services:
  cgit:
    image: lionheart1810/cgithub:latest
    container_name: cgit
    restart: always
    tmpfs:
      - /tmp:size=10%,mode=1777,rw,noatime,noexec,nosuid,nodev
    ports:
      - 127.0.0.1:8081:80
    security_opt:
      - no-new-privileges:true
    volumes:
      - "/var/git:/var/git:ro"
      - "/var/cgit/cgitrc:/etc/cgitrc:ro"