commit 177b7c73148ed15e650c8a9bb3baa54c47b06218
Author: Dejan R. <drozic1989@gmail.com>
Date:   Sun Nov 23 18:41:26 2025 +0000

    first commit

diff --git a/.env b/.env
new file mode 100644
index 0000000..2ea0803
--- /dev/null
+++ b/.env
@@ -0,0 +1,11 @@
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=change_me_strong
+POSTGRES_DB=ztnet
+
+# public URL where users access the UI (set your domain):
+ZTN_DOMAIN=ztnet.rozic-dev.com
+NEXTAUTH_URL=https://ztnet.rozic-dev.com
+NEXTAUTH_SECRET=$(openssl rand -hex 32)
+
+# internal URL the ztnet container uses to reach itself:
+NEXTAUTH_URL_INTERNAL=http://ztnet:3000
diff --git a/docker-compose-2.yml b/docker-compose-2.yml
new file mode 100644
index 0000000..dd86010
--- /dev/null
+++ b/docker-compose-2.yml
@@ -0,0 +1,79 @@
+services:
+  postgres:
+    image: postgres:15.2-alpine
+    container_name: ztnet-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    networks:
+      - app-network
+
+  zerotier:
+    image: zyclonite/zerotier:1.14.0
+    hostname: zerotier
+    container_name: zerotier
+    restart: unless-stopped
+    volumes:
+      - zerotier:/var/lib/zerotier-one
+    cap_add:
+      - NET_ADMIN
+      - SYS_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    networks:
+      - app-network
+    ports:
+      - "9993:9993/udp"   # Zerotier default UDP port
+    environment:
+      - ZT_OVERRIDE_LOCAL_CONF=true
+      - ZT_ALLOW_MANAGEMENT_FROM=172.31.255.0/29
+
+  ztnet:
+    image: sinamics/ztnet:latest
+    container_name: ztnet
+    working_dir: /app
+    restart: unless-stopped
+    depends_on:
+      - postgres
+      - zerotier
+    environment:
+      POSTGRES_HOST: postgres
+      POSTGRES_PORT: 5432
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+      NEXTAUTH_URL: ${NEXTAUTH_URL}                 # e.g. https://ztnet.rozic-dev.com
+      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
+      NEXTAUTH_URL_INTERNAL: ${NEXTAUTH_URL_INTERNAL}  # http://ztnet:3000
+    volumes:
+      - zerotier:/var/lib/zerotier-one
+    networks:
+      - app-network
+      - traefik_default
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik_default"
+      - "traefik.http.routers.ztn.rule=Host(`${ZTN_DOMAIN}`)"
+      - "traefik.http.routers.ztn.entrypoints=websecure"
+      - "traefik.http.routers.ztn.tls.certresolver=letsencrypt"
+      - "traefik.http.services.ztn.loadbalancer.server.port=3000"
+
+volumes:
+  zerotier:
+  postgres-data:
+
+networks:
+  app-network:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.31.255.0/29
+  # This MUST already exist (created by your Traefik stack)
+  traefik_default:
+    external: true
+
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..37934ec
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,93 @@
+version: "3.8"
+
+services:
+  postgres:
+    image: postgres:15.2-alpine
+    container_name: postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: ztnet
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    networks:
+      - app-network
+      - traefik_default
+
+  zerotier:
+    image: zyclonite/zerotier:1.14.2
+    container_name: zerotier
+    hostname: zerotier
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    volumes:
+      - zerotier:/var/lib/zerotier-one
+    environment:
+      - ZT_OVERRIDE_LOCAL_CONF=true
+      - ZT_ALLOW_MANAGEMENT_FROM=172.31.255.0/29
+    networks:
+      - app-network
+    ports:
+      - "9994:9993/udp"
+
+  ztnet:
+    image: sinamics/ztnet:latest
+    container_name: ztnet
+    working_dir: /app
+    restart: unless-stopped
+    volumes:
+      - zerotier:/var/lib/zerotier-one
+    environment:
+      POSTGRES_HOST: postgres
+      POSTGRES_PORT: 5432
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: ztnet
+      NEXTAUTH_URL: "https://ztnet.rozic-dev.com"
+      NEXTAUTH_SECRET: "random_secret"
+      NEXTAUTH_URL_INTERNAL: "http://ztnet:3000"
+      HOST: "0.0.0.0"
+      PORT: "3000"
+    networks:
+      - app-network
+      - traefik_default
+    depends_on:
+      - postgres
+      - zerotier
+    labels:
+      - "traefik.enable=true"
+
+      # Router (HTTPS)
+      - "traefik.http.routers.ztnet.rule=Host(`ztnet.rozic-dev.com`)"
+      - "traefik.http.routers.ztnet.entrypoints=websecure"
+      - "traefik.http.routers.ztnet.tls=true"
+      - "traefik.http.routers.ztnet.tls.certresolver=letsencrypt"
+
+      # HTTP → HTTPS redirect
+      - "traefik.http.routers.ztnet-http.rule=Host(`ztnet.rozic-dev.com`)"
+      - "traefik.http.routers.ztnet-http.entrypoints=web"
+      - "traefik.http.routers.ztnet-http.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+      # Service inside container
+      - "traefik.http.services.ztnet.loadbalancer.server.port=3000"
+      - "traefik.docker.network=traefik_default"
+
+volumes:
+  zerotier:
+  postgres-data:
+
+networks:
+  app-network:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.31.255.0/29
+
+  traefik_default:
+    external: true