From ca42926accc0883b1ada59a00d24e057b0e296ff Mon Sep 17 00:00:00 2001
From: Bensuperpc <bensuperpc@gmail.com>
Date: Sat, 14 Sep 2024 09:44:20 +0200
Subject: [PATCH] Increase security

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
---
 infrastructure/main/docker-compose.main.yml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/infrastructure/main/docker-compose.main.yml b/infrastructure/main/docker-compose.main.yml
index 970c0e8..f53fd46 100644
--- a/infrastructure/main/docker-compose.main.yml
+++ b/infrastructure/main/docker-compose.main.yml
@@ -1,17 +1,19 @@
 services:
   main_infrastructure:
     container_name: main_infrastructure
-    image: debian:latest
+    image: alpine:latest
     profiles:
       - main_infrastructure
-    user: "root"
-    group_add:
-      - '${PUID:-1000}'
     volumes:
       - public_data:/public
       - private_data:/private
-    networks:
-      - infra-network
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
     # Fix root permissions on mounted volumes
     command: chown -R ${PUID:-1000}:${PGID:-1000} /public /private