Bensuperpc/infrastructure
1
0
Fork 0
mirror of https://github.com/bensuperpc/infrastructure.git synced 2024-12-22 08:44:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update backup and improve security

Browse Source 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
Bensuperpc 2024-09-20 00:44:57 +02:00
parent 9c9938bc55
commit e0ce9cf191
3 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
infrastructure/caddy/docker-compose.caddy.yml
View File

@ -21,13 +21,8 @@ services:
- infra-network - infra-network
env_file: env_file:
- ./caddy/env/caddy.env - ./caddy/env/caddy.env
#read_only: true
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
#cap_drop:
# - ALL
cap_add:
- NET_ADMIN
healthcheck: healthcheck:
test: pidof caddy || exit 1 test: pidof caddy || exit 1
interval: 120s interval: 120s
@ -47,10 +42,10 @@ services:
volumes: volumes:
- caddy_backup:/mnt/restic - caddy_backup:/mnt/restic
- caddy_data:/data:ro - caddy_data:/data:ro
networks: network_mode: none
- infra-network cap_drop:
security_opt: - NET_ADMIN
- no-new-privileges:true - NET_RAW
volumes: volumes:
caddy_data: caddy_data:

9
infrastructure/main/docker-compose.main.yml
View File

@ -5,9 +5,8 @@ services:
profiles: profiles:
- main_infrastructure - main_infrastructure
volumes: volumes:
- infrastructure_server_chown:/infrastructure_server:rw - public_data:/public:rw
- public_data:/infrastructure_server/public:rw - private_data:/private:rw
- private_data:/infrastructure_server/private:rw
read_only: true read_only: true
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
@ -17,11 +16,9 @@ services:
- CHOWN - CHOWN
- DAC_OVERRIDE - DAC_OVERRIDE
# Fix root permissions on mounted volumes # Fix root permissions on mounted volumes
command: chown -R ${PUID:-1000}:${PGID:-1000} /infrastructure_server command: chown -R ${PUID:-1000}:${PGID:-1000} /public /privates
volumes: volumes:
infrastructure_server_chown:
name: infrastructure_server_chown
public_data: public_data:
name: public_data name: public_data
private_data: private_data:

8
infrastructure/wordpress/docker-compose.wordpress.yml
View File

@ -53,10 +53,10 @@ services:
- wordpress_backup:/mnt/restic - wordpress_backup:/mnt/restic
- wordpress_db:/data/wordpress_db:ro - wordpress_db:/data/wordpress_db:ro
- wordpress:/data/wordpress:ro - wordpress:/data/wordpress:ro
networks: network_mode: none
- infra-network cap_drop:
security_opt: - NET_ADMIN
- no-new-privileges:true - NET_RAW
volumes: volumes:
wordpress_db: wordpress_db: