This commit is contained in:
iven 2026-06-05 18:47:33 +02:00 committed by GitHub
commit cafcfdda5f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 50 additions and 50 deletions

2
.gitattributes vendored
View file

@ -16,7 +16,7 @@
*.toml text eol=lf *.toml text eol=lf
Dockerfile* text eol=lf Dockerfile* text eol=lf
.dockerignore text eol=lf .dockerignore text eol=lf
docker-compose*.yml text eol=lf compose*.yaml text eol=lf
# Binary files # Binary files
*.png binary *.png binary

View file

@ -45,7 +45,7 @@ It contains up-to-date setup guides, configuration reference, and usage document
## Installation ## Installation
In order to run Zerobyte, you need to have Docker and Docker Compose installed on your server. Then, you can use the provided `docker-compose.yml` file to start the application. In order to run Zerobyte, you need to have Docker and Docker Compose installed on your server. Then, you can use the provided `compose.yaml` file to start the application.
```yaml ```yaml
services: services:
@ -151,7 +151,7 @@ See `examples/provisioned-resources/README.md` for a full example.
### Simplified setup (no remote mounts) ### Simplified setup (no remote mounts)
If you only need to back up locally-mounted folders and don't require remote share mounting capabilities, you can remove the `SYS_ADMIN` capability and FUSE device from your `docker-compose.yml`: If you only need to back up locally-mounted folders and don't require remote share mounting capabilities, you can remove the `SYS_ADMIN` capability and FUSE device from your `compose.yaml`:
```yaml ```yaml
services: services:
@ -190,7 +190,7 @@ Zerobyte supports multiple volume backends including NFS, SMB, WebDAV, SFTP, and
To add your first volume, navigate to the "Volumes" section in the web interface and click on "Create volume". Fill in the required details such as volume name, type, and connection settings. To add your first volume, navigate to the "Volumes" section in the web interface and click on "Create volume". Fill in the required details such as volume name, type, and connection settings.
If you want to backup a local directory on the same host where Zerobyte is running, you'll first need to mount that directory into the Zerobyte container. You can do this by adding a volume mapping in your `docker-compose.yml` file. For example, to mount `/path/to/your/directory` from the host to `/mydata` in the container, you would add the following line under the `volumes` section: If you want to backup a local directory on the same host where Zerobyte is running, you'll first need to mount that directory into the Zerobyte container. You can do this by adding a volume mapping in your `compose.yaml` file. For example, to mount `/path/to/your/directory` from the host to `/mydata` in the container, you would add the following line under the `volumes` section:
```diff ```diff
services: services:
@ -214,7 +214,7 @@ services:
+ - /path/to/your/directory:/mydata + - /path/to/your/directory:/mydata
``` ```
After updating the `docker-compose.yml` file, restart the Zerobyte container to apply the changes: After updating the `compose.yaml` file, restart the Zerobyte container to apply the changes:
```bash ```bash
docker compose down docker compose down
@ -265,7 +265,7 @@ Zerobyte can use [rclone](https://rclone.org/) to support 40+ cloud storage prov
rclone listremotes rclone listremotes
``` ```
4. **Mount the rclone config into the Zerobyte container** by updating your `docker-compose.yml`: 4. **Mount the rclone config into the Zerobyte container** by updating your `compose.yaml`:
```diff ```diff
services: services:

View file

@ -138,7 +138,7 @@ sudo aa-status
docker inspect --format='{{.AppArmorProfile}}' zerobyte docker inspect --format='{{.AppArmorProfile}}' zerobyte
``` ```
If AppArmor is enabled, you can disable it for the Zerobyte container by adding the following to your `docker-compose.yml`: If AppArmor is enabled, you can disable it for the Zerobyte container by adding the following to your `compose.yaml`:
