version: '2.2'
# Example compose file for production deployment on Linux.
#
# Note: This file is meant to serve as a template. Please modify it
# according to your needs. Read more about Docker Compose:
#
# https://docs.docker.com/compose/compose-file/
#
#
x-deploy: &default-deploy
  restart_policy:
    condition: unless-stopped
    delay: 5s
    window: 120s
  update_config:
    order: start-first

services:
  firezone:
    image: firezone/firezone:${VERSION:-latest}
    ports:
      - 51820:51820/udp
    environment:
      EXTERNAL_URL: "https://fz.ixvd.net/"
      DATABASE_HOST: "fz-postgres"
      DATABASE_USER: "firezone"
      DATABASE_PASSWORD: "firezone"
    env_file:
      - /etc/ixvd/secrets/env/firezone.env
    volumes:
      - /srv/firezone/config:/var/firezone
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.forwarding=1
    depends_on:
      - postgres
    networks:
      proxy:
      fz-internal:
        ipv4_address: 172.90.0.10
        ipv6_address: fcff:3990:3990::99

  fz-postgres:
    image: postgres:15
    volumes:
      - /srv/firezone/data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: firezone
      POSTGRES_USER: firezone
      POSTGRES_PASSWORD: firezone
    networks:
      - fz-internal

networks:
  fz-internal:
    enable_ipv6: true
    driver: bridge
    ipam:
      config:
        - subnet: 172.90.0.0/16
        - subnet: fcff:3990:3990::/64
          gateway: fcff:3990:3990::1