mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 10:03:25 +00:00 
			
		
		
		
	refers to commit
  e65d19884 Run Element Web in tightened/read-only mode without a custom nginx config
and issue
  https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4199
		
	
		
			
				
	
	
		
			70 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
			
		
		
	
	
			70 lines
		
	
	
		
			3.4 KiB
		
	
	
	
		
			Django/Jinja
		
	
	
	
	
	
| #jinja2: lstrip_blocks: "True"
 | |
| [Unit]
 | |
| Description=Matrix Element Web server
 | |
| {% for service in matrix_client_element_systemd_required_services_list %}
 | |
| Requires={{ service }}
 | |
| After={{ service }}
 | |
| {% endfor %}
 | |
| DefaultDependencies=no
 | |
| 
 | |
| [Service]
 | |
| Type=simple
 | |
| Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 | |
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
 | |
| ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
 | |
| 
 | |
| {#
 | |
| 	The custom healthcheck command is a patch until https://github.com/element-hq/element-web/pull/29471
 | |
| 	lands in a release.
 | |
| #}
 | |
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
 | |
| 			--rm \
 | |
| 			--name=matrix-client-element \
 | |
| 			--log-driver=none \
 | |
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 | |
| 			--cap-drop=ALL \
 | |
| 			--read-only \
 | |
| 			--network={{ matrix_client_element_container_network }} \
 | |
| 			{% if matrix_client_element_container_http_host_bind_port %}
 | |
| 			-p {{ matrix_client_element_container_http_host_bind_port }}:{{ matrix_client_element_container_port }} \
 | |
| 			{% endif %}
 | |
| 			--label-file={{ matrix_client_element_data_path }}/labels \
 | |
| 			--env-file={{ matrix_client_element_data_path }}/env \
 | |
| 			--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
 | |
| 			--tmpfs=/var/cache/nginx:rw,mode=777 \
 | |
| 			--tmpfs=/var/run:rw,mode=777 \
 | |
| 			--tmpfs=/tmp/element-web-config:rw,mode=777 \
 | |
| 			--tmpfs=/etc/nginx/conf.d:rw,mode=777,uid={{ matrix_user_uid }} \
 | |
| 			--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
 | |
| 			--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
 | |
| 			{% if matrix_client_element_location_sharing_enabled %}
 | |
| 			--mount type=bind,src={{ matrix_client_element_data_path }}/map_style.json,dst=/app/map_style.json,ro \
 | |
| 			{% endif %}
 | |
| 			{% if matrix_client_element_embedded_pages_home_path is not none %}
 | |
| 			--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
 | |
| 			{% endif %}
 | |
| 			--mount type=bind,src={{ matrix_client_element_data_path }}/welcome.html,dst=/app/welcome.html,ro \
 | |
| 			{% if matrix_client_element_container_healthcheck_cmd %}
 | |
| 			--health-cmd="{{ matrix_client_element_container_healthcheck_cmd }}" \
 | |
| 			{% endif %}
 | |
| 			{% for arg in matrix_client_element_container_extra_arguments %}
 | |
| 			{{ arg }} \
 | |
| 			{% endfor %}
 | |
| 			{{ matrix_client_element_docker_image }}
 | |
| 
 | |
| {% for network in matrix_client_element_container_additional_networks %}
 | |
| ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-client-element
 | |
| {% endfor %}
 | |
| 
 | |
| ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-client-element
 | |
| 
 | |
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-client-element 2>/dev/null || true'
 | |
| ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-client-element 2>/dev/null || true'
 | |
| 
 | |
| Restart=always
 | |
| RestartSec=30
 | |
| SyslogIdentifier=matrix-client-element
 | |
| 
 | |
| [Install]
 | |
| WantedBy=multi-user.target
 |