version: '2' volumes: plain_data: sshd_host_keys: services: rgpgfs: image: fphammerle/rgpgfs environment: RECIPIENT: 1234567890ABCDEF1234567890ABCDEF12345678 volumes: - plain_data:/plain:ro # TODO replace host path with named volume - /mnt/rgpgfs:/encrypted:shared devices: [/dev/fuse] cap_add: [SYS_ADMIN] security_opt: ['apparmor:unconfined'] tty: true rsync_sshd: image: fphammerle/rsync-sshd:0.1-amd64 environment: USERS: alice volumes: - /mnt/rgpgfs:/data/secrets:slave,ro - sshd_host_keys:/etc/ssh/host_keys - ~/.ssh/authorized_keys:/home/alice/.ssh/authorized_keys:ro ports: ['127.0.0.1:2022:22'] # rsync -av --rsh='ssh -p 2022' alice@localhost:/secrets .