fix: feat: move reverse tunnel into disinto-edge container with single-port forward (#622)

- Dockerfile: add openssh-client + autossh to edge image - entrypoint-edge.sh: start autossh reverse tunnel before Caddy when EDGE_TUNNEL_HOST is set; no-op when unset (local-only dev works unchanged) - generators.sh: pass EDGE_TUNNEL_{HOST,USER,PORT,FQDN} env vars and bind-mount secrets/tunnel_key into the edge service Decommission steps for old host-level reverse-tunnel.service: sudo systemctl disable --now reverse-tunnel.service sudo rm /etc/systemd/system/reverse-tunnel.service sudo systemctl daemon-reload Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 19:51:03 +00:00 · 2026-04-10 19:51:03 +00:00 · 4757a9de7a
commit 4757a9de7a
parent 29cbbcb7de
3 changed files with 38 additions and 1 deletions
--- a/docker/edge/Dockerfile
+++ b/docker/edge/Dockerfile
@ -1,4 +1,4 @@
 FROM caddy:latest
-RUN apk add --no-cache bash jq curl git docker-cli python3
+RUN apk add --no-cache bash jq curl git docker-cli python3 openssh-client autossh
 COPY entrypoint-edge.sh /usr/local/bin/entrypoint-edge.sh
 ENTRYPOINT ["bash", "/usr/local/bin/entrypoint-edge.sh"]