Remove timemachine app and refresh appstore zip
This commit is contained in:
Joachim Friberg
@@ -1,73 +0,0 @@
|
||||
# Time Machine
|
||||
|
||||
Denna app kör en SMB-baserad Time Machine-target för macOS med image `mbentley/timemachine`.
|
||||
|
||||
Imagepinning i denna app:
|
||||
|
||||
- Compose använder explicit daterad tag: `mbentley/timemachine:smb-20260329`
|
||||
- `latest` används inte enligt repo-policy.
|
||||
- Taggen verifierades mot Docker Hub innan införande.
|
||||
|
||||
## Syfte
|
||||
|
||||
- Ge en dedikerad backup-destination för macOS Time Machine i ZimaOS.
|
||||
- Hålla konfigureringen enkel och reviewbar.
|
||||
- Prioritera minst möjliga privilegier som fortfarande fungerar utan host network.
|
||||
|
||||
## Portar
|
||||
|
||||
- `137/udp` (NetBIOS name service)
|
||||
- `138/udp` (NetBIOS datagram service)
|
||||
- `139/tcp` (NetBIOS session service)
|
||||
- `445/tcp` (SMB)
|
||||
|
||||
## Volymer
|
||||
|
||||
- `/DATA/AppData/$AppID/backup -> /opt/timemachine`
|
||||
|
||||
Backupdata lagras isolerat under appens AppData-sökväg.
|
||||
|
||||
## Miljövariabler
|
||||
|
||||
- `TZ` (default `Europe/Stockholm`)
|
||||
- `TM_USERNAME` (default `timemachine`)
|
||||
- `TM_GROUPNAME` (default `timemachine`)
|
||||
- `PASSWORD` (MUST ändras från `CHANGE_ME` före drift)
|
||||
- `TM_UID` (default `1000`)
|
||||
- `TM_GID` (default `1000`)
|
||||
- `SET_PERMISSIONS` (default `false`)
|
||||
- `VOLUME_SIZE_LIMIT` (default `0`, dvs obegränsad)
|
||||
|
||||
## Säkerhetsmodell
|
||||
|
||||
Aktiva skydd:
|
||||
|
||||
- Ingen `privileged: true`
|
||||
- Ingen `network_mode: host`
|
||||
- Ingen mount av `/var/run/docker.sock`
|
||||
- `security_opt: ["no-new-privileges:true"]`
|
||||
- Snäv bind-mount till appens egna data under `/DATA/AppData/$AppID/...`
|
||||
|
||||
Tradeoff:
|
||||
|
||||
- Utan host network fungerar inte alltid automatisk Bonjour/Avahi-discovery över alla nät.
|
||||
- Fallback är manuell anslutning i Finder: `smb://<server-ip>/TimeMachine`.
|
||||
|
||||
## Högrisk-inställningar
|
||||
|
||||
Inga högrisk-inställningar används i default-config.
|
||||
|
||||
Alternativ som utvärderats men inte valts som default:
|
||||
|
||||
- `network_mode: host` för bättre auto-discovery.
|
||||
|
||||
Varför inte default:
|
||||
|
||||
- Host network ökar attackytan och isoleringen minskar.
|
||||
- Manuell SMB-anslutning ger fungerande backupflöde med lägre risk.
|
||||
|
||||
## Drift och underhåll
|
||||
|
||||
- Uppdatera till nyare `smb-YYYYMMDD`-taggar regelbundet för säkerhetsfixar.
|
||||
- Rotera Time Machine-lösenord enligt normal credential-policy.
|
||||
- Verifiera återläsning periodiskt, inte bara backup-jobb.
|
||||
@@ -1,96 +0,0 @@
|
||||
name: timemachine
|
||||
|
||||
services:
|
||||
timemachine:
|
||||
# Setting this will allow the Zima webui to display the field "REQUIRE MEMORY"
|
||||
deploy:
|
||||
resources:
|
||||
reservations:
|
||||
memory: 128M
|
||||
image: mbentley/timemachine:smb-20260329
|
||||
container_name: timemachine
|
||||
restart: unless-stopped
|
||||
|
||||
environment:
|
||||
TZ: Europe/Stockholm
|
||||
TM_USERNAME: timemachine
|
||||
TM_GROUPNAME: timemachine
|
||||
PASSWORD: CHANGE_ME
|
||||
TM_UID: "1000"
|
||||
TM_GID: "1000"
|
||||
SET_PERMISSIONS: "false"
|
||||
VOLUME_SIZE_LIMIT: "0"
|
||||
|
||||
ports:
|
||||
- target: 137
|
||||
published: "137"
|
||||
protocol: udp
|
||||
- target: 138
|
||||
published: "138"
|
||||
protocol: udp
|
||||
- target: 139
|
||||
published: "139"
|
||||
protocol: tcp
|
||||
- target: 445
|
||||
published: "445"
|
||||
protocol: tcp
|
||||
|
||||
tmpfs:
|
||||
- /run/samba
|
||||
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /DATA/AppData/$AppID/backup
|
||||
target: /opt/timemachine
|
||||
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
|
||||
x-casaos:
|
||||
envs:
|
||||
- container: TZ
|
||||
description:
|
||||
en_us: Timezone, for example Europe/Stockholm
|
||||
- container: TM_USERNAME
|
||||
description:
|
||||
en_us: Time Machine username
|
||||
- container: PASSWORD
|
||||
description:
|
||||
en_us: Time Machine password
|
||||
- container: TM_UID
|
||||
description:
|
||||
en_us: User ID for filesystem permissions
|
||||
- container: TM_GID
|
||||
description:
|
||||
en_us: Group ID for filesystem permissions
|
||||
- container: VOLUME_SIZE_LIMIT
|
||||
description:
|
||||
en_us: Size limit in MB (0 means unlimited)
|
||||
ports:
|
||||
- container: "445"
|
||||
description:
|
||||
en_us: SMB service port for Time Machine backups
|
||||
volumes:
|
||||
- container: /opt/timemachine
|
||||
description:
|
||||
en_us: Time Machine backup data
|
||||
|
||||
x-casaos:
|
||||
architectures:
|
||||
- amd64
|
||||
- arm64
|
||||
main: timemachine
|
||||
category: phirna
|
||||
author: Joachim Friberg
|
||||
developer: Joachim Friberg
|
||||
icon: https://cdn.simpleicons.org/apple
|
||||
tagline:
|
||||
en_us: Network Time Machine target for macOS over SMB
|
||||
description:
|
||||
en_us: >-
|
||||
Runs a Samba-based Time Machine target for macOS backups.
|
||||
Uses explicit image pinning, scoped app data storage, and no-new-privileges.
|
||||
title:
|
||||
en_us: Time Machine
|
||||
index: /
|
||||
port_map: "445"
|
||||
Vendored
BIN
Binary file not shown.
Reference in New Issue
Block a user