domverse/pngx-sync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: switch to Tailscale sidecar + Traefik/Authentik via pngx.domverse-berlin.eu
All checks were successful
Deploy / deploy (push) Successful in 11s
Details

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
domverse
2026-03-22 18:11:27 +01:00
parent 01fadb7412
commit e5c8a27ccf
2 changed files with 49 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitea/workflows/deploy.yml
View File

@@ -46,6 +46,7 @@ jobs:
SECRET_KEY=${{ secrets.PNGX_SECRET_KEY }} SECRET_KEY=${{ secrets.PNGX_SECRET_KEY }}
MASTER_URL=${{ secrets.PNGX_MASTER_URL }} MASTER_URL=${{ secrets.PNGX_MASTER_URL }}
MASTER_TOKEN=${{ secrets.PNGX_MASTER_TOKEN }} MASTER_TOKEN=${{ secrets.PNGX_MASTER_TOKEN }}
TS_AUTHKEY=${{ secrets.TS_AUTHKEY }}
EOF EOF
- name: Deploy with docker compose - name: Deploy with docker compose

57
docker-compose.yml
View File

@@ -1,16 +1,55 @@
name: pngx-controller
services: services:
pngx-controller: pngx-controller-ts:
build: . image: tailscale/tailscale
container_name: pngx-controller-ts
hostname: pngx-controller
environment:
- TS_AUTHKEY=${TS_AUTHKEY}
- TS_STATE_DIR=/var/lib/tailscale
- TS_USERSPACE=false
- TS_EXTRA_ARGS=--accept-routes
volumes:
- tailscale-state:/var/lib/tailscale
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
- NET_RAW
restart: unless-stopped restart: unless-stopped
network_mode: host # required for Tailscale IP access (Linux only) networks:
- default
- domverse
labels:
- "traefik.docker.network=domverse"
- "traefik.enable=true"
- "traefik.http.routers.pngx-controller.rule=Host(`pngx.domverse-berlin.eu`)"
- "traefik.http.routers.pngx-controller.entrypoints=https"
- "traefik.http.routers.pngx-controller.tls.certresolver=http"
- "traefik.http.routers.pngx-controller.middlewares=authentik@docker"
- "traefik.http.services.pngx-controller.loadbalancer.server.port=8000"
pngx-controller:
build:
context: .
args:
APP_VERSION: ${APP_VERSION:-dev}
container_name: pngx-controller
restart: unless-stopped
depends_on:
- pngx-controller-ts
network_mode: "service:pngx-controller-ts"
env_file: .env env_file: .env
environment: environment:
DATABASE_URL: sqlite:////data/db.sqlite3 DATABASE_URL: sqlite:////data/db.sqlite3
volumes: volumes:
- ./data:/data - ./data:/data
healthcheck:
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8000/healthz')"] volumes:
interval: 30s tailscale-state:
timeout: 5s driver: local
retries: 3
start_period: 15s networks:
default: {}
domverse:
external: true