* add environment variable to add initial users on startup

* list supported environment variables in .env-dist
2 years ago · e472670de7
parent 95ac4a70f9
commit e472670de7
3 changed files with 57 additions and 4 deletions
--- a/.env-dist
+++ b/.env-dist
@ -1,13 +1,38 @@
 # Copy this file to .env before building the container.
 # Put any local modifications here.

+# Run under this UID/GID.
+# OWNER_UID=1000
+# OWNER_GID=1000
+
+# FPM settings.
+#PHP_WORKER_MAX_CHILDREN=5
+#PHP_WORKER_MEMORY_LIMIT=256M
+
+# ADMIN_USER_* settings are applied on every startup.
+
+# Set admin user password to this value.
+#ADMIN_USER_PASS=
+
+# Sets admin user access level to this value.
+# Valid values:
+# -2 - forbidden to login
+# -1 - readonly
+#  0 - default user
+# 10 - admin
+#ADMIN_USER_ACCESS_LEVEL=
+
+# Auto create another user (in addition to built-in admin) unless it
+# already exists.
+#AUTO_CREATE_USER=
+#AUTO_CREATE_USER_PASS=
+#AUTO_CREATE_USER_ACCESS_LEVEL=0 # see above
+
+# Default database credentials.
 TTRSS_DB_USER=postgres
 TTRSS_DB_NAME=postgres
 TTRSS_DB_PASS=password

-# This is only used by web-ssl container.
-#HTTP_HOST=localhost
-
 # You will likely need to set this to the correct value, see README.md
 # for more information.
 TTRSS_SELF_URL_PATH=http://localhost:8280/tt-rss
--- a/app/Dockerfile
+++ b/app/Dockerfile
@ -31,6 +31,18 @@ ENV OWNER_GID=1000
 ENV PHP_WORKER_MAX_CHILDREN=5
 ENV PHP_WORKER_MEMORY_LIMIT=256M

+# these are applied on every startup, if set
+ENV ADMIN_USER_PASS=""
+# see classes/UserHelper.php ACCESS_LEVEL_*
+# setting this to -2 would effectively disable built-in admin user
+# unless single user mode is enabled
+ENV ADMIN_USER_ACCESS_LEVEL=""
+
+# these are applied unless user already exists
+ENV AUTO_CREATE_USER=""
+ENV AUTO_CREATE_USER_PASS=""
+ENV AUTO_CREATE_USER_ACCESS_LEVEL="0"
+
 # TODO: remove prefix from container variables not used by tt-rss itself:
 #
 # - TTRSS_NO_STARTUP_PLUGIN_UPDATES -> NO_STARTUP_PLUGIN_UPDATES
--- a/app/startup.sh
+++ b/app/startup.sh
@ -118,12 +118,28 @@ sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \
 sed -i.bak "s/^\(pm.max_children\) = \(.*\)/\1 = ${PHP_WORKER_MAX_CHILDREN}/" \
 	/etc/php8/php-fpm.d/www.conf

-cd $DST_DIR && sudo -E -u app php8 ./update.php --update-schema=force-yes
+sudo -Eu app php8 $DST_DIR/update.php --update-schema=force-yes
+
+if [ ! -z "$ADMIN_USER_PASS" ]; then
+	sudo -Eu app php8 $DST_DIR/update.php --user-set-password "admin:$ADMIN_USER_PASS"
+fi
+
+if [ ! -z "$ADMIN_USER_ACCESS_LEVEL" ]; then
+	sudo -Eu app php8 $DST_DIR/update.php --user-set-access-level "admin:$ADMIN_USER_ACCESS_LEVEL"
+fi
+
+if [ ! -z "$AUTO_CREATE_USER" ]; then
+	sudo -Eu app /bin/sh -c "php8 $DST_DIR/update.php --user-exists $AUTO_CREATE_USER ||
+		php8 $DST_DIR/update.php --force-yes --user-add \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_PASS:$AUTO_CREATE_USER_ACCESS_LEVEL\""
+fi

 rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log

 (tail -q -f /tmp/error.log >> /proc/1/fd/2) &

+unset ADMIN_USER_PASS
+unset AUTO_CREATE_USER_PASS
+
 touch $DST_DIR/.app_is_ready

 exec /usr/sbin/php-fpm8 --nodaemonize --force-stderr -R