From 28ea27a5271bc7fb5548f051048e976f70039d88 Mon Sep 17 00:00:00 2001
From: erebion <noreply@erebion.eu>
Date: Fri, 1 Dec 2023 23:09:29 +0100
Subject: [PATCH] disable automatic updates by Watchtower by adding some labels

---
 roles/authentik_docker/templates/authentik-db-docker.service.j2 | 1 +
 .../templates/authentik-redis-docker.service.j2                 | 1 +
 .../templates/authentik-server-docker.service.j2                | 1 +
 .../templates/authentik-worker-docker.service.j2                | 1 +
 roles/pretix_docker/templates/pretix-db.service.j2              | 2 +-
 roles/pretix_docker/templates/pretix-redis.service.j2           | 2 +-
 roles/pretix_docker/templates/pretix.service.j2                 | 2 +-
 roles/traefik_docker/templates/traefik.service.j2               | 2 +-
 8 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/authentik_docker/templates/authentik-db-docker.service.j2 b/roles/authentik_docker/templates/authentik-db-docker.service.j2
index 74d794c..e773e35 100644
--- a/roles/authentik_docker/templates/authentik-db-docker.service.j2
+++ b/roles/authentik_docker/templates/authentik-db-docker.service.j2
@@ -8,6 +8,7 @@ ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.db }}
 ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.db }} --network authentik_net \
           --env-file {{ docker_volumes_dir }}/authentik/authentik.env --expose 5432 \
           -v {{ docker_volumes_dir }}/authentik/database:/var/lib/postgresql/data \
+          --label=com.centurylinklabs.watchtower.enable=false \
           docker.io/library/postgres:{{ authentik_postgres_version }}
 ExecStop=-/usr/bin/docker stop {{ container_names.authentik.db }}
 Restart=always
diff --git a/roles/authentik_docker/templates/authentik-redis-docker.service.j2 b/roles/authentik_docker/templates/authentik-redis-docker.service.j2
index 29274a0..f0e6c5e 100644
--- a/roles/authentik_docker/templates/authentik-redis-docker.service.j2
+++ b/roles/authentik_docker/templates/authentik-redis-docker.service.j2
@@ -8,6 +8,7 @@ ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.redis }}
 ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.redis }} \
           --network authentik_net --expose 6379 \
           -v {{ docker_volumes_dir }}/authentik/redis:/data \
+          --label=com.centurylinklabs.watchtower.enable=false \
           docker.io/library/redis:alpine --save 60 1 --loglevel warning
 ExecStop=-/usr/bin/docker stop {{ container_names.authentik.redis }}
 Restart=always
diff --git a/roles/authentik_docker/templates/authentik-server-docker.service.j2 b/roles/authentik_docker/templates/authentik-server-docker.service.j2
index 83801c9..bae135d 100644
--- a/roles/authentik_docker/templates/authentik-server-docker.service.j2
+++ b/roles/authentik_docker/templates/authentik-server-docker.service.j2
@@ -15,6 +15,7 @@ ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }}
           --env-file {{ docker_volumes_dir }}/authentik/authentik.env \
           -v {{ docker_volumes_dir }}/authentik/media:/media \
           -v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
+          --label=com.centurylinklabs.watchtower.enable=false \
           ghcr.io/goauthentik/server:{{ version.authentik }} server
 ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect traefik {{ container_names.authentik.server }}"
 ExecStop=-/usr/bin/docker stop {{ container_names.authentik.server }}
diff --git a/roles/authentik_docker/templates/authentik-worker-docker.service.j2 b/roles/authentik_docker/templates/authentik-worker-docker.service.j2
index 6516eb2..432fbb0 100644
--- a/roles/authentik_docker/templates/authentik-worker-docker.service.j2
+++ b/roles/authentik_docker/templates/authentik-worker-docker.service.j2
@@ -13,6 +13,7 @@ ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.worker }}
           -v {{ docker_volumes_dir }}/authentik/media:/media \
           -v {{ docker_volumes_dir }}/authentik/certs:/certs \
           -v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
+          --label=com.centurylinklabs.watchtower.enable=false \
           ghcr.io/goauthentik/server:{{ version.authentik }} worker
 ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect nginx_net {{ container_names.authentik.worker }}"
 ExecStop=-/usr/bin/docker stop {{ container_names.authentik.worker }}
diff --git a/roles/pretix_docker/templates/pretix-db.service.j2 b/roles/pretix_docker/templates/pretix-db.service.j2
index 3a3619b..ed660c7 100644
--- a/roles/pretix_docker/templates/pretix-db.service.j2
+++ b/roles/pretix_docker/templates/pretix-db.service.j2
@@ -5,7 +5,7 @@ Requires=docker.service
 
 [Service]
 ExecStartPre=-/usr/bin/docker rm --force {{ pretix_db_container_name }}
-ExecStart=/usr/bin/docker run --name {{ pretix_db_container_name }} --network pretix --label com.centurylinklabs.watchtower.enable={WATCHTOWER_ENABLED} \
+ExecStart=/usr/bin/docker run --name {{ pretix_db_container_name }} --network pretix --label com.centurylinklabs.watchtower.enable=false \
          -v {{ docker_volumes_dir }}/pretix/postgres-db:/var/lib/postgresql/data --env-file {{ docker_volumes_dir }}/pretix/pretix-db.env postgres:15
 ExecStop=/usr/bin/docker stop {{ pretix_db_container_name }}
 Restart=always
diff --git a/roles/pretix_docker/templates/pretix-redis.service.j2 b/roles/pretix_docker/templates/pretix-redis.service.j2
index dc76406..8bcb3fc 100644
--- a/roles/pretix_docker/templates/pretix-redis.service.j2
+++ b/roles/pretix_docker/templates/pretix-redis.service.j2
@@ -5,7 +5,7 @@ Requires=docker.service
 
 [Service]
 ExecStartPre=-/usr/bin/docker rm --force {{ pretix_redis_container_name }}
-ExecStart=/usr/bin/docker run --name {{ pretix_redis_container_name }} --network pretix --label com.centurylinklabs.watchtower.enable={WATCHTOWER_ENABLED} redis
+ExecStart=/usr/bin/docker run --name {{ pretix_redis_container_name }} --network pretix --label com.centurylinklabs.watchtower.enable=false redis
 ExecStop=/usr/bin/docker stop {{ pretix_redis_container_name }}
 Restart=always
 RestartSec=15s
diff --git a/roles/pretix_docker/templates/pretix.service.j2 b/roles/pretix_docker/templates/pretix.service.j2
index 7364596..812e929 100644
--- a/roles/pretix_docker/templates/pretix.service.j2
+++ b/roles/pretix_docker/templates/pretix.service.j2
@@ -8,7 +8,7 @@ Requires=pretix-redis.service
 [Service]
 ExecStartPre=-/usr/bin/docker rm --force {{ pretix_container_name }}
 ExecStart=/usr/bin/docker run --rm --name {{ pretix_container_name }} --network pretix \
-          --label com.centurylinklabs.watchtower.enable={WATCHTOWER_ENABLED} --env-file {{ docker_volumes_dir }}/pretix/pretix.env \
+          --label com.centurylinklabs.watchtower.enable=false --env-file {{ docker_volumes_dir }}/pretix/pretix.env \
           -v {{ docker_volumes_dir }}/pretix/data:/data \
           -v {{ docker_volumes_dir }}/pretix/conf:/etc/pretix \
           pretix/standalone:stable
diff --git a/roles/traefik_docker/templates/traefik.service.j2 b/roles/traefik_docker/templates/traefik.service.j2
index 79f2785..d3c5202 100644
--- a/roles/traefik_docker/templates/traefik.service.j2
+++ b/roles/traefik_docker/templates/traefik.service.j2
@@ -8,7 +8,7 @@ ExecStartPre=-/usr/bin/docker rm --force {{ traefik_container_name }}
 ExecStart=/usr/bin/docker run --rm --name {{ traefik_container_name }} \
           -v /var/run/docker.sock:/var/run/docker.sock  -v {{ docker_volumes_dir }}/traefik/traefik.yml:/traefik.yml \
           -v {{ docker_volumes_dir }}/traefik/traefik_dynamic.yml:/traefik_dynamic.yml -v {{ docker_volumes_dir }}/traefik/letsencrypt/:/letsencrypt \
-          -p 80:80 -p 443:443 -p 8448:8448 --network traefik traefik:v2.10.5
+          -p 80:80 -p 443:443 -p 8448:8448 --network traefik --label=com.centurylinklabs.watchtower.enable=false traefik:v2.10.5
 ExecStop=/usr/bin/docker stop {{ traefik_container_name }}
 Restart=always
 RestartSec=15s