From 745624b87bf083903710e9c139aca4a88f7c8415 Mon Sep 17 00:00:00 2001 From: Michael H Date: Sun, 5 Apr 2026 17:27:21 +0100 Subject: [PATCH 01/27] compose.yml and .env added to paperless service. --- services/paperless/.env | 25 ++++++++ services/paperless/compose.yml | 103 +++++++++++++++++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 services/paperless/.env create mode 100644 services/paperless/compose.yml diff --git a/services/paperless/.env b/services/paperless/.env new file mode 100644 index 00000000..924a89b4 --- /dev/null +++ b/services/paperless/.env @@ -0,0 +1,25 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=paperless +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest + +# Network Configuration +SERVICEPORT=80 +DNS_SERVER=9.9.9.9 + +# Tailscale Configuration +TS_AUTHKEY= + +# Optional Service variables +# PUID=1000 + +PAPERLESS_TIME_ZONE=Europe/London +PAPERLESS_OCR_LANGUAGE=eng +PAPERLESS_SECRET_KEY='change this to any random sting' #https://docs.paperless-ngx.com/configuration/#PAPERLESS_SECRET_KEY +PAPERLESS_ADMIN_USER=admin +PAPERLESS_ADMIN_PASSWORD=changeme +POSTGRES_USER=paperless +POSTGRES_PASSWORD=paperless diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml new file mode 100644 index 00000000..9ccfe422 --- /dev/null +++ b/services/paperless/compose.yml @@ -0,0 +1,103 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:80"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: +# Make sure you have updated/checked the .env file with the correct variables. +# All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + # dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + application: + image: ${IMAGE_URL} + network_mode: service:tailscale + container_name: app-${SERVICE} + depends_on: + tailscale: + condition: service_healthy + db: + condition: service_started + broker: + condition: service_started + healthcheck: + test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks + restart: always + volumes: + - data:/usr/src/paperless/data + - media:/usr/src/paperless/media + - ./${SERVICE}-export/export:/usr/src/paperless/export + - ./${SERVICE}-consume/consume:/usr/src/paperless/consume + environment: + PAPERLESS_TIME_ZONE: ${PAPERLESS_TIME_ZONE} + PAPERLESS_OCR_LANGUAGE: ${PAPERLESS_OCR_LANGUAGE} + PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} + PAPERLESS_PORT: 80 + PAPERLESS_PROXY_SSL_HEADER: '["HTTP_X_FORWARDED_PROTO", "https"]' + PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER} + PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD} + PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_DBHOST: db + db: + image: docker.io/library/postgres:18 + container_name: app-${SERVICE}-db # Name for local container management + restart: always + volumes: + - pgdata:/var/lib/postgresql + environment: + POSTGRES_DB: paperless + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + broker: + image: docker.io/library/redis:8 + container_name: app-${SERVICE}-broker # Name for local container management + restart: always + volumes: + - redisdata:/data +volumes: + data: + media: + pgdata: + redisdata: From ed87cd33c264ef2e9d6b1f22f59324e0741b4610 Mon Sep 17 00:00:00 2001 From: Michael H Date: Sun, 5 Apr 2026 17:36:32 +0100 Subject: [PATCH 02/27] Include paperless service README --- services/paperless/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 services/paperless/README.md diff --git a/services/paperless/README.md b/services/paperless/README.md new file mode 100644 index 00000000..c41e6105 --- /dev/null +++ b/services/paperless/README.md @@ -0,0 +1,12 @@ +# Paperless-ngx with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless-ngx.com/) with Tailscale as a sidecar container to securely deliver push notifications over a private Tailscale network. By integrating Tailscale in a sidecar configuration, you enhance the privacy and security of your ntfy instance, ensuring it is only accessible within your Tailscale network. + +## ntfy + +[Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. +## Configuration Overview + +In this setup, the `tailscale-paperless` service runs the Tailscale daemon to provide secure, private networking. The `paperless` service is configured to use Tailscale’s network stack via Docker’s `network_mode: service:` syntax. This binds Paperless network interface to the Tailscale container, making the service available only through your Tailscale network (or locally, if needed). + +This architecture is ideal for self-hosters who want to send and receive notifications from anywhere without exposing Paperless-ngx to the internet, maintaining both ease of access and strict privacy controls. From 8ae55d89ef43dda0b14d622a3fadbca04e811690 Mon Sep 17 00:00:00 2001 From: Michael H Date: Sun, 5 Apr 2026 17:45:26 +0100 Subject: [PATCH 03/27] Error paperless service README --- services/paperless/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless/README.md b/services/paperless/README.md index c41e6105..a25f63ff 100644 --- a/services/paperless/README.md +++ b/services/paperless/README.md @@ -2,7 +2,7 @@ This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless-ngx.com/) with Tailscale as a sidecar container to securely deliver push notifications over a private Tailscale network. By integrating Tailscale in a sidecar configuration, you enhance the privacy and security of your ntfy instance, ensuring it is only accessible within your Tailscale network. -## ntfy +## Paperless-ngx [Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. ## Configuration Overview From 822a8dfa07fea4d7fdd501cf6b58dc80ff18fab7 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 16:34:03 +0100 Subject: [PATCH 04/27] Add PUID, GUID to environment. Align environment variables with template format --- services/paperless/compose.yml | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml index 9ccfe422..2972e016 100644 --- a/services/paperless/compose.yml +++ b/services/paperless/compose.yml @@ -71,15 +71,18 @@ services: - ./${SERVICE}-export/export:/usr/src/paperless/export - ./${SERVICE}-consume/consume:/usr/src/paperless/consume environment: - PAPERLESS_TIME_ZONE: ${PAPERLESS_TIME_ZONE} - PAPERLESS_OCR_LANGUAGE: ${PAPERLESS_OCR_LANGUAGE} - PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} - PAPERLESS_PORT: 80 - PAPERLESS_PROXY_SSL_HEADER: '["HTTP_X_FORWARDED_PROTO", "https"]' - PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER} - PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD} - PAPERLESS_REDIS: redis://broker:6379 - PAPERLESS_DBHOST: db + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + - PAPERLESS_TIME_ZONE=${PAPERLESS_TIME_ZONE} + - PAPERLESS_OCR_LANGUAGE=${PAPERLESS_OCR_LANGUAGE} + - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY} + - PAPERLESS_PORT=80 + - PAPERLESS_PROXY_SSL_HEADER=["HTTP_X_FORWARDED_PROTO", "https"] + - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER} + - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD} + - PAPERLESS_REDIS=redis://broker:6379 + - PAPERLESS_DBHOST=db db: image: docker.io/library/postgres:18 container_name: app-${SERVICE}-db # Name for local container management @@ -87,15 +90,22 @@ services: volumes: - pgdata:/var/lib/postgresql environment: - POSTGRES_DB: paperless - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + - POSTGRES_DB=paperless + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} broker: image: docker.io/library/redis:8 container_name: app-${SERVICE}-broker # Name for local container management restart: always volumes: - redisdata:/data + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam volumes: data: media: From 24686d6c2c1dc1728c6146f5414c9acace125dc8 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 21:35:14 +0100 Subject: [PATCH 05/27] Remove volumes and incorporate the local storage principle as outlined in templates. --- services/paperless/compose.yml | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml index 2972e016..9b5b125b 100644 --- a/services/paperless/compose.yml +++ b/services/paperless/compose.yml @@ -66,10 +66,10 @@ services: start_period: 30s # Time to wait before starting health checks restart: always volumes: - - data:/usr/src/paperless/data - - media:/usr/src/paperless/media - - ./${SERVICE}-export/export:/usr/src/paperless/export - - ./${SERVICE}-consume/consume:/usr/src/paperless/consume + - ./${SERVICE}-data/data:/usr/src/paperless/data + - ./${SERVICE}-data/media:/usr/src/paperless/media + - ./${SERVICE}-data/export:/usr/src/paperless/export + - ./${SERVICE}-data/consume:/usr/src/paperless/consume environment: - PUID=1000 - PGID=1000 @@ -88,7 +88,7 @@ services: container_name: app-${SERVICE}-db # Name for local container management restart: always volumes: - - pgdata:/var/lib/postgresql + - ./${SERVICE}-data/pgdata:/var/lib/postgresql environment: - PUID=1000 - PGID=1000 @@ -101,13 +101,8 @@ services: container_name: app-${SERVICE}-broker # Name for local container management restart: always volumes: - - redisdata:/data + - ./${SERVICE}-data/redisdata:/data environment: - PUID=1000 - PGID=1000 - TZ=Europe/Amsterdam -volumes: - data: - media: - pgdata: - redisdata: From 216de0891639677a9666589f57ce4ee20cc2915d Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 21:41:18 +0100 Subject: [PATCH 06/27] Restored comments. --- services/paperless/.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/paperless/.env b/services/paperless/.env index 924a89b4..d980b989 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest +SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT=80 -DNS_SERVER=9.9.9.9 +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables # PUID=1000 From 534c6dc27791835123ad47e04ee31634de994230 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:10:15 +0100 Subject: [PATCH 07/27] Place TZ in .env --- templates/service-template/.env | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/service-template/.env b/templates/service-template/.env index 5673aa7c..6d18cc53 100644 --- a/templates/service-template/.env +++ b/templates/service-template/.env @@ -15,3 +15,6 @@ TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://t # Optional Service variables # PUID=1000 + +# Time Zone for container +TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones From 242a5e2a1f381c12d93ee9f62ccc4cb077f3b691 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:11:14 +0100 Subject: [PATCH 08/27] Add TZ variable to environment. --- templates/service-template/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/service-template/compose.yaml b/templates/service-template/compose.yaml index f669ba2f..28ec95fb 100644 --- a/templates/service-template/compose.yaml +++ b/templates/service-template/compose.yaml @@ -55,7 +55,7 @@ services: environment: - PUID=1000 - PGID=1000 - - TZ=Europe/Amsterdam + - TZ=${TZ} volumes: - ./${SERVICE}-data/app/config:/config depends_on: From e853e86ed71c3f3db5d0ef417d4c45e4e7757f54 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:47:36 +0100 Subject: [PATCH 09/27] Revert "Restored comments." This reverts commit 216de0891639677a9666589f57ce4ee20cc2915d. --- services/paperless/.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/paperless/.env b/services/paperless/.env index d980b989..924a89b4 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). +SERVICE=paperless +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Network Configuration -SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. -DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. +SERVICEPORT=80 +DNS_SERVER=9.9.9.9 # Tailscale Configuration -TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. +TS_AUTHKEY= # Optional Service variables # PUID=1000 From 5fb8e45c645b9a7c66be33e90bd9ed054662d8b5 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:59:28 +0100 Subject: [PATCH 10/27] Restore Comments --- services/paperless/.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/paperless/.env b/services/paperless/.env index 924a89b4..d980b989 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest +SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT=80 -DNS_SERVER=9.9.9.9 +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables # PUID=1000 From d424bcae8fc9ef512713af51f9f5f13343d1981b Mon Sep 17 00:00:00 2001 From: Michael H Date: Tue, 7 Apr 2026 10:03:38 +0100 Subject: [PATCH 11/27] Revert --- README.md | 7 +++++++ services/paperless/.env | 10 +++++----- services/paperless/compose.yml | 17 ++++++----------- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 7644830d..973d066f 100644 --- a/README.md +++ b/README.md @@ -40,11 +40,18 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose docker compose up -d ``` +## Contributors + +A huge thank you to all our contributors! ScaleTail wouldn’t be what it is today without your time, effort, and ideas! + +[![Contributors](https://contrib.rocks/image?repo=tailscale-dev/scaletail)](https://github.com/tailscale-dev/scaletail/graphs/contributors) + ## Table of Contents - [ScaleTail - Secure Self-Hosting Made Simple](#scaletail---secure-self-hosting-made-simple) - [Featured by Tailscale](#featured-by-tailscale) - [Quick Start](#quick-start) + - [Contributors](#contributors) - [Table of Contents](#table-of-contents) - [Available Configurations](#available-configurations) - [🌐 Networking and Security](#-networking-and-security) diff --git a/services/paperless/.env b/services/paperless/.env index 924a89b4..d980b989 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest +SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT=80 -DNS_SERVER=9.9.9.9 +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables # PUID=1000 diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml index 2972e016..9b5b125b 100644 --- a/services/paperless/compose.yml +++ b/services/paperless/compose.yml @@ -66,10 +66,10 @@ services: start_period: 30s # Time to wait before starting health checks restart: always volumes: - - data:/usr/src/paperless/data - - media:/usr/src/paperless/media - - ./${SERVICE}-export/export:/usr/src/paperless/export - - ./${SERVICE}-consume/consume:/usr/src/paperless/consume + - ./${SERVICE}-data/data:/usr/src/paperless/data + - ./${SERVICE}-data/media:/usr/src/paperless/media + - ./${SERVICE}-data/export:/usr/src/paperless/export + - ./${SERVICE}-data/consume:/usr/src/paperless/consume environment: - PUID=1000 - PGID=1000 @@ -88,7 +88,7 @@ services: container_name: app-${SERVICE}-db # Name for local container management restart: always volumes: - - pgdata:/var/lib/postgresql + - ./${SERVICE}-data/pgdata:/var/lib/postgresql environment: - PUID=1000 - PGID=1000 @@ -101,13 +101,8 @@ services: container_name: app-${SERVICE}-broker # Name for local container management restart: always volumes: - - redisdata:/data + - ./${SERVICE}-data/redisdata:/data environment: - PUID=1000 - PGID=1000 - TZ=Europe/Amsterdam -volumes: - data: - media: - pgdata: - redisdata: From 14d6ab4d5363ad0ea685ecfc4de83e3e84bc6a33 Mon Sep 17 00:00:00 2001 From: Michael H Date: Tue, 7 Apr 2026 19:36:04 +0100 Subject: [PATCH 12/27] Revert changes made to template files. --- templates/service-template/.env | 3 --- templates/service-template/compose.yaml | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/templates/service-template/.env b/templates/service-template/.env index 6d18cc53..5673aa7c 100644 --- a/templates/service-template/.env +++ b/templates/service-template/.env @@ -15,6 +15,3 @@ TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://t # Optional Service variables # PUID=1000 - -# Time Zone for container -TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones diff --git a/templates/service-template/compose.yaml b/templates/service-template/compose.yaml index 28ec95fb..f669ba2f 100644 --- a/templates/service-template/compose.yaml +++ b/templates/service-template/compose.yaml @@ -55,7 +55,7 @@ services: environment: - PUID=1000 - PGID=1000 - - TZ=${TZ} + - TZ=Europe/Amsterdam volumes: - ./${SERVICE}-data/app/config:/config depends_on: From 3338b809acefe868936b36d12c96d60fd656307f Mon Sep 17 00:00:00 2001 From: Bart <57799908+crypt0rr@users.noreply.github.com> Date: Tue, 7 Apr 2026 21:10:38 +0200 Subject: [PATCH 13/27] Set SERVICEPORT to 80 in .env configuration --- services/paperless/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless/.env b/services/paperless/.env index d980b989..a9035b4d 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -7,7 +7,7 @@ SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +SERVICEPORT=80 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration From 082675a863914e68e59bec84dfb1f0febac95199 Mon Sep 17 00:00:00 2001 From: Michael H Date: Tue, 7 Apr 2026 22:14:02 +0100 Subject: [PATCH 14/27] Update to include paperless-ngx --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 973d066f..d7b78502 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod | 🎶 **Navidrome** | Your Personal Streaming Service self-hosted. | [Details](services/navidrome) | | 🎶 **Swing Music** | A fast, beautiful, self-hosted music streaming server for your local audio library. | [Details](services/swingmx) | | 🎬 **Seerr** | A request management and media discovery tool for Plex, Jellyfin and Emby. | [Details](services/seerr) | +| 📚 **Paperless-ngx** | An open-source document management system that transforms physical documents into a searchable archive. | [Details](services/paperless) | | 🎵 **Picard** | MusicBrainz Picard is a cross-platform music tagger for organizing and tagging music files. | [Details](services/picard) | | 🎬 **Plex** | A media server that organizes video, music, and photos from personal media libraries. | [Details](services/plex) | | 📥 **qBittorrent** | An open-source BitTorrent client. | [Details](services/qbittorrent) | From 6ecf74150326524ccd53644f7190c1560aac56bd Mon Sep 17 00:00:00 2001 From: Bart <57799908+crypt0rr@users.noreply.github.com> Date: Wed, 8 Apr 2026 06:18:36 +0200 Subject: [PATCH 15/27] Update README with Tailscale service configuration Added information about Tailscale integration for secure networking. --- services/paperless/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/services/paperless/README.md b/services/paperless/README.md index a25f63ff..afd80ebb 100644 --- a/services/paperless/README.md +++ b/services/paperless/README.md @@ -5,6 +5,7 @@ This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless ## Paperless-ngx [Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. + ## Configuration Overview In this setup, the `tailscale-paperless` service runs the Tailscale daemon to provide secure, private networking. The `paperless` service is configured to use Tailscale’s network stack via Docker’s `network_mode: service:` syntax. This binds Paperless network interface to the Tailscale container, making the service available only through your Tailscale network (or locally, if needed). From 18f1816fac618250c4fa76c87c27e3d90af1220a Mon Sep 17 00:00:00 2001 From: Michael H Date: Wed, 8 Apr 2026 10:56:27 +0100 Subject: [PATCH 16/27] Add audiobooks, podcasts and metadata volumes. --- services/audiobookshelf/compose.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/audiobookshelf/compose.yaml b/services/audiobookshelf/compose.yaml index 94b375af..debb2cb7 100644 --- a/services/audiobookshelf/compose.yaml +++ b/services/audiobookshelf/compose.yaml @@ -58,7 +58,10 @@ services: - TZ=Europe/Amsterdam volumes: - ./${SERVICE}-data/app/config:/config - depends_on: + - ./${SERVICE}-data/app/audiobooks:/audiobooks + - ./${SERVICE}-data/app/podcasts:/podcasts + - ./${SERVICE}-data/app/metadata:/metadata + depends_on: tailscale: condition: service_healthy healthcheck: From 038034817ab593c372853c6102048f72f4c1ac2c Mon Sep 17 00:00:00 2001 From: Michael H Date: Wed, 8 Apr 2026 13:28:30 +0100 Subject: [PATCH 17/27] Fix indentation. --- services/audiobookshelf/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/audiobookshelf/compose.yaml b/services/audiobookshelf/compose.yaml index debb2cb7..23ea681d 100644 --- a/services/audiobookshelf/compose.yaml +++ b/services/audiobookshelf/compose.yaml @@ -61,7 +61,7 @@ services: - ./${SERVICE}-data/app/audiobooks:/audiobooks - ./${SERVICE}-data/app/podcasts:/podcasts - ./${SERVICE}-data/app/metadata:/metadata - depends_on: + depends_on: tailscale: condition: service_healthy healthcheck: From 2a1749c4dba734f56df6c21d74d235b9315ddf9a Mon Sep 17 00:00:00 2001 From: Michael H Date: Thu, 9 Apr 2026 12:30:07 +0100 Subject: [PATCH 18/27] New service Rustdesk server --- services/rustdesk-server/.env | 23 ++++++++ services/rustdesk-server/README.md | 27 +++++++++ services/rustdesk-server/compose.yml | 82 ++++++++++++++++++++++++++++ 3 files changed, 132 insertions(+) create mode 100644 services/rustdesk-server/.env create mode 100644 services/rustdesk-server/README.md create mode 100644 services/rustdesk-server/compose.yml diff --git a/services/rustdesk-server/.env b/services/rustdesk-server/.env new file mode 100644 index 00000000..0694314e --- /dev/null +++ b/services/rustdesk-server/.env @@ -0,0 +1,23 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=rustdesk-server # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=rustdesk/rustdesk-server:latest # Docker image URL from container registry (e.g., adguard/adguard-home). + +# Network Configuration +SERVICEPORT= 80 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Optional Service variables +# PUID=1000 + +# Time zone +TZ=Europe/Dublin + +# Always use the relay. As this is run in tailnet and relays arn't needed, this setting in most cases should remain off. +ALWAYS_USE_RELAY=N diff --git a/services/rustdesk-server/README.md b/services/rustdesk-server/README.md new file mode 100644 index 00000000..549b376c --- /dev/null +++ b/services/rustdesk-server/README.md @@ -0,0 +1,27 @@ +# Rustdesk Server with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Rustdesk Server](https://rustdesk.com/docs/en/) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. + +## Rustdesk Server + +[Rustdesk Server](https://rustdesk.com/docs/en/) information about the service. Explain what the app does in 2-3 sentences and why someone would pair it with Tailscale. + +## Configuration Overview + +In this setup, the `tailscale-rustdesk-server` service runs Tailscale, which manages secure networking for Rustdesk Server. The `Rustdesk Server` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. + +## Client setup + +- Service Configuration: The Rustdesk client public Key credentials are generated at first run and stored in the **id_ed25519.pub** file. This is found in the compose directory **./rustdesk-server-data/hbbs/** Clients can be setup using the --config switch. e.g. **rustdesk.exe --config "host=rustdesk.your-tailnet.ts,key=thetextfromkey"** or