diff --git a/README.md b/README.md index 285d646..1111340 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,7 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose | ☁️ **NextCloud** | A suite of client-server software for creating and using file hosting services. | [Details](services/nextcloud) | | 🤖 **Open WebUI** | A self-hosted AI platform with a ChatGPT-style interface for local and cloud-based models. | [Details](services/open-webui) | | 🔗 **Pingvin Share** | **PROJECT ARCHIVED** A self-hosted file sharing platform. | [Details](services/pingvin-share) | +| 📅 **Radicale** | A lightweight CalDAV and CardDAV server for self-hosted calendar, to-do, and contact sync. | [Details](services/radicale) | | 🔄 **Resilio Sync** | A fast, reliable, and simple file sync and share solution. | [Details](services/resilio-sync) | | 🗂️ **Stirling-PDF** | A web application for managing and editing PDF files. | [Details](services/stirlingpdf) | | 📄 **BentoPDF** | A lightweight, self-hosted web app for viewing and managing PDF documents. | [Details](services/bentopdf) | @@ -172,6 +173,7 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose | 🖥️ **Changedetection.io** | A tool for monitoring website changes. | [Details](services/changedetection) | | 🛠️ **Coder** | Self-hosted cloud dev environments with browser IDEs, Terraform-managed workspaces. | [Details](services/coder) | | 🔧 **Cyberchef** | A web app for encryption, encoding, compression, and data analysis. | [Details](services/cyberchef) | +| 🐳 **Dockge** | A fancy, easy-to-use and reactive self-hosted Docker Compose stack manager. | [Details](services/dockge) | | 🐳 **Dockhand** | A modern, lightweight Docker management UI for containers and Compose stacks. | [Details](services/dockhand) | | 🖥️ **Dozzle** | A real-time log viewer for Docker containers. | [Details](services/dozzle) | | 🔁 **FossFLOW** | A self-hosted tool to make beautiful isometric infrastructure diagrams. | [Details](services/fossflow) | @@ -282,6 +284,13 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod michaelhodges + + + lcs-crr +
+ lcs-crr + + adamsthws @@ -289,6 +298,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod adamsthws + + theryukverse @@ -296,8 +307,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod theryukverse - - KhaaL @@ -333,6 +342,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod mikkotor + + NI-R0 @@ -340,8 +351,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod NI-R0 - - RychidM @@ -377,6 +386,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod pjv + + wedge22 @@ -384,8 +395,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod wedge22 - - Jacob-JA-Shanks @@ -421,6 +430,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod cdkooistra + + Aurorainic @@ -428,8 +439,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod Aurorainic - - ironicbadger diff --git a/services/dockge/.env b/services/dockge/.env new file mode 100644 index 0000000..8d43316 --- /dev/null +++ b/services/dockge/.env @@ -0,0 +1,18 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=dockge +IMAGE_URL=louislam/dockge:1 +STACKS_DIR=... # Directory on host to store stack files. Must be bind mounted to the same path in compose.yaml. + +# Network Configuration +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY=... # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Optional Service variables +# PUID=1000 diff --git a/services/dockge/README.md b/services/dockge/README.md new file mode 100644 index 0000000..53f4305 --- /dev/null +++ b/services/dockge/README.md @@ -0,0 +1,24 @@ +# Dockge with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Dockge](https://github.com/louislam/dockge) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. + +## Dockge + +[Dockge](https://github.com/louislam/dockge) is fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager. + +## Key Features + +- Manage your compose.yaml files +- Create/Edit/Start/Stop/Restart/Delete +- Update Docker Images +- Interactive Editor for compose.yaml +- Interactive Web Terminal +- Convert docker run ... commands into compose.yaml +- File based structure - Dockge won't kidnap your compose files, they are stored on your drive as usual. You can interact with them using normal docker compose commands +- Reactive - Everything is just responsive. Progress (Pull/Up/Down) and terminal output are in real-time +- Easy-to-use & fancy UI - If you love Uptime Kuma's UI/UX, you will love this one too + +## Configuration Overview + +In this setup, the `tailscale-dockge` service runs Tailscale, which manages secure networking for Dockge. The `dockge` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. + diff --git a/services/dockge/compose.yaml b/services/dockge/compose.yaml new file mode 100644 index 0000000..c7f971b --- /dev/null +++ b/services/dockge/compose.yaml @@ -0,0 +1,82 @@ +name: dockge +services: + application: + container_name: app-dockge + depends_on: + tailscale: + condition: service_healthy + required: true + environment: + DOCKGE_STACKS_DIR: '...' + image: louislam/dockge:1 + network_mode: service:tailscale + restart: always + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/data + target: /app/data + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/... + target: '...' + bind: {} + tailscale: + cap_add: + - net_admin + configs: + - source: ts-serve + target: /config/serve.json + container_name: tailscale-dockge + devices: + - source: /dev/net/tun + target: /dev/net/tun + permissions: rwm + environment: + TS_AUTH_ONCE: "true" + TS_AUTHKEY: '# Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.' + TS_ENABLE_HEALTH_CHECK: "true" + TS_LOCAL_ADDR_PORT: 127.0.0.1:41234 + TS_SERVE_CONFIG: /config/serve.json + TS_STATE_DIR: /var/lib/tailscale + TS_USERSPACE: "false" + hostname: dockge + healthcheck: + test: + - CMD + - wget + - --spider + - -q + - http://127.0.0.1:41234/healthz + timeout: 10s + interval: 1m0s + retries: 3 + start_period: 10s + image: tailscale/tailscale:latest + networks: + default: null + restart: always + volumes: + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/config + target: /config + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/ts/state + target: /var/lib/tailscale + bind: {} +networks: + default: + name: dockge_default +configs: + ts-serve: + name: dockge_ts-serve + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5001"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} \ No newline at end of file diff --git a/services/radicale/.env b/services/radicale/.env new file mode 100644 index 0000000..bd4b997 --- /dev/null +++ b/services/radicale/.env @@ -0,0 +1,17 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=radicale # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=tomsquest/docker-radicale # Docker image URL from container registry (e.g., adguard/adguard-home). + +# Network Configuration +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY=... # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Optional Service variables +# PUID=1000 diff --git a/services/radicale/README.md b/services/radicale/README.md new file mode 100644 index 0000000..c6ecce2 --- /dev/null +++ b/services/radicale/README.md @@ -0,0 +1,33 @@ +# Radicale with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Radicale](https://radicale.org/) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. + +## Radicale + +[Radicale](https://radicale.org/) is a small but powerful CalDAV (calendars, to-do lists) and CardDAV (contacts) server. It is lightweight, easy to configure, and requires minimal resources, making it a great self-hosted alternative to cloud-based calendar and contact sync services. + +## Key Features + +- CalDAV and CardDAV support for syncing calendars, to-do lists, and contacts +- Works with any compliant client (Thunderbird, GNOME Calendar, DAVx5, Apple Calendar, etc.) +- Lightweight with minimal resource usage +- Simple file-based storage +- Web interface for managing collections +- Built-in access control and authentication + +## Configuration Overview + +In this setup, the `tailscale-radicale` service runs Tailscale, which manages secure networking for Radicale. The `radicale` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. + +The container runs with hardened security settings: read-only filesystem, no new privileges, dropped capabilities, and resource limits (256M memory, 50 pids). + +## Prerequisites + +- This image uses [tomsquest/docker-radicale](https://github.com/tomsquest/docker-radicale). Refer to their documentation for advanced configuration options. +- To configure users and authentication, mount a custom config file or refer to the [Radicale documentation](https://radicale.org/v3.html#configuration). + +## Files to check + +Please check the following contents for validity as some variables need to be defined upfront. + +- `.env` // Main variable: `TS_AUTHKEY` diff --git a/services/radicale/compose.yaml b/services/radicale/compose.yaml new file mode 100644 index 0000000..22696de --- /dev/null +++ b/services/radicale/compose.yaml @@ -0,0 +1,98 @@ +name: radicale +services: + application: + cap_add: + - SETUID + - SETGID + - CHOWN + - KILL + cap_drop: + - ALL + container_name: app-radicale + depends_on: + tailscale: + condition: service_healthy + required: true + deploy: + resources: + limits: + memory: "268435456" + pids: 50 + healthcheck: + test: + - CMD + - curl + - -f + - http://127.0.0.1:5232 + timeout: 10s + interval: 30s + retries: 3 + start_period: 10s + image: tomsquest/docker-radicale + init: true + network_mode: service:tailscale + read_only: true + restart: always + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/radicale/radicale-data/data + target: /data + bind: {} + tailscale: + cap_add: + - net_admin + configs: + - source: ts-serve + target: /config/serve.json + container_name: tailscale-radicale + devices: + - source: /dev/net/tun + target: /dev/net/tun + permissions: rwm + environment: + TS_AUTH_ONCE: "true" + TS_AUTHKEY: '# Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.' + TS_ENABLE_HEALTH_CHECK: "true" + TS_LOCAL_ADDR_PORT: 127.0.0.1:41234 + TS_SERVE_CONFIG: /config/serve.json + TS_STATE_DIR: /var/lib/tailscale + TS_USERSPACE: "false" + hostname: radicale + healthcheck: + test: + - CMD + - wget + - --spider + - -q + - http://127.0.0.1:41234/healthz + timeout: 10s + interval: 1m0s + retries: 3 + start_period: 10s + image: tailscale/tailscale:latest + networks: + default: null + restart: always + volumes: + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/radicale/config + target: /config + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/radicale/ts/state + target: /var/lib/tailscale + bind: {} +networks: + default: + name: radicale_default +configs: + ts-serve: + name: radicale_ts-serve + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5232"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} \ No newline at end of file