services: ghostfolio: image: docker.io/ghostfolio/ghostfolio:latest init: true read_only: true cap_drop: - ALL security_opt: - no-new-privileges:true env_file: - ../.env environment: DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer REDIS_HOST: redis REDIS_PASSWORD: ${REDIS_PASSWORD} ports: - 3333:3333 depends_on: postgres: condition: service_healthy redis: condition: service_healthy healthcheck: test: ['CMD-SHELL', 'curl -f http://localhost:3333/api/v1/health'] interval: 10s timeout: 5s retries: 5 postgres: image: docker.io/library/postgres:15 cap_drop: - ALL cap_add: - CHOWN - DAC_READ_SEARCH - FOWNER - SETGID - SETUID security_opt: - no-new-privileges:true env_file: - ../.env healthcheck: test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}'] interval: 10s timeout: 5s retries: 5 volumes: - postgres:/var/lib/postgresql/data redis: image: docker.io/library/redis:alpine user: '999:1000' cap_drop: - ALL security_opt: - no-new-privileges:true env_file: - ../.env command: ['redis-server', '--requirepass', $REDIS_PASSWORD] healthcheck: test: ['CMD-SHELL', 'redis-cli --pass $REDIS_PASSWORD ping | grep PONG'] interval: 10s timeout: 5s retries: 5 volumes: postgres: