From c0a2a705ec8fe659ee4849afa293c29a02d424c2 Mon Sep 17 00:00:00 2001
From: Stefan Allius <stefan.allius@t-online.de>
Date: Thu, 28 Sep 2023 21:46:02 +0200
Subject: [PATCH] Running Proxy with host UID and GUID Fixes #2

---
 app/Dockerfile      | 54 +++++++++++++++++++++++++++++++++------------
 app/entrypoint.sh   | 15 +++++++++++++
 docker-compose.yaml | 11 ++++-----
 3 files changed, 59 insertions(+), 21 deletions(-)
 create mode 100644 app/entrypoint.sh

diff --git a/app/Dockerfile b/app/Dockerfile
index c43dd3f..828bd23 100644
--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -1,9 +1,20 @@
 ARG SERVICE_NAME="tsun-proxy"
 ARG UID=1000
+ARG GID=1000
 
 # set base image (host OS)
 FROM python:3.11-slim-bookworm AS builder
 
+USER root
+
+# install gosu for a better su+exec command
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y gosu; \
+	rm -rf /var/lib/apt/lists/*; \
+# verify that the binary works
+	gosu nobody true
+
 RUN pip install --upgrade pip
 
 
@@ -19,36 +30,51 @@ RUN pip install --user -r requirements.txt
 FROM python:3.11-slim-bookworm
 ARG SERVICE_NAME
 ARG UID
+ARG GID
 ENV SERVICE_NAME=$SERVICE_NAME
 ENV UID=$UID
+ENV GID=$GID 
 
-RUN addgroup --gid 1000 $SERVICE_NAME && \
+
+
+RUN addgroup --gid $GID $SERVICE_NAME && \
     adduser --ingroup $SERVICE_NAME --shell /bin/false --disabled-password --uid $UID $SERVICE_NAME && \
-    mkdir -p /home/$SERVICE_NAME/log && \
-    mkdir -p /home/$SERVICE_NAME/config && \
-    chown --recursive $SERVICE_NAME:$SERVICE_NAME /home/$SERVICE_NAME
-
+    mkdir -p /home/$SERVICE_NAME/log /home/$SERVICE_NAME/config && \
+    chown -R $SERVICE_NAME:$SERVICE_NAME /home/$SERVICE_NAME
+#addgroup -S -g 1883 mosquitto 2>/dev/null && \
+ #   adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \
+  #  mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \
+  #  chown -R mosquitto:mosquitto /mosquitto && \
+    
 # set the working directory in the container
 WORKDIR /home/$SERVICE_NAME
-USER $SERVICE_NAME
-
-# copy only the dependencies installation from the 1st stage image
-COPY --from=builder --chown=$SERVICE_NAME:$SERVICE_NAME /root/.local /home/$SERVICE_NAME/.local
-
-# copy the content of the local src and config directory to the working directory
-COPY --chown=$SERVICE_NAME:$SERVICE_NAME config .
-COPY --chown=$SERVICE_NAME:$SERVICE_NAME src .
 
 # update PATH environment variable
 ENV HOME=/home/$SERVICE_NAME
 ENV PATH=/home/$SERVICE_NAME/.local:$PATH
 
+VOLUME ["/home/$SERVICE_NAME/log", "/home/$SERVICE_NAME/config"]
+
+# copy only the dependencies installation from the 1st stage image
+COPY --from=builder --chown=$SERVICE_NAME:$SERVICE_NAME /root/.local /home/$SERVICE_NAME/.local
+COPY --from=builder /usr/sbin/gosu /usr/sbin/gosu
+
+COPY entrypoint.sh /root/entrypoint.sh
+RUN chmod +x /root/entrypoint.sh
+
+# copy the content of the local src and config directory to the working directory
+COPY config .
+COPY src .
+
 EXPOSE 5005
 
 # command to run on container start
+ENTRYPOINT ["/root/entrypoint.sh"]
 CMD [ "python3", "./server.py" ]
 
+LABEL org.label-schema.build-date=$BUILD_DATE 
 LABEL org.opencontainers.image.authors="Stefan Allius <stefan.allius@t-online.de>"
 LABEL org.opencontainers.image.source https://github.com/s-allius/tsun-gen3-proxy
 LABEL org.opencontainers.image.description 'The "TSUN Gen3 Micro-Inverter" proxy enables a reliable connection between TSUN third generation inverters and an MQTT broker to integrate the inverter into typical home automations'
-LABEL org.opencontainers.image.licenses="BSD-3-Clause"
\ No newline at end of file
+LABEL org.opencontainers.image.licenses="BSD-3-Clause"
+LABEL org.opencontainers.image.vendor="Stefan Allius>"
diff --git a/app/entrypoint.sh b/app/entrypoint.sh
new file mode 100644
index 0000000..16a03cf
--- /dev/null
+++ b/app/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+user="$(id -u)"
+echo "#############################################"
+echo "# start: '$SERVICE_NAME'"
+echo "# with UserID:$UID, GroupID:$GID"
+echo "#############################################"
+
+if [ "$user" = '0' ]; then
+	[ -d "/home/$SERVICE_NAME" ] && chown -R $SERVICE_NAME:$SERVICE_NAME /home/$SERVICE_NAME || true
+    exec gosu $SERVICE_NAME "$@"
+else
+    exec "$@"
+fi
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 833155b..5742e02 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -67,19 +67,16 @@ services:
   tsun-proxy:
     container_name: tsun-proxy
     image: ghcr.io/s-allius/tsun-gen3-proxy:latest
-    build: 
-       context: https://github.com/s-allius/tsun-gen3-proxy.git#main:app
-       args:
-         - UID=1000
     restart: unless-stopped
     depends_on:
       - mqtt
     environment:
       - TZ=Europe/Brussels
-      - SERVICE_NAME=tsun-proxy
+      - UID=${UID:-1000}
+      - GID=${GID:-1000}
     dns:
-      - 8.8.8.8
-      - 4.4.4.4
+      - ${DNS1:-8.8.8.8}
+      - $(DNS2:-4.4.4.4}
     ports: 
       - 5005:5005
     volumes: