tailscale-dev · crypt0rr · Apr 11, 2026 · Apr 10, 2026 · Apr 11, 2026 · Apr 11, 2026
diff --git a/services/kaneo/.env b/services/kaneo/.env
@@ -3,13 +3,41 @@
 #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.
 
 # Service Configuration
-SERVICE=kaneo
-IMAGE_URL_BACKEND=ghcr.io/usekaneo/api:latest
-IMAGE_URL_FRONTEND=ghcr.io/usekaneo/web:latest
+SERVICE=kaneo # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}).
+IMAGE_URL_BACKEND=ghcr.io/usekaneo/api:latest # Docker image URL from container registry (e.g., adguard/adguard-home).
+IMAGE_URL_FRONTEND=ghcr.io/usekaneo/web:latest # Docker image URL from container registry (e.g., adguard/adguard-home).
+IMAGE_URL_DATABASE=postgres:16-alpine # Docker image URL from container registry (e.g., adguard/adguard-home).
 
 # Network Configuration
-SERVICEPORT=80
-DNS_SERVER=9.9.9.9
+# SERVICEPORT=
+SERVICEPORT_FRONTEND=5173
+SERVICEPORT_BACKEND=1337
+SERVICEPORT_DATABASE=5432
+DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable.
+
+# Tailscale Configuration
+TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions.
+
+# Optional Service variables
+# PUID=1000
+
+#Time Zone setting for containers 
+TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+
+# Any Container environment variables are declared below. See https://docs.docker.com/compose/how-tos/environment-variables/
+
+# Kaneo Configuration
+KANEO_API_URL="https://kaneo.<your-tailnet>.ts.net/api"
+KANEO_CLIENT_URL="https://kaneo.<your-tailnet>.ts.net"
+
+# AUTH Configuration
+AUTH_SECRET=
+BETTER_AUTH_TRUSTED_PROXIES: "0.0.0.0/0"
+
+# DB Configuration
+DB_USERNAME=kaneo
+DB_DATABASE_NAME=kaneo
+DB_PASSWORD=
 
 # Tailscale Configuration
 TS_AUTHKEY=

diff --git a/services/kaneo/compose.yaml b/services/kaneo/compose.yaml
@@ -3,8 +3,10 @@ configs:
     content: |
       {"TCP":{"443":{"HTTPS":true}},
       "Web":{"$${TS_CERT_DOMAIN}:443":
-          {"Handlers":{"/":
-          {"Proxy":"http://127.0.0.1:80"}}}},
+          {"Handlers":{
+            "/api/":{"Proxy":"http://localhost:${SERVICEPORT_BACKEND}/api/"},
+            "/":{"Proxy":"http://localhost:${SERVICEPORT_FRONTEND}"}
+          }}},
       "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}}
 
 services:
@@ -47,41 +49,56 @@ services:
       start_period: 10s # Time to wait before starting health checks
     restart: always
 
-  # ${SERVICE} - Backend
+  # ${SERVICE} - DB
+  postgres:
+    image: ${IMAGE_URL_DATABASE} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE}-postgres # Name for local container management
+    env_file:
+      - .env
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+    volumes:
+      - ./${SERVICE}-data/postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME} -d ${DB_DATABASE_NAME}"]
+      interval: 10s # How often to perform the check
+      timeout: 5s # Time to wait for the check to succeed
+      retries: 5 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: unless-stopped
+
+  # ${SERVICE} - Backend (API)
   backend:
     image: ${IMAGE_URL_BACKEND} # Image to be used
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE}-backend # Name for local container management
+    env_file:
+      - .env
     environment:
-      JWT_ACCESS: "change_me"
-      DB_PATH: "/app/apps/api/data/kaneo.db"
-    volumes:
-      - ./${SERVICE}-data/sqlite_data:/app/apps/api/data
+      DATABASE_URL: "postgresql://${DB_USERNAME}:${DB_PASSWORD}@localhost:${SERVICEPORT_DATABASE}/${DB_DATABASE_NAME}"
     depends_on:
       tailscale:
         condition: service_healthy
-    healthcheck:
-      test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
-      interval: 1m # How often to perform the check
-      timeout: 10s # Time to wait for the check to succeed
-      retries: 3 # Number of retries before marking as unhealthy
-      start_period: 30s # Time to wait before starting health checks
-    restart: always
+      postgres:
+        condition: service_healthy
+    restart: unless-stopped
 
-  # ${SERVICE} - Frontend
+  # ${SERVICE} - Frontend (Web)
   frontend:
     image: ${IMAGE_URL_FRONTEND} # Image to be used
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE}-frontend # Name for local container management
-    environment:
-      KANEO_API_URL: "https://kaneo.<your-tailnet>/api"
+    env_file:
+      - .env
     depends_on:
       tailscale:
         condition: service_healthy
-    healthcheck:
-      test: ["CMD", "pgrep", "-f", "${SERVICE}"] # Check if ${SERVICE} process is running
-      interval: 1m # How often to perform the check
-      timeout: 10s # Time to wait for the check to succeed
-      retries: 3 # Number of retries before marking as unhealthy
-      start_period: 30s # Time to wait before starting health checks
-    restart: always
+      backend:
+        condition: service_started
+    restart: unless-stopped
+
+volumes:
+  postgres_data: