version: '3.8'

services:
  vdi:
    build:
      args:
      - DOCKER_BUILD_DIR=docker/x2go/xfce-debian
      - SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}}
      context: ../..
      dockerfile: docker/x2go/xfce-debian/Dockerfile
    cap_add:
    - IPC_LOCK # ecryptfs
    - NET_ADMIN # iptables
    - NET_RAW # iptables
    - SYS_ADMIN # ecryptfs
    container_name: ${HOST_COMPOSE_PROJECT_NAME}-vdi
    cpus: 0.5
    environment:
    - DEBUG=${VDI_DEBUG:-}
    - ECRYPTERS=${HOST_VDI_ECRYPTERS:-${USER}}
    - LANG=${HOST_VDI_LANG:-C.UTF-8}
    - SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}}
    - SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
    - SSH_PUBLIC_HOSTS=${HOST_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}}
    - SUDOERS=${HOST_VDI_SUDOERS:-${USER}}
    - TZ=${HOST_VDI_TZ:-}
    - USERS=${HOST_VDI_USERS:-${USER}}
    image: ${HOST_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG}
    networks:
    - public
    ports:
    - ${HOST_VDI_PORT:-22}:${SSH_PORT:-22}
    restart: unless-stopped
    security_opt:
    - apparmor=unconfined # ecryptfs
    - seccomp=unconfined # ecryptfs
    tty: true
    volumes:
    - home:/home:delegated
    - shared:/shared:cached
    - shm:/dev/shm:delegated

networks:
  public:
    external: true
    name: ${DOCKER_NETWORK_PUBLIC}

volumes:
  home:
  shared:
    driver: local
    driver_opts:
      type: none
      device: /mnt/shared
      o: bind
  shm:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
      o: mode=1777,size=2147483648 # 2GB