Added Tandoor Recipes (New Service: Tandoor Recipes (#161)

Fixes #160)

Author: cdkooistra

README.md

@@ -149,6 +149,7 @@ If you would like to add your own config, you can use the [service-template](tem
 | 🥘 Service    | 📝 Description                                                                                            | 🔗 Link                     |
 | ------------ | -------------------------------------------------------------------------------------------------------- | -------------------------- |
 | 🥘 **Mealie** | A self-hosted recipe manager and meal planner with features like shopping lists, scaling, and importing. | [Details](services/mealie) |
+| 🥘 **Tandoor Recipes** | A self-hosted recipe manager that also serves as a meal planner that has features such as nutrient tracking, shopping lists, importing and AI. | [Details](services/tandoor) |
 
 ## Tailscale Information
 

services/tandoor/.env

@@ -0,0 +1,30 @@
+#version=1.0
+#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs
+#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra
+SERVICE=tandoor
+IMAGE_URL=vabene1111/recipes
+SERVICEPORT=9001
+TS_AUTHKEY=
+DNS_SERVER=9.9.9.9
+
+# Custom Tandoor Recipes - https://docs.tandoor.dev/install/docker/#docker-compose
+
+# Visit the docs to find more supported env variables - https://docs.tandoor.dev/system/configuration/
+
+# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
+SECRET_KEY=
+
+# allowed hosts (see documentation), should be set to your hostname(s) but might be * (default) for some proxies/providers
+ALLOWED_HOSTS=tandoor.yourtailnet.ts.net
+
+# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
+TZ=Europe/Amsterdam
+
+# Connection secret for postgres. You should change it to a random password
+# Please use only the characters `A-Za-z0-9`, without special characters or spaces
+DB_PASSWORD=postgres
+
+# The values below this line do not need to be changed
+###################################################################################
+DB_USERNAME=postgres
+DB_DATABASE_NAME=tandoor

services/tandoor/README.md

@@ -0,0 +1,18 @@
+# Tandoor Recipes with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up [**Tandoor Recipes**](https://github.com/TandoorRecipes/recipes) with Tailscale as a sidecar container, which enables a secure access to your personal recipe and meal planning platform from your Tailscale network. As with all other services inside this repository, your service stays fully private and accessible only to your authorized devices.
+
+## Tandoor Recipes
+
+[**Tandoor Recipes**](https://github.com/TandoorRecipes/recipes) is an application for managing recipes, planning meals, building shopping lists and much much more:
+
+- 🥗 **Manage your recipes** - Manage your ever growing recipe collection
+- 📆 **Plan** - multiple meals for each day
+- 🛒 **Shopping lists** - via the meal plan or straight from recipes
+- 🪄 **use AI** to recognize images, sort recipe steps, find nutrition facts and more
+- 📚 **Cookbooks** - collect recipes into books
+- 👪 **Share and collaborate** on recipes with friends and family
+
+## Configuration Overview
+
+In this setup, the `tailscale-tandoor` service runs Tailscale, which manages secure networking for the service. The `tandoor` service utilizes the Tailscale network stack via Docker's `network_mode: service:tailscale-tandoor` configuration. This setup ensures that tandoor's service is only accessible through the Tailscale network (or locally, if preferred), providing an extra layer of security and privacy for your service.

services/tandoor/config/serve.json

@@ -0,0 +1,16 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:9001"
+        }
+      }
+    }
+  }
+}

services/tandoor/docker-compose.yml

@@ -0,0 +1,81 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+    volumes:
+      - ./config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+    #ports:
+    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns: 
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=${TZ}
+      - TANDOOR_PORT=${SERVICEPORT}
+    volumes:
+      - ./${SERVICE}-data/staticfiles:/opt/recipes/statisfiles
+      - ./${SERVICE}-data/mediafiles:/opt/recipes/mediafiles
+    env_file:
+      - ./.env
+    depends_on:
+      tailscale:
+        condition: service_healthy
+      database:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always
+
+  database:
+    image: postgres:16-alpine
+    network_mode: service:tailscale
+    container_name: app-${SERVICE}-database
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+    volumes:
+      - ./${SERVICE}-data/database:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME} -d ${DB_DATABASE_NAME}"] # Check if postgres is ready
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always