Commit beaf5239 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

entrypoint added to make uniqush run under a given user, and to handle config generation

parent 876a047a
......@@ -5,7 +5,12 @@ ENV DEBIAN_FRONTEND noninteractive
ARG UNIQUSH_VERSION=2.1.0
ADD https://uniqush.org/downloads/uniqush-push_${UNIQUSH_VERSION}_amd64.deb /tmp/
RUN dpkg -i /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb && rm /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb
RUN dpkg -i /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb && rm /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb && mv /etc/uniqush/uniqush-push.conf /etc/uniqush/uniqush-push.conf.dpkg-orig
# entrypoint
COPY entrypoint.sh /sbin/entrypoint.sh
RUN chmod a+x /sbin/entrypoint.sh
EXPOSE 9898
ENTRYPOINT ["/sbin/entrypoint.sh"]
CMD ["/usr/bin/uniqush-push"]
\ No newline at end of file
#!/bin/bash
#
# entrypoint for docker-uniqush
#
# handle signals
trap abort SIGHUP SIGINT SIGQUIT SIGTERM SIGSTOP SIGKILL
function abort {
echo
echo "* * * ABORTED * * *"
echo
exit 0
}
# the logfile
[ -z ${UNIQUSH_LOGFILE+x} ] && UNIQUSH_LOGFILE="/var/log/uniqush"
#
# used by default for all log and loglevel settings
# ['off', 'standard', 'verbose']
# off means that `log` in all sections will be set to off
# hence, no logging will be done
[ -z ${UNIQUSH_LOGLEVEL+x} ] && UNIQUSH_LOGLEVEL="standard"
# internal, dependant on UNIQUSH_LOGLEVEL
if [[ "$UNIQUSH_LOGLEVEL" == "off" ]]; then
UNIQUSH_LOG="off"
else
UNIQUSH_LOG="on"
fi
#
# WebFrontend section
#
# address to listen on
# by default listening on all interfaces -- we're running within a docker container,
# `localhost` would not be accessible from outside of it at all
[ -z ${UNIQUSH_WEBFRONTEND_ADDR+x} ] && UNIQUSH_WEBFRONTEND_ADDR="0.0.0.0:9898"
# Database section
[ -z ${UNIQUSH_DATABASE_ENGINE+x} ] && UNIQUSH_DATABASE_ENGINE="redis" # that's the only option, really...
[ -z ${UNIQUSH_DATABASE_NAME+x} ] && UNIQUSH_DATABASE_NAME="uniqush"
[ -z ${UNIQUSH_DATABASE_HOST+x} ] && UNIQUSH_DATABASE_HOST="redis"
[ -z ${UNIQUSH_DATABASE_PORT+x} ] && UNIQUSH_DATABASE_PORT="0"
[ -z ${UNIQUSH_DATABASE_PASSWORD+x} ] && UNIQUSH_DATABASE_PASSWORD=""
[ -z ${UNIQUSH_DATABASE_EVERYSEC+x} ] && UNIQUSH_DATABASE_EVERYSEC="600"
[ -z ${UNIQUSH_DATABASE_LEASTDIRTY+x} ] && UNIQUSH_DATABASE_LEASTDIRTY="10"
[ -z ${UNIQUSH_DATABASE_CACHESIZE+x} ] && UNIQUSH_DATABASE_CACHESIZE="1024"
# user/group to own the spooldir and hence have access to incoming mail
[ -z ${UNIQUSH_USER+x} ] && UNIQUSH_USER="uniqush"
[ -z ${UNIQUSH_GROUP+x} ] && UNIQUSH_GROUP="uniqush"
# internal use only
UNIQUSH_CONFIG_PATH="/etc/uniqush/uniqush-push.conf"
#
# user, group
# get group data, if any, and check if the group exists
if GROUP_DATA=`getent group "$UNIQUSH_GROUP"`; then
# it does! do we have the gid given?
if [[ "$UNIQUSH_GID" != "" ]]; then
# we do! do these match?
if [[ `echo "$GROUP_DATA" | cut -d ':' -f 3` != "$UNIQUSH_GID" ]]; then
# they don't. we have a problem
echo "ERROR: group $UNIQUSH_GROUP already exists, but with a different gid (`echo "$GROUP_DATA" | cut -d ':' -f 3`) than provided ($UNIQUSH_GID)!"
exit 3
fi
fi
# if no gid given, the existing group satisfies us regardless of the GID
# group does not exist
else
# do we have the gid given?
GID_ARGS=""
if [[ "$UNIQUSH_GID" != "" ]]; then
# we do! does a group with a given id exist?
if getent group "$UNIQUSH_GID" >/dev/null; then
echo "ERROR: a group with a given id ($UNIQUSH_GID) already exists, can't create group $UNIQUSH_GROUP with this id"
exit 4
fi
# prepare the fragment of the groupadd command
GID_ARGS="-g $UNIQUSH_GID"
fi
# we either have no GID given (and don't care about it), or have a GID given that does not exist in the system
# great! let's add the group
groupadd $GID_ARGS "$UNIQUSH_GROUP"
fi
# make sure we have the gid handy
[ -z ${UNIQUSH_GID+x} ] && UNIQUSH_GID="$( getent group "$UNIQUSH_GROUP" | cut -d ':' -f 3 )"
echo " +-- UNIQUSH_GROUP: $UNIQUSH_GROUP"
echo " +-- UNIQUSH_GID : $UNIQUSH_GID"
# get user data, if any, and check if the user exists
if USER_DATA=`id -u "$UNIQUSH_USER" 2>/dev/null`; then
# it does! do we have the uid given?
if [[ "$UNIQUSH_UID" != "" ]]; then
# we do! do these match?
if [[ "$USER_DATA" != "$UNIQUSH_UID" ]]; then
# they don't. we have a problem
echo "ERROR: user $UNIQUSH_USER already exists, but with a different uid ("$USER_DATA") than provided ($UNIQUSH_UID)!"
exit 5
fi
fi
# if no uid given, the existing user satisfies us regardless of the uid
# but is he in the right group?
adduser "$UNIQUSH_USER" "$UNIQUSH_GROUP"
# user does not exist
else
# do we have the uid given?
UID_ARGS=""
if [[ "$UNIQUSH_UID" != "" ]]; then
# we do! does a group with a given id exist?
if getent passwd "$UNIQUSH_UID" >/dev/null; then
echo "ERROR: a user with a given id ($UNIQUSH_UID) already exists, can't create user $UNIQUSH_USER with this id"
exit 6
fi
# prepare the fragment of the useradd command
UID_ARGS="-u $UNIQUSH_UID"
fi
# we either have no UID given (and don't care about it), or have a UID given that does not exist in the system
# great! let's add the user; using UNIQUSH_SPOOLDIR as homedir
useradd $UID_ARGS -r -g "$UNIQUSH_GROUP" "$UNIQUSH_USER"
fi
# make sure we have the uid handy
[ -z ${UNIQUSH_UID+x} ] && UNIQUSH_UID="$( id -u "$UNIQUSH_USER" 2>/dev/null )"
echo " +-- UNIQUSH_USER : $UNIQUSH_USER"
echo " +-- UNIQUSH_UID : $UNIQUSH_UID"
# basic config file
#
# more info on the format:
# https://uniqush.org/documentation/config.html
#
# do we need it? if the config file exists, just use that
if [ ! -e "$UNIQUSH_CONFIG_PATH" ]; then
echo "+-- no config file found in $UNIQUSH_CONFIG_PATH, creating one..."
UNIQUSH_CONFIG="
logfile=$UNIQUSH_LOGFILE
# Comment starts from a Number sign (#) to end of the line.
# Log level: verbose, standard,
[WebFrontend]
log=$UNIQUSH_LOG
loglevel=$UNIQUSH_LOGLEVEL
addr=$UNIQUSH_WEBFRONTEND_ADDR
[AddPushServiceProvider]
log=$UNIQUSH_LOG
loglevel=$UNIQUSH_LOGLEVEL
[RemovePushServiceProvider]
log=$UNIQUSH_LOG
loglevel=$UNIQUSH_LOGLEVEL
[Subscribe]
log=$UNIQUSH_LOG
loglevel=$UNIQUSH_LOGLEVEL
[Unsubscribe]
log=$UNIQUSH_LOG
loglevel=$UNIQUSH_LOGLEVEL
[Push]
log=$UNIQUSH_LOG
loglevel=$UNIQUSH_LOGLEVEL
[Database]
engine=$UNIQUSH_DATABASE_ENGINE
name=$UNIQUSH_DATABASE_NAME
host=$UNIQUSH_DATABASE_HOST
port=$UNIQUSH_DATABASE_PORT
password=$UNIQUSH_DATABASE_PASSWORD
everysec=$UNIQUSH_DATABASE_EVERYSEC
leastdirty=$UNIQUSH_DATABASE_LEASTDIRTY
cachesize=$UNIQUSH_DATABASE_CACHESIZE
"
mkdir -p "$( dirname "$UNIQUSH_CONFIG_PATH" )"
echo -e "$UNIQUSH_CONFIG" > "$UNIQUSH_CONFIG_PATH"
else
echo "+-- config file found in '$UNIQUSH_CONFIG_PATH', ignoring \$UNIQUSH_WEBFRONTEND_ADDR, \$UNIQUSH_DATABASE_*, \$UNIQUSH_LOG* envvars"
fi
# start the darn thing
echo "+-- executing as user $UNIQUSH_USER:"
echo " $*"
exec su -p -c "env PATH=\"$PATH\" $*" "$UNIQUSH_USER"
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment