mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
af431c0a6f
- [x] All configs should support ENV variable overrides over DB values
- [ ] ~Adding a new field to DB value should automatically write ENV
config to DB on app boot (so that we don't need migrations)~
- [x] Validate configs and report human-readable errors when something
is wrong, telling where it's invalid (eg. env key X) and what's wrong
with it
- [x] Reuse Changeset validations (we still have a DB schema and UI
form, and want to make sure it's valid)
- [x] Auto-generate docs
- [x] Merge `Config` and `Configurations` into one `Config` context
- [x] Lock out UI fields for configurations when there is an ENV
override
- [x] Lock out corresponding REST API configuration field if overridden
via ENV var
- [x] Log a warning when deprecated legacy var is used
- [x] Document precedence: ENV -> Legacy ENV -> File -> DB
- [x] Change type to `inet[]` for `configurations.{default_client_dns,
default_client_allowed_ips}`, `devices.{dns, allowed_ips}`,
- [x] Drop `EctoNetwork` dep
- [x] `s/phoenix_port/phoenix_http_port` because it doesn't configure
HTTPS server
- [x] Do not load DB configs when config can be resolved from other
sources
Maybe:
- [ ] ~Auto-generate Ecto types to automatically cast/dump values
to/from DB~
- [ ] Allow JSON file config source
- [x] DB-related configs will not be validated?
Closes #1162
Closes #1313
Closes #1374
Closes #1432
88 lines
2.3 KiB
YAML
88 lines
2.3 KiB
YAML
# Example compose file for a running a local Firezone instance on
|
|
# macOS or Windows.
|
|
#
|
|
# Note: This file is meant to serve as a template. Please modify it
|
|
# according to your needs. Read more about Docker Compose:
|
|
#
|
|
# https://docs.docker.com/compose/compose-file/
|
|
#
|
|
#
|
|
x-deploy: &default-deploy
|
|
restart_policy:
|
|
condition: unless-stopped
|
|
delay: 5s
|
|
window: 120s
|
|
update_config:
|
|
order: start-first
|
|
|
|
version: '3.7'
|
|
|
|
services:
|
|
caddy:
|
|
image: caddy:2
|
|
volumes:
|
|
- ${FZ_INSTALL_DIR:-.}/caddy:/data/caddy
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
# See Caddy's documentation for customizing the Caddyfile
|
|
# https://caddyserver.com/docs/quick-starts/reverse-proxy
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
cat <<EOF > /etc/caddy/Caddyfile && caddy run --config /etc/caddy/Caddyfile
|
|
|
|
https:// {
|
|
log
|
|
reverse_proxy * 172.25.0.100:${PHOENIX_PORT:-13000}
|
|
${TLS_OPTS:-}
|
|
}
|
|
EOF
|
|
deploy:
|
|
<<: *default-deploy
|
|
|
|
firezone:
|
|
image: firezone/firezone:${VERSION:-latest}
|
|
ports:
|
|
- ${WIREGUARD_PORT:-51820}:${WIREGUARD_PORT:-51820}/udp
|
|
env_file:
|
|
# This should contain a list of env vars for configuring Firezone.
|
|
# See https://www.firezone.dev/docs/reference/env-vars for more info.
|
|
- ${FZ_INSTALL_DIR:-.}/.env
|
|
volumes:
|
|
# IMPORTANT: Persists WireGuard private key and other data. If
|
|
# /var/firezone/private_key exists when Firezone starts, it is
|
|
# used as the WireGuard private. Otherwise, one is generated.
|
|
- ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
|
|
cap_add:
|
|
# Needed for WireGuard and firewall support.
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
# Needed for masquerading and NAT.
|
|
- net.ipv6.conf.all.disable_ipv6=0
|
|
- net.ipv4.ip_forward=1
|
|
- net.ipv6.conf.all.forwarding=1
|
|
depends_on:
|
|
- postgres
|
|
deploy:
|
|
<<: *default-deploy
|
|
|
|
postgres:
|
|
image: postgres:15
|
|
volumes:
|
|
- postgres-data:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_DB: ${DATABASE_NAME:-firezone}
|
|
POSTGRES_USER: ${DATABASE_USER:-postgres}
|
|
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
|
|
deploy:
|
|
<<: *default-deploy
|
|
update_config:
|
|
order: stop-first
|
|
|
|
# Postgres needs a named volume to prevent perms issues on non-linux platforms
|
|
volumes:
|
|
postgres-data:
|