Trez/rikku-home-assistant
4
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

merge into: Trez/rikku-home-assistant:main
Branches Tags
Trez/rikku-home-assistant:main Trez/rikku-home-assistant:renovate/docker-io-sweisgerber-snapcast-latest Trez/rikku-home-assistant:renovate/ghcr-io-home-assistant-home-assistant-stable Trez/rikku-home-assistant:patchmon-deployment_2026-05-19T07-57-01 Trez/rikku-home-assistant:snapcast-server-deployment_2026-04-27T15-07-34 Trez/rikku-home-assistant:ultima-prep_2025-11-29T08-33-53 Trez/rikku-home-assistant:homeassistant-bluetooth-caps_2025-10-11T20-36-09 Trez/rikku-home-assistant:adguard-certs-mount_2025-10-10T18-30-56 Trez/rikku-home-assistant:valkey-move-from-bitnami_2025-10-02T19-44-53 Trez/rikku-home-assistant:portainer-agent-add_2025-09-28T20-29-55 Trez/rikku-home-assistant:renovate-registry-credentials_2025-09-24T20-50-25 Trez/rikku-home-assistant:renovate-host-relocation_2025-09-24T10-02-20 Trez/rikku-home-assistant:watchtower-removal_2025-09-22T20-57-51 Trez/rikku-home-assistant:renovate/github-actions-hoverkraft-tech-compose-action Trez/rikku-home-assistant:dockflare-upsnap-deployments_ Trez/rikku-home-assistant:portracker-removal_2025-09-04T07-44-13 Trez/rikku-home-assistant:webhook-container-deployment_2025-08-29T06-46-30 Trez/rikku-home-assistant:signoz-logspout-deployment_2025-08-27T07-08-41 Trez/rikku-home-assistant:watchtower-hostname_2025-08-27T06-11-03 Trez/rikku-home-assistant:docker-proxy-portracker-deployment_2025-08-26T15-02-42 Trez/rikku-home-assistant:home-assistant-supported-redeployment_2025-08-11T07-26-08
..
pull from: Trez/rikku-home-assistant:renovate/github-actions-hoverkraft-tech-compose-action
Branches Tags
Trez/rikku-home-assistant:renovate/docker-io-sweisgerber-snapcast-latest Trez/rikku-home-assistant:renovate/ghcr-io-home-assistant-home-assistant-stable Trez/rikku-home-assistant:main Trez/rikku-home-assistant:patchmon-deployment_2026-05-19T07-57-01 Trez/rikku-home-assistant:snapcast-server-deployment_2026-04-27T15-07-34 Trez/rikku-home-assistant:ultima-prep_2025-11-29T08-33-53 Trez/rikku-home-assistant:homeassistant-bluetooth-caps_2025-10-11T20-36-09 Trez/rikku-home-assistant:adguard-certs-mount_2025-10-10T18-30-56 Trez/rikku-home-assistant:valkey-move-from-bitnami_2025-10-02T19-44-53 Trez/rikku-home-assistant:portainer-agent-add_2025-09-28T20-29-55 Trez/rikku-home-assistant:renovate-registry-credentials_2025-09-24T20-50-25 Trez/rikku-home-assistant:renovate-host-relocation_2025-09-24T10-02-20 Trez/rikku-home-assistant:watchtower-removal_2025-09-22T20-57-51 Trez/rikku-home-assistant:renovate/github-actions-hoverkraft-tech-compose-action Trez/rikku-home-assistant:dockflare-upsnap-deployments_ Trez/rikku-home-assistant:portracker-removal_2025-09-04T07-44-13 Trez/rikku-home-assistant:webhook-container-deployment_2025-08-29T06-46-30 Trez/rikku-home-assistant:signoz-logspout-deployment_2025-08-27T07-08-41 Trez/rikku-home-assistant:watchtower-hostname_2025-08-27T06-11-03 Trez/rikku-home-assistant:docker-proxy-portracker-deployment_2025-08-26T15-02-42 Trez/rikku-home-assistant:home-assistant-supported-redeployment_2025-08-11T07-26-08

1 Commits
main .. renovate/github-actions-hoverkraft-tech-compose-action

Author SHA1 Message Date
Renovate Bot c580995e4b 🔧 Renovate: Update (minor) hoverkraft-tech/compose-action action to v2.3.0 2025-09-19 18:48:53 +00:00
7 changed files with 425 additions and 596 deletions
Expand all files Collapse all files
.gitea/workflows/compose-services-readme.yml
-42
View File
@@ -1,42 +0,0 @@
name: List of Services README Generation
on:
schedule:
- cron: 30 */2 * * *
workflow_dispatch:
jobs:
readme-services:
name: Generate Services List
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
ref: 'main'
- name: Install yq
uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1
- name: Generate service list
run: |
yq 'explode(.) | .services | to_entries | map({"service": .key, "image": (.value.image | sub("@sha256:.*$"; "")), "description": (.value.labels."homepage.description" // "")})' docker-compose.yml > services.yml
- name: Generate Markdown Table
uses: gazab/create-markdown-table@6686233d7008e8d8b9d4bbdbfd1fb1ae510019f0 # v1.0.7
id: service-table
with:
file: ./services.yml
- name: Regenerate README
run: |
echo "# List of Services" > README.md
echo -e "\n\n" >> README.md
echo "${{ steps.service-table.outputs.table }}" >> README.md
- name: Add/Commit README.md
id: commit-readme
uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
with:
message: "chore: Update README"
add: "README.md"
.gitea/workflows/pr-docker-deploy.yml
+184 -138
View File
@@ -4,14 +4,15 @@ on:
workflow_dispatch:
push:
branches-ignore:
- "main"
- "renovate/**"
- 'main'
- 'renovate/**'
paths:
- "**/docker-compose.yml"
- '**/docker-compose.yml'
- '**/pr-docker-deploy.yml'
env:
HC_VAULT_VERSION: "1.21.4"
TEA_VERSION: "0.14.0"
HC_VAULT_VERSION: '1.20.0'
TEA_VERSION: '0.10.1'
jobs:
check-and-create-pr:
@@ -20,33 +21,55 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
- name: Cache tea CLI
id: cache-tea
uses: actions/cache@v4
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: PR Check @ Rikku"
notification_message: "Checking for existing PR... 🔍"
