-
Notifications
You must be signed in to change notification settings - Fork 3
/
docker-compose.yml
51 lines (47 loc) · 1.46 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
version: '2.2'
networks:
default:
driver_opts:
com.docker.network.bridge.name: systemctl-mqtt
#volumes:
# config:
services:
broker:
image: docker.io/eclipse-mosquitto:latest
user: mosquitto
read_only: yes
#ports: ['127.0.0.1:1883:1883/tcp']
cap_drop: [all]
security_opt: [no-new-privileges]
cpus: 0.4
mem_limit: 32M
client:
build: .
image: fphammerle/systemctl-mqtt
volumes:
#- config:/etc/systemctl-mqtt:ro
- /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw
command: systemctl-mqtt
--poweroff-delay-seconds 60
--mqtt-host broker
--mqtt-disable-tls
# --mqtt-username raspberrypi
# --mqtt-password-file /etc/systemctl-mqtt/mqtt-password
hostname: raspberrypi
userns_mode: host
# prefering explicit user specification over "USER 0" in Dockerfile
# to avoid accidental container startup without
# secure apparmor profile and dropped capabilities
user: '0'
read_only: true
cap_drop: [all]
security_opt:
- no-new-privileges
# $ sudo apparmor_parser --replace ./docker-apparmor-profile
# raspberrypi kernel apparmor: https://github.com/raspberrypi/linux/pull/1698#issuecomment-684989048
# https://github.com/raspberrypi/linux/commit/a3e07c5dfef2664fc1d900ebb4a3f91c04ab700b
- apparmor=systemctl-mqtt
# docker-compose >=2.2,<3
cpus: 0.4
mem_limit: 32M
# https://docs.docker.com/compose/compose-file/compose-file-v2/