44 lines
1.3 KiB
YAML
Executable File
44 lines
1.3 KiB
YAML
Executable File
services:
|
|
vpn:
|
|
build: ./vpn-openconnect-sso
|
|
container_name: cistech-vpn
|
|
cap_add:
|
|
- NET_ADMIN
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
environment:
|
|
OC_URL: ${OC_URL}
|
|
OC_SERVERCERT: ${OC_SERVERCERT}
|
|
OC_AUTHGROUP: ${OC_AUTHGROUP}
|
|
OC_INTERFACE: tun0
|
|
OC_SSO_ARGS: ${OC_SSO_ARGS:- --browser-display-mode shown}
|
|
VNC_PASSWORD: ${VNC_PASSWORD:-changeme}
|
|
NOVNC_PORT: ${NOVNC_PORT:-6901}
|
|
ports:
|
|
- "${PUBLISH_ADDR:-0.0.0.0}:${NOVNC_PORT:-6901}:${NOVNC_PORT:-6901}"
|
|
volumes:
|
|
- vpn_state:/root
|
|
restart: unless-stopped
|
|
|
|
ssh_tunnel:
|
|
image: alpine:3.20
|
|
container_name: cistech-ssh-tunnel
|
|
network_mode: "service:vpn"
|
|
depends_on:
|
|
- vpn
|
|
volumes:
|
|
- ${SSH_KEY_PATH:-/home/alexz/.ssh/id_ed25519-lenovo}:/root/.ssh/id_ed25519-lenovo:ro
|
|
command: >
|
|
sh -lc "apk add --no-cache openssh-client &&
|
|
exec ssh -N -i /root/.ssh/id_ed25519-lenovo \
|
|
-o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes \
|
|
-L 0.0.0.0:8090:localhost:8090 \
|
|
-L 0.0.0.0:2001:localhost:2001 \
|
|
-L 0.0.0.0:36001:localhost:36001 \
|
|
-L 0.0.0.0:36000:localhost:36000 \
|
|
zawa@10.3.1.201"
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
vpn_state: {}
|