entrypoint added to make uniqush run under a given user, and to handle config generation

Dockerfile

@@ -5,7 +5,12 @@ ENV DEBIAN_FRONTEND noninteractive
 ARG UNIQUSH_VERSION=2.1.0
 
 ADD https://uniqush.org/downloads/uniqush-push_${UNIQUSH_VERSION}_amd64.deb /tmp/
-RUN dpkg -i /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb && rm /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb
+RUN dpkg -i /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb && rm /tmp/uniqush-push_${UNIQUSH_VERSION}_amd64.deb && mv /etc/uniqush/uniqush-push.conf /etc/uniqush/uniqush-push.conf.dpkg-orig
+
+# entrypoint
+COPY entrypoint.sh /sbin/entrypoint.sh
+RUN chmod a+x /sbin/entrypoint.sh
 
 EXPOSE 9898
+ENTRYPOINT ["/sbin/entrypoint.sh"]
 CMD ["/usr/bin/uniqush-push"]
\ No newline at end of file

entrypoint.sh

+#!/bin/bash
+
+#
+# entrypoint for docker-uniqush
+#
+
+# handle signals
+trap abort SIGHUP SIGINT SIGQUIT SIGTERM SIGSTOP SIGKILL
+function abort {
+    echo
+    echo "* * * ABORTED * * *"
+    echo
+    exit 0
+}
+
+# the logfile
+[ -z ${UNIQUSH_LOGFILE+x} ] && UNIQUSH_LOGFILE="/var/log/uniqush"
+
+#
+# used by default for all log and loglevel settings
+# ['off', 'standard', 'verbose']
+# off means that `log` in all sections will be set to off
+# hence, no logging will be done
+[ -z ${UNIQUSH_LOGLEVEL+x} ] && UNIQUSH_LOGLEVEL="standard"
+# internal, dependant on UNIQUSH_LOGLEVEL
+if [[ "$UNIQUSH_LOGLEVEL" == "off" ]]; then
+    UNIQUSH_LOG="off"
+else
+    UNIQUSH_LOG="on"
+fi
+
+# 
+# WebFrontend section
+# 
+# address to listen on
+# by default listening on all interfaces -- we're running within a docker container,
+# `localhost` would not be accessible from outside of it at all
+[ -z ${UNIQUSH_WEBFRONTEND_ADDR+x} ] && UNIQUSH_WEBFRONTEND_ADDR="0.0.0.0:9898"
+
+# Database section
+[ -z ${UNIQUSH_DATABASE_ENGINE+x} ]     && UNIQUSH_DATABASE_ENGINE="redis" # that's the only option, really...
+[ -z ${UNIQUSH_DATABASE_NAME+x} ]       && UNIQUSH_DATABASE_NAME="uniqush"
+[ -z ${UNIQUSH_DATABASE_HOST+x} ]       && UNIQUSH_DATABASE_HOST="redis"
+[ -z ${UNIQUSH_DATABASE_PORT+x} ]       && UNIQUSH_DATABASE_PORT="0"
+[ -z ${UNIQUSH_DATABASE_PASSWORD+x} ]   && UNIQUSH_DATABASE_PASSWORD=""
+[ -z ${UNIQUSH_DATABASE_EVERYSEC+x} ]   && UNIQUSH_DATABASE_EVERYSEC="600"
+[ -z ${UNIQUSH_DATABASE_LEASTDIRTY+x} ] && UNIQUSH_DATABASE_LEASTDIRTY="10"
+[ -z ${UNIQUSH_DATABASE_CACHESIZE+x} ]  && UNIQUSH_DATABASE_CACHESIZE="1024"
+
+# user/group to own the spooldir and hence have access to incoming mail
+[ -z ${UNIQUSH_USER+x} ]  && UNIQUSH_USER="uniqush"
+[ -z ${UNIQUSH_GROUP+x} ] && UNIQUSH_GROUP="uniqush"
+
+# internal use only
+UNIQUSH_CONFIG_PATH="/etc/uniqush/uniqush-push.conf"
+
+#
+# user, group
+
+# get group data, if any, and check if the group exists
+if GROUP_DATA=`getent group "$UNIQUSH_GROUP"`; then
+  # it does! do we have the gid given?
+  if [[ "$UNIQUSH_GID" != "" ]]; then
+    # we do! do these match?
+    if [[ `echo "$GROUP_DATA" | cut -d ':' -f 3` != "$UNIQUSH_GID" ]]; then
+      # they don't. we have a problem
+      echo "ERROR: group $UNIQUSH_GROUP already exists, but with a different gid (`echo "$GROUP_DATA" | cut -d ':' -f 3`) than provided ($UNIQUSH_GID)!"
+      exit 3
+    fi
+  fi
+  # if no gid given, the existing group satisfies us regardless of the GID
+
+# group does not exist
+else
+  # do we have the gid given?
+  GID_ARGS=""
+  if [[ "$UNIQUSH_GID" != "" ]]; then
+    # we do! does a group with a given id exist?
+    if getent group "$UNIQUSH_GID" >/dev/null; then
+      echo "ERROR: a group with a given id ($UNIQUSH_GID) already exists, can't create group $UNIQUSH_GROUP with this id"
+      exit 4
+    fi
+    # prepare the fragment of the groupadd command
+    GID_ARGS="-g $UNIQUSH_GID"
+  fi
+  # we either have no GID given (and don't care about it), or have a GID given that does not exist in the system
+  # great! let's add the group
+  groupadd $GID_ARGS "$UNIQUSH_GROUP"
+fi
+
+# make sure we have the gid handy
+[ -z ${UNIQUSH_GID+x} ] && UNIQUSH_GID="$( getent group "$UNIQUSH_GROUP" | cut -d ':' -f 3 )"
+echo "    +-- UNIQUSH_GROUP: $UNIQUSH_GROUP"
+echo "    +-- UNIQUSH_GID  : $UNIQUSH_GID"
+
+
+# get user data, if any, and check if the user exists
+if USER_DATA=`id -u "$UNIQUSH_USER" 2>/dev/null`; then
+  # it does! do we have the uid given?
+  if [[ "$UNIQUSH_UID" != "" ]]; then
+    # we do! do these match?
+    if [[ "$USER_DATA" != "$UNIQUSH_UID" ]]; then
+      # they don't. we have a problem
+      echo "ERROR: user $UNIQUSH_USER already exists, but with a different uid ("$USER_DATA") than provided ($UNIQUSH_UID)!"
+      exit 5
+    fi
+  fi
+  # if no uid given, the existing user satisfies us regardless of the uid
+  # but is he in the right group?
+  adduser "$UNIQUSH_USER" "$UNIQUSH_GROUP"
+
+# user does not exist
+else
+  # do we have the uid given?
+  UID_ARGS=""
+  if [[ "$UNIQUSH_UID" != "" ]]; then
+    # we do! does a group with a given id exist?
+    if getent passwd "$UNIQUSH_UID" >/dev/null; then
+      echo "ERROR: a user with a given id ($UNIQUSH_UID) already exists, can't create user $UNIQUSH_USER with this id"
+      exit 6
+    fi
+    # prepare the fragment of the useradd command
+    UID_ARGS="-u $UNIQUSH_UID"
+  fi
+  # we either have no UID given (and don't care about it), or have a UID given that does not exist in the system
+  # great! let's add the user; using UNIQUSH_SPOOLDIR as homedir
+  useradd $UID_ARGS -r -g "$UNIQUSH_GROUP" "$UNIQUSH_USER"
+fi
+
+# make sure we have the uid handy
+[ -z ${UNIQUSH_UID+x} ] && UNIQUSH_UID="$( id -u "$UNIQUSH_USER" 2>/dev/null )"
+echo "    +-- UNIQUSH_USER : $UNIQUSH_USER"
+echo "    +-- UNIQUSH_UID  : $UNIQUSH_UID"
+
+
+# basic config file
+# 
+# more info on the format:
+# https://uniqush.org/documentation/config.html
+#
+# do we need it? if the config file exists, just use that
+if [ ! -e "$UNIQUSH_CONFIG_PATH" ]; then
+    echo "+-- no config file found in $UNIQUSH_CONFIG_PATH, creating one..."
+    UNIQUSH_CONFIG="
+logfile=$UNIQUSH_LOGFILE
+
+
+# Comment starts from a Number sign (#) to end of the line.
+
+# Log level: verbose, standard, 
+[WebFrontend]
+log=$UNIQUSH_LOG
+loglevel=$UNIQUSH_LOGLEVEL
+addr=$UNIQUSH_WEBFRONTEND_ADDR
+
+[AddPushServiceProvider]
+log=$UNIQUSH_LOG
+loglevel=$UNIQUSH_LOGLEVEL
+
+[RemovePushServiceProvider]
+log=$UNIQUSH_LOG
+loglevel=$UNIQUSH_LOGLEVEL
+
+[Subscribe]
+log=$UNIQUSH_LOG
+loglevel=$UNIQUSH_LOGLEVEL
+
+[Unsubscribe]
+log=$UNIQUSH_LOG
+loglevel=$UNIQUSH_LOGLEVEL
+
+[Push]
+log=$UNIQUSH_LOG
+loglevel=$UNIQUSH_LOGLEVEL
+
+[Database]
+engine=$UNIQUSH_DATABASE_ENGINE
+name=$UNIQUSH_DATABASE_NAME
+host=$UNIQUSH_DATABASE_HOST
+port=$UNIQUSH_DATABASE_PORT
+password=$UNIQUSH_DATABASE_PASSWORD
+everysec=$UNIQUSH_DATABASE_EVERYSEC
+leastdirty=$UNIQUSH_DATABASE_LEASTDIRTY
+cachesize=$UNIQUSH_DATABASE_CACHESIZE
+"
+    mkdir -p "$( dirname "$UNIQUSH_CONFIG_PATH" )"
+    echo -e "$UNIQUSH_CONFIG" > "$UNIQUSH_CONFIG_PATH"
+else
+    echo "+-- config file found in '$UNIQUSH_CONFIG_PATH', ignoring \$UNIQUSH_WEBFRONTEND_ADDR, \$UNIQUSH_DATABASE_*, \$UNIQUSH_LOG* envvars"
+fi
+
+# start the darn thing
+echo "+-- executing as user $UNIQUSH_USER:"
+echo "    $*"
+exec su -p -c "env PATH=\"$PATH\" $*" "$UNIQUSH_USER"
\ No newline at end of file