services:
  nofi:
    build: .
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nofi.rule=Host(`nofi.lol`) || Host(`www.nofi.lol`)"
      - "traefik.http.services.nofi.loadbalancer.server.port=80"
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:80/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    networks:
      - traefik-public
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
      - CHOWN
      - SETGID
      - SETUID
      - DAC_OVERRIDE
    read_only: true
    tmpfs:
      - /tmp
      - /var/cache/nginx
      - /var/run

networks:
  traefik-public:
    external: true