New service: Tracktor (#225)

* New service: Tracktor

* Update README.md to enhance Tracktor description and features

---------

Co-authored-by: Bart <57799908+crypt0rr@users.noreply.github.com>

Author: jackspiering

README.md

@@ -118,7 +118,7 @@ If you would like to add a new config, you can use the [service-template](templa
 ### 📊 Dashboards and Visualization
 
 | 📊 Service      | 📝 Description                                                                        | 🔗 Link                       |
-| --------------  | ------------------------------------------------------------------------------------ | ---------------------------- |
+| -------------- | ------------------------------------------------------------------------------------ | ---------------------------- |
 | 🧭 **Glance**   | A concise, customizable dashboard for self-hosted services and personal metrics.     | [Details](services/glance)   |
 | 🏠 **Homepage** | A modern, highly customizable homepage for organizing links and monitoring services. | [Details](services/homepage) |
 
@@ -165,6 +165,7 @@ If you would like to add a new config, you can use the [service-template](templa
 | 🔔 **Gotify**     | A simple server for sending and receiving messages in real-time.                       | [Details](services/gotify)      |
 | 📣 **ntfy**       | A simple HTTP-based pub/sub notification service for sending push notifications.       | [Details](services/ntfy)        |
 | 🚗 **LubeLogger** | Self-hosted vehicle maintenance tracker with private access.                           | [Details](services/lube-logger) |
+| 🚗 **Tracktor**   | Self-hosted vehicle maintenance tracker.                                               | [Details](services/tracktor)    |
 | 📱 **Mini-QR**    | A minimal, self-hosted QR code generator with a mobile-friendly UI.                    | [Details](services/miniqr)      |
 | 🔐 **Hemmelig**   | A self-hosted, zero-knowledge encrypted secret sharing platform with expiring secrets. | [Details](services/hemmelig)    |
 | 📦 **Homebox**    | A self-hosted home inventory and asset management system.                              | [Details](services/homebox)     |

services/tracktor/.env

@@ -0,0 +1,17 @@
+#version=1.1
+#URL=https://github.com/tailscale-dev/ScaleTail
+#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.
+
+# Service Configuration
+SERVICE=tracktor # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}).
+IMAGE_URL=ghcr.io/javedh-dev/tracktor:latest # Docker image URL from container registry (e.g., adguard/adguard-home).
+
+# Network Configuration
+SERVICEPORT=3333 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable.
+DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable.
+
+# Tailscale Configuration
+TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.
+TS_TAILNET= # Your Tailscale tailnet name (e.g., my-tailnet).
+# Optional Service variables
+# PUID=1000

services/tracktor/README.md

@@ -0,0 +1,36 @@
+# Tracktor with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up **Tracktor** with a **Tailscale sidecar** container, enabling secure access to your self-hosted vehicle management interface over your private Tailscale network. With this setup, your Tracktor instance remains **private and accessible only from authorized devices on your Tailnet**, keeping sensitive vehicle data, documents, and analytics off the public internet.
+
+## Tracktor
+
+[**Tracktor**](https://github.com/javedh-dev/tracktor) is an open-source web application for comprehensive vehicle management. It helps you track multiple vehicles in one place, including fuel consumption, maintenance history, insurance, and regulatory documents with renewal dates.
+
+Tracktor is under active development and may include breaking changes. Keep regular backups of your data and validate upgrades before relying on it for critical workflows.
+
+## Key Features
+
+- 🚗 **Vehicle Management** – Add, edit, and manage multiple vehicles, including different fuel types.
+- ⛽ **Fuel Tracking** – Log fuel refills and monitor consumption and efficiency over time.
+- 🧰 **Maintenance Log** – Record and review maintenance history per vehicle.
+- 📄 **Document Tracking** – Track insurance, inspection, and regulatory documents with renewal dates.
+- ⏰ **Reminders** – Set reminders for maintenance, renewals, and other vehicle events.
+- 📊 **Dashboard & Analytics** – Visualize key metrics and upcoming renewals.
+- 🔐 **User Authentication** – Username/password auth with session management.
+- 🎛️ **Feature Toggles** – Enable or disable features depending on your needs.
+
+## Why Self-Host?
+
+A vehicle management system often contains personal and operational data such as license plate numbers, VINs, service history, and document expiration dates. Hosting this data yourself ensures you retain full ownership, avoid third-party data exposure, and can integrate it cleanly into your homelab or internal tooling.
+
+When combined with Tailscale, Tracktor becomes a private portal accessible only to authenticated devices on your Tailnet. This significantly reduces attack surface by avoiding public port exposure, while preserving the convenience of accessing your vehicle records from anywhere.
+
+## Configuration Overview
+
+In this deployment, a **Tailscale sidecar container** (for example `tailscale-tracktor`) runs the Tailscale client and joins your private Tailscale network. The main `tracktor` service uses:
+
+```plain
+network_mode: service:tailscale-tracktor
+```
+
+This configuration routes all inbound and outbound traffic through the Tailscale interface, ensuring that the Tracktor web UI is accessible **only via your Tailscale network**.

services/tracktor/compose.yaml

@@ -0,0 +1,70 @@
+configs:
+  ts-serve:
+    content: |
+      {"TCP":{"443":{"HTTPS":true}},
+      "Web":{"$${TS_CERT_DOMAIN}:443":
+          {"Handlers":{"/":
+          {"Proxy":"http://127.0.0.1:3000"}}}},
+      "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}}
+
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+      - TS_AUTH_ONCE=true 
+    configs:
+      - source: ts-serve
+        target: /config/serve.json
+    volumes:
+      - ./config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+    #ports:
+    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns: 
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    environment:
+      - TRACKTOR_DEMO_MODE=false
+      - FORCE_DATA_SEED=false
+      - CORS_ORIGINS="https://${SERVICE}.${TS_TAILNET}.ts.net" # Adjust as needed for your setup
+    volumes:
+      - ./${SERVICE}-data:/data
+    depends_on:
+      tailscale:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "pgrep", "-f", "node build"] # Check if ${SERVICE} process is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always