This commit is contained in:
Michael Grote 2025-01-03 14:02:33 +01:00
parent e6b0b33ffd
commit 0ece4678c6
13 changed files with 46 additions and 48 deletions

View file

@ -6,7 +6,7 @@ services:
image: gitea/act_runner:0.2.11
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
volumes:
- act_runner_data:/data

View file

@ -7,7 +7,7 @@ services:
container_name: authelia
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
environment:
TZ: Europe/Berlin
@ -44,7 +44,7 @@ security_opt:
container_name: authelia-redis
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
environment:
TZ: Europe/Berlin
@ -63,7 +63,7 @@ security_opt:
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
volumes:
- /etc/localtime:/etc/localtime:ro

View file

@ -5,7 +5,7 @@ services:
image: ghcr.io/gramps-project/grampsweb:v24.12.2 # version
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
ports:
- "6483:5000" # host:docker
@ -49,7 +49,7 @@ security_opt:
container_name: grampsweb-redis
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
healthcheck:
test: ["CMD", "redis-cli", "ping"]

View file

@ -4,7 +4,7 @@ services:
container_name: lldap
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
ports:
- "3890:3890"
@ -27,7 +27,7 @@ security_opt:
image: "postgres:17.2"
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
environment:
POSTGRES_USER: lldap

View file

@ -5,7 +5,7 @@ services:
image: "ghcr.io/miniflux/miniflux:2.2.4"
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
depends_on:
- mf-db17
@ -39,7 +39,7 @@ security_opt:
image: "postgres:17.2"
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
environment:
POSTGRES_USER: miniflux
@ -62,7 +62,7 @@ security_opt:
- miniflux
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
environment:
TZ: Europe/Berlin

View file

@ -5,7 +5,7 @@ services:
image: "deluan/navidrome:0.54.3"
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
environment:
ND_AUTOIMPORTPLAYLISTS: true

View file

@ -6,7 +6,7 @@ services:
command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
volumes:
- /etc/localtime:/etc/localtime:ro
@ -41,7 +41,7 @@ security_opt:
- internal
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
healthcheck:
@ -56,7 +56,7 @@ security_opt:
image: "registry.mgrote.net/nextcloud-cronjob:latest"
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
network_mode: none
volumes:
@ -72,7 +72,7 @@ security_opt:
container_name: nextcloud-app
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
depends_on:
- nextcloud-db

View file

@ -4,7 +4,7 @@ services:
container_name: postfix
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
ports:
- 1025:25

View file

@ -2,7 +2,7 @@ services:
oci-registry:
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
container_name: oci-registry
image: "registry:2.8.3"
@ -56,7 +56,7 @@ security_opt:
- internal
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
environment:
REDIS_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'oci-registry-redis-pw', 'password') }}"
@ -70,7 +70,7 @@ security_opt:
oci-registry-ui:
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
image: "joxit/docker-registry-ui:2.5.7"
container_name: oci-registry-ui

View file

@ -3,7 +3,7 @@ services:
container_name: routeros-config-export
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
image: "registry.mgrote.net/routeros-config-export:latest"
volumes:

View file

@ -7,8 +7,6 @@ services:
image: "traefik:v3.2.3"
restart: unless-stopped
pull_policy: missing
security_opt:
- no-new-privileges=true
security_opt:
- no-new-privileges=true
volumes:

View file

@ -28,7 +28,7 @@ services:
- 5514:5514/udp #optional
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
networks:
- postfix

View file

@ -4,7 +4,7 @@ services:
image: "registry.mgrote.net/httpd:latest"
restart: unless-stopped
pull_policy: missing
security_opt:
security_opt:
- no-new-privileges=true
networks:
- traefik