louis/monotrope
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pin image versions, add security headers, log limits, unattended upgrades

Browse Source 
- Pin Miniflux to 2.2.19, Gitea to 1.25 (from :latest)
- Add security headers (X-Content-Type-Options, X-Frame-Options,
  Referrer-Policy, Permissions-Policy) to all Caddy sites
- Add Docker JSON log rotation (10m x 3 files) to all containers
- Add SHA256 checksum verification for GoatCounter binary download
- Install and configure unattended-upgrades for security patches

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Louis Simoneau
2026-04-10 08:31:41 +10:00
parent a9e063867a
commit ab050fddd7
4 changed files with 78 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
infra/gitea/docker-compose.yml
View File

@@ -1,7 +1,12 @@
services:
gitea:
image: gitea/gitea:latest
image: gitea/gitea:1.25
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
depends_on:
db:
condition: service_healthy
@@ -26,6 +31,11 @@ services:
db:
image: postgres:16-alpine
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
volumes:
- gitea_db:/var/lib/postgresql/data
environment: