deploy: Docker Compose stack with Caddy + Cloudflare TLS

Full production stack via docker compose:
- Caddy reverse proxy with Cloudflare DNS-01 TLS certs
- warzone-server (featherChat API + web UI)
- wzp-relay (QUIC audio SFU)
- wzp-web (browser WS ↔ QUIC bridge)

Architecture:
  Internet → Caddy (443/TLS) → voip.manko.yoga
    /*       → warzone-server:7700
    /audio/* → wzp-web:8080

Files:
- docker-compose.yml: main stack (4 services)
- docker-compose.ipv6.yml: IPv6 overlay
- Caddyfile: Cloudflare DNS challenge + reverse proxy
- Dockerfile.server: featherChat multi-stage build
- Dockerfile.wzp: wzp-relay + wzp-web multi-stage build
- .env.example: DNS records for dev/staging/prod
- test-stack.sh: smoke test (8 checks)
- .dockerignore: excludes target/, .git/, etc.

Deployment targets:
  dev:  172.16.81.135
  ipv6: 2a0d:3344:692c:2500:14f2:5885:d73c:b0a1
  prod: 63.250.54.239 / 2602:ff16:9:0:1:3d9:0:1

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

warzone/deploy/docker/docker-compose.ipv6.yml

@@ -0,0 +1,24 @@
+# IPv6 overlay — use with:
+#   docker compose -f docker-compose.yml -f docker-compose.ipv6.yml up -d
+#
+# Requires Docker daemon IPv6 support:
+#   /etc/docker/daemon.json: {"ipv6": true, "fixed-cidr-v6": "fd00::/80"}
+
+services:
+  caddy:
+    ports:
+      - "[::]:80:80"
+      - "[::]:443:443"
+      - "[::]:443:443/udp"
+
+networks:
+  frontend:
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:cafe:1::/64
+  backend:
+    enable_ipv6: true
+    ipam:
+      config:
+        - subnet: fd00:cafe:2::/64