services: postgres: image: postgres:15.2-alpine container_name: ztnet-postgres restart: unless-stopped environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_DB: ${POSTGRES_DB} volumes: - postgres-data:/var/lib/postgresql/data networks: - app-network zerotier: image: zyclonite/zerotier:1.14.0 hostname: zerotier container_name: zerotier restart: unless-stopped volumes: - zerotier:/var/lib/zerotier-one cap_add: - NET_ADMIN - SYS_ADMIN devices: - /dev/net/tun:/dev/net/tun networks: - app-network ports: - "9993:9993/udp" # Zerotier default UDP port environment: - ZT_OVERRIDE_LOCAL_CONF=true - ZT_ALLOW_MANAGEMENT_FROM=172.31.255.0/29 ztnet: image: sinamics/ztnet:latest container_name: ztnet working_dir: /app restart: unless-stopped depends_on: - postgres - zerotier environment: POSTGRES_HOST: postgres POSTGRES_PORT: 5432 POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_DB: ${POSTGRES_DB} NEXTAUTH_URL: ${NEXTAUTH_URL} # e.g. https://ztnet.rozic-dev.com NEXTAUTH_SECRET: ${NEXTAUTH_SECRET} NEXTAUTH_URL_INTERNAL: ${NEXTAUTH_URL_INTERNAL} # http://ztnet:3000 volumes: - zerotier:/var/lib/zerotier-one networks: - app-network - traefik_default labels: - "traefik.enable=true" - "traefik.docker.network=traefik_default" - "traefik.http.routers.ztn.rule=Host(`${ZTN_DOMAIN}`)" - "traefik.http.routers.ztn.entrypoints=websecure" - "traefik.http.routers.ztn.tls.certresolver=letsencrypt" - "traefik.http.services.ztn.loadbalancer.server.port=3000" volumes: zerotier: postgres-data: networks: app-network: driver: bridge ipam: driver: default config: - subnet: 172.31.255.0/29 # This MUST already exist (created by your Traefik stack) traefik_default: external: true