Different approach, always create npmuser

even if the user id is zero, and then we'll always use it
2024-08-30 18:22:48 +00:00 · 2023-03-30 11:19:16 +10:00 · 2023-03-30 11:19:16 +10:00 · 4a86bb42cc
commit 4a86bb42cc
parent dad8561ea1
6 changed files with 33 additions and 61 deletions
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@ -1,6 +1,7 @@
 # run nginx in foreground
 daemon off;
 pid /run/nginx/nginx.pid;
+user npmuser;

 # Set number of worker processes automatically based on number of CPU cores.
 worker_processes auto;
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/backend/run
@ -7,26 +7,15 @@ set -e

 cd /app || exit 1

-if [ "${DEVELOPMENT:-}" = "true" ]; then
-	if [ "$PUID" = '0' ]; then
-		log_info 'Starting backend development ...'
-		yarn install
-		node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js
-	else
-		log_info "Starting backend development as npmuser ($PUID) ..."
-		s6-setuidgid npmuser yarn install
-		exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js'
-	fi
+log_info 'Starting backend ...'
+
+if [ "${DEVELOPMENT:-}" = 'true' ]; then
+	s6-setuidgid npmuser yarn install
+	exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js'
 else
 	while :
 	do
-		if [ "$PUID" = '0' ]; then
-			log_info 'Starting backend ...'
-			node --abort_on_uncaught_exception --max_old_space_size=250 index.js
-		else
-			log_info "Starting backend as npmuser ($PUID) ..."
-			s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js'
-		fi
+		s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js'
 		sleep 1
 	done
 fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run
@ -5,7 +5,7 @@ set -e

 # This service is DEVELOPMENT only.

-if [ "$DEVELOPMENT" == "true" ]; then
+if [ "$DEVELOPMENT" = 'true' ]; then
 	. /bin/common.sh
 	cd /app/frontend || exit 1
 	HOME=/tmp/npmuserhome
@ -13,15 +13,9 @@ if [ "$DEVELOPMENT" == "true" ]; then
 	mkdir -p /app/frontend/dist
 	chown -R "$PUID:$PGID" /app/frontend/dist

-	if [ "$PUID" = '0' ]; then
-		log_info 'Starting frontend ...'
-		yarn install
-		exec yarn watch
-	else
-		log_info "Starting frontend as npmuser ($PUID) ..."
-		s6-setuidgid npmuser yarn install
-		exec s6-setuidgid npmuser yarn watch
-	fi
+	log_info 'Starting frontend ...'
+	s6-setuidgid npmuser yarn install
+	exec s6-setuidgid npmuser yarn watch
 else
 	exit 0
 fi
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
@ -5,10 +5,5 @@ set -e

 . /bin/common.sh

-if [ "$PUID" = '0' ]; then
-	log_info 'Starting nginx ...'
-	exec nginx
-else
-	log_info "Starting nginx as npmuser ($PUID) ..."
-	exec s6-setuidgid npmuser nginx
-fi
+log_info 'Starting nginx ...'
+exec s6-setuidgid npmuser nginx
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh
@ -3,23 +3,18 @@

 set -e

-if [ "$PUID" = '0' ]; then
-	log_info 'Skipping npmuser configuration'
+log_info 'Configuring npmuser ...'
+
+if id -u npmuser; then
+	# user already exists
+	usermod -u "$PUID" npmuser || exit 1
 else
-	log_info 'Configuring npmuser ...'
-	groupmod -g 1000 users || exit 1
-
-	if id -u npmuser; then
-		# user already exists
-		usermod -u "$PUID" npmuser || exit 1
-	else
-		# Add npmuser user
-		useradd -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1
-	fi
-
-	usermod -G users npmuser || exit 1
-	groupmod -o -g "$PGID" npmuser || exit 1
-	# Home for npmuser
-	mkdir -p /tmp/npmuserhome
-	chown -R "$PUID:$PGID" /tmp/npmuserhome
+	# Add npmuser user
+	useradd -o -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1
 fi
+
+usermod -G "$PGID" npmuser || exit 1
+groupmod -o -g "$PGID" npmuser || exit 1
+# Home for npmuser
+mkdir -p /tmp/npmuserhome
+chown -R "$PUID:$PGID" /tmp/npmuserhome
--- a/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh
+++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/90-banner.sh
@ -3,17 +3,15 @@

 set -e

-echo
-echo "-------------------------------------
+echo "
+-------------------------------------
 _   _ ____  __  __
 | \ | |  _ \|  \/  |
 |  \| | |_) | |\/| |
 | |\  |  __/| |  | |
 |_| \_|_|   |_|  |_|
-------------------------------------"
-if [[ "$PUID" -ne '0' ]]; then
-	echo "User UID: $(id -u npmuser)"
-	echo "User GID: $(id -g npmuser)"
-	echo "-------------------------------------"
-fi
-echo
+-------------------------------------
+User ID:  $PUID
+Group ID: $PGID
+-------------------------------------
+"