services:
  webfinger:
    image: nginx:stable-alpine3.23
    container_name: webfinger
    restart: unless-stopped
    read_only: true
    tmpfs:
      - /var/cache/nginx
      - /var/run
      - /tmp
    security_opt:
      - no-new-privileges:true
    networks:
      - homelab_apps
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=homelab_apps"
      - "traefik.http.routers.webfinger.rule=Host(`tailscale.ulfrx.dev`)"
      - "traefik.http.routers.webfinger.entrypoints=websecure"
      - "traefik.http.routers.webfinger.tls=true"
      - "traefik.http.routers.webfinger.tls.certresolver=le"
      - "traefik.http.routers.webfinger.priority=1000"
      - "traefik.http.services.webfinger.loadbalancer.server.port=8080"

networks:
  homelab_apps:
    external: true