diff --git a/.env-dist b/.env-dist index e124c29..4b7b193 100644 --- a/.env-dist +++ b/.env-dist @@ -1,13 +1,38 @@ # Copy this file to .env before building the container. # Put any local modifications here. +# Run under this UID/GID. +# OWNER_UID=1000 +# OWNER_GID=1000 + +# FPM settings. +#PHP_WORKER_MAX_CHILDREN=5 +#PHP_WORKER_MEMORY_LIMIT=256M + +# ADMIN_USER_* settings are applied on every startup. + +# Set admin user password to this value. +#ADMIN_USER_PASS= + +# Sets admin user access level to this value. +# Valid values: +# -2 - forbidden to login +# -1 - readonly +# 0 - default user +# 10 - admin +#ADMIN_USER_ACCESS_LEVEL= + +# Auto create another user (in addition to built-in admin) unless it +# already exists. +#AUTO_CREATE_USER= +#AUTO_CREATE_USER_PASS= +#AUTO_CREATE_USER_ACCESS_LEVEL=0 # see above + +# Default database credentials. TTRSS_DB_USER=postgres TTRSS_DB_NAME=postgres TTRSS_DB_PASS=password -# This is only used by web-ssl container. -#HTTP_HOST=localhost - # You will likely need to set this to the correct value, see README.md # for more information. TTRSS_SELF_URL_PATH=http://localhost:8280/tt-rss diff --git a/src/app/Dockerfile b/src/app/Dockerfile index f328706..dac6d81 100644 --- a/src/app/Dockerfile +++ b/src/app/Dockerfile @@ -42,6 +42,18 @@ ENV OWNER_GID=1000 ENV PHP_WORKER_MAX_CHILDREN=5 ENV PHP_WORKER_MEMORY_LIMIT=256M +# these are applied on every startup, if set +ENV ADMIN_USER_PASS="" +# see classes/UserHelper.php ACCESS_LEVEL_* +# setting this to -2 would effectively disable built-in admin user +# unless single user mode is enabled +ENV ADMIN_USER_ACCESS_LEVEL="" + +# these are applied unless user already exists +ENV AUTO_CREATE_USER="" +ENV AUTO_CREATE_USER_PASS="" +ENV AUTO_CREATE_USER_ACCESS_LEVEL="0" + # TODO: remove prefix from container variables not used by tt-rss itself: # # - TTRSS_NO_STARTUP_PLUGIN_UPDATES -> NO_STARTUP_PLUGIN_UPDATES diff --git a/src/app/startup.sh b/src/app/startup.sh index 81d6355..a202013 100755 --- a/src/app/startup.sh +++ b/src/app/startup.sh @@ -1,4 +1,4 @@ -#!/bin/sh -ex +#!/bin/sh -e while ! pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER; do echo waiting until $TTRSS_DB_HOST is ready... @@ -116,12 +116,28 @@ sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \ sed -i.bak "s/^\(pm.max_children\) = \(.*\)/\1 = ${PHP_WORKER_MAX_CHILDREN}/" \ /etc/php8/php-fpm.d/www.conf -cd $DST_DIR && sudo -E -u app php8 ./update.php --update-schema=force-yes +sudo -Eu app php8 $DST_DIR/update.php --update-schema=force-yes + +if [ ! -z "$ADMIN_USER_PASS" ]; then + sudo -Eu app php8 $DST_DIR/update.php --user-set-password "admin:$ADMIN_USER_PASS" +fi + +if [ ! -z "$ADMIN_USER_ACCESS_LEVEL" ]; then + sudo -Eu app php8 $DST_DIR/update.php --user-set-access-level "admin:$ADMIN_USER_ACCESS_LEVEL" +fi + +if [ ! -z "$AUTO_CREATE_USER" ]; then + sudo -Eu app /bin/sh -c "php8 $DST_DIR/update.php --user-exists $AUTO_CREATE_USER || + php8 $DST_DIR/update.php --force-yes --user-add \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_PASS:$AUTO_CREATE_USER_ACCESS_LEVEL\"" +fi rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log (tail -q -f /tmp/error.log >> /proc/1/fd/2) & +unset ADMIN_USER_PASS +unset AUTO_CREATE_USER_PASS + touch $DST_DIR/.app_is_ready exec /usr/sbin/php-fpm8 --nodaemonize --force-stderr diff --git a/src/app/updater.sh b/src/app/updater.sh index 962ef73..247d00b 100755 --- a/src/app/updater.sh +++ b/src/app/updater.sh @@ -4,6 +4,9 @@ unset HTTP_PORT unset HTTP_HOST +unset ADMIN_USER_PASS +unset AUTO_CREATE_USER_PASS + # wait for the app container to delete .app_is_ready and perform rsync, etc. sleep 30