Add Rackpad compose stacks

rackpad-compose.yml

@@ -0,0 +1,88 @@
+# ============================================
+# Rackpad — HomeLab Inventory / IPAM / Topology
+# ============================================
+# Candidate deployment target: standalone Docker host / Portainer Compose environment.
+# Recommended first target for Wheelz's HomeLab: Docker-Test-1 or a dedicated Proxmox LXC.
+#
+# Why regular Compose instead of Swarm:
+# - Rackpad discovery works best with host networking + raw-socket capabilities.
+# - Docker Swarm is a poor fit for network_mode: host discovery and node-local SQLite data.
+# - Keep Rackpad close to the management LAN/VLANs it needs to inventory.
+#
+# Deploy:
+#   docker compose --env-file rackpad.env -f rackpad-compose.yml up -d
+#
+# Validate:
+#   docker compose --env-file rackpad.env.example -f rackpad-compose.yml config
+#
+# Notes:
+# - Uses a local Docker volume for /data because Rackpad stores SQLite state there.
+# - Do not commit real OIDC client secrets, SNMP secrets, or RACKPAD_SECRET_KEY.
+# ============================================
+
+services:
+  rackpad:
+    image: ${RACKPAD_IMAGE:-ghcr.io/kobii-git/rackpad}:${RACKPAD_TAG:-1.6.1}
+    container_name: rackpad
+    user: "0:0"
+    init: true
+    restart: unless-stopped
+    network_mode: host
+    cap_add:
+      - NET_RAW
+      - NET_ADMIN
+      - NET_BIND_SERVICE
+    environment:
+      NODE_ENV: production
+      HOST: 0.0.0.0
+      PORT: ${RACKPAD_PORT:-3002}
+      DATABASE_PATH: /data/rackpad.db
+      MONITOR_INTERVAL_MS: ${MONITOR_INTERVAL_MS:-300000}
+      TRUST_PROXY: ${TRUST_PROXY:-0}
+      TRUSTED_HOSTS: ${TRUSTED_HOSTS:-}
+      TRUSTED_ORIGINS: ${TRUSTED_ORIGINS:-}
+      APP_URL: ${APP_URL:-}
+      OIDC_ENABLED: ${OIDC_ENABLED:-0}
+      OIDC_ISSUER_URL: ${OIDC_ISSUER_URL:-}
+      OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-}
+      OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-}
+      OIDC_REDIRECT_URI: ${OIDC_REDIRECT_URI:-}
+      OIDC_LABEL: ${OIDC_LABEL:-OIDC}
+      OIDC_DEFAULT_ROLE: ${OIDC_DEFAULT_ROLE:-viewer}
+      OIDC_DEBUG: ${OIDC_DEBUG:-0}
+      OIDC_ADMIN_USERS: ${OIDC_ADMIN_USERS:-}
+      OIDC_EDITOR_USERS: ${OIDC_EDITOR_USERS:-}
+      OIDC_VIEWER_USERS: ${OIDC_VIEWER_USERS:-}
+      OIDC_ADMIN_GROUPS: ${OIDC_ADMIN_GROUPS:-}
+      OIDC_EDITOR_GROUPS: ${OIDC_EDITOR_GROUPS:-}
+      OIDC_VIEWER_GROUPS: ${OIDC_VIEWER_GROUPS:-}
+      OUI_AUTO_UPDATE: ${OUI_AUTO_UPDATE:-1}
+      DISCOVERY_MAC_SCAN_MODE: ${DISCOVERY_MAC_SCAN_MODE:-auto}
+      RACKPAD_SECRET_KEY: ${RACKPAD_SECRET_KEY:-}
+      SNMP_INVENTORY_SYNC: ${SNMP_INVENTORY_SYNC:-0}
+      SNMP_TRAP_ENABLED: ${SNMP_TRAP_ENABLED:-1}
+      SNMP_TRAP_PORT: ${SNMP_TRAP_PORT:-1162}
+      SNMP_TRAP_BIND: ${SNMP_TRAP_BIND:-0.0.0.0}
+    volumes:
+      - rackpad_data:/data
+    read_only: true
+    tmpfs:
+      - /tmp
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "node",
+          "-e",
+          "fetch('http://127.0.0.1:' + (process.env.PORT || '3002') + '/api/health').then((res) => process.exit(res.ok ? 0 : 1)).catch(() => process.exit(1))",
+        ]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
+volumes:
+  rackpad_data:
+    driver: local