feat(vpn): VPN on-demand Tailscale + agent studioE5 standalone
- Agent studioE5 standalone en Go (console + systray) - VPN on-demand via tailscaled + tailscale up (authkey Headscale) - Resolver/serveur dans le tailnet studioe5 - Caddy on-demand TLS pour les instances - Nouveaux endpoints serveur /api/internal/send-to-node - Suppression des anciens binaires edubox-agent - Suivi dans SUIVI_VPN_ONDEMAND.md
This commit is contained in:
+38
-44
@@ -1,18 +1,18 @@
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:18-alpine
|
||||
container_name: edubox-postgres
|
||||
container_name: studioe5-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_USER: edubox
|
||||
POSTGRES_USER: studioe5
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB: edubox
|
||||
POSTGRES_DB: studioe5
|
||||
volumes:
|
||||
- pg_data:/var/lib/postgresql
|
||||
networks:
|
||||
- edubox
|
||||
- studioe5
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U edubox -d edubox"]
|
||||
test: ["CMD-SHELL", "pg_isready -U studioe5 -d studioe5"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
@@ -21,13 +21,9 @@ services:
|
||||
build:
|
||||
context: ./server
|
||||
dockerfile: Dockerfile
|
||||
container_name: edubox-server
|
||||
container_name: studioe5-server
|
||||
volumes:
|
||||
- ./server/public:/app/public:ro
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
command: >
|
||||
sh -c "ip route add 100.64.0.0/10 via $$(ip route | awk '/default/ {{print $$3}}') || true && exec node_modules/.bin/next start"
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DATABASE_URL: ${DATABASE_URL}
|
||||
@@ -35,28 +31,19 @@ services:
|
||||
NEXTAUTH_URL: ${NEXTAUTH_URL}
|
||||
SUPERADMIN_EMAIL: ${SUPERADMIN_EMAIL}
|
||||
SUPERADMIN_PASSWORD: ${SUPERADMIN_PASSWORD}
|
||||
HEADSCALE_URL: ${HEADSCALE_URL}
|
||||
HEADSCALE_AUTH_KEY: ${HEADSCALE_AUTH_KEY}
|
||||
MAIN_DOMAIN: ${MAIN_DOMAIN}
|
||||
GITEA_URL: ${GITEA_URL}
|
||||
GITEA_TOKEN: ${GITEA_TOKEN}
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- edubox
|
||||
|
||||
- studioe5
|
||||
|
||||
resolver:
|
||||
build:
|
||||
context: ./resolver
|
||||
dockerfile: Dockerfile
|
||||
container_name: edubox-resolver
|
||||
container_name: studioe5-resolver
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
command: >
|
||||
sh -c "ip route add 100.64.0.0/10 via \$$(ip route | awk '/default/ {print \$$3}') || true && exec ./resolver"
|
||||
environment:
|
||||
DATABASE_URL: ${DATABASE_URL}
|
||||
MAIN_DOMAIN: ${MAIN_DOMAIN}
|
||||
@@ -64,11 +51,34 @@ services:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- edubox
|
||||
- studioe5
|
||||
|
||||
resolver-vpn:
|
||||
image: tailscale/tailscale:latest
|
||||
container_name: studioe5-resolver-vpn
|
||||
restart: unless-stopped
|
||||
network_mode: service:resolver
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
devices:
|
||||
- /dev/net/tun:/dev/net/tun
|
||||
environment:
|
||||
TS_AUTHKEY: ${HEADSCALE_AUTH_KEY}
|
||||
TS_LOGIN_SERVER: ${HEADSCALE_URL}
|
||||
TS_EXTRA_ARGS: --login-server=${HEADSCALE_URL}
|
||||
TS_STATE_DIR: /var/lib/tailscale
|
||||
TS_HOSTNAME: studioe5-resolver
|
||||
TS_USERSPACE: "false"
|
||||
TS_ACCEPT_DNS: "false"
|
||||
volumes:
|
||||
- resolver_ts_state:/var/lib/tailscale
|
||||
depends_on:
|
||||
- resolver
|
||||
|
||||
caddy:
|
||||
image: caddy:2-alpine
|
||||
container_name: edubox-caddy
|
||||
container_name: studioe5-caddy
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
@@ -79,11 +89,11 @@ services:
|
||||
- caddy_data:/data
|
||||
- caddy_config:/config
|
||||
networks:
|
||||
- edubox
|
||||
- studioe5
|
||||
|
||||
headscale:
|
||||
image: headscale/headscale:latest
|
||||
container_name: edubox-headscale
|
||||
container_name: studioe5-headscale
|
||||
restart: unless-stopped
|
||||
command: serve
|
||||
ports:
|
||||
@@ -92,31 +102,15 @@ services:
|
||||
volumes:
|
||||
- ./headscale:/etc/headscale
|
||||
networks:
|
||||
- edubox
|
||||
|
||||
gitea:
|
||||
image: gitea/gitea:latest
|
||||
container_name: edubox-gitea
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "3001:3000"
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- GITEA__database__DB_TYPE=sqlite3
|
||||
- GITEA__database__PATH=/data/gitea/gitea.db
|
||||
volumes:
|
||||
- gitea_data:/data
|
||||
networks:
|
||||
- edubox
|
||||
- studioe5
|
||||
|
||||
volumes:
|
||||
pg_data:
|
||||
caddy_data:
|
||||
caddy_config:
|
||||
headscale_data:
|
||||
gitea_data:
|
||||
resolver_ts_state:
|
||||
|
||||
networks:
|
||||
edubox:
|
||||
studioe5:
|
||||
driver: bridge
|
||||
|
||||
Reference in New Issue
Block a user