From 4204af255cd8a8e3c14f7071ead80cf839ffb00a Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Fri, 22 May 2020 21:18:11 +0200
Subject: [PATCH] Add ability to run the docker container with configurable
 user and group ids

---
 Dockerfile                                    | 14 ++++++++++----
 docs/content/doc/setup/full-docker-example.md |  2 ++
 docs/content/doc/setup/install-backend.md     | 18 ++++++++++++++++--
 docs/content/doc/setup/install-frontend.md    |  5 +++++
 run.sh                                        |  7 +++++++
 5 files changed, 40 insertions(+), 6 deletions(-)
 create mode 100755 run.sh

diff --git a/Dockerfile b/Dockerfile
index 1183a24529..d03458f405 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,10 +28,17 @@ LABEL maintainer="maintainers@vikunja.io"
 
 WORKDIR /app/vikunja/
 COPY --from=build-env /go/src/code.vikunja.io/api/vikunja .
-RUN adduser -S -D vikunja -h /app/vikunja -H \
-  && chown vikunja -R /app/vikunja
 ENV VIKUNJA_SERVICE_ROOTPATH=/app/vikunja/
 
+# Dynamic permission changing stuff
+ENV PUID 1000
+ENV PGID 1000
+RUN apk --no-cache add shadow && \
+  addgroup -g ${PGID} vikunja && \
+  adduser -s /bin/sh -D -G vikunja -u ${PUID} vikunja -h /app/vikunja -H && \
+  chown vikunja -R /app/vikunja
+COPY run.sh /run.sh
+
 # Fix time zone settings not working
 RUN apk --no-cache add tzdata
 
@@ -40,6 +47,5 @@ RUN mkdir /app/vikunja/files && \
   chown -R vikunja /app/vikunja/files
 VOLUME /app/vikunja/files
 
-USER vikunja
-CMD ["/app/vikunja/vikunja"]
+CMD ["/run.sh"]
 EXPOSE 3456
diff --git a/docs/content/doc/setup/full-docker-example.md b/docs/content/doc/setup/full-docker-example.md
index f7427ca204..8f836ef23e 100644
--- a/docs/content/doc/setup/full-docker-example.md
+++ b/docs/content/doc/setup/full-docker-example.md
@@ -30,6 +30,8 @@ services:
       VIKUNJA_REDIS_HOST: 'redis:6379'
       VIKUNJA_CACHE_ENABLED: 1
       VIKUNJA_CACHE_TYPE: redis
+    volumes:
+      - ./files:/app/vikunja/files
   redis:
     image: redis
 {{< /highlight >}}
diff --git a/docs/content/doc/setup/install-backend.md b/docs/content/doc/setup/install-backend.md
index a60e2407cc..c75894da08 100644
--- a/docs/content/doc/setup/install-backend.md
+++ b/docs/content/doc/setup/install-backend.md
@@ -106,7 +106,7 @@ docker run -p 3456:3456 vikunja/api
 {{< /highlight >}}
 
 to run with a standard configuration.
-This will expose 
+This will expose vikunja on port `3456` on the host running the container.
 
 You can mount a local configuration like so:
 
@@ -117,6 +117,18 @@ docker run -p 3456:3456 -v /path/to/config/on/host.yml:/app/vikunja/config.yml:r
 Though it is recommended to use eviroment variables or `.env` files to configure Vikunja in docker.
 See [config]({{< ref "config.md">}}) for a list of available configuration options.
 
+### Files volume
+
+By default the container stores all files uploaded and used through vikunja inside of `/app/vikunja/files` which is created as a docker volume.
+You should mount the volume somewhere to the host to permanently store the files and don't loose them if the container restarts.
+
+### Setting user and group id of the user running vikunja
+
+You can set the user and group id of the user running vikunja with the `PUID` and `PGID` evironment variables.
+This follows the pattern used by [the linuxserver.io](https://docs.linuxserver.io/general/understanding-puid-and-pgid) docker images.
+
+This is useful to solve general permission problems when host-mounting volumes such as the volume used for task attachments.
+
 ### Docker compose
 
 To run the backend with a mariadb database you can use this example [docker-compose](https://docs.docker.com/compose/) file:
@@ -132,13 +144,15 @@ services:
       VIKUNJA_DATABASE_TYPE: mysql
       VIKUNJA_DATABASE_USER: root
       VIKUNJA_SERVICE_JWTSECRET: <generated secret>
+    volumes:
+      - ./files:/app/vikunja/files
   db:
     image: mariadb:10
     environment:
       MYSQL_ROOT_PASSWORD: supersecret
       MYSQL_DATABASE: vikunja
     volumes:
-    - ./db:/var/lib/mysql
+      - ./db:/var/lib/mysql
 {{< /highlight >}}
 
 See [full docker example]({{< ref "full-docker-example.md">}}) for more varations of this config.
diff --git a/docs/content/doc/setup/install-frontend.md b/docs/content/doc/setup/install-frontend.md
index bc12c9cf6d..ea9cbe4f93 100644
--- a/docs/content/doc/setup/install-frontend.md
+++ b/docs/content/doc/setup/install-frontend.md
@@ -45,6 +45,11 @@ which will run the docker image and expose port 80 on the host.
 
 See [full docker example]({{< ref "full-docker-example.md">}}) for more varations of this config.
 
+### Setting user and group id of the user running vikunja
+
+You can set the user and group id of the user running vikunja with the `PUID` and `PGID` evironment variables.
+This follows the pattern used by [the linuxserver.io](https://docs.linuxserver.io/general/understanding-puid-and-pgid) docker images.
+
 ### API URL configuration in docker
 
 When running the frontend with docker, it is possible to set the environment variable `$VIKUNJA_API_URL` to the api url.
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000000..c7258da4e5
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Set the uid and gid of the vikunja run user
+usermod --non-unique --uid ${PUID} vikunja
+groupmod --non-unique --gid ${PGID} vikunja
+
+su vikunja -c '/app/vikunja/vikunja'
\ No newline at end of file