mirror of
https://github.com/Dispatcharr/Dispatcharr.git
synced 2026-07-17 16:50:53 +00:00
PostgreSQL now runs as the PUID/PGID user ($POSTGRES_USER) instead of the internal postgres system user (UID 102). This fixes container startup failures when PUID/PGID is set, caused by chown permission errors on restricted filesystems (NFS root_squash, CIFS) and UID collisions with the postgres system user. Changes: - Run all PostgreSQL operations (initdb, pg_ctl, psql) as $POSTGRES_USER - Auto-detect PUID/PGID from existing data owner when not explicitly set - Validate PUID/PGID (reject zero, non-numeric values) before startup - Migrate existing data ownership with sentinel-based skip optimization - Use trust auth for local Unix sockets, md5 for network connections - Add promote_app_role() and ensure_app_database() as idempotent startup guarantees that handle fresh installs, upgrades, and PUID changes - Preserve postgres role as superuser for rollback compatibility - Centralize /data/db ownership in 02-postgres.sh (sentinel-aware) - Add integration test suite (20 scenarios) covering fresh installs, upgrades, restarts, PUID changes, UID collisions, bind mounts, modular mode, PG major upgrades, and end-to-end web UI verification
79 lines
2.4 KiB
Bash
79 lines
2.4 KiB
Bash
#!/bin/bash
|
|
|
|
# Define directories that need to exist and be owned by PUID:PGID
|
|
DATA_DIRS=(
|
|
"/data/logos"
|
|
"/data/recordings"
|
|
"/data/uploads/m3us"
|
|
"/data/uploads/epgs"
|
|
"/data/m3us"
|
|
"/data/epgs"
|
|
"/data/plugins"
|
|
"/data/models"
|
|
"/data/scripts"
|
|
)
|
|
|
|
APP_DIRS=(
|
|
"/app/logo_cache"
|
|
"/app/media"
|
|
"/app/static"
|
|
)
|
|
|
|
# Create all directories
|
|
for dir in "${DATA_DIRS[@]}" "${APP_DIRS[@]}"; do
|
|
mkdir -p "$dir"
|
|
done
|
|
|
|
# Ensure /app itself is owned by PUID:PGID (needed for uwsgi socket creation)
|
|
if [ "$(id -u)" = "0" ] && [ -d "/app" ]; then
|
|
if [ "$(stat -c '%u:%g' /app)" != "$PUID:$PGID" ]; then
|
|
echo "Fixing ownership for /app (non-recursive)"
|
|
chown $PUID:$PGID /app
|
|
fi
|
|
fi
|
|
# Configure nginx port
|
|
if ! [[ "$DISPATCHARR_PORT" =~ ^[0-9]+$ ]]; then
|
|
echo "⚠️ Warning: DISPATCHARR_PORT is not a valid integer, using default port 9191"
|
|
DISPATCHARR_PORT=9191
|
|
fi
|
|
sed -i "s/NGINX_PORT/${DISPATCHARR_PORT}/g" /etc/nginx/sites-enabled/default
|
|
|
|
# Configure nginx based on IPv6 availability
|
|
if ip -6 addr show | grep -q "inet6"; then
|
|
echo "✅ IPv6 is available, enabling IPv6 in nginx"
|
|
else
|
|
echo "⚠️ IPv6 not available, disabling IPv6 in nginx"
|
|
sed -i '/listen \[::\]:/d' /etc/nginx/sites-enabled/default
|
|
fi
|
|
|
|
# NOTE: mac doesn't run as root, so only manage permissions
|
|
# if this script is running as root
|
|
if [ "$(id -u)" = "0" ]; then
|
|
# Fix data directories (non-recursive to avoid touching user files)
|
|
for dir in "${DATA_DIRS[@]}"; do
|
|
if [ -d "$dir" ] && [ "$(stat -c '%u:%g' "$dir")" != "$PUID:$PGID" ]; then
|
|
echo "Fixing ownership for $dir"
|
|
chown $PUID:$PGID "$dir"
|
|
fi
|
|
done
|
|
|
|
# Fix app directories (recursive since they're managed by the app)
|
|
for dir in "${APP_DIRS[@]}"; do
|
|
if [ -d "$dir" ] && [ "$(stat -c '%u:%g' "$dir")" != "$PUID:$PGID" ]; then
|
|
echo "Fixing ownership for $dir (recursive)"
|
|
chown -R $PUID:$PGID "$dir"
|
|
fi
|
|
done
|
|
|
|
# /data/db ownership is handled by 02-postgres.sh (sentinel-based reconciliation).
|
|
# No secondary check needed here — duplicating it could chown without updating
|
|
# the sentinel, creating inconsistent state.
|
|
|
|
# Fix /data directory ownership (non-recursive)
|
|
if [ -d "/data" ] && [ "$(stat -c '%u:%g' /data)" != "$PUID:$PGID" ]; then
|
|
echo "Fixing ownership for /data (non-recursive)"
|
|
chown $PUID:$PGID /data
|
|
fi
|
|
|
|
chmod +x /data
|
|
fi
|