services:
  rancher:
    command: --acme-domain rancher.sectorq.eu
    image: ${DOCKER_REGISTRY:-}rancher/rancher:latest
    ports:
    - target: 80
      published: 7080
      protocol: tcp
      mode: ingress
    - target: 443
      published: 7443
      protocol: tcp
      mode: ingress
    privileged: true
    volumes:
    - data:/var/lib/rancher
    cap_add:
      - ALL                  # add all capabilities
    deploy:
      labels:
        wud.watch: 'true'
        wud.watch.digest: 'true'
      replicas: 1
      placement:
        constraints:
        - node.role == manager
volumes:
  data: