TEST: Complex docker-compose rework. Not tested yet

.gitignore

@@ -1,3 +1,2 @@
 .vscode/
 Ansible/secrets.yml
-Ansible/inventory/hosts.ini

Ansible/README.md

@@ -4,11 +4,11 @@ This Ansible setup is designed to automate the configuration and maintenance of
 
 ## Directory Structure
 
-- `inventory/`: Contains the inventory files that define the hosts and groups of hosts managed by Ansible. The `hosts.ini` file should be updated with your server details, and `example_hosts.ini` serves as a template.
+-   `inventory/`: Contains the inventory files that define the hosts and groups of hosts managed by Ansible.
-- `group_vars/`: This directory can be used to store variables that apply to specific groups of hosts defined in the inventory.
+-   `playbooks/`: Contains the Ansible playbooks for various automation tasks.
-- `*.yml` files: These are the Ansible playbooks that define the automation tasks.
+-   `secrets.yml`: This file is intended to store sensitive data like passwords and API keys. It is recommended to encrypt this file using Ansible Vault.
-- `secrets.yml`: This file is intended to store sensitive data like passwords and API keys. It is recommended to encrypt this file using Ansible Vault. An `example_secrets.yml` is provided as a template.
+-   `example_secrets.yml`: An example secrets file.
-- `vars.yml`: This file can be used to store non-sensitive variables that are used across multiple playbooks.
+-   `vars.yml`: This file can be used to store non-sensitive variables that are used across multiple playbooks.
 
 ## Getting Started
 
@@ -17,5 +17,5 @@ This Ansible setup is designed to automate the configuration and maintenance of
 3.  **Secrets:** Create a `secrets.yml` file based on the `example_secrets.yml` template and encrypt it using Ansible Vault for security.
 4.  **Run a Playbook:** You can run a playbook using the `ansible-playbook` command. For example:
     ```bash
-    ansible-playbook -i inventory/hosts.ini apt_upgrade.yml
+    ansible-playbook -i inventory/hosts.ini playbooks/apt_upgrade.yml
     ```

Ansible/example_secrets.yml

@@ -1,2 +1,7 @@
 # Copy this into secrets.yml and replate with a real values
 ansible_password: 'REPLACE_WITH_ROOT_PASSWORD'
+# Zabbix proxy parameters for connecting to Zabbix server
+zabbix_server_address: 'x.x.x.x'
+zabbix_psk_identity: '<zabbix_psk_identity'
+zabbix_proxy_hostname: '<zabbix_proxy_hostname>' # if needed, in the actual playbook it is set to the hostname of the target
+zabbix_proxy_psk: 'REPLACE_WITH_ZABBIX_PSK'

Ansible/inventory/example_hosts.ini

@@ -1,30 +0,0 @@
-[all:vars]
-ansible_user = mbuz
-ansible_ssh_private_key_file = /home/mbuz/.ssh/id_rsa
-
-[proxmox]
-proxmox-host ansible_host=x.x.x.x
-
-[docker]
-docker-apps ansible_host=x.x.x.x
-docker-cloud ansible_host=x.x.x.x
-
-#[truenas]
-#truenas ansible_host=x.x.x.x
-
-[raspberry_pi]
-raspberry-pi ansible_host=x.x.x.x
-
-[lxc]
-ansible ansible_host=x.x.x.x
-zabbix-proxy ansible_host=x.x.x.x
-pi-hole ansible_host=x.x.x.x
-
-[proxmox_backup]
-proxmox-backup ansible_host=x.x.x.x
-
-# This is a group of groups. It includes all hosts in the 'docker' and 'raspberry_pi' groups.
-[ubuntu:children]
-docker
-raspberry_pi
-lxc

Ansible/inventory/hosts.ini

@@ -0,0 +1,34 @@
+[all:vars]
+ansible_user = mbuz
+ansible_ssh_private_key_file = /home/mbuz/.ssh/id_ed25519
+
+[proxmox]
+proxmox_host ansible_host=10.0.0.1
+
+[ubuntu_servers]
+raspberry-pi ansible_host=10.0.0.5
+oracle-arm ansible_host=130.61.76.209 ansible_user=ubuntu
+
+[docker]
+docker-apps ansible_host=10.0.0.101
+docker-cloud ansible_host=10.0.0.102
+
+[filestorage]
+truenas ansible_host=10.0.0.200
+
+[lxc]
+gitea ansible_host=10.0.0.108
+zabbix-proxy ansible_host=10.0.0.110 
+pi-hole ansible_host=10.0.0.104
+ansible ansible_host=10.0.0.111
+#localhost ansible_connection=local # for testing playbooks on the control node
+
+
+[pbs]
+proxmox-backup ansible_host=10.0.0.201
+
+# This is a group of groups. It includes all Ubuntu based systems.
+[ubuntu:children]
+docker
+ubuntu_servers
+lxc

Ansible/playbooks/apt_upgrade.yml

@@ -1,14 +1,29 @@
-- name: Upgrade packages
+---
+- name: Upgrade all apt packages
   hosts: ubuntu
-  become: true
+  become: yes
-
   tasks:
-   - name: Update cache 
+    - name: Update apt cache
-     ansible.builtin.apt:
+      ansible.builtin.apt:
-      update_cache: true
+        update_cache: yes
-     register: cache_updated
+        cache_valid_time: 3600
 
-   - name: Upgrade packages if something is changed
+    - name: Upgrade all apt packages
-     ansible.builtin.apt:
+      ansible.builtin.apt:
-      upgrade: "yes"
+        upgrade: dist
-     when: cache_updated.changed
+#      environment:
+#        DEBIAN_FRONTEND: noninteractive
+
+    - name: Autoremove unused packages
+      ansible.builtin.apt:
+        autoremove: yes
+
+    - name: Check if a reboot is required
+      ansible.builtin.stat:
+        path: /var/run/reboot-required
+      register: reboot_required_file
+
+    - name: Display reboot message
+      ansible.builtin.debug:
+        msg: "A reboot is required to apply the latest updates."
+      when: reboot_required_file.stat.exists

Ansible/playbooks/zabbix_proxy_install.yml

@@ -1,5 +1,5 @@
 ---
-- name: Install and Configure Zabbix Proxy
+- name: Install and Configure Zabbix Proxy and Agent
   hosts: zabbix-proxy # Assuming you have a group for zabbix proxy in your inventory
   become: yes
   vars_files:
@@ -14,9 +14,11 @@
       ansible.builtin.apt:
         deb: /tmp/zabbix-release.deb
 
-    - name: Install Zabbix proxy
+    - name: Install Zabbix proxy and agent
       ansible.builtin.apt:
-        name: zabbix-proxy-sqlite3
+        name:
+          - zabbix-proxy-sqlite3
+          - zabbix-agent2
         state: present
         update_cache: yes
 
@@ -24,6 +26,8 @@
       ansible.builtin.copy:
         dest: /etc/zabbix/zabbix_proxy.d/custom.conf
         content: |
+          ## Managed by Ansible - do not edit manually ##
+          ## Changes will be overwritten ##
           DBName=/tmp/zabbix_proxy
           StartPollers=2
           StartPreprocessors=1
@@ -40,6 +44,8 @@
       ansible.builtin.copy:
         dest: /etc/zabbix/zabbix_proxy.d/connection.conf
         content: |
+          ## Managed by Ansible - do not edit manually ##
+          ## Changes will be overwritten ##
           Server={{ zabbix_server_address }}:10051
           Hostname={{ ansible_facts.hostname }}
           TLSPSKFile=/etc/zabbix/{{ ansible_facts.hostname }}.psk
@@ -55,18 +61,43 @@
         mode: '0600'
       notify: restart zabbix-proxy
 
+    - name: Create Zabbix agent custom configuration file
+      ansible.builtin.copy:
+        dest: /etc/zabbix/zabbix_agent2.d/custom.conf
+        content: |
+          ## Managed by Ansible - do not edit manually ##
+          ## Changes will be overwritten ##
+          Hostname={{ ansible_facts.hostname }}
+          Server={{ hostvars['zabbix-proxy']['ansible_host'] }},{{ hostvars['raspberry-pi']['ansible_host'] }}
+          ServerActive={{ hostvars['zabbix-proxy']['ansible_host'] }};{{ hostvars['raspberry-pi']['ansible_host'] }}
+      notify: restart zabbix-agent2
+
+    - name: Create Zabbix agent user parameters file
+      ansible.builtin.copy:
+        dest: /etc/zabbix/zabbix_agent2.d/userparams.conf
+        content: |
+          ## Managed by Ansible - do not edit manually ##
+          ## Changes will be overwritten ## 
+          AllowKey=system.run[*]
+      notify: restart zabbix-agent2
+
   handlers:
     - name: restart zabbix-proxy
       ansible.builtin.service:
         name: zabbix-proxy
         state: restarted
         enabled: yes
+    - name: restart zabbix-agent2
+      ansible.builtin.service:
+        name: zabbix-agent2
+        state: restarted
+        enabled: yes
 
-- name: Verify Zabbix Proxy Service
+- name: Verify Zabbix Services
   hosts: zabbix-proxy
   become: yes
   tasks:
-    - name: Check if Zabbix proxy service is running
+    - name: Check if Zabbix services are running
       ansible.builtin.service_facts:
 
     - name: Assert that Zabbix proxy is running
@@ -75,3 +106,10 @@
           - "ansible_facts.services['zabbix-proxy.service'].state == 'running'"
         fail_msg: "Zabbix proxy is not running"
         success_msg: "Zabbix proxy is running"
+
+    - name: Assert that Zabbix agent is running
+      ansible.builtin.assert:
+        that:
+          - "ansible_facts.services['zabbix-agent2.service'].state == 'running'"
+        fail_msg: "Zabbix agent 2 is not running"
+        success_msg: "Zabbix agent 2 is running"

Docker/bookstack/docker-compose.yaml

@@ -14,10 +14,13 @@ services:
     volumes:
       - ${PATH_TO_CONFIG}:/config
     ports:
-      - 6875:80
+      - "6875:80"
     restart: unless-stopped
     depends_on:
-      - bookstack_database
+      bookstack_database:
+        condition: service_healthy
+    networks:
+      - bookstack-net
 
   bookstack_database:
     image: lscr.io/linuxserver/mariadb
@@ -33,3 +36,14 @@ services:
     volumes:
       - ${PATH_TO_DB}:/config
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - bookstack-net
+
+networks:
+  bookstack-net:
+    driver: bridge

Docker/ddns-cloudflare/docker-compose.yml

@@ -3,35 +3,13 @@ services:
     image: favonia/cloudflare-ddns:latest
     container_name: cloudflare-ddns
     env_file: .env
-    # Choose the appropriate tag based on your need:
-    # - "latest" for the latest stable version (which could become 2.x.y
-    #   in the future and break things)
-    # - "1" for the latest stable version whose major version is 1
-    # - "1.x.y" to pin the specific version 1.x.y
     network_mode: host
-    # This bypasses network isolation and makes IPv6 easier (optional; see below)
     restart: always
-    # Restart the updater after reboot
     user: "1000:1000"
-    # Run the updater with specific user and group IDs (in that order).
-    # You can change the two numbers based on your need.
     read_only: true
-    # Make the container filesystem read-only (optional but recommended)
     cap_drop: [all]
-    # Drop all Linux capabilities (optional but recommended)
     security_opt: [no-new-privileges:true]
-    # Another protection to restrict superuser privileges (optional but recommended)
     environment:
       - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
-        # Your Cloudflare API token
       - DOMAINS=${DOMAINS}
-        # Your domains (separated by commas)
       - PROXIED=true
-        # Tell Cloudflare to cache webpages and hide your IP (optional)
-#networks:
-#  LAN0:
-#    external: true
-#    name: LAN0
-# Introduce custom Docker networks to the 'services' in this file. A common use case
-# for this is binding one of the 'services' to a specific network interface available at
-# Docker's host. This section is required for the 'networks' section of each 'services'.

Docker/garmin-grafana/.env.example

@@ -0,0 +1,15 @@
+# InfluxDB credentials
+INFLUXDB_PASSWORD=influxdb_secret_password
+
+# Grafana credentials
+GF_SECURITY_ADMIN_USER=admin
+GF_SECURITY_ADMIN_PASSWORD=admin
+
+# Garmin Connect credentials
+GARMINCONNECT_EMAIL=your_garmin_email@example.com
+GARMINCONNECT_PASSWORD=your_garmin_password_base64_encoded
+
+# Paths for persistent data
+GARMINCONNECT_TOKENS=./garminconnect-tokens
+PATH_TO_INFLUXDB_DATA=./influxdb_data
+PATH_TO_GRAFANA_DATA=./grafana_data

Docker/garmin-grafana/docker-compose.yml

@@ -4,49 +4,65 @@ services:
     image: thisisarpanghosh/garmin-fetch-data:latest
     container_name: garmin-fetch-data
     depends_on:
-      - influxdb
+      influxdb:
+        condition: service_healthy
     volumes:
       - ${GARMINCONNECT_TOKENS}:/home/appuser/.garminconnect # (persistant tokens storage - garminconnect-tokens folder must be owned by 1000:1000)
     environment:
       - INFLUXDB_HOST=influxdb
       - INFLUXDB_PORT=8086
       - INFLUXDB_USERNAME=influxdb_user
-      - INFLUXDB_PASSWORD=influxdb_secret_password
+      - INFLUXDB_PASSWORD=${INFLUXDB_PASSWORD}
       - INFLUXDB_DATABASE=GarminStats
       - UPDATE_INTERVAL_SECONDS=300
       - LOG_LEVEL=INFO
       - GARMINCONNECT_EMAIL=${GARMINCONNECT_EMAIL}
       - GARMINCONNECT_BASE64_PASSWORD=${GARMINCONNECT_PASSWORD} # (must be base64 encoded)
-
+    networks:
+      - garmin-grafana-net
 
   influxdb:
     restart: unless-stopped
     container_name: influxdb
     hostname: influxdb
+    image: influxdb:latest
     environment:
       - INFLUXDB_DB=GarminStats
       - INFLUXDB_USER=influxdb_user
-      - INFLUXDB_USER_PASSWORD=influxdb_secret_password
+      - INFLUXDB_USER_PASSWORD=${INFLUXDB_PASSWORD}
       - INFLUXDB_DATA_INDEX_VERSION=tsi1
     ports:
       - '8086:8086'
     volumes:
-      - influxdb_data:/var/lib/influxdb
+      - ${PATH_TO_INFLUXDB_DATA}:/var/lib/influxdb
-    image: 'influxdb:1.11'
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8086/ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - garmin-grafana-net
 
   grafana:
     restart: unless-stopped
     container_name: grafana
     hostname: grafana
+    image: grafana/grafana:latest
     environment:
-      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_USER=${GF_SECURITY_ADMIN_USER}
-      - GF_SECURITY_ADMIN_PASSWORD=admin
+      - GF_SECURITY_ADMIN_PASSWORD=${GF_SECURITY_ADMIN_PASSWORD}
     volumes:
-      - grafana_data:/var/lib/grafana
+      - ${PATH_TO_GRAFANA_DATA}:/var/lib/grafana
     ports:
       - '3000:3000'
-    image: 'grafana/grafana:latest'
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - garmin-grafana-net
 
-volumes:
+networks:
-  influxdb_data:
+  garmin-grafana-net:
-  grafana_data:
+    driver: bridge

Docker/guacamole/docker-compose.yaml

@@ -10,3 +10,14 @@ services:
       - ${PATH_TO_CONFIG}:/config
     ports:
       - 8080:8080
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - guacamole-net
+
+networks:
+  guacamole-net:
+    driver: bridge

Docker/heimdall/.env.example

@@ -0,0 +1,2 @@
+# Path to the Heimdall config folder
+PATH_TO_CONFIG=/home/mbuz/docker/heimdall/config

Docker/heimdall/docker-compose.yml

@@ -1,5 +1,3 @@
-version: "2.1"
-
 services:
   heimdall:
     image: lscr.io/linuxserver/heimdall:latest
@@ -9,8 +7,19 @@ services:
       - PGID=1000
       - TZ=Europe/Warsaw
     volumes:
-      - /home/mbuz/docker/heimdall/config:/config
+      - ${PATH_TO_CONFIG}:/config
     ports:
-      - 80:80
+      - "80:80"
-      - 443:443
+      - "443:443"
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - heimdall-net
+
+networks:
+  heimdall-net:
+    driver: bridge

Docker/homepage/docker-compose.yaml

@@ -3,10 +3,21 @@ services:
     image: ghcr.io/gethomepage/homepage:latest
     container_name: homepage
     ports:
-      - 3001:3000
+      - "3001:3000"
     volumes:
       - ${PATH_TO_CONFIG}:/app/config # Make sure your local config directory exists
       - /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integrations
     env_file:
       - .env
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - homepage-net
+
+networks:
+  homepage-net:
+    driver: bridge

Docker/immich/.env.example

@@ -1,21 +1,22 @@
 # You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
 
 # The location where your uploaded files are stored
-UPLOAD_LOCATION=${UPLOAD_LOCATION}
+UPLOAD_LOCATION=./library
-# The location where your database files are stored
+
-DB_DATA_LOCATION=${DB_DATA_LOCATION}
+# The location where your database files are stored. Network shares are not supported for the database
+DB_DATA_LOCATION=./postgres
 
 # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
 # TZ=Etc/UTC
 
 # The Immich version to use. You can pin this to a specific version like "v1.71.0"
-IMMICH_VERSION=${IMMICH_VERSION:-release}
+IMMICH_VERSION=release
 
 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
-DB_PASSWORD=${DB_PASSWORD}
+DB_PASSWORD=postgres
 
 # The values below this line do not need to be changed
 ###################################################################################
-DB_USERNAME=${DB_USERNAME}
+DB_USERNAME=postgres
-DB_DATABASE_NAME=${DB_DATABASE_NAME}
+DB_DATABASE_NAME=immich

Docker/immich/docker-compose.yaml

@@ -30,6 +30,8 @@ services:
     restart: unless-stopped
     healthcheck:
       disable: false
+    networks:
+      - immich-net
 
   immich-machine-learning:
     container_name: immich_machine_learning
@@ -46,6 +48,8 @@ services:
     restart: unless-stopped
     healthcheck:
       disable: false
+    networks:
+      - immich-net
 
   redis:
     container_name: immich_redis
@@ -53,6 +57,8 @@ services:
     healthcheck:
       test: redis-cli ping || exit 1
     restart: unless-stopped
+    networks:
+      - immich-net
 
   database:
     container_name: immich_postgres
@@ -84,6 +90,12 @@ services:
       -c shared_buffers=512MB
       -c wal_compression=on
     restart: unless-stopped
+    networks:
+      - immich-net
 
 volumes:
   model-cache:
+
+networks:
+  immich-net:
+    driver: bridge

Docker/it-tools/docker-compose.yml

@@ -5,3 +5,14 @@ services:
             - '8182:80' # change if needed
         restart: unless-stopped
         container_name: it-tools
+        healthcheck:
+          test: ["CMD", "curl", "-f", "http://localhost/"]
+          interval: 30s
+          timeout: 10s
+          retries: 3
+        networks:
+          - it-tools-net
+
+networks:
+  it-tools-net:
+    driver: bridge

Docker/mealie/docker-compose.yml

@@ -20,3 +20,14 @@ services:
       PGID: 1000
       TZ: Europe/Warsaw
       BASE_URL: ${YOUR_DOMAIN:-https://mealie.yourdomain.com}
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - mealie-net
+
+networks:
+  mealie-net:
+    driver: bridge

Docker/n8n/.env.example

@@ -0,0 +1,8 @@
+# Domain for n8n
+DOMAIN=n8n.example.com
+
+# Your timezone
+GENERIC_TIMEZONE=Europe/Warsaw
+
+# Directory where n8n will store files
+PATH_TO_FILES=/path/to/n8n/files

Docker/n8n/docker-compose.yml

@@ -0,0 +1,24 @@
+services:
+  n8n:
+    image: docker.n8n.io/n8nio/n8n
+    container_name: n8n
+    restart: unless-stopped
+    ports:
+      - 5678:5678
+    environment:
+      - N8N_HOST=${DOMAIN}
+      - N8N_PORT=5678
+      - N8N_PROTOCOL=https
+      - NODE_ENV=production
+      - WEBHOOK_URL=https://${DOMAIN}/
+      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
+    volumes:
+      - n8n_data:/home/node/.n8n
+      - ${PATH_TO_FILES}:/files
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:5678/healthz || exit 1"]
+      interval: 1m
+      timeout: 10s
+      retries: 3
+volumes:
+  n8n_data:

Docker/nextcloud/docker-compose.yml

@@ -1,31 +1,35 @@
-version: '3.3'
 services:
- nextcloud:
+  nextcloud:
     image: lscr.io/linuxserver/nextcloud:latest
     container_name: nextcloud
     env_file:
-      - stack.env
+      - .env
     environment:
       - PUID=1000
       - PGID=1000
       - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT}
       - PHP_UPLOAD_LIMIT=${PHP_UPLOAD_LIMIT}
       - TZ=${TZ}
-
     volumes:
       - ${CONFIG}:/config
       - ${DATA}:/data
     ports:
-      - 5443:443
+      - "5443:443"
     restart: unless-stopped
-    links:
-      - nextcloud-mariadb
     depends_on:
-      - nextcloud-mariadb
+      nextcloud-mariadb:
+        condition: service_healthy
+    networks:
+      - nextcloud
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/status.php"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
 
- nextcloud-mariadb:
+  nextcloud-mariadb:
     image: lscr.io/linuxserver/mariadb:latest
-    container_name: nextloud-mariadb
+    container_name: nextcloud-mariadb
     environment:
       - PUID=1000
       - PGID=1000
@@ -34,15 +38,20 @@ services:
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
       - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-
     volumes:
       - ${MARIADB}:/config
     ports:
-      - 5306:3306
+      - "5306:3306"
     restart: unless-stopped
-
+    networks:
+      - nextcloud
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
 
 networks:
-  default:
+  nextcloud:
     name: nextcloud
     driver: bridge

Docker/pgadmin/docker-compose.yaml

@@ -12,3 +12,8 @@ services:
       - ${PGADMIN_DATA}:/var/lib/pgadmin
     extra_hosts:
       - "host.docker.internal:host-gateway"
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost/misc/ping || exit 1"]
+      interval: 1m
+      timeout: 10s
+      retries: 3 

Docker/portainer/docker-compose.yaml

@@ -9,3 +9,8 @@ services:
         - ${PORTAINER_DATA}:/data
         - /var/run/docker.sock:/var/run/docker.sock
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9000/api/status"]
+      interval: 1m
+      timeout: 10s
+      retries: 3

Docker/semaphore-ui/.env.example

@@ -0,0 +1,4 @@
+SEMAPHORE_ADMIN=admin
+SEMAPHORE_ADMIN_PASSWORD=changeme
+SEMAPHORE_ADMIN_NAME=Admin
+SEMAPHORE_ADMIN_EMAIL=admin@example.com

