Tim Kaufmann
6c5e6e7202
- HomeKit Bridge für Apple Home - macvlan Netzwerk (10.11.1.243) für mDNS/Bonjour - Security: User Namespaces, cap_drop: ALL, resource limits - Backup-Strategie: GIT_PLUS_DATA 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
48 lines
1.0 KiB
YAML
48 lines
1.0 KiB
YAML
services:
|
|
homebridge:
|
|
image: homebridge/homebridge:ubuntu
|
|
container_name: homebridge
|
|
restart: unless-stopped
|
|
|
|
# Security Hardening
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN # Config file ownership
|
|
- SETUID # User switching in entrypoint
|
|
- SETGID # Group switching in entrypoint
|
|
- DAC_OVERRIDE # Permission override for config files
|
|
|
|
# Resource Limits
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 1G
|
|
cpus: '1.0'
|
|
pids: 200
|
|
reservations:
|
|
memory: 256M
|
|
cpus: '0.25'
|
|
|
|
stop_grace_period: 15s
|
|
|
|
# macvlan Network - HomeKit mDNS Discovery
|
|
networks:
|
|
docker_macvlan:
|
|
ipv4_address: 10.11.1.243
|
|
|
|
environment:
|
|
- HOMEBRIDGE_CONFIG_UI=1
|
|
- HOMEBRIDGE_CONFIG_UI_PORT=8581
|
|
- TZ=Europe/Berlin
|
|
|
|
volumes:
|
|
- ./mounts:/homebridge
|
|
|
|
networks:
|
|
docker_macvlan:
|
|
external: true
|
|
name: docker_macvlan
|