Skip to content

Commit

Permalink
remove assumption user ID is 1000
Browse files Browse the repository at this point in the history
On menu.sh start, store current UID and GID to .env, if they are missing.
Use these to run services that use a customized user.
  • Loading branch information
ukkopahis committed May 1, 2022
1 parent 8a930eb commit 3fa64f7
Show file tree
Hide file tree
Showing 27 changed files with 118 additions and 77 deletions.
15 changes: 8 additions & 7 deletions .bash_aliases
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
alias iotstack_up="docker-compose -f ~/IOTstack/docker-compose.yml up -d"
alias iotstack_down="docker-compose -f ~/IOTstack/docker-compose.yml down"
alias iotstack_start="docker-compose -f ~/IOTstack/docker-compose.yml start"
alias iotstack_stop="docker-compose -f ~/IOTstack/docker-compose.yml stop"
alias iotstack_update="docker-compose -f ~/IOTstack/docker-compose.yml pull"
alias iotstack_build="docker-compose -f ~/IOTstack/docker-compose.yml build"

COMPOSE_FILE="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/docker-compose.yml"
alias iotstack_up="docker-compose -f "$COMPOSE_FILE" up -d --build --remove-orphans"
alias iotstack_down="docker-compose -f "$COMPOSE_FILE" down"
alias iotstack_start="docker-compose -f "$COMPOSE_FILE" start"
alias iotstack_stop="docker-compose -f "$COMPOSE_FILE" stop"
alias iotstack_pull="docker-compose -f "$COMPOSE_FILE" pull"
alias iotstack_build="docker-compose -f "$COMPOSE_FILE" build --pull --no-cache"
alias iotstack_update="iotstack_pull && iotstack_build && iotstack up"
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@
/.tmp/*
__pycache__
docker-compose.yml
docker-compose.override.yml
compose-override.yml
.env
postbuild.sh
pre_backup.sh
post_backup.sh
Expand Down
4 changes: 2 additions & 2 deletions .templates/blynk_server/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ blynk_server:
restart: unless-stopped
environment:
- TZ=Etc/UTC
- IOTSTACK_UID=1000
- IOTSTACK_GID=1000
- IOTSTACK_UID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- IOTSTACK_GID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
ports:
- "8180:8080"
- "8440:8440"
Expand Down
4 changes: 2 additions & 2 deletions .templates/domoticz/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ domoticz:
restart: unless-stopped
network_mode: bridge
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
# - TZ=
# - WEBROOT=domoticz

4 changes: 2 additions & 2 deletions .templates/gitea/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ gitea:
- "7920:3000/tcp"
- "2222:22/tcp"
environment:
- USER_UID=1000
- USER_GID=1000
- USER_UID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- USER_GID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
volumes:
- ./volumes/gitea/data:/data
- /etc/timezone:/etc/timezone:ro
Expand Down
4 changes: 2 additions & 2 deletions .templates/heimdall/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ heimdall:
image: ghcr.io/linuxserver/heimdall
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- TZ=Europe/Paris
volumes:
- ./volumes/heimdall/config:/config
Expand Down
4 changes: 2 additions & 2 deletions .templates/homebridge/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ homebridge:
restart: unless-stopped
environment:
- TZ=Etc/UTC
- PGID=1000
- PUID=1000
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- HOMEBRIDGE_CONFIG_UI=1
- HOMEBRIDGE_CONFIG_UI_PORT=8581
volumes:
Expand Down
4 changes: 2 additions & 2 deletions .templates/homer/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ homer:
image: b4bz/homer:latest
container_name: homer
environment:
- UID=1000
- GID=1000
- UID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- GID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
volumes:
- ./volumes/homer/assets:/www/assets
ports:
Expand Down
4 changes: 2 additions & 2 deletions .templates/mariadb/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ mariadb:
container_name: mariadb
environment:
- TZ=Etc/UTC
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- MYSQL_ROOT_PASSWORD=%randomAdminPassword%
- MYSQL_DATABASE=default
- MYSQL_USER=mariadbuser
Expand Down
10 changes: 5 additions & 5 deletions .templates/n8n/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ n8n:
# - N8N_BASIC_AUTH_ACTIVE=true
# - N8N_BASIC_AUTH_USER=<USER>
# - N8N_BASIC_AUTH_PASSWORD=<PASSWORD>

# - PGID=1000
# - PUID=1000
# - USBDEVICES=/dev/ttyAMA0
# - PACKAGES=mc
#
# - PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
# - PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
# - USBDEVICES=/dev/ttyAMA0
# - PACKAGES=mc

4 changes: 2 additions & 2 deletions .templates/nextcloud/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ nextcloud_db:
restart: unless-stopped
environment:
- TZ=Etc/UTC
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- MYSQL_ROOT_PASSWORD=%randomPassword%
- MYSQL_PASSWORD=%randomMySqlPassword%
- MYSQL_DATABASE=nextcloud
Expand Down
4 changes: 2 additions & 2 deletions .templates/plex/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ plex:
container_name: plex
network_mode: host
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- VERSION=docker
volumes:
- ./volumes/plex/config:/config
Expand Down
4 changes: 2 additions & 2 deletions .templates/prometheus/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ prometheus:
ports:
- "9090:9090"
environment:
- IOTSTACK_UID=1000
- IOTSTACK_GID=1000
- IOTSTACK_UID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- IOTSTACK_GID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
volumes:
- ./volumes/prometheus/data:/prometheus
command:
Expand Down
4 changes: 2 additions & 2 deletions .templates/python/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ python:
restart: unless-stopped
environment:
- TZ=Etc/UTC
- IOTSTACK_UID=1000
- IOTSTACK_GID=1000
- IOTSTACK_UID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- IOTSTACK_GID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
# ports:
# - "external:internal"
volumes:
Expand Down
4 changes: 2 additions & 2 deletions .templates/qbittorrent/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
image: linuxserver/qbittorrent
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- UMASK_SET=022
- WEBUI_PORT=15080
volumes:
Expand Down
4 changes: 2 additions & 2 deletions .templates/syncthing/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
container_name: syncthing
hostname: raspberrypi #optional
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- HOME=/app
- TZ=Etc/UTC
volumes:
Expand Down
4 changes: 2 additions & 2 deletions .templates/transmission/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ transmission:
image: linuxserver/transmission
container_name: transmission
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- TZ=Etc/UTC
volumes:
- ./volumes/transmission/config:/config
Expand Down
4 changes: 2 additions & 2 deletions .templates/wireguard/service.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ wireguard:
image: ghcr.io/linuxserver/wireguard
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- TZ=Etc/UTC
- SERVERURL=your.dynamic.dns.name
- SERVERPORT=51820
Expand Down
13 changes: 11 additions & 2 deletions docs/Basic_setup/Backup-and-Restore.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,9 @@ There are 2 ways to run backups:

The command that's run from the command line can also be executed from a cronjob:

```0 2 * * * cd /home/pi/IOTstack && /bin/bash ./scripts/backup.sh```
```
0 2 * * * cd /home/pi/IOTstack && /bin/bash ./scripts/backup.sh
```

The current directory of bash must be in IOTstack's directory, to ensure that it can find the relative paths of the files it's meant to back up. In the example above, it's assume that it's inside the `pi` user's home directory.

Expand Down Expand Up @@ -60,7 +62,14 @@ There are 2 ways to run a restore:
* From the menu: `Backup and Restore` > `Restore from backup`
* Running the following command: `bash ./scripts/restore.sh`

**Important**: The restore script assumes that the IOTstack directory is fresh, as if it was just cloned. If it is not fresh, errors may occur, or your data may not correctly be restored even if no errors are apparent.
**Important**:

* The restore script assumes that the IOTstack directory is fresh, as if it was
just cloned. If it's not clean git clone, errors may occur, or your data may
not be restored correctly even if no errors are apparent.
* When reinstalling Raspberry or migrating to a new installation, use the same
user and ID (usually pi and 1000) as when you created the backup. Changing
to another user ID is explicitly NOT supported.

*Note*: It is suggested that you test that your backups can be restored after initially setting up, and anytime you add or remove a service. Major updates to services can also break backups.

Expand Down
22 changes: 14 additions & 8 deletions docs/Basic_setup/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,11 @@ IOTstack makes the following assumptions:
1. Your hardware is a Raspberry Pi (typically a 3B+ or 4B).

* The Raspberry Pi Zero W2 has been tested with IOTstack. It works but the 512MB RAM means you should not try to run too many containers concurrently.
* Users have also [reported success
](https://github.com/SensorsIot/IOTstack/issues/375) on Orange Pi
* Users have also [reported success](
https://github.com/SensorsIot/IOTstack/issues/375) on Orange Pi
Win/Plus.
* Most services will run on any Linux machine with Docker, but some have
Raspberry Pi specific default configurations or dependencies.

2. Your Raspberry Pi has a reasonably-recent version of 32-bit or 64-bit Raspberry Pi OS (aka "Raspbian") installed. You can download operating-system images:

Expand All @@ -35,14 +37,18 @@ IOTstack makes the following assumptions:
$ sudo apt upgrade -y
```

4. You are logged-in as the user "pi".
5. User "pi" has the user ID 1000.
6. The home directory for user "pi" is `/home/pi/`.
7. IOTstack is installed at `/home/pi/IOTstack` (with that exact spelling).
4. You install using a regular user, not root. The actual numeric user ID (UID)
doesn't matter.

If the first three assumptions hold, assumptions four through six are Raspberry Pi defaults on a clean installation. The seventh is what you get if you follow these instructions faithfully.
For brevity, this documentation makes the following guesses, but these aren't
technical requirements. If you use a different choice, you'll just have to
adjust the commands presented in these instructions to match the change. For
first-time users it's recommended to start with these:

Please don't read these assumptions as saying that IOTstack will not run on other hardware, other operating systems, or as a different user. It is just that IOTstack gets most of its testing under these conditions. The further you get from these implicit assumptions, the more your mileage may vary.
- You are logged-in as the user "pi".
- The home directory for user "pi" is `/home/pi/`.
- IOTstack is installed at `~/IOTstack` (with that exact spelling).
- The system hostname is `raspberrypi`

## New installation

Expand Down
4 changes: 2 additions & 2 deletions docs/Containers/Home-Assistant.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,8 @@ your RPi hostname is raspberrypi)
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- TZ=Etc/UTC
- URL=<yourdomain>.duckdns.org
- SUBDOMAINS=wildcard
Expand Down
4 changes: 2 additions & 2 deletions docs/Containers/NextCloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ nextcloud_db:
restart: unless-stopped
environment:
- TZ=Etc/UTC
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- MYSQL_ROOT_PASSWORD=«root_password»
- MYSQL_PASSWORD=«user_password»
- MYSQL_DATABASE=nextcloud
Expand Down
6 changes: 3 additions & 3 deletions docs/Containers/Prometheus.md
Original file line number Diff line number Diff line change
Expand Up @@ -237,11 +237,11 @@ The IOTstack implementation of *Prometheus* supports two environment variables:

```yaml
environment:
- IOTSTACK_UID=1000
- IOTSTACK_GID=1000
- IOTSTACK_UID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- IOTSTACK_GID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
```
Those variables control ownership of the [Configuration directory](#configDir) and its contents. Those environment variables are present in the standard IOTstack service definition for *Prometheus* and have the effect of assigning ownership to "pi:pi".
Those variables control ownership of the [Configuration directory](#configDir) and its contents. Those environment variables are present in the standard IOTstack service definition for *Prometheus* and have the effect of assigning ownership to your current user, e.g. "pi".
If you delete those environment variables from your *Compose* file, the [Configuration directory](#configDir) will be owned by "nobody:nobody"; otherwise the directory and its contents will be owned by whatever values you pass for those variables.
Expand Down
30 changes: 16 additions & 14 deletions docs/Containers/Python.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ When you select Python in the menu:
restart: unless-stopped
environment:
- TZ=Etc/UTC
- IOTSTACK_UID=1000
- IOTSTACK_GID=1000
- IOTSTACK_UID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- IOTSTACK_GID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
# ports:
# - "external:internal"
volumes:
Expand All @@ -48,18 +48,20 @@ The service definition contains a number of customisation points:

1. `restart: unless-stopped` assumes your Python script will run in an infinite loop. If your script is intended to run once and terminate, you should remove this directive.
2. `TZ=Etc/UTC` should be set to your local time-zone. Never use quote marks on the right hand side of a `TZ=` variable.
3. If you are running as a different user ID, you may want to change both `IOTSTACK_UID` and `IOTSTACK_GID` to appropriate values.
3. If you need a different user ID, you may want to change both `IOTSTACK_UID`
and `IOTSTACK_GID` to appropriate values. By default they are defined to be
the same as the current user when you run the menu. Defaults are stored in
`~/IOTstack/.env`, but don't edit that file. Make your edits directly to
`docker-compose.yml`.

Notes:
!!! note

* Don't use user and group *names* because these variables are applied *inside* the container where those names are (probably) undefined.
* The only thing these variables affect is the ownership of:

```
~/IOTstack/volumes/python/app
```

and its contents. If you want everything to be owned by root, set both of these variables to zero (eg `IOTSTACK_UID=0`).
* Don't use user and group *names* because these variables are applied
*inside* the container where those names are (probably) undefined.
* The only thing these variables affect is the ownership of
`~/IOTstack/volumes/python/app` and its contents. If you want
everything to be owned by root, set both of these variables to zero
(e.g. `IOTSTACK_UID=0`).

4. If your Python script listens to data-communications traffic, you can set up the port mappings by uncommenting the `ports:` directive.

Expand Down Expand Up @@ -444,8 +446,8 @@ Proceed like this:
restart: unless-stopped restart: unless-stopped
environment: environment:
- TZ=Etc/UTC - TZ=Etc/UTC
- IOTSTACK_UID=1000 - IOTSTACK_UID=1000
- IOTSTACK_GID=1000 - IOTSTACK_GID=1000
- IOTSTACK_UID=${IOTSTACK_UID:?...} - IOTSTACK_UID=${IOTSTACK_UID:?...}
- IOTSTACK_GID=${IOTSTACK_GID:?...} - IOTSTACK_GID=${IOTSTACK_GID:?...}
# ports: # ports:
# - "external:internal" # - "external:internal"
volumes: volumes:
Expand Down
8 changes: 4 additions & 4 deletions docs/Containers/WireGuard.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,8 @@ wireguard:
image: ghcr.io/linuxserver/wireguard
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- TZ=Etc/UTC
- SERVERURL=your.dynamic.dns.name
- SERVERPORT=51820
Expand Down Expand Up @@ -247,8 +247,8 @@ You will need to create the `compose-override.yml` **before** running the menu t
services:
wireguard:
environment:
- PUID=1000
- PGID=1000
- PUID=${IOTSTACK_UID:?IOTSTACK_UID must be defined in ~/IOTstack/.env}
- PGID=${IOTSTACK_GID:?IOTSTACK_GID must be defined in ~/IOTstack/.env}
- TZ=Australia/Sydney
- SERVERURL=downunda.duckdns.org
- SERVERPORT=51820
Expand Down
Loading

0 comments on commit 3fa64f7

Please sign in to comment.