opnxng-deploy-playbook/templates/compose/proxitok.yaml.j2

# {{ ansible_managed }}
version: '3.3'
services:
  proxitok:
    image: ghcr.io/pablouser1/proxitok:latest
    container_name: proxitok
    security_opt:
      - no-new-privileges
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
      - LATTE_CACHE=/cache
      - API_CACHE=redis
      - REDIS_HOST=proxitok-redis
      - REDIS_PORT=6379
      - API_SIGNER=remote
      - APP_URL=https://tt.opnxng.com
      - API_SIGNER_URL=http://proxitok-signer:8080/signature
    restart: unless-stopped
    ports:
      - 8909:8080
    depends_on:
      - proxitok-redis
      - signer
    networks:
      - IPv4
      
  proxitok-redis:
    container_name: proxitok-redis
    image: redis:alpine
    command: redis-server --save 60 1 --loglevel warning
    user: nobody
    read_only: true
    security_opt:
      - no-new-privileges:true
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
    tmpfs:
      - /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
    cap_drop:
      - ALL
    restart: unless-stopped
    networks:
      - IPv4

  signer:
    container_name: proxitok-signer
    image: ghcr.io/pablouser1/signtok:master
    init: true
    user: nobody
    read_only: true
    security_opt:
      - no-new-privileges:true
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Singapore
    cap_drop:
      - ALL
    networks:
      - IPv4
networks:
  IPv4:
    external:
      name: IPv4