feat(tandoor): Add Tandoor

.env.example

@@ -1,5 +1,5 @@
 COMPOSE_PROFILES=
-COMPOSE_FILE=docker-compose.yml:adguardhome/docker-compose.yml:flaresolverr/docker-compose.yml:sabnzbd/docker-compose.yml
+COMPOSE_FILE=docker-compose.yml:adguardhome/docker-compose.yml:flaresolverr/docker-compose.yml:sabnzbd/docker-compose.yml:tandoor/docker-compose.yml
 USER_ID=1000
 GROUP_ID=1000
 TIMEZONE="America/New_York"

docker-compose.yml

@@ -244,10 +244,10 @@ services:
       test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8080", "https://google.com" ]
       interval: 5s
       retries: 10
-    network_mode: "service:vpn"
-    depends_on:
-      vpn:
-        condition: service_healthy
+#    network_mode: "service:vpn"
+#    depends_on:
+#      vpn:
+#        condition: service_healthy
     labels:
       - traefik.enable=true
       - traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
@@ -272,37 +272,37 @@ services:
       - homepage.widget.url=http://vpn:8080
       - homepage.widget.username=${QBITTORRENT_USERNAME}
       - homepage.widget.password=${QBITTORRENT_PASSWORD}
-  vpn:
-    image: thrnz/docker-wireguard-pia
-    container_name: vpn
-    volumes:
-      - ./pia:/pia
-      - ./pia-shared:/pia-shared
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
-    environment:
-      - LOC=${PIA_LOCATION}
-      - USER=${PIA_USER}
-      - PASS=${PIA_PASS}
-      - LOCAL_NETWORK=${PIA_LOCAL_NETWORK}
-      - PORT_FORWARDING=1
-      - PORT_PERSIST=1
-      - PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh
-    sysctls:
-      - net.ipv4.conf.all.src_valid_mark=1
-      - net.ipv6.conf.default.disable_ipv6=1
-      - net.ipv6.conf.all.disable_ipv6=1
-      - net.ipv6.conf.lo.disable_ipv6=1
-    healthcheck:
-      test: ping -c 1 www.google.com || exit 1
-      interval: 30s
-      timeout: 10s
-      retries: 3
-    restart: always
-    labels:
-      # network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660
-      - com.centurylinklabs.watchtower.enable=false
+#  vpn:
+#    image: thrnz/docker-wireguard-pia
+#    container_name: vpn
+#    volumes:
+#      - ./pia:/pia
+#      - ./pia-shared:/pia-shared
+#    cap_add:
+#      - NET_ADMIN
+#      - SYS_MODULE
+#    environment:
+#      - LOC=${PIA_LOCATION}
+#      - USER=${PIA_USER}
+#      - PASS=${PIA_PASS}
+#      - LOCAL_NETWORK=${PIA_LOCAL_NETWORK}
+#      - PORT_FORWARDING=1
+#      - PORT_PERSIST=1
+#      - PORT_SCRIPT=/pia-shared/portupdate-qbittorrent.sh
+#    sysctls:
+#      - net.ipv4.conf.all.src_valid_mark=1
+#      - net.ipv6.conf.default.disable_ipv6=1
+#      - net.ipv6.conf.all.disable_ipv6=1
+#      - net.ipv6.conf.lo.disable_ipv6=1
+#    healthcheck:
+#      test: ping -c 1 www.google.com || exit 1
+#      interval: 30s
+#      timeout: 10s
+#      retries: 3
+#    restart: always
+#    labels:
+#      # network mode is not supported: https://github.com/containrrr/watchtower/issues/1286#issuecomment-1214291660
+#      - com.centurylinklabs.watchtower.enable=false
   unpackerr:
     image: golift/unpackerr
     container_name: unpackerr
@@ -334,9 +334,9 @@ services:
     ports:
       - "7359:7359/udp"
       - "1900:1900/udp"
-    devices:
-      - /dev/dri/renderD128:/dev/dri/renderD128
-      - /dev/dri/card0:/dev/dri/card0
+#    devices:
+#      - /dev/dri/renderD128:/dev/dri/renderD128
+#      - /dev/dri/card0:/dev/dri/card0
     restart: always
     healthcheck:
       test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8096/jellyfin/health" ]

tandoor/.env.example

@@ -0,0 +1,191 @@
+# only set this to true when testing/debugging
+# when unset: 1 (true) - dont unset this, just for development
+DEBUG=0
+SQL_DEBUG=0
+DEBUG_TOOLBAR=0
+# Gunicorn log level for debugging (default value is "info" when unset)
+# (see https://docs.gunicorn.org/en/stable/settings.html#loglevel for available settings)
+# GUNICORN_LOG_LEVEL="debug"
+
+# HTTP port to bind to
+# TANDOOR_PORT=8080
+
+# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...
+ALLOWED_HOSTS=*
+
+# Cross Site Request Forgery protection
+# (https://docs.djangoproject.com/en/4.2/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS)
+# CSRF_TRUSTED_ORIGINS = []
+
+# Cross Origin Resource Sharing
+# (https://github.com/adamchainz/django-cors-header)
+# CORS_ALLOW_ALL_ORIGINS = True
+
+# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
+# ---------------------------- AT LEAST ONE REQUIRED -------------------------
+SECRET_KEY=
+SECRET_KEY_FILE=
+# ---------------------------------------------------------------
+
+# your default timezone See https://timezonedb.com/time-zones for a list of timezones
+TZ=America/New_York
+
+# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
+DB_ENGINE=django.db.backends.sqlite3
+# DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl
+#POSTGRES_HOST=db_recipes
+#POSTGRES_PORT=5432
+#POSTGRES_USER=djangouser
+# ---------------------------- AT LEAST ONE REQUIRED -------------------------
+#POSTGRES_PASSWORD=
+#POSTGRES_PASSWORD_FILE=
+# ---------------------------------------------------------------
+POSTGRES_DB=/opt/recipes/database/recipes.db
+
+# database connection string, when used overrides other database settings.
+# format might vary depending on backend
+# DATABASE_URL = engine://username:password@host:port/dbname
+
+# the default value for the user preference 'fractions' (enable/disable fraction support)
+# default: disabled=0
+FRACTION_PREF_DEFAULT=0
+
+# the default value for the user preference 'comments' (enable/disable commenting system)
+# default comments enabled=1
+COMMENT_PREF_DEFAULT=1
+
+# Users can set a amount of time after which the shopping list is refreshed when they are in viewing mode
+# This is the minimum interval users can set. Setting this to low will allow users to refresh very frequently which
+# might cause high load on the server. (Technically they can obviously refresh as often as they want with their own scripts)
+SHOPPING_MIN_AUTOSYNC_INTERVAL=5
+
+# Default for user setting sticky navbar
+# STICKY_NAV_PREF_DEFAULT=1
+
+# If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/)
+# Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/'
+ SCRIPT_NAME=/recipes
+
+# If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN /
+# this is not required if you are just using a subfolder
+# This can either be a relative path from the applications base path or the url of an external host
+ STATIC_URL=/recipes/static/
+
+# If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN /
+# this is not required if you are just using a subfolder
+# This can either be a relative path from the applications base path or the url of an external host
+ MEDIA_URL=/recipes/media/
+
+# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
+# provided that include an additional nxginx container to handle media file serving.
+# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method.
+# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate
+GUNICORN_MEDIA=0
+
+# GUNICORN SERVER RELATED SETTINGS (see https://docs.gunicorn.org/en/stable/design.html#how-many-workers for recommended settings)
+# GUNICORN_WORKERS=1
+# GUNICORN_THREADS=1
+
+# S3 Media settings: store mediafiles in s3 or any compatible storage backend (e.g. minio)
+# as long as S3_ACCESS_KEY is not set S3 features are disabled
+# S3_ACCESS_KEY=
+# S3_SECRET_ACCESS_KEY=
+# S3_BUCKET_NAME=
+# S3_REGION_NAME= # default none, set your region might be required
+# S3_QUERYSTRING_AUTH=1 # default true, set to 0 to serve media from a public bucket without signed urls
+# S3_QUERYSTRING_EXPIRE=3600 # number of seconds querystring are valid for
+# S3_ENDPOINT_URL= # when using a custom endpoint like minio
+# S3_CUSTOM_DOMAIN= # when using a CDN/proxy to S3 (see https://github.com/TandoorRecipes/recipes/issues/1943)
+
+# Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host
+# Required for email confirmation and password reset (automatically activates if host is set)
+# EMAIL_HOST=
+# EMAIL_PORT=
+# EMAIL_HOST_USER=
+# EMAIL_HOST_PASSWORD=
+# EMAIL_USE_TLS=0
+# EMAIL_USE_SSL=0
+# email sender address (default 'webmaster@localhost')
+# DEFAULT_FROM_EMAIL=
+# prefix used for account related emails (default "[Tandoor Recipes] ")
+# ACCOUNT_EMAIL_SUBJECT_PREFIX=
+
+# allow authentication via the REMOTE-USER header (can be used for e.g. authelia).
+# ATTENTION: Leave off if you don't know what you are doing! Enabling this without proper configuration will enable anybody
+#   to login with any username!
+# See docs for additional information: https://docs.tandoor.dev/features/authentication/#reverse-proxy-authentication
+# when unset: 0 (false)
+REMOTE_USER_AUTH=0
+
+# Default settings for spaces, apply per space and can be changed in the admin view
+# SPACE_DEFAULT_MAX_RECIPES=0 # 0=unlimited recipes
+# SPACE_DEFAULT_MAX_USERS=0 # 0=unlimited users per space
+# SPACE_DEFAULT_MAX_FILES=0 # Maximum file storage for space in MB. 0 for unlimited, -1 to disable file upload.
+# SPACE_DEFAULT_ALLOW_SHARING=1 # Allow users to share recipes with public links
+
+# allow people to create local accounts on your application instance (without an invite link)
+# social accounts will always be able to sign up
+# when unset: 0 (false)
+# ENABLE_SIGNUP=0
+
+# If signup is enabled you might want to add a captcha to it to prevent spam
+# HCAPTCHA_SITEKEY=
+# HCAPTCHA_SECRET=
+
+# if signup is enabled you might want to provide urls to data protection policies or terms and conditions
+# TERMS_URL=
+# PRIVACY_URL=
+# IMPRINT_URL=
+
+# enable serving of prometheus metrics under the /metrics path
+# ATTENTION: view is not secured (as per the prometheus default way) so make sure to secure it
+# trough your web server (or leave it open of you dont care if the stats are exposed)
+# ENABLE_METRICS=0
+
+# allows you to setup OAuth providers
+# see docs for more information https://docs.tandoor.dev/features/authentication/
+# SOCIAL_PROVIDERS = allauth.socialaccount.providers.github, allauth.socialaccount.providers.nextcloud,
+
+# Should a newly created user from a social provider get assigned to the default space and given permission by default ?
+# ATTENTION: This feature might be deprecated in favor of a space join and public viewing system in the future
+# default 0 (false), when 1 (true) users will be assigned space and group
+# SOCIAL_DEFAULT_ACCESS = 1
+
+# if SOCIAL_DEFAULT_ACCESS is used, which group should be added
+# SOCIAL_DEFAULT_GROUP=guest
+
+# Django session cookie settings. Can be changed to allow a single django application to authenticate several applications
+# when running under the same database
+# SESSION_COOKIE_DOMAIN=.example.com
+# SESSION_COOKIE_NAME=sessionid # use this only to not interfere with non unified django applications under the same top level domain
+
+# by default SORT_TREE_BY_NAME is disabled this will store all Keywords and Food in the order they are created
+# enabling this setting makes saving new keywords and foods very slow, which doesn't matter in most usecases.
+# however, when doing large imports of recipes that will create new objects, can increase total run time by 10-15x
+# Keywords and Food can be manually sorted by name in Admin
+# This value can also be temporarily changed in Admin, it will revert the next time the application is started
+# This will be fixed/changed in the future by changing the implementation or finding a better workaround for sorting
+# SORT_TREE_BY_NAME=0
+# LDAP authentication
+# default 0 (false), when 1 (true) list of allowed users will be fetched from LDAP server
+#LDAP_AUTH=
+#AUTH_LDAP_SERVER_URI=
+#AUTH_LDAP_BIND_DN=
+#AUTH_LDAP_BIND_PASSWORD=
+#AUTH_LDAP_USER_SEARCH_BASE_DN=
+#AUTH_LDAP_TLS_CACERTFILE=
+#AUTH_LDAP_START_TLS=
+
+# Enables exporting PDF (see export docs)
+# Disabled by default, uncomment to enable
+# ENABLE_PDF_EXPORT=1
+
+# Recipe exports are cached for a certain time by default, adjust time if needed
+# EXPORT_FILE_CACHE_DURATION=600
+
+# if you want to do many requests to the FDC API you need to get a (free) API key. Demo key is limited to 30 requests / hour or 50 requests / day
+#FDC_API_KEY=DEMO_KEY
+
+# API throttle limits
+# you may use X per second, minute, hour or day
+# DRF_THROTTLE_RECIPE_URL_IMPORT=60/hour

tandoor/.gitignore

@@ -0,0 +1,5 @@
+.env
+/database
+!/database/.gitkeep
+/mediafiles
+!/mediafiles/.gitkeep

tandoor/docker-compose.yml

@@ -0,0 +1,74 @@
+version: '3.9'
+
+services:
+#  tandoor-database:
+#    image: postgres:16-alpine
+#    container_name: tandoor-database
+#    restart: always
+#    volumes:
+#      - ./tandoor/database:/var/lib/postgresql/data
+#    env_file:
+#      - ./tandoor/.env
+#    profiles:
+#      - tandoor
+
+  tandoor:
+    image: vabene1111/recipes:latest
+    container_name: tandoor
+    restart: always
+    env_file:
+      - ./tandoor/.env
+    volumes:
+      - tandoor-staticfiles:/opt/recipes/staticfiles
+      - ./tandoor/mediafiles:/opt/recipes/mediafiles
+      - ./tandoor/database:/opt/recipes/database
+#    depends_on:
+#      - tandoor-database
+    profiles:
+      - tandoor
+
+  tandoor-nginx:
+    image: nginx:mainline-alpine
+    container_name: tandoor-nginx
+    restart: always
+    env_file:
+      - ./tandoor/.env
+    volumes:
+      - ./tandoor/nginx:/etc/nginx/conf.d:ro
+      - tandoor-staticfiles:/static:ro
+      - ./tandoor/mediafiles:/media:ro
+    depends_on:
+      - tandoor
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.tandoor.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/recipes`))
+      - traefik.http.routers.tandoor.tls=true
+      - traefik.http.routers.tandoor.tls.certresolver=myresolver
+      - traefik.http.services.tandoor.loadbalancer.server.port=80
+    profiles:
+      - tandoor
+
+volumes:
+  tandoor-staticfiles:
+
+#  tandoor-backup:
+#    image: eeshugerman/postgres-backup-s3:16
+#    container_name: tandoor-backup
+#    restart: always
+#    env_file:
+#      - ./tandoor/.env
+#    environment:
+#      SCHEDULE: '@daily'
+#      BACKUP_KEEP_DAYS: 7
+#      PASSPHRASE: ${POSTGRES_PASSWORD}
+#      S3_REGION: ${S3_BACKUP_REGION_NAME}
+#      S3_ACCESS_KEY_ID: ${S3_BACKUP_ACCESS_KEY}
+#      S3_SECRET_ACCESS_KEY: ${S3_BACKUP_SECRET_ACCESS_KEY}
+#      S3_BUCKET: ${S3_BACKUP_BUCKET_NAME}
+#      S3_PREFIX: backup
+#      POSTGRES_HOST: ${POSTGRES_HOST}
+#      POSTGRES_DATABASE: ${POSTGRES_DB}
+#      POSTGRES_USER: ${POSTGRES_USER}
+#      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+#    profiles:
+#      - tandoor