Docker/semaphore-ui/docker-compose.yml

@@ -0,0 +1,33 @@
+services:
+  semaphore:
+    container_name: semaphore-ui
+    image: semaphoreui/semaphore:latest
+    restart: unless-stopped
+    ports:
+      - "3030:3000"
+    environment:
+      SEMAPHORE_DB_DIALECT: sqlite
+      SEMAPHORE_ADMIN: ${ADMIN_USER}
+      SEMAPHORE_ADMIN_PASSWORD: ${ADMIN_PASS}
+      SEMAPHORE_ADMIN_NAME: ${ADMIN_NAME}
+      SEMAPHORE_ADMIN_EMAIL: ${ADMIN_EMAIL}
+    volumes:
+      - semaphore-data:/var/lib/semaphore
+      - semaphore-config:/etc/semaphore
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - semaphore-net
+
+volumes:
+  semaphore-data:
+    driver: local
+  semaphore-config:
+    driver: local
+
+networks:
+  semaphore-net:
+    driver: bridge

Docker/semaphore-ui/docker-run.sh

@@ -0,0 +1,9 @@
+docker run -d \
+  --restart unless-stopped \
+  --name semaphore \
+  -p 3030:3000 \
+  --env-file .env \
+  -e SEMAPHORE_DB_DIALECT=sqlite \
+  -v semaphore-data:/var/lib/semaphore \
+  -v semaphore-config:/etc/semaphore \
+  semaphoreui/semaphore:latest

Docker/transmission/haugene-openvpn/docker-compose.yml

@@ -32,6 +32,11 @@ services:
             max-size: 10m
         ports:
           - '9091:9091'
+        healthcheck:
+          test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:9091 && ls /data || exit 1"]
+          interval: 1m
+          timeout: 10s
+          retries: 3
 
 # Not all the countries and servers are supporting p2p, so you need to choose the right server. Here's the hint:
 # https://support.nordvpn.com/hc/en-us/articles/20465085067665-NordVPN-proxy-setup-for-BitTorrent

Docker/transmission/lscr.io/docker-compose.yml

@@ -1,4 +1,3 @@
----
 services:
   transmission:
     image: lscr.io/linuxserver/transmission:latest
@@ -22,3 +21,8 @@ services:
       - 51413:51413
       - 51413:51413/udp
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:9091 || exit 1"]
+      interval: 1m
+      timeout: 10s
+      retries: 3

Docker/vaultwarden/docker-compose.yml

@@ -9,3 +9,8 @@ services:
       - ${PATH_TO_DATA}:/data
     ports:
       - 8033:80
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost/ || exit 1"]
+      interval: 1m
+      timeout: 10s
+      retries: 3

Docker/watchtower/.env.example

@@ -0,0 +1,6 @@
+# Timezone for watchtower
+TZ=Europe/Warsaw
+
+# A space-separated list of container names for Watchtower to monitor.
+# For example: WATCHTOWER_CONTAINERS="nginx-proxy-manager bookstack"
+WATCHTOWER_CONTAINERS=""

Docker/watchtower/docker-compose.yaml

@@ -0,0 +1,13 @@
+services:
+  watchtower:
+    image: containrrr/watchtower
+    container_name: watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WATCHTOWER_CLEANUP=true
+      - WATCHTOWER_INCLUDE_STOPPED=true
+      - WATCHTOWER_POLL_INTERVAL=3600
+      - TZ=${TZ}
+    command: ${WATCHTOWER_CONTAINERS}
+    restart: unless-stopped

Docker/webtop/docker-compose.yml

@@ -14,3 +14,8 @@ services:
 #      - /dev/dri:/dev/dri #optional
     shm_size: "2gb" #optional
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:3000/ || exit 1"]
+      interval: 1m
+      timeout: 10s
+      retries: 3