319a96adac
All checks were successful
Deploy / deploy (push) Successful in 15s
- ts-outline-sync sidecar joins Tailscale and shares network namespace with the app container (network_mode: service:ts-*) - Traefik labels on sidecar; app container has no direct network exposure - OUTLINE_URL now uses internal Docker IP 172.29.0.7:3000 via Tailscale subnet route (domverse.de advertises 172.29.0.0/16) - Add TAILSCALE_PRD.md documenting the full setup and admin checklist Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
50 lines
1.3 KiB
YAML
50 lines
1.3 KiB
YAML
name: outline-sync
|
|
|
|
services:
|
|
ts-outline-sync:
|
|
image: tailscale/tailscale
|
|
container_name: ts-outline-sync
|
|
hostname: outline-sync
|
|
environment:
|
|
- TS_AUTHKEY=${TS_AUTHKEY}
|
|
- TS_STATE_DIR=/var/lib/tailscale
|
|
- TS_USERSPACE=false
|
|
volumes:
|
|
- tailscale-state:/var/lib/tailscale
|
|
- /dev/net/tun:/dev/net/tun
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
restart: unless-stopped
|
|
networks:
|
|
- default
|
|
- domverse
|
|
labels:
|
|
- "traefik.docker.network=domverse"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.outline-sync.rule=Host(`sync.domverse-berlin.eu`)"
|
|
- "traefik.http.routers.outline-sync.entrypoints=https"
|
|
- "traefik.http.routers.outline-sync.tls.certresolver=http"
|
|
- "traefik.http.routers.outline-sync.middlewares=authentik@docker"
|
|
- "traefik.http.services.outline-sync.loadbalancer.server.port=8080"
|
|
|
|
outline-sync-ui:
|
|
build: .
|
|
container_name: outline-sync-ui
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- ts-outline-sync
|
|
network_mode: "service:ts-outline-sync"
|
|
environment:
|
|
- OUTLINE_URL=${OUTLINE_URL:-http://172.29.0.7:3000}
|
|
- OUTLINE_TOKEN=${OUTLINE_TOKEN}
|
|
|
|
volumes:
|
|
tailscale-state:
|
|
driver: local
|
|
|
|
networks:
|
|
default: {}
|
|
domverse:
|
|
external: true
|