feat(vpn): VPN on-demand Tailscale + agent studioE5 standalone

- Agent studioE5 standalone en Go (console + systray)
- VPN on-demand via tailscaled + tailscale up (authkey Headscale)
- Resolver/serveur dans le tailnet studioe5
- Caddy on-demand TLS pour les instances
- Nouveaux endpoints serveur /api/internal/send-to-node
- Suppression des anciens binaires edubox-agent
- Suivi dans SUIVI_VPN_ONDEMAND.md
This commit is contained in:
EduBox Dev
2026-06-23 09:48:00 +00:00
parent dd49993157
commit 124543d658
40 changed files with 1303 additions and 485 deletions
+38 -44
View File
@@ -1,18 +1,18 @@
services:
postgres:
image: postgres:18-alpine
container_name: edubox-postgres
container_name: studioe5-postgres
restart: unless-stopped
environment:
POSTGRES_USER: edubox
POSTGRES_USER: studioe5
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: edubox
POSTGRES_DB: studioe5
volumes:
- pg_data:/var/lib/postgresql
networks:
- edubox
- studioe5
healthcheck:
test: ["CMD-SHELL", "pg_isready -U edubox -d edubox"]
test: ["CMD-SHELL", "pg_isready -U studioe5 -d studioe5"]
interval: 5s
timeout: 5s
retries: 5
@@ -21,13 +21,9 @@ services:
build:
context: ./server
dockerfile: Dockerfile
container_name: edubox-server
container_name: studioe5-server
volumes:
- ./server/public:/app/public:ro
cap_add:
- NET_ADMIN
command: >
sh -c "ip route add 100.64.0.0/10 via $$(ip route | awk '/default/ {{print $$3}}') || true && exec node_modules/.bin/next start"
restart: unless-stopped
environment:
DATABASE_URL: ${DATABASE_URL}
@@ -35,28 +31,19 @@ services:
NEXTAUTH_URL: ${NEXTAUTH_URL}
SUPERADMIN_EMAIL: ${SUPERADMIN_EMAIL}
SUPERADMIN_PASSWORD: ${SUPERADMIN_PASSWORD}
HEADSCALE_URL: ${HEADSCALE_URL}
HEADSCALE_AUTH_KEY: ${HEADSCALE_AUTH_KEY}
MAIN_DOMAIN: ${MAIN_DOMAIN}
GITEA_URL: ${GITEA_URL}
GITEA_TOKEN: ${GITEA_TOKEN}
depends_on:
postgres:
condition: service_healthy
networks:
- edubox
- studioe5
resolver:
build:
context: ./resolver
dockerfile: Dockerfile
container_name: edubox-resolver
container_name: studioe5-resolver
restart: unless-stopped
cap_add:
- NET_ADMIN
command: >
sh -c "ip route add 100.64.0.0/10 via \$$(ip route | awk '/default/ {print \$$3}') || true && exec ./resolver"
environment:
DATABASE_URL: ${DATABASE_URL}
MAIN_DOMAIN: ${MAIN_DOMAIN}
@@ -64,11 +51,34 @@ services:
postgres:
condition: service_healthy
networks:
- edubox
- studioe5
resolver-vpn:
image: tailscale/tailscale:latest
container_name: studioe5-resolver-vpn
restart: unless-stopped
network_mode: service:resolver
cap_add:
- NET_ADMIN
- SYS_MODULE
devices:
- /dev/net/tun:/dev/net/tun
environment:
TS_AUTHKEY: ${HEADSCALE_AUTH_KEY}
TS_LOGIN_SERVER: ${HEADSCALE_URL}
TS_EXTRA_ARGS: --login-server=${HEADSCALE_URL}
TS_STATE_DIR: /var/lib/tailscale
TS_HOSTNAME: studioe5-resolver
TS_USERSPACE: "false"
TS_ACCEPT_DNS: "false"
volumes:
- resolver_ts_state:/var/lib/tailscale
depends_on:
- resolver
caddy:
image: caddy:2-alpine
container_name: edubox-caddy
container_name: studioe5-caddy
restart: unless-stopped
ports:
- "80:80"
@@ -79,11 +89,11 @@ services:
- caddy_data:/data
- caddy_config:/config
networks:
- edubox
- studioe5
headscale:
image: headscale/headscale:latest
container_name: edubox-headscale
container_name: studioe5-headscale
restart: unless-stopped
command: serve
ports:
@@ -92,31 +102,15 @@ services:
volumes:
- ./headscale:/etc/headscale
networks:
- edubox
gitea:
image: gitea/gitea:latest
container_name: edubox-gitea
restart: unless-stopped
ports:
- "3001:3000"
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=sqlite3
- GITEA__database__PATH=/data/gitea/gitea.db
volumes:
- gitea_data:/data
networks:
- edubox
- studioe5
volumes:
pg_data:
caddy_data:
caddy_config:
headscale_data:
gitea_data:
resolver_ts_state:
networks:
edubox:
studioe5:
driver: bridge