-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
36 lines (34 loc) · 1.31 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
version: '2'
volumes:
plain_data:
sshd_host_keys:
services:
rgpgfs:
image: fphammerle/rgpgfs
environment:
RECIPIENT: 1234567890ABCDEF1234567890ABCDEF12345678
volumes:
- plain_data:/plain:ro
# Currently docker does not allow changing
# the mount propagation setting for named volumes.
# https://github.com/moby/moby/pull/17034#issuecomment-163361073
# https://github.com/moby/moby/pull/17034/files#diff-6896c3d2994ef80758bb7e38c07eb76bR103
# https://github.com/moby/moby/blob/e89b6e8c2d2c36c43f22aeaf2a885646c2994051/volume/linux_parser.go#L91
# https://github.com/moby/moby/blob/fc7b904dced4d18d49c8a6c47ae3f415d16d0c43/volume/validate.go#L74
# https://github.com/moby/moby/blob/675144ff8d251a97322859a78f28ed4f988d3a74/volume/volume_unix.go#L100
# So we bind mount a host dir instead.
- /mnt/rgpgfs:/encrypted:shared
devices: [/dev/fuse]
cap_add: [SYS_ADMIN]
security_opt: ['apparmor:unconfined']
tty: true
rsync_sshd:
image: fphammerle/rsync-sshd:0.1-amd64
environment:
USERS: alice
volumes:
- /mnt/rgpgfs:/data/secrets:slave,ro
- sshd_host_keys:/etc/ssh/host_keys
- ~/.ssh/authorized_keys:/home/alice/.ssh/authorized_keys:ro
ports: ['127.0.0.1:2022:22']
# rsync -av --rsh='ssh -p 2022' alice@localhost:/secrets .