```yaml ```yaml
services: services:

View file

@ -45,7 +45,7 @@ async function detectRclone(): Promise<boolean> {
return true; return true;
} catch (_) { } catch (_) {
logger.warn( logger.warn(
`rclone capability: disabled. ` + `To enable: mount rclone config at ${RCLONE_CONFIG_DIR} in docker-compose.yml`, `rclone capability: disabled. ` + `To enable: mount rclone config at ${RCLONE_CONFIG_DIR} in compose.yaml`,
); );
return false; return false;
} }
@ -83,10 +83,10 @@ async function detectSysAdmin(): Promise<boolean> {
return true; return true;
} }
logger.warn("sysAdmin capability: disabled. " + "To enable: add 'cap_add: SYS_ADMIN' in docker-compose.yml"); logger.warn("sysAdmin capability: disabled. " + "To enable: add 'cap_add: SYS_ADMIN' in compose.yaml");
return false; return false;
} catch (_error) { } catch (_error) {
logger.warn("sysAdmin capability: disabled. " + "To enable: add 'cap_add: SYS_ADMIN' in docker-compose.yml"); logger.warn("sysAdmin capability: disabled. " + "To enable: add 'cap_add: SYS_ADMIN' in compose.yaml");
return false; return false;
} }
} }

View file

@ -7,7 +7,7 @@ base_image="zerobyte-integration-runtime-base:latest"
compose_project="zerobyte-integration-$(basename "$repo_root" | tr '[:upper:]' '[:lower:]' | tr -cd 'a-z0-9_-')" compose_project="zerobyte-integration-$(basename "$repo_root" | tr '[:upper:]' '[:lower:]' | tr -cd 'a-z0-9_-')"
artifacts_dir="$script_dir/artifacts" artifacts_dir="$script_dir/artifacts"
sftp_artifacts_dir="$artifacts_dir/sftp" sftp_artifacts_dir="$artifacts_dir/sftp"
compose_file="$script_dir/infra/docker-compose.yml" compose_file="$script_dir/infra/compose.yaml"
docker_output_log="$artifacts_dir/docker-output.log" docker_output_log="$artifacts_dir/docker-output.log"
compose=(docker compose -f "$compose_file" -p "$compose_project") compose=(docker compose -f "$compose_file" -p "$compose_project")

View file

@ -23,7 +23,7 @@ Zerobyte supports six volume types. Each one is configured through the web UI wh
<Tab value="Directory"> <Tab value="Directory">
### Directory (local) ### Directory (local)
A local directory on the host machine, mounted into the Zerobyte container via your `docker-compose.yml` file. A local directory on the host machine, mounted into the Zerobyte container via your `compose.yaml` file.
**Use cases:** **Use cases:**
@ -37,7 +37,7 @@ Zerobyte supports six volume types. Each one is configured through the web UI wh
- **Path**, the path *inside the container* where the directory is mounted (e.g., `/data`) - **Path**, the path *inside the container* where the directory is mounted (e.g., `/data`)
<Callout type="info"> <Callout type="info">
You must first mount the host directory into the Zerobyte container by adding it to the `volumes` section of your `docker-compose.yml`. For example, to back up `/home/user/photos` on the host, add `- /home/user/photos:/photos:ro` to your compose file, restart the container, then create a Directory volume in the UI with the path `/photos`. You must first mount the host directory into the Zerobyte container by adding it to the `volumes` section of your `compose.yaml`. For example, to back up `/home/user/photos` on the host, add `- /home/user/photos:/photos:ro` to your compose file, restart the container, then create a Directory volume in the UI with the path `/photos`.
</Callout> </Callout>
</Tab> </Tab>
@ -245,7 +245,7 @@ Sensitive fields, such as passwords, private keys, and other secrets, are encryp
Provisioned volumes also support secret references: Provisioned volumes also support secret references:
- **`env://VARIABLE_NAME`**, resolves the value from an environment variable set in your `docker-compose.yml` during provisioning - **`env://VARIABLE_NAME`**, resolves the value from an environment variable set in your `compose.yaml` during provisioning
- **`file://secret_name`**, resolves the value from a Docker secrets file at `/run/secrets/secret_name` during provisioning - **`file://secret_name`**, resolves the value from a Docker secrets file at `/run/secrets/secret_name` during provisioning
During provisioning, Zerobyte resolves these references on startup and stores the resolved value encrypted in the database. During provisioning, Zerobyte resolves these references on startup and stores the resolved value encrypted in the database.

View file

@ -48,7 +48,7 @@ Zerobyte is configured through environment variables and Docker Compose settings
If you prefer not to place the app secret directly in `environment:`, mount it as a file and point `APP_SECRET_FILE` at that path. If you prefer not to place the app secret directly in `environment:`, mount it as a file and point `APP_SECRET_FILE` at that path.
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
environment: environment:
@ -184,7 +184,7 @@ This allows you to keep credentials in your deployment configuration rather than
### Example with Docker Secrets ### Example with Docker Secrets
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
environment: environment:

View file

@ -81,7 +81,7 @@ Header values are stored as plain text. Use a scoped webhook secret rather than
For Docker Compose on Linux, `host.docker.internal` usually needs an explicit host gateway entry: For Docker Compose on Linux, `host.docker.internal` usually needs an explicit host gateway entry:
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
extra_hosts: extra_hosts:
@ -230,7 +230,7 @@ Once the test works, run `webhook` under your normal process manager.
Add the webhook server origin to Zerobyte: Add the webhook server origin to Zerobyte:
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
extra_hosts: extra_hosts:

View file

@ -96,7 +96,7 @@ Create a `provisioning.json` file:
Mount the provisioning file and set `PROVISIONING_PATH`: Mount the provisioning file and set `PROVISIONING_PATH`:
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
image: ghcr.io/nicotsx/zerobyte:v0.38 image: ghcr.io/nicotsx/zerobyte:v0.38

View file

@ -72,9 +72,9 @@ Replace `myremote` with the name you chose during configuration.
## Mounting rclone config into the container ## Mounting rclone config into the container
Zerobyte needs access to your rclone configuration file to discover and use your remotes. Mount it as a read-only volume in your `docker-compose.yml`: Zerobyte needs access to your rclone configuration file to discover and use your remotes. Mount it as a read-only volume in your `compose.yaml`:
```yaml docker-compose.yml ```yaml compose.yaml
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /var/lib/zerobyte:/var/lib/zerobyte - /var/lib/zerobyte:/var/lib/zerobyte
@ -90,7 +90,7 @@ docker compose down && docker compose up -d
<Callout type="info"> <Callout type="info">
For non-root container environments (e.g., TrueNAS), the config must be mounted to the correct user home directory. Set the `RCLONE_CONFIG_DIR` environment variable accordingly: For non-root container environments (e.g., TrueNAS), the config must be mounted to the correct user home directory. Set the `RCLONE_CONFIG_DIR` environment variable accordingly:
```yaml docker-compose.yml ```yaml compose.yaml
environment: environment:
- RCLONE_CONFIG_DIR=/home/appuser/.config/rclone - RCLONE_CONFIG_DIR=/home/appuser/.config/rclone
volumes: volumes:
@ -157,9 +157,9 @@ Rclone volumes mount cloud storage as a filesystem inside the container, allowin
### Ensure FUSE support ### Ensure FUSE support
Your `docker-compose.yml` must include `SYS_ADMIN` and `/dev/fuse`: Your `compose.yaml` must include `SYS_ADMIN` and `/dev/fuse`:
```yaml docker-compose.yml ```yaml compose.yaml
cap_add: cap_add:
- SYS_ADMIN - SYS_ADMIN
devices: devices:
@ -214,7 +214,7 @@ If your rclone remote uses SFTP with `key_file` authentication, the path in the
**Recommended.** Mount your SSH keys into the container so rclone can find them at the expected path: **Recommended.** Mount your SSH keys into the container so rclone can find them at the expected path:
```yaml docker-compose.yml ```yaml compose.yaml
volumes: volumes:
- ~/.ssh:/root/.ssh:ro - ~/.ssh:/root/.ssh:ro
``` ```
@ -235,7 +235,7 @@ This avoids any file path issues since the key is stored directly in the rclone
Forward your host's SSH agent socket into the container: Forward your host's SSH agent socket into the container:
```yaml docker-compose.yml ```yaml compose.yaml
environment: environment:
- SSH_AUTH_SOCK=/ssh-agent - SSH_AUTH_SOCK=/ssh-agent
volumes: volumes:
@ -288,7 +288,7 @@ If you mount the rclone config as a read-only volume (`:ro`), the updated tokens
If the rclone remote dropdown is empty when creating a repository or volume: If the rclone remote dropdown is empty when creating a repository or volume:
- Verify the rclone config is mounted correctly. Check that `~/.config/rclone/rclone.conf` exists on the host. - Verify the rclone config is mounted correctly. Check that `~/.config/rclone/rclone.conf` exists on the host.
- Confirm the mount path in `docker-compose.yml` matches the expected location inside the container (`/root/.config/rclone` by default, or the path set in `RCLONE_CONFIG_DIR`). - Confirm the mount path in `compose.yaml` matches the expected location inside the container (`/root/.config/rclone` by default, or the path set in `RCLONE_CONFIG_DIR`).
- Restart the container after updating the volume mount. - Restart the container after updating the volume mount.
### Failed to create file system ### Failed to create file system
@ -303,7 +303,7 @@ This usually means rclone cannot authenticate with the remote:
If you see errors related to FUSE when creating rclone volumes: If you see errors related to FUSE when creating rclone volumes:
- Ensure your `docker-compose.yml` includes `cap_add: [SYS_ADMIN]` and `devices: [/dev/fuse:/dev/fuse]`. - Ensure your `compose.yaml` includes `cap_add: [SYS_ADMIN]` and `devices: [/dev/fuse:/dev/fuse]`.
- Confirm you are running on a Linux host. FUSE mounts do not work with Docker on macOS or Windows. - Confirm you are running on a Linux host. FUSE mounts do not work with Docker on macOS or Windows.
- Check that `/dev/fuse` exists on the host: `ls -la /dev/fuse`. - Check that `/dev/fuse` exists on the host: `ls -la /dev/fuse`.

View file

@ -7,9 +7,9 @@ When running Zerobyte behind a reverse proxy, you need to configure the `BASE_UR
## Prerequisites ## Prerequisites
Set the following environment variables in your `docker-compose.yml`: Set the following environment variables in your `compose.yaml`:
```yaml docker-compose.yml ```yaml compose.yaml
environment: environment:
- BASE_URL=https://zerobyte.example.com - BASE_URL=https://zerobyte.example.com
- TRUST_PROXY=true # Optional: trust X-Forwarded-For headers from your proxy - TRUST_PROXY=true # Optional: trust X-Forwarded-For headers from your proxy
@ -95,9 +95,9 @@ Caddy automatically handles `X-Forwarded-For`, `X-Forwarded-Proto`, and TLS, wit
### Traefik ### Traefik
If you run Traefik as your reverse proxy, add labels to the Zerobyte service in your `docker-compose.yml`: If you run Traefik as your reverse proxy, add labels to the Zerobyte service in your `compose.yaml`:
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
image: ghcr.io/nicotsx/zerobyte:v0.38 image: ghcr.io/nicotsx/zerobyte:v0.38
@ -126,7 +126,7 @@ Make sure your Traefik instance is configured with a `websecure` entrypoint and
If you are using a reverse proxy on the same machine, bind the Zerobyte port to `127.0.0.1` so it is not directly accessible from the network: If you are using a reverse proxy on the same machine, bind the Zerobyte port to `127.0.0.1` so it is not directly accessible from the network:
```yaml docker-compose.yml ```yaml compose.yaml
ports: ports:
- "127.0.0.1:4096:4096" - "127.0.0.1:4096:4096"
``` ```

View file

@ -27,9 +27,9 @@ This example uses a sidecar networking pattern where Zerobyte shares the Tailsca
<Steps> <Steps>
<Step> <Step>
### Create docker-compose.yml ### Create compose.yaml
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
tailscale: tailscale:
image: tailscale/tailscale:stable image: tailscale/tailscale:stable

View file

@ -45,11 +45,11 @@ docker compose version
The standard installation includes remote mount support (NFS, SMB, WebDAV, SFTP) and requires elevated container capabilities. The standard installation includes remote mount support (NFS, SMB, WebDAV, SFTP) and requires elevated container capabilities.
### 1. Create docker-compose.yml ### 1. Create compose.yaml
Create a `docker-compose.yml` file with the following configuration: Create a `compose.yaml` file with the following configuration:
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
image: ghcr.io/nicotsx/zerobyte:v0.38 image: ghcr.io/nicotsx/zerobyte:v0.38
@ -78,7 +78,7 @@ Remote mounts are convenient, but they can expose translated ownership, permissi
### 2. Configure Environment Variables ### 2. Configure Environment Variables
Update the environment variables in your `docker-compose.yml`: Update the environment variables in your `compose.yaml`:
**Generate APP_SECRET:** **Generate APP_SECRET:**
@ -179,7 +179,7 @@ On first access, you'll be prompted to create an admin account. This account wil
If you only need to back up locally mounted directories and don't require remote share mounting (NFS, SMB, WebDAV, SFTP), you can use a reduced-privilege deployment: If you only need to back up locally mounted directories and don't require remote share mounting (NFS, SMB, WebDAV, SFTP), you can use a reduced-privilege deployment:
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
image: ghcr.io/nicotsx/zerobyte:v0.38 image: ghcr.io/nicotsx/zerobyte:v0.38
@ -219,7 +219,7 @@ services:
</ul> </ul>
<Callout type="info"> <Callout type="info">
If you need remote mount capabilities later, you can update your `docker-compose.yml` to add back the `cap_add: SYS_ADMIN` and `devices: /dev/fuse:/dev/fuse` directives. If you need remote mount capabilities later, you can update your `compose.yaml` to add back the `cap_add: SYS_ADMIN` and `devices: /dev/fuse:/dev/fuse` directives.
If your goal is the closest thing to true replication, prefer local bind-mounted directories whenever possible. See [Mounted Shares and Permissions](/docs/guides/mounted-shares-and-acls) for the practical tradeoffs. If your goal is the closest thing to true replication, prefer local bind-mounted directories whenever possible. See [Mounted Shares and Permissions](/docs/guides/mounted-shares-and-acls) for the practical tradeoffs.
</Callout> </Callout>
@ -256,7 +256,7 @@ The mounted directories will be available inside the container at the specified
If you use provisioning, Zerobyte can resolve secrets from environment variables or Docker secret files before storing the resolved value encrypted in the database: If you use provisioning, Zerobyte can resolve secrets from environment variables or Docker secret files before storing the resolved value encrypted in the database:
```yaml docker-compose.yml ```yaml compose.yaml
services: services:
zerobyte: zerobyte:
image: ghcr.io/nicotsx/zerobyte:v0.38 image: ghcr.io/nicotsx/zerobyte:v0.38
@ -316,7 +316,7 @@ rclone config
### Mount Config into Container ### Mount Config into Container
Update your `docker-compose.yml`: Update your `compose.yaml`:
```yaml ```yaml
volumes: volumes:

View file

@ -106,7 +106,7 @@ For this quick start, we'll add a local directory. First, ensure the directory i
#### Mount the Directory #### Mount the Directory
Update your `docker-compose.yml` to mount the directory you want to backup: Update your `compose.yaml` to mount the directory you want to backup:
```yaml ```yaml
services: services:
@ -757,7 +757,7 @@ Verify:
Ensure: Ensure:
- Directory is mounted in `docker-compose.yml` - Directory is mounted in `compose.yaml`
- Container was restarted after mounting: `docker compose restart` - Container was restarted after mounting: `docker compose restart`
- Path matches the container path, not host path - Path matches the container path, not host path

View file

@ -65,7 +65,7 @@ sudo mount -t cifs //server/share /mnt/your-remote-share -o credentials=/path/to
``` ```
```yaml ```yaml
# Then in docker-compose.yml # Then in compose.yaml
volumes: volumes:
- /mnt/your-remote-share:/data - /mnt/your-remote-share:/data
``` ```