in the client Setting -> Network -> ID/Relay Server. There is no need to configure the relay or API server. + +- Links: + * https://github.com/rustdesk/rustdesk/discussions/7118 + * https://rustdesk.com/ + * https://rustdesk.com/docs/en/self-host/client-configuration/ + + +## Files to check + +Please check the following contents for validity as some variables need to be defined upfront. + +- `.env` // Main variable `TS_AUTHKEY` diff --git a/services/rustdesk-server/compose.yml b/services/rustdesk-server/compose.yml new file mode 100644 index 00000000..ac2318a1 --- /dev/null +++ b/services/rustdesk-server/compose.yml @@ -0,0 +1,82 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:80"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: +# Make sure you have updated/checked the .env file with the correct variables. +# All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + # ${SERVICE} + application: + image: ${IMAGE_URL} + container_name: app-${SERVICE}-hbbs # Name for local container management + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + command: hbbs + volumes: + - ./${SERVICE}-data/hbbs:/root + environment: + - PUID=1000 + - PGID=1000 + - TZ=${TZ} + - ALWAYS_USE_RELAY=${ALWAYS_USE_RELAY} + depends_on: + tailscale: + condition: service_healthy + hbbr: + condition: service_started + restart: always + + hbbr: + image: ${IMAGE_URL} + container_name: app-${SERVICE}-hbbr # Name for local container management + command: hbbr + volumes: + - ./${SERVICE}-data/hbbr:/root + environment: + - PUID=1000 + - PGID=1000 + - TZ=${TZ} + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + # network_mode: "host" + restart: always From c0f53f1322bbc3e445335210ad264549da3e23d4 Mon Sep 17 00:00:00 2001 From: Michael H Date: Thu, 9 Apr 2026 12:40:03 +0100 Subject: [PATCH 19/27] Update README to include Rustdesk Server --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7cf4a6bb..bf88dfd3 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,7 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod | 🗃️ **Netbox** | NetBox is the leading solution for modeling and documenting modern networks. | [Details](services/netbox) | | 🧩 **Pi-hole** | A network-level ad blocker that acts as a DNS sinkhole. | [Details](services/pihole) | | 🆔 **Pocket ID** | A self-hosted decentralized identity (OIDC) solution for secure authentication. | [Details](services/pocket-id) | +| 🌐 **Rustdesk Server** | RustDesk is an open source remote control alternative for self-hosting and security. | [Details](services/rustdesk-server)| | 🔒 **Technitium DNS** | An open-source DNS server that can be used for self-hosted DNS services. | [Details](services/technitium) | | 🌐 **Traefik** | A modern reverse proxy and load balancer for microservices. | [Details](services/traefik) | | 🚀 **Tailscale Exit Node** | Configure a device to act as an exit node for your Tailscale network. | [Details](services/tailscale-exit-node) | From b68000f1fd1ff4837cfed796039476fce3b007cd Mon Sep 17 00:00:00 2001 From: Michael H Date: Thu, 9 Apr 2026 13:44:43 +0100 Subject: [PATCH 20/27] Cleanup markdown --- services/rustdesk-server/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/services/rustdesk-server/README.md b/services/rustdesk-server/README.md index 549b376c..656a67f5 100644 --- a/services/rustdesk-server/README.md +++ b/services/rustdesk-server/README.md @@ -14,10 +14,10 @@ In this setup, the `tailscale-rustdesk-server` service runs Tailscale, which man - Service Configuration: The Rustdesk client public Key credentials are generated at first run and stored in the **id_ed25519.pub** file. This is found in the compose directory **./rustdesk-server-data/hbbs/** Clients can be setup using the --config switch. e.g. **rustdesk.exe --config "host=rustdesk.your-tailnet.ts,key=thetextfromkey"** or in the client Setting -> Network -> ID/Relay Server. There is no need to configure the relay or API server. -- Links: - * https://github.com/rustdesk/rustdesk/discussions/7118 - * https://rustdesk.com/ - * https://rustdesk.com/docs/en/self-host/client-configuration/ +- Links: + - [Client setup](https://github.com/rustdesk/rustdesk/discussions/7118) + - [Rustdesk](https://rustdesk.com/) + - [Client Configuration](https://rustdesk.com/docs/en/self-host/client-configuration/) ## Files to check From 451b8547686f91f1553bf3325d399400cabe8b31 Mon Sep 17 00:00:00 2001 From: Michael H Date: Thu, 9 Apr 2026 13:46:51 +0100 Subject: [PATCH 21/27] Cleanup markdown --- services/rustdesk-server/README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/services/rustdesk-server/README.md b/services/rustdesk-server/README.md index 656a67f5..fc0071b5 100644 --- a/services/rustdesk-server/README.md +++ b/services/rustdesk-server/README.md @@ -14,11 +14,10 @@ In this setup, the `tailscale-rustdesk-server` service runs Tailscale, which man - Service Configuration: The Rustdesk client public Key credentials are generated at first run and stored in the **id_ed25519.pub** file. This is found in the compose directory **./rustdesk-server-data/hbbs/** Clients can be setup using the --config switch. e.g. **rustdesk.exe --config "host=rustdesk.your-tailnet.ts,key=thetextfromkey"** or in the client Setting -> Network -> ID/Relay Server. There is no need to configure the relay or API server. -- Links: - - [Client setup](https://github.com/rustdesk/rustdesk/discussions/7118) - - [Rustdesk](https://rustdesk.com/) - - [Client Configuration](https://rustdesk.com/docs/en/self-host/client-configuration/) - +Links: +- [Client setup](https://github.com/rustdesk/rustdesk/discussions/7118) +- [Rustdesk](https://rustdesk.com/) +- [Client Configuration](https://rustdesk.com/docs/en/self-host/client-configuration/) ## Files to check From 9606a1c5814d5be5e027be7ee56f011b8be67375 Mon Sep 17 00:00:00 2001 From: Michael H Date: Thu, 9 Apr 2026 13:48:36 +0100 Subject: [PATCH 22/27] Cleanup list markdown --- services/rustdesk-server/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/services/rustdesk-server/README.md b/services/rustdesk-server/README.md index fc0071b5..bd8ed484 100644 --- a/services/rustdesk-server/README.md +++ b/services/rustdesk-server/README.md @@ -15,6 +15,7 @@ In this setup, the `tailscale-rustdesk-server` service runs Tailscale, which man - Service Configuration: The Rustdesk client public Key credentials are generated at first run and stored in the **id_ed25519.pub** file. This is found in the compose directory **./rustdesk-server-data/hbbs/** Clients can be setup using the --config switch. e.g. **rustdesk.exe --config "host=rustdesk.your-tailnet.ts,key=thetextfromkey"** or in the client Setting -> Network -> ID/Relay Server. There is no need to configure the relay or API server. Links: + - [Client setup](https://github.com/rustdesk/rustdesk/discussions/7118) - [Rustdesk](https://rustdesk.com/) - [Client Configuration](https://rustdesk.com/docs/en/self-host/client-configuration/) From 27127c7e9afd78df3141da246ea02febf216c656 Mon Sep 17 00:00:00 2001 From: michaelhodges Date: Thu, 9 Apr 2026 16:36:26 +0100 Subject: [PATCH 23/27] Delete services/audiobookshelf/compose.yaml --- services/audiobookshelf/compose.yaml | 73 ---------------------------- 1 file changed, 73 deletions(-) delete mode 100644 services/audiobookshelf/compose.yaml diff --git a/services/audiobookshelf/compose.yaml b/services/audiobookshelf/compose.yaml deleted file mode 100644 index 23ea681d..00000000 --- a/services/audiobookshelf/compose.yaml +++ /dev/null @@ -1,73 +0,0 @@ -configs: - ts-serve: - content: | - {"TCP":{"443":{"HTTPS":true}}, - "Web":{"$${TS_CERT_DOMAIN}:443": - {"Handlers":{"/": - {"Proxy":"http://127.0.0.1:80"}}}}, - "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} - -services: -# Make sure you have updated/checked the .env file with the correct variables. -# All the ${ xx } need to be defined there. - # Tailscale Sidecar Configuration - tailscale: - image: tailscale/tailscale:latest # Image to be used - container_name: tailscale-${SERVICE} # Name for local container management - hostname: ${SERVICE} # Name used within your Tailscale environment - environment: - - TS_AUTHKEY=${TS_AUTHKEY} - - TS_STATE_DIR=/var/lib/tailscale - - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required - - TS_USERSPACE=false - - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" - - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint - #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS - - TS_AUTH_ONCE=true - configs: - - source: ts-serve - target: /config/serve.json - volumes: - - ./config:/config # Config folder used to store Tailscale files - you may need to change the path - - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path - devices: - - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work - cap_add: - - net_admin # Tailscale requirement - #ports: - # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required - # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below - # dns: - # - ${DNS_SERVER} - healthcheck: - test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational - interval: 1m # How often to perform the check - timeout: 10s # Time to wait for the check to succeed - retries: 3 # Number of retries before marking as unhealthy - start_period: 10s # Time to wait before starting health checks - restart: always - - # ${SERVICE} - application: - image: ${IMAGE_URL} # Image to be used - network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale - container_name: app-${SERVICE} # Name for local container management - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Amsterdam - volumes: - - ./${SERVICE}-data/app/config:/config - - ./${SERVICE}-data/app/audiobooks:/audiobooks - - ./${SERVICE}-data/app/podcasts:/podcasts - - ./${SERVICE}-data/app/metadata:/metadata - depends_on: - tailscale: - condition: service_healthy - healthcheck: - test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running - interval: 1m # How often to perform the check - timeout: 10s # Time to wait for the check to succeed - retries: 3 # Number of retries before marking as unhealthy - start_period: 30s # Time to wait before starting health checks - restart: always From 87ab68e2a4c87653b2be8d7d49520876628f0b0e Mon Sep 17 00:00:00 2001 From: michaelhodges Date: Thu, 9 Apr 2026 16:39:17 +0100 Subject: [PATCH 24/27] Update compose.yml --- services/rustdesk-server/compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/services/rustdesk-server/compose.yml b/services/rustdesk-server/compose.yml index ac2318a1..9ca8b0be 100644 --- a/services/rustdesk-server/compose.yml +++ b/services/rustdesk-server/compose.yml @@ -78,5 +78,4 @@ services: - PGID=1000 - TZ=${TZ} network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale - # network_mode: "host" restart: always From 109deb411af16f07a78ec352f1f54634f6621330 Mon Sep 17 00:00:00 2001 From: michaelhodges Date: Thu, 9 Apr 2026 16:47:13 +0100 Subject: [PATCH 25/27] Add files via upload --- services/audiobookshelf/compose.yaml | 70 ++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 services/audiobookshelf/compose.yaml diff --git a/services/audiobookshelf/compose.yaml b/services/audiobookshelf/compose.yaml new file mode 100644 index 00000000..94b375af --- /dev/null +++ b/services/audiobookshelf/compose.yaml @@ -0,0 +1,70 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:80"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: +# Make sure you have updated/checked the .env file with the correct variables. +# All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + # dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + # ${SERVICE} + application: + image: ${IMAGE_URL} # Image to be used + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE} # Name for local container management + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + volumes: + - ./${SERVICE}-data/app/config:/config + depends_on: + tailscale: + condition: service_healthy + healthcheck: + test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks + restart: always From 1cd68d65b728c96230170f8a58d6dd1a6e0556a4 Mon Sep 17 00:00:00 2001 From: michaelhodges Date: Thu, 9 Apr 2026 16:56:57 +0100 Subject: [PATCH 26/27] Update .env --- services/rustdesk-server/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/rustdesk-server/.env b/services/rustdesk-server/.env index 0694314e..334e02f3 100644 --- a/services/rustdesk-server/.env +++ b/services/rustdesk-server/.env @@ -7,7 +7,7 @@ SERVICE=rustdesk-server # Service name (e.g., adguard). Used as hostname in Tail IMAGE_URL=rustdesk/rustdesk-server:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT= 80 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +SERVICEPORT=80 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration From c5963e507f862e219fcbddfd9262eefe1fd58877 Mon Sep 17 00:00:00 2001 From: Bart <57799908+crypt0rr@users.noreply.github.com> Date: Fri, 10 Apr 2026 22:36:08 +0200 Subject: [PATCH 27/27] Change time zone from Dublin to Amsterdam --- services/rustdesk-server/.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/rustdesk-server/.env b/services/rustdesk-server/.env index 334e02f3..446d11aa 100644 --- a/services/rustdesk-server/.env +++ b/services/rustdesk-server/.env @@ -17,7 +17,7 @@ TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://t # PUID=1000 # Time zone -TZ=Europe/Dublin +TZ=Europe/Amsterdam -# Always use the relay. As this is run in tailnet and relays arn't needed, this setting in most cases should remain off. +# Always use the relay. As this is run in tailnet and relays aren't needed, this setting in most cases should remain off. ALWAYS_USE_RELAY=N