From 78cb405acd192ee9391c2739f9edeab49c3ce797 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 28 Mar 2023 10:20:07 -0400
Subject: [PATCH] Additional hardening for Docker-Compose (#734)

---
 docker-compose.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1cf4e09..ec8ade5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,6 +17,12 @@ services:
       interval: 30s
       timeout: 5s
       retries: 2
+    user: "998:998"
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
 
   nitter-redis:
     image: redis:6-alpine
@@ -30,6 +36,12 @@ services:
       interval: 30s
       timeout: 5s
       retries: 2
+    user: "999:1000"
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
 
 volumes:
   nitter-redis: