{
  "$schema": "https://schemas.runtipi.io/v2/dynamic-compose.json",
  "schemaVersion": 2,
  "services": [
    {
      "name": "vpn_a",
      "image": "vpn-openconnect-sso:latest",
      "isMain": true,
      "internalPort": 6901,
      "capAdd": ["NET_ADMIN"],
      "devices": [
        { "hostPath": "/dev/net/tun", "containerPath": "/dev/net/tun" }
      ],
      "environment": [
        { "key": "OC_URL", "value": "${OC_URL_A}" },
        { "key": "OC_SERVERCERT", "value": "${OC_SERVERCERT_A}" },
        { "key": "OC_AUTHGROUP", "value": "${OC_AUTHGROUP_A}" },
        { "key": "OC_INTERFACE", "value": "tun0" },
        { "key": "OC_SSO_ARGS", "value": "${OC_SSO_ARGS_A}" },
        { "key": "VNC_PASSWORD", "value": "${VNC_PASS_A}" },
        { "key": "NOVNC_PORT", "value": "6901" }
      ],
      "volumes": [
        { "hostPath": "${APP_DATA_DIR}/data/vpn_a_state", "containerPath": "/root" }
      ],
      "restartPolicy": "unless-stopped"
    },
    {
      "name": "ssh_tunnel",
      "image": "alpine:3.20",
      "networkMode": "service:vpn_a",
      "volumes": [
        { "hostPath": "${SSH_KEY_PATH}", "containerPath": "/root/.ssh/id_ed25519-lenovo", "readOnly": true }
      ],
      "command": "sh -lc \"apk add --no-cache openssh-client && exec ssh -N -i /root/.ssh/id_ed25519-lenovo -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -L 127.0.0.1:8090:localhost:8090 -L 127.0.0.1:2001:localhost:2001 -L 127.0.0.1:36001:localhost:36001 zawa@10.3.1.201\"",
      "restartPolicy": "unless-stopped"
    }
  ]
}