--- services: redlib: image: quay.io/redlib/redlib:latest restart: unless-stopped container_name: "redlib" # exposed via caddy -> doesn't need an external port user: nobody read_only: true security_opt: - no-new-privileges:true # - seccomp=seccomp-redlib.json cap_drop: - ALL environment: - REDLIB_DEFAULT_THEME=dracula; - REDLIB_DEFAULT_SHOW_NSFW=on; - REDLIB_DEFAULT_HIDE_AWARDS=on; - REDLIB_DEFAULT_USE_HLS=on; - REDLIB_DEFAULT_BLUR_SPOILER=on; networks: public: ipv4_address: 192.168.240.51 healthcheck: test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"] interval: 5m timeout: 3s