LibrePortal/scripts/config/docker/docker_config_setup_data.sh
librelad d2595c3ef6 refactor(apps): per-app compose-tag hooks (remove the central App-Specific ladder)
docker_config_setup_data.sh's "App Specific" if/elif ladder (pihole, nextcloud,
searxng, speedtest, vaultwarden, wireguard, gluetun) becomes a generic hook
dispatch: an app needing computed (non-CFG) compose tags ships
containers/<app>/scripts/<app>_compose_tags.sh defining appSetupComposeTags_<app>
(live-sourced by the container scan, called with the compose path; reads
host_setup/public_ip_v4/CFG_* from scope). Same declare -F pattern as the tool /
update-specifics / webui-refresh hooks.

- 7 per-app hook files added; central ladder replaced by the dispatch.
- The generic gluetun network-mode block stays (any app may route through gluetun);
  tagsProcessorGluetunForwardedPorts stays central (hook + network-mode both use it).
- Regenerate arrays (hooks live under containers/, not arrayed).

Verified with stubs: each hook emits exactly the tags the old branch did
(pihole REV_SERVER, nextcloud trusted-domains, gluetun VPN set + forwarded ports,
etc.); apps without a hook are a clean no-op.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-25 23:52:53 +01:00

133 lines
7.3 KiB
Bash
Executable File

#!/bin/bash
dockerConfigSetupFileWithData()
{
local app_name="$1"
if [[ $compose_setup == "default" ]]; then
local file_name="docker-compose.yml";
elif [[ $compose_setup == "app" ]]; then
local file_name="docker-compose.$app_name.yml";
fi
local file_path="$containers_dir$app_name"
local full_file_path="$file_path/$file_name"
if command -v sqlite3 &> /dev/null && [[ -f "$docker_dir/$db_file" ]]; then
###############################################
# General Updates
###############################################
tagsManagerUpdateUniversalTag "$full_file_path" "TIMEZONE_TAG" "$CFG_TIMEZONE"
tagsManagerUpdateUniversalTag "$full_file_path" "CATEGORY_TAG" "$app_category"
tagsManagerUpdateUniversalTag "$full_file_path" "TITLE_TAG" "$app_title"
# Generic CFG_<APP>_<KEY> -> #LIBREPORTAL|<APP>_<KEY>_TAG| fill. Covers
# every app-specific config value (secrets included) with no
# hand-maintained list — the app-specific block further down is only
# for the few tags that need computed (non-CFG) values.
tagsProcessorAppConfigValues "$full_file_path" "$app_name"
tagsProcessorDockerInstallation "$full_file_path" "$CFG_DOCKER_INSTALL_TYPE" "$CFG_DOCKER_INSTALL_USER"
tagsProcessorSocketConfiguration "$full_file_path" "$CFG_DOCKER_INSTALL_TYPE" "$CFG_DOCKER_INSTALL_USER" "$docker_rooted_socket"
# Run the container as the same identity that owns its bind-mounted
# files (the WebUI writes .auth.json into ./frontend). That identity
# is install-type dependent and already resolved into
# $docker_install_user by check_install_type.sh: rooted -> the host
# $sudo_user_name, rootless -> $CFG_DOCKER_INSTALL_USER. Hardcoding a
# UID (was 1001) breaks wherever that user's UID differs — the
# container dies with EACCES on first write and never binds its port.
# No-op for compose files without a USER_TAG.
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
# Rootless: the daemon runs as the install user, so container UID 0
# maps to it on the host — it owns the bind-mounts and the rootless
# socket. Using the host UID instead lands on an unmapped sub-UID
# (EACCES on writes; and group_add then calls setgroups() with a
# sub-GID outside the userns → EINVAL, container won't start).
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "0:0"
else
local container_user="${docker_install_user:-$sudo_user_name}"
local install_uid install_gid
install_uid=$(id -u "$container_user" 2>/dev/null)
install_gid=$(id -g "$container_user" 2>/dev/null)
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
fi
fi
tagsProcessorPasswordAndKeyGeneration "$full_file_path"
tagsProcessorRandomUserGeneration "$full_file_path"
tagsProcessorHealthcheck "$full_file_path" "$healthcheck"
###############################################
# Public/Traefik Updates
###############################################
# Legacy whole-app middleware (single MIDDLEWARE_TAG). Kept until
# all apps have been converted to the per-port routers below.
traefikSetupLabelsMiddlewares "$app_name"
tagsManagerUpdateUniversalTag "$full_file_path" "MIDDLEWARE_TAG" "$traefik_middlewares"
# Per-port middleware (MIDDLEWARE_TAG_1, _2, ...). New apps with
# one router per Traefik-managed port use this — each port can
# independently enable basic auth via its login_required column,
# and Authelia takes precedence when installed.
tagsProcessorPortMiddlewares "$full_file_path" "$app_name"
# Per-port subdomains (DOMAINSUBNAME_TAG_1, _2, ...): one host per
# Traefik-managed port, so a container can serve unlimited hosts.
tagsProcessorPortSubdomains "$full_file_path" "$app_name"
# Strip (comment out) router blocks for ports that aren't Traefik-managed,
# so an unfilled DOMAINSUBNAME_DATA_<n> placeholder can never ship.
tagsProcessorPortRouterBlocks "$full_file_path" "$app_name"
tagsProcessorTraefikControl "$full_file_path" "$public"
tagsManagerUpdateUniversalTag "$full_file_path" "DOMAINSUBNAME_TAG" "$host_setup"
###############################################
# Network Updates (IP + Port Systems)
###############################################
tagsManagerUpdateUniversalTag "$full_file_path" "DOCKER_NETWORK_TAG" "$CFG_NETWORK_NAME"
tagsManagerUpdateUniversalTag "$full_file_path" "PUBLIC_IP_TAG" "$public_ip_v4"
tagsManagerUpdateUniversalTag "$full_file_path" "NETWORK_SUBNET_TAG" "$CFG_NETWORK_SUBNET"
tagsManagerUpdateUniversalTag "$full_file_path" "NETWORK_MTU_TAG" "$CFG_NETWORK_MTU"
ipUpdateComposeTags "$app_name" "$full_file_path"
portUpdateComposeTags "$app_name" "$full_file_path"
tagsProcessorTrustedDomains "$full_file_path"
tagsProcessorAppUrl "$full_file_path" "$app_name" "$public" "$host_setup" "$public_ip_v4"
###############################################
# Mail Server Settings
###############################################
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_ENABLED_TAG" "$CFG_MAIL_ENABLED"
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_HOST_TAG" "$CFG_MAIL_HOST"
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_PORT_TAG" "$CFG_MAIL_PORT"
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_SECURE_TAG" "$CFG_MAIL_SECURE"
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_USERNAME_TAG" "$CFG_MAIL_USERNAME"
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_PASSWORD_TAG" "$CFG_MAIL_PASSWORD"
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_FROM_TAG" "$CFG_MAIL_FROM"
###############################################
# App Specific (per-app hook)
###############################################
# An app needing computed (non-CFG) compose tags ships
# containers/<app>/scripts/<app>_compose_tags.sh defining
# appSetupComposeTags_<app> (live-sourced by the container scan; called
# with the compose path, reads host_setup/public_ip_v4/CFG_* from scope).
# Plain CFG_<APP>_<KEY> values are already filled by
# tagsProcessorAppConfigValues above, so most apps need no hook.
local _tags_hook="appSetupComposeTags_${app_name}"
if declare -F "$_tags_hook" >/dev/null 2>&1; then
"$_tags_hook" "$full_file_path"
fi
###############################################
# Network mode (gluetun routing)
###############################################
local network_var="CFG_${app_name^^}_NETWORK"
local network_mode="${!network_var:-default}"
tagsProcessorNetworkMode "$full_file_path" "$network_mode"
if [[ "$network_mode" == "gluetun" && "$app_name" != "gluetun" ]]; then
tagsProcessorGluetunForwardedPorts
fi
else
isNotice "Database not available, unable to setup app."
fi
}