From 68b553382a2021e92b481760aab4b42d6bd69b63 Mon Sep 17 00:00:00 2001 From: Timofey Gelazoniya Date: Sun, 29 Jun 2025 16:23:03 +0300 Subject: [PATCH] fix(docker): configurable pgid and puid, tiny init --- docker/Dockerfile | 13 ++++--------- docker/entrypoint.sh | 25 +++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index a729f8f..12fca5f 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -35,11 +35,7 @@ ENV PUID=1000 ENV PGID=1000 # Install runtime dependencies. -RUN apk add --no-cache ca-certificates tzdata su-exec busybox - -# Create a non-root user and group for the application to run as -RUN addgroup -S -g ${PGID} app && \ - adduser -S -u ${PUID} -G app -h /app app +RUN apk add --no-cache ca-certificates tzdata su-exec busybox tini # Copy the compiled binary from the builder stage COPY --from=builder /app/target/release/sbrs /usr/local/bin/sbrs @@ -48,9 +44,8 @@ COPY --from=builder /app/target/release/sbrs /usr/local/bin/sbrs COPY ./docker/entrypoint.sh /usr/local/bin/entrypoint.sh RUN chmod +x /usr/local/bin/entrypoint.sh -# Create necessary directories and set ownership for volumes -RUN mkdir -p /config /rules && \ - chown -R app:app /config /rules +# Create necessary directories for volumes +RUN mkdir -p /config /rules # Set the entrypoint for the container -ENTRYPOINT ["entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/sbin/tini", "--", "entrypoint.sh"] \ No newline at end of file diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 803ba9b..fc3497e 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -3,9 +3,31 @@ set -e # --- Environment Variable Defaults --- +PUID=${PUID:-1000} +PGID=${PGID:-1000} + DOMAIN=${DOMAIN:-} RULE_PATH=${RULE_PATH:-} + +# --- Create user and group at runtime --- +echo "Creating user and group with PUID=${PUID} and PGID=${PGID}" + +# Remove existing user/group if they exist +if getent group app > /dev/null 2>&1; then + delgroup app 2>/dev/null || true +fi +if getent passwd app > /dev/null 2>&1; then + deluser app 2>/dev/null || true +fi + +# Create new group and user with runtime PUID/PGID +addgroup -S -g ${PGID} app +adduser -S -u ${PUID} -G app -h /app app + +# Set ownership of directories +chown -R app:app /config /rules + # --- Build the Command --- # This command is now used for both the initial run and the cron job. APP_CMD="/usr/local/bin/sbrs \ @@ -31,9 +53,8 @@ echo "--- Running initial synchronization on container start ---" # We run it as the non-root 'app' user to ensure correct file permissions. su-exec app:app sh -c "${APP_CMD}" echo "--- Initial synchronization finished ---" + # =================================================================== - - # --- Cron Setup --- # This section runs after the initial sync is complete. echo "Setting up cron job with schedule: ${CRON_SCHEDULE}"