servnest-containers/base.yaml

72 lines
2.2 KiB
YAML

name: servnest
services:
alpine:
pull_policy: build
image: a.invalid/servnest/alpine
build:
args:
SYS: $SYS
ALPINE_MIRROR: $ALPINE_MIRROR
ALPINE_MAJOR: $ALPINE_MAJOR
dockerfile: alpine.Containerfile
cpus: '0.5'
mem_limit: 16mb
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
read_only: true
restart: "always"
base: # Reset "args" to avoid unused arg warning
extends:
service: alpine
build:
args: {}
php: # used by core and cronie
image: a.invalid/servnest/php
extends:
service: base
build:
args:
PHP_VERSION: $PHP_VERSION
dockerfile: php.Containerfile
group_add:
- knot
- root # For tor control socket
links:
- nginx:servnest.test
- nginx:ht.servnest.test
- sftpgo:sftp.servnest.test
volumes:
- ./core/:/srv/servnest/core/:ro
- ./core/db/:/srv/servnest/core/db/:rw
- ./conf/php.ini:/etc/php$PHP_VERSION/conf.d/servnest.ini:ro
- ./conf/php-fpm.conf:/etc/php$PHP_VERSION/php-fpm.d/servnest.conf:ro
- ./conf/sudoers:/etc/sudoers.d/servnest:ro
- ./conf/certbot.ini:/etc/letsencrypt/servnest.ini:ro
- ./conf/certbot-deploy-hook.sh:/root/certbot-deploy-hook.sh:ro
- ./data/reg/:/srv/servnest/reg/:rw
- ./data/ns/:/srv/servnest/ns/:rw
- ./data/ht/fs/:/srv/servnest/ht/fs/:rw
- ./data/ht/uri/:/srv/servnest/ht/uri/:rw
- ./data/tor-config/:/srv/servnest/tor-config/:rw
- ./data/tor-keys/:/srv/servnest/tor-keys/:rw
- ./data/certbot/:/etc/letsencrypt/:rw
- ./sock/php/:/run/php-fpm/:rw
- ./sock/tor-client/:/run/tor-client/:rw
- ./sock/tor-control/:/run/tor-control/:rw
- ./sock/knot/:/run/knot/:rw
- ./sock/knot-secondary/:/run/knot-secondary/:rw
- ./logs/php/:/var/log/php$PHP_VERSION/:rw
- ./logs/certbot/:/var/log/letsencrypt/:rw
- ./tmp/acme/:/srv/servnest/acme/:rw
- ./tmp/certbot/:/var/lib/letsencrypt/:rw
- ./tmp/php/:/tmp/:rw
mem_limit: 256mb
# For sudo
security_opt:
- no-new-privileges:false
cap_add:
- SETUID
- SETGID
- CHOWN