homelab/files/docker/rss/docker-stack.yaml

networks:
  reverse-proxy:
    external: true

volumes:
  fresh_rss_data:
  fresh_rss_extensions:
  linkding_data:

services:
  freshrss:
    image: freshrss/freshrss:latest
    container_name: freshrss
    hostname: freshrss
    restart: unless-stopped
    networks:
        - reverse-proxy
    logging:
      options:
        max-size: 10m
    volumes:
      - fresh_rss_data:/var/www/FreshRSS/data
      - fresh_rss_extensions:/var/www/FreshRSS/extensions
    environment:
      TZ: America/Santiago
      CRON_MIN: '3,33'
      TRUSTED_PROXY: 10.0.10.0/24

      OIDC_ENABLED: 1
      OIDC_PROVIDER_METADATA_URL: https://auth.alecodes.page/.well-known/openid-configuration
      OIDC_CLIENT_ID: ${FR_OIDC_CLIENT_ID}
      OIDC_CLIENT_SECRET: ${FR_OIDC_CLIENT_SECRET}
      OIDC_CLIENT_CRYPTO_KEY: ${FR_OIDC_CLIENT_CRYPTO_KEY}
      OIDC_REMOTE_USER_CLAIM: preferred_username
      OIDC_SCOPES: openid groups email profile
      OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto

    deploy:
      rollback_config:
        failure_action: continue
      update_config:
        delay: 2s
        failure_action: rollback
        order: start-first
      placement:
        constraints:
          - node.labels.services_kind==${SERVICE_KIND:-common}
      labels:
        - traefik.enable=true
        - traefik.http.routers.freshrss.rule=Host(`rss.alecodes.page`)
        - traefik.http.services.freshrss.loadbalancer.server.port=80
  linkding:
    image: sissbruecker/linkding:latest
    restart: unless-stopped
    networks:
        - reverse-proxy
    volumes:
      - linkding_data:/etc/linkding/data"
    environment:
      LD_ENABLE_OIDC: "True"
      OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.alecodes.page/api/oidc/authorization
      OIDC_OP_TOKEN_ENDPOINT: https://auth.alecodes.page/api/oidc/token
      OIDC_OP_USER_ENDPOINT: https://auth.alecodes.page/api/oidc/userinfo
      OIDC_OP_JWKS_ENDPOINT: https://auth.alecodes.page/jwks.json

      OIDC_RP_CLIENT_ID: ${LD_OIDC_CLIENT_ID}
      OIDC_RP_CLIENT_SECRET: ${LD_OIDC_CLIENT_SECRET}

      LD_CSRF_TRUSTED_ORIGINS: https://bookmarks.alecodes.page

    deploy:
      rollback_config:
        failure_action: continue
      update_config:
        delay: 2s
        failure_action: rollback
        order: start-first
      placement:
        constraints:
          - node.labels.services_kind==${SERVICE_KIND:-common}
      labels:
        - traefik.enable=true
        - traefik.http.routers.linkding.rule=Host(`bookmarks.alecodes.page`)
        - traefik.http.services.linkding.loadbalancer.server.port=9090