services:
  rego-tunnel:
    container_name: rego-tunnel
    image: git.alexzaw.dev/alexz/linux-vm:latest
    restart: unless-stopped
    privileged: true
    devices:
      - /dev/kvm
      - /dev/net/tun
    cap_add:
      - NET_ADMIN
    stop_grace_period: 2m
    ports:
      - ${APP_PORT}:8006
    environment:
      - VM_RAM=${WINDOWS_RAM_GB}G
      - VM_CPUS=${WINDOWS_CPU_CORES}
      - BRIDGE_NAME=${BRIDGE_NAME:-br-rego-vpn}
      - TAP_NAME=${TAP_NAME:-tap0}
      - BRIDGE_CIDR=${BRIDGE_CIDR:-100.100.0.1/24}
      - VM_NET_IP=${VM_NET_IP:-100.100.0.2}
      - VM_SUBNET=${VM_SUBNET:-100.100.0.0/24}
      - TARGET_IP=${TARGET_IP:-10.35.33.230}
      - VM_MAC=${VM_MAC:-52:54:00:12:34:56}
      - DNS_SERVERS=${DNS_SERVERS:-1.1.1.1,8.8.8.8}
      - LEASE_TIME=${LEASE_TIME:-12h}
      - TSCLIENT=${TSCLIENT:-/hostshare}
    volumes:
      - /etc/runtipi/user-config/runtipi/rego-tunnel/storage/linux-vm.qcow2:/vm/linux-vm.qcow2
      - /etc/runtipi/user-config/runtipi/rego-tunnel/shared:/shared
      - ${TSCLIENT}:/shared/app-data
    networks:
      - tipi_main_network
    sysctls:
      - net.ipv4.ip_forward=1
    labels:
      traefik.enable: true
      traefik.http.middlewares.rego-tunnel-web-redirect.redirectscheme.scheme: https
      traefik.http.services.rego-tunnel.loadbalancer.server.port: 8006
      traefik.http.routers.rego-tunnel-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel-insecure.entrypoints: web
      traefik.http.routers.rego-tunnel-insecure.service: rego-tunnel
      traefik.http.routers.rego-tunnel-insecure.middlewares: rego-tunnel-web-redirect
      traefik.http.routers.rego-tunnel.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel.entrypoints: websecure
      traefik.http.routers.rego-tunnel.service: rego-tunnel
      traefik.http.routers.rego-tunnel.tls.certresolver: myresolver
      traefik.http.routers.rego-tunnel-local-insecure.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
      traefik.http.routers.rego-tunnel-local-insecure.entrypoints: web
      traefik.http.routers.rego-tunnel-local-insecure.service: rego-tunnel
      traefik.http.routers.rego-tunnel-local-insecure.middlewares: rego-tunnel-web-redirect
      traefik.http.routers.rego-tunnel-local.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
      traefik.http.routers.rego-tunnel-local.entrypoints: websecure
      traefik.http.routers.rego-tunnel-local.service: rego-tunnel
      traefik.http.routers.rego-tunnel-local.tls: true
      runtipi.managed: true