version: '3.8'

services:
  astroport:
    build:
      args:
      - DOCKER_REPOSITORY=${DOCKER_REPOSITORY}
      dockerfile: docker/astroport/Dockerfile.vdi
    cap_add:
    - IPC_LOCK # ecryptfs
    - NET_ADMIN # iptables
    - NET_RAW # iptables
    - SYS_ADMIN # ecryptfs
    environment:
    - DEBUG=${VDI_DEBUG:-}
    - ECRYPTERS=${HOST_VDI_ECRYPTERS:-zen}
    - LANG=${HOST_VDI_LANG:-}
    - RC_00_SOURCE=${USER_RC_SOURCE:-/etc/profile.d/rc_functions.sh}
    - RC_01_PS1_SET=${USER_RC_PS1_SET:-true}
    - RC_02_PROMPT_SET=${USER_RC_PROMPT_SET:-true}
    - RC_03_SSH_ADD=${USER_RC_SSH_ADD:-true}
    - RC_04_TMUX_ATTACH=${USER_RC_TMUX_ATTACH:-false}
    - RC_05_SCREEN_ATTACH=${USER_RC_SCREEN_ATTACH:-true}
    - SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
    - SSH_PORT=${SSH_PORT:-22}
    - SSH_PUBLIC_HOSTS=${SSH_PUBLIC_HOSTS:-}
    - SUDOERS=${HOST_VDI_SUDOERS:-zen}
    - TZ=${HOST_VDI_TZ:-:-{TZ}}
    - USERS=${HOST_VDI_USERS:-zen}
    security_opt:
    - apparmor=unconfined # ecryptfs
    - seccomp=unconfined # ecryptfs
    tty: true
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - /etc/default/console-setup:/etc/default/console-setup:ro
    - /etc/default/keyboard:/etc/default/keyboard:ro
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - home:/home:delegated
    - shared:/shared:cached
    - shm:/dev/shm:delegated

volumes:
  home:
  shared:
  shm:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
      o: mode=1777,size=2147483648 # 2GB