homelab

hoborg/homelab

Fork 0

Commit Graph

Author	SHA1	Message	Date
Arpad Krejczinger	ea1c71f0f0	Pin Docker image versions and fix config drift - Pin all :latest tags to specific versions for reproducibility: jellyfin→10.11.6, gitea→1.24, portainer→2.39.0, qbittorrent→5.1.4 - Fix nextcloud config drift: repo had :29, live was running :32 - Fix qbittorrent: remove user: directive (breaks s6-overlay init) - Fix portainer: remove healthcheck (distroless image has no shell)	2026-02-28 00:28:17 +01:00
Arpad Krejczinger	6980c36ae9	Harden Docker container configurations - Gitea: Bind ports to localhost, add security options, resource limits, health checks - Jellyfin: Add security options, enhanced resource limits, health checks (kept host networking for GPU) - qBittorrent: Bind torrent ports to localhost, add security options, health checks - All configs: Non-root users, capability drops, no-new-privileges, tmpfs hardening Security improvements: - Ports no longer exposed to all interfaces (0.0.0.0) - Added security options (no-new-privileges, cap_drop) - Resource limits and health checks implemented - Read-only filesystems where possible - Temporary filesystems with restrictions	2025-09-12 19:14:59 +02:00
Arpad Krejczinger	ff2aedacf6	Add qBittorrent Docker configuration - Add docker-compose.yml for qBittorrent container setup - Add config directory with qBittorrent configuration files - Include GeoDB, RSS feeds, categories, and watched folders config	2025-09-12 19:00:56 +02:00

Author

SHA1

Message

Date

Arpad Krejczinger

ea1c71f0f0

Pin Docker image versions and fix config drift

- Pin all :latest tags to specific versions for reproducibility:
  jellyfin→10.11.6, gitea→1.24, portainer→2.39.0, qbittorrent→5.1.4
- Fix nextcloud config drift: repo had :29, live was running :32
- Fix qbittorrent: remove user: directive (breaks s6-overlay init)
- Fix portainer: remove healthcheck (distroless image has no shell)

2026-02-28 00:28:17 +01:00

Arpad Krejczinger

6980c36ae9

Harden Docker container configurations

- Gitea: Bind ports to localhost, add security options, resource limits, health checks
- Jellyfin: Add security options, enhanced resource limits, health checks (kept host networking for GPU)
- qBittorrent: Bind torrent ports to localhost, add security options, health checks
- All configs: Non-root users, capability drops, no-new-privileges, tmpfs hardening

Security improvements:
- Ports no longer exposed to all interfaces (0.0.0.0)
- Added security options (no-new-privileges, cap_drop)
- Resource limits and health checks implemented
- Read-only filesystems where possible
- Temporary filesystems with restrictions

2025-09-12 19:14:59 +02:00

Arpad Krejczinger

ff2aedacf6

Add qBittorrent Docker configuration

- Add docker-compose.yml for qBittorrent container setup
- Add config directory with qBittorrent configuration files
- Include GeoDB, RSS feeds, categories, and watched folders config

2025-09-12 19:00:56 +02:00

3 Commits