version: "3.8" services: comfy_tailscale: image: tailscale/tailscale:latest hostname: comfyui environment: - TS_AUTHKEY=$TS_AUTHKEY - TS_STATE_DIR=/var/lib/tailscale - TS_SERVE_CONFIG=/config/ts_serve.json - TS_USERSPACE=false volumes: - ./comfyui/tailscale-state:/var/lib/tailscale - ./comfyui/ts_serve.json:/config/ts_serve.json devices: - /dev/net/tun:/dev/net/tun cap_add: - net_admin - net_raw restart: unless-stopped comfy_nginx: image: nginx:latest depends_on: - comfy_tailscale restart: unless-stopped volumes: - ./comfyui/nginx.conf:/etc/nginx/nginx.conf:ro - ./.htpasswd:/etc/nginx/.htpasswd:ro network_mode: service:comfy_tailscale filebrowser_tailscale: image: tailscale/tailscale:latest hostname: filebrowser environment: - TS_AUTHKEY=$TS_AUTHKEY - TS_STATE_DIR=/var/lib/tailscale - TS_SERVE_CONFIG=/config/ts_serve.json - TS_USERSPACE=false volumes: - ./filebrowser/tailscale-state:/var/lib/tailscale - ./filebrowser/ts_serve.json:/config/ts_serve.json devices: - /dev/net/tun:/dev/net/tun cap_add: - net_admin - net_raw restart: unless-stopped filebrowser: image: hurlenko/filebrowser container_name: filebrowser user: "${UID}:${GID}" depends_on: - filebrowser_tailscale volumes: - /mnt/data/ai/ComfyUI/output:/data/comfyui-output - /home/noti/dev:/data/dev environment: - FB_BASEURL=/filebrowser restart: unless-stopped network_mode: service:filebrowser_tailscale filebrowser_nginx: image: nginx:latest depends_on: - filebrowser_tailscale restart: unless-stopped volumes: - ./filebrowser/nginx.conf:/etc/nginx/nginx.conf:ro - ./.htpasswd:/etc/nginx/.htpasswd:ro network_mode: service:filebrowser_tailscale llama_tailscale: image: tailscale/tailscale:latest hostname: llama environment: - TS_AUTHKEY=$TS_AUTHKEY - TS_STATE_DIR=/var/lib/tailscale - TS_SERVE_CONFIG=/config/ts_serve.json - TS_USERSPACE=false volumes: - ./llama/tailscale-state:/var/lib/tailscale - ./llama/ts_serve.json:/config/ts_serve.json devices: - /dev/net/tun:/dev/net/tun cap_add: - net_admin - net_raw restart: unless-stopped llama_oauth2_proxy: image: quay.io/oauth2-proxy/oauth2-proxy:latest container_name: llama_oauth2_proxy depends_on: - llama_tailscale environment: - OAUTH2_PROXY_PROVIDER=github - OAUTH2_PROXY_CLIENT_ID=${GITHUB_CLIENT_ID} - OAUTH2_PROXY_CLIENT_SECRET=${GITHUB_CLIENT_SECRET} - OAUTH2_PROXY_COOKIE_SECRET=/kGl9ruL8N01Yx5Mj9kVFfuyTehhl3/5 - OAUTH2_PROXY_COOKIE_NAME=llama_session - OAUTH2_PROXY_COOKIE_DOMAINS=llama.story-basking.ts.net - OAUTH2_PROXY_COOKIE_EXPIRE=168h0m0s - OAUTH2_PROXY_COOKIE_REFRESH=60m - OAUTH2_PROXY_COOKIE_SECURE=true - OAUTH2_PROXY_COOKIE_HTTPONLY=true - OAUTH2_PROXY_COOKIE_SAMESITE=lax - OAUTH2_PROXY_REDIRECT_URL=https://llama.story-basking.ts.net/oauth2/callback - OAUTH2_PROXY_EMAIL_DOMAINS=* - OAUTH2_PROXY_UPSTREAMS=http://workstation:5082 - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 - OAUTH2_PROXY_REVERSE_PROXY=true - OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER=true - OAUTH2_PROXY_PASS_ACCESS_TOKEN=true - OAUTH2_PROXY_SET_XAUTHREQUEST=true - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true - OAUTH2_PROXY_SESSION_STORE_TYPE=cookie - OAUTH2_PROXY_STANDARD_LOGGING=true - OAUTH2_PROXY_AUTH_LOGGING=true - OAUTH2_PROXY_REQUEST_LOGGING=true restart: unless-stopped network_mode: service:llama_tailscale llama_nginx: image: nginx:latest depends_on: - llama_tailscale - llama_oauth2_proxy restart: unless-stopped volumes: - ./llama/nginx.conf:/etc/nginx/nginx.conf:ro network_mode: service:llama_tailscale