mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-25 02:44:18 +00:00
Update .env.tpl
This commit is contained in:
parent
e51dcafa6f
commit
13e4d461c7
22
.env.tpl
22
.env.tpl
@ -1,32 +1,20 @@
|
|||||||
##############################################################################
|
##############################################################################
|
||||||
# Variables for use in Docker Compose YAML files #
|
# Environment variables used by Docker Compose config files. #
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# HINT: Use this bash command `id -u`
|
# HINT: Use this bash command `id -u`
|
||||||
# NOTE: 0 (= root user) is not allowed
|
# NOTE: 0 (= root user) is not allowed
|
||||||
HOST_UID=
|
HOST_UID=
|
||||||
|
|
||||||
# HINT: Use this bash command `id -g`
|
# HINT: Use this bash command `id -g`
|
||||||
|
# NOTE: 0 (= root group) is not allowed
|
||||||
HOST_GID=
|
HOST_GID=
|
||||||
|
|
||||||
# HINT: Use this bash command `getent group docker | cut -d: -f3`
|
# HINT: Use this bash command `getent group docker | cut -d: -f3`
|
||||||
HOST_DOCKER_GID=
|
HOST_DOCKER_GID=
|
||||||
|
|
||||||
# DEFAULT: nopaque
|
# DEFAULT: nopaque
|
||||||
# DOCKER_DEFAULT_NETWORK_NAME=
|
NOPAQUE_DOCKER_NETWORK_NAME=nopaque
|
||||||
|
|
||||||
# DEFAULT: ./volumes/db/data
|
|
||||||
# NOTE: Use `.` as <project-basedir>
|
|
||||||
# DOCKER_DB_SERVICE_DATA_VOLUME_SOURCE_PATH=
|
|
||||||
|
|
||||||
# DEFAULT: ./volumes/mq/data
|
|
||||||
# NOTE: Use `.` as <project-basedir>
|
|
||||||
# DOCKER_MQ_SERVICE_DATA_VOLUME_SOURCE_PATH=
|
|
||||||
|
|
||||||
# NOTE: This must be a network share and it must be available on all
|
# NOTE: This must be a network share and it must be available on all
|
||||||
# Docker Swarm nodes, mounted to the same path with the same
|
# Docker Swarm nodes, mounted to the same path.
|
||||||
# user and group ownership.
|
HOST_NOPAQUE_DATA_PATH=/mnt/nopaque
|
||||||
DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH=
|
|
||||||
|
|
||||||
# DEFAULT: ./volumes/nopaque/logs
|
|
||||||
# NOTE: Use `.` as <project-basedir>
|
|
||||||
# DOCKER_NOPAQUE_SERVICE_LOGS_VOLUME_SOURCE_PATH=.
|
|
||||||
|
@ -1,62 +1,56 @@
|
|||||||
# The docker-compose.yml file is not meant to be modified itself.
|
# This file is not meant to be modified, use the following files instead:
|
||||||
# Instead use the following files for configurations:
|
# - `.env`: Environment variables available within Docker Compose config files.
|
||||||
# - .env: Environment variables for the docker-compose.yml file.
|
# - `db.env`: Environment variables for the database service.
|
||||||
# - db.env: Environment variables for the database service.
|
# - `nopaque.env`: Environment variables for the nopaque service.
|
||||||
# - nopaque.env: Environment variables for the nopaque service.
|
# - `docker-compose.override.yml`: Override the docker-compose.yml file.
|
||||||
# - docker-compose.override.yml: Override the docker-compose.yml file.
|
# - The `docker-compose` directory includes examples for this.
|
||||||
# - Don't change too much here, it's meant for configurations like exposing
|
|
||||||
# ports for development or adding labels for e.g. traefik.
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
nopaque:
|
||||||
name: "${DOCKER_DEFAULT_NETWORK_NAME:-nopaque}"
|
attachable: true
|
||||||
|
driver: "overlay"
|
||||||
|
name: "${NOPAQUE_DOCKER_NETWORK_NAME}"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
db:
|
db:
|
||||||
env_file: db.env
|
env_file: "db.env"
|
||||||
image: postgres:11
|
image: "postgres:11"
|
||||||
restart: unless-stopped
|
networks:
|
||||||
|
- "nopaque"
|
||||||
|
restart: "unless-stopped"
|
||||||
volumes:
|
volumes:
|
||||||
- type: bind
|
- "./volumes/db/data:/var/lib/postgresql/data"
|
||||||
source: "${DOCKER_DB_SERVICE_DATA_VOLUME_SOURCE_PATH:-./volumes/db/data}"
|
|
||||||
target: "/var/lib/postgresql/data"
|
|
||||||
|
|
||||||
mq:
|
mq:
|
||||||
image: redis:6
|
image: "redis:6"
|
||||||
restart: unless-stopped
|
networks:
|
||||||
|
- "nopaque"
|
||||||
|
restart: "unless-stopped"
|
||||||
volumes:
|
volumes:
|
||||||
- type: bind
|
- "./volumes/mq/data:/data"
|
||||||
source: "${DOCKER_MQ_SERVICE_DATA_VOLUME_SOURCE_PATH:-./volumes/mq/data}"
|
|
||||||
target: "/data"
|
|
||||||
|
|
||||||
nopaque:
|
nopaque:
|
||||||
build: .
|
build: .
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- "db"
|
||||||
- mq
|
- "mq"
|
||||||
env_file:
|
env_file:
|
||||||
- nopaque.env
|
- "nopaque.env"
|
||||||
environment:
|
environment:
|
||||||
# This section overrides the values set in the nopaque.env file. Do not
|
# DANGER: Don't change the following environment variables within a
|
||||||
# override the environment variables in a docker-compose.override.yml
|
# Docker Compose config file, use the `.env` file instead.
|
||||||
# file unless you really know what you are doing.
|
HOST_UID: "${HOST_UID}"
|
||||||
- NOPAQUE_UID=${HOST_UID}
|
HOST_GID: "${HOST_GID}"
|
||||||
- NOPAQUE_GID=${HOST_GID}
|
HOST_DOCKER_GID: "${HOST_DOCKER_GID}"
|
||||||
- DOCKER_GID=${HOST_DOCKER_GID}
|
NOPAQUE_DATA_PATH: "${HOST_NOPAQUE_DATA_PATH}"
|
||||||
- NOPAQUE_DATA_PATH=${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}
|
NOPAQUE_DOCKER_NETWORK_NAME: "${NOPAQUE_DOCKER_NETWORK_NAME}"
|
||||||
- NOPAQUE_DOCKER_NETWORK_NAME=${DOCKER_DEFAULT_NETWORK_NAME:-nopaque}
|
image: "nopaque:latest"
|
||||||
- NOPAQUE_LOGS_PATH=/home/nopaque/logs
|
networks:
|
||||||
image: nopaque:latest
|
- "nopaque"
|
||||||
restart: unless-stopped
|
restart: "unless-stopped"
|
||||||
volumes:
|
volumes:
|
||||||
- type: bind
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
source: "/var/run/docker.sock"
|
- "./volumes/nopaque/logs:/var/log/nopaque"
|
||||||
target: "/var/run/docker.sock"
|
# DANGER: Don't change the following mount within a Docker Compose
|
||||||
# TODO: Make this less quirky. The target path should be variable.
|
# config file, use the `.env` file instead.
|
||||||
# In order to achieve this, a cifs volume needs to be configured.
|
- "${HOST_NOPAQUE_DATA_PATH}:${HOST_NOPAQUE_DATA_PATH}"
|
||||||
- type: bind
|
|
||||||
source: "${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}"
|
|
||||||
target: "${DOCKER_NOPAQUE_SERVICE_DATA_VOLUME_SOURCE_PATH}"
|
|
||||||
- type: bind
|
|
||||||
source: "${DOCKER_NOPAQUE_SERVICE_LOGS_VOLUME_SOURCE_PATH:-./volumes/nopaque/logs}"
|
|
||||||
target: "/home/nopaque/logs"
|
|
||||||
|
@ -7,25 +7,48 @@ CHECK_MARK="\xE2\x9C\x93"
|
|||||||
CROSS_MARK="\xE2\x9D\x8C"
|
CROSS_MARK="\xE2\x9D\x8C"
|
||||||
|
|
||||||
|
|
||||||
if [[ "${NOPAQUE_UID}" == "0" ]]; then
|
# Check if necessary environment variables are set
|
||||||
|
if [[ -z "${HOST_DOCKER_GID}" ]]; then
|
||||||
|
echo "Environment variable \"HOST_DOCKER_GID\" not set."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -z "${HOST_UID}" ]]; then
|
||||||
|
echo "Environment variable \"HOST_UID\" not set."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -z "${HOST_GID}" ]]; then
|
||||||
|
echo "Environment variable \"HOST_GID\" not set."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Check if the UID or GID are set to "0" (root). We want an unprivileged user.
|
||||||
|
if [[ "${HOST_UID}" == "0" ]]; then
|
||||||
echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
|
echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
|
||||||
echo "Running as root is not allowed"
|
echo "\"0\" is not allowed for HOST_UID"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${HOST_GID}" == "0" ]]; then
|
||||||
|
echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
|
||||||
|
echo "\"0\" is not allowed for HOST_GID"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
echo "Set container UID and GIDs to match the host system..."
|
echo "Set container UID and GIDs to match the host system..."
|
||||||
|
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# docker GID #
|
# Update docker GID #
|
||||||
##############################################################################
|
##############################################################################
|
||||||
if [[ "${DOCKER_GID}" == "$(getent group docker | cut -d: -f3)" ]]; then
|
DOCKER_GID=$(getent group docker | cut -d: -f3)
|
||||||
|
if [[ "${DOCKER_GID}" == "${HOST_DOCKER_GID}" ]]; then
|
||||||
echo -n "- docker GID is already matching..."
|
echo -n "- docker GID is already matching..."
|
||||||
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
||||||
else
|
else
|
||||||
echo -n "- Updating docker GID ($(getent group docker | cut -d: -f3) -> ${DOCKER_GID})... "
|
echo -n "- Updating docker GID (${DOCKER_GID} -> ${HOST_DOCKER_GID})... "
|
||||||
groupmod --gid "${DOCKER_GID}" docker > /dev/null
|
groupmod --gid "${HOST_DOCKER_GID}" docker > /dev/null
|
||||||
if [[ "${?}" == "0" ]]; then
|
if [[ "${?}" == "0" ]]; then
|
||||||
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
||||||
else
|
else
|
||||||
@ -36,16 +59,16 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# nopaque GID #
|
# Update nopaque GID #
|
||||||
##############################################################################
|
##############################################################################
|
||||||
if [[ "${NOPAQUE_GID}" == "$(id -g nopaque)" ]]; then
|
NOPAQUE_GID=$(id -g nopaque)
|
||||||
|
if [[ "${NOPAQUE_GID}" == "${HOST_GID}" ]]; then
|
||||||
echo -n "- nopaque GID is already matching..."
|
echo -n "- nopaque GID is already matching..."
|
||||||
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
||||||
else
|
else
|
||||||
echo -n "- Updating nopaque GID ($(id -g nopaque) -> ${NOPAQUE_GID})... "
|
echo -n "- Updating nopaque GID (${NOPAQUE_GID} -> ${HOST_GID})... "
|
||||||
groupmod --gid "${NOPAQUE_GID}" nopaque > /dev/null
|
groupmod --gid "${HOST_GID}" nopaque > /dev/null
|
||||||
if [[ "${?}" == "0" ]]; then
|
if [[ "${?}" == "0" ]]; then
|
||||||
HAS_NOPAQUE_GID_CHANGED=true
|
|
||||||
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
||||||
else
|
else
|
||||||
echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
|
echo -e "${RED_COLOR}${CROSS_MARK}${NO_COLOR}"
|
||||||
@ -64,14 +87,15 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# nopaque UID #
|
# Update nopaque UID #
|
||||||
##############################################################################
|
##############################################################################
|
||||||
if [[ "${NOPAQUE_UID}" == "$(id -u nopaque)" ]]; then
|
NOPAQUE_UID=$(id -u nopaque)
|
||||||
|
if [[ "${NOPAQUE_UID}" == "${HOST_UID}" ]]; then
|
||||||
echo -n "- nopaque UID is already matching..."
|
echo -n "- nopaque UID is already matching..."
|
||||||
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
||||||
else
|
else
|
||||||
echo -n "- Updating nopaque UID ($(id -u nopaque) -> ${NOPAQUE_UID})... "
|
echo -n "- Updating nopaque UID (${NOPAQUE_UID} -> ${HOST_UID})... "
|
||||||
usermod --uid "${NOPAQUE_UID}" nopaque > /dev/null
|
usermod --uid "${HOST_UID}" nopaque > /dev/null
|
||||||
if [[ "${?}" == "0" ]]; then
|
if [[ "${?}" == "0" ]]; then
|
||||||
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
echo -e "${GREEN_COLOR}${CHECK_MARK}${NO_COLOR}"
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user