- hosts: [some-host]
  become: true
  vars:
    or_port: 42218 # random
    pt_port: 51804 # random
    contact_info: admin@optional.com
  tasks:
  - docker_container:
      name: tor_obfs4_bridge
      # object 4b36399ceca223c76549c08dd482de4ef6b8e3a0
      # tag docker/1.0.0-tor0.4.3.5-obfs4proxy0.0.11-amd64
      image: docker.io/fphammerle/tor-obfs4-bridge@sha256:88224efd53e6aa7a357a683537321e788bca3387ccff743075c00a225a1273de
      env:
        OR_PORT: '{{ or_port }}'
        PT_PORT: '{{ pt_port }}'
        CONTACT_INFO: '{{ contact_info }}'
      volumes:
      - tor_obfs4_bridge_data:/var/lib/tor
      mounts:
      - type: tmpfs
        target: /tmp # torrc
        # nosuid,nodev,noexec added by default
        tmpfs_mode: '1777'
        tmpfs_size: 4k
      read_only: yes
      ports:
      - '{{ or_port }}:{{ or_port }}'
      - '{{ pt_port }}:{{ pt_port }}'
      cap_drop: [ALL]
      security_opts: [no-new-privileges]
      memory: 256M
      restart_policy: unless-stopped