diff --git a/docker-compose/apps-1/sparky-fitness/.env b/docker-compose/apps-1/sparky-fitness/.env new file mode 100644 index 0000000..9f6b08c --- /dev/null +++ b/docker-compose/apps-1/sparky-fitness/.env @@ -0,0 +1,210 @@ +# SparkyFitness Environment Variables +# Copy this file to .env in the root directory and fill in your own values before running 'docker-compose up'. + +# --- PostgreSQL Database Settings --- +# These values should match the ones used by your PostgreSQL container. +# For local development (running Node.js directly), use 'localhost' or '127.0.0.1' if PostgreSQL is on your host. +SPARKY_FITNESS_DB_NAME=sparkyfitness_db +#SPARKY_FITNESS_DB_USER is super user for DB initialization and migrations. +SPARKY_FITNESS_DB_USER=sparky +SPARKY_FITNESS_DB_PASSWORD=changeme_db_password +# Application database user with limited privileges. it can be changed any time after initialization. +SPARKY_FITNESS_APP_DB_USER=sparky_app +SPARKY_FITNESS_APP_DB_PASSWORD=password + +# For Docker Compose deployments, SPARKY_FITNESS_DB_HOST will be the service name (e.g., 'sparkyfitness-db'). +#SPARKY_FITNESS_DB_HOST=sparkyfitness-db + +# SPARKY_FITNESS_DB_PORT controls the HOST port for external database access (e.g., pgAdmin, DBeaver). +# To use this, you must also uncomment the 'ports' section under sparkyfitness-db in docker-compose.prod.yml. +# Inside Docker, containers always communicate on port 5432 (the internal PostgreSQL port). +# Changing this value will NOT affect container-to-container communication. +#SPARKY_FITNESS_DB_PORT=5432 + +# --- Backend Server Settings --- +# The hostname or IP address of the backend server. +# For Docker Compose, this is typically the service name (e.g., 'sparkyfitness-server'). +# For local development or other deployments, this might be 'localhost' or a specific IP. +SPARKY_FITNESS_SERVER_HOST=sparkyfitness-server +# The external port the server will be exposed on. +SPARKY_FITNESS_SERVER_PORT=3010 + + + +# The public URL of your frontend (e.g., https://fitness.example.com). This is crucial for CORS security. +# For local development, use http://localhost:8080. For production, use your domain with https. +SPARKY_FITNESS_FRONTEND_URL=http://localhost:3004 + + +# Allow CORS requests from private network addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, localhost, etc.) +# SECURITY WARNING: Only enable this if you are running on a private/self-hosted network. +# Do NOT enable on shared hosting or cloud environments where other users might access your network. +# Default: false (secure default - only the configured SPARKY_FITNESS_FRONTEND_URL is allowed) +#ALLOW_PRIVATE_NETWORK_CORS=false + +# A comma-separated list of additional URLs that Better Auth should trust. +# This is useful when accessing the app from a specific local IP on your network. +# Example: SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS=http://192.168.1.175:8080,http://10.0.0.5:8080 +# SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS= + +# Logging level for the server (e.g., INFO, DEBUG, WARN, ERROR) +SPARKY_FITNESS_LOG_LEVEL=ERROR + +# Node.js environment mode (e.g., development, production, test) +# Set to 'production' for deployment to ensure optimal performance and security. +NODE_ENV=production + +# Server timezone. Use a TZ database name (e.g., 'America/New_York', 'Etc/UTC'). +# This affects how dates/times are handled by the server if not explicitly managed in code. +TZ=Europe/Lisbon + +# --- Security Settings --- +# A 64-character hex string for data encryption. +# You can generate a secure key with the following command: +# openssl rand -hex 32 +# or +# node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" +# Changing this will invalidate existing encrypted data. You will need to delete and add External Data sources again. +SPARKY_FITNESS_API_ENCRYPTION_KEY=b65743a2f9946be8b7f14083f59183f26bc07c9d2d352a96b2d186a06907e111 +# For Docker Swarm/Kubernetes secrets, you can use a file-based secret: +# SPARKY_FITNESS_API_ENCRYPTION_KEY_FILE=/run/secrets/sparkyfitness_api_key + +# BETTER_AUTH_SECRET is used to sign sessions and encrypt 2FA/TOTP data. +# CRITICAL: If you change this after users have enabled 2FA, they will be LOCKED OUT of their accounts. +# Ensure this is set to a strong, persistent value during initial setup and is never changed. +# If you MUST change it, all users must disable Two-Factor Authentication (TOTP) first. +BETTER_AUTH_SECRET=297f9b19e4f13b3ce45af8f1fcc8234264223b6c2052e1f51ea6869583325ecc +# For Docker Swarm/Kubernetes secrets, you can use a file-based secret: +# BETTER_AUTH_SECRET_FILE=/run/secrets/sparkyfitness_better_auth_secret + +# --- Signup Settings --- +# Set to 'true' to disable new user registrations. +SPARKY_FITNESS_DISABLE_SIGNUP=false + +# --- Admin Settings --- +# Set the email of a user to automatically grant admin privileges on server startup. +# This is useful for development or initial setup. +# Example: SPARKY_FITNESS_ADMIN_EMAIL=admin@example.com +# Optional. If not set, no admin user will be created automatically. +SPARKY_FITNESS_ADMIN_EMAIL=sparkyfitness@lino.cooking + +# --- OIDC Authentication Configuration --- +# Set to 'true' to disable email/password login on the login page (overridden by SPARKY_FITNESS_FORCE_EMAIL_LOGIN). +SPARKY_FITNESS_DISABLE_EMAIL_LOGIN=true + +# Set to 'true' to enable OIDC login. When set, overrides the database value from Admin > Authentication Settings. +SPARKY_FITNESS_OIDC_AUTH_ENABLED=true + +# Display name and provider slug (URL-safe id) for the ENV-configured OIDC provider. +SPARKY_FITNESS_OIDC_PROVIDER_SLUG=pocket-id +SPARKY_FITNESS_OIDC_PROVIDER_NAME=Pocket ID + +SPARKY_FITNESS_OIDC_AUTO_REGISTER=true +SPARKY_FITNESS_OIDC_LOGO_URL=https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/svg/pocket-id.svg + +# OIDC issuer URL (e.g. https://example.com). Discovery URL is derived as issuer + /.well-known/openid-configuration. +# When set with CLIENT_ID, CLIENT_SECRET and PROVIDER_SLUG, an ENV-configured OIDC provider is upserted at startup. +SPARKY_FITNESS_OIDC_ISSUER_URL=https://auth.lino.cooking/application/o/{{slug}}/ + +# SPARKY_FITNESS_OIDC_DOMAIN=example.com + +# OIDC client credentials from your IdP. +# SPARKY_FITNESS_OIDC_CLIENT_ID= +# SPARKY_FITNESS_OIDC_CLIENT_SECRET= + +# SPARKY_FITNESS_OIDC_SCOPE=openid email profile + +# Set to 'true' to allow auto-redirect to the single OIDC provider when email login is disabled. +SPARKY_FITNESS_OIDC_AUTO_REDIRECT=true + +# Group/claim values from your IdP for role mapping (admin vs user). Configure your IdP to send these in token claims. +# SPARKY_FITNESS_OIDC_ADMIN_GROUP=Admin +# --- Advanced OIDC Settings --- +# SPARKY_FITNESS_OIDC_TOKEN_AUTH_METHOD=client_secret_post +# SPARKY_FITNESS_OIDC_ID_TOKEN_SIGNED_ALG=RS256 +# SPARKY_FITNESS_OIDC_USERINFO_SIGNED_ALG=none +# SPARKY_FITNESS_OIDC_TIMEOUT=30000 + +# Set custom uploads and backups directory. Only needed for standalone installation +# SPARKY_FITNESS_CUSTOM_UPLOADS_DIRECTORY= +# SPARKY_FITNESS_CUSTOM_BACKUP_DIRECTORY= +# +# --- Login Management Fail-Safe --- +# Set to 'true' to force email/password login to be enabled, overriding any in-app settings. +# This is a fail-safe to prevent being locked out if OIDC is misconfigured. +# SPARKY_FITNESS_FORCE_EMAIL_LOGIN=true + +# --- Email Settings (Optional) --- +# Configure