add

2024-11-02 14:53:08 +08:00
parent 614dd7f248
commit 09ce464cc0
2 changed files with 89 additions and 0 deletions
--- a/docker-compose_all.yaml
+++ b/docker-compose_all.yaml
@@ -0,0 +1,51 @@
+version: '3.5'
+
+services:
+  tailscaled:
+    container_name: tailscaled
+    image: tailscale/tailscale:unstable-v1.77.41
+    network_mode: host  # 直接使用主机网络
+    privileged: true  # 需要权限访问 TUN 设备
+    restart: always
+    cap_add:
+      - net_admin
+      - sys_module
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    volumes:
+      - ./lib/:/var/lib/tailscale  # 使状态路径挂载为 tailscaled 使用的状态目录
+      - /dev/net/tun:/dev/net/tun  # 访问 TUN 设备
+      - /var/run/dbus:/var/run/dbus
+      - /var/run/tailscale:/var/run/tailscale
+      - /tmp:/tmp
+    environment:
+      - TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d  # 使用认证密钥
+      - TS_STATE_DIR=/var/lib/tailscale  # 状态保存路径
+      - TS_USERSPACE=false  # 使用内核的 TUN 设备
+      - TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top # 指定 Headscale 登录服务器
+
+  derper:
+    image: 1itt1eb0y/derper:2024-10-31-08-58-23
+    container_name: derper
+    network_mode: host
+    volumes:
+      - /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt  # SSL 证书映射
+      - /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key  # 私钥映射
+      - /var/run/tailscale:/var/run/tailscale
+      - /tmp:/tmp
+    restart: always
+    depends_on:
+      - tailscaled  # 等待 tailscaled 启动后再启动
+    entrypoint: [""]
+    command:
+      - /bin/bash
+      - -c
+      - |
+          /app/derper \
+          -hostname headscale.jmsu.top \
+          -certdir /app/certs \
+          -certmode manual \
+          -a :3477 \
+          -stun-port 3478 \
+          -http-port -1 \
+          -verify-clients
--- a/docker-compose_example.yaml
+++ b/docker-compose_example.yaml
@@ -0,0 +1,38 @@
+---
+version: "3.7"
+services:
+  ts-mealie:
+    image: tailscale/tailscale:latest
+    container_name: ts-mealie
+    hostname: mealie
+    environment:
+      - TS_AUTHKEY=tskey-client-kwLoXj6CNTRL-vCLN9Ab8QYYoLSEM98riXYLnfmtej6Lh?ephemeral=false
+      - "TS_EXTRA_ARGS=--advertise-tags=tag:container --reset"
+      - TS_SERVE_CONFIG=/config/mealie.json
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_USERSPACE=false
+    volumes:
+      - ${PWD}/state:/var/lib/tailscale
+      - ${PWD}/config:/config
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+    restart: unless-stopped
+  mealie:
+    image: ghcr.io/mealie-recipes/mealie:v1.0.0
+    container_name: mealie
+    network_mode: service:ts-mealie
+    depends_on:
+      - ts-mealie
+    volumes:
+      - mealie-data:/app/data
+    environment:
+      - ALLOW_SIGNUP=true
+    restart: unless-stopped
+
+volumes:
+  mealie-data:
+    driver: local
+  ts-mealie:
+    driver: local