From 13e4d461c77eb4616f5a8523e4a61d9d070e169f Mon Sep 17 00:00:00 2001
From: Patrick Jentsch <p.jentsch@uni-bielefeld.de>
Date: Thu, 1 Aug 2024 12:00:34 +0200
Subject: [PATCH] Update .env.tpl

---
 .env.tpl                     | 22 +++------
 docker-compose.yml           | 86 +++++++++++++++++-------------------
 docker-nopaque-entrypoint.sh | 58 +++++++++++++++++-------
 3 files changed, 86 insertions(+), 80 deletions(-)

diff --git a/.env.tpl b/.env.tpl
index 1f6731cd..32341a06 100644
--- a/.env.tpl
+++ b/.env.tpl
@@ -1,32 +1,20 @@
 ##############################################################################
-# Variables for use in Docker Compose YAML files                             #
+# Environment variables used by Docker Compose config files.                 #
 ##############################################################################
 # HINT: Use this bash command `id -u`
 # NOTE: 0 (= root user) is not allowed
 HOST_UID=
 
 # HINT: Use this bash command `id -g`
+# NOTE: 0 (= root group) is not allowed
 HOST_GID=
 
 # HINT: Use this bash command `getent group docker | cut -d: -f3`
 HOST_DOCKER_GID=
 
 # DEFAULT: nopaque
-# DOCKER_DEFAULT_NETWORK_NAME=
-
-# DEFAULT: ./volumes/db/data
-# NOTE: Use `.` as <project-basedir>
-# DOCKER_DB_SERVICE_DATA_VOLUME_SOURCE_PATH=
-
-# DEFAULT: ./volumes/mq/data
-# NOTE: Use `.` as <project-basedir>
-# DOCKER_MQ_SERVICE_DATA_VOLUME_SOURCE_PATH=
+NOPAQUE_DOCKER_NETWORK_NAME=nopaque
 
 # NOTE: This must be a network share and it must be available on all
-#       Docker Swarm nodes, mounted to the same path with the same
-#       user and group ownership.
-DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH=
-
-# DEFAULT: ./volumes/nopaque/logs
-# NOTE: Use `.` as <project-basedir>
-# DOCKER_NOPAQUE_SERVICE_LOGS_VOLUME_SOURCE_PATH=.
+#       Docker Swarm nodes, mounted to the same path.
+HOST_NOPAQUE_DATA_PATH=/mnt/nopaque
diff --git a/docker-compose.yml b/docker-compose.yml
index 6d54aad3..a3a19a14 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,62 +1,56 @@
-# The docker-compose.yml file is not meant to be modified itself. 
-# Instead use the following files for configurations:
-# - .env: Environment variables for the docker-compose.yml file.
-# - db.env: Environment variables for the database service.
-# - nopaque.env: Environment variables for the nopaque service.
-# - docker-compose.override.yml: Override the docker-compose.yml file.
-#   - Don't change too much here, it's meant for configurations like exposing
-#     ports for development or adding labels for e.g. traefik.
+# This file is not meant to be modified, use the following files instead:
+# - `.env`: Environment variables available within Docker Compose config files.
+# - `db.env`: Environment variables for the database service.
+# - `nopaque.env`: Environment variables for the nopaque service.
+# - `docker-compose.override.yml`: Override the docker-compose.yml file.
+#   - The `docker-compose` directory includes examples for this.
 
 networks:
-  default:
-    name: "${DOCKER_DEFAULT_NETWORK_NAME:-nopaque}"
+  nopaque:
+    attachable: true
+    driver: "overlay"
+    name: "${NOPAQUE_DOCKER_NETWORK_NAME}"
 
 services:
   db:
-    env_file: db.env
-    image: postgres:11
-    restart: unless-stopped
+    env_file: "db.env"
+    image: "postgres:11"
+    networks:
+      - "nopaque"
+    restart: "unless-stopped"
     volumes:
-      - type: bind
-        source: "${DOCKER_DB_SERVICE_DATA_VOLUME_SOURCE_PATH:-./volumes/db/data}"
-        target: "/var/lib/postgresql/data"
+      - "./volumes/db/data:/var/lib/postgresql/data"
 
   mq:
-    image: redis:6
-    restart: unless-stopped
+    image: "redis:6"
+    networks:
+      - "nopaque"
+    restart: "unless-stopped"
     volumes:
-      - type: bind
-        source: "${DOCKER_MQ_SERVICE_DATA_VOLUME_SOURCE_PATH:-./volumes/mq/data}"
-        target: "/data"
+      - "./volumes/mq/data:/data"
 
   nopaque:
     build: .
     depends_on:
-      - db
-      - mq
+      - "db"
+      - "mq"
     env_file:
-      - nopaque.env
+      - "nopaque.env"
     environment:
-      # This section overrides the values set in the nopaque.env file. Do not
-      # override the environment variables in a docker-compose.override.yml
-      # file unless you really know what you are doing.
-      - NOPAQUE_UID=${HOST_UID}
-      - NOPAQUE_GID=${HOST_GID}
-      - DOCKER_GID=${HOST_DOCKER_GID}
-      - NOPAQUE_DATA_PATH=${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}
-      - NOPAQUE_DOCKER_NETWORK_NAME=${DOCKER_DEFAULT_NETWORK_NAME:-nopaque}
-      - NOPAQUE_LOGS_PATH=/home/nopaque/logs
-    image: nopaque:latest
-    restart: unless-stopped
+      # DANGER: Don't change the following environment variables within a
+      #         Docker Compose config file, use the `.env` file instead.
+      HOST_UID: "${HOST_UID}"
+      HOST_GID: "${HOST_GID}"
+      HOST_DOCKER_GID: "${HOST_DOCKER_GID}"
+      NOPAQUE_DATA_PATH: "${HOST_NOPAQUE_DATA_PATH}"
+      NOPAQUE_DOCKER_NETWORK_NAME: "${NOPAQUE_DOCKER_NETWORK_NAME}"
+    image: "nopaque:latest"
+    networks:
+      - "nopaque"
+    restart: "unless-stopped"
     volumes:
-      - type: bind
-        source: "/var/run/docker.sock"
-        target: "/var/run/docker.sock"
-      # TODO: Make this less quirky. The target path should be variable.
-      #       In order to achieve this, a cifs volume needs to be configured.
-      - type: bind
-        source: "${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}"
-        target: "${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}"
-      - type: bind
-        source: "${DOCKER_NOPAQUE_SERVICE_LOGS_VOLUME_SOURCE_PATH:-./volumes/nopaque/logs}"
-        target: "/home/nopaque/logs"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "./volumes/nopaque/logs:/var/log/nopaque"
+      # DANGER: Don't change the following mount within a Docker Compose
+      #         config file, use the `.env` file instead.
+      - "${HOST_NOPAQUE_DATA_PATH}:${HOST_NOPAQUE_DATA_PATH}"
diff --git a/docker-nopaque-entrypoint.sh b/docker-nopaque-entrypoint.sh
index 5507f26c..97ef9fe1 100755
--- a/docker-nopaque-entrypoint.sh
+++ b/docker-nopaque-entrypoint.sh
@@ -7,25 +7,48 @@ CHECK_MARK="\xE2\x9C\x93"
 CROSS_MARK="\xE2\x9D\x8C"
 
 
-if [[ "${NOPAQUE_UID}" == "0" ]]; then
+# Check if necessary environment variables are set
+if [[ -z "${HOST_DOCKER_GID}" ]]; then
+  echo "Environment variable \"HOST_DOCKER_GID\" not set."
+  exit 1
+fi
+
+if [[ -z "${HOST_UID}" ]]; then
+  echo "Environment variable \"HOST_UID\" not set."
+  exit 1
+fi
+
+if [[ -z "${HOST_GID}" ]]; then
+  echo "Environment variable \"HOST_GID\" not set."
+  exit 1
+fi
+
+
+# Check if the UID or GID are set to "0" (root). We want an unprivileged user.
+if [[ "${HOST_UID}" == "0" ]]; then
     echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
-    echo "Running as root is not allowed"
+    echo "\"0\" is not allowed for HOST_UID"
+    exit 1
+fi
+
+if [[ "${HOST_GID}" == "0" ]]; then
+    echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
+    echo "\"0\" is not allowed for HOST_GID"
     exit 1
 fi
 
 
 echo "Set container UID and GIDs to match the host system..."
-
-
 ##############################################################################
-# docker GID                                                                 #
+# Update docker GID                                                          #
 ##############################################################################
-if [[ "${DOCKER_GID}" == "$(getent group docker | cut -d: -f3)" ]]; then
+DOCKER_GID=$(getent group docker | cut -d: -f3)
+if [[ "${DOCKER_GID}" == "${HOST_DOCKER_GID}" ]]; then
     echo -n "- docker GID is already matching..."
     echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
 else
-    echo -n "- Updating docker GID ($(getent group docker | cut -d: -f3) -> ${DOCKER_GID})... "
-    groupmod --gid "${DOCKER_GID}" docker > /dev/null
+    echo -n "- Updating docker GID (${DOCKER_GID} -> ${HOST_DOCKER_GID})... "
+    groupmod --gid "${HOST_DOCKER_GID}" docker > /dev/null
     if [[ "${?}" == "0" ]]; then
         echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
     else
@@ -36,16 +59,16 @@ fi
 
 
 ##############################################################################
-# nopaque GID                                                                #
+# Update nopaque GID                                                         #
 ##############################################################################
-if [[ "${NOPAQUE_GID}" == "$(id -g nopaque)" ]]; then
+NOPAQUE_GID=$(id -g nopaque)
+if [[ "${NOPAQUE_GID}" == "${HOST_GID}" ]]; then
     echo -n "- nopaque GID is already matching..."
     echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
 else
-    echo -n "- Updating nopaque GID ($(id -g nopaque) -> ${NOPAQUE_GID})... "
-    groupmod --gid "${NOPAQUE_GID}" nopaque > /dev/null
+    echo -n "- Updating nopaque GID (${NOPAQUE_GID} -> ${HOST_GID})... "
+    groupmod --gid "${HOST_GID}" nopaque > /dev/null
     if [[ "${?}" == "0" ]]; then
-        HAS_NOPAQUE_GID_CHANGED=true
         echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
     else
         echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
@@ -64,14 +87,15 @@ fi
 
 
 ##############################################################################
-# nopaque UID                                                                #
+# Update nopaque UID                                                         #
 ##############################################################################
-if [[ "${NOPAQUE_UID}" == "$(id -u nopaque)" ]]; then
+NOPAQUE_UID=$(id -u nopaque)
+if [[ "${NOPAQUE_UID}" == "${HOST_UID}" ]]; then
     echo -n "- nopaque UID is already matching..."
     echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
 else
-    echo -n "- Updating nopaque UID ($(id -u nopaque) -> ${NOPAQUE_UID})... "
-    usermod --uid "${NOPAQUE_UID}" nopaque > /dev/null
+    echo -n "- Updating nopaque UID (${NOPAQUE_UID} -> ${HOST_UID})... "
+    usermod --uid "${HOST_UID}" nopaque > /dev/null
     if [[ "${?}" == "0" ]]; then
         echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
     else