Blame
| c40d93 | admin | 2025-09-03 14:25:41 | 1 | # Setup |
| 12e464 | admin | 2025-09-03 14:44:39 | 2 | |
| d206f9 | theophile | 2025-10-13 13:28:06 | 3 | - Docker |
| 4 | - fail2ban |
|||
| 5 | - ufw |
|||
| 6 | - secure ssh with password access blocked |
|||
| 7 | ||||
| 8 | ||||
| 9 | ||||
| 10 | ## Docker |
|||
| 11 | ||||
| 12e464 | admin | 2025-09-03 14:44:39 | 12 | Following the instruction in <https://docs.docker.com/>. |
| 13 | ||||
| 14 | You need `docker` and `docker-compose`. Since we are not running in unpriviledged, we don't need the `rootless` packages. |
|||
| 15 | ||||
| 16 | Normaly, we don't need anything else. |
|||
| d206f9 | theophile | 2025-10-13 13:28:06 | 17 | |
| 18 | We store `docker-compose` files in `/opt/docker`, and data in `/mnt/data` and `/mnt/ncdata`. |
|||
| 19 | ||||
| 20 | The `docker` user and group should be created to manage volumes and permissions. Each admin user should be added to the docker group. |
|||
| 21 | ||||
| 22 | File permissions for the docker container data and configs should be set to the docker:docker and add read/write/execute permissions for the docker group, for easier admin management without having to elevating permissions to root. |
|||
| 23 | ||||
| 24 | ||||
| 25 | ``` |
|||
| 26 | # Example of setting the permissions for the |
|||
| 27 | ||||
| 28 | sudo chown -R docker:docker /mnt/data/container && |
|||
| 29 | sudo find /mnt/data/container -type d -exec chmod 775 {} \; && |
|||
| 30 | sudo find /mnt/data/container -type f -exec chmod 664 {} \; |
|||
| 31 | ``` |