mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-01-26 01:44:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make /tmp for maubot writable

Browse Source
This commit is contained in:
Slavi Pantaleev 2024-10-28 08:55:51 +02:00
parent d1c7f7eef1
commit 560ebd0ae6
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/custom/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
View File

@ -16,6 +16,10 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true'
{#
We mount a tmpfs at /tmp, because some maubot plugins may wish to write to it.
It makes sense to provide at least some sort of temporary storage.
#}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \ --rm \
--name=matrix-bot-maubot \ --name=matrix-bot-maubot \
@ -25,6 +29,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--cap-drop=ALL \ --cap-drop=ALL \
--mount type=bind,src={{ matrix_bot_maubot_config_path }},dst=/config,ro \ --mount type=bind,src={{ matrix_bot_maubot_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_bot_maubot_data_path }},dst=/data \ --mount type=bind,src={{ matrix_bot_maubot_data_path }},dst=/data \
--tmpfs=/tmp:rw,noexec,nosuid,size=1024m \
--label-file={{ matrix_bot_maubot_base_path }}/labels \ --label-file={{ matrix_bot_maubot_base_path }}/labels \
{% for arg in matrix_bot_maubot_container_extra_arguments %} {% for arg in matrix_bot_maubot_container_extra_arguments %}
{{ arg }} \ {{ arg }} \