chrome/docker-compose.yml
2018-12-25 19:06:31 +01:00

33 lines
962 B
YAML

version: '3.7'
services:
chrome:
init: true
build: .
network_mode: bridge
devices:
- /dev/dri
# - /dev/video0
volumes:
- /tmp/.X11-unix:/tmp/.X11-unix:ro
- $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse
- ./data:/home/user
- $HOME/Downloads:/home/user/Downloads
- /var/run/cups:/var/run/cups:ro
- /tmp/krb5cc_1000:/tmp/krb5cc_1000:ro
- /etc/localtime:/etc/localtime:ro
- /etc/machine-id:/etc/machine-id:ro
environment:
- DISPLAY=unix$DISPLAY
- PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native
# SYS_ADMIN is NOT required if you run chrome with `--no-sandbox` flag
# more on CAP_SYS_ADMIN https://lwn.net/Articles/486306/
cap_add:
- SYS_ADMIN
- IPC_LOCK # lock memory to prevent sensitive values from being swapped to disk.
shm_size: 4G
# mem_limit: 4G
# security_opt:
# - apparmor:docker-ptrace
# - apparmor:unconfined