From 8340b1a2c028a1022cdf8e6e3ff21b880a2cf3fd Mon Sep 17 00:00:00 2001 From: lcs-crr Date: Sat, 11 Apr 2026 22:13:57 +0200 Subject: [PATCH 01/15] Added dockge and radicale --- services/dockge/.env | 18 ++++++ services/dockge/README.md | 24 ++++++++ services/dockge/compose.yaml | 82 +++++++++++++++++++++++++ services/paperless/.env | 28 --------- services/paperless/README.md | 13 ---- services/paperless/compose.yml | 108 --------------------------------- services/radicale/.env | 17 ++++++ services/radicale/README.md | 33 ++++++++++ services/radicale/compose.yaml | 98 ++++++++++++++++++++++++++++++ 9 files changed, 272 insertions(+), 149 deletions(-) create mode 100644 services/dockge/.env create mode 100644 services/dockge/README.md create mode 100644 services/dockge/compose.yaml delete mode 100644 services/paperless/.env delete mode 100644 services/paperless/README.md delete mode 100644 services/paperless/compose.yml create mode 100644 services/radicale/.env create mode 100644 services/radicale/README.md create mode 100644 services/radicale/compose.yaml diff --git a/services/dockge/.env b/services/dockge/.env new file mode 100644 index 00000000..8d43316a --- /dev/null +++ b/services/dockge/.env @@ -0,0 +1,18 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=dockge +IMAGE_URL=louislam/dockge:1 +STACKS_DIR=... # Directory on host to store stack files. Must be bind mounted to the same path in compose.yaml. + +# Network Configuration +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY=... # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Optional Service variables +# PUID=1000 diff --git a/services/dockge/README.md b/services/dockge/README.md new file mode 100644 index 00000000..53f43055 --- /dev/null +++ b/services/dockge/README.md @@ -0,0 +1,24 @@ +# Dockge with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Dockge](https://github.com/louislam/dockge) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. + +## Dockge + +[Dockge](https://github.com/louislam/dockge) is fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager. + +## Key Features + +- Manage your compose.yaml files +- Create/Edit/Start/Stop/Restart/Delete +- Update Docker Images +- Interactive Editor for compose.yaml +- Interactive Web Terminal +- Convert docker run ... commands into compose.yaml +- File based structure - Dockge won't kidnap your compose files, they are stored on your drive as usual. You can interact with them using normal docker compose commands +- Reactive - Everything is just responsive. Progress (Pull/Up/Down) and terminal output are in real-time +- Easy-to-use & fancy UI - If you love Uptime Kuma's UI/UX, you will love this one too + +## Configuration Overview + +In this setup, the `tailscale-dockge` service runs Tailscale, which manages secure networking for Dockge. The `dockge` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. + diff --git a/services/dockge/compose.yaml b/services/dockge/compose.yaml new file mode 100644 index 00000000..c7f971bc --- /dev/null +++ b/services/dockge/compose.yaml @@ -0,0 +1,82 @@ +name: dockge +services: + application: + container_name: app-dockge + depends_on: + tailscale: + condition: service_healthy + required: true + environment: + DOCKGE_STACKS_DIR: '...' + image: louislam/dockge:1 + network_mode: service:tailscale + restart: always + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/data + target: /app/data + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/... + target: '...' + bind: {} + tailscale: + cap_add: + - net_admin + configs: + - source: ts-serve + target: /config/serve.json + container_name: tailscale-dockge + devices: + - source: /dev/net/tun + target: /dev/net/tun + permissions: rwm + environment: + TS_AUTH_ONCE: "true" + TS_AUTHKEY: '# Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.' + TS_ENABLE_HEALTH_CHECK: "true" + TS_LOCAL_ADDR_PORT: 127.0.0.1:41234 + TS_SERVE_CONFIG: /config/serve.json + TS_STATE_DIR: /var/lib/tailscale + TS_USERSPACE: "false" + hostname: dockge + healthcheck: + test: + - CMD + - wget + - --spider + - -q + - http://127.0.0.1:41234/healthz + timeout: 10s + interval: 1m0s + retries: 3 + start_period: 10s + image: tailscale/tailscale:latest + networks: + default: null + restart: always + volumes: + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/config + target: /config + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/dockge/ts/state + target: /var/lib/tailscale + bind: {} +networks: + default: + name: dockge_default +configs: + ts-serve: + name: dockge_ts-serve + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5001"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} \ No newline at end of file diff --git a/services/paperless/.env b/services/paperless/.env deleted file mode 100644 index b445925f..00000000 --- a/services/paperless/.env +++ /dev/null @@ -1,28 +0,0 @@ -#version=1.1 -#URL=https://github.com/tailscale-dev/ScaleTail -#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. - -# Service Configuration -SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). - -# Network Configuration -SERVICEPORT=80 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. -DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. - -# Tailscale Configuration -TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. - -# Time Zone setting for containers -TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - -# Optional Service variables -# PUID=1000 - -PAPERLESS_TIME_ZONE=Europe/London -PAPERLESS_OCR_LANGUAGE=eng -PAPERLESS_SECRET_KEY='change this to any random sting' #https://docs.paperless-ngx.com/configuration/#PAPERLESS_SECRET_KEY -PAPERLESS_ADMIN_USER=admin -PAPERLESS_ADMIN_PASSWORD=changeme -POSTGRES_USER=paperless -POSTGRES_PASSWORD=paperless diff --git a/services/paperless/README.md b/services/paperless/README.md deleted file mode 100644 index afd80ebb..00000000 --- a/services/paperless/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Paperless-ngx with Tailscale Sidecar Configuration - -This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless-ngx.com/) with Tailscale as a sidecar container to securely deliver push notifications over a private Tailscale network. By integrating Tailscale in a sidecar configuration, you enhance the privacy and security of your ntfy instance, ensuring it is only accessible within your Tailscale network. - -## Paperless-ngx - -[Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. - -## Configuration Overview - -In this setup, the `tailscale-paperless` service runs the Tailscale daemon to provide secure, private networking. The `paperless` service is configured to use Tailscale’s network stack via Docker’s `network_mode: service:` syntax. This binds Paperless network interface to the Tailscale container, making the service available only through your Tailscale network (or locally, if needed). - -This architecture is ideal for self-hosters who want to send and receive notifications from anywhere without exposing Paperless-ngx to the internet, maintaining both ease of access and strict privacy controls. diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml deleted file mode 100644 index 9b5b125b..00000000 --- a/services/paperless/compose.yml +++ /dev/null @@ -1,108 +0,0 @@ -configs: - ts-serve: - content: | - {"TCP":{"443":{"HTTPS":true}}, - "Web":{"$${TS_CERT_DOMAIN}:443": - {"Handlers":{"/": - {"Proxy":"http://127.0.0.1:80"}}}}, - "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} - -services: -# Make sure you have updated/checked the .env file with the correct variables. -# All the ${ xx } need to be defined there. - # Tailscale Sidecar Configuration - tailscale: - image: tailscale/tailscale:latest # Image to be used - container_name: tailscale-${SERVICE} # Name for local container management - hostname: ${SERVICE} # Name used within your Tailscale environment - environment: - - TS_AUTHKEY=${TS_AUTHKEY} - - TS_STATE_DIR=/var/lib/tailscale - - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required - - TS_USERSPACE=false - - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" - - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint - #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS - - TS_AUTH_ONCE=true - configs: - - source: ts-serve - target: /config/serve.json - volumes: - - ./config:/config # Config folder used to store Tailscale files - you may need to change the path - - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path - devices: - - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work - cap_add: - - net_admin # Tailscale requirement - #ports: - # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required - # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below - # dns: - # - ${DNS_SERVER} - healthcheck: - test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational - interval: 1m # How often to perform the check - timeout: 10s # Time to wait for the check to succeed - retries: 3 # Number of retries before marking as unhealthy - start_period: 10s # Time to wait before starting health checks - restart: always - - application: - image: ${IMAGE_URL} - network_mode: service:tailscale - container_name: app-${SERVICE} - depends_on: - tailscale: - condition: service_healthy - db: - condition: service_started - broker: - condition: service_started - healthcheck: - test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running - interval: 1m # How often to perform the check - timeout: 10s # Time to wait for the check to succeed - retries: 3 # Number of retries before marking as unhealthy - start_period: 30s # Time to wait before starting health checks - restart: always - volumes: - - ./${SERVICE}-data/data:/usr/src/paperless/data - - ./${SERVICE}-data/media:/usr/src/paperless/media - - ./${SERVICE}-data/export:/usr/src/paperless/export - - ./${SERVICE}-data/consume:/usr/src/paperless/consume - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Amsterdam - - PAPERLESS_TIME_ZONE=${PAPERLESS_TIME_ZONE} - - PAPERLESS_OCR_LANGUAGE=${PAPERLESS_OCR_LANGUAGE} - - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY} - - PAPERLESS_PORT=80 - - PAPERLESS_PROXY_SSL_HEADER=["HTTP_X_FORWARDED_PROTO", "https"] - - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER} - - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD} - - PAPERLESS_REDIS=redis://broker:6379 - - PAPERLESS_DBHOST=db - db: - image: docker.io/library/postgres:18 - container_name: app-${SERVICE}-db # Name for local container management - restart: always - volumes: - - ./${SERVICE}-data/pgdata:/var/lib/postgresql - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Amsterdam - - POSTGRES_DB=paperless - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - broker: - image: docker.io/library/redis:8 - container_name: app-${SERVICE}-broker # Name for local container management - restart: always - volumes: - - ./${SERVICE}-data/redisdata:/data - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Amsterdam diff --git a/services/radicale/.env b/services/radicale/.env new file mode 100644 index 00000000..bd4b997c --- /dev/null +++ b/services/radicale/.env @@ -0,0 +1,17 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=radicale # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=tomsquest/docker-radicale # Docker image URL from container registry (e.g., adguard/adguard-home). + +# Network Configuration +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY=... # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Optional Service variables +# PUID=1000 diff --git a/services/radicale/README.md b/services/radicale/README.md new file mode 100644 index 00000000..c6ecce2d --- /dev/null +++ b/services/radicale/README.md @@ -0,0 +1,33 @@ +# Radicale with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Radicale](https://radicale.org/) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. + +## Radicale + +[Radicale](https://radicale.org/) is a small but powerful CalDAV (calendars, to-do lists) and CardDAV (contacts) server. It is lightweight, easy to configure, and requires minimal resources, making it a great self-hosted alternative to cloud-based calendar and contact sync services. + +## Key Features + +- CalDAV and CardDAV support for syncing calendars, to-do lists, and contacts +- Works with any compliant client (Thunderbird, GNOME Calendar, DAVx5, Apple Calendar, etc.) +- Lightweight with minimal resource usage +- Simple file-based storage +- Web interface for managing collections +- Built-in access control and authentication + +## Configuration Overview + +In this setup, the `tailscale-radicale` service runs Tailscale, which manages secure networking for Radicale. The `radicale` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. + +The container runs with hardened security settings: read-only filesystem, no new privileges, dropped capabilities, and resource limits (256M memory, 50 pids). + +## Prerequisites + +- This image uses [tomsquest/docker-radicale](https://github.com/tomsquest/docker-radicale). Refer to their documentation for advanced configuration options. +- To configure users and authentication, mount a custom config file or refer to the [Radicale documentation](https://radicale.org/v3.html#configuration). + +## Files to check + +Please check the following contents for validity as some variables need to be defined upfront. + +- `.env` // Main variable: `TS_AUTHKEY` diff --git a/services/radicale/compose.yaml b/services/radicale/compose.yaml new file mode 100644 index 00000000..22696ded --- /dev/null +++ b/services/radicale/compose.yaml @@ -0,0 +1,98 @@ +name: radicale +services: + application: + cap_add: + - SETUID + - SETGID + - CHOWN + - KILL + cap_drop: + - ALL + container_name: app-radicale + depends_on: + tailscale: + condition: service_healthy + required: true + deploy: + resources: + limits: + memory: "268435456" + pids: 50 + healthcheck: + test: + - CMD + - curl + - -f + - http://127.0.0.1:5232 + timeout: 10s + interval: 30s + retries: 3 + start_period: 10s + image: tomsquest/docker-radicale + init: true + network_mode: service:tailscale + read_only: true + restart: always + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/radicale/radicale-data/data + target: /data + bind: {} + tailscale: + cap_add: + - net_admin + configs: + - source: ts-serve + target: /config/serve.json + container_name: tailscale-radicale + devices: + - source: /dev/net/tun + target: /dev/net/tun + permissions: rwm + environment: + TS_AUTH_ONCE: "true" + TS_AUTHKEY: '# Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.' + TS_ENABLE_HEALTH_CHECK: "true" + TS_LOCAL_ADDR_PORT: 127.0.0.1:41234 + TS_SERVE_CONFIG: /config/serve.json + TS_STATE_DIR: /var/lib/tailscale + TS_USERSPACE: "false" + hostname: radicale + healthcheck: + test: + - CMD + - wget + - --spider + - -q + - http://127.0.0.1:41234/healthz + timeout: 10s + interval: 1m0s + retries: 3 + start_period: 10s + image: tailscale/tailscale:latest + networks: + default: null + restart: always + volumes: + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/radicale/config + target: /config + bind: {} + - type: bind + source: /home/lcs_crr/Projects/ScaleTail/services/radicale/ts/state + target: /var/lib/tailscale + bind: {} +networks: + default: + name: radicale_default +configs: + ts-serve: + name: radicale_ts-serve + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5232"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} \ No newline at end of file From b81dbff3a3efc30d42f43b956f1b284c15dd6928 Mon Sep 17 00:00:00 2001 From: lcs-crr Date: Sat, 11 Apr 2026 22:25:43 +0200 Subject: [PATCH 02/15] re-added paperless --- services/paperless/.env | 28 +++++++++ services/paperless/README.md | 13 ++++ services/paperless/compose.yml | 108 +++++++++++++++++++++++++++++++++ 3 files changed, 149 insertions(+) create mode 100644 services/paperless/.env create mode 100644 services/paperless/README.md create mode 100644 services/paperless/compose.yml diff --git a/services/paperless/.env b/services/paperless/.env new file mode 100644 index 00000000..b445925f --- /dev/null +++ b/services/paperless/.env @@ -0,0 +1,28 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). + +# Network Configuration +SERVICEPORT=80 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Time Zone setting for containers +TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones + +# Optional Service variables +# PUID=1000 + +PAPERLESS_TIME_ZONE=Europe/London +PAPERLESS_OCR_LANGUAGE=eng +PAPERLESS_SECRET_KEY='change this to any random sting' #https://docs.paperless-ngx.com/configuration/#PAPERLESS_SECRET_KEY +PAPERLESS_ADMIN_USER=admin +PAPERLESS_ADMIN_PASSWORD=changeme +POSTGRES_USER=paperless +POSTGRES_PASSWORD=paperless diff --git a/services/paperless/README.md b/services/paperless/README.md new file mode 100644 index 00000000..afd80ebb --- /dev/null +++ b/services/paperless/README.md @@ -0,0 +1,13 @@ +# Paperless-ngx with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless-ngx.com/) with Tailscale as a sidecar container to securely deliver push notifications over a private Tailscale network. By integrating Tailscale in a sidecar configuration, you enhance the privacy and security of your ntfy instance, ensuring it is only accessible within your Tailscale network. + +## Paperless-ngx + +[Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. + +## Configuration Overview + +In this setup, the `tailscale-paperless` service runs the Tailscale daemon to provide secure, private networking. The `paperless` service is configured to use Tailscale’s network stack via Docker’s `network_mode: service:` syntax. This binds Paperless network interface to the Tailscale container, making the service available only through your Tailscale network (or locally, if needed). + +This architecture is ideal for self-hosters who want to send and receive notifications from anywhere without exposing Paperless-ngx to the internet, maintaining both ease of access and strict privacy controls. diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml new file mode 100644 index 00000000..9b5b125b --- /dev/null +++ b/services/paperless/compose.yml @@ -0,0 +1,108 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:80"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: +# Make sure you have updated/checked the .env file with the correct variables. +# All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + # dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + application: + image: ${IMAGE_URL} + network_mode: service:tailscale + container_name: app-${SERVICE} + depends_on: + tailscale: + condition: service_healthy + db: + condition: service_started + broker: + condition: service_started + healthcheck: + test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks + restart: always + volumes: + - ./${SERVICE}-data/data:/usr/src/paperless/data + - ./${SERVICE}-data/media:/usr/src/paperless/media + - ./${SERVICE}-data/export:/usr/src/paperless/export + - ./${SERVICE}-data/consume:/usr/src/paperless/consume + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + - PAPERLESS_TIME_ZONE=${PAPERLESS_TIME_ZONE} + - PAPERLESS_OCR_LANGUAGE=${PAPERLESS_OCR_LANGUAGE} + - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY} + - PAPERLESS_PORT=80 + - PAPERLESS_PROXY_SSL_HEADER=["HTTP_X_FORWARDED_PROTO", "https"] + - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER} + - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD} + - PAPERLESS_REDIS=redis://broker:6379 + - PAPERLESS_DBHOST=db + db: + image: docker.io/library/postgres:18 + container_name: app-${SERVICE}-db # Name for local container management + restart: always + volumes: + - ./${SERVICE}-data/pgdata:/var/lib/postgresql + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + - POSTGRES_DB=paperless + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + broker: + image: docker.io/library/redis:8 + container_name: app-${SERVICE}-broker # Name for local container management + restart: always + volumes: + - ./${SERVICE}-data/redisdata:/data + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam From c11984d0486538b61f5f500627eaee97e4bb8d5f Mon Sep 17 00:00:00 2001 From: lcs-crr Date: Sat, 11 Apr 2026 22:28:03 +0200 Subject: [PATCH 03/15] Updated readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 67ea435b..f7451a27 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,7 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod | 📝 **Nanote** | A lightweight, self-hosted note-taking app with Markdown support. | [Details](services/nanote) | | ☁️ **NextCloud** | A suite of client-server software for creating and using file hosting services. | [Details](services/nextcloud) | | 🔗 **Pingvin Share** | **PROJECT ARCHIVED** A self-hosted file sharing platform. | [Details](services/pingvin-share) | +| 📅 **Radicale** | A lightweight CalDAV and CardDAV server for self-hosted calendar, to-do, and contact sync. | [Details](services/radicale) | | 🔄 **Resilio Sync** | A fast, reliable, and simple file sync and share solution. | [Details](services/resilio-sync) | | 🗂️ **Stirling-PDF** | A web application for managing and editing PDF files. | [Details](services/stirlingpdf) | | 📄 **BentoPDF** | A lightweight, self-hosted web app for viewing and managing PDF documents. | [Details](services/bentopdf) | @@ -176,6 +177,7 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod | 🖥️ **Changedetection.io** | A tool for monitoring website changes. | [Details](services/changedetection) | | 🛠️ **Coder** | Self-hosted cloud dev environments with browser IDEs, Terraform-managed workspaces. | [Details](services/coder) | | 🔧 **Cyberchef** | A web app for encryption, encoding, compression, and data analysis. | [Details](services/cyberchef) | +| 🐳 **Dockge** | A fancy, easy-to-use and reactive self-hosted Docker Compose stack manager. | [Details](services/dockge) | | 🐳 **Dockhand** | A modern, lightweight Docker management UI for containers and Compose stacks. | [Details](services/dockhand) | | 🖥️ **Dozzle** | A real-time log viewer for Docker containers. | [Details](services/dozzle) | | 🔁 **FossFLOW** | A self-hosted tool to make beautiful isometric infrastructure diagrams. | [Details](services/fossflow) | From 16f0fbac54e695a5f08a15147f96668149972802 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 18:41:57 +0000 Subject: [PATCH 04/15] docs(contributors): update README contributors --- README.md | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9056aa75..744620cc 100644 --- a/README.md +++ b/README.md @@ -290,6 +290,15 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod adamsthws + + + lcs-crr +
+ lcs-crr + + + + theryukverse @@ -297,8 +306,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod theryukverse - - KhaaL @@ -334,6 +341,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod mikkotor + + NI-R0 @@ -341,8 +350,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod NI-R0 - - RychidM @@ -378,6 +385,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod pjv + + wedge22 @@ -385,8 +394,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod wedge22 - - Jacob-JA-Shanks @@ -422,6 +429,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod cdkooistra + + Aurorainic @@ -429,8 +438,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod Aurorainic - - ironicbadger From 9212428195adf1d8a3a632be3f9c46b7e46736d5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 05:33:52 +0000 Subject: [PATCH 05/15] docs(contributors): update README contributors --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 744620cc..0c454abb 100644 --- a/README.md +++ b/README.md @@ -320,13 +320,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod SamPlaysKeys - - - jpmurray -
- jpmurray - - MajnuRangeela @@ -341,8 +334,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod mikkotor - - NI-R0 @@ -350,6 +341,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod NI-R0 + + RychidM @@ -385,14 +378,21 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod pjv - - wedge22
wedge22 + + + + + + jpmurray +
+ jpmurray + From c8264bc87021b35f43a5e673bbf53a77ec859401 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 05:33:50 +0000 Subject: [PATCH 06/15] docs(contributors): update README contributors --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 0c454abb..744620cc 100644 --- a/README.md +++ b/README.md @@ -320,6 +320,13 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod SamPlaysKeys + + + jpmurray +
+ jpmurray + + MajnuRangeela @@ -334,6 +341,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod mikkotor + + NI-R0 @@ -341,8 +350,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod NI-R0 - - RychidM @@ -378,21 +385,14 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod pjv + + wedge22
wedge22 - - - - - - jpmurray -
- jpmurray - From 6fcf750394d558dedcd98e8bd3bdce43f3e6b67b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 05:39:50 +0000 Subject: [PATCH 07/15] docs(contributors): update README contributors --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b6b3cad4..1111340d 100644 --- a/README.md +++ b/README.md @@ -285,17 +285,17 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod - - adamsthws + + lcs-crr
- adamsthws + lcs-crr - - lcs-crr + + adamsthws
- lcs-crr + adamsthws From 87eb4bc8d0e1a895ed29b581d90034fbbfebc988 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 18 Apr 2026 14:38:58 +0000 Subject: [PATCH 08/15] docs(contributor): contrib-readme-action has updated readme --- README.md | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index c9cffea3..ca375b52 100644 --- a/README.md +++ b/README.md @@ -284,10 +284,10 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod - - LaijieJi + + lcs-crr
- LaijieJi + lcs-crr @@ -321,10 +321,17 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod - - jpmurray + + onlykshitij
- jpmurray + onlykshitij + + + + + LaijieJi +
+ LaijieJi @@ -334,6 +341,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod MajnuRangeela + + mikkotor @@ -341,8 +350,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod mikkotor - - NI-R0 @@ -378,6 +385,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod guybrush115 + + pjv @@ -385,8 +394,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod pjv - - wedge22 @@ -394,6 +401,13 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod wedge22 + + + jpmurray +
+ jpmurray + + Jacob-JA-Shanks @@ -415,6 +429,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod gaetan-petit + + dfilvtov @@ -429,8 +445,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod cdkooistra - - Aurorainic From adfc5b0c62fc80ac924dadd209c72642f3fbc20b Mon Sep 17 00:00:00 2001 From: lcs-crr Date: Mon, 27 Apr 2026 12:59:24 +0200 Subject: [PATCH 09/15] Restored template format --- services/dockge/.env | 2 +- services/dockge/compose.yaml | 129 ++++++++++++++-------------- services/radicale/compose.yaml | 149 ++++++++++++++------------------- 3 files changed, 124 insertions(+), 156 deletions(-) diff --git a/services/dockge/.env b/services/dockge/.env index 8d43316a..9a7c5a8c 100644 --- a/services/dockge/.env +++ b/services/dockge/.env @@ -5,7 +5,7 @@ # Service Configuration SERVICE=dockge IMAGE_URL=louislam/dockge:1 -STACKS_DIR=... # Directory on host to store stack files. Must be bind mounted to the same path in compose.yaml. +STACKS_DIR=... # Absolute path on host to store stack files. Must be bind mounted to the same path in compose.yaml. # Network Configuration SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. diff --git a/services/dockge/compose.yaml b/services/dockge/compose.yaml index c7f971bc..7636c2ef 100644 --- a/services/dockge/compose.yaml +++ b/services/dockge/compose.yaml @@ -1,49 +1,68 @@ -name: dockge +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5001"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + services: - application: - container_name: app-dockge - depends_on: - tailscale: - condition: service_healthy - required: true - environment: - DOCKGE_STACKS_DIR: '...' - image: louislam/dockge:1 - network_mode: service:tailscale - restart: always - volumes: - - type: bind - source: /var/run/docker.sock - target: /var/run/docker.sock - bind: {} - - type: bind - source: /home/lcs_crr/Projects/ScaleTail/services/dockge/data - target: /app/data - bind: {} - - type: bind - source: /home/lcs_crr/Projects/ScaleTail/services/dockge/... - target: '...' - bind: {} + # Make sure you have updated/checked the .env file with the correct variables. + # All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration tailscale: - cap_add: - - net_admin + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true configs: - source: ts-serve target: /config/serve.json - container_name: tailscale-dockge + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path devices: - - source: /dev/net/tun - target: /dev/net/tun - permissions: rwm + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + healthcheck: + test: [ "CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz" ] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + # ${SERVICE} + application: + image: ${IMAGE_URL} # Image to be used + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE} # Name for local container management environment: - TS_AUTH_ONCE: "true" - TS_AUTHKEY: '# Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.' - TS_ENABLE_HEALTH_CHECK: "true" - TS_LOCAL_ADDR_PORT: 127.0.0.1:41234 - TS_SERVE_CONFIG: /config/serve.json - TS_STATE_DIR: /var/lib/tailscale - TS_USERSPACE: "false" - hostname: dockge + # Varibles are delared in .env file. + - DOCKGE_STACKS_DIR=${STACKS_DIR} + # - EXAMPLE_VAR=${EXAMPLE_VAR} + volumes: + - ./${SERVICE}-data/app/config:/config + - /var/run/docker.sock:/var/run/docker.sock + - ${STACKS_DIR}:${STACKS_DIR} + depends_on: + tailscale: + condition: service_healthy healthcheck: test: - CMD @@ -51,32 +70,8 @@ services: - --spider - -q - http://127.0.0.1:41234/healthz - timeout: 10s - interval: 1m0s - retries: 3 - start_period: 10s - image: tailscale/tailscale:latest - networks: - default: null + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks restart: always - volumes: - - type: bind - source: /home/lcs_crr/Projects/ScaleTail/services/dockge/config - target: /config - bind: {} - - type: bind - source: /home/lcs_crr/Projects/ScaleTail/services/dockge/ts/state - target: /var/lib/tailscale - bind: {} -networks: - default: - name: dockge_default -configs: - ts-serve: - name: dockge_ts-serve - content: | - {"TCP":{"443":{"HTTPS":true}}, - "Web":{"$${TS_CERT_DOMAIN}:443": - {"Handlers":{"/": - {"Proxy":"http://127.0.0.1:5001"}}}}, - "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} \ No newline at end of file diff --git a/services/radicale/compose.yaml b/services/radicale/compose.yaml index 22696ded..9af2164e 100644 --- a/services/radicale/compose.yaml +++ b/services/radicale/compose.yaml @@ -1,98 +1,71 @@ -name: radicale +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:5232"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + services: - application: - cap_add: - - SETUID - - SETGID - - CHOWN - - KILL - cap_drop: - - ALL - container_name: app-radicale - depends_on: - tailscale: - condition: service_healthy - required: true - deploy: - resources: - limits: - memory: "268435456" - pids: 50 - healthcheck: - test: - - CMD - - curl - - -f - - http://127.0.0.1:5232 - timeout: 10s - interval: 30s - retries: 3 - start_period: 10s - image: tomsquest/docker-radicale - init: true - network_mode: service:tailscale - read_only: true - restart: always - security_opt: - - no-new-privileges:true - volumes: - - type: bind - source: /home/lcs_crr/Projects/ScaleTail/services/radicale/radicale-data/data - target: /data - bind: {} + # Make sure you have updated/checked the .env file with the correct variables. + # All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration tailscale: - cap_add: - - net_admin + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true configs: - source: ts-serve target: /config/serve.json - container_name: tailscale-radicale + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path devices: - - source: /dev/net/tun - target: /dev/net/tun - permissions: rwm + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + healthcheck: + test: [ "CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz" ] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + # ${SERVICE} + application: + image: ${IMAGE_URL} # Image to be used + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE} # Name for local container management environment: - TS_AUTH_ONCE: "true" - TS_AUTHKEY: '# Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.' - TS_ENABLE_HEALTH_CHECK: "true" - TS_LOCAL_ADDR_PORT: 127.0.0.1:41234 - TS_SERVE_CONFIG: /config/serve.json - TS_STATE_DIR: /var/lib/tailscale - TS_USERSPACE: "false" - hostname: radicale + - TAKE_FILE_OWNERSHIP=true + volumes: + - ./${SERVICE}-data/app/data:/data + command: ["/venv/bin/radicale", "--storage-filesystem-folder", "/data/collections"] + depends_on: + tailscale: + condition: service_healthy healthcheck: test: - - CMD - - wget - - --spider - - -q - - http://127.0.0.1:41234/healthz - timeout: 10s - interval: 1m0s - retries: 3 - start_period: 10s - image: tailscale/tailscale:latest - networks: - default: null + - CMD-SHELL + - wget -qO- http://127.0.0.1:5232/.well-known/carddav || exit 1 + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks restart: always - volumes: - - type: bind - source: /home/lcs_crr/Projects/ScaleTail/services/radicale/config - target: /config - bind: {} - - type: bind - source: /home/lcs_crr/Projects/ScaleTail/services/radicale/ts/state - target: /var/lib/tailscale - bind: {} -networks: - default: - name: radicale_default -configs: - ts-serve: - name: radicale_ts-serve - content: | - {"TCP":{"443":{"HTTPS":true}}, - "Web":{"$${TS_CERT_DOMAIN}:443": - {"Handlers":{"/": - {"Proxy":"http://127.0.0.1:5232"}}}}, - "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} \ No newline at end of file From 2341c3d9fa39a0042264310fa045756c4ae86453 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 29 Apr 2026 17:47:28 +0000 Subject: [PATCH 10/15] docs(contributor): contrib-readme-action has updated readme --- README.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 8e03f921..80d7ffd4 100644 --- a/README.md +++ b/README.md @@ -270,6 +270,13 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod jackspiering + + + michaelhodges +
+ michaelhodges + + ChillBill77 @@ -278,10 +285,10 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod - - michaelhodges + + lcs-crr
- michaelhodges + lcs-crr @@ -291,6 +298,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod adamsthws + + theryukverse @@ -298,8 +307,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod theryukverse - - KhaaL @@ -432,8 +439,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod dfilvtov - - cdkooistra From 166d217e5c8c113caec85f9a7446ab2cb77471e2 Mon Sep 17 00:00:00 2001 From: crypt0rr <57799908+crypt0rr@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:56:54 +0200 Subject: [PATCH 11/15] refactor(dockge): update .env and README for clarity; adjust compose.yaml environment variables --- services/dockge/.env | 7 ++++--- services/dockge/README.md | 27 +++++++++++++-------------- services/dockge/compose.yaml | 20 +++++--------------- 3 files changed, 22 insertions(+), 32 deletions(-) diff --git a/services/dockge/.env b/services/dockge/.env index 9a7c5a8c..89c217c9 100644 --- a/services/dockge/.env +++ b/services/dockge/.env @@ -5,14 +5,15 @@ # Service Configuration SERVICE=dockge IMAGE_URL=louislam/dockge:1 -STACKS_DIR=... # Absolute path on host to store stack files. Must be bind mounted to the same path in compose.yaml. # Network Configuration SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY=... # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables -# PUID=1000 +STACKS_DIR= # Absolute path on host to store stack files. Must be bind mounted to the same path in compose.yaml. +PUID=1000 # Set the stack file/dir ownership to this user +PGID=1000 # Set the stack file/dir ownership to this group \ No newline at end of file diff --git a/services/dockge/README.md b/services/dockge/README.md index 53f43055..9fae38da 100644 --- a/services/dockge/README.md +++ b/services/dockge/README.md @@ -1,24 +1,23 @@ # Dockge with Tailscale Sidecar Configuration -This Docker Compose configuration sets up [Dockge](https://github.com/louislam/dockge) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. +This Docker Compose configuration sets up Dockge with a Tailscale sidecar container, enabling secure, private access to your Docker Compose management UI over your Tailnet. With this setup, your Dockge instance is not exposed to the public internet and is only accessible from authorized devices connected via Tailscale. ## Dockge -[Dockge](https://github.com/louislam/dockge) is fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager. +[Dockge](https://github.com/louislam/dockge) is a lightweight, self-hosted Docker Compose stack manager built for simplicity and control. Created by the developer behind Uptime Kuma, Dockge provides an intuitive web interface for managing, editing, and deploying docker-compose.yml stacks without relying solely on the CLI. -## Key Features +It is especially well-suited for homelabs, self-hosted environments, and DevOps workflows where multiple services are managed via Docker Compose. -- Manage your compose.yaml files -- Create/Edit/Start/Stop/Restart/Delete -- Update Docker Images -- Interactive Editor for compose.yaml -- Interactive Web Terminal -- Convert docker run ... commands into compose.yaml -- File based structure - Dockge won't kidnap your compose files, they are stored on your drive as usual. You can interact with them using normal docker compose commands -- Reactive - Everything is just responsive. Progress (Pull/Up/Down) and terminal output are in real-time -- Easy-to-use & fancy UI - If you love Uptime Kuma's UI/UX, you will love this one too +## Key Features -## Configuration Overview +* 🐳 Web-based Docker Compose stack management +* ✏️ Live editing of docker-compose.yml files +* ▶️ One-click start, stop, and restart of stacks +* 📜 Real-time container logs viewer +* 📦 Multi-stack organization via directories +* ⚡ Lightweight and fast interface +* 🔍 Clear visibility into container status -In this setup, the `tailscale-dockge` service runs Tailscale, which manages secure networking for Dockge. The `dockge` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. +## Important Notice +Make sure to populate the `STACKS_DIR=` variable in the `.env` before first startup. diff --git a/services/dockge/compose.yaml b/services/dockge/compose.yaml index 7636c2ef..5a30dd1d 100644 --- a/services/dockge/compose.yaml +++ b/services/dockge/compose.yaml @@ -54,24 +54,14 @@ services: container_name: app-${SERVICE} # Name for local container management environment: # Varibles are delared in .env file. - - DOCKGE_STACKS_DIR=${STACKS_DIR} - # - EXAMPLE_VAR=${EXAMPLE_VAR} + - DOCKGE_STACKS_DIR=${STACKS_DIR} # Tell Dockge where your stacks directory is + - PUID=${PUID} # Set the stack file/dir ownership to this user + - PGID=${PGID} # Set the stack file/dir ownership to this group volumes: - - ./${SERVICE}-data/app/config:/config + - ./${SERVICE}-data/app/config:/app/data - /var/run/docker.sock:/var/run/docker.sock - ${STACKS_DIR}:${STACKS_DIR} depends_on: tailscale: condition: service_healthy - healthcheck: - test: - - CMD - - wget - - --spider - - -q - - http://127.0.0.1:41234/healthz - interval: 1m # How often to perform the check - timeout: 10s # Time to wait for the check to succeed - retries: 3 # Number of retries before marking as unhealthy - start_period: 30s # Time to wait before starting health checks - restart: always + restart: always \ No newline at end of file From aebb0487369f046ebbc7abac71da6c56b99865d6 Mon Sep 17 00:00:00 2001 From: crypt0rr <57799908+crypt0rr@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:57:37 +0200 Subject: [PATCH 12/15] docs(dockge): add comments for SERVICE and IMAGE_URL in .env for clarity --- services/dockge/.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/dockge/.env b/services/dockge/.env index 89c217c9..147037d3 100644 --- a/services/dockge/.env +++ b/services/dockge/.env @@ -3,8 +3,8 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=dockge -IMAGE_URL=louislam/dockge:1 +SERVICE=dockge # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=louislam/dockge:1 # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. From 8627e7722998ec804025a0cb90e377dd93f9813e Mon Sep 17 00:00:00 2001 From: crypt0rr <57799908+crypt0rr@users.noreply.github.com> Date: Wed, 29 Apr 2026 19:58:58 +0200 Subject: [PATCH 13/15] docs(README): add Dockge service to the list of available configurations --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 80d7ffd4..a7cb1ea1 100644 --- a/README.md +++ b/README.md @@ -174,6 +174,7 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose | 🛠️ **Coder** | Self-hosted cloud dev environments with browser IDEs, Terraform-managed workspaces. | [Details](services/coder) | | 🔧 **Cyberchef** | A web app for encryption, encoding, compression, and data analysis. | [Details](services/cyberchef) | | 🐳 **Dockhand** | A modern, lightweight Docker management UI for containers and Compose stacks. | [Details](services/dockhand) | +| 🐳 **Dockge** | A lightweight, self-hosted Docker Compose stack manager with a clean web UI. | [Details](services/dockge) | | 🖥️ **Dozzle** | A real-time log viewer for Docker containers. | [Details](services/dozzle) | | 🔁 **FossFLOW** | A self-hosted tool to make beautiful isometric infrastructure diagrams. | [Details](services/fossflow) | | 🖥️ **GitSave** | A self-hosted service to back up your GitHub repositories via a simple REST API and scheduled runs. | [Details](services/gitsave) | From c127e8cd00ff371dc93b40825076550235b232ad Mon Sep 17 00:00:00 2001 From: crypt0rr <57799908+crypt0rr@users.noreply.github.com> Date: Wed, 29 Apr 2026 20:03:48 +0200 Subject: [PATCH 14/15] fix(radicale): set SERVICEPORT to 5232 for local network exposure --- services/radicale/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/radicale/.env b/services/radicale/.env index bd4b997c..199dbfe9 100644 --- a/services/radicale/.env +++ b/services/radicale/.env @@ -7,7 +7,7 @@ SERVICE=radicale # Service name (e.g., adguard). Used as hostname in Tailscale a IMAGE_URL=tomsquest/docker-radicale # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +SERVICEPORT=5232 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration From 5fd41e555c27c0e5733075822906eeb2014c64da Mon Sep 17 00:00:00 2001 From: lcs-crr Date: Thu, 7 May 2026 20:47:49 +0200 Subject: [PATCH 15/15] Added documentation on how to get started and creating users --- services/radicale/README.md | 42 +++++++++++++++++++++++++++++++++- services/radicale/compose.yaml | 4 +++- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/services/radicale/README.md b/services/radicale/README.md index c6ecce2d..d3271c61 100644 --- a/services/radicale/README.md +++ b/services/radicale/README.md @@ -26,8 +26,48 @@ The container runs with hardened security settings: read-only filesystem, no new - This image uses [tomsquest/docker-radicale](https://github.com/tomsquest/docker-radicale). Refer to their documentation for advanced configuration options. - To configure users and authentication, mount a custom config file or refer to the [Radicale documentation](https://radicale.org/v3.html#configuration). +## Creating Users + +Radicale uses `htpasswd` for authentication. To set up users: + +1. **Create the required directories:** + + ```bash + mkdir -p ./${SERVICE}-data ./config + ``` + +2. **Create an `htpasswd` file** with your first user (requires `apache2-utils` on Debian/Ubuntu or `httpd-tools` on Fedora): + + ```bash + htpasswd -B -c ./${SERVICE}-data/users + ``` + + To add more users without overwriting the file, omit `-c`: + + ```bash + htpasswd -B ./${SERVICE}-data/users + ``` + +3. **Fill out config file** at `./config/${SERVICE}.conf`: + + ```ini + [auth] + type = htpasswd + htpasswd_filename = /config/users + htpasswd_encryption = bcrypt + + [storage] + filesystem_folder = /data/collections + ``` + +4. **Restart the stack:** + + ```bash + docker compose down && docker compose up -d + ``` + ## Files to check Please check the following contents for validity as some variables need to be defined upfront. -- `.env` // Main variable: `TS_AUTHKEY` +- `.env` — Main variable: `TS_AUTHKEY` diff --git a/services/radicale/compose.yaml b/services/radicale/compose.yaml index 9af2164e..dffcb6bd 100644 --- a/services/radicale/compose.yaml +++ b/services/radicale/compose.yaml @@ -56,7 +56,9 @@ services: - TAKE_FILE_OWNERSHIP=true volumes: - ./${SERVICE}-data/app/data:/data - command: ["/venv/bin/radicale", "--storage-filesystem-folder", "/data/collections"] + - ./config/${SERVICE}.conf:/config/radicale.conf + - ./${SERVICE}-data/users:/config/users + command: ["/venv/bin/radicale", "--config", "/config/radicale.conf"] depends_on: tailscale: condition: service_healthy