Added Linkding (#61)

README.md

@@ -46,6 +46,7 @@ If you would like to add your own config, you can use the [service-template](tem
 | 🗃️ **Vaultwarden**   | An unofficial Bitwarden server implementation written in Rust.                  | [Details](services/vaultwarden)    |
 | 🌿 **Isley**         | A self-hosted cannabis grow journal for tracking plants and managing grow data. | [Details](services/isley)          |
 | ✂️ **ClipCascade**   | A self-hosted clipboard manager for syncing and organizing clipboard history.   | [Details](services/clipcascade)    |
+| 🔖 **Linkding**      | A self-hosted bookmark manager to save and organize links.                      | [Details](services/linkding)       |
 
 ### Development Tools
 

services/linkding/.env

@@ -0,0 +1,8 @@
+#version=1.0
+#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs
+#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra
+SERVICE=linkding
+IMAGE_URL=sissbruecker/linkding
+SERVICEPORT=9090
+TS_AUTHKEY=
+DNS_SERVER=1.1.1.1

services/linkding/.linkding.env

@@ -0,0 +1,49 @@
+# Docker container name
+#LD_CONTAINER_NAME=linkding
+# Port on the host system that the application should be published on
+#LD_HOST_PORT=9090
+# Directory on the host system that should be mounted as data dir into the Docker container
+LD_HOST_DATA_DIR=./data
+
+# Can be used to run linkding under a context path, for example: linkding/
+# Must end with a slash `/`
+LD_CONTEXT_PATH=
+# Username of the initial superuser to create, leave empty to not create one
+LD_SUPERUSER_NAME=
+# Password for the initial superuser, leave empty to disable credentials authentication and rely on proxy authentication instead
+LD_SUPERUSER_PASSWORD=
+# Option to disable background tasks
+LD_DISABLE_BACKGROUND_TASKS=False
+# Option to disable URL validation for bookmarks completely
+LD_DISABLE_URL_VALIDATION=False
+# Enables support for authentication proxies such as Authelia
+LD_ENABLE_AUTH_PROXY=False
+# Name of the request header that the auth proxy passes to the application to identify the user
+# See docs/Options.md for more details
+LD_AUTH_PROXY_USERNAME_HEADER=
+# The URL that linkding should redirect to after a logout, when using an auth proxy
+# See docs/Options.md for more details
+LD_AUTH_PROXY_LOGOUT_URL=
+# List of trusted origins from which to accept POST requests
+# See docs/Options.md for more details
+LD_CSRF_TRUSTED_ORIGINS=
+
+# Database settings
+# These are currently only required for configuring PostreSQL.
+# By default, linkding uses SQLite for which you don't need to configure anything.
+
+# Database engine, can be sqlite (default) or postgres
+LD_DB_ENGINE=
+# Database name (default: linkding)
+LD_DB_DATABASE=
+# Username to connect to the database server  (default: linkding)
+LD_DB_USER=
+# Password to connect to the database server
+LD_DB_PASSWORD=
+# The hostname where the database is hosted (default: localhost)
+LD_DB_HOST=
+# Port use to connect to the database server
+# Should use the default port if not set
+LD_DB_PORT=
+# Any additional options to pass to the database (default: {})
+LD_DB_OPTIONS=

services/linkding/README.md

@@ -0,0 +1,18 @@
+# Linkding with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up [Linkding](https://github.com/sissbruecker/linkding) with Tailscale as a sidecar container to securely manage and access your self-hosted bookmark manager over a private Tailscale network. By integrating Tailscale, you can ensure that your Linkding instance remains private and accessible only to authorized devices on your Tailscale network.
+
+## Linkding
+
+[Linkding](https://github.com/sissbruecker/linkding) is a lightweight, self-hosted bookmark manager designed to simplify saving and organizing links. It supports features like tagging, searching, and bookmark importing/exporting. It also includes a browser extension for quick access and management. With Tailscale, your Linkding instance is safeguarded, ensuring that your bookmarks are only accessible to you and authorized users within your private network.
+
+## Key Features
+
+- **Tagging and Search**: Organize and find bookmarks effortlessly with tags and a robust search feature.
+- **Browser Integration**: Quickly save and manage bookmarks via browser extensions.
+- **Self-Hosted Privacy**: Keep your bookmarks secure and private with a locally hosted solution.
+- **Import/Export**: Easily migrate bookmarks to and from other services.
+
+## Configuration Overview
+
+In this setup, the `tailscale-linkding` service runs Tailscale, which manages secure networking for the Linkding service. The `linkding` service uses the Tailscale network stack via Docker's `network_mode: service:` configuration. This ensures that Linkding’s web interface is only accessible through the Tailscale network (or locally, if preferred), providing enhanced privacy and security for managing your bookmarks.

services/linkding/config/serve.json

@@ -0,0 +1,16 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:9090" 
+        }
+      }
+    }
+  }
+}

services/linkding/docker-compose.yml

@@ -0,0 +1,59 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: ${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+    volumes:
+      - ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ${PWD}/${SERVICE}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+      - sys_module # Tailscale requirement
+    ports:
+      - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    # dns: 
+    #   - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    volumes:
+      - ${PWD}/${SERVICE}-data/data:/etc/linkding/data
+    env_file:
+      - .linkding.env
+    depends_on:
+      tailscale:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always