From da19e486f243db701959b277a32c8ee10bebb9f8 Mon Sep 17 00:00:00 2001
From: Thomas Miceli <27960254+thomiceli@users.noreply.github.com>
Date: Sun, 18 Jun 2023 12:50:36 +0200
Subject: [PATCH] Customise UID/GID for Docker (#63)

---
 Dockerfile           | 15 ++++++++++-----
 README.md            | 17 ++++++++++++++---
 docker/entrypoint.sh | 13 +++++++++++++
 3 files changed, 37 insertions(+), 8 deletions(-)
 create mode 100755 docker/entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index eba90a2..f8a73fc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,10 +21,11 @@ COPY . .
 RUN make
 
 
-FROM alpine:3.17
+FROM alpine:3.17 as run
 
 RUN apk update && \
     apk add --no-cache \
+    shadow \
     openssl \
     openssh \
     curl \
@@ -36,10 +37,14 @@ RUN apk update && \
     musl-dev \
     libstdc++
 
-WORKDIR /opengist
+RUN addgroup -S opengist && \
+    adduser -S -G opengist -H -s /bin/ash -g 'Opengist User' opengist
 
-COPY --from=build /opengist/opengist .
+WORKDIR /app/opengist
+
+COPY --from=build --chown=opengist:opengist /opengist/opengist .
+COPY --from=build --chown=opengist:opengist /opengist/docker ./docker
 
 EXPOSE 6157 2222
-VOLUME /root/.opengist
-CMD ["./opengist"]
+VOLUME /opengist
+ENTRYPOINT ["./docker/entrypoint.sh"]
diff --git a/README.md b/README.md
index a407d68..960dd0e 100644
--- a/README.md
+++ b/README.md
@@ -56,9 +56,9 @@ A self-hosted pastebin **powered by Git**. [Try it here](https://opengist.thomic
 A Docker [image](https://github.com/thomiceli/opengist/pkgs/container/opengist), available for each release, can be pulled
 
 ```shell
-docker pull ghcr.io/thomiceli/opengist:1.3    # most recent release
+docker pull ghcr.io/thomiceli/opengist:1.3    # most recent release, stable
 
-docker pull ghcr.io/thomiceli/opengist:latest # latest development version
+docker pull ghcr.io/thomiceli/opengist:latest # latest development version, unstable
 ```
 
 It can be used in a `docker-compose.yml` file :
@@ -79,7 +79,18 @@ services:
       - "6157:6157" # HTTP port
       - "2222:2222" # SSH port, can be removed if you don't use SSH
     volumes:
-      - "$HOME/.opengist:/root/.opengist"
+      - "$HOME/.opengist:/opengist"
+```
+
+You can define which user/group should run the container and own the files by setting the `UID` and `GID` environment variables :
+
+```yml
+services:
+  opengist:
+    # ...
+    environment:
+      UID: 1001
+      GID: 1001
 ```
 
 ### From source
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100755
index 0000000..1e2c681
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+export USER=opengist
+PID=${PID:-1000}
+GID=${GID:-1000}
+groupmod -o -g "$GID" $USER
+usermod -o -u "$PID" $USER
+
+chown -R "$USER:$USER" /opengist
+
+export OG_OPENGIST_HOME=/opengist
+
+su -m $USER -c "/app/opengist/opengist"