feat(docker): add Tailscale sidecar container and configure networking

- Add Tailscale container with hostname 'patrizio' for network connectivity - Configure health check for Tailscale service availability - Make patrizio service depend on healthy Tailscale container - Mount required volumes for Tailscale state and kernel modules - Grant necessary capabilities (net_admin, sys_module, net_raw) for VPN operation - Add internal network configuration for service isolation - Switch patrizio to use published image (ghcr.io/polpetta/patrizio-bot:v0.2.0) - Standardize logging configuration across both services
2026-04-06 18:03:36 +02:00 · 2026-04-06 18:03:36 +02:00 · ba23e35f7e
commit ba23e35f7e
parent b9ee458c11
1 changed files with 31 additions and 3 deletions
--- a/patrizio/docker-compose.yml
+++ b/patrizio/docker-compose.yml
@ -1,12 +1,40 @@
 services:
  patrizio:
-    build:
-      context: .
-      dockerfile: Dockerfile
+    image: ghcr.io/polpetta/patrizio-bot:v0.2.0
    restart: unless-stopped
    command: -f /data/ serve
    volumes:
      - ./data:/data:rw
+    depends_on:
+      tailscale:
+        condition: service_healthy
+    logging:
+      driver: "json-file"
+      options:
+        mode: "non-blocking"
+        max-size: "10m"
+        max-file: "3"
+  tailscale:
+    hostname: patrizio
+    image: tailscale/tailscale:latest
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "tailscale status"]
+      interval: 1s
+      timeout: 5s
+      retries: 60
+    volumes:
+      - /srv/docker/patrizio/tailscale:/var/lib
+      - /lib/modules:/lib/modules:ro
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+      - net_raw
+    command: tailscaled
+    networks:
+      - internal
    logging:
      driver: "json-file"
      options: