-
Notifications
You must be signed in to change notification settings - Fork 107
Added dockge and radicale #266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
lcs-crr
wants to merge
18
commits into
tailscale-dev:main
Choose a base branch
from
lcs-crr:main
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
8340b1a
Added dockge and radicale
lcs-crr b81dbff
re-added paperless
lcs-crr c11984d
Updated readme
lcs-crr 98a47bb
Merge branch 'main' into main
crypt0rr 16f0fba
docs(contributors): update README contributors
github-actions[bot] 9212428
docs(contributors): update README contributors
github-actions[bot] c8264bc
docs(contributors): update README contributors
github-actions[bot] 6e52692
Merge branch 'main' into main
lcs-crr 6fcf750
docs(contributors): update README contributors
github-actions[bot] f46cf4e
Merge branch 'main' into main
crypt0rr 87eb4bc
docs(contributor): contrib-readme-action has updated readme
github-actions[bot] adfc5b0
Restored template format
lcs-crr 9b561af
Merge branch 'main' into main
crypt0rr 2341c3d
docs(contributor): contrib-readme-action has updated readme
github-actions[bot] 166d217
refactor(dockge): update .env and README for clarity; adjust compose.…
crypt0rr aebb048
docs(dockge): add comments for SERVICE and IMAGE_URL in .env for clarity
crypt0rr 8627e77
docs(README): add Dockge service to the list of available configurations
crypt0rr c127e8c
fix(radicale): set SERVICEPORT to 5232 for local network exposure
crypt0rr File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| #version=1.1 | ||
| #URL=https://github.com/tailscale-dev/ScaleTail | ||
| #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. | ||
|
|
||
| # Service Configuration | ||
| SERVICE=dockge # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). | ||
| IMAGE_URL=louislam/dockge:1 # Docker image URL from container registry (e.g., adguard/adguard-home). | ||
|
|
||
| # Network Configuration | ||
| SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. | ||
| DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. | ||
|
|
||
| # Tailscale Configuration | ||
| TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. | ||
|
|
||
| # Optional Service variables | ||
| STACKS_DIR= # Absolute path on host to store stack files. Must be bind mounted to the same path in compose.yaml. | ||
| PUID=1000 # Set the stack file/dir ownership to this user | ||
| PGID=1000 # Set the stack file/dir ownership to this group |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Dockge with Tailscale Sidecar Configuration | ||
|
|
||
| This Docker Compose configuration sets up Dockge with a Tailscale sidecar container, enabling secure, private access to your Docker Compose management UI over your Tailnet. With this setup, your Dockge instance is not exposed to the public internet and is only accessible from authorized devices connected via Tailscale. | ||
|
|
||
| ## Dockge | ||
|
|
||
| [Dockge](https://github.com/louislam/dockge) is a lightweight, self-hosted Docker Compose stack manager built for simplicity and control. Created by the developer behind Uptime Kuma, Dockge provides an intuitive web interface for managing, editing, and deploying docker-compose.yml stacks without relying solely on the CLI. | ||
|
|
||
| It is especially well-suited for homelabs, self-hosted environments, and DevOps workflows where multiple services are managed via Docker Compose. | ||
|
|
||
| ## Key Features | ||
|
|
||
| * 🐳 Web-based Docker Compose stack management | ||
| * ✏️ Live editing of docker-compose.yml files | ||
| * ▶️ One-click start, stop, and restart of stacks | ||
| * 📜 Real-time container logs viewer | ||
| * 📦 Multi-stack organization via directories | ||
| * ⚡ Lightweight and fast interface | ||
| * 🔍 Clear visibility into container status | ||
|
|
||
| ## Important Notice | ||
|
|
||
| Make sure to populate the `STACKS_DIR=` variable in the `.env` before first startup. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| configs: | ||
| ts-serve: | ||
| content: | | ||
| {"TCP":{"443":{"HTTPS":true}}, | ||
| "Web":{"$${TS_CERT_DOMAIN}:443": | ||
| {"Handlers":{"/": | ||
| {"Proxy":"http://127.0.0.1:5001"}}}}, | ||
| "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} | ||
|
|
||
| services: | ||
| # Make sure you have updated/checked the .env file with the correct variables. | ||
| # All the ${ xx } need to be defined there. | ||
| # Tailscale Sidecar Configuration | ||
| tailscale: | ||
| image: tailscale/tailscale:latest # Image to be used | ||
| container_name: tailscale-${SERVICE} # Name for local container management | ||
| hostname: ${SERVICE} # Name used within your Tailscale environment | ||
| environment: | ||
| - TS_AUTHKEY=${TS_AUTHKEY} | ||
| - TS_STATE_DIR=/var/lib/tailscale | ||
| - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required | ||
| - TS_USERSPACE=false | ||
| - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" | ||
| - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint | ||
| #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS | ||
| - TS_AUTH_ONCE=true | ||
| configs: | ||
| - source: ts-serve | ||
| target: /config/serve.json | ||
| volumes: | ||
| - ./config:/config # Config folder used to store Tailscale files - you may need to change the path | ||
| - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path | ||
| devices: | ||
| - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work | ||
| cap_add: | ||
| - net_admin # Tailscale requirement | ||
| #ports: | ||
| # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required | ||
| # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below | ||
| #dns: | ||
| # - ${DNS_SERVER} | ||
| healthcheck: | ||
| test: [ "CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz" ] # Check Tailscale has a Tailnet IP and is operational | ||
| interval: 1m # How often to perform the check | ||
| timeout: 10s # Time to wait for the check to succeed | ||
| retries: 3 # Number of retries before marking as unhealthy | ||
| start_period: 10s # Time to wait before starting health checks | ||
| restart: always | ||
|
|
||
| # ${SERVICE} | ||
| application: | ||
| image: ${IMAGE_URL} # Image to be used | ||
| network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale | ||
| container_name: app-${SERVICE} # Name for local container management | ||
| environment: | ||
| # Varibles are delared in .env file. | ||
| - DOCKGE_STACKS_DIR=${STACKS_DIR} # Tell Dockge where your stacks directory is | ||
| - PUID=${PUID} # Set the stack file/dir ownership to this user | ||
| - PGID=${PGID} # Set the stack file/dir ownership to this group | ||
| volumes: | ||
| - ./${SERVICE}-data/app/config:/app/data | ||
| - /var/run/docker.sock:/var/run/docker.sock | ||
| - ${STACKS_DIR}:${STACKS_DIR} | ||
| depends_on: | ||
| tailscale: | ||
| condition: service_healthy | ||
| restart: always |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| #version=1.1 | ||
| #URL=https://github.com/tailscale-dev/ScaleTail | ||
| #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. | ||
|
|
||
| # Service Configuration | ||
| SERVICE=radicale # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). | ||
| IMAGE_URL=tomsquest/docker-radicale # Docker image URL from container registry (e.g., adguard/adguard-home). | ||
|
|
||
| # Network Configuration | ||
| SERVICEPORT=5232 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. | ||
| DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. | ||
|
|
||
| # Tailscale Configuration | ||
| TS_AUTHKEY=... # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. | ||
|
|
||
| # Optional Service variables | ||
| # PUID=1000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # Radicale with Tailscale Sidecar Configuration | ||
|
|
||
| This Docker Compose configuration sets up [Radicale](https://radicale.org/) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. | ||
|
|
||
| ## Radicale | ||
|
|
||
| [Radicale](https://radicale.org/) is a small but powerful CalDAV (calendars, to-do lists) and CardDAV (contacts) server. It is lightweight, easy to configure, and requires minimal resources, making it a great self-hosted alternative to cloud-based calendar and contact sync services. | ||
|
|
||
| ## Key Features | ||
|
|
||
| - CalDAV and CardDAV support for syncing calendars, to-do lists, and contacts | ||
| - Works with any compliant client (Thunderbird, GNOME Calendar, DAVx5, Apple Calendar, etc.) | ||
| - Lightweight with minimal resource usage | ||
