51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
networks:
|
|
traefik:
|
|
external: true
|
|
|
|
services:
|
|
tunnel-server:
|
|
image: git.nixc.us/colin/better-argo-tunnels:production
|
|
networks:
|
|
- traefik
|
|
environment:
|
|
SSH_PORT: "2222"
|
|
PORT_RANGE_START: "10000"
|
|
PORT_RANGE_END: "10100"
|
|
TRAEFIK_SSH_HOST: "ingress.nixc.us:65522"
|
|
TRAEFIK_SSH_USER: "root"
|
|
TRAEFIK_SSH_KEY: "/keys/deploy_key"
|
|
SWARM_SERVICE_NAME: "better-argo-tunnels_tunnel-server"
|
|
TRAEFIK_ENTRYPOINT: "websecure"
|
|
TRAEFIK_CERT_RESOLVER: "letsencryptresolver"
|
|
HOSTNAME: "{{.Node.Hostname}}"
|
|
NODE_ID: "{{.Node.ID}}"
|
|
SERVICE_NAME: "{{.Service.Name}}"
|
|
TASK_ID: "{{.Task.ID}}"
|
|
ENVIRONMENT: "production"
|
|
volumes:
|
|
- /root/.ssh/tunnel_host_key:/keys/host_key:ro
|
|
- /root/.ssh/authorized_keys:/keys/authorized_keys:ro
|
|
- /root/.ssh/ca-userkey:/keys/deploy_key:ro
|
|
- /root/.ssh/ca-userkey-cert.pub:/keys/deploy_key-cert.pub:ro
|
|
ports:
|
|
- target: 2222
|
|
published: 2222
|
|
protocol: tcp
|
|
mode: host
|
|
deploy:
|
|
replicas: 1
|
|
placement:
|
|
constraints:
|
|
- node.hostname == ingress.nixc.us
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.docker.network: "traefik"
|
|
# Dynamic tunnel labels are added at runtime via docker service update.
|
|
update_config:
|
|
order: stop-first
|
|
failure_action: rollback
|
|
delay: 0s
|
|
parallelism: 1
|
|
restart_policy:
|
|
condition: on-failure
|