create docker as root for user creation

astrid/pages.py

@@ -81,14 +81,13 @@ def default(self, reponame):
             lock.release()
 
     def _updateRepo(self, reponame):
-        print(f"Updating repository {reponame}")
         remotepath = self.repos.get(reponame, "path")
         submodules = self.repos.get(reponame, "submodules") if self.repos.has_option(reponame, "submodules") else False
         localpath = os.path.join(self.repodir, reponame)
 
         os.umask(0o007) # create repo content not readable to others
         if not os.path.isdir(localpath):
-            print(f"Repository {reponame} empty, creating")
+            print(f"Repository {reponame} empty, cloning")
             g = Git()
             g.clone(remotepath, localpath)
 

docker/Dockerfile

@@ -3,11 +3,6 @@ FROM python:3.12
 # install docker
 RUN apt update && apt install -y podman containers-storage
 
-# add astrid user
-ARG DOCKER_USER=astrid
-RUN useradd -m $DOCKER_USER
-RUN chmod 777 /home
-
 # change workdir
 WORKDIR /app
 
@@ -23,9 +18,7 @@ COPY ./docker/sshd.conf /etc/ssh/sshd_config.d/99-astrid.conf
 COPY ./docker/libpod.conf /etc/containers/libpod.conf
 COPY ./docker/storage.conf /etc/containers/storage.conf
 
-# install astrid under astrid user
+# install astrid
 COPY . .
-RUN chown -R $DOCKER_USER:$DOCKER_USER /app
-USER $DOCKER_USER
 
 ENTRYPOINT ./docker/entrypoint.sh

docker/docker-compose.prod.yml

@@ -7,8 +7,9 @@ services:
     container_name: astrid
     environment:
       TZ: 'Europe/Prague'
+      PUID: 1000
+      GUID: 1000
     privileged: true # needed for containers
     volumes:
       - ./data:/data
       - /etc/passwd:/etc/passwd:ro # needed for ssh-keygen to work
-    user: 1000:1000 # expects the main user as uid:pid

docker/docker-compose.yml

@@ -10,10 +10,10 @@ services:
     container_name: astrid
     environment:
       TZ: 'Europe/Prague'
+      PUID: 1000
+      GUID: 1000
     privileged: true # needed for containers
     volumes:
       - ./data:/data
-      - /etc/passwd:/etc/passwd:ro # needed for ssh-keygen to work
     ports:
       - 8080:8080 # opened port mapping, not needed with proxy
-    user: 1000:1000 # expects the main user as uid:pid

docker/entrypoint.sh

@@ -1,24 +1,39 @@
 #!/bin/bash
 
-DATA_OWNER=$(stat -c '%u' /data)
+set -e
 
-if [ "$DATA_OWNER" -ne "$UID" ]; then
-	echo "Directory 'data' not owned by target user with $UID, instead owned by user with uid $DATA_OWNER"
+# check required variables
+if [ -z "$PUID" ]; then
+	echo 'Environment variable $PUID not specified'
 	exit 1
 fi
 
-# create home folder
-export HOME="/home/$(id -u)"
-mkdir -p $HOME
+if [ -z "$GUID" ]; then
+	echo 'Environment variable $PUID not specified'
+	exit 1
+fi
+
+# create astrid user and group
+if [ ! $(getent group astrid) ]; then
+	groupadd --gid $GUID astrid
+	echo "Group astrid with GID $GUID created."
+fi
+if [ ! $(getent passwd astrid) ]; then
+	useradd --uid $PUID --gid $GUID --create-home --add-subids-for-system astrid
+	echo "User astrid with UID $PUID created."
+fi
+
+# set ownership of /data to target user
+chown "$PUID:$GUID" /data
 
 # create needed files if missing
-mkdir -p /data/config /data/containers /data/log /data/repos /data/ssh
+su - astrid -c "mkdir -p /data/config /data/containers /data/log /data/repos /data/ssh"
 
-cp -n /app/config.ini.sample /data/config/config.ini
-cp -n /app/repos.ini.sample  /data/config/repos.ini
+su - astrid -c "cp -n /app/config.ini.sample /data/config/config.ini"
+su - astrid -c "cp -n /app/repos.ini.sample  /data/config/repos.ini"
 
 if [ $(ls "/data/ssh" | grep ".pub" | wc -l) -eq 0 ]; then
-	ssh-keygen -t ed25519 -f /data/ssh/id_ed25519
+	su - astrid -c "ssh-keygen -t ed25519 -f /data/ssh/id_ed25519"
 fi
 
-python3 -u ./main
+su - astrid -c "python3 -u /app/main"

repos.ini.sample

@@ -1,6 +1,6 @@
 [fykos37]
 [email protected]:FYKOS/fykos37.git
-users=fykos,repo
+users=user
 image_version=latest
 build_usr=astrid
 build_cmd=make -k all