From 136a207a2f3091d98acdaf93833c6e5064c75270 Mon Sep 17 00:00:00 2001
From: Disassembler <disassembler@dasm.cz>
Date: Wed, 24 Jan 2018 15:42:57 +0100
Subject: [PATCH] Add KanBoard OS user, update volume, go easier on cleanup

---
 kanboard.sh                           |  8 ++++----
 kanboard/Dockerfile                   | 11 ++++++-----
 kanboard/docker/etc/php7/php-fpm.conf |  4 ++--
 kanboard/etc/init.d/kanboard          |  2 +-
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/kanboard.sh b/kanboard.sh
index be7fabc..4474085 100755
--- a/kanboard.sh
+++ b/kanboard.sh
@@ -11,16 +11,16 @@ docker build -t kanboard ${SOURCE_DIR}
 # Populate database
 export KANBOARD_PWD=$(head -c 18 /dev/urandom | base64)
 envsubst <${SOURCE_DIR}/createdb.sql | docker exec -i postgres psql
-docker run --rm -h kanboard kanboard cat /srv/kanboard/app/Schema/Sql/postgres.sql | docker exec -i -e PGPASSWORD=${KANBOARD_PWD} postgres psql kanboard kanboard
+docker run --rm kanboard cat /srv/kanboard/app/Schema/Sql/postgres.sql | docker exec -i -e PGPASSWORD=${KANBOARD_PWD} postgres psql kanboard kanboard
 
 # Configure Kanboard
-mkdir -p /srv/kanboard/conf /srv/kanboard/data
+mkdir -p /srv/kanboard/conf /srv/kanboard/data/
+chown -R 8009:8009 /srv/kanboard/data
 envsubst <${SOURCE_DIR}/srv/kanboard/conf/config.php >/srv/kanboard/conf/config.php
 export KANBOARD_ADMIN_USER=admin
 export KANBOARD_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
-export KANBOARD_ADMIN_HASH=$(docker run --rm -h kanboard kanboard php -r "echo password_hash('${KANBOARD_ADMIN_PWD}', PASSWORD_BCRYPT);")
+export KANBOARD_ADMIN_HASH=$(docker run --rm kanboard php -r "echo password_hash('${KANBOARD_ADMIN_PWD}', PASSWORD_BCRYPT);")
 envsubst <${SOURCE_DIR}/adminpwd.sql | docker exec -i postgres psql kanboard
-chown 8009:8009 /srv/kanboard/data
 
 # Create KanBoard service
 cp ${SOURCE_DIR}/etc/init.d/kanboard /etc/init.d/kanboard
diff --git a/kanboard/Dockerfile b/kanboard/Dockerfile
index fee17a8..2ade073 100644
--- a/kanboard/Dockerfile
+++ b/kanboard/Dockerfile
@@ -16,7 +16,6 @@ RUN \
  && wget https://github.com/kanboard/kanboard/archive/v1.2.0.zip -O /srv/kanboard.zip \
  && unzip /srv/kanboard.zip -d /srv \
  && mv /srv/kanboard-1.2.0 /srv/kanboard \
- && rm -f /srv/kanboard.zip \
  # Install plugins
  && git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_overwrite_translation /srv/kanboard/plugins/Overwrite_translation \
  && git clone --depth=1 https://github.com/BlueTeck/kanboard_plugin_coverimage /srv/kanboard/plugins/Coverimage \
@@ -32,15 +31,17 @@ RUN \
  && git clone --depth=1 https://github.com/kanboard/plugin-task-board-date /srv/kanboard/plugins/TaskBoardDate \
  && git clone --depth=1 https://github.com/oliviermaridat/kanboard-milestone-plugin /srv/kanboard/plugins/Milestone \
  && git clone --depth=1 https://github.com/xavividal/kanboard-plugin-relationgraph /srv/kanboard/plugins/Relationgraph \
+ # Create OS user
+ && addgroup -S -g 8009 kanboard \
+ && adduser -S -u 8009 -h /srv/kanboard -s /bin/false -g kanboard -G kanboard kanboard \
  # Cleanup
  && apk del .deps \
- && find /srv/kanboard -name '.git*' -exec rm -rf {} + \
- && rm -rf /root \
- && mkdir /root
+ && rm -f /srv/kanboard.zip \
+ && find /srv/kanboard -name '.git*' -exec rm -rf {} +
 
 COPY docker/ /
 
-VOLUME ["/srv/kanboard/app/data"]
+VOLUME ["/srv/kanboard/data/files"]
 EXPOSE 8009
 
 CMD ["s6-svscan", "/etc/services.d"]
diff --git a/kanboard/docker/etc/php7/php-fpm.conf b/kanboard/docker/etc/php7/php-fpm.conf
index 8febac4..a82e688 100644
--- a/kanboard/docker/etc/php7/php-fpm.conf
+++ b/kanboard/docker/etc/php7/php-fpm.conf
@@ -4,8 +4,8 @@ daemonize = no
 
 [kanboard]
 catch_workers_output = yes
-user = nginx
-group = nginx
+user = kanboard
+group = kanboard
 listen.owner = nginx
 listen.group = nginx
 listen = /var/run/kanboard.sock
diff --git a/kanboard/etc/init.d/kanboard b/kanboard/etc/init.d/kanboard
index c01e2a7..d132528 100755
--- a/kanboard/etc/init.d/kanboard
+++ b/kanboard/etc/init.d/kanboard
@@ -9,7 +9,7 @@ depend() {
 }
 
 start() {
-	/usr/bin/docker run -d --rm --name kanboard -h kanboard --link postgres -p 127.0.0.1:9009:8009 -v /srv/kanboard/data:/srv/kanboard/app/data -v /srv/kanboard/conf/config.php:/srv/kanboard/config.php kanboard
+	/usr/bin/docker run -d --rm --name kanboard -h kanboard --link postgres -p 127.0.0.1:9009:8009 -v /srv/kanboard/data:/srv/kanboard/data/files -v /srv/kanboard/conf/config.php:/srv/kanboard/config.php kanboard
 }
 
 stop() {