Add support for PUID/PGID and create necessary directories in /snikket

This is useful when e.g. mounting an existing directory instead of a docker-managed volume.
2020-02-20 22:00:14 +00:00 · 2020-02-20 22:00:14 +00:00 · c30b7310aa
parent 23d795b1cb
commit c30b7310aa
3 changed files with 40 additions and 5 deletions
--- a/ansible/files/certbot.cron
+++ b/ansible/files/certbot.cron
@ -1,12 +1,13 @@
 #!/bin/sh

-certbot certonly -n --webroot --webroot-path /var/www \
+su letsencrypt -- -c "certbot certonly -n --webroot --webroot-path /var/www \
  --cert-path /etc/ssl/certbot \
  --keep $SNIKKET_CERTBOT_OPTIONS \
-  --agree-tos --email "$SNIKKET_ADMIN_EMAIL" --expand \
+  --agree-tos --email \"$SNIKKET_ADMIN_EMAIL\" --expand \
  --allow-subset-of-names \
  --config-dir /snikket/letsencrypt \
-  --domain "$SNIKKET_DOMAIN" --domain "share.$SNIKKET_DOMAIN" \
-  --domain "groups.$SNIKKET_DOMAIN"
+  --domain \"$SNIKKET_DOMAIN\" --domain \"share.$SNIKKET_DOMAIN\" \
+  --domain \"groups.$SNIKKET_DOMAIN\"
+  "

 prosodyctl --root cert import /snikket/letsencrypt/live
--- a/ansible/tasks/certs.yml
+++ b/ansible/tasks/certs.yml
@ -13,4 +13,14 @@
  copy:
    src: ../files/certbot.cron
    dest: /etc/cron.daily/certbot
-    mode: 0550
+    mode: 0555
+- name: Create letsencrypt group
+  group:
+    name: letsencrypt
+    system: yes
+- name: Create letsencrypt user
+  user:
+    name: letsencrypt
+    group: letsencrypt
+    system: yes
+    home: /snikket/letsencrypt
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -15,4 +15,28 @@ echo "from snikket@$SNIKKET_DOMAIN" >> /etc/msmtprc

 unset SNIKKET_SMTP_URL

+PUID=${PUID:=$(stat -c %u /snikket)}
+PGID=${PGID:=$(stat -c %g /snikket)}
+
+if [ "$PUID" != 0 ] && [ "$PGID" != 0 ]; then
+	usermod  -o -u "$PUID" prosody
+	groupmod -o -g "$PGID" prosody
+
+	usermod  -o -u "$PUID" letsencrypt
+	groupmod -o -g "$PGID" letsencrypt
+fi
+
+if ! test -d /snikket/prosody; then
+	install -o prosody -g prosody -m 750 -d /snikket/prosody;
+fi
+
+chown -R prosody:prosody /var/spool/anacron /var/run/prosody /snikket/prosody /etc/prosody
+
+if ! test -d /snikket/letsencrypt; then
+	install -o letsencrypt -g letsencrypt -m 750 -d /snikket/letsencrypt;
+fi
+
+install -o letsencrypt -g letsencrypt -m 750 -d /var/lib/letsencrypt;
+install -o letsencrypt -g letsencrypt -m 750 -d /var/log/letsencrypt;
+
 exec supervisord -c /etc/supervisor/supervisord.conf