feat: update Guidelines

src/mongodb-replicaset/README.md

@@ -48,6 +48,7 @@ This service sets up a MongoDB replica set with three members.
 
 ## Configuration
 
+- `TZ`: The timezone for the container, default is `UTC`.
 - `MONGO_VERSION`: The version of the MongoDB image, default is `8.0.13`.
 - `MONGO_INITDB_ROOT_USERNAME`: The root username for the database, default is `root`.
 - `MONGO_INITDB_ROOT_PASSWORD`: The root password for the database, default is `password`.
@@ -60,3 +61,7 @@ This service sets up a MongoDB replica set with three members.
 ## Volumes
 
 - `secrets/rs0.key`: The key file for authenticating members of the replica set.
+
+## Security
+
+The replica set key file is mounted read-only and copied to `/tmp` inside the container with proper permissions (400). This approach ensures cross-platform compatibility (Windows/Linux/macOS) while maintaining security requirements. The key file is never modified on the host system.

src/mongodb-replicaset/README.zh.md

@@ -48,6 +48,7 @@
 
 ## 配置
 
+- `TZ`: 容器的时区，默认为 `UTC`。
 - `MONGO_VERSION`: MongoDB 镜像的版本，默认为 `8.0.13`。
 - `MONGO_INITDB_ROOT_USERNAME`: 数据库的 root 用户名，默认为 `root`。
 - `MONGO_INITDB_ROOT_PASSWORD`: 数据库的 root 密码，默认为 `password`。
@@ -60,3 +61,7 @@
 ## 卷
 
 - `secrets/rs0.key`: 用于副本集成员之间认证的密钥文件。
+
+## 安全性
+
+副本集密钥文件以只读方式挂载，并在容器内复制到 `/tmp` 目录，设置适当的权限（400）。这种方法确保了跨平台兼容性（Windows/Linux/macOS），同时满足安全要求。主机系统上的密钥文件永远不会被修改。

src/mongodb-replicaset/docker-compose.yaml

@@ -1,8 +1,5 @@
 x-default: &default
   restart: unless-stopped
-  volumes:
-    - &localtime /etc/localtime:/etc/localtime:ro
-    - &timezone /etc/timezone:/etc/timezone:ro
   logging:
     driver: json-file
     options:
@@ -12,26 +9,21 @@ x-mongo: &mongo
   <<: *default
   image: mongo:${MONGO_VERSION:-8.0.13}
   environment:
+    TZ: ${TZ:-UTC}
     MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME:-root}
     MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD:-password}
     MONGO_INITDB_DATABASE: ${MONGO_INITDB_DATABASE:-admin}
-  command:
-    - mongod
-    - --replSet
-    - ${MONGO_REPLICA_SET_NAME:-rs0}
-    - --keyFile
-    - /secrets/rs0.key
   volumes:
-    - *localtime
-    - *timezone
-    - ./secrets/rs0.key:/secrets/rs0.key
+    - ./secrets/rs0.key:/data/rs0.key:ro
   entrypoint:
     - bash
     - -c
     - |
-      chmod 400 /secrets/rs0.key
-      chown 999:999 /secrets/rs0.key
-      exec docker-entrypoint.sh $$@
+      cp /data/rs0.key /tmp/rs0.key
+      chmod 400 /tmp/rs0.key
+      chown 999:999 /tmp/rs0.key
+      export MONGO_INITDB_ROOT_USERNAME MONGO_INITDB_ROOT_PASSWORD MONGO_INITDB_DATABASE
+      exec docker-entrypoint.sh mongod --replSet ${MONGO_REPLICA_SET_NAME:-rs0} --keyFile /tmp/rs0.key
   deploy:
     resources:
       limits: