InfinityGrid-Sticker/docker-compose.yml at main · 10htts/InfinityGrid-Sticker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
services:
  app:
    image: ghcr.io/10htts/infinitygrid-sticker:latest
    pull_policy: always
    container_name: infinitygrid-app
    restart: unless-stopped
    environment:
      PORT: "3000"
      HOST: "0.0.0.0"
    expose:
      - "3000"
    read_only: true
    # Required: export endpoints write transient files via Python tempfile.
    tmpfs:
      - /tmp:rw,noexec,nosuid,size=32m
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    pids_limit: 128
    mem_limit: 256m
    cpus: 1.0
    networks:
      - app_net

  cloudflared:
    image: cloudflare/cloudflared:latest
    container_name: infinitygrid-cloudflared
    restart: unless-stopped
    command: tunnel --no-autoupdate run --token ${CLOUDFLARED_TOKEN:?Set CLOUDFLARED_TOKEN in .env}
    depends_on:
      - app
    read_only: true
    # Keep a writable runtime temp dir for cloudflared internals.
    tmpfs:
      - /tmp:rw,noexec,nosuid,size=16m
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    pids_limit: 64
    mem_limit: 128m
    cpus: 0.5
    networks:
      - app_net
      - edge_net

networks:
  app_net:
    internal: true
  edge_net:
    driver: bridge