these variables if you want to enable email notifications (e.g., for password resets). +# If not configured, email functionality will be disabled. +# SPARKY_FITNESS_EMAIL_HOST=smtp.example.com +# SPARKY_FITNESS_EMAIL_PORT=587 +# SPARKY_FITNESS_EMAIL_SECURE=true # Use 'true' for TLS/SSL, 'false' for plain text +# SPARKY_FITNESS_EMAIL_USER=your_email@example.com +# SPARKY_FITNESS_EMAIL_PASS=your_email_password +# SPARKY_FITNESS_EMAIL_FROM=no-reply@example.com + +# --- Volume Paths (Optional) --- +# These paths define where Docker volumes will store persistent data on your host. +# If not set, Docker will manage volumes automatically in its default location. +DB_PATH=/data/sparky-fitness/postgresql # Path for PostgreSQL database data +SERVER_BACKUP_PATH=/data/sparky-fitness/backup # Path for server backups +SERVER_UPLOADS_PATH=/data/sparky-fitness/uploads # Path for profile pictures and exercise images + + +# --- API Key Rate Limiting (Optional) --- +# Override the default rate limit for API key authentication (used by automation tools like n8n). +# Defaults to 100 requests per 60-second window if not set. +#SPARKY_FITNESS_API_KEY_RATELIMIT_WINDOW_MS=60000 +#SPARKY_FITNESS_API_KEY_RATELIMIT_MAX_REQUESTS=100 + +# --- Start of Garmin Integration Settings --- +#Below variables are needed only for Garmin integration. If you don't use Garmin integration, you can remove them in your .env file. + + +# The URL for the Garmin microservice. +# For Docker Compose, this would typically be the service name and port (e.g., 'http://sparkyfitness-garmin:8000'). +# For local development, use 'http://localhost:8000' or the port you've configured. + +# GARMIN_MICROSERVICE_URL=http://sparkyfitness-garmin:8000 + + +# This is used for Garmin Connect synchronization. +# If you are not using Garmin integration, you don't need this. Make sure this matches with GARMIN_MICROSERVICE_URL. +# GARMIN_SERVICE_PORT=8000 + +# set to true for China region. Everything else should be false. Optional - defaults to false +# GARMIN_SERVICE_IS_CN=false + +# --- End of Garmin Integration Settings --- + + + +# --- MCP Server Settings --- +# The port the MCP server will listen on. +# SPARKY_FITNESS_MCP_PORT=3001 + +# Vision API Settings (for sparky_analyze_food_image and sparky_scan_label) +# Supported providers: gemini, openai, anthropic +# VISION_API_PROVIDER=gemini +# VISION_API_KEY= + +# Set to 'true' to enable developer tools (e.g., sparky_inspect_schema) +# Requires the authenticated user to have the 'admin' role. +# DEV_TOOLS_ENABLED=false + +# ----- Developers Section ----- +# Data source for external integrations (fitbit, garmin, withings). +# By default, these use live APIs. Set to 'local' to use mock data from the mock_data directory. +# To use these variables, you will also need to pass to Server container. For Garmin, pass to Garmin container. + +#SPARKY_FITNESS_FITBIT_DATA_SOURCE=local +#SPARKY_FITNESS_WITHINGS_DATA_SOURCE=local +#SPARKY_FITNESS_GARMIN_DATA_SOURCE=local +#SPARKY_FITNESS_POLAR_DATA_SOURCE=local +#SPARKY_FITNESS_HEVY_DATA_SOURCE=local + +# Set to 'true' to capture live API responses into mock data JSON files. Defaults to false. +#SPARKY_FITNESS_SAVE_MOCK_DATA=false + +#----------------------------- diff --git a/docker-compose/apps-1/sparky-fitness/compose.yaml b/docker-compose/apps-1/sparky-fitness/compose.yaml new file mode 100644 index 0000000..e59713b --- /dev/null +++ b/docker-compose/apps-1/sparky-fitness/compose.yaml @@ -0,0 +1,70 @@ +services: + sparkyfitness-db: + image: postgres:18.3-alpine + container_name: sparkyfitness-db + restart: always + # Uncomment below to expose PostgreSQL to the host (e.g., for pgAdmin, DBeaver). + # ports: + # - "${SPARKY_FITNESS_DB_PORT:-5432}:5432" + environment: + POSTGRES_DB: ${SPARKY_FITNESS_DB_NAME:?Variable is required and must be set} + POSTGRES_USER: ${SPARKY_FITNESS_DB_USER:?Variable is required and must be set} + POSTGRES_PASSWORD: ${SPARKY_FITNESS_DB_PASSWORD:?Variable is required and must be set} + PUID: 1000 + GUID: 1000 + volumes: + - ${DB_PATH:-./postgresql}:/var/lib/postgresql + + sparkyfitness-server: + image: codewithcj/sparkyfitness_server:latest # Use pre-built image + environment: + SPARKY_FITNESS_LOG_LEVEL: ${SPARKY_FITNESS_LOG_LEVEL} + ALLOW_PRIVATE_NETWORK_CORS: ${ALLOW_PRIVATE_NETWORK_CORS:-false} + SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS: ${SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS:-} + SPARKY_FITNESS_DB_USER: ${SPARKY_FITNESS_DB_USER:-sparky} + SPARKY_FITNESS_DB_HOST: ${SPARKY_FITNESS_DB_HOST:-sparkyfitness-db} # Use the service name 'sparkyfitness-db' for inter-container communication + SPARKY_FITNESS_DB_NAME: ${SPARKY_FITNESS_DB_NAME} + SPARKY_FITNESS_DB_PASSWORD: ${SPARKY_FITNESS_DB_PASSWORD:?Variable is required and must be set} + SPARKY_FITNESS_APP_DB_USER: ${SPARKY_FITNESS_APP_DB_USER:-sparkyapp} + SPARKY_FITNESS_APP_DB_PASSWORD: ${SPARKY_FITNESS_APP_DB_PASSWORD:?Variable is required and must be set} + SPARKY_FITNESS_DB_PORT: 5432 # Uses internal container port. Do NOT change this if SPARKY_FITNESS_DB_HOST is using container name. + SPARKY_FITNESS_API_ENCRYPTION_KEY: ${SPARKY_FITNESS_API_ENCRYPTION_KEY:?Variable is required and must be set} + # Uncomment the line below and comment the line above to use a file-based secret + # SPARKY_FITNESS_API_ENCRYPTION_KEY_FILE: /run/secrets/sparkyfitness_api_key + + BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:?Variable is required and must be set} + # Uncomment the line below and comment the line above to use a file-based secret + # BETTER_AUTH_SECRET_FILE: /run/secrets/sparkyfitness_better_auth_secret + SPARKY_FITNESS_FRONTEND_URL: ${SPARKY_FITNESS_FRONTEND_URL:-http://0.0.0.0:3004} + SPARKY_FITNESS_DISABLE_SIGNUP: ${SPARKY_FITNESS_DISABLE_SIGNUP} + SPARKY_FITNESS_ADMIN_EMAIL: ${SPARKY_FITNESS_ADMIN_EMAIL} #User with this email can access the admin panel + SPARKY_FITNESS_EMAIL_HOST: ${SPARKY_FITNESS_EMAIL_HOST} + SPARKY_FITNESS_EMAIL_PORT: ${SPARKY_FITNESS_EMAIL_PORT} + SPARKY_FITNESS_EMAIL_SECURE: ${SPARKY_FITNESS_EMAIL_SECURE} + SPARKY_FITNESS_EMAIL_USER: ${SPARKY_FITNESS_EMAIL_USER} + SPARKY_FITNESS_EMAIL_PASS: ${SPARKY_FITNESS_EMAIL_PASS} + SPARKY_FITNESS_EMAIL_FROM: ${SPARKY_FITNESS_EMAIL_FROM} + GARMIN_MICROSERVICE_URL: http://sparkyfitness-garmin:8000 # Add Garmin microservice URL + PUID: 1000 + GUID: 1000 + restart: always + depends_on: + - sparkyfitness-db # Backend depends on the database being available + volumes: + - ${SERVER_BACKUP_PATH:-./backup}:/app/SparkyFitnessServer/backup # Mount volume for backups + - ${SERVER_UPLOADS_PATH:-./uploads}:/app/SparkyFitnessServer/uploads # Mount volume for Profile pictures and excercise images + + sparkyfitness-frontend: + image: codewithcj/sparkyfitness:latest # Use pre-built image + ports: + - "8087:80" # Map host port 8087 to container port 80 (Nginx) + environment: + SPARKY_FITNESS_FRONTEND_URL: ${SPARKY_FITNESS_FRONTEND_URL} + SPARKY_FITNESS_SERVER_HOST: sparkyfitness-server # Internal Docker service name for the backend + SPARKY_FITNESS_SERVER_PORT: 3010 # Port the backend server listens on + PUID: 1000 + GUID: 1000 + restart: always + depends_on: + - sparkyfitness-server # Frontend depends on the server + #- sparkyfitness-garmin # Frontend depends on Garmin microservice. Enable if you are using Garmin Connect features.