Added GitSave (#137)

Author: crypt0rr

README.md

@@ -90,7 +90,7 @@ If you would like to add your own config, you can use the [service-template](tem
 | 🗂️ **Copyparty**     | A self-hosted file server with accelerated resumable uploads.                                                                                                              | [Details](services/copyparty)     |
 | 💸 **Wallos**        | An open-source, self-hostable web app to track and manage your recurring subscriptions and expenses, with multi-currency support, customizable categories, and statistics. | [Details](services/wallos)        |
 | 🧑‍🧑‍🧒‍🧒 **Gramps Web** | A web-based genealogy platform for collaborative family tree browsing, editing, AI-powered chat, media tagging, mapping, charts, search, and reporting.                    | [Details](services/grampsweb)     |
-| **Subtrackr**           | A self-hosted web app to track subscriptions, renewal dates, costs, and payment methods.                                                                                   | [Details](services/subtrackr)     |
+| **Subtrackr**       | A self-hosted web app to track subscriptions, renewal dates, costs, and payment methods.                                                                                   | [Details](services/subtrackr)     |
 
 ### 📊 Dashboards and Visualization
 
@@ -101,19 +101,20 @@ If you would like to add your own config, you can use the [service-template](tem
 
 ### 🛠️ Development Tools
 
-| 🛠️ Service                | 📝 Description                                                                            | 🔗 Link                              |
-| ------------------------ | ---------------------------------------------------------------------------------------- | ----------------------------------- |
-| 🔧 **Cyberchef**          | A web app for encryption, encoding, compression, and data analysis.                      | [Details](services/cyberchef)       |
-| 🔍 **searXNG**            | A free internet metasearch engine which aggregates results from various search services. | [Details](services/searxng)         |
-| 🖥️ **Node-RED**           | A flow-based development tool for visual programming.                                    | [Details](services/nodered)         |
-| 🖥️ **IT-Tools**           | A collection of handy online tools for developers and sysadmins.                         | [Details](services/it-tools)        |
-| 🖥️ **Dozzle**             | A real-time log viewer for Docker containers.                                            | [Details](services/dozzle)          |
-| 🖥️ **Portainer**          | A lightweight management UI which allows you to easily manage your Docker environments.  | [Details](services/portainer)       |
-| 🖥️ **Gokapi**             | A lightweight self-hosted file sharing platform.                                         | [Details](services/gokapi)          |
-| 🖥️ **Homarr**             | A sleek dashboard for all your Homelab services.                                         | [Details](services/homarr)          |
-| 🖥️ **Changedetection.io** | A tool for monitoring website changes.                                                   | [Details](services/changedetection) |
-| 🛠️ **Coder**              | Self-hosted cloud dev environments with browser IDEs, Terraform-managed workspaces.      | [Details](services/coder)           |
-| 🔁 **FossFLOW**           | A self-hosted tool to make beautiful isometric infrastructure diagrams.                  | [Details](services/fossflow)        |
+| 🛠️ Service                | 📝 Description                                                                                       | 🔗 Link                              |
+| ------------------------ | --------------------------------------------------------------------------------------------------- | ----------------------------------- |
+| 🔧 **Cyberchef**          | A web app for encryption, encoding, compression, and data analysis.                                 | [Details](services/cyberchef)       |
+| 🔍 **searXNG**            | A free internet metasearch engine which aggregates results from various search services.            | [Details](services/searxng)         |
+| 🖥️ **Node-RED**           | A flow-based development tool for visual programming.                                               | [Details](services/nodered)         |
+| 🖥️ **IT-Tools**           | A collection of handy online tools for developers and sysadmins.                                    | [Details](services/it-tools)        |
+| 🖥️ **Dozzle**             | A real-time log viewer for Docker containers.                                                       | [Details](services/dozzle)          |
+| 🖥️ **Portainer**          | A lightweight management UI which allows you to easily manage your Docker environments.             | [Details](services/portainer)       |
+| 🖥️ **Gokapi**             | A lightweight self-hosted file sharing platform.                                                    | [Details](services/gokapi)          |
+| 🖥️ **Homarr**             | A sleek dashboard for all your Homelab services.                                                    | [Details](services/homarr)          |
+| 🖥️ **Changedetection.io** | A tool for monitoring website changes.                                                              | [Details](services/changedetection) |
+| 🛠️ **Coder**              | Self-hosted cloud dev environments with browser IDEs, Terraform-managed workspaces.                 | [Details](services/coder)           |
+| 🔁 **FossFLOW**           | A self-hosted tool to make beautiful isometric infrastructure diagrams.                             | [Details](services/fossflow)        |
+| **GitSave**              | A self-hosted service to back up your GitHub repositories via a simple REST API and scheduled runs. | [Details](services/gitsave)         |
 
 ### 📈 Monitoring and Analytics
 

services/gitsave/.env

@@ -0,0 +1,13 @@
+#version=1.0
+#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs
+#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra
+SERVICE=gitsave
+IMAGE_URL=timwitzdam/gitsave
+SERVICEPORT=3000
+TS_AUTHKEY=
+DNS_SERVER=9.9.9.9
+
+# You can generate a JWT_SECRET here: https://jwtsecrets.com/#generator
+JWT_SECRET="REPLACE_THIS"
+DISABLE_AUTH=false
+ENCRYPTION_SECRET="REPLACE_THIS_WITH_32_CHARACTERS_SECRET"

services/gitsave/README.md

@@ -0,0 +1,20 @@
+# GitSave with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up [**GitSave**](https://github.com/TimWitzdam/GitSave) with Tailscale as a sidecar container, enabling secure access to your self-hosted GitHub repository backup solution from anywhere on your private Tailscale network. With this setup, your GitSave instance remains fully private and accessible only from authorized devices.
+
+## GitSave
+
+[**GitSave**](https://github.com/TimWitzdam/GitSave) is a self-hosted tool for automatically backing up your GitHub repositories. It runs as a lightweight web service with a simple REST API and can be scheduled or triggered manually. Designed for developers, teams, and organizations who want to keep a secure copy of their code outside GitHub, GitSave ensures your projects remain safe and accessible under your own control.
+
+## Key Features
+
+* **Automated Backups** – Regularly back up all your GitHub repositories with minimal setup.
+* **REST API Interface** – Trigger backups or manage configurations programmatically.
+* **Simple Configuration** – Connect with your GitHub account via a personal access token.
+* **Dockerized Deployment** – Run in a containerized environment for easy setup and portability.
+* **Lightweight & Fast** – Written in Go for speed and efficiency with minimal resource usage.
+* **Self-Hosted & Secure** – Maintain full control of your backup data on your own infrastructure.
+
+## Configuration Overview
+
+In this deployment, the `tailscale-gitsave` service runs the Tailscale client to establish a secure private network. The `gitsave` container uses `network_mode: service:tailscale-gitsave` to route all traffic through the Tailscale interface. This ensures that your GitHub backup service and its API endpoints are only accessible via Tailscale, preventing public exposure.

services/gitsave/config/serve.json

@@ -0,0 +1,16 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:3000"
+        }
+      }
+    }
+  }
+}

services/gitsave/docker-compose.yml

@@ -0,0 +1,61 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+    volumes:
+      - ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ${PWD}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+    #ports:
+    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns: 
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+      - JWT_SECRET=${JWT_SECRET:?error}
+      - DISABLE_AUTH=${DISABLE_AUTH:?error}
+      - ENCRYPTION_SECRET=${ENCRYPTION_SECRET:?error}
+    volumes:
+      - ${PWD}/${SERVICE}-data/gitsave:/app/data
+      - ${PWD}/${SERVICE}-data/backups:/app/backups
+    depends_on:
+      tailscale:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always