Use --read-only FS for metrics-related containers

It seems like it doesn't cause any issues for any of these services.
This commit is contained in:
Slavi Pantaleev 2021-01-31 17:34:32 +02:00
parent 1d7d99c5cd
commit df3dd1c824
3 changed files with 3 additions and 0 deletions
roles
matrix-grafana/templates/systemd
matrix-prometheus-node-exporter/templates/systemd
matrix-prometheus/templates/systemd

View File

@ -21,6 +21,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
{% if matrix_grafana_container_http_host_bind_port %}
-p {{ matrix_grafana_container_http_host_bind_port }}:3000 \

View File

@ -21,6 +21,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
{% if matrix_prometheus_node_exporter_container_http_host_bind_port %}
-p {{ matrix_prometheus_node_exporter_container_http_host_bind_port }}:9100 \
{% endif %}

View File

@ -21,6 +21,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
{% if matrix_prometheus_container_http_host_bind_port %}
-p {{ matrix_prometheus_container_http_host_bind_port }}:9090 \