Merge pull request #223 from wolveix/rootless

Implement simple `rootless` solution + minor bugfix + cleanup (#222 & #220)

.github/FUNDING.yml

@@ -1,12 +1,2 @@
-# These are supported funding model platforms
-
 github: [wolveix]
-patreon: # Replace with a single Patreon username
-open_collective: # Replace with a single Open Collective username
-ko_fi: # Replace with a single Ko-fi username
-tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
-community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
-liberapay: # Replace with a single Liberapay username
-issuehunt: # Replace with a single IssueHunt username
-otechie: # Replace with a single Otechie username
 custom: https://paypal.me/wolveix

.github/workflows/docker.yml

@@ -8,7 +8,7 @@ jobs:
       - uses: actions/checkout@v2
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}

Dockerfile

@@ -30,6 +30,7 @@ ENV AUTOPAUSE="true" \
     NETWORKQUALITY="3" \
     PGID="1000" \
     PUID="1000" \
+    ROOTLESS="false" \
     SERVERBEACONPORT="15000" \
     SERVERGAMEPORT="7777" \
     SERVERIP="0.0.0.0" \

README.md

@@ -32,6 +32,7 @@ docker run \
 --env MAXPLAYERS=4 \
 --env PGID=1000 \
 --env PUID=1000 \
+--env ROOTLESS=false \
 --env STEAMBETA=false \
 --memory-reservation=4G \
 --memory 6G \
@@ -78,6 +79,7 @@ services:
             - MAXPLAYERS=4
             - PGID=1000
             - PUID=1000
+            - ROOTLESS=false
             - STEAMBETA=false
         restart: unless-stopped
         deploy:
@@ -150,6 +152,7 @@ helm install satisfactory k8s-at-home/satisfactory -f values.yaml
 | `NETWORKQUALITY`        |    `3`    | set the network quality/bandwidth for your server   |
 | `PGID`                  |  `1000`   | set the group ID of the user the server will run as |
 | `PUID`                  |  `1000`   | set the user ID of the user the server will run as  |
+| `ROOTLESS`              |  `false`  | run the container as a non-root user                |
 | `SERVERBEACONPORT`      |  `15000`  | set the game's beacon port                          |
 | `SERVERGAMEPORT`        |  `7777`   | set the game's port                                 |
 | `SERVERIP`              | `0.0.0.0` | set the game's ip (usually not needed)              |

docker-compose.yml

@@ -14,6 +14,7 @@ services:
       - MAXPLAYERS=4
       - PGID=1000
       - PUID=1000
+      - ROOTLESS=false
       - STEAMBETA=false
     restart: unless-stopped
     deploy:

init.sh

@@ -3,13 +3,14 @@
 set -e
 
 CURRENTUID=$(id -u)
+HOME="/home/steam"
 MSGERROR="\033[0;31mERROR:\033[0m"
 MSGWARNING="\033[0;33mWARNING:\033[0m"
 NUMCHECK='^[0-9]+$'
 RAMAVAILABLE=$(awk '/MemAvailable/ {printf( "%d\n", $2 / 1024000 )}' /proc/meminfo)
 USER="steam"
 
-if [[ "$DEBUG" == "true" ]]; then
+if [[ "${DEBUG,,}" == "false" ]]; then
     printf "Debugging enabled (the container will exit after printing the debug info)\\n\\nPrinting environment variables:\\n"
     export
 
@@ -31,17 +32,17 @@ if [[ $(lscpu | grep 'Model name:' | sed 's/Model name:[[:space:]]*//g') = "Comm
     exit 1
 fi
 
-if [[ "$CURRENTUID" -ne "0" ]]; then
-    printf "${MSGERROR} Current user is not root (%s)\\nPass your user and group to the container using the PGID and PUID environment variables\\nDo not use the --user flag (or user: field in Docker Compose)\\n" "$CURRENTUID"
-    exit 1
-fi
-
 printf "Checking available memory...%sGB detected\\n" "$RAMAVAILABLE"
 if [[ "$RAMAVAILABLE" -lt 12 ]]; then
     printf "${MSGWARNING} You have less than the required 12GB minmum (%sGB detected) of available RAM to run the game server.\\nIt is likely that the server will fail to load properly.\\n" "$RAMAVAILABLE"
 fi
 
