docker-compose.yml

#
# MPContainer compose - main options
#
version: '3.7'
services:

  # ------ haproxy ------
  frontend:
    container_name: haproxy
    restart: on-failure:5
    deploy:
      mode: global
      replicas: 1
      resources:
        limits:
          memory: 100M
        reservations:
          memory: 20M
    security_opt:
      - no-new-privileges
    cap_drop:
      - setfcap
      - net_bind_service
      - dac_override
      - net_raw
    cap_add:
      - chown
      - dac_override
      - setgid
      - setuid
    ports:
      - "3000:3000"
    networks:
      - webpubnet
      - webfrontnet
      - webfrontmpd
    depends_on:
      - backendweb
      - mpcpyapp
    labels:
      kompose.service.type: LoadBalancer

  # ------ web ------
  backendweb:
    container_name: backendweb
    restart: on-failure:5
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: 50M
        reservations:
          memory: 20M
    security_opt:
      - no-new-privileges
    expose:
      - "8880"
    networks:
      - webfrontnet

  # ------ MPD ------
  backendmpd:
    container_name: backendmpd
    restart: on-failure:5
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: 100M
        reservations:
            memory: 20M
    volumes:
      - ./music/db:/music:ro
    security_opt:
      - no-new-privileges
    cap_drop:
      - net_bind_service
      - chown
      - mknod
      - dac_override
    expose:
      - "6600"
      - "3123"
    networks:
      - webfrontmpd
      - mpdadmin

  # ------ shell ------
  adminmmpd:
    container_name: adminshell
    restart: on-failure:5
    security_opt:
      - no-new-privileges
    cap_drop:
      - fsetid
      - setgid
      - mknod
      - net_bind_service
      - dac_override
    expose:
      - "7681"
    networks:
      - webfrontnet
      - mpdadmin
    depends_on:
      - backendmpd

  # ------ pyapp ------
  mpcpyapp:
    container_name: mpcpyapp
    restart: on-failure:5
    security_opt:
      - no-new-privileges
    cap_drop:
      - net_bind_service
      - chown
      - dac_override
      - fsetid
      - setgid
    expose:
      - "8888"
    networks:
      - webfrontnet
      - mpdadmin
    depends_on:
      - backendmpd

networks:
  webpubnet:
    internal: false
    driver: bridge
  webfrontnet:
    internal: true
    driver: bridge
  webfrontmpd:
    internal: true
    driver: bridge
  mpdadmin:
    internal: true
    driver: bridge