safebox/default-applications-tree
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dev #67

Merged
gyurix merged 3 commits from dev into main 2026-03-22 22:15:09 +00:00
Conversation 0 Commits 3 Files Changed 12
+933 -38
12 changed files with 933 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+184 -34
View File
@@ -1,51 +1,201 @@
# default-applications-tree # default-applications-tree
You can add more application sections into applications-tree.json. This repository defines the available applications and their configuration templates. Each application lives in its own subdirectory and is registered in `applications-tree.json`.
You have to specify the application name and version. For example:
---
## applications-tree.json
The root `applications-tree.json` file lists all available applications. Each entry in the `apps` array registers one application:
```json
{ {
"name": "nextcloud", "apps": [
"version": "latest" {
"name": "Nextcloud",
"subtitle": "File Synchronization",
"version": "31.0.8-fpm-alpine",
"icon": "data:image/svg+xml;base64,..."
} }
The name must be the same as the directory name of the application.
The directory of an application have to contain a template.json file and can contain more json files (service, domain, secret, etc. files).
The mandatory template.json file's structure is the following.
- "name" - the name of the application, must be the same as the directory name
- "fields" - array of used variables by service
{
"name": "vaultwarden",
"fields": [
...
] ]
} }
```
An element of fields can contain the following keys. ### App entry fields
- description - label of the field, this text will appear before element
- key - name of variable
- value - default value of variable in the form
- required - if set "true" then fill in of the field is required in the form
- type - if not set then default is text, available field types: text, password, textarea, select
- if type is "select" then options are separated by ",". Option's value and text is separated by ":", but text is not mandatory. For example:
"value": "yes,no" | Field | Required | Description |
"value": "1:gmail,2:microsoft outlook/hotmail,3:other", |------------|----------|-------------|
| `name` | yes | Display name of the application. Must match the directory name (case-insensitive). |
| `version` | yes | Default version tag used when deploying. Use `"latest"` for the most recent image. |
| `subtitle` | no | Short tagline shown in the app listing UI. |
| `icon` | no | Base64-encoded SVG or PNG image used as the app icon in the UI (`data:image/svg+xml;base64,...` or `data:image/png;base64,...`). |
- generated - the value of the variable is auto generated, so the field will not appear in the form. Generated examples: ---
"time|md5|8" - generated from time, encoded by md5 and character length is 8 ## Application directory structure
"random|md5|20" - random generated number, encoded by sha256, length is 20
Field element example: Each application has its own directory (e.g. `nextcloud/`). The directory name must match the `name` in `applications-tree.json`. It must contain a `template.json` file and can contain additional JSON files for services, domains, secrets, firewall rules, etc.
```
nextcloud/
template.json ← mandatory configuration template
service-nextcloud.json ← service definition
domain-nextcloud.json ← domain/ingress configuration
nextcloud-secret.json ← secrets / environment variables
firewall-nextcloud.json ← firewall rules
...
```
---
## template.json
The `template.json` file defines the application's metadata and the list of configuration fields that are presented in the deployment form.
### Top-level structure
```json
{ {
"description": "Please add Nextcloud password:", "name": "Nextcloud",
"key": "NEXTCLOUD_PASSWORD", "title": "Nextcloud",
"subtitle": "File Synchronization",
"description": "Nextcloud is a suite of client-server software...",
"icon": "data:image/svg+xml;base64,...",
"fields": [ ... ]
}
```
### Top-level fields
| Field | Required | Description |
|---------------|----------|-------------|
| `name` | yes | Must match the directory name. Used as the application identifier. |
| `title` | no | Human-readable display title shown in the form header (falls back to `name` if omitted). |
| `subtitle` | no | Short tagline displayed below the title. |
| `description` | no | Longer description of the application shown in the form or app listing. |
| `icon` | no | Base64-encoded SVG or PNG icon (`data:image/svg+xml;base64,...`). |
| `fields` | yes | Array of configuration field definitions (see below). |
---
## Field definitions
Each element of the `fields` array defines one configuration variable. Fields are rendered as form inputs during deployment. Fields with `generated` set are auto-populated and not shown in the form.
### Field properties
| Property | Required | Description |
|---------------|----------|-------------|
| `description` | yes | Label text displayed before the input. |
| `key` | yes | The environment variable name that will hold the value. |
| `value` | no | Default value pre-filled in the form. For `select` fields this defines the available options (see below). |
| `required` | no | Set to `"true"` to make the field mandatory. The form will not submit until it is filled. |
| `type` | no | Input type. Defaults to `"text"`. See [Field types](#field-types). |
| `info` | no | Additional hint or explanatory text shown alongside or below the field. |
| `generated` | no | Auto-generation pattern. When set the field is not shown in the form; its value is generated automatically. See [Generated values](#generated-values). |
| `advanced` | no | Set to `"true"` to hide the field from the UI by default. It can be revealed by pressing the `>` button. |
### Field types
The `type` property controls how the field is rendered:
| Type | Description |
|-------------|-------------|
| `text` | *(default)* Single-line plain text input. |
| `password` | The value is hidden from human-readable display wherever it is shown in the UI. |
| `textarea` | Multi-line text input. |
| `select` | Dropdown. Options are defined in `value` as a comma-separated list. Each option can be `optionValue` or `displayText:optionValue`. |
#### Select field examples
Simple yes/no toggle:
```json
{
"description": "Enable feature",
"key": "FEATURE_ENABLED",
"value": "false,true",
"type": "select"
}
```
Options with display labels:
```json
{
"description": "Email provider",
"key": "MAIL_PROVIDER",
"value": "1:Gmail,2:Microsoft Outlook/Hotmail,3:Other",
"type": "select"
}
```
TOTP authentication toggle (advanced):
```json
{
"description": "TOTP authentication (true/false)",
"key": "GUACAMOLE_TOTP",
"value": "false,true",
"required": "true",
"type": "select",
"advanced": "true"
}
```
### Generated values
When `generated` is set the field value is computed automatically. The format is:
```
"<source>|<encoding>|<length>"
```
| Part | Options | Description |
|------------|------------------|-------------|
| `source` | `time`, `random` | `time` seeds the hash from the current timestamp; `random` uses a random number. |
| `encoding` | `md5`, `sha256` | Hash algorithm applied to the source value. |
| `length` | integer | Number of characters to take from the hash output. |
#### Examples
| Pattern | Result |
|---------------------|--------|
| `"time\|md5\|8"` | 8-character MD5 hash seeded from the current time. |
| `"random\|md5\|12"` | 12-character MD5 hash seeded from a random number. |
| `"random\|sha256\|20"` | 20-character SHA-256 hash seeded from a random number. |
| `""` | Auto-generated with default settings (pattern not specified). |
---
## Complete field example
```json
{
"description": "Nextcloud admin password",
"key": "NEXTCLOUD_ADMIN_PASSWORD",
"value": "", "value": "",
"required": "true", "required": "true",
"type": "password" "type": "password",
}, "info": "Must be at least 8 characters long."
}
```
Auto-generated database password (not shown in the form):
```json
{
"description": "Postgres password for user",
"key": "POSTGRES_PASSWORD",
"value": "",
"required": "true",
"generated": "random|md5|12"
}
```
Advanced optional SMTP field:
```json
{
"description": "Email sending protocol",
"key": "MAIL_PROTOCOL",
"value": "",
"info": "Options are: empty (for no encryption), ssl, tls",
"advanced": "true"
}
```
applications-tree.json
+7
View File
File diff suppressed because one or more lines are too long
immich/service-immich.json
+1 -1
View File
@@ -35,7 +35,7 @@
"VOLUMES": [ "VOLUMES": [
{ {
"SOURCE": "/etc/user/data/immich/db", "SOURCE": "/etc/user/data/immich/db",
"DEST": "/var/lib/postgres", "DEST": "/var/lib/postgresql/data",
"TYPE": "rw" "TYPE": "rw"
} }
], ],
nextcloud/service-nextcloud.json
+1 -1
View File
@@ -48,7 +48,7 @@
"VOLUMES": [ "VOLUMES": [
{ {
"SOURCE": "/etc/user/data/nextcloud/db", "SOURCE": "/etc/user/data/nextcloud/db",
"DEST": "/var/lib/postgres", "DEST": "/var/lib/postgresql/data",
"TYPE": "rw" "TYPE": "rw"
} }
], ],
quackback/domain-quackback.json
+60
View File
@@ -0,0 +1,60 @@
{
"main": {
"SERVICE_NAME": "quackback",
"DOMAIN": "#DOMAIN"
},
"containers": [
{
"IMAGE": "safebox/domain-check",
"UPDATE": "true",
"MEMORY": "64M",
"NAME": "domain_checker",
"ROLES": "domain_checker",
"NETWORK": "host",
"SELECTOR": "",
"SCALE": "0",
"EXTRA": "--rm --privileged",
"PRE_START": [],
"DEPEND": [],
"POST_START": [],
"CMD": "",
"ENVS": [
{
"PROXY": "smarthostloadbalancer"
},
{
"TARGET": "quackback-app"
},
{
"PORT": "3000"
},
{
"DOMAIN": "#DOMAIN"
},
{
"SMARTHOST_PROXY_PATH": "/smarthost-domains"
},
{
"OPERATION": "CREATE"
}
],
"VOLUMES": [
{
"SOURCE": "/etc/user/config/smarthost-domains",
"DEST": "/smarthost-domains",
"TYPE": "rw"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
}
]
}
]
}
quackback/firewall-quackback-dns.json
+75
View File
@@ -0,0 +1,75 @@
{
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "safebox/firewall",
"NAME": "firewall",
"MEMORY": "64M",
"NETWORK": "host",
"SCALE": "0",
"VOLUMES": [
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
}
],
"PORTS": [],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{
"CHAIN": "DOCKER-USER"
},
{
"SOURCE": "coredns"
},
{
"TARGET": "quackback-app"
},
{
"TYPE": "udp"
},
{
"TARGET_PORT": "53"
},
{
"COMMENT": "dns for quackback"
}
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
}
quackback/firewall-quackback-smtp.json
+75
View File
@@ -0,0 +1,75 @@
{
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "safebox/firewall",
"NAME": "firewall",
"MEMORY": "64M",
"NETWORK": "host",
"SCALE": "0",
"VOLUMES": [
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
}
],
"PORTS": [],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{
"CHAIN": "DOCKER-USER"
},
{
"SOURCE": "quackback-app"
},
{
"TARGET": "smtp"
},
{
"TYPE": "tcp"
},
{
"TARGET_PORT": "25"
},
{
"COMMENT": "smtp for openproject"
}
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
}
quackback/firewall-quackback.json
+75
View File
@@ -0,0 +1,75 @@
{
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "safebox/firewall",
"NAME": "firewall",
"MEMORY": "64M",
"NETWORK": "host",
"SCALE": "0",
"VOLUMES": [
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
},
{
"SOURCE": "/etc/system/data/dns/hosts.local",
"DEST": "/etc/dns/hosts.local",
"TYPE": "ro"
},
{
"SOURCE": "/var/run/docker.sock",
"DEST": "/var/run/docker.sock",
"TYPE": "rw"
}
],
"PORTS": [],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"ENVS": [
{
"CHAIN": "DOCKER-USER"
},
{
"SOURCE": "smarthostbackend"
},
{
"TARGET": "quackback-app"
},
{
"TYPE": "tcp"
},
{
"TARGET_PORT": "3000"
},
{
"COMMENT": "proxy for quackback"
}
],
"EXTRA": "--privileged --rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
}
quackback/quackback-secret.json
+24
View File
@@ -0,0 +1,24 @@
{
"quackbackpostgres": {
"POSTGRES_DB": "#DB_NAME",
"POSTGRES_USER": "#DB_USER",
"POSTGRES_PASSWORD": "#DB_PASSWORD"
},
"quackbackminio": {
"MINIO_ROOT_USER": "#MINIO_ROOT_USER",
"MINIO_ROOT_PASSWORD": "#MINIO_ROOT_PASSWORD"
},
"quackbackapp": {
"SECRET_KEY": "#SECRET_KEY",
"UTILS_SECRET": "#UTILS_SECRET",
"DATABASE_URL": "postgres://#DB_USER:#DB_PASSWORD@quackbackpostgres-db:5432/#DB_NAME",
"SLACK_CLIENT_ID": "#SLACK_CLIENT_ID",
"SLACK_CLIENT_SECRET": "#SLACK_CLIENT_SECRET",
"GOOGLE_CLIENT_ID": "#GOOGLE_CLIENT_ID",
"GOOGLE_CLIENT_SECRET": "#GOOGLE_CLIENT_SECRET",
"GITHUB_CLIENT_ID": "#GITHUB_CLIENT_ID",
"GITHUB_CLIENT_SECRET": "#GITHUB_CLIENT_SECRET",
"EMAIL_SMTP_USER": "#SMTP_USERNAME",
"EMAIL_SMTP_PASS": "#SMTP_PASSWORD"
}
}
quackback/service-quackback.json
+204
View File
@@ -0,0 +1,204 @@
{
"main": {
"SERVICE_NAME": "quackback",
"DOMAIN": "#DOMAIN"
},
"containers": [
{
"IMAGE": "alpine:latest",
"UPDATE": "true",
"NAME": "quackback-init",
"NETWORK": "host",
"MEMORY": "64M",
"VOLUMES": [
{
"SOURCE": "USER_DATA",
