Merge pull request #3 from p0lycarpio/develop

chore: s6 init scripts and user permissions

Author: p0lycarpio

.env.sample

@@ -1,3 +1,5 @@
+PUID=1000
+PGID=1000
 WEBHOOK_URL=https://discord.com/api/webhooks/abc
 CRON=0 20 * * *
 TMDB_TOKEN=

Dockerfile

@@ -1,6 +1,6 @@
 FROM alpine:3.19 AS rootfs-stage
 
-ARG S6_OVERLAY_VERSION="3.1.6.0"
+ARG S6_OVERLAY_VERSION="3.1.6.2"
 ARG TARGETPLATFORM
 
 RUN apk add --no-cache \
@@ -38,14 +38,23 @@ COPY --from=rootfs-stage /root-out/ /
 ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
     PYTHONDONTWRITEBYTECODE=1
 
-# install packages
-RUN apk add --no-cache \
-    alpine-release \
-    bash \
-    ca-certificates \
-    coreutils \
-    tzdata && \
-    rm -rf /tmp/*
+RUN \
+    echo "**** install runtime packages ****" && \
+    apk add --no-cache \
+        alpine-release \
+        bash \
+        ca-certificates \
+        coreutils \
+        shadow \
+        tzdata && \
+    echo "**** create abc user and create /data folder ****" && \
+    groupmod -g 1000 users && \
+    useradd -u 911 -U -d /config -s /bin/false abc && \
+    usermod -G users abc && \
+    mkdir -p /data \
+    echo "**** cleanup ****" && \
+    rm -rf \
+        /tmp/*
 
 COPY requirements.txt /app/
 RUN pip3 install --no-cache-dir -r requirements.txt

README.md

@@ -50,6 +50,7 @@ Variables in **bold** are required.
 - SERVICES: filter for streaming services separated by comma. Example: `Canal+,Disney Plus,Netflix`
 - TZ : timezone. Default : `UTC`
 - LOGLEVEL stdout verbosity. Default to `INFO`
+- PUID/PGID: used for Docker volume permissions. Default : `911`
 
 ### Notification variables
 

etc/s6-overlay/s6-rc.d/user/contents.d/cron etc/s6-overlay/s6-rc.d/app-firstrun/dependencies.d/init-adduser

@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+cd /app || exit
+s6-setuidgid abc python3 -m tmdb_notifier

etc/s6-overlay/s6-rc.d/app-firstrun/run

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/app-firstrun/run

etc/s6-overlay/s6-rc.d/run-app/type etc/s6-overlay/s6-rc.d/app-firstrun/type

@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+PUID=${PUID:-911}
+PGID=${PGID:-911}
+
+groupmod -o -g "$PGID" abc >/dev/null 2>&1
+usermod -o -u "$PUID" abc >/dev/null 2>&1
+
+chown abc:abc /data

etc/s6-overlay/s6-rc.d/app-firstrun/up

@@ -0,0 +1 @@
+oneshot

etc/s6-overlay/s6-rc.d/cron/run

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-adduser/run

etc/s6-overlay/s6-rc.d/init-adduser/run

@@ -0,0 +1,15 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+# get cron expression from tmdb_notifier cli
+cd /app || exit
+CRON=$(s6-setuidgid abc python3 -m tmdb_notifier cron)
+
+# append cron job to user
+echo "${CRON} cd /app && python3 -m tmdb_notifier" > /data/crontab
+
+# set permissions and import user crontabs
+chown abc:abc /data/crontab
+crontab -u abc /data/crontab
+
+exec /usr/sbin/crond -f -S -l 5

etc/s6-overlay/s6-rc.d/init-adduser/type

@@ -56,7 +56,7 @@
             changes += 1
 
     logger.info(
-        f"{nb} movies processed. {watchlist_diff} watchlist changes, {changes} movies with new providers and {nb-changes} non-updated.\n"
+        f"{nb} movies processed. {watchlist_diff} watchlist changes, {changes} movies with new providers and {nb-changes} non-updated."
     )
     db.cleanup()
     db.close()