ScaleTail/services/paperless/compose.yml at main · tailscale-dev/ScaleTail · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
configs:
  ts-serve:
    content: |
      {"TCP":{"443":{"HTTPS":true}},
      "Web":{"$${TS_CERT_DOMAIN}:443":
          {"Handlers":{"/":
          {"Proxy":"http://127.0.0.1:80"}}}},
      "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}}

services:
# Make sure you have updated/checked the .env file with the correct variables.
# All the ${ xx } need to be defined there.
  # Tailscale Sidecar Configuration
  tailscale:
    image: tailscale/tailscale:latest # Image to be used
    container_name: tailscale-${SERVICE} # Name for local container management
    hostname: ${SERVICE} # Name used within your Tailscale environment
    environment:
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
      - TS_USERSPACE=false
      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
      - TS_AUTH_ONCE=true
    configs:
      - source: ts-serve
        target: /config/serve.json
    volumes:
      - ./config:/config # Config folder used to store Tailscale files - you may need to change the path
      - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
    devices:
      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
    cap_add:
      - net_admin # Tailscale requirement
    #ports:
    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
    # dns:
    #   - ${DNS_SERVER}
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
      interval: 1m # How often to perform the check
      timeout: 10s # Time to wait for the check to succeed
      retries: 3 # Number of retries before marking as unhealthy
      start_period: 10s # Time to wait before starting health checks
    restart: always

  application:
    image: ${IMAGE_URL}
    network_mode: service:tailscale
    container_name: app-${SERVICE}
    depends_on:
      tailscale:
        condition: service_healthy
      db:
        condition: service_started
      broker:
        condition: service_started
    healthcheck:
      test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
      interval: 1m # How often to perform the check
      timeout: 10s # Time to wait for the check to succeed
      retries: 3 # Number of retries before marking as unhealthy
      start_period: 30s # Time to wait before starting health checks
    restart: always
    volumes:
      - ./${SERVICE}-data/data:/usr/src/paperless/data
      - ./${SERVICE}-data/media:/usr/src/paperless/media
      - ./${SERVICE}-data/export:/usr/src/paperless/export
      - ./${SERVICE}-data/consume:/usr/src/paperless/consume
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Amsterdam
      - PAPERLESS_TIME_ZONE=${PAPERLESS_TIME_ZONE}
      - PAPERLESS_OCR_LANGUAGE=${PAPERLESS_OCR_LANGUAGE}
      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
      - PAPERLESS_PORT=80
      - PAPERLESS_PROXY_SSL_HEADER=["HTTP_X_FORWARDED_PROTO", "https"]
      - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER}
      - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD}
      - PAPERLESS_REDIS=redis://broker:6379
      - PAPERLESS_DBHOST=db
  db:
    image: docker.io/library/postgres:18
    container_name: app-${SERVICE}-db # Name for local container management
    restart: always
    volumes:
      - ./${SERVICE}-data/pgdata:/var/lib/postgresql
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Amsterdam
      - POSTGRES_DB=paperless
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
  broker:
    image: docker.io/library/redis:8
    container_name: app-${SERVICE}-broker # Name for local container management
    restart: always
    volumes:
      - ./${SERVICE}-data/redisdata:/data
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Amsterdam