 # check if the user and group IDs have been set
+if [[ "$CURRENTUID" -ne "0" ]] && [[ "${ROOTLESS,,}" != "true" ]]; then
+    printf "${MSGERROR} Current user (%s) is not root (0)\\nPass your user and group to the container using the PGID and PUID environment variables\\nDo not use the --user flag (or user: field in Docker Compose) without setting ROOTLESS=true\\n" "$CURRENTUID"
+    exit 1
+fi
+
 if ! [[ "$PGID" =~ $NUMCHECK ]] ; then
     printf "${MSGWARNING} Invalid group id given: %s\\n" "$PGID"
     PGID="1000"
@@ -58,16 +59,23 @@ elif [[ "$PUID" -eq 0 ]]; then
     exit 1
 fi
 
-if [[ $(getent group $PGID | cut -d: -f1) ]]; then
-    usermod -a -G "$PGID" steam
-else
-    groupmod -g "$PGID" steam
+if [[ "${ROOTLESS,,}" != "true" ]]; then
+  if [[ $(getent group $PGID | cut -d: -f1) ]]; then
+      usermod -a -G "$PGID" steam
+  else
+      groupmod -g "$PGID" steam
+  fi
+
+  if [[ $(getent passwd ${PUID} | cut -d: -f1) ]]; then
+      USER=$(getent passwd $PUID | cut -d: -f1)
+  else
+      usermod -u "$PUID" steam
+  fi
 fi
 
-if [[ $(getent passwd ${PUID} | cut -d: -f1) ]]; then
-    USER=$(getent passwd $PUID | cut -d: -f1)
-else
-    usermod -u "$PUID" steam
+if [[ ! -w "/config" ]]; then
+    echo "The current user does not have write permissions for /config"
+    exit 1
 fi
 
 mkdir -p \
@@ -81,5 +89,9 @@ mkdir -p \
     "${GAMESAVESDIR}/server" \
     || exit 1
 
-chown -R "$PUID":"$PGID" /config /home/steam /tmp/dumps
-exec gosu "$USER" "/home/steam/run.sh" "$@"
+if [[ "${ROOTLESS,,}" != "true" ]]; then
+  chown -R "$PUID":"$PGID" /config /home/steam /tmp/dumps
+  exec gosu "$USER" "/home/steam/run.sh" "$@"
+else
+  exec "/home/steam/run.sh" "$@"
+fi

run.sh

@@ -10,8 +10,6 @@ set_ini_val() {
     sed "s/\(\"$2\", \)[0-9]*/\1$3/" -i "/home/steam/$1"
 }
 
-NUMCHECK='^[0-9]+$'
-
 if [ -f "/config/overrides/Engine.ini" ]; then
     echo "Config override /config/overrides/Engine.ini exists, ignoring environment variables"
     cp /config/overrides/Engine.ini "${GAMECONFIGDIR}/Config/LinuxServer/"
@@ -121,7 +119,12 @@ if [ -n "$SERVERIP" ]; then
     SERVERIP="-multihome=\"$SERVERIP\""
 fi
 
-if ! [[ "${SKIPUPDATE,,}" == "true" ]]; then
+if [[ "${SKIPUPDATE,,}" != "true" ]] && [ ! -f "/config/gamefiles/FactoryServer.sh" ]; then
+    printf "%s Skip update is set, but no game files exist. Updating anyway\\n" "${MSGWARNING}"
+    SKIPUPDATE="false"
+fi
+
+if [[ "${SKIPUPDATE,,}" != "true" ]]; then
     if [[ "${STEAMBETA,,}" == "true" ]]; then
         printf "Experimental flag is set. Experimental will be downloaded instead of Early Access.\\n"
         STEAMBETAFLAG="experimental"
@@ -138,13 +141,12 @@ if ! [[ "${SKIPUPDATE,,}" == "true" ]]; then
     fi
 
     printf "Downloading the latest version of the game...\\n"
-
     steamcmd +force_install_dir /config/gamefiles +login anonymous +app_update "$STEAMAPPID" -beta "$STEAMBETAFLAG" validate +quit
 else
     printf "Skipping update as flag is set\\n"
 fi
 
-# temporary migration to new format
+# START temporary migration to new format
 if [ -d "/config/blueprints" ]; then
   if [ -n "$(ls -A "/config/blueprints" 2>/dev/null)" ]; then
     rm -rf "/config/saved/blueprints"
@@ -165,7 +167,7 @@ fi
 if [ -f "/config/ServerSettings.${SERVERQUERYPORT}" ]; then
   mv "/config/ServerSettings.${SERVERQUERYPORT}" "/config/saved/ServerSettings.${SERVERQUERYPORT}"
 fi
-# temporary migration to new format
+# END temporary migration to new format
 
 cp -r "/config/saved/server/." "/config/backups/"
 cp -r "${GAMESAVESDIR}/server/." "/config/backups" # useful after the first run