adding docker example updates

This commit is contained in:
2025-09-09 10:44:35 -04:00
parent 4685c970af
commit 49a2c1788a
4 changed files with 112 additions and 24 deletions
+5
View File
@@ -58,3 +58,8 @@ temp/
# Docker
.dockerignore
# Local development files (not for public repo)
*.local
CODE_STRUCTURE.local
RESTART_SUMMARY.md
+15 -4
View File
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
## [Unreleased] - v0.6.0
### Added
- **🔐 Secure Configuration System**: Two-file configuration with automatic API key masking
- **Main `.env`**: Paths and preferences (safe to share for debugging)
- **Separate `.env.secrets`**: API keys and passwords (never committed to git)
- **Automatic Loading**: Both files loaded at startup with python-dotenv
- **Log Security**: API keys automatically masked in all log output
- **Git Protection**: Updated .gitignore prevents accidental commits of sensitive data
- **🎯 Configurable Release Date Priority System**: Revolutionary smart fallback for manual imports
- **Configurable Priority Order**: `RELEASE_DATE_PRIORITY=digital,physical,theatrical` (customizable)
- **Digital Releases**: VOD/streaming dates (Netflix, iTunes, etc.) - TMDB type 4
@@ -30,15 +36,20 @@ All notable changes to this project will be documented in this file.
- OMDb API for DVD/digital release dates
- Jellyseerr integration for additional digital release data
- **Deployment Documentation**:
- `SETUP.md` - Secure configuration setup guide
- `DEPLOYMENT.md` - Complete Docker deployment guide
- `TESTING.md` - Testing strategy and troubleshooting
- `.env.template` - Comprehensive configuration template
- `docker-compose.yml` - Production-ready deployment
- `.env.template` - Clean main configuration template
- `.env.secrets.template` - Secure secrets configuration template
- `docker-compose.yml` - Production-ready deployment with volume mounts
### Changed
- **Configuration Management**: Removed hardcoded paths, fully environment variable driven
- **Configuration Management**: Secure two-file system replaces single .env approach
- **Separated Concerns**: Main config (.env) vs sensitive data (.env.secrets)
- **Enhanced Security**: API key masking and git protection built-in
- **Docker Integration**: Updated docker-compose.yml with proper volume mounts
- **Movie Priority Logic**: Enhanced `import_then_digital` to intelligently handle file date fallbacks
- **README.md**: Complete rewrite with all API endpoints, curl examples, and response formats
- **README.md**: Complete rewrite with secure configuration examples and curl commands
### Fixed
- **Manual Import Handling**: Movies manually imported to Radarr now use digital release dates instead of file modification dates
+73 -13
View File
@@ -50,27 +50,87 @@ It integrates with **Sonarr** and **Radarr**, listens for import/rename/upgrade
---
## 🚀 Quick Start (Docker)
## 🚀 Quick Start (Docker Compose)
```bash
# 1. Copy configuration templates
cp .env.template .env
cp .env.secrets.template .env.secrets
# 2. Edit your configuration files
# .env - paths and preferences (safe to share)
# .env.secrets - API keys and passwords (never commit)
# 3. Start NFOGuard
docker-compose up -d
```
**Docker Compose (Recommended)**:
```yaml
version: '3.8'
services:
nfoguard:
image: ghcr.io/your-org/nfoguard:latest
container_name: nfoguard
ports:
- "8080:8080"
volumes:
- /mnt/unionfs/Media:/media:rw
- ./data:/app/data
- ./.env:/app/.env:ro # Main configuration
- ./.env.secrets:/app/.env.secrets:ro # Secure API keys
restart: unless-stopped
```
**Docker Run (Alternative)**:
```bash
docker run -d \
--name=NFOGuard \
-p 8080:8080 \
-v /mnt/unionfs/Media:/media:rw \
-v /opt/NFOGuard/data:/app/data \
-e TV_PATHS="/media/TV/tv,/media/TV/tv6" \
-e MOVIE_PATHS="/media/Movies/movies,/media/Movies/movies6" \
-v /opt/NFOGuard/.env:/app/.env:ro \
-v /opt/NFOGuard/.env.secrets:/app/.env.secrets:ro \
ghcr.io/your-org/NFOGuard:latest
⚙️ Environment Variables
Variable Default Description
TV_PATHS /media/tv,/media/tv6 Comma-separated list of TV root paths
MOVIE_PATHS /media/movies,/media/movies6 Comma-separated list of Movie root paths
DB_PATH /app/data/media_dates.db Path to SQLite database
MANAGE_NFO true Write/update NFO files
FIX_DIR_MTIMES true Sync directory/file mtimes to import date
LOCK_METADATA true Add <lockdata> in NFOs
BATCH_DELAY 5.0 Delay before processing batched events
DEBUG false Enable verbose logging
```
## 🔧 Configuration Files
NFOGuard uses a **secure two-file configuration system**:
### **`.env` - Main Configuration** (safe to share)
```bash
# Media paths
MOVIE_PATHS=/media/Movies/movies,/media/Movies/movies6
TV_PATHS=/media/TV/tv,/media/TV/tv6
# Release date priority (digital, physical, theatrical)
RELEASE_DATE_PRIORITY=digital,physical,theatrical
PREFER_RELEASE_DATES_OVER_FILE_DATES=true
ALLOW_FILE_DATE_FALLBACK=false
# Database connection
RADARR_DB_HOST=radarr-postgres
RADARR_DB_PORT=5432
RADARR_DB_NAME=radarr
RADARR_DB_USER=postgres
```
### **`.env.secrets` - Sensitive Data** (never commit)
```bash
# Database password
RADARR_DB_PASSWORD=your_actual_password
# API keys
TMDB_API_KEY=your_tmdb_api_key
RADARR_API_KEY=your_radarr_api_key
SONARR_API_KEY=your_sonarr_api_key
```
**Security Features**:
- 🔐 **API key masking** in logs automatically
- 🚫 **Git protection** - secrets never committed
- 🛠️ **Easy debugging** - main .env safe to share
🔌 API Endpoints
+17 -5
View File
@@ -1,8 +1,10 @@
version: '3.8'
services:
NFOguard:
nfoguard:
# image: ghcr.io/sbcrumb/nfoguard:latest # Use this once package is public
build: . # Temporary local build
container_name: NFOguard
container_name: nfoguard
restart: unless-stopped
user: "1000:1000"
networks:
@@ -10,11 +12,21 @@ services:
ports:
- "8085:8080"
volumes:
# Media directory
- /mnt/unionfs/Media/:/media:rw
# NFOGuard data directory for database and logs
- ./data:/app/data:rw
- ./.env:/app/.env:ro
env_file:
- .env
# Configuration files (SECURE TWO-FILE SYSTEM)
- ./.env:/app/.env:ro # Main config (safe to share)
- ./.env.secrets:/app/.env.secrets:ro # API keys & passwords (never commit)
# Optional: Can use env_file for simple setups, but file mounting is more secure
# env_file:
# - .env
# - .env.secrets
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
interval: 30s