"DEST": "/etc/user/data",
"TYPE": "rw"
}
],
"EXTRA": "--rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"ENTRYPOINT": "sh -c",
"CMD": "mkdir -p /etc/user/data/quackback/data && mkdir -p /etc/user/data/quackback/db && mkdir -p /etc/user/data/quackback/minio && mkdir -p /etc/user/data/quackback/dragonfly",
"PRE_START": "null",
"POST_START": "null"
},
{
"IMAGE": "postgres-quackback:18",
"UPDATE": "true",
"NAME": "quackbackpostgres-db",
"MEMORY": "256M",
"NETWORK": "quackback-net",
"SELECTOR": "quackbackpostgres-db",
"VOLUMES": [
{
"SOURCE": "/etc/user/data/quackback/db",
"DEST": "/var/lib/postgresql/data",
"TYPE": "rw"
}
],
"PORTS": [
{
"SOURCE": "null",
"DEST": "5432",
"TYPE": "tcp"
}
],
"ENV_FILES": [
"/etc/user/secret/quackback/quackback.json"
],
"EXTRA": "--restart always",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "postgres -c shared_preload_libraries=pg_cron -c cron.database_name=quackback -c max_connections=200",
"PRE_START": "null",
"POST_START": "null"
},
{
"IMAGE": "minio/minio:latest",
"UPDATE": "true",
"NAME": "quackbackminio-app",
"MEMORY": "2048M",
"NETWORK": "quackback-net",
"SELECTOR": "quackbackminio-app",
"VOLUMES": [
{
"SOURCE": "/etc/user/data/quackback/minio",
"DEST": "/data",
"TYPE": "rw"
}
],
"PORTS": [
{
"SOURCE": "null",
"DEST": "9000",
"TYPE": "tcp"
},
{
"SOURCE": "null",
"DEST": "9001",
"TYPE": "tcp"
}
],
"ENV_FILES": [
"/etc/user/secret/quackback/quackback.json"
],
"EXTRA": "--restart always",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "server /data --console-address \":9001\"",
"PRE_START": "null",
"POST_START": "null"
},
{
"IMAGE": "docker.dragonflydb.io/dragonflydb/dragonfly:v1.27.1",
"UPDATE": "true",
"NAME": "quackbackredis-server",
"MEMORY": "128M",
"NETWORK": "quackback-net",
"SELECTOR": "quackbackredis",
"PORTS": [
{
"SOURCE": "null",
"DEST": "6379",
"TYPE": "tcp"
}
],
"VOLUMES": [
{
"SOURCE": "/etc/user/data/quackback/dragonfly",
"DEST": "/data",
"TYPE": "rw"
}
],
"EXTRA": "--restart always --ulimit memlock=-1:-1",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "dragonfly --cluster_mode=emulated --lock_on_hashtags",
"PRE_START": "null",
"POST_START": "null"
},
{
"IMAGE": "minio/mc:latest",
"UPDATE": "true",
"NAME": "quackbackminio-init",
"NETWORK": "quackback-net",
"MEMORY": "256M",
"ENV_FILES": [
"/etc/user/secret/quackback/quackback.json"
],
"EXTRA": "--rm",
"DEPEND": "null",
"START_ON_BOOT": "false",
"ENTRYPOINT": "sh -c",
"CMD": "mc alias set local http://quackbackminio-app:9000 \"$MINIO_ROOT_USER\" \"$MINIO_ROOT_PASSWORD\"; mc mb local/quackback --ignore-existing; mc anonymous set download local/quackback; exit 0;",
"PRE_START": "null",
"POST_START": "null"
},
{
"IMAGE": "safebox/quackback:latest",
"UPDATE": "true",
"NAME": "quackbackapp",
"NETWORK": "quackback-net",
"SELECTOR": "quackback-app",
"PORTS": [
{
"SOURCE": "null",
"DEST": "3000",
"TYPE": "tcp"
}
],
"ENVS": [
{
"REDIS_URL": "redis://quackbackredis-server:6379"
},
{
"BASE_URL": "https://#DOMAIN"
},
{
"DISABLE_TELEMETRY": "true"
},
{
"EMAIL_SMTP_HOST": "#SMTP_HOST"
},
{
"EMAIL_SMTP_PORT": "#SMTP_PORT"
},
{
"EMAIL_FROM": "#SMTP_FROM_EMAIL"
},
{
"OPENAI_OPENAI_BASE_URL": "#OPENAI_BASE_URL"
},
{
"S3_ENDPOINT": "http://quackbackminio-app:9000"
},
{
"S3_BUCKET": "quackback"
},
{
"S3_REGION": "europe-east-1"
},
{
"S3_FORCE_PATH_STYLE": "true"
}
],
"ENV_FILES": [
"/etc/user/secret/quackback/quackback.json"
],
"EXTRA": "--restart always",
"DEPEND": [],
"START_ON_BOOT": "true",
"CMD": "null",
"PRE_START": "null",
"POST_START": [
"firewall-quackback",
"domain-quackback",
"firewall-quackback-dns",
"firewall-quackback-smtp"
]
}
]
}
quackback/template.json
+225
View File
File diff suppressed because one or more lines are too long
vaultwarden/service-vaultwarden.json
+1 -1
View File
@@ -35,7 +35,7 @@
"VOLUMES": [ "VOLUMES": [
{ {
"SOURCE": "/etc/user/data/vaultwarden/db", "SOURCE": "/etc/user/data/vaultwarden/db",
"DEST": "/var/lib/postgres", "DEST": "/var/lib/postgresql/data",
"TYPE": "rw" "TYPE": "rw"
} }
], ],