| - Simple file-based storage | ||
| - Web interface for managing collections | ||
| - Built-in access control and authentication | ||
|
|
||
| ## Configuration Overview | ||
|
|
||
| In this setup, the `tailscale-radicale` service runs Tailscale, which manages secure networking for Radicale. The `radicale` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. | ||
|
|
||
| The container runs with hardened security settings: read-only filesystem, no new privileges, dropped capabilities, and resource limits (256M memory, 50 pids). | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| - This image uses [tomsquest/docker-radicale](https://github.com/tomsquest/docker-radicale). Refer to their documentation for advanced configuration options. | ||
| - To configure users and authentication, mount a custom config file or refer to the [Radicale documentation](https://radicale.org/v3.html#configuration). | ||
|
|
||
| ## Files to check | ||
|
|
||
| Please check the following contents for validity as some variables need to be defined upfront. | ||
|
|
||
| - `.env` // Main variable: `TS_AUTHKEY` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| configs: | ||
| ts-serve: | ||
| content: | | ||
| {"TCP":{"443":{"HTTPS":true}}, | ||
| "Web":{"$${TS_CERT_DOMAIN}:443": | ||
| {"Handlers":{"/": | ||
| {"Proxy":"http://127.0.0.1:5232"}}}}, | ||
| "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} | ||
|
|
||
| services: | ||
| # Make sure you have updated/checked the .env file with the correct variables. | ||
| # All the ${ xx } need to be defined there. | ||
| # Tailscale Sidecar Configuration | ||
| tailscale: | ||
| image: tailscale/tailscale:latest # Image to be used | ||
| container_name: tailscale-${SERVICE} # Name for local container management | ||
| hostname: ${SERVICE} # Name used within your Tailscale environment | ||
| environment: | ||
| - TS_AUTHKEY=${TS_AUTHKEY} | ||
| - TS_STATE_DIR=/var/lib/tailscale | ||
| - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required | ||
| - TS_USERSPACE=false | ||
| - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" | ||
| - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint | ||
| #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS | ||
| - TS_AUTH_ONCE=true | ||
| configs: | ||
| - source: ts-serve | ||
| target: /config/serve.json | ||
| volumes: | ||
| - ./config:/config # Config folder used to store Tailscale files - you may need to change the path | ||
| - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path | ||
| devices: | ||
| - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work | ||
| cap_add: | ||
| - net_admin # Tailscale requirement | ||
| #ports: | ||
| # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required | ||
| # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below | ||
| #dns: | ||
| # - ${DNS_SERVER} | ||
| healthcheck: | ||
| test: [ "CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz" ] # Check Tailscale has a Tailnet IP and is operational | ||
| interval: 1m # How often to perform the check | ||
| timeout: 10s # Time to wait for the check to succeed | ||
| retries: 3 # Number of retries before marking as unhealthy | ||
| start_period: 10s # Time to wait before starting health checks | ||
| restart: always | ||
|
|
||
| # ${SERVICE} | ||
| application: | ||
| image: ${IMAGE_URL} # Image to be used | ||
| network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale | ||
| container_name: app-${SERVICE} # Name for local container management | ||
| environment: | ||
| - TAKE_FILE_OWNERSHIP=true | ||
| volumes: | ||
| - ./${SERVICE}-data/app/data:/data | ||
| command: ["/venv/bin/radicale", "--storage-filesystem-folder", "/data/collections"] | ||
| depends_on: | ||
| tailscale: | ||
| condition: service_healthy | ||
| healthcheck: | ||
| test: | ||
| - CMD-SHELL | ||
| - wget -qO- http://127.0.0.1:5232/.well-known/carddav || exit 1 | ||
| interval: 1m # How often to perform the check | ||
| timeout: 10s # Time to wait for the check to succeed | ||
| retries: 3 # Number of retries before marking as unhealthy | ||
| start_period: 30s # Time to wait before starting health checks | ||
| restart: always |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.