diff --git a/docker-compose/act-runner/docker-compose.yml.j2 b/docker-compose/act-runner/docker-compose.yml.j2 index 6296d5d1..f84d4e1e 100644 --- a/docker-compose/act-runner/docker-compose.yml.j2 +++ b/docker-compose/act-runner/docker-compose.yml.j2 @@ -6,8 +6,8 @@ services: image: gitea/act_runner:0.2.11 restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true volumes: - act_runner_data:/data - ./config.yml:/config.yml diff --git a/docker-compose/authelia/docker-compose.yml.j2 b/docker-compose/authelia/docker-compose.yml.j2 index 24d35fdf..815c57f8 100644 --- a/docker-compose/authelia/docker-compose.yml.j2 +++ b/docker-compose/authelia/docker-compose.yml.j2 @@ -7,8 +7,8 @@ services: container_name: authelia restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true environment: TZ: Europe/Berlin volumes: @@ -44,8 +44,8 @@ security_opt: container_name: authelia-redis restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true environment: TZ: Europe/Berlin networks: @@ -63,8 +63,8 @@ security_opt: command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro diff --git a/docker-compose/gramps/docker-compose.yml.j2 b/docker-compose/gramps/docker-compose.yml.j2 index 44e5b0ab..b7dfc359 100644 --- a/docker-compose/gramps/docker-compose.yml.j2 +++ b/docker-compose/gramps/docker-compose.yml.j2 @@ -5,8 +5,8 @@ services: image: ghcr.io/gramps-project/grampsweb:v24.12.2 # version restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true ports: - "6483:5000" # host:docker environment: @@ -49,8 +49,8 @@ security_opt: container_name: grampsweb-redis restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 30s diff --git a/docker-compose/lldap/docker-compose.yml.j2 b/docker-compose/lldap/docker-compose.yml.j2 index ac76394f..d6d6dc52 100644 --- a/docker-compose/lldap/docker-compose.yml.j2 +++ b/docker-compose/lldap/docker-compose.yml.j2 @@ -4,8 +4,8 @@ services: container_name: lldap restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true ports: - "3890:3890" - "17170:17170" # front-end @@ -27,8 +27,8 @@ security_opt: image: "postgres:17.2" restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true environment: POSTGRES_USER: lldap POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}" diff --git a/docker-compose/miniflux/docker-compose.yml.j2 b/docker-compose/miniflux/docker-compose.yml.j2 index 53360fe4..dba10621 100644 --- a/docker-compose/miniflux/docker-compose.yml.j2 +++ b/docker-compose/miniflux/docker-compose.yml.j2 @@ -5,8 +5,8 @@ services: image: "ghcr.io/miniflux/miniflux:2.2.4" restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true depends_on: - mf-db17 environment: @@ -39,8 +39,8 @@ security_opt: image: "postgres:17.2" restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true environment: POSTGRES_USER: miniflux POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_postgres_password', 'password') }}" @@ -62,8 +62,8 @@ security_opt: - miniflux restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true environment: TZ: Europe/Berlin MF_AUTH_TOKEN: "{{ lookup('viczem.keepass.keepass', 'miniflux/miniflux_auth_token', 'password') }}" diff --git a/docker-compose/navidrome/docker-compose.yml.j2 b/docker-compose/navidrome/docker-compose.yml.j2 index 2f5887b1..d4b3f115 100644 --- a/docker-compose/navidrome/docker-compose.yml.j2 +++ b/docker-compose/navidrome/docker-compose.yml.j2 @@ -5,8 +5,8 @@ services: image: "deluan/navidrome:0.54.3" restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true environment: ND_AUTOIMPORTPLAYLISTS: true ND_BASEURL: /mg diff --git a/docker-compose/nextcloud/docker-compose.yml.j2 b/docker-compose/nextcloud/docker-compose.yml.j2 index ef9a76ef..48749c9d 100644 --- a/docker-compose/nextcloud/docker-compose.yml.j2 +++ b/docker-compose/nextcloud/docker-compose.yml.j2 @@ -6,8 +6,8 @@ services: command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro @@ -41,8 +41,8 @@ security_opt: - internal restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}" healthcheck: test: ["CMD", "redis-cli", "--pass", "{{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}", "--no-auth-warning", "ping"] @@ -56,8 +56,8 @@ security_opt: image: "registry.mgrote.net/nextcloud-cronjob:latest" restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true network_mode: none volumes: - /var/run/docker.sock:/var/run/docker.sock:ro @@ -72,8 +72,8 @@ security_opt: container_name: nextcloud-app restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true depends_on: - nextcloud-db - nextcloud-redis diff --git a/docker-compose/postfix/docker-compose.yml.j2 b/docker-compose/postfix/docker-compose.yml.j2 index 06a77753..eaed1a6d 100644 --- a/docker-compose/postfix/docker-compose.yml.j2 +++ b/docker-compose/postfix/docker-compose.yml.j2 @@ -4,8 +4,8 @@ services: container_name: postfix restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true ports: - 1025:25 environment: diff --git a/docker-compose/registry/docker-compose.yml.j2 b/docker-compose/registry/docker-compose.yml.j2 index 0bb50393..5a99370e 100644 --- a/docker-compose/registry/docker-compose.yml.j2 +++ b/docker-compose/registry/docker-compose.yml.j2 @@ -2,8 +2,8 @@ services: oci-registry: restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true container_name: oci-registry image: "registry:2.8.3" volumes: @@ -56,8 +56,8 @@ security_opt: - internal restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true environment: REDIS_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'oci-registry-redis-pw', 'password') }}" MAXMEMORY POLICY: allkeys-lru @@ -70,8 +70,8 @@ security_opt: oci-registry-ui: restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true image: "joxit/docker-registry-ui:2.5.7" container_name: oci-registry-ui ports: diff --git a/docker-compose/routeros-config-export/docker-compose.yml b/docker-compose/routeros-config-export/docker-compose.yml index 7657ca6c..2ccfa401 100644 --- a/docker-compose/routeros-config-export/docker-compose.yml +++ b/docker-compose/routeros-config-export/docker-compose.yml @@ -3,8 +3,8 @@ services: container_name: routeros-config-export restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true image: "registry.mgrote.net/routeros-config-export:latest" volumes: - ./key_rb5009:/key_rb5009:ro diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 0150fe2a..b2f61d3d 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -7,8 +7,6 @@ services: image: "traefik:v3.2.3" restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true security_opt: - no-new-privileges=true volumes: diff --git a/docker-compose/unifi-network-application/docker-compose.yml.j2 b/docker-compose/unifi-network-application/docker-compose.yml.j2 index 43c5b46d..86c2ae1a 100644 --- a/docker-compose/unifi-network-application/docker-compose.yml.j2 +++ b/docker-compose/unifi-network-application/docker-compose.yml.j2 @@ -28,8 +28,8 @@ services: - 5514:5514/udp #optional restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true networks: - postfix - unifi-internal diff --git a/docker-compose/wiki/docker-compose.yml.j2 b/docker-compose/wiki/docker-compose.yml.j2 index ce808c7e..60863f88 100644 --- a/docker-compose/wiki/docker-compose.yml.j2 +++ b/docker-compose/wiki/docker-compose.yml.j2 @@ -4,8 +4,8 @@ services: image: "registry.mgrote.net/httpd:latest" restart: unless-stopped pull_policy: missing -security_opt: - - no-new-privileges=true + security_opt: + - no-new-privileges=true networks: - traefik ports: