[Enhancement]: One-click Service for Psono (with optional FileServer + Favicon server)

[Ryvix]

Request Type

New Service

Description

Please add Psono CE (self-hosted password manager) as a first-class Service in Coolify, with an opinionated, one-click setup. Ideally, the Service would include a guided init (key generation + DB migration) and optional sub-components:

• ✅ Core Psono server (psono/psono-combo)
• ⬜ Optional FileServer (psono/psono-fileserver)
• ⬜ Optional Favicon server (esaqa/favicon)

This would make Psono as easy to deploy as other one-click apps in Coolify while preserving best practices for secrets, health checks, domains, and persistence.

Motivation

Psono is a solid, open-source, self-hosted password manager with shared vaults, WebUI, and strong crypto. It’s very close to being “one-click ready,” but today users must:

• run a one-shot key generator (manage.py generateserverkeys),
• provision Postgres & wire the DATABASE_URL,
• run manage.py migrate once,
• optionally deploy fileserver + favicon and route paths.

All of this maps perfectly to Coolify’s Service model (ephemeral init steps, masked env vars, optional sub-services, and Traefik routing).

Proposed UX (high level)

1. Wizard: “Psono Setup”

   • Step 1: Run ephemeral container for python3 ./psono/manage.py generateserverkeys and capture output into masked env vars:

     • PSONO_SECRET_KEY, PSONO_PRIVATE_KEY (64-hex), PSONO_PUBLIC_KEY (64-hex),
       PSONO_ACTIVATION_LINK_SECRET, PSONO_DB_SECRET, PSONO_EMAIL_SECRET_SALT
     • Validate that PRIVATE/PUBLIC are 64 hex chars (32-byte seeds).

   • Step 2: Choose Database

     • “Create internal Postgres” (named volume) or “Use existing Postgres” (paste DSN).

   • Step 3: Domain

     • Pick primary domain (e.g., psono.example.com).
       Option toggles: Enable FileServer at /fileserver and Enable Favicon at /favicon (or alternative: separate subdomains).

   • Step 4: Run one-shot migrations.

   • Step 5: Start app, show health.

2. Optional components

   • FileServer: path-routed to /fileserver with its settings.yaml generated from fsclustershowconfig (wizard runs fsclustercreate, fsshardcreate, fsshardlink, then prints config for the fileserver container).
   • Favicon server: path-routed to /favicon with a middleware rewrite to /v1/icon/….
   • Expose a simple checkbox UI to enable/disable each at install (or later).

Implementation sketch (Compose-style)

• Services: db (Postgres), migrate (ephemeral), psono (combo), fileserver (optional), favicon (optional)

• Health checks:

  • Psono: GET /server/healthcheck/ → 200
  • Favicon: GET /v1/healthcheck/ → 200
  • Fileserver: GET /info/ → 200

• Routing (single domain):

  • /server/* and / → psono (combo image serves web + API)
  • /fileserver/* → fileserver
  • /favicon/* → favicon with ReplacePathRegex ^/favicon/(.*) → /v1/icon/$1

• Persistence:

  • psono-db (Postgres), psono-shard (fileserver chunks), psono-favicon (cache)

• Init:

  • One-shot genkeys (wizard), then one-shot migrate service (exclude_from_hc, restart: "no")

Required env vars (server)

PSONO_SECRET_KEY
PSONO_PRIVATE_KEY            # 64-hex
PSONO_PUBLIC_KEY             # 64-hex
PSONO_ACTIVATION_LINK_SECRET
PSONO_DB_SECRET
PSONO_EMAIL_SECRET_SALT
PSONO_HOST_URL               # e.g. https://psono.example.com/server
PSONO_WEB_CLIENT_URL         # e.g. https://psono.example.com
PSONO_DATABASE_URL           # postgres://user:pass@host:5432/db
PSONO_FILESERVER_HANDLER_ENABLED=true   # when fileserver is enabled
# Optional: PSONO_PORTAL_CONFIG_JSON (inline JSON), SMTP settings, etc.

Required files / config (fileserver)

• A generated settings.yaml placed at /root/.psono_fileserver/settings.yaml (this is the mapped volume path inside the fileserver container and as per their docs) that includes:

  • SECRET_KEY, PRIVATE_KEY, PUBLIC_KEY
  • SERVER_URL, SERVER_PUBLIC_KEY
  • CLUSTER_ID, CLUSTER_PRIVATE_KEY
  • SHARDS (default local engine: /opt/psono-shard/<id>)
  • HOST_URL (e.g., https://psono.example.com/fileserver)

Nice-to-haves

• Masked secrets in UI, with built-in hex length validation for keys.
• Buttons to re-run migrations and rotate server keys (with warning).
• Toggle to choose path-based (one domain) vs subdomain routing for optional services.
• Predefined sysctl knob (e.g., net.core.somaxconn) via Custom Docker Options.

References

• Psono CE install: https://doc.psono.com/admin/installation/install-psono-ce.html
• FileServer: https://doc.psono.com/admin/installation-optional/install-fileserver.html
• Favicon server: https://doc.psono.com/admin/installation-optional/install-favicon-server.html

[yipfram]

Hi,
For coolify templates, you can only create docker compose files (https://coolify.io/docs/get-started/contribute/service)

We cannot run or edit config files before the deployment :)