github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
218ad006af33cd4b532df2ca44ecdd71c83648c9
firezone/docker-compose.yml
Andrew Dryga 218ad006af Revisit Users context, cover UI with e2e tests and introduce first AuditLog features (#1267) 
1. `auto_create_users` default value is removed. We want to avoid
situations when admins integrate OIDC/SAML providers and don't expect
anyone that has access to it to automatically gain access to VPN, which
is especially critical for providers like Google Workspace, where all
employees typically have access.
2. OpenID library was completely rewritten and a new version is
integrated. It will allow async tests and better scales for the cloud
version of the panel.
3. `Mox` was removed, we don't test modules by overriding them to
prevent breaking changes that tests can't capture.
4. Deps are reordered and unused ones are removed.
5. Browser/e2e tests are added to ensure we won't break UI features in
the future, allowing for front-end refactoring.
6. Users context was overhauled for better code clarity.
2023-01-16 13:04:59 -06:00

133 lines
3.3 KiB
YAML
Raw Blame History

version: '3.7'
services:
caddy:
image: caddy:2
volumes:
- ./priv/Caddyfile:/etc/caddy/Caddyfile
- ./priv/pki:/data/caddy/pki
ports:
- 80:80
- 443:443
networks:
app:
ipv4_address: 172.28.0.99
ipv6_address: 2001:3990:3990::99
firezone:
build:
context: .
dockerfile: Dockerfile.dev
args:
DATABASE_URL: postgresql://postgres:postgres@postgres:5432/firezone_dev
image: firezone_dev
volumes:
- ./priv:/var/app/priv
- ./apps:/var/app/apps
- ./config:/var/app/config
- ./mix.exs:/var/app/mix.exs
- ./mix.lock:/var/app/mix.lock
# Mask the following build directories to keep compiled binaries isolated
# from the local project. This is needed when the Docker Host platform
# doesn't match the platform under which Docker Engine is running. e.g.
# WSL, Docker for Mac, etc.
- /var/app/apps/fz_http/assets/node_modules
ports:
- 51820:51820/udp
environment:
LOCAL_AUTH_ENABLED: 'true'
FZ_WALL_CLI_MODULE: FzWall.CLI.Live
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
depends_on:
postgres:
condition: 'service_healthy'
networks:
- app
- isolation
postgres:
image: postgres:15
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: firezone_dev
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
ports:
- 5432:5432
networks:
- app
# Vault can act as an OIDC IdP as well
vault:
image: vault
environment:
VAULT_ADDR: 'http://127.0.0.1:8200'
VAULT_DEV_ROOT_TOKEN_ID: 'firezone'
ports:
- 8200:8200/tcp
cap_add:
- IPC_LOCK
networks:
- app
# Unfortunately the Linux VM kernel for Docker Desktop is not compiled with
# Dynamic Debug enabled, so we're unable to enable WireGuard debug logging.
# Since WireGuard is designed to be silent by default, this basically does
# nothing.
# wireguard-log:
# image: ubuntu:jammy
# # cap SYSLOG was enough for reading but privilege is required for tailing
# privileged: true
# command: >
# bash -c '
# mount -t debugfs none /sys/kernel/debug
# && echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
# && dmesg -wT | grep wireguard:'
client:
depends_on:
- firezone
image: linuxserver/wireguard:latest
environment:
- PUID=1000
- PGID=1000
- TZ=UTC
- ALLOWEDIPS="0.0.0.0/0,::/0"
volumes:
- ./priv/wg0.client.conf:/config/wg0.conf
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.conf.all.src_valid_mark=1
networks:
- isolation
volumes:
postgres-data:
# Disabled due to Authentik being disabled
# redis-data:
networks:
app:
enable_ipv6: true
ipam:
config:
- subnet: 172.28.0.0/16
- subnet: 2001:3990:3990::/64
isolation:
Reference in New Issue View Git Blame Copy Permalink