N8N

services:
  tailscale:
    image: ghcr.io/tailscale/tailscale:${TAILSCALE_VERSION}
    container_name: ${APP_NAME}-tailscale
    hostname: ${SUBDOMAIN}
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - tailscale-state:/var/lib/tailscale
    environment:
      - TZ=${TZ}
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_USERSPACE=false
      - TS_HOSTNAME=${SUBDOMAIN}
      - TS_ACCEPT_DNS=true
    command: >
      sh -c "
        tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/var/run/tailscale/tailscaled.sock &
        sleep 5

        tailscale up --authkey=${TS_AUTHKEY} --hostname=${SUBDOMAIN} --accept-dns=true --accept-routes=true

        echo 'Waiting for Tailscale to connect...'
        until tailscale status --json 2>/dev/null | grep -q 'Running'; do
          sleep 2
        done
        echo 'Tailscale connected successfully!'
        
        echo 'Getting SSL certificate and setting up HTTPS...'
        tailscale cert ${SUBDOMAIN}.${TAILNET_ROOT}
        tailscale serve --bg --https=443 --set-path=/ http://localhost:5678
        sleep 10
        
        echo 'Checking serve status...'
        tailscale serve status
        
        tailscale status
        echo 'N8N should be available at: https://${SUBDOMAIN}.${TAILNET_ROOT}'

        wait
      "
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "sh", "-c", "tailscale status --json >/dev/null 2>&1"]
      interval: 15s
      timeout: 5s
      retries: 10
      start_period: 60s

  n8n:
    image: docker.n8n.io/n8nio/n8n:${N8N_VERSION}
    container_name: ${APP_NAME}-app
    depends_on:
      tailscale:
        condition: service_healthy
    network_mode: "service:tailscale"
    volumes:
      - n8n-data:/home/node/.n8n
    environment:
      - TZ=${TZ}
      - GENERIC_TIMEZONE=${TZ}
      - N8N_HOST=0.0.0.0
      - N8N_PORT=5678
      - N8N_PROTOCOL=http
      - WEBHOOK_URL=https://${SUBDOMAIN}.${TAILNET_ROOT}
      - N8N_SECURE_COOKIE=true
      - N8N_PROXY_HOPS=1
      - DB_SQLITE_POOL_SIZE=5
      - N8N_RUNNERS_ENABLED=true
      - N8N_BLOCK_ENV_ACCESS_IN_NODE=false
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
    restart: unless-stopped

volumes:
  tailscale-state:
    name: tailscale-state-${APP_NAME}
  n8n-data:
    name: n8n-data-${APP_NAME}

# Required variables
TS_AUTHKEY=tskey-xxxxxxxxxxx
TAILNET_ROOT=tailxxxxxx.ts.net
SUBDOMAIN=n8n

# Optional variables (with default values)
APP_NAME=n8n
APP_PORT=5678
TZ=Europe/Warsaw

# Image versions
TAILSCALE_VERSION=v1.88.2
N8N_VERSION=1.112.6