diff --git a/README.md b/README.md index f5556ea..94e523a 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ If you would like to add your own config, you can use the [service-template](tem | 🗃️ **Vaultwarden** | An unofficial Bitwarden server implementation written in Rust. | [Details](services/vaultwarden) | | 🌿 **Isley** | A self-hosted cannabis grow journal for tracking plants and managing grow data. | [Details](services/isley) | | ✂️ **ClipCascade** | A self-hosted clipboard manager for syncing and organizing clipboard history. | [Details](services/clipcascade) | +| 🔖 **Linkding** | A self-hosted bookmark manager to save and organize links. | [Details](services/linkding) | ### Development Tools diff --git a/services/linkding/.env b/services/linkding/.env new file mode 100644 index 0000000..593e0ee --- /dev/null +++ b/services/linkding/.env @@ -0,0 +1,8 @@ +#version=1.0 +#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs +#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra +SERVICE=linkding +IMAGE_URL=sissbruecker/linkding +SERVICEPORT=9090 +TS_AUTHKEY= +DNS_SERVER=1.1.1.1 diff --git a/services/linkding/.linkding.env b/services/linkding/.linkding.env new file mode 100644 index 0000000..37fdbd5 --- /dev/null +++ b/services/linkding/.linkding.env @@ -0,0 +1,49 @@ +# Docker container name +#LD_CONTAINER_NAME=linkding +# Port on the host system that the application should be published on +#LD_HOST_PORT=9090 +# Directory on the host system that should be mounted as data dir into the Docker container +LD_HOST_DATA_DIR=./data + +# Can be used to run linkding under a context path, for example: linkding/ +# Must end with a slash `/` +LD_CONTEXT_PATH= +# Username of the initial superuser to create, leave empty to not create one +LD_SUPERUSER_NAME= +# Password for the initial superuser, leave empty to disable credentials authentication and rely on proxy authentication instead +LD_SUPERUSER_PASSWORD= +# Option to disable background tasks +LD_DISABLE_BACKGROUND_TASKS=False +# Option to disable URL validation for bookmarks completely +LD_DISABLE_URL_VALIDATION=False +# Enables support for authentication proxies such as Authelia +LD_ENABLE_AUTH_PROXY=False +# Name of the request header that the auth proxy passes to the application to identify the user +# See docs/Options.md for more details +LD_AUTH_PROXY_USERNAME_HEADER= +# The URL that linkding should redirect to after a logout, when using an auth proxy +# See docs/Options.md for more details +LD_AUTH_PROXY_LOGOUT_URL= +# List of trusted origins from which to accept POST requests +# See docs/Options.md for more details +LD_CSRF_TRUSTED_ORIGINS= + +# Database settings +# These are currently only required for configuring PostreSQL. +# By default, linkding uses SQLite for which you don't need to configure anything. + +# Database engine, can be sqlite (default) or postgres +LD_DB_ENGINE= +# Database name (default: linkding) +LD_DB_DATABASE= +# Username to connect to the database server (default: linkding) +LD_DB_USER= +# Password to connect to the database server +LD_DB_PASSWORD= +# The hostname where the database is hosted (default: localhost) +LD_DB_HOST= +# Port use to connect to the database server +# Should use the default port if not set +LD_DB_PORT= +# Any additional options to pass to the database (default: {}) +LD_DB_OPTIONS= \ No newline at end of file diff --git a/services/linkding/README.md b/services/linkding/README.md new file mode 100644 index 0000000..f59647d --- /dev/null +++ b/services/linkding/README.md @@ -0,0 +1,18 @@ +# Linkding with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Linkding](https://github.com/sissbruecker/linkding) with Tailscale as a sidecar container to securely manage and access your self-hosted bookmark manager over a private Tailscale network. By integrating Tailscale, you can ensure that your Linkding instance remains private and accessible only to authorized devices on your Tailscale network. + +## Linkding + +[Linkding](https://github.com/sissbruecker/linkding) is a lightweight, self-hosted bookmark manager designed to simplify saving and organizing links. It supports features like tagging, searching, and bookmark importing/exporting. It also includes a browser extension for quick access and management. With Tailscale, your Linkding instance is safeguarded, ensuring that your bookmarks are only accessible to you and authorized users within your private network. + +## Key Features + +- **Tagging and Search**: Organize and find bookmarks effortlessly with tags and a robust search feature. +- **Browser Integration**: Quickly save and manage bookmarks via browser extensions. +- **Self-Hosted Privacy**: Keep your bookmarks secure and private with a locally hosted solution. +- **Import/Export**: Easily migrate bookmarks to and from other services. + +## Configuration Overview + +In this setup, the `tailscale-linkding` service runs Tailscale, which manages secure networking for the Linkding service. The `linkding` service uses the Tailscale network stack via Docker's `network_mode: service:` configuration. This ensures that Linkding’s web interface is only accessible through the Tailscale network (or locally, if preferred), providing enhanced privacy and security for managing your bookmarks. diff --git a/services/linkding/config/serve.json b/services/linkding/config/serve.json new file mode 100644 index 0000000..3350f67 --- /dev/null +++ b/services/linkding/config/serve.json @@ -0,0 +1,16 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://127.0.0.1:9090" + } + } + } + } +} diff --git a/services/linkding/docker-compose.yml b/services/linkding/docker-compose.yml new file mode 100644 index 0000000..fc17725 --- /dev/null +++ b/services/linkding/docker-compose.yml @@ -0,0 +1,59 @@ +services: +# Make sure you have updated/checked the .env file with the correct variables. +# All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: ${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + volumes: + - ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path + - ${PWD}/${SERVICE}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + - sys_module # Tailscale requirement + ports: + - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + # dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + # ${SERVICE} + application: + image: ${IMAGE_URL} # Image to be used + network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale + container_name: app-${SERVICE} # Name for local container management + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + volumes: + - ${PWD}/${SERVICE}-data/data:/etc/linkding/data + env_file: + - .linkding.env + depends_on: + tailscale: + condition: service_healthy + healthcheck: + test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks + restart: always \ No newline at end of file