From 4db71b9f90e6177b825744271f0544ea2657aea6 Mon Sep 17 00:00:00 2001
From: "Trez.One" <charish.patel@trez.wtf>
Date: Tue, 19 May 2026 07:57:01 -0400
Subject: [PATCH] Adding Patchmon server.

---
 docker-compose.yml | 95 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5be9504..1d5ca38 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -170,6 +170,97 @@ services:
       - ${RIKKU_DOCKER_DIR}/homeassistant:/config
       - /etc/localtime:/etc/localtime:ro
       - /run/dbus:/run/dbus:ro
+  patchmon-server:
+    container_name: patchmon-server
+    depends_on:
+      patchmon-pg-db:
+        condition: service_healthy
+      patchmon-redis:
+        condition: service_healthy
+      patchmon-guacd:
+        condition: service_healthy
+    environment:
+      CORS_ORIGIN: "*"
+      POSTGRES_HOST: patchmon-pg-db
+      DATABASE_URL: postgresql://patchmon:${PATCHMON_PG_PASSWORD}@patchmon-pg-db:5432/${POSTGRES_DB}
+      ENABLE_LOGGING: true
+      GUACD_ADDRESS: patchmon-guacd:4822
+      LOG_LEVEL: debug
+      REDIS_HOST: patchmon-redis
+      SESSION_SECRET: ${PATCHMON_SESSION_SECRET}
+      AI_ENCRYPTION_KEY: ${PATCHMON_AI_ENCRYPTION_KEY}
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: ${PATCHMON_REDIS_PASSWORD}
+      REDIS_DB: 0
+      TRUST_PROXY: true
+      TZ: ${TZ}
+    image: ghcr.io/patchmon/patchmon-server:latest
+    ports:
+      - 3000:3000
+    restart: unless-stopped
+  patchmon-pg-db:
+    image: postgres:17-alpine
+    restart: unless-stopped
+    environment:
+      POSTGRES_PASSWORD: ${PATCHMON_PG_PASSWORD}
+      POSTGRES_USER: patchmon
+      POSTGRES_DB: patchmon
+    expose:
+      - 5432
+    volumes:
+      - patchmon-pg-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
+      interval: 3s
+      timeout: 5s
+      retries: 7
+  patchmon-redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    environment:
+      TZ: ${TZ}
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: ${PATCHMON_REDIS_PASSWORD}
+      REDIS_DB: 0
+    expose:
+      - 6379
+    command: redis-server --requirepass ${REDIS_PASSWORD}
+    volumes:
+      - patchmon-redis-data:/data
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "redis-cli",
+          "--no-auth-warning",
+          "-a",
+          "${REDIS_PASSWORD}",
+          "ping",
+        ]
+      interval: 3s
+      timeout: 5s
+      retries: 7
+  patchmon-guacd:
+    container_name: patchmon-guacd
+    image: guacamole/guacd:latest
+    expose:
+      - 4822
+    restart: unless-stopped
+    read_only: true
+    tmpfs:
+      - /tmp:size=64m
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    mem_limit: 512m
+    cpus: "1.0"
+    healthcheck:
+      test: ["CMD-SHELL", "nc -z localhost 4822 || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
   portainer-agent:
     container_name: portainer_agent
     image: portainer/agent:latest@sha256:dc0e8285f8b4c105c3237f1cc0022f92dd265c53ced5f53b9ce7c9741144e879
@@ -303,5 +394,9 @@ services:
 volumes:
   dockflare_data:
     name: dockflare_data
+  patchmon-pg-data:
+    name: patchmon-pg-data
+  patchmon-redis-data:
+    name: patchmon-redis-data
   renovate-valkey-data:
     name: renovate-valkey-data