-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
62 lines (59 loc) · 1.75 KB
/
docker-compose.yml
File metadata and controls
62 lines (59 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
version: '3.8'
services:
python-secure:
build:
context: .
dockerfile_inline: |
FROM scratch
# This service uses the Nix-built image directly
image: ghcr.io/reaslab/docker-python-runner:latest
container_name: python-secure
volumes:
- ./test:/app
- ./gurobi.lic:/app/gurobi.lic:ro
environment:
- GRB_LICENSE_FILE=/app/gurobi.lic
- PYTHONPATH=/app:/.local/lib/python3.12/site-packages
working_dir: /app
command: tail -f /dev/null
# Security settings
read_only: true
user: "1000:1000"
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
tmpfs:
- /tmp:nosuid,size=2g,uid=1000,gid=1000,mode=755
- /.cache:nosuid,size=1g,uid=1000,gid=1000,mode=755
- /.local:nosuid,size=1g,uid=1000,gid=1000,mode=755
- /.local/share:nosuid,size=512m,uid=1000,gid=1000,mode=755
- /.uv_cache:nosuid,size=1g,uid=1000,gid=1000,mode=755
networks:
- python-network
python-dev:
image: ghcr.io/reaslab/docker-python-runner:latest
container_name: python-dev
volumes:
- ./test:/app
- ./gurobi.lic:/app/gurobi.lic:ro
environment:
- GRB_LICENSE_FILE=/app/gurobi.lic
- PYTHONPATH=/app:/.local/lib/python3.12/site-packages
working_dir: /app
command: bash
# Development mode - less restrictive
user: "1000:1000"
tmpfs:
- /tmp:nosuid,size=2g,uid=1000,gid=1000,mode=755
- /.cache:nosuid,size=1g,uid=1000,gid=1000,mode=755
- /.local:nosuid,size=1g,uid=1000,gid=1000,mode=755
- /.local/share:nosuid,size=512m,uid=1000,gid=1000,mode=755
- /.uv_cache:nosuid,size=1g,uid=1000,gid=1000,mode=755
networks:
- python-network
networks:
python-network:
driver: bridge