From e472670de70adbd684d5d3976ec4b6d5d79c9504 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 10 Jun 2022 17:54:00 +0300 Subject: [PATCH] * add environment variable to add initial users on startup * list supported environment variables in .env-dist --- .env-dist | 31 ++++++++++++++++++++++++++++--- app/Dockerfile | 12 ++++++++++++ app/startup.sh | 18 +++++++++++++++++- 3 files changed, 57 insertions(+), 4 deletions(-) diff --git a/.env-dist b/.env-dist index e124c29..4b7b193 100644 --- a/.env-dist +++ b/.env-dist @@ -1,13 +1,38 @@ # Copy this file to .env before building the container. # Put any local modifications here. +# Run under this UID/GID. +# OWNER_UID=1000 +# OWNER_GID=1000 + +# FPM settings. +#PHP_WORKER_MAX_CHILDREN=5 +#PHP_WORKER_MEMORY_LIMIT=256M + +# ADMIN_USER_* settings are applied on every startup. + +# Set admin user password to this value. +#ADMIN_USER_PASS= + +# Sets admin user access level to this value. +# Valid values: +# -2 - forbidden to login +# -1 - readonly +# 0 - default user +# 10 - admin +#ADMIN_USER_ACCESS_LEVEL= + +# Auto create another user (in addition to built-in admin) unless it +# already exists. +#AUTO_CREATE_USER= +#AUTO_CREATE_USER_PASS= +#AUTO_CREATE_USER_ACCESS_LEVEL=0 # see above + +# Default database credentials. TTRSS_DB_USER=postgres TTRSS_DB_NAME=postgres TTRSS_DB_PASS=password -# This is only used by web-ssl container. -#HTTP_HOST=localhost - # You will likely need to set this to the correct value, see README.md # for more information. TTRSS_SELF_URL_PATH=http://localhost:8280/tt-rss diff --git a/app/Dockerfile b/app/Dockerfile index dcb1bf9..d45c0c8 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -31,6 +31,18 @@ ENV OWNER_GID=1000 ENV PHP_WORKER_MAX_CHILDREN=5 ENV PHP_WORKER_MEMORY_LIMIT=256M +# these are applied on every startup, if set +ENV ADMIN_USER_PASS="" +# see classes/UserHelper.php ACCESS_LEVEL_* +# setting this to -2 would effectively disable built-in admin user +# unless single user mode is enabled +ENV ADMIN_USER_ACCESS_LEVEL="" + +# these are applied unless user already exists +ENV AUTO_CREATE_USER="" +ENV AUTO_CREATE_USER_PASS="" +ENV AUTO_CREATE_USER_ACCESS_LEVEL="0" + # TODO: remove prefix from container variables not used by tt-rss itself: # # - TTRSS_NO_STARTUP_PLUGIN_UPDATES -> NO_STARTUP_PLUGIN_UPDATES diff --git a/app/startup.sh b/app/startup.sh index e3fb6f3..42990c5 100755 --- a/app/startup.sh +++ b/app/startup.sh @@ -118,12 +118,28 @@ sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \ sed -i.bak "s/^\(pm.max_children\) = \(.*\)/\1 = ${PHP_WORKER_MAX_CHILDREN}/" \ /etc/php8/php-fpm.d/www.conf -cd $DST_DIR && sudo -E -u app php8 ./update.php --update-schema=force-yes +sudo -Eu app php8 $DST_DIR/update.php --update-schema=force-yes + +if [ ! -z "$ADMIN_USER_PASS" ]; then + sudo -Eu app php8 $DST_DIR/update.php --user-set-password "admin:$ADMIN_USER_PASS" +fi + +if [ ! -z "$ADMIN_USER_ACCESS_LEVEL" ]; then + sudo -Eu app php8 $DST_DIR/update.php --user-set-access-level "admin:$ADMIN_USER_ACCESS_LEVEL" +fi + +if [ ! -z "$AUTO_CREATE_USER" ]; then + sudo -Eu app /bin/sh -c "php8 $DST_DIR/update.php --user-exists $AUTO_CREATE_USER || + php8 $DST_DIR/update.php --force-yes --user-add \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_PASS:$AUTO_CREATE_USER_ACCESS_LEVEL\"" +fi rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log (tail -q -f /tmp/error.log >> /proc/1/fd/2) & +unset ADMIN_USER_PASS +unset AUTO_CREATE_USER_PASS + touch $DST_DIR/.app_is_ready exec /usr/sbin/php-fpm8 --nodaemonize --force-stderr -R