a414f03a59
- Configure tailscale serve automatically for each instance on Windows userspace networking. - Add local UI buttons: start/stop/reset/delete instances (stop/start preserve volumes). - Clean shutdown: stop tailscaled and instances, notify server with instance_stopped. - Restart tailscaled on agent boot using persisted state when pre-auth key is absent. - Sync instance stopped/deleted status to dashboard (server/lib/websocket.ts). - Security: include prior authz/scoping changes across API routes, ephemeral pre-auth keys, ACL policy, internal API key. - Update SUIVI_VPN_ONDEMAND.md and docs/ONBOARDING_CLIENT.md. - Bump agent version to 0.3.5.
121 lines
2.8 KiB
YAML
121 lines
2.8 KiB
YAML
services:
|
|
postgres:
|
|
image: postgres:18-alpine
|
|
container_name: studioe5-postgres
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_USER: studioe5
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
POSTGRES_DB: studioe5
|
|
volumes:
|
|
- pg_data:/var/lib/postgresql
|
|
networks:
|
|
- studioe5
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U studioe5 -d studioe5"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
server:
|
|
build:
|
|
context: ./server
|
|
dockerfile: Dockerfile
|
|
container_name: studioe5-server
|
|
volumes:
|
|
- ./server/public:/app/public:ro
|
|
restart: unless-stopped
|
|
environment:
|
|
DATABASE_URL: ${DATABASE_URL}
|
|
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
|
|
NEXTAUTH_URL: ${NEXTAUTH_URL}
|
|
SUPERADMIN_EMAIL: ${SUPERADMIN_EMAIL}
|
|
SUPERADMIN_PASSWORD: ${SUPERADMIN_PASSWORD}
|
|
MAIN_DOMAIN: ${MAIN_DOMAIN}
|
|
HEADSCALE_URL: ${HEADSCALE_URL}
|
|
HEADSCALE_AUTH_KEY: ${HEADSCALE_AUTH_KEY}
|
|
HEADSCALE_API_KEY: ${HEADSCALE_API_KEY}
|
|
INTERNAL_API_KEY: ${INTERNAL_API_KEY}
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
networks:
|
|
- studioe5
|
|
|
|
resolver:
|
|
build:
|
|
context: ./resolver
|
|
dockerfile: Dockerfile
|
|
container_name: studioe5-resolver
|
|
restart: unless-stopped
|
|
environment:
|
|
DATABASE_URL: ${DATABASE_URL}
|
|
MAIN_DOMAIN: ${MAIN_DOMAIN}
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
networks:
|
|
- studioe5
|
|
|
|
resolver-vpn:
|
|
image: tailscale/tailscale:latest
|
|
container_name: studioe5-resolver-vpn
|
|
restart: unless-stopped
|
|
network_mode: service:resolver
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
environment:
|
|
TS_AUTHKEY: ${HEADSCALE_RESOLVER_AUTH_KEY}
|
|
TS_LOGIN_SERVER: ${HEADSCALE_URL}
|
|
TS_EXTRA_ARGS: --login-server=${HEADSCALE_URL}
|
|
TS_STATE_DIR: /var/lib/tailscale
|
|
TS_HOSTNAME: studioe5-resolver
|
|
TS_USERSPACE: "false"
|
|
TS_ACCEPT_DNS: "false"
|
|
volumes:
|
|
- resolver_ts_state:/var/lib/tailscale
|
|
depends_on:
|
|
- resolver
|
|
|
|
caddy:
|
|
image: caddy:2-alpine
|
|
container_name: studioe5-caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- ./agent:/usr/share/caddy/agent:ro
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
networks:
|
|
- studioe5
|
|
|
|
headscale:
|
|
image: headscale/headscale:latest
|
|
container_name: studioe5-headscale
|
|
restart: unless-stopped
|
|
command: serve
|
|
ports:
|
|
- "8080:8080"
|
|
- "3478:3478/udp"
|
|
volumes:
|
|
- ./headscale:/etc/headscale
|
|
networks:
|
|
- studioe5
|
|
|
|
volumes:
|
|
pg_data:
|
|
caddy_data:
|
|
caddy_config:
|
|
headscale_data:
|
|
resolver_ts_state:
|
|
|
|
networks:
|
|
studioe5:
|
|
driver: bridge
|