# {{ ansible_managed }}
version: "3.8"
services:
  priviblur:
    container_name: priviblur
    image: quay.io/pussthecatorg/priviblur
    security_opt:
      - no-new-privileges
    environment:
      - TZ=Asia/Singapore
#      - PRIVIBLUR_FORWARDED_SECRET =
      - PRIVIBLUR_PROXIES_COUNT=1
      - PRIVIBLUR_REAL_IP_HEADER="x-real-ip"
    restart: unless-stopped
    ports:
      - 8907:8000
    volumes:
      - {{ docker_dir }}/priviblur/config.toml:/priviblur/config.toml:Z,ro
    networks:
      - priviblur

  priviblur-redis:
    container_name: priviblur-redis
    image: docker.io/valkey/valkey:alpine
    command: valkey-server --save 30 1 --loglevel warning
    security_opt:
      - no-new-privileges
    environment:
      #- PUID=1000
      #- PGID=1000
      - TZ=Asia/Singapore
    volumes:
      - {{ docker_dir }}/priviblur/valkey-data:/data
    user: "999:1000"
    read_only: true
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    restart: unless-stopped
    networks:
      - priviblur

networks:
  priviblur:
    name: priviblur