vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 11:30:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

docs: Fix remaining :rw mount references to :ro

Browse source 
Updates all remaining references to read-write socket mounts in
TEMPERATURE_MONITORING.md to use read-only (:ro) mounts for security.

Changes:
- Manual installation section
- Docker-only responsibilities section
- Ansible playbook example

All socket mounts should be :ro to prevent container tampering.
This commit is contained in:
rcourtman 2025-11-07 17:14:47 +00:00
parent 427cb383d8
commit 52bc23b850
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/TEMPERATURE_MONITORING.md
View file

@ -219,7 +219,7 @@ When you need to provision the proxy yourself (for example via your own automati
7. **Expose the socket to Pulse**
- **Proxmox LXC:** append `lxc.mount.entry: /run/pulse-sensor-proxy run/pulse-sensor-proxy none bind,create=dir 0 0` to `/etc/pve/lxc/<CTID>.conf` and restart the container.
- **Docker:** bind mount `/run/pulse-sensor-proxy` into the container (`- /run/pulse-sensor-proxy:/run/pulse-sensor-proxy:rw`).
- **Docker:** bind mount `/run/pulse-sensor-proxy` into the container (`- /run/pulse-sensor-proxy:/run/pulse-sensor-proxy:ro`).
After the container restarts, the backend will automatically use the proxy. To refresh SSH keys on cluster nodes (e.g., after adding a new node), SSH to your Proxmox host and re-run the setup script: `curl -fsSL https://get.pulsenode.com/install-proxy.sh | bash -s -- --ctid <your-container-id>`
@ -294,7 +294,7 @@ If the node is part of a Proxmox cluster, the script will detect other members a
> **Note:** For LXC deployments, the setup script handles all of this automatically. This section applies to **Docker deployments only**.
- Run the host installer (`install-sensor-proxy.sh --standalone`) on the Proxmox machine that hosts Pulse to install and maintain the `pulse-sensor-proxy` service
- Add the bind mount to your docker-compose.yml: `- /run/pulse-sensor-proxy:/run/pulse-sensor-proxy:rw`
- Add the bind mount to your docker-compose.yml: `- /run/pulse-sensor-proxy:/run/pulse-sensor-proxy:ro`
- Re-run the host installer if the service or socket disappears after a host upgrade or configuration cleanup; the installer is idempotent
- The installer ships a self-heal timer (`pulse-sensor-proxy-selfheal.timer`) that restarts or reinstalls the proxy if it ever goes missing; leave it enabled for automatic recovery
- Hot dev builds warn when only a container-local proxy socket is present, signaling that the host proxy needs to be reinstalled before temperatures will flow back into Pulse
@ -611,7 +611,7 @@ install-sensor-proxy.sh [OPTIONS]
marker: "# {mark} ANSIBLE MANAGED - Sensor Proxy"
insertafter: "volumes:"
block: |
- /run/pulse-sensor-proxy:/run/pulse-sensor-proxy:rw
- /run/pulse-sensor-proxy:/run/pulse-sensor-proxy:ro
notify: restart pulse container
handlers: