auto-update Ghost/Caddy/MySQL on reboot via @reboot cron + pull_policy

evios · claude · evios · commit 83120ac64ec0 · 2026-03-31T19:17:34.000+03:00
On boot: Docker restarts containers instantly (old images), then 30s
later cron pulls latest images and recreates only changed containers.
Data volumes are untouched.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/infra/ghost/deploy-ghost.sh b/infra/ghost/deploy-ghost.sh
@@ -21,6 +21,7 @@
 #      - Prompt for your FQDN
 #      - Generate random DB credentials in /opt/ghost/.env
 #      - Start Ghost + MySQL + Caddy (auto SSL) at /opt/ghost/
+#      - Enable auto-update on boot (pulls latest images via systemd)
 #
 #   4. Open https://<your-fqdn>/ghost to create admin account
 #
@@ -97,6 +98,17 @@ if [ "$SCRIPT_DIR" != "$GHOST_DIR" ]; then
   cp "$SCRIPT_DIR/docker-compose.yml" "$GHOST_DIR/docker-compose.yml"
 fi
 
+# Auto-update on boot:
+# 1. Docker restart:always brings containers up instantly (old images)
+# 2. 30s later this cron pulls latest ghost:6/mysql:9/caddy:2 images
+# 3. docker compose up -d recreates only containers whose image changed
+# Data volumes are untouched — only container binaries update
+CRON_JOB="@reboot sleep 30 && cd $GHOST_DIR && /usr/bin/docker compose pull --quiet && /usr/bin/docker compose up -d"
+if ! crontab -l 2>/dev/null | grep -qF "ghost"; then
+  (crontab -l 2>/dev/null; echo "$CRON_JOB") | crontab -
+  echo "Added @reboot cron job (auto-pulls latest images on boot)"
+fi
+
 # Start
 cd "$GHOST_DIR"
 docker compose up -d
diff --git a/infra/ghost/docker-compose.yml b/infra/ghost/docker-compose.yml
@@ -2,6 +2,7 @@ services:
   # Reverse proxy — terminates SSL via Let's Encrypt, forwards to Ghost
   caddy:
     image: caddy:2
+    pull_policy: always
     container_name: caddy
     restart: always
     ports:
@@ -17,6 +18,7 @@ services:
   # Blog engine — internal only, not exposed to the internet
   ghost:
     image: ghost:6
+    pull_policy: always
     container_name: ghost
     restart: always
     expose:
@@ -37,6 +39,7 @@ services:
   # Database — persistent storage for all Ghost content
   ghost-db:
     image: mysql:9
+    pull_policy: always
     container_name: ghost-db
     restart: always
     environment:
