|
|
@ -1,12 +1,8 @@
|
|
|
|
version: '2'
|
|
|
|
version: '3.7'
|
|
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
|
|
data: {}
|
|
|
|
|
|
|
|
certs: {}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
services:
|
|
|
|
chrome:
|
|
|
|
chrome:
|
|
|
|
image: andrey01/chrome
|
|
|
|
init: true
|
|
|
|
build: .
|
|
|
|
build: .
|
|
|
|
network_mode: bridge
|
|
|
|
network_mode: bridge
|
|
|
|
devices:
|
|
|
|
devices:
|
|
|
@ -15,25 +11,20 @@ services:
|
|
|
|
volumes:
|
|
|
|
volumes:
|
|
|
|
- /tmp/.X11-unix:/tmp/.X11-unix:ro
|
|
|
|
- /tmp/.X11-unix:/tmp/.X11-unix:ro
|
|
|
|
- $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse
|
|
|
|
- $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse
|
|
|
|
- data:/data
|
|
|
|
- ./data:/home/user
|
|
|
|
- certs:/home/user/.pki/nssdb
|
|
|
|
|
|
|
|
- $HOME/Downloads:/home/user/Downloads
|
|
|
|
- $HOME/Downloads:/home/user/Downloads
|
|
|
|
- /var/run/cups:/var/run/cups:ro
|
|
|
|
- /var/run/cups:/var/run/cups:ro
|
|
|
|
- /tmp/krb5cc_1000:/tmp/krb5cc_1000:ro
|
|
|
|
- /tmp/krb5cc_1000:/tmp/krb5cc_1000:ro
|
|
|
|
|
|
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
|
|
|
|
- /etc/machine-id:/etc/machine-id:ro
|
|
|
|
environment:
|
|
|
|
environment:
|
|
|
|
- DISPLAY=unix$DISPLAY
|
|
|
|
- DISPLAY=unix$DISPLAY
|
|
|
|
- PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native
|
|
|
|
- PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native
|
|
|
|
# some webapps won't work when the timezone is not properly set, e.g.
|
|
|
|
|
|
|
|
# the ownCloud's (v9.0.0) calendar (v1.0.0.0) does not work correctly
|
|
|
|
|
|
|
|
# the same could happen with Icinga2 web interface
|
|
|
|
|
|
|
|
- TZ=Europe/Amsterdam
|
|
|
|
|
|
|
|
# SYS_ADMIN is NOT required if you run chrome with `--no-sandbox` flag
|
|
|
|
# SYS_ADMIN is NOT required if you run chrome with `--no-sandbox` flag
|
|
|
|
# more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/
|
|
|
|
# more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/
|
|
|
|
cap_add:
|
|
|
|
cap_add:
|
|
|
|
- SYS_ADMIN
|
|
|
|
- SYS_ADMIN
|
|
|
|
- IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk.
|
|
|
|
- IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk.
|
|
|
|
# Turns off anonymous page swapping
|
|
|
|
|
|
|
|
mem_swappiness: 0
|
|
|
|
|
|
|
|
shm_size: 4G
|
|
|
|
shm_size: 4G
|
|
|
|
# mem_limit: 4G
|
|
|
|
# mem_limit: 4G
|
|
|
|
# security_opt:
|
|
|
|
# security_opt:
|
|
|
|