Bensuperpc/infrastructure
1
0
Fork 0
mirror of https://github.com/bensuperpc/infrastructure.git synced 2024-12-22 00:34:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Increase security

Browse Source 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
Bensuperpc 2024-09-14 09:44:20 +02:00
parent e5d8ced52d
commit ca42926acc
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
infrastructure/main/docker-compose.main.yml
View File

@ -1,17 +1,19 @@
services:
main_infrastructure:
container_name: main_infrastructure
image: debian:latest
image: alpine:latest
profiles:
- main_infrastructure
user: "root"
group_add:
- '${PUID:-1000}'
volumes:
- public_data:/public
- private_data:/private
networks:
- infra-network
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
# Fix root permissions on mounted volumes
command: chown -R ${PUID:-1000}:${PGID:-1000} /public /private