From 767b321f6004c0323ee4bab6f23983b4b961f177 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <s.pantaleev@gmail.com>
Date: Sun, 1 Oct 2017 11:36:30 +0300
Subject: [PATCH] Do not mount certain Docker volumes as read-write
 unnecessarily

---
 .../templates/systemd/matrix-nginx-proxy.service.j2           | 4 ++--
 .../templates/systemd/matrix-riot-web.service.j2              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2
index 975b6edb5..384a834ce 100644
--- a/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2
+++ b/roles/matrix-server/templates/systemd/matrix-nginx-proxy.service.j2
@@ -16,8 +16,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
 			-p 443:443 \
 			--link matrix-synapse:synapse \
 			--link matrix-riot-web:riot \
-			-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d \
-			-v {{ matrix_ssl_certs_path }}:{{ matrix_ssl_certs_path }} \
+			-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
+			-v {{ matrix_ssl_certs_path }}:{{ matrix_ssl_certs_path }}:ro \
 			{{ docker_nginx_image }}
 ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
 ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
diff --git a/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2
index 510ba10d5..7cc17c9fd 100644
--- a/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2
+++ b/roles/matrix-server/templates/systemd/matrix-riot-web.service.j2
@@ -8,7 +8,7 @@ Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-riot-web
 ExecStartPre=-/usr/bin/docker rm matrix-riot-web
 ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
-			-v {{ matrix_nginx_riot_web_data_path }}:/data \
+			-v {{ matrix_nginx_riot_web_data_path }}:/data:ro \
 			{% if not matrix_nginx_proxy_enabled %}
 			-p 127.0.0.1:8765:8765 \
 			{% endif %}