version: '2.3'

volumes:
  database:
  ssh_host_keys:

services:
  sample_database:
    image: docker.io/mariadb:10.5.8
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
      MYSQL_USER: someone
      MYSQL_PASSWORD: secret
      MYSQL_DATABASE: demo
      # https://github.com/docker-library/mariadb/issues/251
      # https://github.com/docker-library/mariadb/issues/262#issuecomment-536405303
      MYSQL_INITDB_SKIP_TZINFO: 1
    volumes:
    - database:/var/lib/mysql:rw
  sshd:
    build: .
    image: docker.io/fphammerle/mysqldump-sshd
    environment:
      SSH_CLIENT_PUBLIC_KEYS: |
        ssh-rsa ...
        ssh-rsa ...
      MYSQLDUMP_ARGS: >-
        --host=sample_database
        --user=someone
        --password=secret
        --skip-add-drop-table
        --skip-comments
        --skip-dump-date
        --databases demo
    read_only: true
    volumes:
    - type: volume
      source: ssh_host_keys
      target: /etc/ssh/host_keys
      read_only: false
    - type: tmpfs
      target: /home/dump/.ssh # authorized_keys
      tmpfs:
        # nosuid,nodev,noexec added by default
        mode: '1777'
        size: 16k
    ports: ['127.0.0.1:2200:2200']
    cap_drop: [ALL]
    # strace
    # cap_add: [SYS_PTRACE]
    security_opt: [no-new-privileges]
    # docker-compose >=2.2,<3
    cpus: 0.2
    mem_limit: 64M

# https://docs.docker.com/compose/compose-file/compose-file-v2/