name: servnest services: alpine: pull_policy: build image: a.invalid/servnest/alpine build: args: SYS: $SYS ALPINE_MIRROR: $ALPINE_MIRROR ALPINE_MAJOR: $ALPINE_MAJOR dockerfile: alpine.Containerfile cpus: '0.5' mem_limit: 16mb security_opt: - no-new-privileges:true cap_drop: - ALL read_only: true restart: "always" base: # Reset "args" to avoid unused arg warning extends: service: alpine build: args: {} php: # used by core and cronie image: a.invalid/servnest/php extends: service: base build: args: PHP_VERSION: $PHP_VERSION dockerfile: php.Containerfile group_add: - knot - root # For tor control socket volumes: - ./core/:/srv/servnest/core/:ro - ./core/db/:/srv/servnest/core/db/:rw - ./conf/php.ini:/etc/php$PHP_VERSION/conf.d/servnest.ini:ro - ./conf/php-fpm.conf:/etc/php$PHP_VERSION/php-fpm.d/servnest.conf:ro - ./conf/sudoers:/etc/sudoers.d/servnest:ro - ./conf/certbot.ini:/etc/letsencrypt/servnest.ini:ro - ./conf/certbot-dns.ini:/etc/letsencrypt/servnest-dns.ini:ro - ./conf/certbot-deploy-hook.sh:/root/certbot-deploy-hook.sh:ro - ./conf/certbot-dns-challenge-hook.sh:/root/certbot-dns-challenge-hook.sh:ro - ./conf/certbot-dns-cleanup-hook.sh:/root/certbot-dns-cleanup-hook.sh:ro - ./data/reg/:/srv/servnest/reg/:rw - ./data/ns/:/srv/servnest/ns/:rw - ./data/ht/fs/:/srv/servnest/ht/fs/:rw - ./data/ht/uri/:/srv/servnest/ht/uri/:rw - ./data/tor-config/:/srv/servnest/tor-config/:rw - ./data/tor-keys/:/srv/servnest/tor-keys/:rw - ./data/certbot/:/etc/letsencrypt/:rw - ./sock/php/:/run/php-fpm/:rw - ./sock/tor-client/:/run/tor-client/:rw - ./sock/tor-control/:/run/tor-control/:rw - ./sock/knot/:/run/knot/:rw - ./sock/knot-secondary/:/run/knot-secondary/:rw - ./logs/php/:/var/log/php$PHP_VERSION/:rw - ./logs/certbot/:/var/log/letsencrypt/:rw - ./tmp/acme/:/srv/servnest/acme/:rw - ./tmp/certbot/:/var/lib/letsencrypt/:rw - ./tmp/php/:/tmp/:rw mem_limit: 256mb # For sudo security_opt: - no-new-privileges:false cap_add: - SETUID - SETGID - CHOWN