Update backup and improve security

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
Bensuperpc 2024-09-20 00:44:57 +02:00
parent 9c9938bc55
commit e0ce9cf191
3 changed files with 12 additions and 20 deletions

View File

@ -21,13 +21,8 @@ services:
- infra-network
env_file:
- ./caddy/env/caddy.env
#read_only: true
security_opt:
- no-new-privileges:true
#cap_drop:
# - ALL
cap_add:
- NET_ADMIN
healthcheck:
test: pidof caddy || exit 1
interval: 120s
@ -47,10 +42,10 @@ services:
volumes:
- caddy_backup:/mnt/restic
- caddy_data:/data:ro
networks:
- infra-network
security_opt:
- no-new-privileges:true
network_mode: none
cap_drop:
- NET_ADMIN
- NET_RAW
volumes:
caddy_data:

View File

@ -5,9 +5,8 @@ services:
profiles:
- main_infrastructure
volumes:
- infrastructure_server_chown:/infrastructure_server:rw
- public_data:/infrastructure_server/public:rw
- private_data:/infrastructure_server/private:rw
- public_data:/public:rw
- private_data:/private:rw
read_only: true
security_opt:
- no-new-privileges:true
@ -17,11 +16,9 @@ services:
- CHOWN
- DAC_OVERRIDE
# Fix root permissions on mounted volumes
command: chown -R ${PUID:-1000}:${PGID:-1000} /infrastructure_server
command: chown -R ${PUID:-1000}:${PGID:-1000} /public /privates
volumes:
infrastructure_server_chown:
name: infrastructure_server_chown
public_data:
name: public_data
private_data:
@ -30,4 +27,4 @@ volumes:
networks:
infra-network:
driver: bridge
name: infra-network
name: infra-network

View File

@ -53,10 +53,10 @@ services:
- wordpress_backup:/mnt/restic
- wordpress_db:/data/wordpress_db:ro
- wordpress:/data/wordpress:ro
networks:
- infra-network
security_opt:
- no-new-privileges:true
network_mode: none
cap_drop:
- NET_ADMIN
- NET_RAW
volumes:
wordpress_db: