mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-03-13 08:10:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
matrix-docker-ansible-deploy/roles/custom/matrix-client-element/templates/systemd/matrix-client-element.service.j2
Slavi Pantaleev e65d198841 Run Element Web in tightened/read-only mode without a custom nginx config 
Newer Element Web versions allow for the nginx port to be
overriden, etc., and provide instructions for running in read-only mode.

This makes our custom `nginx.conf` patches unnecessary.

Passing the correct `ELEMENT_WEB_PORT` environment variable
also helps with future changes.

Another benefit of this (besides keeping closer to upstream
recommendations and the improved simplicity) is that:

- the container can run its entrypoint env-substitutions code now,
  without reporting errors

- IPv6 for nginx works, so `matrix-client-element:8080` is accessible
  via IPv6 on the container network now
  (this affects only for Traefik's communicaton with Element Web
  internally; public connectivity was handled by Traefik and IPv6 was
  available there even before)

Ref:

- 2052080d7d/docs/install.md (docker)
- https://github.com/element-hq/element-web/pull/28849
- https://github.com/element-hq/element-web/pull/28840
2025-03-11 22:32:35 +02:00

63 lines
3.1 KiB
Django/Jinja
Raw Blame History

#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Element Web server
{% for service in matrix_client_element_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-client-element \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_client_element_container_network }} \
{% if matrix_client_element_container_http_host_bind_port %}
-p {{ matrix_client_element_container_http_host_bind_port }}:{{ matrix_client_element_container_port }} \
{% endif %}
--label-file={{ matrix_client_element_data_path }}/labels \
--env-file={{ matrix_client_element_data_path }}/env \
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
--tmpfs=/var/cache/nginx:rw,mode=777 \
--tmpfs=/var/run:rw,mode=777 \
--tmpfs=/tmp/element-web-config:rw,mode=777 \
--tmpfs=/etc/nginx/conf.d:rw,mode=777 \
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
{% if matrix_client_element_location_sharing_enabled %}
--mount type=bind,src={{ matrix_client_element_data_path }}/map_style.json,dst=/app/map_style.json,ro \
{% endif %}
{% if matrix_client_element_embedded_pages_home_path is not none %}
--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
{% endif %}
--mount type=bind,src={{ matrix_client_element_data_path }}/welcome.html,dst=/app/welcome.html,ro \
{% for arg in matrix_client_element_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_client_element_docker_image }}
{% for network in matrix_client_element_container_additional_networks %}
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-client-element
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-element
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-client-element
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink