From 798d35be163a79c8af15a7e3df1d233a0f576431 Mon Sep 17 00:00:00 2001
From: Phil <phil@thesatelliteoflove.com>
Date: Wed, 4 Jun 2025 16:08:50 -0600
Subject: [PATCH] add Redlib Reddit frontend service with security hardening
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 roles/docker/templates/redlib-compose.yml.j2 | 24 ++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 roles/docker/templates/redlib-compose.yml.j2

diff --git a/roles/docker/templates/redlib-compose.yml.j2 b/roles/docker/templates/redlib-compose.yml.j2
new file mode 100644
index 0000000..c24ac66
--- /dev/null
+++ b/roles/docker/templates/redlib-compose.yml.j2
@@ -0,0 +1,24 @@
+services:
+  redlib:
+    image: quay.io/redlib/redlib:latest
+    restart: always
+    container_name: "redlib"
+    user: nobody
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+      # - seccomp=seccomp-redlib.json
+    cap_drop:
+      - ALL
+    env_file: .env
+    networks:
+      - redlib
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"]
+      interval: 5m
+      timeout: 3s
+
+networks:
+  default:
+    external: true
+    name: lava
\ No newline at end of file