feat: switch to Tailscale sidecar + Traefik/Authentik via pngx.domverse-berlin.eu
All checks were successful
Deploy / deploy (push) Successful in 11s
All checks were successful
Deploy / deploy (push) Successful in 11s
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -46,6 +46,7 @@ jobs:
|
||||
SECRET_KEY=${{ secrets.PNGX_SECRET_KEY }}
|
||||
MASTER_URL=${{ secrets.PNGX_MASTER_URL }}
|
||||
MASTER_TOKEN=${{ secrets.PNGX_MASTER_TOKEN }}
|
||||
TS_AUTHKEY=${{ secrets.TS_AUTHKEY }}
|
||||
EOF
|
||||
|
||||
- name: Deploy with docker compose
|
||||
|
||||
@@ -1,16 +1,55 @@
|
||||
name: pngx-controller
|
||||
|
||||
services:
|
||||
pngx-controller:
|
||||
build: .
|
||||
pngx-controller-ts:
|
||||
image: tailscale/tailscale
|
||||
container_name: pngx-controller-ts
|
||||
hostname: pngx-controller
|
||||
environment:
|
||||
- TS_AUTHKEY=${TS_AUTHKEY}
|
||||
- TS_STATE_DIR=/var/lib/tailscale
|
||||
- TS_USERSPACE=false
|
||||
- TS_EXTRA_ARGS=--accept-routes
|
||||
volumes:
|
||||
- tailscale-state:/var/lib/tailscale
|
||||
- /dev/net/tun:/dev/net/tun
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
restart: unless-stopped
|
||||
network_mode: host # required for Tailscale IP access (Linux only)
|
||||
networks:
|
||||
- default
|
||||
- domverse
|
||||
labels:
|
||||
- "traefik.docker.network=domverse"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.pngx-controller.rule=Host(`pngx.domverse-berlin.eu`)"
|
||||
- "traefik.http.routers.pngx-controller.entrypoints=https"
|
||||
- "traefik.http.routers.pngx-controller.tls.certresolver=http"
|
||||
- "traefik.http.routers.pngx-controller.middlewares=authentik@docker"
|
||||
- "traefik.http.services.pngx-controller.loadbalancer.server.port=8000"
|
||||
|
||||
pngx-controller:
|
||||
build:
|
||||
context: .
|
||||
args:
|
||||
APP_VERSION: ${APP_VERSION:-dev}
|
||||
container_name: pngx-controller
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- pngx-controller-ts
|
||||
network_mode: "service:pngx-controller-ts"
|
||||
env_file: .env
|
||||
environment:
|
||||
DATABASE_URL: sqlite:////data/db.sqlite3
|
||||
volumes:
|
||||
- ./data:/data
|
||||
healthcheck:
|
||||
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8000/healthz')"]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 15s
|
||||
|
||||
volumes:
|
||||
tailscale-state:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
default: {}
|
||||
domverse:
|
||||
external: true
|
||||
|
||||
Reference in New Issue
Block a user