Added Copyparty (#119)

* Added Copyparty

* Update README.md

---------

Co-authored-by: Jack Spiering <[email protected]>

Author: crypt0rr

README.md

@@ -86,6 +86,7 @@ If you would like to add your own config, you can use the [service-template](tem
 | 🗂️ **Kaneo**         | A modern, self-hosted project management platform focused on simplicity.                                    | [Details](services/kaneo)         |
 | 🗒️ **Karakeep**      | A self-hosted, collaborative note-taking app — a private alternative to Google Keep.                        | [Details](services/karakeep)      |
 | 📚 **Docmost**       | A self-hosted, real-time collaborative wiki with rich editing, diagrams, permissions, and full-text search. | [Details](services/docmost)       |
+| 🗂️ **Copyparty**     | A self-hosted file server with accelerated resumable uploads.                                               | [Details](services/copyparty/)    |
 
 ### 📊 Dashboards and Visualization
 

services/copyparty/.env

@@ -0,0 +1,8 @@
+#version=1.0
+#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs
+#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra
+SERVICE=copyparty
+IMAGE_URL=copyparty/ac:latest
+SERVICEPORT=3923
+TS_AUTHKEY=
+DNS_SERVER=9.9.9.9

services/copyparty/README.md

@@ -0,0 +1,25 @@
+# Copyparty with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up [Copyparty](https://github.com/9001/copyparty) with Tailscale as a sidecar container to securely access your lightweight file server and sharing platform over a private Tailscale network. By using Tailscale in a sidecar configuration, you can enhance the security and accessibility of your Copyparty instance, ensuring it is only available within your Tailscale network.
+
+## Copyparty
+
+[Copyparty](https://github.com/9001/copyparty) is a versatile, self-contained file server that runs on virtually any system. It supports file uploads, downloads, media streaming, WebDAV, and even full-on public or private file sharing with user authentication. Designed to be fast and lightweight, it requires no external dependencies and is extremely customizable. With this setup, Copyparty is exposed only to your Tailscale network, providing secure, peer-to-peer access from your devices.
+
+**Key Features:**
+
+- 📤 Drag-and-drop uploads via the browser
+- 📁 Directory listing and browsing
+- 🔒 User authentication and permissions
+- 🌐 WebDAV support for file mounts and syncing
+- 🎵 Audio/video streaming with built-in media player
+- 📝 Built-in text editor and image previews
+- 🧩 Single binary, no dependencies required
+- 🖥️ Runs on any OS, including Linux, Windows, macOS, and even Android
+- 🔧 Highly configurable with powerful CLI flags and config options
+
+With Tailscale in place, all of these features are securely tunneled through your private mesh network—no need to expose ports to the public internet.
+
+## Configuration Overview
+
+In this setup, the `tailscale-copyparty` service runs Tailscale, which handles the secure networking layer. The `copyparty` service uses Docker’s `network_mode: service:` setting to share the network stack of the Tailscale container. This means the Copyparty web interface and all file sharing functionality are only accessible via the Tailscale network (or locally if preferred), adding a strong privacy layer to your self-hosted file server.

services/copyparty/config/copyparty.conf

@@ -0,0 +1,32 @@
+# not actually YAML but lets pretend:
+# -*- mode: yaml -*-
+# vim: ft=yaml:
+
+
+[global]
+  e2dsa  # enable file indexing and filesystem scanning
+  e2ts   # enable multimedia indexing
+  ansi   # enable colors in log messages
+
+  # q, lo: /cfg/log/%Y-%m%d.log   # log to file instead of docker
+
+  # p: 3939          # listen on another port
+  # ipa: 10.89.      # only allow connections from 10.89.*
+  # df: 16           # stop accepting uploads if less than 16 GB free disk space
+  # ver              # show copyparty version in the controlpanel
+  # grid             # show thumbnails/grid-view by default
+  # theme: 2         # monokai
+  # name: datasaver  # change the server-name that's displayed in the browser
+  # stats, nos-dup   # enable the prometheus endpoint, but disable the dupes counter (too slow)
+  # no-robots, force-js  # make it harder for search engines to read your server
+
+
+[accounts]
+  ed: wark  # username: password
+
+
+[/]            # create a volume at "/" (the webroot), which will
+  /w           # share /w (the docker data volume)
+  accs:
+    rw: *      # everyone gets read-write access, but
+    rwmda: ed  # the user "ed" gets read-write-move-delete-admin

services/copyparty/config/serve.json

@@ -0,0 +1,16 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:3923"
+        }
+      }
+    }
+  }
+}

services/copyparty/docker-compose.yml

@@ -0,0 +1,63 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+    volumes:
+      - ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ${PWD}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+      - sys_module # Tailscale requirement
+    #ports:
+    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns: 
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    user: "1000:1000"
+    volumes:
+      - ${PWD}/config:/cfg:z
+      - /path/to/your/fileshare/top/folder:/w:z # Make sure to adjust to the location you want
+    depends_on:
+      tailscale:
+        condition: service_healthy
+
+    # enabling mimalloc by replacing "NOPE" with "2" will make some stuff twice as fast, but everything will use twice as much ram:
+    environment:
+      LD_PRELOAD: /usr/lib/libmimalloc-secure.so.NOPE
+
+    stop_grace_period: 15s  # thumbnailer is allowed to continue finishing up for 10s after the shutdown signal
+    healthcheck:
+      # hide it from logs with "/._" so it matches the default --lf-url filter 
+      test: ["CMD-SHELL", "wget --spider -q 127.0.0.1:3923/?reset=/._"]
+      interval: 1m
+      timeout: 2s
+      retries: 5
+      start_period: 15s
+    restart: always