github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/scripts/docker/production/docker-entrypoint.sh

github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/scripts/docker/production/docker-entrypoint.sh (about)

     1  #!/bin/sh
     2  set -eu
     3  
     4  
     5  
     6  echo "=========================================================================="
     7  echo "Starting $0, $(date)"
     8  echo "=========================================================================="
     9  
    10  
    11  # Prepare stepping down from root to applicative user with chosen UID/GID
    12  USER_ID=${LOCAL_USER_ID:-3552}
    13  GROUP_ID=${LOCAL_GROUP_ID:-3552}
    14  getent group cozy >/dev/null 2>&1 || \
    15      groupadd -g "${GROUP_ID}" -o cozy
    16  getent passwd cozy >/dev/null 2>&1 || \
    17      useradd --shell /bin/bash -u "${USER_ID}" -g cozy -o -c "Cozy Stack user" -d /var/lib/cozy -m cozy
    18  chown -R cozy: /var/lib/cozy
    19  
    20  # Generate passphrase if missing
    21  if [ ! -f /etc/cozy/cozy-admin-passphrase ]; then
    22    if [ -z "${COZY_ADMIN_PASSPHRASE:-}" ]; then
    23      echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
    24      echo "COZY_ADMIN_PASSPHRASE not set."
    25      echo "Using random Cozy admin passphrase !!!"
    26      COZY_ADMIN_PASSPHRASE="$(tr -dc '[:alpha:]' </dev/urandom | fold -w 12 | head -n 1)"
    27      echo "COZY_ADMIN_PASSPHRASE set to ${COZY_ADMIN_PASSPHRASE}"
    28      echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
    29    fi
    30    echo "Generating /var/lib/cozy/cozy-admin-passphrase..."
    31    COZY_ADMIN_PASSPHRASE="${COZY_ADMIN_PASSPHRASE}" cozy-stack -c /dev/null config passwd /etc/cozy/cozy-admin-passphrase
    32    chown cozy: /etc/cozy/cozy-admin-passphrase
    33    chmod u=r,og= /etc/cozy/cozy-admin-passphrase
    34  fi
    35  
    36  # Generate vault keys if needed
    37  if [ ! -f /etc/cozy/vault.enc ] || [ ! -f /etc/cozy/vault.dec ]; then
    38    cozy-stack -c /dev/null config gen-keys /etc/cozy/vault
    39    chown cozy: /etc/cozy/vault.enc /etc/cozy/vault.dec
    40    chmod u=rw,og= /etc/cozy/vault.enc /etc/cozy/vault.dec
    41  fi
    42  
    43  # Start postfix if required
    44  if [ "${START_EMBEDDED_POSTFIX:-}" = "true" ]; then
    45    # Set-up dns resolution in postfix chroot at runtime and start postfix
    46    [ ! -d /var/spool/postfix/etc ] && mkdir -p /var/spool/postfix/etc
    47    cp /etc/resolv.conf /var/spool/postfix/etc
    48    chown -R postfix /var/spool/postfix/etc
    49    postfix start
    50  fi
    51  
    52  if echo "$@" | grep -q "cozy-stack "; then
    53    # Ensure CouchDB is ready if running an applicative subcommand
    54    echo "Waiting for CouchDB to be available..."
    55    wait-for-it.sh -h "${COUCHDB_HOST}" -p "${COUCHDB_PORT}" -t 60
    56  
    57    echo "Init CouchDB databases, nothing will happen if they already exists..."
    58    for db in _users _replicator; do
    59      curl -sSL -X PUT --user "${COUCHDB_USER}:${COUCHDB_PASSWORD}" "${COUCHDB_PROTOCOL}://${COUCHDB_HOST}:${COUCHDB_PORT}/${db}" || ( echo "Failed to create database ${db}"; exit 1 )
    60    done
    61  
    62    # Then run the command itself as applicative user
    63    echo "Now running CMD with UID ${USER_ID} and GID ${GROUP_ID}"
    64    exec gosu cozy "$@"
    65  else
    66    # Otherwise run the command as root
    67    exec "$@"
    68  fi