testing out https://microblog.pub (@dev@microblog.pub) 
using their container instructions, but adjusted it to run as read-only, and then mounting a tmpfs to /tmp
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,12 +2,17 @@ version: "3"
services:
server:
- image: microblogpub/microblogpub:latest
- container_name: microblogpub
+ build:
+ context: .
+ #image: microblogpub/microblogpub:latest
+ #container_name: microblogpub
+ read_only: true
user: 1000:1000
restart: always
+ tmpfs:
+ - /tmp
volumes:
- ./data:/app/data
- ./app/static:/app/app/static
ports:
- - "8000:8000"
+ - "8000:8000/tcp"