- hosts: [some-host]
  become: true
  vars:
    or_port: 42218 # random
    pt_port: 51804 # random
    contact_info: admin@optional.com
  tasks:
  - docker_container:
      name: tor_obfs4_bridge
      # TODO replace tag with fingerprint
      image: fphammerle/tor-obfs4-bridge:1.0.0-tor0.4.3.5-obfs4proxy0.0.11-amd64
      env:
        OR_PORT: '{{ or_port }}'
        PT_PORT: '{{ pt_port }}'
        CONTACT_INFO: '{{ contact_info }}'
      volumes:
      - tor_obfs4_bridge:/var/lib/tor
      mounts:
      - type: tmpfs
        target: /tmp # torrc
        # nosuid,nodev,noexec added by default
        tmpfs_mode: '1777'
        tmpfs_size: 4k
      read_only: yes
      ports:
      - '{{ or_port }}:{{ or_port }}'
      - '{{ pt_port }}:{{ pt_port }}'
      memory: 256M
      restart_policy: unless-stopped