services:
  polyanarchy:
    build: .
    restart: unless-stopped
    read_only: true
    tmpfs:
      - /tmp
      - /var/cache/nginx
      - /var/run
    cap_drop: [ALL]
    cap_add: [NET_BIND_SERVICE, CHOWN, SETGID, SETUID, DAC_OVERRIDE]
    security_opt:
      - no-new-privileges:true
    labels:
      - traefik.enable=true
      - traefik.http.routers.polyanarchy.rule=Host(`polyanarchy.us`) || Host(`www.polyanarchy.us`)
      - traefik.http.routers.polyanarchy.entrypoints=web
      - traefik.http.services.polyanarchy.loadbalancer.server.port=80
      - traefik.docker.network=traefik-public
    networks:
      - traefik-public

networks:
  traefik-public:
    external: true