path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
- name: PR Check/Creation
uses: https://git.trez.wtf/Trez/gitea-auto-pr@main
- name: Install tea
uses: supplypike/setup-bin@v4
with:
url: ${{ secrets.TREZ_GITEA_URL }}
token: ${{ secrets.BOT_GITEA_TOKEN }}
pr-label: docker-compose,manual
assignee: ${{ github.actor }}
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
name: tea
version: ${{ env.TEA_VERSION }}
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: PR Check @ Rikku"
notification_message: "PR Check done 🎟️"
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: PR Check'
notification_message: 'Checking for existing PR... 🔍'
- name: Check if open PR exists
id: check-opened-pr-step
continue-on-error: true
run: |
tea login add --name gitea-rinoa --url "${{ secrets.RIKKU_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[HA\].*${{ github.ref_name }}' | tail -1 | wc -l)
echo "exists=$pr_exists" >> $GITHUB_OUTPUT
- name: Create PR
if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
run: |
tea login default gitea-rinoa
pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
pr_index_new=$(expr ${pr_index_old} + 1)
tea pr c -r ${{ github.repository }} -t "[HA] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose"
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: PR Check'
notification_message: 'PR Created 🎟️'
generate-service-list:
name: Generate list of added/modified/deleted services
@@ -56,19 +79,19 @@ jobs:
svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }}
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@v4
- name: Fetch base branch
run: |
git fetch origin ${{ github.event.pull_request.base.ref }}
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: Services TBD"
notification_message: "Generating list of services to deploy..."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Services TBD'
notification_message: 'Generating list of services to deploy...'
- name: Save both versions of docker-compose.yml
run: |
@@ -114,108 +137,141 @@ jobs:
needs: [generate-service-list]
runs-on: ubuntu-latest
env:
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
VAULT_ADDR: ${{ secrets.RIKKU_VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
VAULT_NAMESPACE: ""
RIKKU_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@v4
- name: Login to Gitea Container Registry
run: |
docker login -u gitea-sonarqube-bot -p ${RIKKU_REGISTRY_PASSWORD} git.trez.wtf
- name: Login to Docker Hub
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
- name: Cache Vault install
id: cache-vault
uses: actions/cache@v4
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USER }}
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
- name: Login to Private Gitea Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
- name: Install Vault (only if not cached)
if: steps.cache-vault.outputs.cache-hit != 'true'
uses: cpanato/vault-installer@main
with:
registry: git.trez.wtf
username: ${{ secrets.BOT_GITEA_USER }}
password: ${{ secrets.BOT_GITEA_PASSWORD }}
version: ${{ env.HC_VAULT_VERSION }}
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: Docker Compose Dry Run @ Rikku"
notification_message: "Starting Docker Compose dry run..."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Docker Compose Dry Run @ Rikku'
notification_message: 'Starting Docker Compose dry run...'
- name: Generate .env from Hashicorp Vault
uses: https://git.trez.wtf/Trez/hc-vault-env@main
with:
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
HC_VAULT_AUTH: token
HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
HC_VAULT_SECRETS_PATH: rikku-docker/env
- name: Pre-pull/build service images in parallel
uses: https://git.trez.wtf/Trez/docker-select-image-pull@main
env:
DOCKER_HOST: tcp://192.168.1.252:2375
with:
services: ${{ env.DOCKER_SVC_LIST }}
- name: Generate .env file for Docker Compose
run: |
vault kv get -format=json rikku-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
- name: Docker Compose Dry Run
uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0
uses: cssnr/stack-deploy-action@v1.4.0
with:
mode: compose
file: docker-compose.yml
name: "rikku"
name: 'rikku'
host: 192.168.1.252
user: pi
ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }}
ssh_key: ${{ secrets.RIKKU_SSH_PRIVATE_KEY }}
args: --remove-orphans -d --dry-run ${{ needs.generate-service-list.outputs.svc_deploy_list }}
env_file: ".env"
env_file: '.env'
registry_host: 'ghcr.io'
registry_user: TrezOne
registry_pass: ${{ secrets.GHCR_LOGIN_TOKEN }}
summary: true
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: Docker Compose Dry Run @ Rikku"
notification_message: "Docker Compose dry run completed successfully."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Docker Compose Dry Run @ Rikku'
notification_message: 'Docker Compose dry run completed successfully.'
regenerate-readme-modified-services:
name: Update README & Generate List of Modified Services
runs-on: ubuntu-latest
needs: [docker-compose-dry-run]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install yq
uses: dcarbone/install-yq-action@v1
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: README Update'
notification_message: 'Updating README...'
