radicale/docker-compose.yml

# Radicale CalDAV/CardDAV Server Configuration
services:
  radicale:
    # Basic container configuration
    container_name: radicale
    image: docker.io/tomsquest/docker-radicale:3.5.4.0
    restart: unless-stopped
    
    # Security hardening
    init: true  # Use init process for proper signal handling
    read_only: true  # Read-only filesystem for security
    
    # Minimal required capabilities
    cap_add:
      - CHOWN  # Required for file ownership changes
      - KILL  # Required for process management
      - SETGID  # Required for group permissions
      - SETUID  # Required for user permissions
    
    # Security restrictions
    cap_drop:
      - ALL  # Drop all capabilities by default
    security_opt:
      - no-new-privileges:true  # Prevent privilege escalation
    
    # Resource limits
    deploy:
      resources:
        limits:
          memory: 256M  # Memory limit
          pids: 50  # Maximum number of processes
    
    # Persistent storage configuration
    volumes:
      - ${APPDATA_PATH}/radicale/data:/data  # Calendar and contact data
      - ${APPDATA_PATH}/radicale/config:/config:ro  # Read-only configuration
    
    # Network configuration
    ports:
      - ${PORT}:5232  # DAV service port

    # Health monitoring
    healthcheck:
      test: curl -f http://127.0.0.1:5232 || exit 1  # Simple HTTP check
      interval: 30s  # Check every 30 seconds
      retries: 3  # Allow 3 failures before marking unhealthy
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`# Radicale CalDAV/CardDAV Server Configuration`
Add radicale 2025-06-19 19:05:23 +05:30			`services:`
			`radicale:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`# Basic container configuration`
Add radicale 2025-06-19 19:05:23 +05:30			`container_name: radicale`
Update compose file orders 2025-07-13 18:35:45 +05:30			`image: docker.io/tomsquest/docker-radicale:3.5.4.0`
			`restart: unless-stopped`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30
			`# Security hardening`
			`init: true # Use init process for proper signal handling`
			`read_only: true # Read-only filesystem for security`

			`# Minimal required capabilities`
Add radicale 2025-06-19 19:05:23 +05:30			`cap_add:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`- CHOWN # Required for file ownership changes`
			`- KILL # Required for process management`
			`- SETGID # Required for group permissions`
			`- SETUID # Required for user permissions`

			`# Security restrictions`
Update compose file orders 2025-07-13 18:35:45 +05:30			`cap_drop:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`- ALL # Drop all capabilities by default`
Update compose file orders 2025-07-13 18:35:45 +05:30			`security_opt:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`- no-new-privileges:true # Prevent privilege escalation`

			`# Resource limits`
Add radicale 2025-06-19 19:05:23 +05:30			`deploy:`
			`resources:`
			`limits:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`memory: 256M # Memory limit`
			`pids: 50 # Maximum number of processes`

			`# Persistent storage configuration`
Add radicale 2025-06-19 19:05:23 +05:30			`volumes:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`- ${APPDATA_PATH}/radicale/data:/data # Calendar and contact data`
			`- ${APPDATA_PATH}/radicale/config:/config:ro # Read-only configuration`

			`# Network configuration`
Add radicale 2025-06-19 19:05:23 +05:30			`ports:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`- ${PORT}:5232 # DAV service port`

			`# Health monitoring`
Updating containers to GHCR or add full path V2 2025-07-05 18:52:00 +05:30			`healthcheck:`
Adding comprehensive comments 2025-07-14 12:48:15 +05:30			`test: curl -f http://127.0.0.1:5232 \|\| exit 1 # Simple HTTP check`
			`interval: 30s # Check every 30 seconds`
			`retries: 3 # Allow 3 failures before marking unhealthy`