added docker-compose.yml; mount /plain/data read-only

README.md

@@ -1,8 +1,7 @@
 ```sh
-# TODO remove --userns
 # TODO add image name
 docker run --rm -it --device /dev/fuse \
-    -v plain-data:/plain/data \
+    -v plain-data:/plain/data:ro \
     -v encfs-password:/secret \
     --cap-add SYS_ADMIN --security-opt apparmor:unconfined ?
 ```
@@ -10,3 +9,5 @@ docker run --rm -it --device /dev/fuse \
 Optionally add `-v encfs-config:/encrypted/config` to make `encfs6.xml` persistent.
 
 Optionally add `--network none`
+
+Or simply run `docker-compose up`

docker-compose.yml

@@ -0,0 +1,20 @@
+version: '2'
+
+volumes:
+  plain_data:
+  encfs_password:
+  encfs_config:
+
+services:
+  encfs:
+    build: .
+    volumes:
+    - plain_data:/plain/data:ro
+    - encfs_password:/secret
+    - encfs_config:/encrypted/config
+    networks: []
+    devices: [/dev/fuse]
+    cap_add: [SYS_ADMIN]
+    security_opt: ['apparmor:unconfined']
+
+# https://docs.docker.com/compose/compose-file/compose-file-v2/