fix(postiz): add temporal worker and UI services to postiz template#811
fix(postiz): add temporal worker and UI services to postiz template#811chahat1709 wants to merge 134 commits into
Conversation
- Add Rote deployment template with frontend, backend, and PostgreSQL services - Configure domain routing for frontend (port 80) and backend (port 3000) - Set up automatic password generation and environment variables - Use latest image tag by default - Add logo and metadata to meta.json
…demirror/autocomplete', '@radix-ui/react-dialog', and React packages to their latest versions. This includes updates to '@types/react' and '@types/react-dom' for improved compatibility and performance.
… target 'canary' branch for pull requests.
… and future modifications.
…deployment process and clarity.
* Update template.toml * Update template.toml * Update template.toml
feat: add Rote template
…shrouded-server for autoupdate and easier config
changed image to mornedhels/enshrouded-server
* feat: add Openinary template * feat: update Openinary configuration to support ALLOWED_ORIGIN and refactor domain variable
… template files - Introduced a GitHub Actions workflow to validate Docker Compose files and template.toml on pull requests. - Added helper functions for generating random values and processing variables in templates. - Implemented validation scripts for checking the structure, syntax, and best practices of Docker Compose and template files. - Created necessary TypeScript types and configuration files for the build scripts.
* feat(templates): add Passbolt blueprint for Dokploy - Add docker-compose.yml defining services for Passbolt and MariaDB - Create template.toml with configurable domain, email, and database credentials - Add meta.json with metadata, tags, and link to logo * fix(meta): sort meta.json entries * fix: passbolt template had several issues that broke deployment - env variables were using old array format, changed to new table format - mariadb healthcheck was broken (wrong command for mariadb 11) - missing volume mounts for gpg keys, jwt tokens, and database - setup instructions weren't visible to users, moved to docker-compose - email config had circular references causing warnings - tested admin user creation and confirmed working everything works now, fully tested * Update blueprints/passbolt/template.toml --------- Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
* feat: Add Kokoro TTS FastAPI template (Dokploy#353) - Add CPU-optimized docker-compose.yml with source build - Add GPU-optimized docker-compose-gpu.yml for NVIDIA support - Add comprehensive template.toml with OpenAI-compatible API docs - Add kokoro-tts.svg logo and meta.json entry - Support streaming audio, timestamps, and multi-language TTS - Resolves Dokploy#353 * updated the meta.json for the build errors * removed the docker-compose-gpu.yml file * Update docker-compose.yml --------- Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
Co-authored-by: Aaron McGuire <git.figment276@passmail.net>
…ork instructions (Dokploy#595) * fix: superset version fixed, tweak network instructions * chore: simplify mapbox key * fix: volume mount * deps: bump superset to 6.0.0
* feat: Add imgproxy template * fix: Configure docker-compose to match requirements * fix: Process meta * fix: Change logo name * fix: Remove incorrect mounts * fix: Expose 80 port instead of direct mapping * fix: Change nginx cache keys default zone size and correct format negotiation * fix: Escaping
…mproved setup (Dokploy#672) * Update docker-compose.yml * fix: stable nextcloud, add redis, auto config, fixed mariadb * fix: meta nextcloud * fix: vars * fix: non capital * fix: template.toml * fix: env vars * fix: var naming * fix: command * fix: command * another try * keep it simple * fix toml * retry classic * add: admin user * no aito install * feat: automated fixes * fix file pasth * fix: manual script * fix: script * fix: png logo * fix: meta logo data --------- Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
* feat: add MediaFetch template * Corrected .toml * .toml
* feat: add unleash template * feat: update unleash template to version 7.4.0 and fix formatting * feat: update database user in unleash template from postgres to unleash
…y#696) * Update Notifuse template: replace PASETO with SECRET_KEY auth * Update docker-compose.yml --------- Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
* chore: update convex backend and dashboard images, switch from port mapping to expose in docker-compose.yml * fix: set default value for DISABLE_BEACON in docker-compose.yml
* Update grafana 12.4 * Update meta.json
* feat: add tuwunel template for matrix * fix: replace HTML placeholder with actual SVG logo for tuwunel * fix: remove enforcement and rename logo
dosubot
Bot
added
the
size:XL
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| condition: service_healthy | ||
|
|
||
| postiz-temporal: | ||
| image: temporalio/auto-setup:1.27.2 |
There was a problem hiding this comment.
temporalio/auto-setup is deprecated
The temporalio/auto-setup image is officially deprecated and no longer maintained or receiving security updates. The Docker Hub page explicitly states: "temporalio/server paired with temporalio/admin-tools, with examples at github.com/temporalio/samples-server/tree/main/compose.
| - POSTGRES_USER=${DB_USER} | ||
| - POSTGRES_PWD=${DB_PASSWORD} | ||
| - POSTGRES_SEEDS=postiz-temporal-postgres | ||
| - DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/production-sql.yaml |
There was a problem hiding this comment.
production-sql.yaml not bundled in the image
DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/production-sql.yaml references a file that is not shipped with the temporalio/auto-setup image. The image only includes development-sql.yaml and development-cass.yaml as default dynamic config files. Without a volume mount providing this file, Temporal will fail to read its dynamic config at startup. Since postiz-app depends on postiz-temporal being healthy, the entire stack will fail to start. Either mount a custom production-sql.yaml or change this to the existing config/dynamicconfig/development-sql.yaml.
| - DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/production-sql.yaml | |
| - DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development-sql.yaml |
| postiz-temporal-postgres: | ||
| image: postgres:15-alpine | ||
| restart: always | ||
| environment: | ||
| POSTGRES_PASSWORD: ${DB_PASSWORD} | ||
| POSTGRES_USER: ${DB_USER} | ||
| volumes: | ||
| - postiz-temporal-db-data:/var/lib/postgresql/data | ||
| healthcheck: | ||
| test: pg_isready -U ${DB_USER} | ||
| interval: 10s | ||
| timeout: 3s | ||
| retries: 3 |
There was a problem hiding this comment.
postiz-temporal-postgres reuses the same ${DB_USER} and ${DB_PASSWORD} as the main postiz-postgres. While these are isolated containers, the Temporal auto-setup image creates its own internal databases (temporal, temporal_visibility) using these credentials. Consider introducing a separate variable (e.g., TEMPORAL_DB_PASSWORD) for the Temporal postgres instance.
There was a problem hiding this comment.
Pull request overview
This PR updates Dokploy blueprint templates and the central meta.json index. While the PR title/description focuses on fixing the Postiz template by adding Temporal services, the changes also introduce multiple new blueprints and adjust several existing templates/versions.
Changes:
- Add Temporal (server, UI, and Postgres) services and wiring to the
postizblueprint. - Add several new templates/metadata entries (e.g., imgproxy, mediafetch, tuwunel, unleash, verdaccio) and related assets.
- Update/adjust existing templates (e.g., Nextcloud, Grafana, Convex, EvolutionAPI, Notifuse).
Reviewed changes
Copilot reviewed 19 out of 26 changed files in this pull request and generated 14 comments.
Show a summary per file
| File | Description |
|---|---|
| meta.json | Updates Grafana version, modifies nextcloud-aio metadata, and adds new template entries (imgproxy/mediafetch/strapi/tuwunel/unleash/verdaccio). |
| blueprints/postiz/docker-compose.yml | Adds Temporal server/UI/Postgres services and app env/depends_on wiring. |
| blueprints/mediafetch/template.toml | Introduces MediaFetch template configuration (currently inconsistent with other templates’ domain/env patterns). |
| blueprints/mediafetch/docker-compose.yml | Adds MediaFetch compose definition (uses latest, sets PUBLIC_BASE_URL). |
| blueprints/mediafetch/mediafetch.svg | Adds MediaFetch logo asset. |
| blueprints/imgproxy/template.toml | Adds imgproxy template variables/env and domain mapping. |
| blueprints/imgproxy/docker-compose.yml | Adds imgproxy + nginx caching compose stack. |
| blueprints/imgproxy/imgproxy.png | Adds imgproxy logo asset. |
| blueprints/unleash/template.toml | Adds Unleash template variables and env export. |
| blueprints/unleash/docker-compose.yml | Adds Unleash + Postgres compose stack and healthchecks. |
| blueprints/unleash/unleash.png | Adds Unleash logo asset. |
| blueprints/tuwunel/template.toml | Adds Tuwunel template variables/env and domain mapping. |
| blueprints/tuwunel/docker-compose.yml | Adds Tuwunel compose definition. |
| blueprints/tuwunel/tuwunel.svg | Adds Tuwunel logo asset. |
| blueprints/verdaccio/template.toml | Adds Verdaccio template with a mounted config.yaml content. |
| blueprints/verdaccio/docker-compose.yml | Adds Verdaccio compose definition (publishes a port). |
| blueprints/verdaccio/verdaccio.svg | Adds Verdaccio logo asset. |
| blueprints/notifuse/template.toml | Replaces embedded PASETO keys with generated SECRET_KEY and simplifies env. |
| blueprints/notifuse/docker-compose.yml | Refactors Notifuse compose env/volumes/healthcheck. |
| blueprints/nextcloud-aio/template.toml | Expands Nextcloud template env and adds an optimization script mount. |
| blueprints/nextcloud-aio/docker-compose.yml | Switches Nextcloud to stable, pins MariaDB, adds Redis, mounts the script. |
| blueprints/nextcloud-aio/nextcloud.png | Adds/updates Nextcloud logo asset. |
| blueprints/nextcloud-aio/nextcloud-aio.svg | Removes the old Nextcloud AIO SVG asset. |
| blueprints/grafana/docker-compose.yml | Updates Grafana image tag to match the new version. |
| blueprints/evolutionapi/docker-compose.yml | Switches EvolutionAPI image to an unpinned latest tag. |
| blueprints/convex/docker-compose.yml | Updates Convex image digest and switches from ports to expose. |
| services: | ||
| nextcloud: | ||
| image: nextcloud:32.0.5 | ||
| image: nextcloud:stable |
There was a problem hiding this comment.
nextcloud:stable is not a fixed version, which makes the template non-reproducible and risks unexpected breakage on upstream releases. Pin to a specific Nextcloud tag (and keep meta.json.version aligned with it).
| image: nextcloud:stable | |
| image: nextcloud:30.0.4 |
| "id": "nextcloud-aio", | ||
| "name": "Nextcloud All in One", | ||
| "version": "30.0.2", | ||
| "description": "Nextcloud (AIO) is a self-hosted file storage and sync platform with powerful collaboration capabilities. It integrates Files, Talk, Groupware, Office, Assistant and more into a single platform for remote work and data protection.", | ||
| "logo": "nextcloud-aio.svg", | ||
| "name": "Nextcloud", | ||
| "version": "stable", | ||
| "description": "Nextcloud is a self-hosted file storage and sync platform with powerful collaboration capabilities. It integrates Files, Talk, Groupware, Office, Assistant and more into a single platform for remote work and data protection.", | ||
| "logo": "nextcloud.png", |
There was a problem hiding this comment.
The nextcloud-aio meta entry was changed to name/version Nextcloud/stable. This is confusing because the id still implies the AIO distribution, and stable is not a pinned version. Either keep this entry as a Nextcloud AIO template (and use an AIO image/version), or rename/create a separate nextcloud template and pin a concrete version string.
| postiz-temporal-ui: | ||
| image: temporalio/ui:2.30.0 | ||
| restart: always | ||
| environment: | ||
| - TEMPORAL_ADDRESS=postiz-temporal:7233 | ||
| - TEMPORAL_CORS_ORIGINS=https://${POSTIZ_HOST} | ||
| depends_on: | ||
| postiz-temporal: | ||
| condition: service_healthy | ||
|
|
There was a problem hiding this comment.
postiz-temporal-ui is added, but the blueprint's template.toml still exposes only postiz-app. As a result, users likely won't be able to reach the Temporal UI unless an additional [[config.domains]] entry (or other routing mechanism) is added for this service.
| image: verdaccio/verdaccio:6 | ||
| environment: | ||
| - VERDACCIO_PORT=4873 | ||
| ports: |
There was a problem hiding this comment.
This compose uses ports: for Verdaccio. Dokploy templates generally avoid publishing ports directly (routing is handled by Dokploy) and use expose: instead. Consider removing ports and switching to expose: - 4873 to align with the documented template conventions.
| ports: | |
| expose: |
| host = "${main_domain}" | ||
|
|
||
| [[config.mounts]] | ||
| filePath = "/conf/config.yaml" |
There was a problem hiding this comment.
The mounted Verdaccio config is created under ../files/conf/config.yaml and mounted into /verdaccio/conf by the compose file, but the mount's filePath is declared as /conf/config.yaml here. To avoid confusion/misconfiguration, consider changing filePath to match the actual in-container path (/verdaccio/conf/config.yaml) and mounting the file directly to that path in docker-compose.yml.
| filePath = "/conf/config.yaml" | |
| filePath = "/verdaccio/conf/config.yaml" |
| restart: always | ||
| environment: | ||
| - TEMPORAL_ADDRESS=postiz-temporal:7233 | ||
| - TEMPORAL_CORS_ORIGINS=https://${POSTIZ_HOST} |
There was a problem hiding this comment.
TEMPORAL_CORS_ORIGINS is set to an HTTPS URL by default. Repo guidance is to prefer HTTP by default for URL env vars unless HTTPS is explicitly required by the application. Consider using http://${POSTIZ_HOST} here and relying on the proxy for TLS.
| - TEMPORAL_CORS_ORIGINS=https://${POSTIZ_HOST} | |
| - TEMPORAL_CORS_ORIGINS=http://${POSTIZ_HOST} |
|
|
||
| [config.env] | ||
| ROOT_EMAIL = "${email}" | ||
| API_ENDPOINT = "https://${main_domain}" |
There was a problem hiding this comment.
API_ENDPOINT is set to an HTTPS URL by default. Repo guidance is to default URL env vars to HTTP unless the app explicitly requires HTTPS, since TLS is typically terminated at the proxy layer. Consider changing this to http://${main_domain}.
| API_ENDPOINT = "https://${main_domain}" | |
| API_ENDPOINT = "http://${main_domain}" |
|
|
||
| [config] | ||
| [[config.domains]] | ||
| name = "Domain" | ||
| variable = "DOMAIN" | ||
| serviceName = "mediafetch" | ||
| port = 3002 |
There was a problem hiding this comment.
template.toml uses non-standard [[config.domains]] fields (name/variable) and omits the required host mapping used across other templates. This is likely to prevent Dokploy from routing traffic. Align this to the usual pattern (define main_domain = "${domain}" and set host = "${main_domain}").
| [config] | |
| [[config.domains]] | |
| name = "Domain" | |
| variable = "DOMAIN" | |
| serviceName = "mediafetch" | |
| port = 3002 | |
| main_domain = "${domain}" | |
| [config] | |
| [[config.domains]] | |
| serviceName = "mediafetch" | |
| port = 3002 | |
| host = "${main_domain}" |
| BASIC_AUTH_USER = "admin" | ||
| BASIC_AUTH_PASS = "${password:12}" | ||
|
|
||
| [config] |
There was a problem hiding this comment.
The compose file references ${BASIC_AUTH_USER}, ${BASIC_AUTH_PASS}, and ${DOMAIN}, but this template doesn't define any config.env entries to export those variables for compose-time substitution. Add them to [config.env] (or config.env = [...]) so the deployment has the required values.
| [config] | |
| [config] | |
| [[config.env]] | |
| name = "BASIC_AUTH_USER" | |
| value = "${BASIC_AUTH_USER}" | |
| [[config.env]] | |
| name = "BASIC_AUTH_PASS" | |
| value = "${BASIC_AUTH_PASS}" | |
| [[config.env]] | |
| name = "DOMAIN" | |
| value = "${DOMAIN}" |
| port = 3002 | ||
|
|
||
| [[config.mounts]] | ||
| name = "Downloads" | ||
| filePath = "/data/downloads" | ||
| content = "mediafetch" No newline at end of file |
There was a problem hiding this comment.
[[config.mounts]] here creates a file/directory in ../files, but the compose already persists downloads via the named volume mediafetch_data. As written, this mount is unused by docker-compose.yml and the content = "mediafetch" is unlikely to be meaningful. Consider removing this mount block or wiring it up consistently (e.g., mount ../files/... into the container instead of a named volume).
| port = 3002 | |
| [[config.mounts]] | |
| name = "Downloads" | |
| filePath = "/data/downloads" | |
| content = "mediafetch" | |
| port = 3002 |
This PR adds the requisite Temporal containers (postiz-temporal, postiz-temporal-ui, postiz-temporal-postgres) to the postiz docker-compose blueprint. This addresses the missing task orchestration capabilities originally missing from the template. Healthchecks have been mapped correctly across the cluster for startup synchronization.
Greptile Summary
This PR adds
postiz-temporal,postiz-temporal-ui, andpostiz-temporal-postgresservices to the postiz blueprint to enable Temporal workflow orchestration. The healthcheck dependency chain is wired correctly, but there are two functional issues that would prevent a successful deployment.temporalio/auto-setupis officially deprecated on Docker Hub and is no longer receiving updates or security patches; the Temporal project now recommendstemporalio/server+temporalio/admin-tools.DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/production-sql.yamlreferences a file that does not ship with theauto-setupimage (onlydevelopment-sql.yamlis bundled). This will cause Temporal to fail at startup and cascade the failure topostiz-appvia itsservice_healthydependency, making the entire stack undeployable.Confidence Score: 3/5
Not safe to merge — two P1 issues (deprecated image and missing dynamic config file) will prevent the postiz stack from starting successfully.
The
production-sql.yamlconfig path points to a file that does not exist in the Temporal image, and theauto-setupimage itself is deprecated. Both are P1 findings on the primary changed file that will cause the template to fail on deployment.blueprints/postiz/docker-compose.yml— the Temporal service configuration needs the dynamic config path corrected and the deprecated image addressed.Security Review
temporalio/auto-setupimage (blueprints/postiz/docker-compose.yml, line 33) means no future CVE patches will be applied to this image layer, increasing long-term exposure risk for deployed instances.Comments Outside Diff (1)
blueprints/postiz/template.toml, line 1-22 (link)postiz-temporal-uiservice has no domain mappingThe
postiz-temporal-uiservice (running on port 8080) is added to the compose file buttemplate.tomlhas no corresponding[[config.domains]]entry for it. Users deploying via Dokploy will have no way to access the Temporal web UI without manually adding a domain. If exposing the UI is intentional, add a domain entry; if it's meant to be internal-only, a comment in the compose file would help clarify intent.Reviews (1): Last reviewed commit: "fix(postiz): Address AI review feedback,..." | Re-trigger Greptile
Context used: