50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
version: "3.8"
|
|
services:
|
|
ssh:
|
|
image: lscr.io/linuxserver/openssh-server:latest
|
|
networks:
|
|
- proxy
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Etc/UTC
|
|
- PASSWORD_ACCESS=true
|
|
- USER_PASSWORD_FILE=/run/secrets/ssh_password
|
|
- USER_NAME=sftp
|
|
secrets:
|
|
- ssh_password
|
|
volumes:
|
|
- content:/content:rw
|
|
ports:
|
|
- 2220:2222
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
# The following is an admittedly hacky way of setting the owner
|
|
# of the `content` volume to the unprivileged `sftp` user, so
|
|
# that content can be transferred through the unprivileged sshd process
|
|
# using `scp` etc.
|
|
sshstart:
|
|
image: lscr.io/linuxserver/openssh-server:latest
|
|
user: root
|
|
depends_on:
|
|
- ssh
|
|
deploy:
|
|
restart_policy:
|
|
condition: none
|
|
volumes:
|
|
- content:/content:rw
|
|
entrypoint: [ "bash", "-c", "sleep 10 && chown -R 1000:1000 /content"]
|
|
|
|
secrets:
|
|
ssh_password:
|
|
external: true
|
|
name: ${STACK_NAME}_ssh_password_${SECRET_SSH_PASSWORD_VERSION}
|
|
|
|
volumes:
|
|
content:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|