diun icon indicating copy to clipboard operation
diun copied to clipboard
verified publisher icon crazy-max

Container not watched, if it has a profile?

Open ChekeredList71 opened this issue 7 months ago • 2 comments

Good afternoon!

I don't really understand this behaviour, as I see it as "could be intentional", but the docs don't mention this.

In my case, I have WG in a profile, along with diun:

wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
       ...
    profiles:
      - critical
    labels:
      - "diun.enable=true"
    restart: unless-stopped

The diun instance picks up all my containers with diun.enable=true, that are not in a profile.

Wireguard isn't picked up, until I remove it from critical profile.

Is this intended behaviour?

ChekeredList71 avatar May 16 '25 16:05 ChekeredList71

Looking at the docs https://docs.docker.com/reference/compose-file/profiles/ I think it makes sense.

In my case, I have WG in a profile, along with diun:

Can you show your full compose file please? And also output of docker compose config?

crazy-max avatar Aug 04 '25 08:08 crazy-max

Looking at the docs https://docs.docker.com/reference/compose-file/profiles/ I think it makes sense.

How so? Please elaborate. From my perspective, I would expect diun to watch for updates if I added the diun.enabled=true label. Current behaviour seems like unintended to me.

Can you show your full compose file please?

I have moved to a multiple compose file setup, I don't use profiles anymore. I recreated a part of my previous config, that had profiles:

services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Budapest
      - SERVERPORT=11024 #optional
      - PEERS=peer #optional
      - PEERDNS=192.168.2.100 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS=all # so improperly disconnected peers will get removed
    volumes:
      - /opt/docker-vols/wireguard/config:/config
      - /lib/modules:/lib/modules:ro #optional
    ports:
      - 11024:51820/udp #Wireguard port
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    profiles:
      - critical
    labels:
      - "diun.enable=true"
    restart: unless-stopped

  diun:
    image: crazymax/diun:latest
    container_name: diun
    command: serve
    volumes:
      - "/opt/docker-vols/diun/data:/data"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      - "TZ=Europe/Budapest"
      - "DIUN_WATCH_WORKERS=20"
      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
      - "DIUN_WATCH_JITTER=30s"
      - "DIUN_PROVIDERS_DOCKER=true"
      - "DIUN_NOTIF_DISCORD_WEBHOOKURL=webhook"
    labels:
      - "diun.enable=true"
    restart: unless-stopped

And also output of docker compose config?

When I don't use --profile:

name: user
services:
  diun:
    command:
      - serve
    container_name: diun
    environment:
      DIUN_NOTIF_DISCORD_WEBHOOKURL: webhook
      DIUN_PROVIDERS_DOCKER: "true"
      DIUN_WATCH_JITTER: 30s
      DIUN_WATCH_SCHEDULE: 0 */6 * * *
      DIUN_WATCH_WORKERS: "20"
      TZ: Europe/Budapest
    image: crazymax/diun:latest
    labels:
      diun.enable: "true"
    networks:
      default: null
    restart: unless-stopped
    volumes:
      - type: bind
        source: /opt/docker-vols/diun/data
        target: /data
        bind:
          create_host_path: true
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
        bind:
          create_host_path: true
networks:
  default:
    name: bot_default

When I use --profile critical:

name: user
services:
  diun:
    command:
      - serve
    container_name: diun
    environment:
      DIUN_NOTIF_DISCORD_WEBHOOKURL: webhook
      DIUN_PROVIDERS_DOCKER: "true"
      DIUN_WATCH_JITTER: 30s
      DIUN_WATCH_SCHEDULE: 0 */6 * * *
      DIUN_WATCH_WORKERS: "20"
      TZ: Europe/Budapest
    image: crazymax/diun:latest
    labels:
      diun.enable: "true"
    networks:
      default: null
    restart: unless-stopped
    volumes:
      - type: bind
        source: /opt/docker-vols/diun/data
        target: /data
        bind:
          create_host_path: true
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
        bind:
          create_host_path: true
  wireguard:
    profiles:
      - critical
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    container_name: wireguard
    environment:
      ALLOWEDIPS: 0.0.0.0/0
      PEERDNS: 192.168.2.100
      PEERS: peer
      PERSISTENTKEEPALIVE_PEERS: all
      PGID: "1000"
      PUID: "1000"
      SERVERPORT: "11024"
      TZ: Europe/Budapest
    image: lscr.io/linuxserver/wireguard:latest
    labels:
      diun.enable: "true"
    networks:
      default: null
    ports:
      - mode: ingress
        target: 51820
        published: "11024"
        protocol: udp
    restart: unless-stopped
    sysctls:
      net.ipv4.conf.all.src_valid_mark: "1"
    volumes:
      - type: bind
        source: /opt/docker-vols/wireguard/config
        target: /config
        bind:
          create_host_path: true
      - type: bind
        source: /lib/modules
        target: /lib/modules
        read_only: true
        bind:
          create_host_path: true
networks:
  default:
    name: bot_default

ChekeredList71 avatar Aug 10 '25 18:08 ChekeredList71