Cleanup rootless implementation

General code cleanup
wolveix · Dec 13, 2023 · 53e62f2 · 53e62f2
1 parent b21d607
commit 53e62f2
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 19 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -39,4 +39,4 @@ jobs:
           push: true
           tags: |
             ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}:dev
-            ${{ steps.meta.outputs.tags }}
+            ${{ steps.meta.outputs.tags }}
diff --git a/Dockerfile b/Dockerfile
@@ -30,15 +30,15 @@ ENV AUTOPAUSE="true" \
     NETWORKQUALITY="3" \
     PGID="1000" \
     PUID="1000" \
+    ROOTLESS="false" \
     SERVERBEACONPORT="15000" \
     SERVERGAMEPORT="7777" \
     SERVERIP="0.0.0.0" \
     SERVERQUERYPORT="15777" \
     SKIPUPDATE="false" \
     STEAMAPPID="1690800" \
     STEAMBETA="false" \
-    TIMEOUT="30"\
-    ROOTLESS="false"
+    TIMEOUT="30"
 
 EXPOSE 7777/udp 15000/udp 15777/udp
 

diff --git a/README.md b/README.md
@@ -32,6 +32,7 @@ docker run \
 --env MAXPLAYERS=4 \
 --env PGID=1000 \
 --env PUID=1000 \
+--env ROOTLESS=false \
 --env STEAMBETA=false \
 --memory-reservation=4G \
 --memory 6G \
@@ -78,6 +79,7 @@ services:
             - MAXPLAYERS=4
             - PGID=1000
             - PUID=1000
+            - ROOTLESS=false
             - STEAMBETA=false
         restart: unless-stopped
         deploy:
@@ -150,6 +152,7 @@ helm install satisfactory k8s-at-home/satisfactory -f values.yaml
 | `NETWORKQUALITY`        |    `3`    | set the network quality/bandwidth for your server   |
 | `PGID`                  |  `1000`   | set the group ID of the user the server will run as |
 | `PUID`                  |  `1000`   | set the user ID of the user the server will run as  |
+| `ROOTLESS`              |  `false`  | run the container as a non-root user                |
 | `SERVERBEACONPORT`      |  `15000`  | set the game's beacon port                          |
 | `SERVERGAMEPORT`        |  `7777`   | set the game's port                                 |
 | `SERVERIP`              | `0.0.0.0` | set the game's ip (usually not needed)              |

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -14,6 +14,7 @@ services:
       - MAXPLAYERS=4
       - PGID=1000
       - PUID=1000
+      - ROOTLESS=false
       - STEAMBETA=false
     restart: unless-stopped
     deploy:

diff --git a/init.sh b/init.sh
@@ -3,13 +3,14 @@
 set -e
 
 CURRENTUID=$(id -u)
+HOME="/home/steam"
 MSGERROR="\033[0;31mERROR:\033[0m"
 MSGWARNING="\033[0;33mWARNING:\033[0m"
 NUMCHECK='^[0-9]+$'
 RAMAVAILABLE=$(awk '/MemAvailable/ {printf( "%d\n", $2 / 1024000 )}' /proc/meminfo)
 USER="steam"
 
-if [[ "$DEBUG" == "true" ]]; then
+if [[ "${DEBUG,,}" == "false" ]]; then
     printf "Debugging enabled (the container will exit after printing the debug info)\\n\\nPrinting environment variables:\\n"
     export
 
@@ -31,19 +32,17 @@ if [[ $(lscpu | grep 'Model name:' | sed 's/Model name:[[:space:]]*//g') = "Comm
     exit 1
 fi
 
-if [[ "$ROOTLESS" = false ]]; then
-  if [[ "$CURRENTUID" -ne "0" ]]; then
-      printf "${MSGERROR} Current user is not root (%s)\\nPass your user and group to the container using the PGID and PUID environment variables\\nDo not use the --user flag (or user: field in Docker Compose)\\n" "$CURRENTUID"
-      exit 1
-  fi
-fi
-
 printf "Checking available memory...%sGB detected\\n" "$RAMAVAILABLE"
 if [[ "$RAMAVAILABLE" -lt 12 ]]; then
     printf "${MSGWARNING} You have less than the required 12GB minmum (%sGB detected) of available RAM to run the game server.\\nIt is likely that the server will fail to load properly.\\n" "$RAMAVAILABLE"
 fi
 
 # check if the user and group IDs have been set
+if [[ "$CURRENTUID" -ne "0" ]] && [[ "${ROOTLESS,,}" != "true" ]]; then
+    printf "${MSGERROR} Current user (%s) is not root (0)\\nPass your user and group to the container using the PGID and PUID environment variables\\nDo not use the --user flag (or user: field in Docker Compose) without setting ROOTLESS=true\\n" "$CURRENTUID"
+    exit 1
+fi
+
 if ! [[ "$PGID" =~ $NUMCHECK ]] ; then
     printf "${MSGWARNING} Invalid group id given: %s\\n" "$PGID"
     PGID="1000"
@@ -60,7 +59,7 @@ elif [[ "$PUID" -eq 0 ]]; then
     exit 1
 fi
 
-if [[ "$ROOTLESS" = false ]]; then
+if [[ "${ROOTLESS,,}" != "true" ]]; then
   if [[ $(getent group $PGID | cut -d: -f1) ]]; then
       usermod -a -G "$PGID" steam
   else
@@ -74,6 +73,11 @@ if [[ "$ROOTLESS" = false ]]; then
   fi
 fi
 
+if [[ ! -w "/config" ]]; then
+    echo "The current user does not have write permissions for /config"
+    exit 1
+fi
+
 mkdir -p \
     /config/backups \
     /config/gamefiles \
@@ -84,7 +88,8 @@ mkdir -p \
     "${GAMECONFIGDIR}/Logs" \
     "${GAMESAVESDIR}/server" \
     || exit 1
-if [[ "$ROOTLESS" = false ]]; then
+
+if [[ "${ROOTLESS,,}" != "true" ]]; then
   chown -R "$PUID":"$PGID" /config /home/steam /tmp/dumps
   exec gosu "$USER" "/home/steam/run.sh" "$@"
 else

diff --git a/run.sh b/run.sh
@@ -10,8 +10,6 @@ set_ini_val() {
     sed "s/\(\"$2\", \)[0-9]*/\1$3/" -i "/home/steam/$1"
 }
 
-NUMCHECK='^[0-9]+$'
-
 if [ -f "/config/overrides/Engine.ini" ]; then
     echo "Config override /config/overrides/Engine.ini exists, ignoring environment variables"
     cp /config/overrides/Engine.ini "${GAMECONFIGDIR}/Config/LinuxServer/"
@@ -139,10 +137,6 @@ if ! [[ "${SKIPUPDATE,,}" == "true" ]]; then
     fi
 
     printf "Downloading the latest version of the game...\\n"
-    if [[ "$ROOTLESS" = true ]]; then
-      export USER=steam
-      export HOME=/home/steam
-    fi
     steamcmd +force_install_dir /config/gamefiles +login anonymous +app_update "$STEAMAPPID" -beta "$STEAMBETAFLAG" validate +quit
 else
     printf "Skipping update as flag is set\\n"