feat: entrypoint for safe config + permissions; optional counter seeding via USE_INITIAL_COUNTERS

2025-09-30 09:44:58 +02:00
parent 6d60fd813c
commit 5b2e652682
3 changed files with 395 additions and 369 deletions
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+
+# If running as root, fix ownership of /data, then drop privileges
+if [ "$(id -u)" = "0" ]; then
+  mkdir -p /data
+  chown -R appuser:appuser /data || echo "Warn: could not chown /data"
+  # Copy example config only if missing target
+  if [ ! -f /app/config.yaml ] && [ -f /app/config.example.yaml ]; then
+    cp /app/config.example.yaml /app/config.yaml
+    chown appuser:appuser /app/config.yaml || true
+  fi
+  exec su -s /bin/sh appuser -c "$*"
+else
+  exec "$@"
+fi