From 1e62a44c16f8fe631f2b0e6fbc8174f3c3eea5e5 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Fri, 8 May 2026 15:56:24 +0200 Subject: [PATCH] docs(deploy): replace globals overlay description with script overlays deploy/README.md still described the deleted managed-global overlays as the second overlay surface. Replace with a description of script overlays (bubblewrap + systemd-run sandbox, resource caps). Full test sweep: 367 passing, 2 skipped across l4d2web, l4d2host, deploy. Co-Authored-By: Claude Opus 4.7 (1M context) --- deploy/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/README.md b/deploy/README.md index d59e7fa..8250187 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -68,6 +68,6 @@ Invalid references are rejected: The web app currently supports two overlay surfaces: - `workshop` overlays (user-owned) — populated by downloading `.vpk` files from the public Steam Web API into `${LEFT4ME_ROOT}/workshop_cache/{steam_id}.vpk` and creating absolute symlinks under `${LEFT4ME_ROOT}/overlays/{overlay_id}/left4dead2/addons/{steam_id}.vpk`. -- Managed global overlays (`l4d2center_maps`, `cedapug_maps`, system-wide) — populated by the daily `left4me-refresh-global-overlays` job, which downloads archives into `${LEFT4ME_ROOT}/global_overlay_cache/` and symlinks them into the overlay directory. +- `script` overlays — populated by an arbitrary user-authored bash script that runs inside `bubblewrap` + `systemd-run --scope` as the unprivileged `l4d2-sandbox` UID, with the overlay directory bind-mounted RW at `/overlay`. Resource caps: 1h walltime, 4 GB RAM, 512 tasks, 200% CPU, 20 GB post-build disk cap. Both the caches and the overlay directories are owned by the `left4me` runtime user; if the web service ever runs as a different uid, ensure it shares a group with the host process and that both trees are group-readable.