services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: always
    security_opt:
      - no-new-privileges:true
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    ports:
      - "${PORTAINER_PORT:?}:9000"
      - "8000:8000"
    command: -H unix:///var/run/docker.sock

volumes:
  portainer_data: