Add Navidrome v0.58.0 - Modern Music Streaming Server

Apps/Navidrome/docker-compose.yml

@@ -0,0 +1,138 @@
+name: navidrome
+
+services:
+  navidrome:
+    image: deluan/navidrome:0.60.3
+    container_name: navidrome
+    restart: unless-stopped
+    user: "0:0"
+    expose:
+      - 80                                     # Navidrome Web UI Port
+    volumes:
+      - /DATA/AppData/navidrome/data/:/data        # Navidrome database and configuration directory
+      - /DATA/Media/Music/:/music:ro            # Music library directory (read-only)
+    environment:
+      TZ: $TZ                                  # Timezone for the Navidrome service
+      ND_MUSICFOLDER: /music                   # Path to your music library inside the container
+      ND_DATAFOLDER: /data                     # Path to store Navidrome database and configuration
+      ND_LOGLEVEL: warn                        # Log level (debug, info, warn, error)
+      ND_PORT: 80                              # Web server port for nsl.sh URL optimization
+    cpu_shares: 50
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+
+x-casaos:
+  architectures:
+    - amd64
+    - arm64
+  main: navidrome
+  author: Yundera Team
+  category: Media
+  developer: Deluan Quintão
+  description:
+    en_us: |
+      **Your Personal Music Streaming Server**
+      Navidrome is a modern music server and streamer compatible with Subsonic/Airsonic clients. Stream your music collection from anywhere with a beautiful web interface and mobile apps.
+
+      **Key Features:**
+      • Beautiful, responsive web interface
+      • Compatible with Subsonic apps (iOS/Android)
+      • Automatic music library scanning
+      • Transcoding and streaming optimization
+      • Multi-user support with playlists
+      • Last.fm scrobbling support
+
+      **Sample Music Included:**
+      This installation includes sample tracks to get you started immediately.
+    ko_kr: |
+      **개인 음악 스트리밍 서버**
+      Navidrome은 Subsonic/Airsonic 클라이언트와 호환되는 현대적인 음악 서버입니다. 아름다운 웹 인터페이스와 모바일 앱으로 어디서나 음악을 스트리밍하세요.
+
+      **주요 기능:**
+      • 아름답고 반응형 웹 인터페이스
+      • Subsonic 앱 호환 (iOS/Android)
+      • 자동 음악 라이브러리 스캔
+      • 트랜스코딩 및 스트리밍 최적화
+      • 플레이리스트 지원
+      • Last.fm 스크로블링 지원
+
+      **샘플 음악 포함:**
+      즉시 시작할 수 있도록 샘플 트랙이 포함되어 있습니다.
+    fr_fr: |
+      **Votre Serveur de Streaming Musical Personnel**
+      Navidrome est un serveur musical moderne et un streamer compatible avec les clients Subsonic/Airsonic. Diffusez votre collection musicale depuis n'importe où avec une interface web magnifique et des applications mobiles.
+
+      **Fonctionnalités Clés:**
+      • Interface web magnifique et responsive
+      • Compatible avec les applications Subsonic (iOS/Android)
+      • Analyse automatique de la bibliothèque musicale
+      • Transcodage et optimisation du streaming
+      • Support multi-utilisateur avec playlists
+      • Support du scrobbling Last.fm
+
+      **Musique d'Exemple Incluse:**
+      Cette installation inclut des pistes d'exemple pour commencer immédiatement.
+    zh_cn: |
+      **您的个人音乐流媒体服务器**
+      Navidrome是一个现代音乐服务器和流媒体播放器，兼容Subsonic/Airsonic客户端。通过美观的网页界面和移动应用程序，随时随地播放您的音乐收藏。
+
+      **核心功能:**
+      • 美观、响应式网页界面
+      • 兼容Subsonic应用程序 (iOS/Android)
+      • 自动音乐库扫描
+      • 转码和流媒体优化
+      • 多用户支持和播放列表
+      • Last.fm记录支持
+
+      **包含示例音乐:**
+      此安装包含示例音轨，让您立即开始使用。
+    es_es: |
+      **Tu Servidor Personal de Streaming Musical**
+      Navidrome es un servidor de música moderno y streamer compatible con clientes Subsonic/Airsonic. Reproduce tu colección musical desde cualquier lugar con una hermosa interfaz web y aplicaciones móviles.
+
+      **Características Clave:**
+      • Interfaz web hermosa y responsiva
+      • Compatible con aplicaciones Subsonic (iOS/Android)
+      • Escaneo automático de biblioteca musical
+      • Transcodificación y optimización de streaming
+      • Soporte multiusuario con listas de reproducción
+      • Soporte de scrobbling Last.fm
+
+      **Música de Muestra Incluida:**
+      Esta instalación incluye pistas de muestra para comenzar inmediatamente.
+  icon: https://cdn.jsdelivr.net/gh/Yundera/AppStore@main/Apps/Navidrome/icon.png
+  screenshot_link:
+    - https://cdn.jsdelivr.net/gh/Yundera/AppStore@main/Apps/Navidrome/screenshot-1.png
+    - https://cdn.jsdelivr.net/gh/Yundera/AppStore@main/Apps/Navidrome/screenshot-2.png
+    - https://cdn.jsdelivr.net/gh/Yundera/AppStore@main/Apps/Navidrome/screenshot-3.png
+  thumbnail: https://cdn.jsdelivr.net/gh/Yundera/AppStore@main/Apps/Navidrome/thumbnail.png
+  tagline:
+    en_us: Your personal music streaming server with modern web interface
+    ko_kr: 현대적인 웹 인터페이스를 갖춘 개인 음악 스트리밍 서버
+    fr_fr: Votre serveur de streaming musical personnel avec interface web moderne
+    zh_cn: 具有现代网页界面的个人音乐流媒体服务器
+    es_es: Tu servidor personal de streaming musical con interfaz web moderna
+  title:
+    en_us: Navidrome
+  tips:
+    before_install:
+      en_us: |
+        **First-Time Setup:** Create your admin account on first visit to the web interface.
+
+        **Music Location:** Place your music files in `/DATA/Media/Music/`
+        Navidrome will automatically scan and organize your collection.
+        Supported formats: MP3, FLAC, OGG, M4A, WAV
+
+        **Authentication:** Navidrome requires creating an admin account during first launch.
+      ko_kr: |
+        **초기 설정:** 웹 인터페이스에 처음 접속할 때 관리자 계정을 생성하세요.
+
+        **음악 위치:** 음악 파일을 `/DATA/Media/Music/` 폴더에 넣어주세요
+        Navidrome이 자동으로 스캔하고 정리합니다.
+        지원 형식: MP3, FLAC, OGG, M4A, WAV
+
+        **인증:** Navidrome은 첫 실행 시 관리자 계정 생성이 필요합니다.
+  store_app_id: navidrome
+  webui_port: 80

Apps/Navidrome/rationale.md

@@ -0,0 +1,48 @@
+# Navidrome Security Rationale
+
+## Root User Permission (user: "0:0")
+
+### Why Root Permission is Required
+
+Navidrome requires root execution due to internal cache directory permission management:
+
+1. **Internal Cache Structure**: Navidrome creates complex nested cache directories (`/data/cache/images/`) with specific permission requirements that conflict with PUID:PGID execution
+
+2. **Permission Denied Errors**: When running as `user: $PUID:$PGID`, Navidrome fails to create and access cache directories:
+   ```
+   Error accessing image cache: open /data/cache/images/64/78/...: permission denied
+   Error accessing image cache: mkdir /data/cache/images/84: permission denied
+   ```
+
+3. **Official Image Design**: The deluan/navidrome image is designed to manage its own internal permissions and expects to run with elevated privileges for cache management
+
+### Security Justification
+
+Root execution is safe for this application because:
+
+1. **AppData-Only Access**: All writable volumes are mapped exclusively to `/DATA/AppData/navidrome/`
+   - `/DATA/AppData/navidrome/data/:/data` - Configuration and database storage
+
+2. **Read-Only Media Access**: Music library is mounted read-only (`/DATA/Media/Music/:/music:ro`), preventing any modifications to user media files
+
+3. **No User Directory Modifications**: The application cannot write to user-accessible directories like `/DATA/Documents/`, `/DATA/Downloads/`, or `/DATA/Gallery/`
+
+4. **Isolated Container Environment**: Container isolation limits the scope of root access to the container filesystem only
+
+5. **Resource Limits**: Memory limit (512M) prevents resource exhaustion attacks
+
+### Alternative Approaches Considered
+
+1. **PUID:PGID with Pre-install Scripts**: Attempted but failed due to Navidrome's dynamic cache directory creation patterns
+2. **Manual Permission Fixes**: Not viable as cache directories are created on-demand during runtime
+3. **Custom Entrypoint**: Would require maintaining a fork of the official image, reducing security and update reliability
+
+### Conclusion
+
+Root execution is the recommended approach for Navidrome as it:
+- Ensures stable operation without permission errors
+- Maintains security through AppData-only write access
+- Aligns with the official image's intended usage
+- Provides the best user experience with zero manual configuration
+
+This permission model is consistent with CasaOS guidelines for AppData-only applications.