upload current sources

apps/cistech-tunnel/docker-compose.yml

@@ -0,0 +1,43 @@
+services:
+  vpn:
+    build: ./vpn-openconnect-sso
+    container_name: cistech-vpn
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    environment:
+      OC_URL: ${OC_URL}
+      OC_SERVERCERT: ${OC_SERVERCERT}
+      OC_AUTHGROUP: ${OC_AUTHGROUP}
+      OC_INTERFACE: tun0
+      OC_SSO_ARGS: ${OC_SSO_ARGS:- --browser-display-mode shown}
+      VNC_PASSWORD: ${VNC_PASSWORD:-changeme}
+      NOVNC_PORT: ${NOVNC_PORT:-6901}
+    ports:
+      - "${PUBLISH_ADDR:-0.0.0.0}:${NOVNC_PORT:-6901}:${NOVNC_PORT:-6901}"
+    volumes:
+      - vpn_state:/root
+    restart: unless-stopped
+
+  ssh_tunnel:
+    image: alpine:3.20
+    container_name: cistech-ssh-tunnel
+    network_mode: "service:vpn"
+    depends_on:
+      - vpn
+    volumes:
+      - ${SSH_KEY_PATH:-/home/alexz/.ssh/id_ed25519-lenovo}:/root/.ssh/id_ed25519-lenovo:ro
+    command: >
+      sh -lc "apk add --no-cache openssh-client &&
+      exec ssh -N -i /root/.ssh/id_ed25519-lenovo \
+        -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes \
+        -L 0.0.0.0:8090:localhost:8090 \
+        -L 0.0.0.0:2001:localhost:2001 \
+        -L 0.0.0.0:36001:localhost:36001 \
+        -L 0.0.0.0:36000:localhost:36000 \
+        zawa@10.3.1.201"
+    restart: unless-stopped
+
+volumes:
+  vpn_state: {}