From 745624b87bf083903710e9c139aca4a88f7c8415 Mon Sep 17 00:00:00 2001 From: Michael H Date: Sun, 5 Apr 2026 17:27:21 +0100 Subject: [PATCH 01/21] compose.yml and .env added to paperless service. --- services/paperless/.env | 25 ++++++++ services/paperless/compose.yml | 103 +++++++++++++++++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 services/paperless/.env create mode 100644 services/paperless/compose.yml diff --git a/services/paperless/.env b/services/paperless/.env new file mode 100644 index 00000000..924a89b4 --- /dev/null +++ b/services/paperless/.env @@ -0,0 +1,25 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE=paperless +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest + +# Network Configuration +SERVICEPORT=80 +DNS_SERVER=9.9.9.9 + +# Tailscale Configuration +TS_AUTHKEY= + +# Optional Service variables +# PUID=1000 + +PAPERLESS_TIME_ZONE=Europe/London +PAPERLESS_OCR_LANGUAGE=eng +PAPERLESS_SECRET_KEY='change this to any random sting' #https://docs.paperless-ngx.com/configuration/#PAPERLESS_SECRET_KEY +PAPERLESS_ADMIN_USER=admin +PAPERLESS_ADMIN_PASSWORD=changeme +POSTGRES_USER=paperless +POSTGRES_PASSWORD=paperless diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml new file mode 100644 index 00000000..9ccfe422 --- /dev/null +++ b/services/paperless/compose.yml @@ -0,0 +1,103 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:80"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: +# Make sure you have updated/checked the .env file with the correct variables. +# All the ${ xx } need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + # dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + application: + image: ${IMAGE_URL} + network_mode: service:tailscale + container_name: app-${SERVICE} + depends_on: + tailscale: + condition: service_healthy + db: + condition: service_started + broker: + condition: service_started + healthcheck: + test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 30s # Time to wait before starting health checks + restart: always + volumes: + - data:/usr/src/paperless/data + - media:/usr/src/paperless/media + - ./${SERVICE}-export/export:/usr/src/paperless/export + - ./${SERVICE}-consume/consume:/usr/src/paperless/consume + environment: + PAPERLESS_TIME_ZONE: ${PAPERLESS_TIME_ZONE} + PAPERLESS_OCR_LANGUAGE: ${PAPERLESS_OCR_LANGUAGE} + PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} + PAPERLESS_PORT: 80 + PAPERLESS_PROXY_SSL_HEADER: '["HTTP_X_FORWARDED_PROTO", "https"]' + PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER} + PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD} + PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_DBHOST: db + db: + image: docker.io/library/postgres:18 + container_name: app-${SERVICE}-db # Name for local container management + restart: always + volumes: + - pgdata:/var/lib/postgresql + environment: + POSTGRES_DB: paperless + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + broker: + image: docker.io/library/redis:8 + container_name: app-${SERVICE}-broker # Name for local container management + restart: always + volumes: + - redisdata:/data +volumes: + data: + media: + pgdata: + redisdata: From ed87cd33c264ef2e9d6b1f22f59324e0741b4610 Mon Sep 17 00:00:00 2001 From: Michael H Date: Sun, 5 Apr 2026 17:36:32 +0100 Subject: [PATCH 02/21] Include paperless service README --- services/paperless/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 services/paperless/README.md diff --git a/services/paperless/README.md b/services/paperless/README.md new file mode 100644 index 00000000..c41e6105 --- /dev/null +++ b/services/paperless/README.md @@ -0,0 +1,12 @@ +# Paperless-ngx with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless-ngx.com/) with Tailscale as a sidecar container to securely deliver push notifications over a private Tailscale network. By integrating Tailscale in a sidecar configuration, you enhance the privacy and security of your ntfy instance, ensuring it is only accessible within your Tailscale network. + +## ntfy + +[Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. +## Configuration