2026-02-13 21:06:06 +03:00
|
|
|
services:
|
|
|
|
|
telemt:
|
2026-02-27 01:53:22 +03:00
|
|
|
image: ghcr.io/telemt/telemt:latest
|
2026-04-17 19:06:18 +03:00
|
|
|
build:
|
|
|
|
|
context: .
|
|
|
|
|
target: prod
|
2026-02-13 21:06:06 +03:00
|
|
|
container_name: telemt
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
ports:
|
|
|
|
|
- "443:443"
|
2026-03-03 17:18:19 +03:00
|
|
|
- "127.0.0.1:9090:9090"
|
2026-03-19 15:54:01 +03:00
|
|
|
- "127.0.0.1:9091:9091"
|
2026-05-11 20:50:31 +00:00
|
|
|
# Working dir uses tmpfs for caching 'proxy-secret' at runtime.
|
|
|
|
|
# Config is mounted as a directory (not a single file) so the API can
|
|
|
|
|
# atomically update config.toml via write-temp → rename within the same FS.
|
|
|
|
|
working_dir: /run/telemt
|
|
|
|
|
command: ["/etc/telemt/config.toml"]
|
2026-02-13 21:06:06 +03:00
|
|
|
volumes:
|
2026-05-11 20:50:31 +00:00
|
|
|
- ./config:/etc/telemt:rw
|
2026-02-16 02:03:11 +03:00
|
|
|
tmpfs:
|
2026-05-11 20:50:31 +00:00
|
|
|
- /run/telemt:rw,mode=1777,size=4m
|
2026-02-13 21:06:06 +03:00
|
|
|
environment:
|
|
|
|
|
- RUST_LOG=info
|
2026-04-17 16:36:15 +03:00
|
|
|
healthcheck:
|
|
|
|
|
test: [ "CMD", "/app/telemt", "healthcheck", "/etc/telemt/config.toml", "--mode", "liveness" ]
|
|
|
|
|
interval: 30s
|
|
|
|
|
timeout: 5s
|
|
|
|
|
retries: 3
|
|
|
|
|
start_period: 20s
|
2026-02-13 21:06:06 +03:00
|
|
|
cap_drop:
|
|
|
|
|
- ALL
|
|
|
|
|
cap_add:
|
2026-04-09 12:55:38 +03:00
|
|
|
- NET_BIND_SERVICE
|
2026-02-13 21:06:06 +03:00
|
|
|
read_only: true
|
|
|
|
|
security_opt:
|
2026-02-14 01:55:33 +03:00
|
|
|
- no-new-privileges:true
|
|
|
|
|
ulimits:
|
|
|
|
|
nofile:
|
|
|
|
|
soft: 65536
|
2026-04-09 12:55:38 +03:00
|
|
|
hard: 262144
|
2026-05-26 20:43:26 +03:00
|
|
|
logging:
|
|
|
|
|
driver: json-file
|
|
|
|
|
options:
|
|
|
|
|
max-size: "50m"
|
|
|
|
|
max-file: "5"
|
