docker-home-server/docker-compose/ghostfolio/docker-compose.yml

name: ghostfolio
services:
  ghostfolio:
    image: docker.io/ghostfolio/ghostfolio:latest
    container_name: ghostfolio
    restart: unless-stopped
    init: true
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    env_file: # using portainer and this is how I pass env vars within portainer
      - stack.env
    ports:
      - 3333:3333
    depends_on:
      # postgres:
      #   condition: service_healthy
      redis:
        condition: service_healthy
    healthcheck:
      test: ['CMD-SHELL', 'curl -f http://localhost:3333/api/v1/health']
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - homelab
      - ghostfolio_net
  # Running separate compose container, 1 postgres for all apps
  # postgres:
  #   image: docker.io/library/postgres:15-alpine
  #   container_name: gf-postgres
  #   restart: unless-stopped
  #   cap_drop:
  #     - ALL
  #   cap_add:
  #     - CHOWN
  #     - DAC_READ_SEARCH
  #     - FOWNER
  #     - SETGID
  #     - SETUID
  #   security_opt:
  #     - no-new-privileges:true
  #   env_file:
  #     - ../.env
  #   healthcheck:
  #     test:
  #       ['CMD-SHELL', 'pg_isready -d "$${POSTGRES_DB}" -U $${POSTGRES_USER}']
  #     interval: 10s
  #     timeout: 5s
  #     retries: 5
  #   volumes:
  #     - postgres:/var/lib/postgresql/data

  redis:
    image: docker.io/library/redis:alpine
    container_name: gf-redis
    restart: unless-stopped
    user: '999:1000'
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    env_file:
      - stack.env
    command:
      - /bin/sh
      - -c
      - redis-server --requirepass "$${REDIS_PASSWORD:?REDIS_PASSWORD variable is not set}"
    healthcheck:
      test:
        ['CMD-SHELL', 'redis-cli --pass "$${REDIS_PASSWORD}" ping | grep PONG']
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - ghostfolio_net

networks:    # I don't know why but you have to specify the network 2x. In service, and in this tag area..
  homelab:            # Sub-section, any network name or 'default' to edit default one created
    external: true      # This option causes compose to join the above network instead of making a _default one
  ghostfolio_net:
    external: false