-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathdocker-compose.dev.yml
More file actions
57 lines (55 loc) · 1.75 KB
/
docker-compose.dev.yml
File metadata and controls
57 lines (55 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# SeedSync Development Docker Compose
#
# Usage:
# docker compose -f docker-compose.dev.yml build
# docker compose -f docker-compose.dev.yml up
#
# Access the web UI at: http://localhost:8800
services:
seedsync:
build:
context: .
dockerfile: src/docker/build/docker-image/Dockerfile
container_name: seedsync-dev
ports:
- "8800:8800"
environment:
# Set these to match your host user's UID/GID
# Run 'id' command to find your values
- PUID=1000
- PGID=1000
volumes:
# Configuration storage (persists settings)
- ./dev-config:/config
# Download destination
- ./dev-downloads:/downloads
# Uncomment to use SSH key authentication
# - ~/.ssh/id_rsa:/home/seedsync/.ssh/id_rsa:ro
restart: unless-stopped
# --- Hardened runtime baseline (audit #528) ---
# entrypoint.sh briefly runs as root to create the PUID/PGID user and
# chown /config, then drops to that non-root user via setpriv. setpriv
# only *drops* privileges, so it stays compatible with no-new-privileges.
security_opt:
- no-new-privileges:true
# Drop all Linux capabilities, then add back only the ones the entrypoint
# needs at startup:
# CHOWN, FOWNER, DAC_OVERRIDE - create & chown the user's dirs and /config
# SETUID, SETGID - create the user/group and setpriv into it
cap_drop:
- ALL
cap_add:
- CHOWN
- SETUID
- SETGID
- DAC_OVERRIDE
- FOWNER
# Uncomment below for a test remote server (for development only)
# test-remote:
# image: atmoz/sftp
# container_name: seedsync-test-remote
# ports:
# - "2222:22"
# volumes:
# - ./dev-remote-files:/home/testuser/files
# command: testuser:testpass:1000