---
services:
  redlib:
    image: quay.io/redlib/redlib:{{ redlib_container_version }}
    restart: {{ redlib_restart_policy }}
    container_name: {{ redlib_container_name }}
    ports:
      - "{{ redlib_http_port }}:8080"
    user: nobody
    read_only: true
    security_opt:
      - no-new-privileges:true
      # - seccomp=seccomp-redlib.json
    cap_drop:
      - ALL
    networks:
      - redlib
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
      interval: 5m
      timeout: 3s
{% if redlib_extra_env_vars %}
    environment:
{% for item in redlib_extra_env_vars | dict2items %}
      - {{ item.key }}="{{ item.value }}"
{% endfor %}
{% endif %}

networks:
  redlib: