gstone/nextcloud-selfhosted
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pin versions

Browse Source
This commit is contained in:
Thomas Gräfenstein
2026-03-22 12:23:52 +01:00
parent 0f12c5f5a8
commit caa1c7f471
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gitea/docker-compose.yml
View File

@@ -1,6 +1,6 @@
services: services:
gitea: gitea:
image: gitea/gitea:latest-rootless image: gitea/gitea:1.25.5-rootless
container_name: gitea container_name: gitea
restart: unless-stopped restart: unless-stopped
env_file: .env env_file: .env

2
monitoring/docker-compose.yml
View File

@@ -29,7 +29,7 @@ services:
- monitoring - monitoring
alloy: alloy:
image: grafana/alloy:latest image: grafana/alloy:v1.14.1
container_name: alloy container_name: alloy
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:

4
review.md
View File

@@ -10,5 +10,5 @@
| 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | DONE | | 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | DONE |
| 7 | Medium | `monitoring/docker-compose.yml` | Docker socket + `/proc` + `/sys` + `/` mounted into Alloy container. Consider using a Docker socket proxy to limit API access | DONE | | 7 | Medium | `monitoring/docker-compose.yml` | Docker socket + `/proc` + `/sys` + `/` mounted into Alloy container. Consider using a Docker socket proxy to limit API access | DONE |
| 8 | Medium | `caddy/Caddyfile` | No rate limiting configured at the reverse proxy layer | DONE | | 8 | Medium | `caddy/Caddyfile` | No rate limiting configured at the reverse proxy layer | DONE |
| 9 | Low | `gitea/docker-compose.yml` | `gitea/gitea:latest-rootless` unpinned — pin to specific version like Nextcloud does | TODO | | 9 | Low | `gitea/docker-compose.yml` | `gitea/gitea:latest-rootless` unpinned — pin to specific version like Nextcloud does | DONE |
| 10 | Low | `monitoring/docker-compose.yml` | `grafana/alloy:latest` unpinned — pin to specific version | TODO | | 10 | Low | `monitoring/docker-compose.yml` | `grafana/alloy:latest` unpinned — pin to specific version | DONE |