Increase security

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
Bensuperpc 2024-09-14 09:44:20 +02:00
parent e5d8ced52d
commit ca42926acc

View File

@ -1,17 +1,19 @@
services: services:
main_infrastructure: main_infrastructure:
container_name: main_infrastructure container_name: main_infrastructure
image: debian:latest image: alpine:latest
profiles: profiles:
- main_infrastructure - main_infrastructure
user: "root"
group_add:
- '${PUID:-1000}'
volumes: volumes:
- public_data:/public - public_data:/public
- private_data:/private - private_data:/private
networks: read_only: true
- infra-network security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
# Fix root permissions on mounted volumes # Fix root permissions on mounted volumes
command: chown -R ${PUID:-1000}:${PGID:-1000} /public /private command: chown -R ${PUID:-1000}:${PGID:-1000} /public /private