From a2379981a26990607538dc238597fd6119df37bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Tue, 6 Sep 2022 17:41:19 +0200 Subject: [PATCH] Use tmpfs instead of persistent mount --- roles/matrix-cactus-comments/defaults/main.yml | 1 + .../templates/systemd/matrix-cactus-comments.service.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-cactus-comments/defaults/main.yml b/roles/matrix-cactus-comments/defaults/main.yml index 3e09b75de..f99ec756c 100644 --- a/roles/matrix-cactus-comments/defaults/main.yml +++ b/roles/matrix-cactus-comments/defaults/main.yml @@ -18,6 +18,7 @@ matrix_cactus_comments_as_token: '' matrix_cactus_comments_hs_token: '' matrix_cactus_comments_homeserver_url: '' matrix_cactus_comments_user_id: "bot.cactusbot" +matrix_cactus_comments_tmp_directory_size_mb: 1 matrix_cactus_comments_container_port: 5000 diff --git a/roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 b/roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 index 8d87aa633..36ab459c1 100644 --- a/roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 +++ b/roles/matrix-cactus-comments/templates/systemd/matrix-cactus-comments.service.j2 @@ -22,7 +22,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-cactus-comment --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ --env-file {{ matrix_cactus_comments_app_service_env_file }} \ - --mount type=bind,src={{ matrix_cactus_comments_container_tmp_path }},dst=/tmp \ + --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_cactus_comments_tmp_directory_size_mb }}m \ --network={{ matrix_docker_network }} \ {{ matrix_cactus_comments_docker_image }}