mirror of
https://github.com/bensuperpc/infrastructure.git
synced 2024-12-22 16:54:26 +01:00
Update backup and improve security
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
This commit is contained in:
parent
9c9938bc55
commit
e0ce9cf191
@ -21,13 +21,8 @@ services:
|
|||||||
- infra-network
|
- infra-network
|
||||||
env_file:
|
env_file:
|
||||||
- ./caddy/env/caddy.env
|
- ./caddy/env/caddy.env
|
||||||
#read_only: true
|
|
||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
#cap_drop:
|
|
||||||
# - ALL
|
|
||||||
cap_add:
|
|
||||||
- NET_ADMIN
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: pidof caddy || exit 1
|
test: pidof caddy || exit 1
|
||||||
interval: 120s
|
interval: 120s
|
||||||
@ -47,10 +42,10 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- caddy_backup:/mnt/restic
|
- caddy_backup:/mnt/restic
|
||||||
- caddy_data:/data:ro
|
- caddy_data:/data:ro
|
||||||
networks:
|
network_mode: none
|
||||||
- infra-network
|
cap_drop:
|
||||||
security_opt:
|
- NET_ADMIN
|
||||||
- no-new-privileges:true
|
- NET_RAW
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
caddy_data:
|
caddy_data:
|
||||||
|
@ -5,9 +5,8 @@ services:
|
|||||||
profiles:
|
profiles:
|
||||||
- main_infrastructure
|
- main_infrastructure
|
||||||
volumes:
|
volumes:
|
||||||
- infrastructure_server_chown:/infrastructure_server:rw
|
- public_data:/public:rw
|
||||||
- public_data:/infrastructure_server/public:rw
|
- private_data:/private:rw
|
||||||
- private_data:/infrastructure_server/private:rw
|
|
||||||
read_only: true
|
read_only: true
|
||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
@ -17,11 +16,9 @@ services:
|
|||||||
- CHOWN
|
- CHOWN
|
||||||
- DAC_OVERRIDE
|
- DAC_OVERRIDE
|
||||||
# Fix root permissions on mounted volumes
|
# Fix root permissions on mounted volumes
|
||||||
command: chown -R ${PUID:-1000}:${PGID:-1000} /infrastructure_server
|
command: chown -R ${PUID:-1000}:${PGID:-1000} /public /privates
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
infrastructure_server_chown:
|
|
||||||
name: infrastructure_server_chown
|
|
||||||
public_data:
|
public_data:
|
||||||
name: public_data
|
name: public_data
|
||||||
private_data:
|
private_data:
|
||||||
|
@ -53,10 +53,10 @@ services:
|
|||||||
- wordpress_backup:/mnt/restic
|
- wordpress_backup:/mnt/restic
|
||||||
- wordpress_db:/data/wordpress_db:ro
|
- wordpress_db:/data/wordpress_db:ro
|
||||||
- wordpress:/data/wordpress:ro
|
- wordpress:/data/wordpress:ro
|
||||||
networks:
|
network_mode: none
|
||||||
- infra-network
|
cap_drop:
|
||||||
security_opt:
|
- NET_ADMIN
|
||||||
- no-new-privileges:true
|
- NET_RAW
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
wordpress_db:
|
wordpress_db:
|
||||||
|
Loading…
Reference in New Issue
Block a user