mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
9505d70f91
* rename dockerfile * use renamed dockerfile * add Dockerfile.prod * digest * add publish image workflow * add helper scripts * start example docker compose * fix workflow * stage * chmod * stage * nft * must be root * create path * list address * try alpine again * remove nobody * fix shared lib * set wireguard endpoint * config interface and route before starting server * fix env var name * move env var defaults into dockerfile * persist private key * migrate on start * add create-or-reset-admin * link env values * clean up * fix permission * rename service * add deploy * persist pg data * build version * set version on build * add gen_secrets * fix typo * move version to the end * move up a little * use map_join * remove gen_secrets * add gen-env * cat * gen more * add telemetry
111 lines
2.8 KiB
YAML
111 lines
2.8 KiB
YAML
version: '3.7'
|
|
|
|
services:
|
|
caddy:
|
|
image: caddy:2
|
|
volumes:
|
|
- ./.devcontainer/Caddyfile:/etc/caddy/Caddyfile
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
networks:
|
|
app:
|
|
ipv4_address: 172.28.0.99
|
|
ipv6_address: 2001:3990:3990::99
|
|
|
|
elixir:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.dev
|
|
args:
|
|
DATABASE_URL: postgresql://postgres:postgres@postgres:5432/firezone_dev
|
|
image: firezone_dev
|
|
volumes:
|
|
- ./priv:/var/app/priv
|
|
- ./apps:/var/app/apps
|
|
- ./config:/var/app/config
|
|
- ./mix.exs:/var/app/mix.exs
|
|
- ./mix.lock:/var/app/mix.lock
|
|
# Mask the following build directories to keep compiled binaries isolated
|
|
# from the local project. This is needed when the Docker Host platform
|
|
# doesn't match the platform under which Docker Engine is running. e.g.
|
|
# WSL, Docker for Mac, etc.
|
|
- /var/app/apps/fz_http/assets/node_modules
|
|
- /var/app/_build
|
|
ports:
|
|
- 51820:51820/udp
|
|
environment:
|
|
LOCAL_AUTH_ENABLED: 'true'
|
|
FZ_WALL_CLI_MODULE: FzWall.CLI.Live
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv6.conf.all.disable_ipv6=0
|
|
- net.ipv4.ip_forward=1
|
|
- net.ipv6.conf.all.forwarding=1
|
|
depends_on:
|
|
- postgres
|
|
networks:
|
|
- app
|
|
- isolation
|
|
|
|
postgres:
|
|
image: postgres:13.5
|
|
volumes:
|
|
- postgres-data:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: firezone_dev
|
|
ports:
|
|
- 5432:5432
|
|
networks:
|
|
- app
|
|
|
|
# Unfortunately the Linux VM kernel for Docker Desktop is not compiled with
|
|
# Dynamic Debug enabled, so we're unable to enable WireGuard debug logging.
|
|
# Since WireGuard is designed to be silent by default, this basically does
|
|
# nothing.
|
|
# wireguard-log:
|
|
# image: ubuntu:jammy
|
|
# # cap SYSLOG was enough for reading but privilege is required for tailing
|
|
# privileged: true
|
|
# command: >
|
|
# bash -c '
|
|
# mount -t debugfs none /sys/kernel/debug
|
|
# && echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
|
|
# && dmesg -wT | grep wireguard:'
|
|
|
|
client:
|
|
depends_on:
|
|
- elixir
|
|
image: linuxserver/wireguard:latest
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=UTC
|
|
- ALLOWEDIPS="0.0.0.0/0,::/0"
|
|
volumes:
|
|
- ./.devcontainer/wg0.client.conf:/config/wg0.conf
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv6.conf.all.disable_ipv6=0
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
networks:
|
|
- isolation
|
|
|
|
volumes:
|
|
postgres-data:
|
|
|
|
networks:
|
|
app:
|
|
enable_ipv6: true
|
|
ipam:
|
|
config:
|
|
- subnet: 172.28.0.0/16
|
|
- subnet: 2001:3990:3990::/64
|
|
isolation:
|