{
  "meta": "name: libretime-secure\ntitle: LibreTime (EasyPanel) - Secure\ndescription: \"Plantilla segura que evita archivos con secretos en claro: genera el config desde variables/secretos del panel mediante un servicio generador.\"\nversion: \"1.0.0\"\nauthor: \"Tu nombre\"\nlogo: logo.png\nscreenshot: screenshot.png\ntags:\n  - media\n  - radio\n  - docker\n  - libretime\n\nform:\n  - id: postgres_password\n    type: password\n    title: Contraseña Postgres\n  - id: rabbitmq_password\n    type: password\n    title: Contraseña RabbitMQ\n  - id: public_url\n    type: string\n    title: URL pública\n    default: \"http://{{hostname}}:8080\"\n  - id: libretime_version\n    type: string\n    title: LibreTime image version\n    default: \"4.5\"\n",
  "files": [
    {
      "path": "docker/nginx/default.conf",
      "encoding": "utf8",
      "content": "server {\n  listen 8080;\n  listen [::]:8080;\n\n  root /var/www/html/public;\n\n  index index.php index.html index.htm;\n\n  client_max_body_size 512M;\n  client_body_timeout 300s;\n\n  location ~ \\.php$ {\n    fastcgi_buffers 64 4K;\n    fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n\n    try_files $fastcgi_script_name =404;\n\n    include fastcgi_params;\n\n    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n    set $path_info $fastcgi_path_info;\n    fastcgi_param PATH_INFO $path_info;\n    include fastcgi_params;\n\n    fastcgi_index index.php;\n    fastcgi_pass legacy:9000;\n  }\n\n  location / {\n    try_files $uri $uri/ /index.php$is_args$args;\n  }\n\n  location ^~ /api/_media {\n    internal;\n    alias /srv/libretime;\n  }\n\n  location ^~ /api/version {\n    return 307 /api/v2/version;\n  }\n\n  location ^~ /api/version/ {\n    return 307 /api/v2/version;\n  }\n\n  location = /api/register-component {\n    try_files $uri $uri/ /index.php$is_args$args;\n  }\n\n  location = /api/register-component/ {\n    try_files $uri $uri/ /index.php$is_args$args;\n  }\n\n  location /api/ {\n    proxy_set_header Host $http_host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n    proxy_redirect off;\n    proxy_pass http://api:9001;\n  }\n\n  location ~ ^/api/(v2|browser) {\n    proxy_set_header Host $http_host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n\n    proxy_redirect off;\n    proxy_pass http://api:9001;\n  }\n}\n"
    },
    {
      "path": "docker-compose.yml",
      "encoding": "utf8",
      "content": "version: '3.8'\nservices:\n  postgres:\n    image: postgres:15\n    environment:\n      POSTGRES_USER: libretime\n      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}\n      POSTGRES_DB: libretime\n    volumes:\n      - postgres_data:/var/lib/postgresql/data\n\n  rabbitmq:\n    image: rabbitmq:3.13-alpine\n    environment:\n      RABBITMQ_DEFAULT_VHOST: /libretime\n      RABBITMQ_DEFAULT_USER: libretime\n      RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS}\n\n  api:\n    image: ghcr.io/libretime/libretime-api:${LIBRETIME_VERSION:-4.5}\n    environment:\n      - LIBRETIME_GENERAL_PUBLIC_URL=${LIBRETIME_GENERAL_PUBLIC_URL:-http://localhost:8080}\n      - LIBRETIME_CONFIG_FROM_ENV=true\n    volumes:\n      - libretime_storage:/srv/libretime\n    depends_on:\n      - postgres\n      - rabbitmq\n\n  legacy:\n    image: ghcr.io/libretime/libretime-legacy:${LIBRETIME_VERSION:-4.5}\n    environment:\n      - LIBRETIME_CONFIG_FROM_ENV=true\n    volumes:\n      - libretime_storage:/srv/libretime\n    depends_on:\n      - postgres\n      - rabbitmq\n\n  nginx:\n    image: ghcr.io/libretime/libretime-nginx:${LIBRETIME_VERSION:-4.5}\n    ports:\n      - \"8080:8080\"\n    volumes:\n      - libretime_storage:/srv/libretime:ro\n      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro\n    depends_on:\n      - legacy\n      - api\n\nvolumes:\n  postgres_data:\n  libretime_storage:\n"
    },
    {
      "path": "index.ts",
      "encoding": "utf8",
      "content": "import { Template } from '@easypanel/template-sdk';\n\n// This secure template generates the docker-compose and uses environment variables\n// so that secrets are not stored in files inside the project. Instead, config\n// is generated at container start from env vars injected by the panel.\n\nconst t: Template = {\n  meta: require('./meta.yaml'),\n  render: (values: any) => {\n  const libVersion = values.libretime_version || '4.5';\n    const publicUrl = values.public_url || 'http://{{hostname}}:8080';\n\n    const compose = `version: '3.8'\nservices:\n  postgres:\n    image: postgres:15\n    environment:\n      POSTGRES_USER: libretime\n      POSTGRES_PASSWORD: ${values.postgres_password ? `'${values.postgres_password}'` : \"\\\"\\\"\"}\n      POSTGRES_DB: libretime\n    volumes:\n      - postgres_data:/var/lib/postgresql/data\n\n  rabbitmq:\n    image: rabbitmq:3.13-alpine\n    environment:\n      RABBITMQ_DEFAULT_VHOST: /libretime\n      RABBITMQ_DEFAULT_USER: libretime\n      RABBITMQ_DEFAULT_PASS: ${values.rabbitmq_password ? `'${values.rabbitmq_password}'` : \"\\\"\\\"\"}\n\n  api:\n    image: ghcr.io/libretime/libretime-api:${libVersion}\n    environment:\n      - LIBRETIME_GENERAL_PUBLIC_URL=${publicUrl}\n      - LIBRETIME_CONFIG_FROM_ENV=true\n    volumes:\n      - libretime_storage:/srv/libretime\n    depends_on:\n      - postgres\n      - rabbitmq\n\n  # composer not included; follow standard LibreTime docker installation\n\n  legacy:\n    image: ghcr.io/libretime/libretime-legacy:${libVersion}\n    environment:\n      - LIBRETIME_CONFIG_FROM_ENV=true\n    volumes:\n      - libretime_storage:/srv/libretime\n    depends_on:\n      - postgres\n      - rabbitmq\n\n  nginx:\n    image: ghcr.io/libretime/libretime-nginx:${libVersion}\n    ports:\n      - \"8080:8080\"\n    volumes:\n      - libretime_storage:/srv/libretime:ro\n      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro\n    depends_on:\n      - legacy\n      - api\n\nvolumes:\n  postgres_data:\n  libretime_storage:\n`;\n\n    const startupSh = `#!/bin/sh\n# At container start this script writes /etc/libretime/config.yml from env\ncat > /etc/libretime/config.yml <<EOF\ngeneral:\n  public_url: ${publicUrl}\n  api_key: \"${values.api_key || ''}\"\n  secret_key: \"${values.secret_key || ''}\"\n\ndatabase:\n  host: ${values.database_host || 'postgres'}\n  port: 5432\n  name: libretime\n  user: libretime\n  password: \"$POSTGRES_PASSWORD\"\n\nrabbitmq:\n  host: ${values.rabbitmq_host || 'rabbitmq'}\n  port: 5672\n  vhost: /libretime\n  user: libretime\n  password: \"$RABBITMQ_DEFAULT_PASS\"\nEOF\n`;\n\n    return {\n      files: [\n        { path: 'docker-compose.yml', content: compose },\n        { path: 'startup/generate-config.sh', content: startupSh },\n  { path: 'docker/nginx/default.conf', content: require('fs').readFileSync('docker/nginx/default.conf','utf8') },\n      ],\n    };\n  },\n};\n\nexport default t;\n"
    },
    {
      "path": "meta.yaml",
      "encoding": "utf8",
      "content": "name: libretime-secure\ntitle: LibreTime (EasyPanel) - Secure\ndescription: \"Plantilla segura que evita archivos con secretos en claro: genera el config desde variables/secretos del panel mediante un servicio generador.\"\nversion: \"1.0.0\"\nauthor: \"Tu nombre\"\nlogo: logo.png\nscreenshot: screenshot.png\ntags:\n  - media\n  - radio\n  - docker\n  - libretime\n\nform:\n  - id: postgres_password\n    type: password\n    title: Contraseña Postgres\n  - id: rabbitmq_password\n    type: password\n    title: Contraseña RabbitMQ\n  - id: public_url\n    type: string\n    title: URL pública\n    default: \"http://{{hostname}}:8080\"\n  - id: libretime_version\n    type: string\n    title: LibreTime image version\n    default: \"4.5\"\n"
    }
  ]
}