make talk container read-only

Signed-off-by: Simon L <szaimen@e.mail.de>
2025-10-16 02:17:17 +08:00 · 2023-06-26 18:11:00 +02:00 · 2023-06-26 18:11:00 +02:00 · ab5449f835
commit ab5449f835
parent 6747613a34
4 changed files with 17 additions and 10 deletions
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@ -44,12 +44,11 @@ RUN set -ex; \
    echo "root:$(openssl rand -base64 12)" | chpasswd; \
    \
    touch \
-        /etc/nats.conf \
+        /etc/nats.conf; \
        /etc/signaling.conf \
        /etc/turnserver.conf; \
    echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
    mkdir -p \
        /var/tmp \
        /conf \
        /var/lib/turn \
        /var/log/supervisord \
        /var/run/supervisord; \
@ -57,11 +56,13 @@ RUN set -ex; \
        /usr \
        /etc/janus \
        /etc/nats.conf \
        /etc/signaling.conf \
        /etc/turnserver.conf \
        /var/lib/turn \
        /var/log/supervisord \
-        /var/run/supervisord;
+        /var/run/supervisord; \
    chmod 777 -R \
        /conf \
        /var/run/supervisord \
        /var/log/supervisord;
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
 ENV TALK_PORT=3478
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@ -20,7 +20,7 @@ IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
 set +x
 # Turn
-cat << TURN_CONF > "/etc/turnserver.conf"
+cat << TURN_CONF > "/conf/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
 use-auth-secret
@ -54,7 +54,7 @@ denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 # Signling
-cat << SIGNALING_CONF > "/etc/signaling.conf"
+cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
 listen = 0.0.0.0:8081
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@ -13,7 +13,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=turnserver -c /etc/turnserver.conf
+command=turnserver -c /conf/turnserver.conf
 [program:nats-server]
 stdout_logfile=/dev/stdout
@ -35,4 +35,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nextcloud-spreed-signaling -config /etc/signaling.conf
+command=nextcloud-spreed-signaling -config /conf/signaling.conf
--- a/php/containers.json
+++ b/php/containers.json
@ -332,6 +332,12 @@
      ],
      "networks": [
        "nextcloud-aio"
      ],
      "read_only": true,
      "tmpfs": [
        "/var/log/supervisord",
        "/var/run/supervisord",
        "/conf"
      ]
    },
    {