-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathcompose.yml
More file actions
53 lines (50 loc) · 1.72 KB
/
Copy pathcompose.yml
File metadata and controls
53 lines (50 loc) · 1.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
services:
headscale:
image: docker.io/headscale/headscale:0.29.0@sha256:5d464c7ba8f5b2c1472f926fae4cd67f136d66ec108c0b4ad1891856ac6da915
restart: unless-stopped
volumes:
- ${LOCAL_WORKSPACE_FOLDER:-.}/control-plane/headscale:/etc/headscale
- headscale-data:/var/lib/headscale
ports:
- "3478:3478/udp"
tmpfs:
- /var/run/headscale
command: serve
ui:
build: ./control-plane/mesh-ui
restart: unless-stopped
volumes:
- ${LOCAL_WORKSPACE_FOLDER:-.}/control-plane/nginx.conf:/etc/nginx/nginx.conf.template
environment:
- CORS_ORIGIN=${CORS_ORIGIN:-*}
- NGINX_MODE=${NGINX_MODE:-prod}
- CONTROL_PLANE_URL=${CONTROL_PLANE_URL}
depends_on:
- headscale
ports:
- "127.0.0.1:80:8080"
entrypoint: /bin/sh -c "envsubst '$$CORS_ORIGIN $$NGINX_MODE $$CONTROL_PLANE_URL' < /etc/nginx/nginx.conf.template > /tmp/nginx.conf && nginx -c /tmp/nginx.conf -g 'daemon off;'"
analyst:
build:
context: .
dockerfile: analyst/Dockerfile
cap_add:
- NET_ADMIN
- NET_RAW
devices:
- /dev/net/tun:/dev/net/tun
# Bridged networking preserves netns isolation between the analyst (which
# talks to potentially-hostile devices) and the host's network stack.
# The WireGuard/MagicSock UDP port is pinned in entrypoint.sh (MESH_PORT)
# and published below so peers can reach this node without host networking.
ports:
- "${MESH_PORT:-41641}:${MESH_PORT:-41641}/udp"
volumes:
- analyst-data:/home/mesh/.tailscale
environment:
- LOGIN_URL=${LOGIN_URL:-https://${CONTROL_PLANE_DOMAIN}}
- AUTH_KEY=${AUTH_KEY}
- MESH_PORT=${MESH_PORT:-41641}
volumes:
headscale-data:
analyst-data: