Adding comprehensive comments

2025-07-14 12:48:15 +05:30
parent e57dfa763e
commit ff5ae47bef
22 changed files with 683 additions and 329 deletions
--- a/radicale/docker-compose.yml
+++ b/radicale/docker-compose.yml
@@ -1,36 +1,53 @@
+# Radicale CalDAV/CardDAV Server Configuration
 services:
  radicale:
+    # Basic container configuration
    container_name: radicale
    image: docker.io/tomsquest/docker-radicale:3.5.4.0
    restart: unless-stopped
-    init: true
-    read_only: true
+    
+    # Security hardening
+    init: true  # Use init process for proper signal handling
+    read_only: true  # Read-only filesystem for security
+    
+    # Minimal required capabilities
    cap_add:
-      - CHOWN
-      - KILL
-      - SETGID
-      - SETUID
+      - CHOWN  # Required for file ownership changes
+      - KILL  # Required for process management
+      - SETGID  # Required for group permissions
+      - SETUID  # Required for user permissions
+    
+    # Security restrictions
    cap_drop:
-      - ALL
+      - ALL  # Drop all capabilities by default
    security_opt:
-      - no-new-privileges:true
+      - no-new-privileges:true  # Prevent privilege escalation
+    
+    # Resource limits
    deploy:
      resources:
        limits:
-          memory: 256M
-          pids: 50
+          memory: 256M  # Memory limit
+          pids: 50  # Maximum number of processes
+    
+    # Persistent storage configuration
    volumes:
-      - ${APPDATA_PATH}/radicale/data:/data
-      - ${APPDATA_PATH}/radicale/config:/config:ro
+      - ${APPDATA_PATH}/radicale/data:/data  # Calendar and contact data
+      - ${APPDATA_PATH}/radicale/config:/config:ro  # Read-only configuration
+    
+    # Network configuration
    ports:
-      - ${PORT}:5232
+      - ${PORT}:5232  # DAV service port
    networks:
-      - frontend
-    healthcheck:
-      test: curl -f http://127.0.0.1:5232 || exit 1
-      interval: 30s
-      retries: 3
+      - frontend  # Connects to frontend network

+    # Health monitoring
+    healthcheck:
+      test: curl -f http://127.0.0.1:5232 || exit 1  # Simple HTTP check
+      interval: 30s  # Check every 30 seconds
+      retries: 3  # Allow 3 failures before marking unhealthy
+
+# External network definition
 networks:
  frontend:
-    external: true
+    external: true # Uses pre-existing network