From 60ca0640a3a0dff2881ff4765a604c8ade611b77 Mon Sep 17 00:00:00 2001
From: ARCHITECT <architect@tzzr.local>
Date: Fri, 16 Jan 2026 21:31:31 +0000
Subject: [PATCH] Add DECK server Docker Compose configurations

- tzzr-stack: PostgreSQL, PostgREST, Directus (unified DB stack)
- services: Shlink, Filebrowser, Redis, Vaultwarden, ntfy

PostgreSQL migrated from host to Docker with all services
connected via tzzr-net network.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 infra/deck/services.docker-compose.yml   | 75 +++++++++++++++++++++++
 infra/deck/tzzr-stack.docker-compose.yml | 78 ++++++++++++++++++++++++
 2 files changed, 153 insertions(+)
 create mode 100644 infra/deck/services.docker-compose.yml
 create mode 100644 infra/deck/tzzr-stack.docker-compose.yml

diff --git a/infra/deck/services.docker-compose.yml b/infra/deck/services.docker-compose.yml
new file mode 100644
index 0000000..fa3c2d7
--- /dev/null
+++ b/infra/deck/services.docker-compose.yml
@@ -0,0 +1,75 @@
+# Servicios TZZR - conectan a tzzr-postgres via tzzr-net
+services:
+  filebrowser:
+    image: filebrowser/filebrowser:latest
+    container_name: filebrowser
+    restart: unless-stopped
+    volumes:
+      - /home/user-data/mail/mailboxes:/srv/mailboxes:ro
+      - filebrowser_data:/database
+    ports:
+      - "127.0.0.1:8082:80"
+    environment:
+      FB_DATABASE: /database/filebrowser.db
+      FB_ROOT: /srv
+      FB_NOAUTH: "false"
+
+  shlink:
+    image: shlinkio/shlink:stable
+    container_name: shlink
+    restart: unless-stopped
+    environment:
+      DEFAULT_DOMAIN: shlink.tzzrdeck.me
+      IS_HTTPS_ENABLED: "true"
+      DB_DRIVER: postgres
+      DB_HOST: tzzr-postgres
+      DB_NAME: shlink
+      DB_USER: tzzr
+      DB_PASSWORD: TzzrDB-2024-Secure
+    ports:
+      - "127.0.0.1:8083:8080"
+    networks:
+      - tzzr-net
+
+  redis:
+    image: redis:alpine
+    container_name: redis
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:6379:6379"
+    volumes:
+      - redis_data:/data
+
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    environment:
+      DOMAIN: "https://pass.tzzrdeck.me"
+      ADMIN_TOKEN: "TzzrVault-Admin-2024-SuperSecureToken"
+      SIGNUPS_ALLOWED: "false"
+      INVITATIONS_ALLOWED: "true"
+    volumes:
+      - vaultwarden_data:/data
+    ports:
+      - "127.0.0.1:8085:80"
+
+  ntfy:
+    image: binwiederhier/ntfy
+    container_name: ntfy
+    restart: unless-stopped
+    command: serve
+    ports:
+      - "0.0.0.0:8080:80"
+    volumes:
+      - ntfy_data:/var/lib/ntfy
+
+networks:
+  tzzr-net:
+    external: true
+
+volumes:
+  filebrowser_data:
+  redis_data:
+  vaultwarden_data:
+  ntfy_data:
diff --git a/infra/deck/tzzr-stack.docker-compose.yml b/infra/deck/tzzr-stack.docker-compose.yml
new file mode 100644
index 0000000..3ec3ce1
--- /dev/null
+++ b/infra/deck/tzzr-stack.docker-compose.yml
@@ -0,0 +1,78 @@
+services:
+  postgres:
+    image: postgres:15-alpine
+    container_name: tzzr-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: TzzrPostgres-2024
+      POSTGRES_DB: postgres
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    ports:
+      - "127.0.0.1:5432:5432"
+    networks:
+      - tzzr-net
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  postgrest:
+    image: postgrest/postgrest:latest
+    container_name: tzzr-postgrest
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      PGRST_DB_URI: postgres://authenticator:postgrest_deck_2024@postgres:5432/tzzr
+      PGRST_DB_SCHEMAS: public,tzzr_core_hst,tzzr_core_itm_base,tzzr_core_secretaria,tzzr_core_produccion,mail_manager,context_manager
+      PGRST_DB_ANON_ROLE: web_anon
+      PGRST_SERVER_PORT: 3000
+    ports:
+      - "127.0.0.1:3000:3000"
+    networks:
+      - tzzr-net
+
+  directus:
+    image: directus/directus:11
+    container_name: tzzr-directus
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      DB_CLIENT: pg
+      DB_HOST: postgres
+      DB_PORT: 5432
+      DB_DATABASE: tzzr
+      DB_USER: tzzr
+      DB_PASSWORD: TzzrDB-2024-Secure
+      DB_SEARCH_PATH: tzzr_core_hst,tzzr_core_itm_base,tzzr_core_secretaria,tzzr_core_oracle,tzzr_core_contabilidad,tzzr_core_administracion,tzzr_core_produccion,public
+      KEY: d8f4a2e1b5c9f0a3e6d7c8b9a0e1f2d3
+      SECRET: a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8
+      ADMIN_EMAIL: admin@tzzrdeck.me
+      ADMIN_PASSWORD: TzzrAdmin-2024
+      PUBLIC_URL: https://directus.tzzrdeck.me
+      CORS_ENABLED: "true"
+      CORS_ORIGIN: "true"
+      CONTENT_SECURITY_POLICY_DIRECTIVES__IMG_SRC: "'self' data: blob: https://tzrtech.org https://atc.tzzrdeck.me https://tzzrdeck.me"
+    ports:
+      - "127.0.0.1:8055:8055"
+    volumes:
+      - directus_uploads:/directus/uploads
+      - directus_extensions:/directus/extensions
+    networks:
+      - tzzr-net
+
+networks:
+  tzzr-net:
+    name: tzzr-net
+    driver: bridge
+
+volumes:
+  postgres_data:
+  directus_uploads:
+  directus_extensions: