Merge pull request #18 from jokob-sk/permission-mapping

Permission mapping

.env

@@ -0,0 +1,6 @@
+#GLOBAL
+APP_DATA_LOCATION=/path/to/docker_appdata
+APP_CONFIG_LOCATION=/path/to/docker_config
+LOGS_LOCATION=/path/to/docker_logs
+
+

Dockerfile

@@ -1,5 +1,8 @@
 FROM debian:buster-slim
 
+# default UID and GID
+ENV USER=pi USER_ID=1000 USER_GID=1000
+
 # Todo, figure out why using a workdir instead of full paths don't work
 # Todo, do we still need all these packages? I can already see sudo which isn't needed
 
@@ -10,22 +13,28 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/* \
     && ln -s /home/pi/pialert/install/index.html /var/www/html/index.html \
     && ln -s /home/pi/pialert/front /var/www/html/pialert \
-    && lighttpd-enable-mod fastcgi-php
-    # Redirect for lighthttpd to work properly
+    && lighttpd-enable-mod fastcgi-php 
+ 
+   
+# now creating user
+RUN groupadd --gid "${USER_GID}" "${USER}" && \
+    useradd \
+      --uid ${USER_ID} \
+      --gid ${USER_GID} \
+      --create-home \
+      --shell /bin/bash \
+      ${USER}
 
 COPY . /home/pi/pialert
 
-# Pi.Alert | also we probably should/can delete the tar from the repo and remove this line
-RUN rm -r /home/pi/pialert/tar \
-    && python /home/pi/pialert/back/pialert.py update_vendors \    
+# Pi.Alert 
+RUN python /home/pi/pialert/back/pialert.py update_vendors \    
     && sed -ie 's/= 80/= 20211/g' /etc/lighttpd/lighttpd.conf \
     && (crontab -l 2>/dev/null; cat /home/pi/pialert/install/pialert.cron) | crontab -
 
 EXPOSE 20211
 
-# https://github.com/rtsp/docker-lighttpd/blob/main/Dockerfile
-# > this one maybe better? https://hub.docker.com/r/jitesoft/lighttpd
-# Todo, refacto CMD so that we can run lighttpd and make it respond instant
-# The above Dockerfile is doing this well, but i don't see why it isn't working for us
+# it's easy for permissions set in Git to be overridden, so doing it manually
+RUN chmod -R a+rxw /home/pi/pialert/
 
 CMD ["/home/pi/pialert/dockerfiles/start.sh"]

README.md

@@ -12,7 +12,7 @@ unknown devices. It also warns the disconnection of "always connected" devices.
 JavaScript)*
 
 # Docker image :whale:
-[![Docker](https://github.com/jokob-skPi.Alert/actions/workflows/docker.yml/badge.svg)](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker.yml)
+[![Docker](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker.yml/badge.svg)](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker.yml)
 [![Docker Image Size](https://img.shields.io/docker/image-size/jokobsk/pi.alert?logo=Docker)](https://hub.docker.com/r/jokobsk/pi.alert)
   <a href="https://hub.docker.com/r/jokobsk/pi.alert">
     <img src="https://img.shields.io/docker/pulls/jokobsk/pi.alert?logo=docker&color=0aa8d2&logoColor=fff" alt="Docker Pulls">

docker-compose.yml

@@ -0,0 +1,15 @@
+version: "3"
+services:
+  pialert:
+    build: .
+    container_name: pialert_dev
+    network_mode: "host"
+    restart: always
+    volumes:
+      - ${APP_DATA_LOCATION}/pialert/config:/home/pi/pialert/config
+      - ${APP_DATA_LOCATION}/pialert/db/pialert.db:/home/pi/pialert/db/pialert.db
+      - ${LOGS_LOCATION}/tmp:/home/pi/pialert/log
+    environment:
+      - TZ=France/Paris
+      - HOST_USER_ID=1036
+      - HOST_USER_GID=1000

dockerfiles/README.md

@@ -1,4 +1,8 @@
-[![Docker](https://github.com/jokob-skPi.Alert/actions/workflows/docker.yml/badge.svg)](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker.yml) [![Docker Image Size](https://img.shields.io/docker/image-size/jokobsk/pi.alert?logo=Docker)](https://hub.docker.com/r/jokobsk/pi.alert)
+[![Docker](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker.yml/badge.svg)](https://github.com/jokob-sk/Pi.Alert/actions/workflows/docker.yml)
+[![Docker Image Size](https://img.shields.io/docker/image-size/jokobsk/pi.alert?logo=Docker)](https://hub.docker.com/r/jokobsk/pi.alert)
+  <a href="https://hub.docker.com/r/jokobsk/pi.alert">
+    <img src="https://img.shields.io/docker/pulls/jokobsk/pi.alert?logo=docker&color=0aa8d2&logoColor=fff" alt="Docker Pulls">
+  </a>
 
 # :whale: A docker image for Pi.Alert 
 
@@ -6,54 +10,72 @@ All credit for Pi.Alert goes to: [pucherot/Pi.Alert](https://github.com/pucherot
 A pre-built image is available on :whale: Docker Hub: [jokobsk/Pi.Alert](https://registry.hub.docker.com/r/jokobsk/pi.alert).
 The source :page_facing_up: Dockerfile is available [here](https://github.com/jokob-sk/Pi.Alert/blob/main/Dockerfile) with a detailed :books: [readme](https://github.com/jokob-sk/Pi.Alert/blob/main//dockerfiles/README.md) included.
 
-## :white_check_mark: Usage
+## :information_source: Usage
 
--  Network
+Network
    - You will have to probably run the container on the host network, e.g: `sudo docker run --rm --net=host jokobsk/pi.alert`
--  Port 
+
+Port 
    - The container runs on the port `:20211`.
--  UI URL
-   - The UI is located on `<host IP>:20211/pialert/`
 
 > Please note - the cronjob is executed every 1, 5 and 15 minutes so wait that long for all of the scans to run.
 
 ## :floppy_disk: Setup and Backups
 
-1. Download `pialert.conf` and `version.conf` from [here](https://github.com/jokob-sk/Pi.Alert/tree/main/config).
-2. Backup your configuration by: 
-   * Mapping the container folder `/home/pi/pialert/config` to your own folder containing `pialert.conf` and `version.conf`. 
-    
-    OR
-    
-   * Mapping the files individually `pialert.conf:/home/pi/pialert/config/pialert.conf` and `version.conf:/home/pi/pialert/config/version.conf`      
-3. In `pialert.config` specify your network adapter (will probably be eth0 or eth1) and the network filter, e.g. if your DHCP server assigns IPs in the 192.168.1.0 to 192.168.1.255 range specify it the following way: 
+1. (**required**) Download `pialert.conf` and `version.conf` from [here](https://github.com/jokob-sk/Pi.Alert/tree/main/config).     
+2. (**required**) In `pialert.config` specify your network adapter (will probably be `eth0` or `eth1`) and the network filter (which **significantly** speeds up the scan process), e.g. if your DHCP server assigns IPs in the 192.168.1.0 to 192.168.1.255 range specify it the following way: 
    * `SCAN_SUBNETS    = '192.168.1.0/24 --interface=eth0'`
+3. (**required**) Use your configuration by: 
+   * Mapping the container folder `/home/pi/pialert/config` to a persistent folder containing `pialert.conf` and `version.conf`,     
+   * ... or by mapping the files individually `pialert.conf:/home/pi/pialert/config/pialert.conf` and `version.conf:/home/pi/pialert/config/version.conf` 
 4. Set the `TZ` environment variable to your current time zone (e.g.`Europe/Paris`). Find your time zone [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
 5. Database backup
+   * The DB is stored under `/home/pi/pialert/db/pialert.db`. Map this file to a persistent location (see [Examples](https://github.com/jokob-sk/Pi.Alert/tree/main/dockerfiles#page_facing_up-examples) for details). If facing issues (AJAX errors, can't write to DB, etc, make sure permissions are set correctly, alternatively check the logs under `/home/pi/pialert/log`)
    * Automated copy
-     The docker image creates a DB copy once every 30 min by copying the DB to `/home/pi/pialert/config/pialert.db_bak`. 
-      > If you have a backup already available, make sure you rename this file if you want to keep older backups before starting a new container.
+     The docker image copies the DB once every 30 min to `/home/pi/pialert/config/pialert.db_bak`. If you have a backup already available, make sure you rename this file if you want to keep older backups before starting a new container. To restore the DB run: `cp /home/pi/pialert/config/pialert.db_bak /home/pi/pialert/db/pialert.db`   
+6. The container supports mapping to local User nad Group IDs. Specify the enviroment variables `HOST_USER_ID` and `HOST_USER_GID` if needed.
 
-     - You can backup the DB by also ad-hoc by running the follow command in the container:
+Config examples can be found below.
 
-       - `cp /home/pi/pialert/db/pialert.db /home/pi/pialert/config/pialert.db_bak`
+## :page_facing_up: Examples
 
-     - Restoring the DB:
+### Example 1
 
-       - `cp /home/pi/pialert/config/pialert.db_bak /home/pi/pialert/db/pialert.db`
+`docker-compose.yml` 
 
-   * Alternative approach: Storing the DB on your own volume
+```yaml
+version: "3"
+services:
+  pialert:
+    container_name: pialert
+    image: "jokobsk/pi.alert:latest"      
+    network_mode: "host"        
+    restart: always
+    volumes:
+      - ${APP_DATA_LOCATION}/pialert/config:/home/pi/pialert/config
+      - ${APP_DATA_LOCATION}/pialert/db/pialert.db:/home/pi/pialert/db/pialert.db
+      - ${LOGS_LOCATION}/:/home/pi/pialert/log
+    environment:
+      - TZ=France/Paris
+      - HOST_USER_ID=1036 
+      - HOST_USER_GID=1000
+```
 
-       ```yaml
-           volumes:
-             - pialert_db:/home/pi/pialert/db
-       ```       
+`.env` file
 
-A full config example can be found below.
+```yaml
 
-## :page_facing_up: Example Config
+APP_DATA_LOCATION=/path/to/docker_appdata
+APP_CONFIG_LOCATION=/path/to/docker_config
+LOGS_LOCATION=/path/to/docker_logs
 
-Courtesy of [pbek](https://github.com/pbek). The volume `pialert_db` is used the db directory. The two config files are mounted directly from a local folder to their places in the config folder. You can backup the `docker-compose.yaml` folder and the docker volumes folder.
+```
+
+To run the container execute: `sudo docker-compose --env-file /path/to/.env up`
+
+### Example 2
+
+Courtesy of [pbek](https://github.com/pbek). The volume `pialert_db` is used by the db directory. The two config files are mounted directly from a local folder to their places in the config folder. You can backup the `docker-compose.yaml` folder and the docker volumes folder.
 
 ```yaml
   pialert:

dockerfiles/start.sh

@@ -1,5 +1,8 @@
 #!/bin/sh
+/home/pi/pialert/dockerfiles/user-mapping.sh
 
-chmod -R o+w /home/pi/pialert/db
+
+#chmod -R 755 /var/www/html/pialert
+#chmod -R o+w /home/pi/pialert/db
 /etc/init.d/lighttpd start
-service cron start && tail -f /dev/null
+cron -f

dockerfiles/user-mapping.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [ -z "${USER}" ]; then
+  echo "We need USER to be set!"; exit 100
+fi
+
+# if both not set we do not need to do anything
+if [ -z "${HOST_USER_ID}" -a -z "${HOST_USER_GID}" ]; then
+    echo "Nothing to do here." ; exit 0
+fi
+
+# reset user_?id to either new id or if empty old (still one of above
+# might not be set)
+USER_ID=${HOST_USER_ID:=$USER_ID}
+USER_GID=${HOST_USER_GID:=$USER_GID}
+
+LINE=$(grep -F "${USER}" /etc/passwd)
+# replace all ':' with a space and create array
+array=( ${LINE//:/ } )
+
+# home is 5th element
+USER_HOME=${array[4]}
+
+sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:[0-9]*/${USER}:\1:${USER_ID}:${USER_GID}/"  /etc/passwd
+sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/"  /etc/group
+
+chown -R ${USER_ID}:${USER_GID} ${USER_HOME}
+
+exec su - "${USER}"