From cb7e3099159591e76141d353628610b25fb57fd7 Mon Sep 17 00:00:00 2001
From: Alex Zaw <me@alexzaw.dev>
Date: Mon, 29 Dec 2025 06:12:04 +0000
Subject: [PATCH] fix(rego-tunnel): align compose with RunTipi

---
 apps/rego-tunnel/docker-compose.yml | 95 ++++++++++++++++-------------
 1 file changed, 51 insertions(+), 44 deletions(-)

diff --git a/apps/rego-tunnel/docker-compose.yml b/apps/rego-tunnel/docker-compose.yml
index 890bd27..0a437fa 100755
--- a/apps/rego-tunnel/docker-compose.yml
+++ b/apps/rego-tunnel/docker-compose.yml
@@ -1,56 +1,63 @@
 services:
   rego-tunnel:
-    container_name: rego-tunnel
     image: git.alexzaw.dev/alexz/linux-vm:latest
     restart: unless-stopped
-    privileged: true
-    devices:
-      - /dev/kvm
-      - /dev/net/tun
-    cap_add:
-      - NET_ADMIN
-    stop_grace_period: 2m
+    networks:
+      rego-tunnel_runtipi_network:
+        gw_priority: 0
+      tipi_main_network:
+        gw_priority: 1
+    environment:
+      VM_RAM: ${WINDOWS_RAM_GB}G
+      VM_CPUS: ${WINDOWS_CPU_CORES}
+      BRIDGE_NAME: ${BRIDGE_NAME}
+      TAP_NAME: ${TAP_NAME}
+      BRIDGE_CIDR: ${BRIDGE_CIDR}
+      VM_NET_IP: ${VM_NET_IP}
+      VM_SUBNET: ${VM_SUBNET}
+      TARGET_IP: ${TARGET_IP}
+      VM_MAC: ${VM_MAC}
+      DNS_SERVERS: ${DNS_SERVERS}
+      LEASE_TIME: ${LEASE_TIME}
+      HOSTSHARE_DIR: ${HOSTSHARE_DIR}
     ports:
       - ${APP_PORT}:8006
-    environment:
-      - VM_RAM=${WINDOWS_RAM_GB}G
-      - VM_CPUS=${WINDOWS_CPU_CORES}
-      - BRIDGE_NAME=${BRIDGE_NAME:-br-rego-vpn}
-      - TAP_NAME=${TAP_NAME:-tap0}
-      - BRIDGE_CIDR=${BRIDGE_CIDR:-100.100.0.1}
-      - VM_NET_IP=${VM_NET_IP:-100.100.0.2}
-      - VM_SUBNET=${VM_SUBNET:-100.100.0.0}
-      - TARGET_IP=${TARGET_IP:-10.35.33.230}
-      - VM_MAC=${VM_MAC:-52:54:00:12:34:56}
-      - DNS_SERVERS=${DNS_SERVERS:-1.1.1.1,8.8.8.8}
-      - LEASE_TIME=${LEASE_TIME:-12h}
-      - HOSTSHARE_DIR=${HOSTSHARE_DIR:-${APP_DATA_DIR}}
     volumes:
       - /etc/runtipi/user-config/runtipi/rego-tunnel/storage/linux-vm.qcow2:/vm/linux-vm.qcow2
       - /etc/runtipi/user-config/runtipi/rego-tunnel/shared:/shared
-      - ${HOSTSHARE_DIR:-${APP_DATA_DIR}}:/hostshare
-    networks:
-      - tipi_main_network
-    sysctls:
-      - net.ipv4.ip_forward=1
+      - ${HOSTSHARE_DIR}:/hostshare
     labels:
+      generated: true
       traefik.enable: true
-      traefik.http.middlewares.rego-tunnel-web-redirect.redirectscheme.scheme: https
-      traefik.http.services.rego-tunnel.loadbalancer.server.port: 8006
-      traefik.http.routers.rego-tunnel-insecure.rule: Host(`${APP_DOMAIN}`)
-      traefik.http.routers.rego-tunnel-insecure.entrypoints: web
-      traefik.http.routers.rego-tunnel-insecure.service: rego-tunnel
-      traefik.http.routers.rego-tunnel-insecure.middlewares: rego-tunnel-web-redirect
-      traefik.http.routers.rego-tunnel.rule: Host(`${APP_DOMAIN}`)
-      traefik.http.routers.rego-tunnel.entrypoints: websecure
-      traefik.http.routers.rego-tunnel.service: rego-tunnel
-      traefik.http.routers.rego-tunnel.tls.certresolver: myresolver
-      traefik.http.routers.rego-tunnel-local-insecure.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
-      traefik.http.routers.rego-tunnel-local-insecure.entrypoints: web
-      traefik.http.routers.rego-tunnel-local-insecure.service: rego-tunnel
-      traefik.http.routers.rego-tunnel-local-insecure.middlewares: rego-tunnel-web-redirect
-      traefik.http.routers.rego-tunnel-local.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
-      traefik.http.routers.rego-tunnel-local.entrypoints: websecure
-      traefik.http.routers.rego-tunnel-local.service: rego-tunnel
-      traefik.http.routers.rego-tunnel-local.tls: true
+      traefik.docker.network: runtipi_tipi_main_network
+      traefik.http.middlewares.rego-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.rego-tunnel-runtipi.loadbalancer.server.port: "8006"
+      traefik.http.routers.rego-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.rego-tunnel-runtipi-insecure.entrypoints: web
+      traefik.http.routers.rego-tunnel-runtipi-insecure.service: rego-tunnel-runtipi
+      traefik.http.routers.rego-tunnel-runtipi-insecure.middlewares: rego-tunnel-runtipi-web-redirect
+      traefik.http.routers.rego-tunnel-runtipi.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.rego-tunnel-runtipi.entrypoints: websecure
+      traefik.http.routers.rego-tunnel-runtipi.service: rego-tunnel-runtipi
+      traefik.http.routers.rego-tunnel-runtipi.tls.certresolver: myresolver
       runtipi.managed: true
+      runtipi.appurn: rego-tunnel:runtipi
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/kvm
+      - /dev/net/tun
+    privileged: true
+    stop_grace_period: 2m
+    sysctls: {}
+
+networks:
+  tipi_main_network:
+    name: runtipi_tipi_main_network
+    external: true
+  rego-tunnel_runtipi_network:
+    name: rego-tunnel_runtipi_network
+    external: false
+    ipam:
+      config:
+        - subnet: 10.128.13.0/24