version: '2.2' volumes: config: services: mqtt_client: build: . image: fphammerle/systemctl-mqtt volumes: - config:/etc/systemctl-mqtt:ro - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw command: systemctl-mqtt --mqtt-host mqtt-broker.local --mqtt-username raspberrypi --mqtt-password-file /etc/systemctl-mqtt/mqtt-password hostname: raspberrypi network_mode: host # TODO verify if required userns_mode: host # prefering explicit user specification over "USER 0" in Dockerfile # to avoid accidental container startup without # secure apparmor profile and dropped capabilities user: '0' read_only: true cap_drop: [all] security_opt: - no-new-privileges # $ sudo apparmor_parser --replace ./apparmor-profile - apparmor=systemctl-mqtt # docker-compose >=2.2,<3 cpus: 0.4 mem_limit: 32M # https://docs.docker.com/compose/compose-file/compose-file-v2/