mirror of
https://github.com/telemt/telemt.git
synced 2026-06-09 20:41:44 +03:00
40 lines
1.1 KiB
YAML
40 lines
1.1 KiB
YAML
services:
|
|
telemt:
|
|
image: ghcr.io/telemt/telemt:latest
|
|
build:
|
|
context: .
|
|
target: prod
|
|
container_name: telemt
|
|
restart: unless-stopped
|
|
ports:
|
|
- "443:443"
|
|
- "127.0.0.1:9090:9090"
|
|
- "127.0.0.1:9091:9091"
|
|
# Working dir uses tmpfs for caching 'proxy-secret' at runtime.
|
|
# Config is mounted as a directory (not a single file) so the API can
|
|
# atomically update config.toml via write-temp → rename within the same FS.
|
|
working_dir: /run/telemt
|
|
command: ["/etc/telemt/config.toml"]
|
|
volumes:
|
|
- ./config:/etc/telemt:rw
|
|
tmpfs:
|
|
- /run/telemt:rw,mode=1777,size=4m
|
|
environment:
|
|
- RUST_LOG=info
|
|
healthcheck:
|
|
test: [ "CMD", "/app/telemt", "healthcheck", "/etc/telemt/config.toml", "--mode", "liveness" ]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 20s
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- NET_BIND_SERVICE
|
|
read_only: true
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
ulimits:
|
|
nofile:
|
|
soft: 65536
|
|
hard: 262144 |