samply/bridgehead
1
0
Fork 0
mirror of https://github.com/samply/bridgehead.git synced 2025-07-12 10:40:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Set SELinux labels for bind mounts, replace secrets with bind mounts

Browse Source
This commit is contained in:
tobiaskussel
2025-07-03 14:09:01 +00:00
parent 98e0512a61
commit 078c16e8dd
22 changed files with 62 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
itcc/docker-compose.yml
View File

@ -35,7 +35,7 @@ services:
QUERIES_TO_CACHE: '/queries_to_cache.conf'
ENDPOINT_TYPE: ${FOCUS_ENDPOINT_TYPE:-blaze}
volumes:
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro
- /srv/docker/bridgehead/itcc/queries_to_cache.conf:/queries_to_cache.conf:ro,Z
depends_on:
- "beam-proxy"
- "blaze"
@ -57,12 +57,10 @@ services:
- "forward_proxy"
volumes:
- /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
- /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro
- /srv/docker/bridgehead/itcc/root.crt.pem:/conf/root.crt.pem:ro,Z
# secrets don't seem to allow us to specify Z
- /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro
volumes:
blaze-data:
secrets:
proxy.pem:
file: /etc/bridgehead/pki/${SITE_ID}.priv.pem