mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-12-22 00:34:26 +01:00
Increase security
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
parent
e5d8ced52d
commit
ca42926acc
@ -1,17 +1,19 @@
|
|||||||
services:
|
services:
|
||||||
main_infrastructure:
|
main_infrastructure:
|
||||||
container_name: main_infrastructure
|
container_name: main_infrastructure
|
||||||
image: debian:latest
|
image: alpine:latest
|
||||||
profiles:
|
profiles:
|
||||||
- main_infrastructure
|
- main_infrastructure
|
||||||
user: "root"
|
|
||||||
group_add:
|
|
||||||
- '${PUID:-1000}'
|
|
||||||
volumes:
|
volumes:
|
||||||
- public_data:/public
|
- public_data:/public
|
||||||
- private_data:/private
|
- private_data:/private
|
||||||
networks:
|
read_only: true
|
||||||
- infra-network
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
# Fix root permissions on mounted volumes
|
# Fix root permissions on mounted volumes
|
||||||
command: chown -R ${PUID:-1000}:${PGID:-1000} /public /private
|
command: chown -R ${PUID:-1000}:${PGID:-1000} /public /private
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user