version: "3.0"

#
# updated: 2023-12-13
# stack:   host
#

services:

  x-host:

    restart: unless-stopped
    stop_grace_period: 5s
    stdin_open: true
    tty: true

    user: ${VM_USER}:${VM_GROUP}

    privileged: false

    security_opt:
      - no-new-privileges=true

    cap_drop:
      - ALL

    cap_add:
      - KILL

    ipc: "private"

    dns:
      - 1.1.1.1
      - 8.8.8.8
      - 1.0.0.1
      - 8.8.4.4

    extra_hosts:
      - "vm.${VM_DOMAIN}:${VM_IP}"

    healthcheck:
      interval: 60s
      timeout: 10s
      retries: 5
      start_period: 60s

    environment:
      TZ: "Europe/Paris"
      PUID: 1000
      PGID: 1000

    labels:
      com.centurylinklabs.watchtower.enable: true
      logging: "promtail"
      com.vm.versionning: "${VM_VERSIONNING}"
      com.stack.owner: "Olivier Le Bris"
      com.stack.owner.email: "tech@zogg.fr"
      com.stack.owner.url: "https://zogg.fr"
      com.stack.name: "common"
      com.stack.service.name: "common"
      traefik.docker.network: traefik

    ulimits:
      nproc: 65535
      nofile:
        soft: 20000
        hard: 40000

    deploy:
      resources:
        limits:
          cpus: "1.0"
          memory: 64M
          pids: 64

    tmpfs:
      - /tmp:rw,size=64M
      - /run:rw,exec,size=16M,mode=01777
      - /var/log:rw,size=64M,mode=01777
      - /var/cache:rw,size=64M,mode=01777

    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /proc/cgroups:/cgroup:rw
      - /var/run/docker.sock:/var/run/docker.sock:rw