version: '3.9'

services:
  rego-tunnel:
    container_name: rego-tunnel
    image: dockurr/windows:5.14
    restart: unless-stopped
    devices:
      - /dev/kvm
      - /dev/net/tun
    cap_add:
      - NET_ADMIN
    stop_grace_period: 2m

    ports:
      # Web console (Tipi APP_PORT -> 8006)
      - "192.168.0.151:${APP_PORT}:8006/tcp"

      # RDP
      - "192.168.0.151:3389:3389/tcp"
      - "192.168.0.151:3389:3389/udp"

      # Optional admin
      - "192.168.0.151:21:21/tcp"
      - "192.168.0.151:22:22/tcp"

      # IBM i common
      - "192.168.0.151:23:23/tcp"
      - "192.168.0.151:449:449/tcp"
      - "192.168.0.151:446:446/tcp"
      - "192.168.0.151:448:448/tcp"
      - "192.168.0.151:8470:8470/tcp"
      - "192.168.0.151:8471:8471/tcp"
      - "192.168.0.151:8472:8472/tcp"
      - "192.168.0.151:8473:8473/tcp"
      - "192.168.0.151:8474:8474/tcp"
      - "192.168.0.151:8475:8475/tcp"
      - "192.168.0.151:8476:8476/tcp"

    environment:
      - RAM_SIZE=${WINDOWS_RAM_GB}G
      - CPU_CORE=${WINDOWS_CPU_CORES}
      - DISK_SIZE=${WINDOWS_DISK_SIZE_GB}G
      - VERSION=${WINDOWS_VERSION}

    volumes:
      - ${APP_DATA_DIR}/data/storage:/storage

    networks:
      - tipi_main_network

    sysctls:
      - net.ipv4.ip_forward=1

    labels:
      traefik.enable: true
      traefik.http.middlewares.rego-tunnel-web-redirect.redirectscheme.scheme: https
      traefik.http.services.rego-tunnel.loadbalancer.server.port: 8006

      traefik.http.routers.rego-tunnel-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel-insecure.entrypoints: web
      traefik.http.routers.rego-tunnel-insecure.service: rego-tunnel
      traefik.http.routers.rego-tunnel-insecure.middlewares: rego-tunnel-web-redirect

      traefik.http.routers.rego-tunnel.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.rego-tunnel.entrypoints: websecure
      traefik.http.routers.rego-tunnel.service: rego-tunnel
      traefik.http.routers.rego-tunnel.tls.certresolver: myresolver

      traefik.http.routers.rego-tunnel-local-insecure.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
      traefik.http.routers.rego-tunnel-local-insecure.entrypoints: web
      traefik.http.routers.rego-tunnel-local-insecure.service: rego-tunnel
      traefik.http.routers.rego-tunnel-local-insecure.middlewares: rego-tunnel-web-redirect

      traefik.http.routers.rego-tunnel-local.rule: Host(`rego-tunnel.${LOCAL_DOMAIN}`)
      traefik.http.routers.rego-tunnel-local.entrypoints: websecure
      traefik.http.routers.rego-tunnel-local.service: rego-tunnel
      traefik.http.routers.rego-tunnel-local.tls: true

      runtipi.managed: true

networks:
  tipi_main_network:
    external: true