You would expose the port to your host which makes the db acessible by anything running on the host, docker or native. Something like
`port
- 5432:5432 `
But I would recommend running a dedicated db for each service. At least that’s what I do.
- Simpler setup and therefore less error-prone
- More secure because the db’s don’t need to be exposed
- Easier to manage because I can independently upgrade, backup, move
Isn’t the point about containers that you keep things which depend on each other together, eliminating dependencies? A single db would be a unecessary dependency in my view. What if one service requires a new version of MySQL, and another one does not yet support the new version?
I also run all my databases via a bind mount
volume ./data:/etc/postgres/data...
and each service in it’s own directory. E.g. /opt/docker/nextcloud
That way I have everything which makes up a service contained in one folder. Easy to backup/restore, easy to move, and not the least, clean.
This may be a long shot, but it’s what I do, so it might be an option: Set up a crypto gateway like CipherMail which will automatically decrypt inbound email and sign/encrypt outbound. The result is that your Thunderbird will never get to see an encrypted email, decryption is handled transparently before it hit’s your inbox. Obviously, if you don’t trust your email provider, this is not an option.
This isn’t simple and hence not for everyone, also comes with dependencies on your email provider, but it works flawless for me ever since I set it up. I run my own email server, hence adding in CipherMail wasn’t a big deal.