services:
  cistech-tunnel:
    image: git.alexzaw.dev/alexz/cistech-vpn:latest
    restart: unless-stopped
    networks:
      cistech-tunnel_runtipi_network:
        gw_priority: 0
      tipi_main_network:
        gw_priority: 1
    environment:
      OC_URL: ${OC_URL}
      OC_USER: ${OC_USER}
      OC_PASSWORD: ${OC_PASSWORD}
      OC_TOTP_SECRET: ${OC_TOTP_SECRET}
      VNC_PASSWORD: ${VNC_PASSWORD}
      NOVNC_PORT: "6092"
      TZ: ${TZ}
      TARGET_IP: ${TARGET_IP}
    ports:
      - ${APP_PORT}:6092
    volumes:
      - ${APP_DATA_DIR}/config:/config
      - ${APP_DATA_DIR}:/runtime
      - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared:/shared
      - /etc/runtipi/repos/runtipi/apps/cistech-tunnel/shared/xstartup:/root/.vnc/xstartup:ro
    devices:
      - /dev/net/tun
    privileged: true
    cap_add:
      - NET_ADMIN
    stop_grace_period: 30s
    labels:
      generated: true
      traefik.enable: true
      traefik.docker.network: runtipi_tipi_main_network
      traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
      traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6092"
      traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
      traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
      traefik.http.routers.cistech-tunnel-runtipi-insecure.middlewares: cistech-tunnel-runtipi-web-redirect
      traefik.http.routers.cistech-tunnel-runtipi.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.cistech-tunnel-runtipi.entrypoints: websecure
      traefik.http.routers.cistech-tunnel-runtipi.service: cistech-tunnel-runtipi
      traefik.http.routers.cistech-tunnel-runtipi.tls.certresolver: myresolver
      runtipi.managed: true