| 123456789101112131415161718192021222324252627282930313233343536373839404142434445 |
- version: '2.2'
- #volumes:
- # config:
- services:
- broker:
- image: docker.io/eclipse-mosquitto:latest
- user: mosquitto
- read_only: yes
- cap_drop: [all]
- security_opt: [no-new-privileges]
- cpus: 0.4
- mem_limit: 32M
- client:
- build: .
- image: fphammerle/systemctl-mqtt
- volumes:
- #- config:/etc/systemctl-mqtt:ro
- - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw
- command: systemctl-mqtt
- --poweroff-delay-seconds 60
- --mqtt-host broker
- --mqtt-disable-tls
- # --mqtt-username raspberrypi
- # --mqtt-password-file /etc/systemctl-mqtt/mqtt-password
- hostname: raspberrypi
- userns_mode: host
- # prefering explicit user specification over "USER 0" in Dockerfile
- # to avoid accidental container startup without
- # secure apparmor profile and dropped capabilities
- user: '0'
- read_only: true
- cap_drop: [all]
- security_opt:
- - no-new-privileges
- # $ sudo apparmor_parser --replace ./docker-apparmor-profile
- # raspberrypi kernel apparmor: https://github.com/raspberrypi/linux/pull/1698#issuecomment-684989048
- # https://github.com/raspberrypi/linux/commit/a3e07c5dfef2664fc1d900ebb4a3f91c04ab700b
- - apparmor=systemctl-mqtt
- # docker-compose >=2.2,<3
- cpus: 0.4
- mem_limit: 32M
- # https://docs.docker.com/compose/compose-file/compose-file-v2/
|
