- hosts: [some-host] become: true tasks: - docker_container: name: onion_service # object c0108f3399291deb03e22c550c09c502935c7f6b # tag docker/3.0.0-tor0.4.3.5-amd64 image: docker.io/fphammerle/onion-service@sha256:4eff7f17a8d78ba4117a6dc64a120ff46cbbe7702595b37d8bafe9c8492c59df env: VIRTUAL_PORT: '80' TARGET: 1.2.3.4:8080 #NON_ANONYMOUS_SINGLE_HOP_MODE: '1' volumes: - onion_service_data:/var/lib/tor - onion_service_key:/onion-service mounts: - type: tmpfs target: /tmp # torrc # nosuid,nodev,noexec added by default tmpfs_mode: '1777' tmpfs_size: 4k read_only: yes cap_drop: [ALL] security_opts: [no-new-privileges] cpu_quota: 5000 cpu_period: 10000 memory: 128M restart_policy: unless-stopped state: started