION_DAYS: 1
+      BACKUP_PRUNING_PREFIX: gts-
+      BACKUP_RETENTION_DAYS: 7
      AWS_S3_BUCKET_NAME: tsolbackups
      AWS_ENDPOINT: s3.us-west-004.backblazeb2.com 
      AWS_ACCESS_KEY_ID: {{ vault_backup.access_key_id }}
      AWS_SECRET_ACCESS_KEY: {{ vault_backup.secret_access_key }}
-      BACKUP_SKIP_BACKENDS_FROM_PRUNE: s3
-
-
    volumes:
-      - gotosocial:/backup/my-app-backup:ro
+      - gotosocial:/backup/gts-app-backup:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./backup:/archive

 volumes:
  gotosocial:
--- a/roles/docker/templates/hoarder-compose.yml.j2
+++ b/roles/docker/templates/hoarder-compose.yml.j2
@@ -1,7 +1,7 @@
 version: "3.8"
 services:
  web:
-    image: ghcr.io/karakeep-app/karakeep:0.25.0
+    image: ghcr.io/karakeep-app/karakeep:latest
    restart: unless-stopped
    volumes:
      - data:/data
@@ -22,12 +22,14 @@ services:
      glance.url: https://{{ subdomains.bookmarks }}/
      glance.description: Bookmark manager
      glance.id: karakeep
+      mag37.dockcheck.update: true
  chrome:
    image: gcr.io/zenika-hub/alpine-chrome:123
    restart: unless-stopped
    labels:
      glance.name: Chrome
      glance.parent: karakeep
+      mag37.dockcheck.update: true
    command:
      - --no-sandbox
      - --disable-gpu
@@ -41,6 +43,7 @@ services:
    labels:
      glance.name: Meilisearch
      glance.parent: karakeep
+      mag37.dockcheck.update: true
    env_file:
      - .env
    environment:
--- a/roles/docker/templates/mmdl-compose.yml.j2
+++ b/roles/docker/templates/mmdl-compose.yml.j2
@@ -17,6 +17,7 @@ services:
      glance.url: https://{{ subdomains.tasks }}/
      glance.description: Task and calendar management
      glance.id: mmdl
+      mag37.dockcheck.update: true

  mmdl_db:
    image: mysql:8.0
--- a/roles/docker/templates/paperlessngx-compose.yml.j2
+++ b/roles/docker/templates/paperlessngx-compose.yml.j2
@@ -57,6 +57,26 @@ services:
      glance.name: Tika
    restart: unless-stopped

+  backup:
+    image: offen/docker-volume-backup:v2
+    restart: always
+    labels:
+      glance.parent: paperlessngx
+      glance.name: Backup
+      mag37.dockcheck.update: true
+    environment:
+      BACKUP_FILENAME: pngx-backup-%Y-%m-%dT%H-%M-%S.tar.gz
+      BACKUP_CRON_EXPRESSION: "10 9 * * *"
+      BACKUP_PRUNING_PREFIX: pngx-
+      BACKUP_RETENTION_DAYS: 7
+      AWS_S3_BUCKET_NAME: tsolbackups
+      AWS_ENDPOINT: s3.us-west-004.backblazeb2.com 
+      AWS_ACCESS_KEY_ID: {{ vault_backup.access_key_id }}
+      AWS_SECRET_ACCESS_KEY: {{ vault_backup.secret_access_key }}
+    volumes:
+      - media:/backup/pngx-app-backup:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
 volumes:
  data:
  media:
--- a/roles/docker/templates/postiz-compose.yml.j2
+++ b/roles/docker/templates/postiz-compose.yml.j2
@@ -38,6 +38,7 @@ services:
      glance.url: https://{{ subdomains.post }}/
      glance.description: Social media scheduler
      glance.id: postiz
+      mag37.dockcheck.update: true
 
  postiz-postgres:
    image: postgres:14.5
@@ -57,6 +58,7 @@ services:
    labels:
      glance.parent: postiz
      glance.name: DB
+      mag37.dockcheck.update: true
  postiz-redis:
    image: redis:7.2
    container_name: postiz-redis
@@ -71,6 +73,7 @@ services:
    labels:
      glance.parent: postiz
      glance.name: Redis
+      mag37.dockcheck.update: true
Author	SHA1	Message	Date
Phil	997cd4f944	added cronmaster	2025-09-17 23:42:02 -06:00
Phil	ace5fc1d18	feat: update service versions - Authentik v2025.8.3 and GoToSocial latest - Authentik: upgrade from v2025.6.4 to v2025.8.3 for latest security fixes and features - GoToSocial: switch from pinned v0.19.1 to latest tag for ongoing updates 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-16 16:17:01 -06:00
Phil	f088247ac0	feat: add dockcheck auto-update labels to remaining services Add mag37.dockcheck.update labels to enable automated container update monitoring for: - Gotify iOS assistant service - Karakeep (Hoarder) bookmark manager and all components (Chrome, Meilisearch) - MMDL task management service - Postiz social media scheduler and all components (PostgreSQL, Redis) This completes the rollout of dockcheck labels across all Docker services for consistent update monitoring. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-08 17:40:30 -06:00
Phil	e1b6d3132a	feat: update service versions and add backup configurations - Update Authentik to 2025.6.4 - Update Dawarich and Karakeep to latest versions - Add Paperless-NGX backup with S3 storage - Improve GoToSocial backup configuration with better naming and retention - Add dockcheck update labels for automated container monitoring 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-08 17:26:16 -06:00