make every container read-only
This commit is contained in:
parent
05e4dbcd63
commit
40a2fec99d
3 changed files with 5 additions and 2 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -18,3 +18,5 @@
|
|||
/apache-logs/error.log
|
||||
/letsencrypt-etc/accounts/acme-staging-v02.api.letsencrypt.org/directory/*/*.json
|
||||
/knot-sock/knot.pid
|
||||
/knot-varlib/confdb/*.mdb
|
||||
/knot-varlib/servnest.test.invalid.zone
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ no_hosts=true
|
|||
```
|
||||
|
||||
```shell
|
||||
knotc --confdb knot-varlib/confdb conf-import install/knot.conf
|
||||
wget https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-minirootfs-3.20.2-x86_64.tar.gz
|
||||
wget https://github.com/drakkan/sftpgo/archive/refs/tags/v2.6.2.tar.gz -o sftpgo-v2.6.2.tar.gz
|
||||
sha256sum -c sha256sums
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ services:
|
|||
- ./servnest/tor-keys/:/srv/servnest/tor-keys/:rw
|
||||
- ./servnest/tor-config/:/srv/servnest/tor-config/:ro
|
||||
- ./install/torrc:/etc/tor/torrc:ro
|
||||
- ./tor-varlib/:/var/lib/:rw
|
||||
mem_limit: 128m
|
||||
read_only: false
|
||||
sftpgo:
|
||||
extends:
|
||||
file: base.yaml
|
||||
|
|
@ -45,7 +45,7 @@ services:
|
|||
- ./knot-sock/:/run/knot/:rw
|
||||
- ./servnest/reg/:/srv/servnest/reg/:rw
|
||||
- ./servnest/ns/:/srv/servnest/ns/:rw
|
||||
read_only: false
|
||||
- ./knot-varlib/:/var/lib/knot/:rw
|
||||
apache:
|
||||
extends:
|
||||
file: base.yaml
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue