852171cc59
- Ajout d'un conteneur Tailscale côté serveur pour joindre les agents via IPs Tailscale - Configuration Headscale exposé en HTTPS via Caddy (headscale.alfrednobel.edudeploy.com) - Caddy configuré pour les sous-domaines avec TLS on-demand - Middleware et route proxy Next.js pour router les sous-domaines vers les agents - Ajout du champ domain sur Establishment et affichage de l'URL publique dans le dashboard - Agent Windows v0.2.3 avec proxy Tailscale par instance pour contourner Docker Desktop - Templates WordPress/PrestaShop bindés sur 0.0.0.0 pour être accessibles via Tailscale
126 lines
3.1 KiB
YAML
126 lines
3.1 KiB
YAML
services:
|
|
postgres:
|
|
image: postgres:18-alpine
|
|
container_name: edubox-postgres
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_USER: edubox
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
POSTGRES_DB: edubox
|
|
volumes:
|
|
- pg_data:/var/lib/postgresql
|
|
networks:
|
|
- edubox
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U edubox -d edubox"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
server:
|
|
build:
|
|
context: ./server
|
|
dockerfile: Dockerfile
|
|
container_name: edubox-server
|
|
restart: unless-stopped
|
|
environment:
|
|
DATABASE_URL: ${DATABASE_URL}
|
|
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
|
|
NEXTAUTH_URL: ${NEXTAUTH_URL}
|
|
SUPERADMIN_EMAIL: ${SUPERADMIN_EMAIL}
|
|
SUPERADMIN_PASSWORD: ${SUPERADMIN_PASSWORD}
|
|
HEADSCALE_URL: ${HEADSCALE_URL}
|
|
HEADSCALE_AUTH_KEY: ${HEADSCALE_AUTH_KEY}
|
|
MAIN_DOMAIN: ${MAIN_DOMAIN}
|
|
GITEA_URL: ${GITEA_URL}
|
|
GITEA_TOKEN: ${GITEA_TOKEN}
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
networks:
|
|
- edubox
|
|
|
|
tailscale:
|
|
image: tailscale/tailscale:latest
|
|
container_name: edubox-tailscale
|
|
restart: unless-stopped
|
|
network_mode: service:server
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- SYS_MODULE
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
volumes:
|
|
- tailscale_data:/var/lib/tailscale
|
|
environment:
|
|
HEADSCALE_URL: ${HEADSCALE_URL}
|
|
HEADSCALE_AUTH_KEY: ${HEADSCALE_AUTH_KEY}
|
|
command: >
|
|
sh -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf &&
|
|
echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf &&
|
|
sysctl -p &&
|
|
mkdir -p /var/run/tailscale &&
|
|
tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/var/run/tailscale/tailscaled.sock &
|
|
sleep 5 &&
|
|
tailscale up --authkey=$${HEADSCALE_AUTH_KEY} --login-server=$${HEADSCALE_URL} --accept-routes --hostname=edubox-server --reset &&
|
|
tail -f /dev/null"
|
|
depends_on:
|
|
- server
|
|
|
|
caddy:
|
|
image: caddy:2-alpine
|
|
container_name: edubox-caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- ./agent:/usr/share/caddy/agent:ro
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
networks:
|
|
- edubox
|
|
|
|
headscale:
|
|
image: headscale/headscale:latest
|
|
container_name: edubox-headscale
|
|
restart: unless-stopped
|
|
command: serve
|
|
ports:
|
|
- "8080:8080"
|
|
- "3478:3478/udp"
|
|
volumes:
|
|
- ./headscale:/etc/headscale
|
|
networks:
|
|
- edubox
|
|
|
|
gitea:
|
|
image: gitea/gitea:latest
|
|
container_name: edubox-gitea
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3001:3000"
|
|
environment:
|
|
- USER_UID=1000
|
|
- USER_GID=1000
|
|
- GITEA__database__DB_TYPE=sqlite3
|
|
- GITEA__database__PATH=/data/gitea/gitea.db
|
|
volumes:
|
|
- gitea_data:/data
|
|
networks:
|
|
- edubox
|
|
|
|
volumes:
|
|
pg_data:
|
|
caddy_data:
|
|
caddy_config:
|
|
headscale_data:
|
|
gitea_data:
|
|
tailscale_data:
|
|
|
|
networks:
|
|
edubox:
|
|
driver: bridge
|