feat: add dockcheck auto-update labels to remaining services

Add mag37.dockcheck.update labels to enable automated container update monitoring for: - Gotify iOS assistant service - Karakeep (Hoarder) bookmark manager and all components (Chrome, Meilisearch) - MMDL task management service - Postiz social media scheduler and all components (PostgreSQL, Redis) This completes the rollout of dockcheck labels across all Docker services for consistent update monitoring. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
feat: update service versions and add backup configurations
2025-09-08 17:40:30 -06:00 · 2025-09-08 17:26:16 -06:00 · 2025-07-28 08:47:28 -06:00 · 2025-07-28 07:21:45 -06:00
18 changed files with 177 additions and 17 deletions
--- a/dns.yml
+++ b/dns.yml
@@ -53,6 +53,10 @@
            ip: "152.53.36.98"
          - name: pdg
            ip: "152.53.36.98"
+          - name: kanboard
+            ip: "152.53.36.98"
+          - name: grocy
+            ip: "152.53.36.98"
      - name: nerder.land
        dns_records:
          - name: "forms"
--- a/group_vars/all/domains.yml
+++ b/group_vars/all/domains.yml
@@ -32,6 +32,8 @@ subdomains:
  bytestash: "snippets.{{ primary_domain }}"  # ByteStash code snippets
  gotify: "gotify.{{ primary_domain }}"  # Gotify notifications
  gotify_assistant: "gotify-assistant.{{ primary_domain }}"  # iGotify iOS assistant
+  kanboard: "kanboard.{{ primary_domain }}"  # Kanboard project management
+  grocy: "grocy.{{ primary_domain }}"  # Grocy kitchen ERP

 # Email domains for notifications
 email_domains:
--- a/roles/docker/files/Caddyfile
+++ b/roles/docker/files/Caddyfile
@@ -40,6 +40,30 @@ tasks.thesatelliteoflove.com {
    reverse_proxy mmdl:3000
 }

+kanboard.thesatelliteoflove.com {
+    reverse_proxy kanboard:80
+}
+
+grocy.thesatelliteoflove.com {
+    # API endpoints bypass forward auth for mobile apps
+    handle /api/* {
+        reverse_proxy grocy:80
+    }
+    
+    # Web interface requires Authentik authentication
+    forward_auth authentik-server-1:9000 {
+        uri /outpost.goauthentik.io/auth/caddy
+        copy_headers {
+            X-authentik-username
+            X-authentik-groups  
+            X-authentik-email
+            X-authentik-name
+            X-authentik-uid
+        }
+    }
+    reverse_proxy grocy:80
+}
+
 phlog.thesatelliteoflove.com {
    reverse_proxy ghost-1-ghost-1:2368
 }
--- a/roles/docker/tasks/productivity/grocy.yml
+++ b/roles/docker/tasks/productivity/grocy.yml
@@ -0,0 +1,18 @@
+---
+- name: Create grocy directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/stacks/grocy
+
+- name: Template grocy compose file
+  ansible.builtin.template:
+    src: grocy-compose.yml.j2
+    dest: /opt/stacks/grocy/compose.yml
+
+- name: Deploy grocy stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/grocy
+    files:
+      - compose.yml
--- a/roles/docker/tasks/productivity/kanboard.yml
+++ b/roles/docker/tasks/productivity/kanboard.yml
@@ -0,0 +1,18 @@
+---
+- name: Create kanboard directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+  loop:
+    - /opt/stacks/kanboard
+
+- name: Template kanboard compose file
+  ansible.builtin.template:
+    src: kanboard-compose.yml.j2
+    dest: /opt/stacks/kanboard/compose.yml
+
+- name: Deploy kanboard stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/kanboard
+    files:
+      - compose.yml
--- a/roles/docker/tasks/productivity/main.yml
+++ b/roles/docker/tasks/productivity/main.yml
@@ -31,4 +31,12 @@

 - name: Install obsidian-livesync
  import_tasks: obsidian-livesync.yml
-  tags: obsidian-livesync
+  tags: obsidian-livesync
+
+- name: Install kanboard
+  import_tasks: kanboard.yml
+  tags: kanboard
+
+- name: Install grocy
+  import_tasks: grocy.yml
+  tags: grocy
--- a/roles/docker/templates/appriseapi-compose.yml.j2
+++ b/roles/docker/templates/appriseapi-compose.yml.j2
@@ -19,7 +19,7 @@ services:
      glance.url: https://{{ subdomains.appriseapi }}/
      glance.description: Apprise api server
      glance.id: apprise
-    
+      mag37.dockcheck.update: true
 volumes:
  config:
  attach:
--- a/roles/docker/templates/authentik-compose.yml.j2
+++ b/roles/docker/templates/authentik-compose.yml.j2
@@ -37,7 +37,7 @@ services:
      glance.parent: authentik
      glance.name: Redis
  server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.4}
    restart: unless-stopped
    command: server
    environment:
@@ -64,7 +64,7 @@ services:
      glance.description: Authentication server
      glance.id: authentik
  worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.4}
    restart: unless-stopped
    command: worker
    environment:
--- a/roles/docker/templates/baikal-compose.yml.j2
+++ b/roles/docker/templates/baikal-compose.yml.j2
@@ -10,7 +10,7 @@ services:
      glance.icon: si:protoncalendar
      glance.url: https://{{ subdomains.cal }}/
      glance.description: CalDav server
-
+      mag37.dockcheck.update: true
 volumes:
  config:
  data:
--- a/roles/docker/templates/dawarich-compose.yml.j2
+++ b/roles/docker/templates/dawarich-compose.yml.j2
@@ -36,7 +36,7 @@ services:
      timeout: 10s

  dawarich_app:
-    image: freikin/dawarich:0.28.1
+    image: freikin/dawarich:latest
    container_name: dawarich_app
    labels:
      glance.name: Dawarich
@@ -95,7 +95,7 @@ services:
          cpus: '0.50'
          memory: '2G'
  dawarich_sidekiq:
-    image: freikin/dawarich:0.28.1
+    image: freikin/dawarich:latest
    container_name: dawarich_sidekiq
    labels:
      glance.parent: dawarich
--- a/roles/docker/templates/gotify-compose.yml.j2
+++ b/roles/docker/templates/gotify-compose.yml.j2
@@ -32,6 +32,7 @@ services:
      glance.icon: si:apple
      glance.url: "https://{{ subdomains.gotify_assistant }}/"
      glance.description: iOS notification assistant
+      mag37.dockcheck.update: true
    extra_hosts:
      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
      - "{{ subdomains.gotify }}:{{ docker.hairpin_ip }}"
--- a/roles/docker/templates/gotosocial-compose.yml.j2
+++ b/roles/docker/templates/gotosocial-compose.yml.j2
@@ -44,23 +44,19 @@ services:
    labels:
      glance.parent: gotosocial
      glance.name: Backup
+      mag37.dockcheck.update: true
    environment:
-      BACKUP_FILENAME: backup-gts-%Y-%m-%dT%H-%M-%S.tar.gz
-      BACKUP_LATEST_SYMLINK: backup-latest.tar.gz
+      BACKUP_FILENAME: gts-backup-%Y-%m-%dT%H-%M-%S.tar.gz
      BACKUP_CRON_EXPRESSION: "0 9 * * *"
-      BACKUP_PRUNING_PREFIX: backup-
-      BACKUP_RETENTION_DAYS: 1
+      BACKUP_PRUNING_PREFIX: gts-
+      BACKUP_RETENTION_DAYS: 7
      AWS_S3_BUCKET_NAME: tsolbackups
      AWS_ENDPOINT: s3.us-west-004.backblazeb2.com 
      AWS_ACCESS_KEY_ID: {{ vault_backup.access_key_id }}
      AWS_SECRET_ACCESS_KEY: {{ vault_backup.secret_access_key }}
-      BACKUP_SKIP_BACKENDS_FROM_PRUNE: s3
-
-
    volumes:
-      - gotosocial:/backup/my-app-backup:ro
+      - gotosocial:/backup/gts-app-backup:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./backup:/archive

 volumes:
  gotosocial:
--- a/roles/docker/templates/grocy-compose.yml.j2
+++ b/roles/docker/templates/grocy-compose.yml.j2
@@ -0,0 +1,30 @@
+services:
+  grocy:
+    image: lscr.io/linuxserver/grocy:latest
+    container_name: grocy
+    restart: unless-stopped
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Denver
+    volumes:
+      - ./config:/config
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
+    labels:
+      glance.name: Grocy
+      glance.icon: si:grocyapp
+      glance.url: https://{{ subdomains.grocy }}/
+      glance.description: Kitchen ERP and inventory management
+      glance.id: grocy
+      mag37.dockcheck.update: true
+
+volumes:
+  grocy_config:
+    driver: local
+
+networks:
+  default:
+    external: true
+    name: {{ docker.network_name }}
--- a/roles/docker/templates/hoarder-compose.yml.j2
+++ b/roles/docker/templates/hoarder-compose.yml.j2
@@ -1,7 +1,7 @@
 version: "3.8"
 services:
  web:
-    image: ghcr.io/karakeep-app/karakeep:0.25.0
+    image: ghcr.io/karakeep-app/karakeep:latest
    restart: unless-stopped
    volumes:
      - data:/data
@@ -22,12 +22,14 @@ services:
      glance.url: https://{{ subdomains.bookmarks }}/
      glance.description: Bookmark manager
      glance.id: karakeep
+      mag37.dockcheck.update: true
  chrome:
    image: gcr.io/zenika-hub/alpine-chrome:123
    restart: unless-stopped
    labels:
      glance.name: Chrome
      glance.parent: karakeep
+      mag37.dockcheck.update: true
    command:
      - --no-sandbox
      - --disable-gpu
@@ -41,6 +43,7 @@ services:
    labels:
      glance.name: Meilisearch
      glance.parent: karakeep
+      mag37.dockcheck.update: true
    env_file:
      - .env
    environment:
--- a/roles/docker/templates/kanboard-compose.yml.j2
+++ b/roles/docker/templates/kanboard-compose.yml.j2
@@ -0,0 +1,32 @@
+services:
+  kanboard:
+    image: kanboard/kanboard:latest
+    container_name: kanboard
+    restart: unless-stopped
+    environment:
+      - PLUGIN_INSTALLER=true
+      - DB_DRIVER=sqlite
+    volumes:
+      - kanboard_data:/var/www/app/data
+      - kanboard_plugins:/var/www/app/plugins
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
+    labels:
+      glance.name: Kanboard
+      glance.icon: si:kanboard
+      glance.url: https://{{ subdomains.kanboard }}/
+      glance.description: Project management and Kanban boards
+      glance.id: kanboard
+      mag37.dockcheck.update: true
+
+volumes:
+  kanboard_data:
+    driver: local
+  kanboard_plugins:
+    driver: local
+
+networks:
+  default:
+    external: true
+    name: {{ docker.network_name }}
--- a/roles/docker/templates/mmdl-compose.yml.j2
+++ b/roles/docker/templates/mmdl-compose.yml.j2
@@ -17,6 +17,7 @@ services:
      glance.url: https://{{ subdomains.tasks }}/
      glance.description: Task and calendar management
      glance.id: mmdl
+      mag37.dockcheck.update: true

  mmdl_db:
    image: mysql:8.0
--- a/roles/docker/templates/paperlessngx-compose.yml.j2
+++ b/roles/docker/templates/paperlessngx-compose.yml.j2
@@ -57,6 +57,26 @@ services:
      glance.name: Tika
    restart: unless-stopped

+  backup:
+    image: offen/docker-volume-backup:v2
+    restart: always
+    labels:
+      glance.parent: paperlessngx
+      glance.name: Backup
+      mag37.dockcheck.update: true
+    environment:
+      BACKUP_FILENAME: pngx-backup-%Y-%m-%dT%H-%M-%S.tar.gz
+      BACKUP_CRON_EXPRESSION: "10 9 * * *"
+      BACKUP_PRUNING_PREFIX: pngx-
+      BACKUP_RETENTION_DAYS: 7
+      AWS_S3_BUCKET_NAME: tsolbackups
+      AWS_ENDPOINT: s3.us-west-004.backblazeb2.com 
+      AWS_ACCESS_KEY_ID: {{ vault_backup.access_key_id }}
+      AWS_SECRET_ACCESS_KEY: {{ vault_backup.secret_access_key }}
+    volumes:
+      - media:/backup/pngx-app-backup:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
 volumes:
  data:
  media:
--- a/roles/docker/templates/postiz-compose.yml.j2
+++ b/roles/docker/templates/postiz-compose.yml.j2
@@ -38,6 +38,7 @@ services:
      glance.url: https://{{ subdomains.post }}/
      glance.description: Social media scheduler
      glance.id: postiz
+      mag37.dockcheck.update: true
 
  postiz-postgres:
    image: postgres:14.5
@@ -57,6 +58,7 @@ services:
    labels:
      glance.parent: postiz
      glance.name: DB
+      mag37.dockcheck.update: true
  postiz-redis:
    image: redis:7.2
    container_name: postiz-redis
@@ -71,6 +73,7 @@ services:
    labels:
      glance.parent: postiz
      glance.name: Redis
+      mag37.dockcheck.update: true
Author	SHA1	Message	Date
Phil	f088247ac0	feat: add dockcheck auto-update labels to remaining services Add mag37.dockcheck.update labels to enable automated container update monitoring for: - Gotify iOS assistant service - Karakeep (Hoarder) bookmark manager and all components (Chrome, Meilisearch) - MMDL task management service - Postiz social media scheduler and all components (PostgreSQL, Redis) This completes the rollout of dockcheck labels across all Docker services for consistent update monitoring. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-08 17:40:30 -06:00
Phil	e1b6d3132a	feat: update service versions and add backup configurations - Update Authentik to 2025.6.4 - Update Dawarich and Karakeep to latest versions - Add Paperless-NGX backup with S3 storage - Improve GoToSocial backup configuration with better naming and retention - Add dockcheck update labels for automated container monitoring 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-08 17:26:16 -06:00
Phil	f71ded1a01	feat: add Grocy kitchen ERP service - Add grocy subdomain to domains.yml - Create Docker Compose template using LinuxServer image - Add Ansible task for service deployment - Configure Caddy reverse proxy with Authentik auth and API bypass - Add DNS record for grocy subdomain - Integrate with productivity services category 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-28 08:47:28 -06:00
Phil	a2ae9e5ff6	feat: add Kanboard project management service - Add kanboard subdomain to domains.yml - Create Docker Compose template with SQLite backend and plugin store enabled - Add Ansible task for service deployment - Configure Caddy reverse proxy routing - Integrate with productivity services category 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-07-28 07:21:45 -06:00