View file

@ -12,7 +12,7 @@ At startup, Zerobyte reads the provisioning file, resolves any `env://...` or `f
## What this example includes ## What this example includes
- `docker-compose.yml` mounts a provisioning file and a Docker secret. - `compose.yaml` mounts a provisioning file and a Docker secret.
- `.env.example` provides the environment variables used by `env://...` references. - `.env.example` provides the environment variables used by `env://...` references.
- `provisioning.example.json` provisions one S3 repository and one WebDAV volume. - `provisioning.example.json` provisions one S3 repository and one WebDAV volume.
- `secrets/aws_secret_access_key.example` shows the file consumed by `file://aws_secret_access_key`. - `secrets/aws_secret_access_key.example` shows the file consumed by `file://aws_secret_access_key`.

View file

@ -12,7 +12,7 @@ TS_HOSTNAME=zerobyte
# Kernel-mode (false) vs userspace-mode (true). # Kernel-mode (false) vs userspace-mode (true).
# - false: requires /dev/net/tun on the host # - false: requires /dev/net/tun on the host
# - true: works on Docker Desktop / hosts without TUN, but you must also remove # - true: works on Docker Desktop / hosts without TUN, but you must also remove
# the /dev/net/tun device mapping from docker-compose.yml # the /dev/net/tun device mapping from compose.yaml
TS_USERSPACE=false TS_USERSPACE=false
# Optional extra args passed to `tailscale up`. # Optional extra args passed to `tailscale up`.

View file

@ -54,7 +54,7 @@ This example supports two Tailscale modes:
- Over Tailscale: `http://<tailscale-ip>:4096` or `http://<tailscale-name>:4096` (if MagicDNS is enabled) - Over Tailscale: `http://<tailscale-ip>:4096` or `http://<tailscale-name>:4096` (if MagicDNS is enabled)
- Locally (optional): the example publishes `4096:4096` on the host - Locally (optional): the example publishes `4096:4096` on the host
If you want Zerobyte to be reachable only via Tailscale, remove the `ports:` section from the `tailscale` service in [docker-compose.yml](docker-compose.yml). Zerobyte will still be able to access the internet and other resources outside the tailnet, but UI will only be accessible over Tailscale with possibility to further restrict access to it with ACLs/tags. If you want Zerobyte to be reachable only via Tailscale, remove the `ports:` section from the `tailscale` service in [compose.yaml](compose.yaml). Zerobyte will still be able to access the internet and other resources outside the tailnet, but UI will only be accessible over Tailscale with possibility to further restrict access to it with ACLs/tags.
## Notes ## Notes
@ -76,7 +76,7 @@ The example uses these environment variables (see [.env.example](.env.example)):
- If the `tailscale` container cant start due to missing TUN support, ensure your host has `/dev/net/tun` available and that Docker is allowed to use it. - If the `tailscale` container cant start due to missing TUN support, ensure your host has `/dev/net/tun` available and that Docker is allowed to use it.
- If your tailnet uses ACLs/tags, set `TS_EXTRA_ARGS` accordingly (for example `--advertise-tags=tag:backup`). - If your tailnet uses ACLs/tags, set `TS_EXTRA_ARGS` accordingly (for example `--advertise-tags=tag:backup`).
- If the `tailscale` container fails due to Docker Desktop / missing TUN support: set `TS_USERSPACE=true` in your `.env`, remove the `/dev/net/tun:/dev/net/tun` device mapping in [docker-compose.yml](docker-compose.yml), and keep `SYS_MODULE` disabled (commented out). - If the `tailscale` container fails due to Docker Desktop / missing TUN support: set `TS_USERSPACE=true` in your `.env`, remove the `/dev/net/tun:/dev/net/tun` device mapping in [compose.yaml](compose.yaml), and keep `SYS_MODULE` disabled (commented out).
To confirm the tailnet address of the container: To confirm the tailnet address of the container: