docker-compose.yml 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. version: '2'
  2. volumes:
  3. plain_data:
  4. encfs_password:
  5. sshd_host_keys:
  6. services:
  7. encfs:
  8. image: fphammerle/reverse-encfs:0.1.1-encfs1.9.5-amd64
  9. volumes:
  10. - plain_data:/plain/data:ro
  11. - encfs_password:/secret
  12. # Currently docker does not allow changing
  13. # the mount propagation setting for named volumes.
  14. # https://github.com/moby/moby/pull/17034#issuecomment-163361073
  15. # https://github.com/moby/moby/pull/17034/files#diff-6896c3d2994ef80758bb7e38c07eb76bR103
  16. # https://github.com/moby/moby/blob/e89b6e8c2d2c36c43f22aeaf2a885646c2994051/volume/linux_parser.go#L91
  17. # https://github.com/moby/moby/blob/fc7b904dced4d18d49c8a6c47ae3f415d16d0c43/volume/validate.go#L74
  18. # https://github.com/moby/moby/blob/675144ff8d251a97322859a78f28ed4f988d3a74/volume/volume_unix.go#L100
  19. # So we bind mount a host dir instead.
  20. - /mnt/encrypted:/encrypted:shared
  21. networks: []
  22. devices: [/dev/fuse]
  23. cap_add: [SYS_ADMIN]
  24. security_opt: ['apparmor:unconfined']
  25. encfs_pwd_rgpgfs:
  26. image: fphammerle/rgpgfs:0.1.1-amd64
  27. environment:
  28. RECIPIENT: 1234567890ABCDEF1234567890ABCDEF12345678
  29. volumes:
  30. - encfs_password:/plain:ro
  31. - /mnt/encrypted/encfs-password:/encrypted:shared
  32. devices: [/dev/fuse]
  33. cap_add: [SYS_ADMIN]
  34. security_opt: ['apparmor:unconfined']
  35. tty: true
  36. rsync_sshd:
  37. image: fphammerle/rsync-sshd:0.1-amd64
  38. environment:
  39. USERS: alice
  40. volumes:
  41. - /mnt/encrypted:/data:slave,ro
  42. - sshd_host_keys:/etc/ssh/host_keys
  43. - ~/.ssh/authorized_keys:/home/alice/.ssh/authorized_keys:ro
  44. ports: ['127.0.0.1:2022:22']
  45. # rsync -av --rsh='ssh -p 2022' alice@localhost:/ encrypted
  46. # https://docs.docker.com/compose/compose-file/compose-file-v2/