mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-12-22 00:34:26 +01:00
Update backup and improve security
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
parent
9c9938bc55
commit
e0ce9cf191
@ -21,13 +21,8 @@ services:
|
||||
- infra-network
|
||||
env_file:
|
||||
- ./caddy/env/caddy.env
|
||||
#read_only: true
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
#cap_drop:
|
||||
# - ALL
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
healthcheck:
|
||||
test: pidof caddy || exit 1
|
||||
interval: 120s
|
||||
@ -47,10 +42,10 @@ services:
|
||||
volumes:
|
||||
- caddy_backup:/mnt/restic
|
||||
- caddy_data:/data:ro
|
||||
networks:
|
||||
- infra-network
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
network_mode: none
|
||||
cap_drop:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
|
||||
volumes:
|
||||
caddy_data:
|
||||
|
@ -5,9 +5,8 @@ services:
|
||||
profiles:
|
||||
- main_infrastructure
|
||||
volumes:
|
||||
- infrastructure_server_chown:/infrastructure_server:rw
|
||||
- public_data:/infrastructure_server/public:rw
|
||||
- private_data:/infrastructure_server/private:rw
|
||||
- public_data:/public:rw
|
||||
- private_data:/private:rw
|
||||
read_only: true
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
@ -17,11 +16,9 @@ services:
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
# Fix root permissions on mounted volumes
|
||||
command: chown -R ${PUID:-1000}:${PGID:-1000} /infrastructure_server
|
||||
command: chown -R ${PUID:-1000}:${PGID:-1000} /public /privates
|
||||
|
||||
volumes:
|
||||
infrastructure_server_chown:
|
||||
name: infrastructure_server_chown
|
||||
public_data:
|
||||
name: public_data
|
||||
private_data:
|
||||
@ -30,4 +27,4 @@ volumes:
|
||||
networks:
|
||||
infra-network:
|
||||
driver: bridge
|
||||
name: infra-network
|
||||
name: infra-network
|
||||
|
@ -53,10 +53,10 @@ services:
|
||||
- wordpress_backup:/mnt/restic
|
||||
- wordpress_db:/data/wordpress_db:ro
|
||||
- wordpress:/data/wordpress:ro
|
||||
networks:
|
||||
- infra-network
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
network_mode: none
|
||||
cap_drop:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
|
||||
volumes:
|
||||
wordpress_db:
|
||||
|
Loading…
Reference in New Issue
Block a user