Overview + +In this setup, the `tailscale-paperless` service runs the Tailscale daemon to provide secure, private networking. The `paperless` service is configured to use Tailscale’s network stack via Docker’s `network_mode: service:` syntax. This binds Paperless network interface to the Tailscale container, making the service available only through your Tailscale network (or locally, if needed). + +This architecture is ideal for self-hosters who want to send and receive notifications from anywhere without exposing Paperless-ngx to the internet, maintaining both ease of access and strict privacy controls. From 8ae55d89ef43dda0b14d622a3fadbca04e811690 Mon Sep 17 00:00:00 2001 From: Michael H Date: Sun, 5 Apr 2026 17:45:26 +0100 Subject: [PATCH 03/21] Error paperless service README --- services/paperless/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless/README.md b/services/paperless/README.md index c41e6105..a25f63ff 100644 --- a/services/paperless/README.md +++ b/services/paperless/README.md @@ -2,7 +2,7 @@ This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless-ngx.com/) with Tailscale as a sidecar container to securely deliver push notifications over a private Tailscale network. By integrating Tailscale in a sidecar configuration, you enhance the privacy and security of your ntfy instance, ensuring it is only accessible within your Tailscale network. -## ntfy +## Paperless-ngx [Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. ## Configuration Overview From 822a8dfa07fea4d7fdd501cf6b58dc80ff18fab7 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 16:34:03 +0100 Subject: [PATCH 04/21] Add PUID, GUID to environment. Align environment variables with template format --- services/paperless/compose.yml | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml index 9ccfe422..2972e016 100644 --- a/services/paperless/compose.yml +++ b/services/paperless/compose.yml @@ -71,15 +71,18 @@ services: - ./${SERVICE}-export/export:/usr/src/paperless/export - ./${SERVICE}-consume/consume:/usr/src/paperless/consume environment: - PAPERLESS_TIME_ZONE: ${PAPERLESS_TIME_ZONE} - PAPERLESS_OCR_LANGUAGE: ${PAPERLESS_OCR_LANGUAGE} - PAPERLESS_SECRET_KEY: ${PAPERLESS_SECRET_KEY} - PAPERLESS_PORT: 80 - PAPERLESS_PROXY_SSL_HEADER: '["HTTP_X_FORWARDED_PROTO", "https"]' - PAPERLESS_ADMIN_USER: ${PAPERLESS_ADMIN_USER} - PAPERLESS_ADMIN_PASSWORD: ${PAPERLESS_ADMIN_PASSWORD} - PAPERLESS_REDIS: redis://broker:6379 - PAPERLESS_DBHOST: db + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + - PAPERLESS_TIME_ZONE=${PAPERLESS_TIME_ZONE} + - PAPERLESS_OCR_LANGUAGE=${PAPERLESS_OCR_LANGUAGE} + - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY} + - PAPERLESS_PORT=80 + - PAPERLESS_PROXY_SSL_HEADER=["HTTP_X_FORWARDED_PROTO", "https"] + - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER} + - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD} + - PAPERLESS_REDIS=redis://broker:6379 + - PAPERLESS_DBHOST=db db: image: docker.io/library/postgres:18 container_name: app-${SERVICE}-db # Name for local container management @@ -87,15 +90,22 @@ services: volumes: - pgdata:/var/lib/postgresql environment: - POSTGRES_DB: paperless - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + - POSTGRES_DB=paperless + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} broker: image: docker.io/library/redis:8 container_name: app-${SERVICE}-broker # Name for local container management restart: always volumes: - redisdata:/data + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam volumes: data: media: From 24686d6c2c1dc1728c6146f5414c9acace125dc8 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 21:35:14 +0100 Subject: [PATCH 05/21] Remove volumes and incorporate the local storage principle as outlined in templates. --- services/paperless/compose.yml | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml index 2972e016..9b5b125b 100644 --- a/services/paperless/compose.yml +++ b/services/paperless/compose.yml @@ -66,10 +66,10 @@ services: start_period: 30s # Time to wait before starting health checks restart: always volumes: - - data:/usr/src/paperless/data - - media:/usr/src/paperless/media - - ./${SERVICE}-export/export:/usr/src/paperless/export - - ./${SERVICE}-consume/consume:/usr/src/paperless/consume + - ./${SERVICE}-data/data:/usr/src/paperless/data + - ./${SERVICE}-data/media:/usr/src/paperless/media + - ./${SERVICE}-data/export:/usr/src/paperless/export + - ./${SERVICE}-data/consume:/usr/src/paperless/consume environment: - PUID=1000 - PGID=1000 @@ -88,7 +88,7 @@ services: container_name: app-${SERVICE}-db # Name for local container management restart: always volumes: - - pgdata:/var/lib/postgresql + - ./${SERVICE}-data/pgdata:/var/lib/postgresql environment: - PUID=1000 - PGID=1000 @@ -101,13 +101,8 @@ services: container_name: app-${SERVICE}-broker # Name for local container management restart: always volumes: - - redisdata:/data + - ./${SERVICE}-data/redisdata:/data environment: - PUID=1000 - PGID=1000 - TZ=Europe/Amsterdam -volumes: - data: - media: - pgdata: - redisdata: From 216de0891639677a9666589f57ce4ee20cc2915d Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 21:41:18 +0100 Subject: [PATCH 06/21] Restored comments. --- services/paperless/.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/paperless/.env b/services/paperless/.env index 924a89b4..d980b989 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest +SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT=80 -DNS_SERVER=9.9.9.9 +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables # PUID=1000 From 534c6dc27791835123ad47e04ee31634de994230 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:10:15 +0100 Subject: [PATCH 07/21] Place TZ in .env --- templates/service-template/.env | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/service-template/.env b/templates/service-template/.env index 5673aa7c..6d18cc53 100644 --- a/templates/service-template/.env +++ b/templates/service-template/.env @@ -15,3 +15,6 @@ TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://t # Optional Service variables # PUID=1000 + +# Time Zone for container +TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones From 242a5e2a1f381c12d93ee9f62ccc4cb077f3b691 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:11:14 +0100 Subject: [PATCH 08/21] Add TZ variable to environment. --- templates/service-template/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/service-template/compose.yaml b/templates/service-template/compose.yaml index f669ba2f..28ec95fb 100644 --- a/templates/service-template/compose.yaml +++ b/templates/service-template/compose.yaml @@ -55,7 +55,7 @@ services: environment: - PUID=1000 - PGID=1000 - - TZ=Europe/Amsterdam + - TZ=${TZ} volumes: - ./${SERVICE}-data/app/config:/config depends_on: From e853e86ed71c3f3db5d0ef417d4c45e4e7757f54 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:47:36 +0100 Subject: [PATCH 09/21] Revert "Restored comments." This reverts commit 216de0891639677a9666589f57ce4ee20cc2915d. --- services/paperless/.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/paperless/.env b/services/paperless/.env index d980b989..924a89b4 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). +SERVICE=paperless +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Network Configuration -SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. -DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. +SERVICEPORT=80 +DNS_SERVER=9.9.9.9 # Tailscale Configuration -TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. +TS_AUTHKEY= # Optional Service variables # PUID=1000 From 5fb8e45c645b9a7c66be33e90bd9ed054662d8b5 Mon Sep 17 00:00:00 2001 From: Michael H Date: Mon, 6 Apr 2026 22:59:28 +0100 Subject: [PATCH 10/21] Restore Comments --- services/paperless/.env | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/paperless/.env b/services/paperless/.env index 924a89b4..d980b989 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest +SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT=80 -DNS_SERVER=9.9.9.9 +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables # PUID=1000 From d424bcae8fc9ef512713af51f9f5f13343d1981b Mon Sep 17 00:00:00 2001 From: Michael H Date: Tue, 7 Apr 2026 10:03:38 +0100 Subject: [PATCH 11/21] Revert --- README.md | 7 +++++++ services/paperless/.env | 10 +++++----- services/paperless/compose.yml | 17 ++++++----------- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 7644830d..973d066f 100644 --- a/README.md +++ b/README.md @@ -40,11 +40,18 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose docker compose up -d ``` +## Contributors + +A huge thank you to all our contributors! ScaleTail wouldn’t be what it is today without your time, effort, and ideas! + +[![Contributors](https://contrib.rocks/image?repo=tailscale-dev/scaletail)](https://github.com/tailscale-dev/scaletail/graphs/contributors) + ## Table of Contents - [ScaleTail - Secure Self-Hosting Made Simple](#scaletail---secure-self-hosting-made-simple) - [Featured by Tailscale](#featured-by-tailscale) - [Quick Start](#quick-start) + - [Contributors](#contributors) - [Table of Contents](#table-of-contents) - [Available Configurations](#available-configurations) - [🌐 Networking and Security](#-networking-and-security) diff --git a/services/paperless/.env b/services/paperless/.env index 924a89b4..d980b989 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=paperless -IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest +SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT=80 -DNS_SERVER=9.9.9.9 +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Optional Service variables # PUID=1000 diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml index 2972e016..9b5b125b 100644 --- a/services/paperless/compose.yml +++ b/services/paperless/compose.yml @@ -66,10 +66,10 @@ services: start_period: 30s # Time to wait before starting health checks restart: always volumes: - - data:/usr/src/paperless/data - - media:/usr/src/paperless/media - - ./${SERVICE}-export/export:/usr/src/paperless/export - - ./${SERVICE}-consume/consume:/usr/src/paperless/consume + - ./${SERVICE}-data/data:/usr/src/paperless/data + - ./${SERVICE}-data/media:/usr/src/paperless/media + - ./${SERVICE}-data/export:/usr/src/paperless/export + - ./${SERVICE}-data/consume:/usr/src/paperless/consume environment: - PUID=1000 - PGID=1000 @@ -88,7 +88,7 @@ services: container_name: app-${SERVICE}-db # Name for local container management restart: always volumes: - - pgdata:/var/lib/postgresql + - ./${SERVICE}-data/pgdata:/var/lib/postgresql environment: - PUID=1000 - PGID=1000 @@ -101,13 +101,8 @@ services: container_name: app-${SERVICE}-broker # Name for local container management restart: always volumes: - - redisdata:/data + - ./${SERVICE}-data/redisdata:/data environment: - PUID=1000 - PGID=1000 - TZ=Europe/Amsterdam -volumes: - data: - media: - pgdata: - redisdata: From 14d6ab4d5363ad0ea685ecfc4de83e3e84bc6a33 Mon Sep 17 00:00:00 2001 From: Michael H Date: Tue, 7 Apr 2026 19:36:04 +0100 Subject: [PATCH 12/21] Revert changes made to template files. --- templates/service-template/.env | 3 --- templates/service-template/compose.yaml | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/templates/service-template/.env b/templates/service-template/.env index 6d18cc53..5673aa7c 100644 --- a/templates/service-template/.env +++ b/templates/service-template/.env @@ -15,6 +15,3 @@ TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://t # Optional Service variables # PUID=1000 - -# Time Zone for container -TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones diff --git a/templates/service-template/compose.yaml b/templates/service-template/compose.yaml index 28ec95fb..f669ba2f 100644 --- a/templates/service-template/compose.yaml +++ b/templates/service-template/compose.yaml @@ -55,7 +55,7 @@ services: environment: - PUID=1000 - PGID=1000 - - TZ=${TZ} + - TZ=Europe/Amsterdam volumes: - ./${SERVICE}-data/app/config:/config depends_on: From 3338b809acefe868936b36d12c96d60fd656307f Mon Sep 17 00:00:00 2001 From: Bart <57799908+crypt0rr@users.noreply.github.com> Date: Tue, 7 Apr 2026 21:10:38 +0200 Subject: [PATCH 13/21] Set SERVICEPORT to 80 in .env configuration --- services/paperless/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/paperless/.env b/services/paperless/.env index d980b989..a9035b4d 100644 --- a/services/paperless/.env +++ b/services/paperless/.env @@ -7,7 +7,7 @@ SERVICE=paperless # Service name (e.g., adguard). Used as hostname in Tailscale IMAGE_URL=ghcr.io/paperless-ngx/paperless-ngx:latest # Docker image URL from container registry (e.g., adguard/adguard-home). # Network Configuration -SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +SERVICEPORT=80 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration From 082675a863914e68e59bec84dfb1f0febac95199 Mon Sep 17 00:00:00 2001 From: Michael H Date: Tue, 7 Apr 2026 22:14:02 +0100 Subject: [PATCH 14/21] Update to include paperless-ngx --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 973d066f..d7b78502 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod | 🎶 **Navidrome** | Your Personal Streaming Service self-hosted. | [Details](services/navidrome) | | 🎶 **Swing Music** | A fast, beautiful, self-hosted music streaming server for your local audio library. | [Details](services/swingmx) | | 🎬 **Seerr** | A request management and media discovery tool for Plex, Jellyfin and Emby. | [Details](services/seerr) | +| 📚 **Paperless-ngx** | An open-source document management system that transforms physical documents into a searchable archive. | [Details](services/paperless) | | 🎵 **Picard** | MusicBrainz Picard is a cross-platform music tagger for organizing and tagging music files. | [Details](services/picard) | | 🎬 **Plex** | A media server that organizes video, music, and photos from personal media libraries. | [Details](services/plex) | | 📥 **qBittorrent** | An open-source BitTorrent client. | [Details](services/qbittorrent) | From 6ecf74150326524ccd53644f7190c1560aac56bd Mon Sep 17 00:00:00 2001 From: Bart <57799908+crypt0rr@users.noreply.github.com> Date: Wed, 8 Apr 2026 06:18:36 +0200 Subject: [PATCH 15/21] Update README with Tailscale service configuration Added information about Tailscale integration for secure networking. --- services/paperless/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/services/paperless/README.md b/services/paperless/README.md index a25f63ff..afd80ebb 100644 --- a/services/paperless/README.md +++ b/services/paperless/README.md @@ -5,6 +5,7 @@ This Docker Compose configuration sets up [Paperless-ngx](https://docs.paperless ## Paperless-ngx [Paperless-ngx](https://docs.paperless-ngx.com) is a community-supported open-source document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper. + ## Configuration Overview In this setup, the `tailscale-paperless` service runs the Tailscale daemon to provide secure, private networking. The `paperless` service is configured to use Tailscale’s network stack via Docker’s `network_mode: service:` syntax. This binds Paperless network interface to the Tailscale container, making the service available only through your Tailscale network (or locally, if needed). From 18f1816fac618250c4fa76c87c27e3d90af1220a Mon Sep 17 00:00:00 2001 From: Michael H Date: Wed, 8 Apr 2026 10:56:27 +0100 Subject: [PATCH 16/21] Add audiobooks, podcasts and metadata volumes. --- services/audiobookshelf/compose.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/audiobookshelf/compose.yaml b/services/audiobookshelf/compose.yaml index 94b375af..debb2cb7 100644 --- a/services/audiobookshelf/compose.yaml +++ b/services/audiobookshelf/compose.yaml @@ -58,7 +58,10 @@ services: - TZ=Europe/Amsterdam volumes: - ./${SERVICE}-data/app/config:/config - depends_on: + - ./${SERVICE}-data/app/audiobooks:/audiobooks + - ./${SERVICE}-data/app/podcasts:/podcasts + - ./${SERVICE}-data/app/metadata:/metadata + depends_on: tailscale: condition: service_healthy healthcheck: From d6d5822971547c15f2da547151edd23f140eae00 Mon Sep 17 00:00:00 2001 From: Michael H Date: Wed, 8 Apr 2026 10:57:32 +0100 Subject: [PATCH 17/21] Move TZ environment variable to .env file --- templates/service-template/.env | 3 +++ templates/service-template/compose.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/service-template/.env b/templates/service-template/.env index 5673aa7c..db8ee529 100644 --- a/templates/service-template/.env +++ b/templates/service-template/.env @@ -15,3 +15,6 @@ TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://t # Optional Service variables # PUID=1000 + +#Time Zone +TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones diff --git a/templates/service-template/compose.yaml b/templates/service-template/compose.yaml index f669ba2f..28ec95fb 100644 --- a/templates/service-template/compose.yaml +++ b/templates/service-template/compose.yaml @@ -55,7 +55,7 @@ services: environment: - PUID=1000 - PGID=1000 - - TZ=Europe/Amsterdam + - TZ=${TZ} volumes: - ./${SERVICE}-data/app/config:/config depends_on: From 038034817ab593c372853c6102048f72f4c1ac2c Mon Sep 17 00:00:00 2001 From: Michael H Date: Wed, 8 Apr 2026 13:28:30 +0100 Subject: [PATCH 18/21] Fix indentation. --- services/audiobookshelf/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/audiobookshelf/compose.yaml b/services/audiobookshelf/compose.yaml index debb2cb7..23ea681d 100644 --- a/services/audiobookshelf/compose.yaml +++ b/services/audiobookshelf/compose.yaml @@ -61,7 +61,7 @@ services: - ./${SERVICE}-data/app/audiobooks:/audiobooks - ./${SERVICE}-data/app/podcasts:/podcasts - ./${SERVICE}-data/app/metadata:/metadata - depends_on: + depends_on: tailscale: condition: service_healthy healthcheck: From d15e26002b2f60dd84d6124b065ba0e6c7c668ab Mon Sep 17 00:00:00 2001 From: michaelhodges Date: Thu, 9 Apr 2026 16:50:55 +0100 Subject: [PATCH 19/21] Delete templates/service-template/.env --- templates/service-template/.env | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 templates/service-template/.env diff --git a/templates/service-template/.env b/templates/service-template/.env deleted file mode 100644 index db8ee529..00000000 --- a/templates/service-template/.env +++ /dev/null @@ -1,20 +0,0 @@ -#version=1.1 -#URL=https://github.com/tailscale-dev/ScaleTail -#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. - -# Service Configuration -SERVICE= # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). -IMAGE_URL= # Docker image URL from container registry (e.g., adguard/adguard-home). - -# Network Configuration -SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. -DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. - -# Tailscale Configuration -TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. - -# Optional Service variables -# PUID=1000 - -#Time Zone -TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones From 5b793930d501ff8f06b7203b6de6b6fc54851737 Mon Sep 17 00:00:00 2001 From: michaelhodges Date: Thu, 9 Apr 2026 16:52:31 +0100 Subject: [PATCH 20/21] Create .env --- templates/service-template/.env | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 templates/service-template/.env diff --git a/templates/service-template/.env b/templates/service-template/.env new file mode 100644 index 00000000..5673aa7c --- /dev/null +++ b/templates/service-template/.env @@ -0,0 +1,17 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE= # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +IMAGE_URL= # Docker image URL from container registry (e.g., adguard/adguard-home). + +# Network Configuration +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Optional Service variables +# PUID=1000 From 40e1b282c566e21ee77c98dae081d79f0931ddc7 Mon Sep 17 00:00:00 2001 From: michaelhodges Date: Thu, 9 Apr 2026 16:53:18 +0100 Subject: [PATCH 21/21] Update compose.yaml --- templates/service-template/compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/service-template/compose.yaml b/templates/service-template/compose.yaml index 28ec95fb..f669ba2f 100644 --- a/templates/service-template/compose.yaml +++ b/templates/service-template/compose.yaml @@ -55,7 +55,7 @@ services: environment: - PUID=1000 - PGID=1000 - - TZ=${TZ} + - TZ=Europe/Amsterdam volumes: - ./${SERVICE}-data/app/config:/config depends_on: