security: don't expose docker socket by default

2023-07-06 15:13:08 +02:00 · 2023-07-06 15:13:08 +02:00 · 3de29f0135
parent b46f3ae4fc
commit 3de29f0135
4 changed files with 10 additions and 2 deletions
--- a/.env.sample
+++ b/.env.sample
@ -12,6 +12,9 @@ AUTHENTIK_LOG_LEVEL=info
 # AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
 # WORKERS=1

+## Outpost Integration
+# COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml"
+
 ## EMAIL
 AUTHENTIK_EMAIL__HOST=smtp
 AUTHENTIK_EMAIL__PORT=587
--- a/compose.outposts.yml
+++ b/compose.outposts.yml
@ -0,0 +1,6 @@
+version: "3.8"
+services:
+  worker:
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
--- a/compose.yml
+++ b/compose.yml
@ -87,11 +87,9 @@ services:
    networks:
      - internal
      - proxy
-    user: root
    volumes:
      - backups:/backups
      - media:/media
-      - /var/run/docker.sock:/var/run/docker.sock
      - /dev/null:/blueprints/default/flow-oobe.yaml
    configs:
      - source: flow_recovery
--- a/release/next
+++ b/release/next
@ -0,0 +1 @@
+If you use your own outpost you need to uncomment COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml" to expose the docker socket again.
				`@ -0,0 +1 @@`
				`If you use your own outpost you need to uncomment COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml" to expose the docker socket again.`