72 lines
2.2 KiB
YAML
72 lines
2.2 KiB
YAML
name: servnest
|
|
services:
|
|
alpine:
|
|
pull_policy: build
|
|
image: a.invalid/servnest/alpine
|
|
build:
|
|
args:
|
|
SYS: $SYS
|
|
ALPINE_MIRROR: $ALPINE_MIRROR
|
|
ALPINE_MAJOR: $ALPINE_MAJOR
|
|
dockerfile: alpine.Containerfile
|
|
cpus: '0.5'
|
|
mem_limit: 16mb
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
read_only: true
|
|
restart: "always"
|
|
base: # Reset "args" to avoid unused arg warning
|
|
extends:
|
|
service: alpine
|
|
build:
|
|
args: {}
|
|
php: # used by core and cronie
|
|
image: a.invalid/servnest/php
|
|
extends:
|
|
service: base
|
|
build:
|
|
args:
|
|
PHP_VERSION: $PHP_VERSION
|
|
dockerfile: php.Containerfile
|
|
group_add:
|
|
- knot
|
|
- root # For tor control socket
|
|
links:
|
|
- nginx:servnest.test
|
|
- nginx:ht.servnest.test
|
|
- sftpgo:sftp.servnest.test
|
|
volumes:
|
|
- ./core/:/srv/servnest/core/:ro
|
|
- ./core/db/:/srv/servnest/core/db/:rw
|
|
- ./conf/php.ini:/etc/php$PHP_VERSION/conf.d/servnest.ini:ro
|
|
- ./conf/php-fpm.conf:/etc/php$PHP_VERSION/php-fpm.d/servnest.conf:ro
|
|
- ./conf/sudoers:/etc/sudoers.d/servnest:ro
|
|
- ./conf/certbot.ini:/etc/letsencrypt/servnest.ini:ro
|
|
- ./conf/certbot-deploy-hook.sh:/root/certbot-deploy-hook.sh:ro
|
|
- ./data/reg/:/srv/servnest/reg/:rw
|
|
- ./data/ns/:/srv/servnest/ns/:rw
|
|
- ./data/ht/fs/:/srv/servnest/ht/fs/:rw
|
|
- ./data/ht/uri/:/srv/servnest/ht/uri/:rw
|
|
- ./data/tor-config/:/srv/servnest/tor-config/:rw
|
|
- ./data/tor-keys/:/srv/servnest/tor-keys/:rw
|
|
- ./data/certbot/:/etc/letsencrypt/:rw
|
|
- ./sock/php/:/run/php-fpm/:rw
|
|
- ./sock/tor-client/:/run/tor-client/:rw
|
|
- ./sock/tor-control/:/run/tor-control/:rw
|
|
- ./sock/knot/:/run/knot/:rw
|
|
- ./sock/knot-secondary/:/run/knot-secondary/:rw
|
|
- ./logs/php/:/var/log/php$PHP_VERSION/:rw
|
|
- ./logs/certbot/:/var/log/letsencrypt/:rw
|
|
- ./tmp/acme/:/srv/servnest/acme/:rw
|
|
- ./tmp/certbot/:/var/lib/letsencrypt/:rw
|
|
- ./tmp/php/:/tmp/:rw
|
|
mem_limit: 256mb
|
|
# For sudo
|
|
security_opt:
|
|
- no-new-privileges:false
|
|
cap_add:
|
|
- SETUID
|
|
- SETGID
|
|
- CHOWN
|