- name: Generate service list
run: |
yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
- name: Generate Markdown Table
uses: gazab/create-markdown-table@v1
id: service-table
with:
file: ./services.yml
- name: Regenerate README
run: |
echo "# List of Services" > README.md
echo -e "\n\n" >> README.md
echo "${{ steps.service-table.outputs.table }}" >> README.md
- name: Add/Commit README.md
id: commit-readme
uses: EndBug/add-and-commit@v9
with:
message: "chore: Update README"
add: "README.md"
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: README Update'
notification_message: 'README updated'
pr-merge:
name: PR Merge
needs:
[
generate-service-list,
docker-compose-dry-run,
regenerate-readme-modified-services,
]
needs: [generate-service-list, docker-compose-dry-run, regenerate-readme-modified-services]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@v4
- name: Cache tea CLI
id: cache-tea
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
uses: actions/cache@v4
with:
path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64
key: tea-${{ runner.os }}-${{ env.TEA_VERSION }}
- name: Install tea
uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1
uses: supplypike/setup-bin@v4
with:
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
name: tea
@@ -224,7 +280,7 @@ jobs:
- name: PR Merge
id: pr_merge
run: |
tea login add --name gitea-rinoa --url ${{ secrets.TREZ_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
tea login add --name gitea-rinoa --url ${{ secrets.RIKKU_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
tea login default gitea-rinoa
echo "Merging PR..."
pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g')
@@ -232,86 +288,76 @@ jobs:
echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: PR Merge Successful"
notification_message: "PR #${{ steps.pr_merge.outputs.pr_index }} merged."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: PR Merge Successful'
notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
docker-compose-deploy:
name: Docker Compose Deployment
runs-on: ubuntu-latest
needs: [pr-merge]
env:
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
VAULT_ADDR: ${{ secrets.RIKKU_VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
RIKKU_REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }}
DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }}
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
uses: actions/checkout@v4
with:
ref: main
- name: Login to Docker Hub
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
- name: Cache Vault install
id: cache-vault
uses: actions/cache@v4
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
- name: Login to GitHub Container Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
- name: Install Vault (only if not cached)
if: steps.cache-vault.outputs.cache-hit != 'true'
uses: cpanato/vault-installer@main
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USER }}
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
version: ${{ env.HC_VAULT_VERSION }}
- name: Login to Private Gitea Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
with:
registry: git.trez.wtf
username: ${{ secrets.BOT_GITEA_USER }}
password: ${{ secrets.BOT_GITEA_PASSWORD }}
- name: Login to Gitea Container Registry
run: |
docker login -u gitea-sonarqube-bot -p ${RIKKU_REGISTRY_PASSWORD} git.trez.wtf
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: Docker Compose Deployment @ Rikku"
notification_message: "Starting Docker Compose run..."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Docker Compose Deployment @ Rikku'
notification_message: 'Starting Docker Compose run...'
- name: Generate .env from Hashicorp Vault
uses: https://git.trez.wtf/Trez/hc-vault-env@main
with:
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
HC_VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
HC_VAULT_PASSWORD: ${{ secrets.VAULT_GITEA_PASSWORD }}
HC_VAULT_SECRETS_PATH: rikku-docker/env
- name: Generate .env file for deployment
run: |
vault kv get -format=json rikku-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
echo ${DOCKER_SVC_LIST}
- name: Docker Compose Deployment
uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0
uses: cssnr/stack-deploy-action@v1.4.0
with:
mode: compose
file: docker-compose.yml
name: "rikku"
name: 'rikku'
host: 192.168.1.252
user: pi
ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }}
ssh_key: ${{ secrets.RIKKU_SSH_PRIVATE_KEY }}
args: --remove-orphans -d ${{ needs.generate-service-list.outputs.svc_deploy_list }}
env_file: ".env"
env_file: '.env'
registry_host: 'ghcr.io'
registry_user: TrezOne
registry_pass: ${{ secrets.GHCR_LOGIN_TOKEN }}
summary: true
- name: Docker Compose Healthcheck
uses: jaracogmbh/docker-compose-health-check-action@973fbdccf7c8e396b652d3501984c8e530a9fa80 # v1.0.0
uses: jaracogmbh/docker-compose-health-check-action@v1.0.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
with:
@@ -322,9 +368,9 @@ jobs:
skip-no-healthcheck: "true"
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: Docker Compose Deployment @ Rikku"
notification_message: "Deployment completed successfully."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: Docker Compose Deployment @ Rikku'
notification_message: 'Deployment completed successfully.'
.gitea/workflows/renovate-pr-deploy.yml
+80 -107
View File
@@ -6,139 +6,94 @@ on:
types: [closed]
branches:
- main
paths:
- "**/docker-compose.yml"
env:
HC_VAULT_VERSION: "1.21.4"
VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
jobs:
deploy:
name: Renovate PR Deployment
if: |
github.event.pull_request.merged == true &&
github.event.pull_request.user.login == 'renovate-bot'
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
fetch-depth: 0
uses: actions/checkout@v4
- name: Save docker-compose.yml before merge (old)
- name: Detect Renovate update type
id: detect-update
env:
PR_BODY: ${{ github.event.pull_request.body }}
run: |
git fetch origin main
if git ls-tree -r origin/main^1 --name-only | grep -q '^docker-compose.yml$'; then
git show origin/main^1:docker-compose.yml > docker-compose-old.yml
echo "PR body: $PR_BODY"
if echo "$PR_BODY" | grep -qE 'Update\s+(patch|minor|major|digest)'; then
echo "update=true" >> $GITHUB_OUTPUT
else
echo "services: {}" > docker-compose-old.yml
echo "update=false" >> $GITHUB_OUTPUT
fi
- name: Save docker-compose.yml after merge (new)
- name: Stop if update not patch/minor/major/digest
if: steps.detect-update.outputs.update != 'true'
run: |
git show origin/main:docker-compose.yml > docker-compose-new.yml
echo "::warning::This PR does not involve patch/minor/major/digest update. Skipping deployment."
exit 0
- name: Detect services with image tag/digest changes
id: detect_services
- name: Get changed services from docker-compose.yml
id: services
run: |
set -euo pipefail
# Ensure we have main branch available
git fetch origin main
echo "Flattening docker-compose files..."
yq eval '... comments=""' docker-compose-old.yml > docker-compose-old-flat.yml
yq eval '... comments=""' docker-compose-new.yml > docker-compose-new-flat.yml
# Find the common ancestor (merge-base) between PR HEAD and main
base=$(git merge-base HEAD origin/main)
echo "Getting service names..."
yq eval '.services | keys | .[]' docker-compose-old-flat.yml | sort > services_old.txt
yq eval '.services | keys | .[]' docker-compose-new-flat.yml | sort > services_new.txt
# Get all image names added/changed in docker-compose.yml since base
images=$(git diff $base HEAD -- docker-compose.yml \
| grep -E '^\+.*image:' \
| sed -E 's/.*image:[[:space:]]*//g' \
| awk -F: '{print $1}' \
| sort -u)
echo "Checking for image changes..."
: > service_changes.txt
comm -12 services_old.txt services_new.txt | while read service; do
old_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-old-flat.yml)
new_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-new-flat.yml)
if [ "$old_image" != "$new_image" ]; then
echo "$service" >> service_changes.txt
fi
# Map images to service names using yq
services=""
for img in $images; do
svc=$(yq e ".services | with_entries(select(.value.image | startswith(\"$img\"))) | keys | .[]" docker-compose.yml)
services="$services $svc"
done
echo "Detected services with changed images:"
cat service_changes.txt || true
# Prepare multiline output for GitHub Actions
echo "docker_svc_list<<EOF" >> "$GITHUB_OUTPUT"
sort -u service_changes.txt >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
- name: Stop if no image changes
if: steps.detect_services.outputs.docker_svc_list == ''
run: |
echo "No image tag/digest changes detected. Exiting."
exit 1
- name: Login to Docker Hub
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USER }}
password: ${{ secrets.GHCR_LOGIN_TOKEN }}
- name: Login to Private Gitea Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
with:
registry: git.trez.wtf
username: ${{ secrets.BOT_GITEA_USER }}
password: ${{ secrets.BOT_GITEA_PASSWORD }}
# Deduplicate and trim
services=$(echo $services | tr ' ' '\n' | sort -u | xargs)
echo "services=$services" >> $GITHUB_OUTPUT
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rikku"
notification_message: "Starting Docker Compose run..."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa'
notification_message: 'Starting Docker Compose run...'
- name: Generate .env from Hashicorp Vault
uses: https://git.trez.wtf/Trez/hc-vault-env@main
with:
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
HC_VAULT_AUTH: token
HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
HC_VAULT_SECRETS_PATH: rikku-docker/env
- name: Pull images for modified services
if: steps.services.outputs.services != ''
run: |
services="${{ steps.services.outputs.services }}"
echo "Pulling images for services: $services"
for svc in $services; do
docker compose pull $svc || echo "Failed to pull $svc, continuing..."
done
- name: Docker Compose Deployment
uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0
uses: hoverkraft-tech/compose-action@v2.3.0
env:
DOCKER_HOST: tcp://dockerproxy:2375
with:
mode: compose
file: docker-compose.yml
name: "rikku"
host: 192.168.1.252
user: pi
ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }}
args: --remove-orphans -d ${{ steps.detect_services.outputs.docker_svc_list }}
env_file: ".env"
summary: true
services: |
${{ steps.services.outputs.services }}
up-flags: -d --remove-orphans
compose-flags: --profile rinoa-apps
- name: Docker Compose Healthcheck
uses: jaracogmbh/docker-compose-health-check-action@973fbdccf7c8e396b652d3501984c8e530a9fa80 # v1.0.0
env:
DOCKER_HOST: tcp://192.168.1.252:2375
continue-on-error: true
id: health
uses: jaracogmbh/docker-compose-health-check-action@v1.0.0
with:
max-retries: 30
retry-interval: 10
@@ -147,9 +102,27 @@ jobs:
skip-no-healthcheck: "true"
- name: Gotify Notification
uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rikku"
notification_message: "Deployment completed successfully."
gotify_api_base: '${{ secrets.RIKKU_GOTIFY_URL }}'
gotify_app_token: '${{ secrets.RIKKU_RUNNER_GOTIFY_TOKEN }}'
notification_title: 'GITEA: [RENOVATE] Docker Compose Deployment @ Rinoa'
notification_message: 'Deployment completed successfully.'
- name: Deployment Summary
if: always()
run: |
echo "### 🚀 Renovate Patch Deployment Summary" >> $GITHUB_STEP_SUMMARY
if [[ -z "${{ steps.services.outputs.services }}" ]]; then
echo "- No services changed in this patch update." >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "- Updated services: \`${{ steps.services.outputs.services }}\`" >> $GITHUB_STEP_SUMMARY
if [[ "${{ steps.health.outcome }}" == "success" ]]; then
echo "- ✅ All services passed health checks." >> $GITHUB_STEP_SUMMARY
else
echo "- ⚠️ Some services failed health checks. Check logs above for details." >> $GITHUB_STEP_SUMMARY
fi
.gitea/workflows/renovate.yml
-66
View File
@@ -1,66 +0,0 @@
name: Renovate
on:
schedule:
- cron: "0/30 * * * *"
workflow_dispatch:
env:
RENOVATE_VERSION: "42.84.2"
jobs:
renovate:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Renovate Run
env:
DOCKER_HOST: tcp://dockerproxy:2375
RENOVATE_PLATFORM: gitea
RENOVATE_ENDPOINT: https://git.trez.wtf/api/v1
RENOVATE_TOKEN: ${{ secrets.RENOVATE_BOT_TOKEN }}
LOG_LEVEL: ${{ vars.RENOVATE_LOG_LEVEL }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
RENOVATE_CONFIG_FILE: renovate.json
RENOVATE_REPOSITORIES: trez/rikku-home-assistant
RENOVATE_HOST_RULES: |
[
{
"description": "Docker Hub authentication",
"hostType": "docker",
"matchHost": "docker.io",
"username": "${{ secrets.DOCKERHUB_USER }}",
"password": "${{ secrets.DOCKERHUB_PASSWORD }}"
},
{
"description": "GitHub Container Registry (GHCR)",
"hostType": "docker",
"matchHost": "ghcr.io",
"username": "${{ secrets.GHCR_USER }}",
"password": "${{ secrets.GHCR_LOGIN_TOKEN }}"
},
{
"description": "Self-hosted Gitea Docker Registry",
"hostType": "docker",
"matchHost": "git.trez.wtf",
"username": "${{ secrets.BOT_GITEA_USER }}",
"password": "${{ secrets.BOT_GITEA_PASSWORD }}"
}
]
run: |
docker run --rm \
-e RENOVATE_PLATFORM \
-e RENOVATE_ENDPOINT \
-e RENOVATE_TOKEN \
-e LOG_LEVEL \
-e RENOVATE_GITHUB_COM_TOKEN \
-e RENOVATE_CONFIG_FILE \
-e RENOVATE_REPOSITORIES \
-e RENOVATE_HOST_RULES \
--volumes-from ${{ env.JOB_CONTAINER_NAME }} \
-w ${GITHUB_WORKSPACE} \
renovate/renovate:${{ env.RENOVATE_VERSION }}-full
README.md
+14 -20
View File
@@ -2,24 +2,18 @@
| Service | Image | Description |
| --- | --- | --- |
| adguard | adguard/adguardhome:v0.107.77 | |
| beszel-agent | henrygd/beszel-agent:0.18.7 | |
| castsponsorskip | ghcr.io/gabe565/castsponsorskip:0.8.3 | |
| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest | |
| dockflare | alplat/dockflare:stable | |
| ha-fusion | ghcr.io/matt8707/ha-fusion:2024.10.1 | |
| homeassistant | ghcr.io/home-assistant/home-assistant:stable | |
| patchmon-server | ghcr.io/patchmon/patchmon-server:latest | |
| patchmon-pg-db | postgres:17-alpine | |
| patchmon-redis | redis:7-alpine | |
| patchmon-guacd | guacamole/guacd:1.6.0 | |
| portainer-agent | portainer/agent:latest | |
| renovate | renovate/renovate:43.170.22-full | |
| renovate-valkey | docker.io/valkey/valkey:9-alpine | |
| signoz-logspout | pavanputhra/logspout-signoz:2025.07.19-887dfeb | |
| snapcast-server | docker.io/sweisgerber/snapcast:latest | |
| upsnap | ghcr.io/seriousm4x/upsnap:5 | |
| webhook | thecatlady/webhook:2.8.2 | |
| Service | Image |
| --- | --- |
| adguard | adguard/adguardhome:v0.107.65 |
| beszel-agent | henrygd/beszel-agent:0.12.7 |
| castsponsorskip | ghcr.io/gabe565/castsponsorskip:0.8.2 |
| docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
| dockflare | alplat/dockflare:stable |
| ha-fusion | ghcr.io/matt8707/ha-fusion:2024.10.1 |
| homeassistant | ghcr.io/home-assistant/home-assistant:stable |
| ollama | ollama/ollama:0.11.10 |
| signoz-logspout | pavanputhra/logspout-signoz:2025.07.19-887dfeb |
| upsnap | ghcr.io/seriousm4x/upsnap:5 |
| watchtower | ghcr.io/containrrr/watchtower:latest |
| webhook | thecatlady/webhook:2.8.1 |
docker-compose.yml
+79 -222
View File
@@ -10,26 +10,34 @@ services:
container_name: adguard
environment:
TZ: ${TZ}
image: adguard/adguardhome:v0.107.77@sha256:e6f2b8bcda06064ab055b44933a4f0e983c35558b9cdb8d2e7ab1efcee36d890
image: adguard/adguardhome:v0.107.66
network_mode: host
privileged: true
# ports:
# - "192.168.1.254:53:53/udp"
# - "192.168.1.254:53:53/tcp"
# - 3001:3000
# - "192.168.1.254:446:443/tcp"
# - 8008:80
# - "192.168.1.254:853:853/tcp"
# - 67:67
# - 688:68
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- ${RIKKU_DOCKER_DIR}/adguard/work:/opt/adguardhome/work
- ${RIKKU_DOCKER_DIR}/adguard/conf:/opt/adguardhome/conf
- /mnt/swag-certs:/opt/adguardhome/certs
beszel-agent:
container_name: beszel-agent
environment:
PORT: 45876
# Do not remove quotes around the key
KEY: "${BESZEL_RINOA_AGENT_KEY}"
KEY: '${BESZEL_RINOA_AGENT_KEY}'
TOKEN: ${BESZEL_RIKKU_TOKEN}
HUB_URL: http://192.168.1.254:22220
expose:
- 45876
image: henrygd/beszel-agent:0.18.7@sha256:8874e2c53f9de5e063a6a80d6b617e20fa593ac5dc4eb4c6ce1f912f510f38f8
image: henrygd/beszel-agent:0.12.9
network_mode: host
restart: unless-stopped
volumes:
@@ -38,8 +46,10 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro
castsponsorskip:
container_name: castsponsorskip
image: ghcr.io/gabe565/castsponsorskip:0.8.3@sha256:f556d274aab94c3140058e9f192396bc75e04d8e075769223c1edfc8c4f4daa4
image: ghcr.io/gabe565/castsponsorskip:0.8.2
environment:
# Set the container timezone
# See identifier list at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ: ${TZ}
# CSS_PAUSED_INTERVAL:
# CSS_PLAYING_INTERVAL:
@@ -51,28 +61,28 @@ services:
docker-socket-proxy:
container_name: dockerproxy
environment:
AUTH: 1
BUILD: 1
COMMIT: 1
CONFIGS: 1
AUTH: 0
BUILD: 0
COMMIT: 0
CONFIGS: 0
CONTAINERS: 1
DISTRIBUTION: 1
EVENTS: 1
EXEC: 1
GPRC: 1
DISTRIBUTION: 0
EVENTS: 0
EXEC: 0
GPRC: 0
IMAGES: 1
INFO: 1
NETWORKS: 1
NODES: 1
POST: 1
PLUGINS: 1
SERVICES: 1
SESSION: 1
SYSTEM: 1
TASKS: 1
VOLUMES: 1
NODES: 0
POST: 0
PLUGINS: 0
SERVICES: 0
SESSION: 0
SYSTEM: 0
TASKS: 0
VOLUMES: 0
LOG_LEVEL: debug
image: ghcr.io/tecnativa/docker-socket-proxy:latest@sha256:1f3a6f303320723d199d2316a3e82b2e2685d86c275d5e3deeaf182573b47476
image: ghcr.io/tecnativa/docker-socket-proxy:latest
ports:
- 2375:2375
privileged: true
@@ -101,17 +111,12 @@ services:
TUNNEL_NAME: dockflared-tunnel
TZ: ${TZ}
healthcheck:
test: [
"CMD-SHELL",
"wget -qO- --server-response http://localhost:5000/ping 2>&1 | awk
'/^ HTTP/{code=$2} /^[^{]/{next} {print; fflush()} END{exit
(code>=400 || code==0)}' >/dev/null",
]
test: ["CMD-SHELL", "wget -qO- --server-response http://localhost:5000/ping 2>&1 | awk '/^ HTTP/{code=$2} /^[^{]/{next} {print; fflush()} END{exit (code>=400 || code==0)}' >/dev/null"]
interval: 1m30s
timeout: 30s
retries: 5
start_period: 30s
image: alplat/dockflare:stable@sha256:ff2807c696b0752767716825e7b3d9f7d4f353e7ea8a323dc2b7cc174ad27ef7 # Or :unstable for the latest features
image: alplat/dockflare:stable # Or :unstable for the latest features
# labels:
# ## EXAMPLE CF TUNNEL LABELS ###
# Enable DockFlare management for this container
@@ -144,23 +149,22 @@ services:
environment:
TZ: ${TZ}
HASS_URL: http://192.168.1.252:8123
image: ghcr.io/matt8707/ha-fusion:2024.10.1@sha256:5eea4634ab2b1e7c7523943996d13318d109b293abe8e9e86c38daf5c41830cb
image: ghcr.io/matt8707/ha-fusion:2024.10.1
labels:
com.centurylinklabs.watchtower.monitor-only: true
ports:
- 5050:5050
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/ha-fusion:/app/data
homeassistant:
cap_add:
- NET_ADMIN
- NET_RAW
container_name: homeassistant
devices:
- /dev/ttyAMA0:/dev/ttyAMA0
- /dev/ttyS0:/dev/ttyS0
environment:
DISABLE_JEMALLOC: true
image: ghcr.io/home-assistant/home-assistant:stable@sha256:f0baa7922ecec7790c40c41baf08ab218b6ab8db5f96dc03b03a0ae33d987c3d
image: ghcr.io/home-assistant/home-assistant:stable
labels:
com.centurylinklabs.watchtower.monitor-only: true
network_mode: host
@@ -170,195 +174,24 @@ services:
- ${RIKKU_DOCKER_DIR}/homeassistant:/config
- /etc/localtime:/etc/localtime:ro
- /run/dbus:/run/dbus:ro
patchmon-server:
container_name: patchmon-server
depends_on:
patchmon-pg-db:
condition: service_healthy
patchmon-redis:
condition: service_healthy
patchmon-guacd:
condition: service_healthy
environment:
CORS_ORIGIN: "*"
JWT_SECRET: ${PATCHMON_JWT_SECRET}
POSTGRES_HOST: patchmon-pg-db
DATABASE_URL: postgresql://patchmon:${PATCHMON_PG_PASSWORD}@patchmon-pg-db:5432/patchmon
ENABLE_LOGGING: true
GUACD_ADDRESS: patchmon-guacd:4822
LOG_LEVEL: info
REDIS_HOST: patchmon-redis
SESSION_SECRET: ${PATCHMON_SESSION_SECRET}
AI_ENCRYPTION_KEY: ${PATCHMON_AI_ENCRYPTION_KEY}
REDIS_PORT: 6379
REDIS_PASSWORD: ${PATCHMON_REDIS_PASSWORD}
REDIS_DB: 0
TRUST_PROXY: true
TZ: ${TZ}
image: ghcr.io/patchmon/patchmon-server:latest@sha256:eaa1bcce290c7003cff01a96cfc893a64cb144e582e9b797875e6381f56b297a
ollama:
container_name: ollama
image: ollama/ollama:0.12.0
ports:
- 3000:3000
restart: unless-stopped
patchmon-pg-db:
container_name: patchmon-pg-db
image: postgres:17-alpine@sha256:979c4379dd698aba0b890599a6104e082035f98ef31d9b9291ec22f2b13059ca
restart: unless-stopped
environment:
POSTGRES_PASSWORD: ${PATCHMON_PG_PASSWORD}
POSTGRES_USER: patchmon
POSTGRES_DB: patchmon
expose:
- 5432
volumes:
- patchmon-pg-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U patchmon -d patchmon"]
interval: 3s
timeout: 5s
retries: 7
patchmon-redis:
container_name: patchmon-redis
image: redis:7-alpine@sha256:6ab0b6e7381779332f97b8ca76193e45b0756f38d4c0dcda72dbb3c32061ab99
restart: unless-stopped
environment:
TZ: ${TZ}
REDIS_PORT: 6379
REDIS_PASSWORD: ${PATCHMON_REDIS_PASSWORD}
REDIS_DB: 0
expose:
- 6379
command: redis-server --requirepass ${PATCHMON_REDIS_PASSWORD}
volumes:
- patchmon-redis-data:/data
healthcheck:
test:
[
"CMD",
"redis-cli",
"--no-auth-warning",
"-a",
"${PATCHMON_REDIS_PASSWORD}",
"ping",
]
interval: 3s
timeout: 5s
retries: 7
patchmon-guacd:
container_name: patchmon-guacd
image: guacamole/guacd:1.6.0@sha256:8974eaa9ba32f713daf311e7cc8cd7e4cdfba1edea39eed75524e78ef4b08f4f
expose:
- 4822
restart: unless-stopped
read_only: true
tmpfs:
- /tmp:size=64m
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
mem_limit: 512m
cpus: "1.0"
healthcheck:
test: ["CMD-SHELL", "nc -z localhost 4822 || exit 1"]
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
portainer-agent:
container_name: portainer_agent
image: portainer/agent:latest@sha256:236246fc09b3e7e9269aad53e57ec71f27b7e114a2b6b70d4fd98c117ccc36d8
volumes:
- /:/host
- /var/lib/docker/volumes:/var/lib/docker/volumes
- /var/run/docker.sock:/var/run/docker.sock
restart: always
ports:
- 9001:9001
renovate:
container_name: renovate
environment:
RENOVATE_CONFIG_FILE: /etc/renovate/config.js
# --- Authentication & platform ---
RENOVATE_TOKEN: "${RENOVATE_GITEA_TOKEN}" # Gitea personal access token for renovate-bot
RENOVATE_PLATFORM: "gitea"
RENOVATE_ENDPOINT: "https://git.${MY_TLD}/api/v1" # your Gitea URL
RENOVATE_USERNAME: "renovate-bot"
RENOVATE_GIT_AUTHOR: "Renovate Bot <it-services@trez.wtf>"
RENOVATE_GITHUB_COM_TOKEN: ${LIBRECHAT_GITHUB_TOKEN}
# --- Behavior ---
RENOVATE_AUTODISCOVER: "true" # discover all repos renovate-bot has access to
RENOVATE_ONBOARDING: "true" # create onboarding PR if repo not configured
RENOVATE_REQUIRE_CONFIG: "optional" # run even if no renovate config exists
RENOVATE_REDIS_URL: redis://renovate-valkey:6379
LOG_LEVEL: "info"
# --- Enable dependency dashboard ---
RENOVATE_EXTENDS: "config:base,:dependencyDashboard"
# --- Example package rules ---
RENOVATE_PRUNE_BRANCH_AFTER_AUTOMERG: false
RENOVATE_PRUNE_STALE_BRANCHES: true
# --- Scheduling ---
# Renovate will only process PRs/updates in this time window
RENOVATE_SCHEDULE: '["after 2am and before 6am"]'
OTEL_EXPORTER_OTLP_ENDPOINT: http://192.168.1.254:4318
OTEL_SERVICE_NAME: renovate
OTEL_SERVICE_NAMESPACE: renovate.${MY_TLD}
# --- Registry creds ---
DOCKER_HUB_PASS: ${RENOVATE__DOCKER_HUB_PASS}
DOCKER_HUB_USER: ${RENOVATE__DOCKER_HUB_USER}
GHCR_TOKEN: ${RENOVATE__GHCR_TOKEN}
GHCR_USER: ${RENOVATE__GHCR_USER}
GITEA_BOT_PASS: ${RENOVATE__GITEA_BOT_PASS}
GITEA_BOT_USER: ${RENOVATE__GITEA_BOT_USER}
image: renovate/renovate:43.170.22-full@sha256:934f64671c3f6535f5cce940b921a06aaaf47a347ce7de82b01b4028b223dcda
- 11434:11434
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/renovate/config.js:/etc/renovate/config.js
renovate-valkey:
container_name: renovate-valkey
healthcheck:
test: redis-cli ping || exit 1
image: docker.io/valkey/valkey:9-alpine@sha256:a35428eba9043cc0b79dbe54100f0c92784f2de00ad09b01182bfb1c5c83d1bd
environment:
ALLOW_EMPTY_PASSWORD: yes
VALKEY_DATA_DIR: /data/valkey
VALKEY_DATABASE: 0
expose:
- 6379
restart: unless-stopped
volumes:
- renovate-valkey-data:/data/valkey
- ollama:/root/.ollama
signoz-logspout:
command: signoz://192.168.1.254:8082
container_name: signoz-logspout
environment:
ENV: prod
SIGNOZ_LOG_ENDPOINT: http://192.168.1.254:8082
image: pavanputhra/logspout-signoz:2025.07.19-887dfeb@sha256:6da8ce12279a5262de8b2d5c083ce82d4c878c4eab702b4d328afe147ed7553b
image: pavanputhra/logspout-signoz:2025.07.19-887dfeb
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
snapcast-server:
image: docker.io/sweisgerber/snapcast:latest@sha256:8859aaf7949781d47787fa048a3c85c7b3ea97aad4270d6f4ae2ff8b341db22c
hostname: snapcast-server
container_name: snapcast-server
environment:
TZ: ${TZ}
restart: "unless-stopped"
ports:
- 1704:1704
- 1705:1705
- 1780:1780
- 4953:4953
# devices:
# - /dev/snd:/dev/snd # optional, only if you want to use snapclient
volumes:
- ${RIKKU_DOCKER_DIR}/snapcast/config/:/config/
- ${RIKKU_DOCKER_DIR}/snapcast/data/:/data/
upsnap:
container_name: upsnap
dns:
@@ -366,11 +199,11 @@ services:
entrypoint: /bin/sh -c "./upsnap serve --http 0.0.0.0:5000"
environment:
TZ: ${TZ} # Set container timezone for cron schedules
UPSNAP_INTERVAL: "*/10 * * * * *" # Sets the interval in which the devices are pinged
UPSNAP_INTERVAL: '*/10 * * * * *' # Sets the interval in which the devices are pinged
UPSNAP_SCAN_RANGE: 192.168.1.0/24 # Scan range is used for device discovery on local network
UPSNAP_SCAN_TIMEOUT: 500ms # Scan timeout is nmap's --host-timeout value to wait for devices (https://nmap.org/book/man-performance.html)
UPSNAP_PING_PRIVILEGED: true # Set to false if you don't have root user permissions
UPSNAP_WEBSITE_TITLE: "UpSnap @ Rikku" # Custom website title
UPSNAP_WEBSITE_TITLE: 'UpSnap @ Rikku' # Custom website title
# # To use a non-root user, create the mountpoint first (mkdir data) so that it has the right permission.
# # dns is used for name resolution during network scan
# # or install custom packages for shutdown
@@ -378,15 +211,43 @@ services:
healthcheck:
test: curl -fs "http://localhost:5000/api/health" || exit 1
interval: 10s
image: ghcr.io/seriousm4x/upsnap:5@sha256:a73c9db5a987289da68dc602e68fc0307c9ee57c563f53004d09ae3e3cf45a0a # images are also available on docker hub: seriousm4x/upsnap:5
image: ghcr.io/seriousm4x/upsnap:5 # images are also available on docker hub: seriousm4x/upsnap:5
network_mode: host
privileged: true
restart: unless-stopped
volumes:
- ${RIKKU_DOCKER_DIR}/upsnap:/app/pb_data
watchtower:
container_name: watchtower
environment:
REPO_PASS:
REPO_USER:
TZ: ${TZ}
WATCHTOWER_CLEANUP: true
WATCHTOWER_INCLUDE_STOPPED: false
WATCHTOWER_MONITOR_ONLY: false
WATCHTOWER_NOTIFICATIONS: gotify
WATCHTOWER_NOTIFICATIONS_LEVEL: info
WATCHTOWER_NOTIFICATION_TEMPLATE: '{{range .}}{{.Message}}{{println}}{{end}}'
WATCHTOWER_NOTIFICATION_URL:
WATCHTOWER_SCHEDULE: 0 0 4 * * *
WATCHTOWER_TIMEOUT: 30s
WATCHTOWER_HTTP_API_METRICS: true
WATCHTOWER_HTTP_API_TOKEN: ${WATCHTOWER_HTTP_API_TOKEN}
WATCHTOWER_NOTIFICATION_GOTIFY_URL: ${WATCHTOWER_NOTIFICATION_GOTIFY_URL}
WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN: ${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN}
WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY: true
expose:
- 8080
hostname: Rikku
image: ghcr.io/containrrr/watchtower:latest
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
webhook:
command: "-verbose -hooks=/etc/webhook/hooks.json -hotreload"
image: thecatlady/webhook:2.8.2@sha256:0507d6c27d87837bcdee5078d63f54e50d9073ae879618233858e3da68d4b0cc
command: '-verbose -hooks=/etc/webhook/hooks.json -hotreload'
image: thecatlady/webhook:2.8.1
container_name: webhook
ports:
- 9000:9000
@@ -397,9 +258,5 @@ services:
volumes:
dockflare_data:
name: dockflare_data
patchmon-pg-data:
name: patchmon-pg-data
patchmon-redis-data:
name: patchmon-redis-data
renovate-valkey-data:
name: renovate-valkey-data
ollama:
name: ollama
renovate.json
+68 -1
View File
@@ -1,4 +1,71 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["local>trez/renovate-config"]
"extends": ["config:recommended"],
"prHourlyLimit": 2,
"prConcurrentLimit": 5,
"dependencyDashboard": true,
"dependencyDashboardApproval": true,
"dependencyDashboardHeader": "### 🔧 Renovate Dashboard\n\n- ✅ Patch updates will be created and auto-merged automatically.\n- 📝 Minor and Major updates will appear here first. Approve them to generate PRs.\n- 🏷️ Labels `update:patch`, `update:minor`, and `update:major` mark update types.\n",
"labels": ["dependencies", "renovate"],
"schedule": ["before 6am on monday"],
"semanticCommits": "enabled",
"commitMessagePrefix": "🔧 Renovate:",
"branchNameStrict": true,
"branchPrefix": "renovate/",
"branchTopic": "{{manager}}/{{depName}}",
"commitMessageAction": "Update ({{updateType}})",
"commitMessageTopic": "{{manager}}/{{depName}} to {{newVersion}}",
"prBodyNotes": [
"### ⚡ Renovate Update Info",
"- **Update Type:** {{updateType}}",
"- **Automerge:** {{#if isAutomerge}}✅ This update will be auto-merged once all checks pass{{else}}🛑 This update requires manual approval{{/if}}"
],
"packageRules": [
{
"matchPackageNames": [
"adguard/adguardhome",
"henrygd/beszel-agent",
"ghcr.io/gabe565/castsponsorskip",
"ollama/ollama",
"thecatlady/webhook"
],
"versioning": "semver"
},
{
"matchPackageNames": [
"ghcr.io/tecnativa/docker-socket-proxy",
"ghcr.io/matt8707/ha-fusion",
"ghcr.io/home-assistant/home-assistant",
"pavanputhra/logspout-signoz"
],
"versioning": "docker"
},
{
"matchUpdateTypes": ["patch"],
"schedule": ["every weekday"],
"automerge": true,
"labels": ["dependencies", "renovate", "update:patch"]
},
{
"matchUpdateTypes": ["minor"],
"automerge": false,
"dependencyDashboardApproval": true,
"labels": ["dependencies", "renovate", "update:minor"]
},
{
"matchUpdateTypes": ["major"],
"automerge": false,
"dependencyDashboardApproval": true,
"labels": ["dependencies", "renovate", "update:major"]
},
{
"matchManagers": ["github-actions"],
"matchPackageNames": [
"actions/checkout",
"supplypike/setup-bin"
],
"allowedVersions": "^4.0.0",
"groupName": "github-actions (pinned to v4)"
}
]
}