From 9fddad59b578aa9d76474862599fc3f667417449 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Mon, 26 Jun 2023 16:31:32 +0200
Subject: [PATCH] make postgresql container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Containers/postgresql/Dockerfile | 1 +
 php/containers.json              | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile
index 4e62f112..c002789d 100644
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -22,6 +22,7 @@ RUN set -ex; \
 # Fix default permissions
     chown -R postgres:postgres /var/lib/postgresql; \
     chown -R postgres:postgres /var/run/postgresql; \
+    chmod -R 777 /var/run/postgresql; \
     chown -R postgres:postgres "$PGDATA"; \
     \
     mkdir /mnt/data; \
diff --git a/php/containers.json b/php/containers.json
index 5686ef6a..79c08fe3 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -96,6 +96,10 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "read_only": true,
+      "tmpfs": [
+        "/var/run/postgresql"
       ]
     },
     {