services:
  rego-tunnel:
    container_name: rego-tunnel
    image: git.alexzaw.dev/alexz/linux-vm:latest
    restart: unless-stopped
    privileged: true
    devices:
      - /dev/kvm
      - /dev/net/tun
    cap_add:
      - NET_ADMIN
    stop_grace_period: 2m
    ports:
      - ${APP_PORT}:8006
    environment:
      - VM_RAM=${WINDOWS_RAM_GB}G
      - VM_CPUS=${WINDOWS_CPU_CORES}
    volumes:
      - ${APP_DATA_DIR}/data/storage/linux-vm.qcow2:/vm/linux-vm.qcow2
      - ${APP_DATA_DIR}/data/shared:/shared
    networks:
      - tipi_main_network
    sysctls:
      - net.ipv4.ip_forward=1
    labels:
      traefik.enable: true
      traefik.http.middlewares.rego-tunnel-web-redirect.redirectscheme.scheme: https
      traefik.http.services.rego-tunnel.loadbalancer.server.port: 8006
      traefik.http.routers.rego-tunnel-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel-insecure.entrypoints: web
      traefik.http.routers.rego-tunnel-insecure.service: rego-tunnel
      traefik.http.routers.rego-tunnel-insecure.middlewares: rego-tunnel-web-redirect
      traefik.http.routers.rego-tunnel.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel.entrypoints: websecure
      traefik.http.routers.rego-tunnel.service: rego-tunnel
      traefik.http.routers.rego-tunnel.tls.certresolver: myresolver
      traefik.http.routers.rego-tunnel-local-insecure.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
      traefik.http.routers.rego-tunnel-local-insecure.entrypoints: web
      traefik.http.routers.rego-tunnel-local-insecure.service: rego-tunnel
      traefik.http.routers.rego-tunnel-local-insecure.middlewares: rego-tunnel-web-redirect
      traefik.http.routers.rego-tunnel-local.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
      traefik.http.routers.rego-tunnel-local.entrypoints: websecure
      traefik.http.routers.rego-tunnel-local.service: rego-tunnel
      traefik.http.routers.rego-tunnel-local.tls: true
      runtipi.managed: true