Added Pingvin-Share (#38)

README.md

@@ -22,6 +22,7 @@ If you would like to add your own config, you can use the [service-template](tem
 - [NextCloud](services/nextcloud)
 - [Node-RED](services/nodered)
 - [Pi-hole](services/pihole)
+- [Pingvin Share](services/pingvin-share/)
 - [Plex](services/plex)
 - [Portainer](services/portainer)
 - [Radarr](services/radarr)

services/pingvin-share/.env

@@ -0,0 +1,8 @@
+#version=1.0
+#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs
+#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra
+SERVICE=pingvin-share
+IMAGE_URL=stonith404/pingvin-share
+SERVICEPORT=3000
+TS_AUTHKEY= //Insert Tailscale key here from the Admin Portal
+DNS_SERVER=1.1.1.1

services/pingvin-share/README.md

@@ -0,0 +1,11 @@
+# Pingvin Share with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up [Pingvin Share](https://github.com/stonith404/pingvin-share) with Tailscale as a sidecar container to securely share files over a private Tailscale network. By using Tailscale in a sidecar configuration, you can ensure your file-sharing instance is accessible only within your Tailscale network, providing enhanced security and privacy.
+
+## Pingvin Share
+
+[Pingvin Share](https://github.com/stonith404/pingvin-share) is a simple, open-source file-sharing application designed to make sharing files quick, easy, and efficient. It supports drag-and-drop uploads, expiring links, and a user-friendly web interface. With this setup, Tailscale ensures that your Pingvin Share instance remains secure and private, limiting access to only authorized devices on your Tailscale network.
+
+## Configuration Overview
+
+In this setup, the `tailscale-pingvin` service runs Tailscale, which manages secure networking for the Pingvin Share service. The `pingvin-share` service uses the Tailscale network stack via Docker's `network_mode: service:` configuration. This ensures that Pingvin Share’s web interface and file-sharing capabilities are only accessible through the Tailscale network (or locally, if preferred), providing an extra layer of security and privacy for your self-hosted file-sharing needs.

services/pingvin-share/config/serve.json

@@ -0,0 +1,16 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:3000" 
+        }
+      }
+    }
+  }
+}

services/pingvin-share/docker-compose.yml

@@ -0,0 +1,53 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: ${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+    volumes:
+      - ${PWD}/${SERVICE}/ts/config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ${PWD}/${SERVICE}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+      - sys_module # Tailscale requirement
+    ports:
+      - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    # dns: 
+    #   - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "tailscale", "status"] # Check if Tailscale is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    environment:
+      - TRUST_PROXY=false # Set to true if a reverse proxy is in front of the container
+      - TZ=Europe/Amsterdam
+    volumes:
+      - ${PWD}/${SERVICE}/data:/opt/app/backend/data
+      - ${PWD}/${SERVICE}/images:/opt/app/frontend/public/img
+    depends_on:
+      - tailscale
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "caddy"] # Check if ${SERVICE} process is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always