services:
  rego-tunnel:
    image: git.alexzaw.dev/alexz/cisco-vpn:latest
    restart: unless-stopped
    networks:
      rego-tunnel_runtipi_network:
        gw_priority: 0
      tipi_main_network:
        gw_priority: 1
    environment:
      VPN_EMAIL: ${VPN_EMAIL}
      VPN_PASSWORD: ${VPN_PASSWORD}
      VPN_TOTP_SECRET: ${VPN_TOTP_SECRET}
      VPN_HOST: ${VPN_HOST}
      VNC_PASSWORD: ${VNC_PASSWORD}
      TZ: ${TZ}
      TARGET_IP: ${TARGET_IP}
    ports:
      - ${APP_PORT}:6080
    volumes:
      - ${APP_DATA_DIR}/config:/config
      - /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared:/shared
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
      - /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/init-rego.sh:/opt/scripts/init-vpn.sh:ro
      - /etc/runtipi/repos/runtipi/apps/rego-tunnel/shared/xstartup:/root/.vnc/xstartup:ro
    labels:
      generated: true
      traefik.enable: true
      traefik.docker.network: runtipi_tipi_main_network
      traefik.http.middlewares.rego-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
      traefik.http.services.rego-tunnel-runtipi.loadbalancer.server.port: "6080"
      traefik.http.routers.rego-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel-runtipi-insecure.entrypoints: web
      traefik.http.routers.rego-tunnel-runtipi-insecure.service: rego-tunnel-runtipi
      traefik.http.routers.rego-tunnel-runtipi-insecure.middlewares: rego-tunnel-runtipi-web-redirect
      traefik.http.routers.rego-tunnel-runtipi.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel-runtipi.entrypoints: websecure
      traefik.http.routers.rego-tunnel-runtipi.service: rego-tunnel-runtipi
      traefik.http.routers.rego-tunnel-runtipi.tls.certresolver: myresolver
      runtipi.managed: true
      runtipi.appurn: rego-tunnel:runtipi
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    privileged: true
    cgroup: host
    stop_grace_period: 30s