services:
  cloudflare-ddns:
    image: favonia/cloudflare-ddns:latest
    container_name: cloudflare-ddns
    network_mode: host # This bypasses network isolation and makes IPv6 easier (optional; see below)
    restart: unless-stopped
    user: "${UID:-1000}:${GID:-1000}" # Run the updater with specific user and group IDs (in that order).
    read_only: true # Make the container filesystem read-only (optional but recommended)
    cap_drop: [all] # Drop all Linux capabilities (optional but recommended)
    security_opt: [no-new-privileges:true] # Another protection to restrict superuser privileges (optional but recommended)
    environment:
      CLOUDFLARE_API_TOKEN: "${CLOUDFLARE_API_TOKEN:?}"
      DOMAINS: "${DOMAINS:?}"
      PROXIED: "${PROXIED:-false}"
      IP6_PROVIDER: "${IP6_PROVIDER:-none}"