From 2b5524f2581ea53274090cdc9c86e85ccbf4c15d Mon Sep 17 00:00:00 2001
From: jack <jack@csrx.ru>
Date: Sun, 22 Mar 2026 15:55:39 +0700
Subject: [PATCH] fix: remove promtail nested /var/log/traefik volume mount
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker cannot mount to /var/log/traefik when /var/log is already
bind-mounted (read-only). The nested mount fails with 'read-only
file system' error in the overlay upper layer.

The mount was unused anyway — promtail config only reads syslog,
auth.log, and Docker container logs via the socket.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 roles/services/templates/docker-compose.yml.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/services/templates/docker-compose.yml.j2 b/roles/services/templates/docker-compose.yml.j2
index 1effad1..416358a 100644
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@@ -526,7 +526,6 @@ services:
       - /var/log:/var/log:ro
       - /var/lib/docker/containers:/var/lib/docker/containers:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - {{ services_root }}/traefik/logs:/var/log/traefik:ro
       - {{ services_root }}/loki/promtail.yml:/etc/promtail/config.yml:ro
     command: -config.file=/etc/promtail/config.yml