The libreportal compose template binds /libreportal-system/configs/webui/* and /libreportal-containers into the WebUI container via #LIBREPORTAL|CONFIGS_DIR_TAG| and CONTAINERS_DIR_TAG placeholders. The only code that knew how to substitute those — tagsProcessorStandardReplacements — had NO callers anywhere (verified by grep across the whole tree). Result: the deployed compose retained CONFIGS_DIR_DATA / CONTAINERS_DIR_DATA placeholders and the safety check in dockerComposeUp refused to start it. Wire the two missing substitutions into the standard tag-fill block in dockerConfigSetupFileWithData where TIMEZONE_TAG / CATEGORY_TAG / TITLE_TAG already live — applies to every app's templating, idempotent, and unblocks the fresh-install path. The orphaned tagsProcessorStandardReplacements function duplicates 3 other tags that ARE filled elsewhere; left in place pending a follow-up cleanup, but no longer the source-of-truth for these two. Confirmed live: after running `libreportal app install libreportal` post-fix the compose templated cleanly (no remaining *_DATA placeholders) and the WebUI container came up — http://<host>:7270 returns HTTP/1.1 200 OK. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
148 lines
8.5 KiB
Bash
Executable File
148 lines
8.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
dockerConfigSetupFileWithData()
|
|
{
|
|
local app_name="$1"
|
|
|
|
if [[ $compose_setup == "default" ]]; then
|
|
local file_name="docker-compose.yml";
|
|
elif [[ $compose_setup == "app" ]]; then
|
|
local file_name="docker-compose.$app_name.yml";
|
|
fi
|
|
|
|
local file_path="$containers_dir$app_name"
|
|
local full_file_path="$file_path/$file_name"
|
|
|
|
if command -v sqlite3 &> /dev/null && [[ -f "$docker_dir/$db_file" ]]; then
|
|
###############################################
|
|
# General Updates
|
|
###############################################
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "TIMEZONE_TAG" "$CFG_TIMEZONE"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "CATEGORY_TAG" "$app_category"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "TITLE_TAG" "$app_title"
|
|
# Root-path tags used by the libreportal compose to bind-mount the system's
|
|
# configs + live-data dirs into the WebUI container. Without these the
|
|
# CONFIGS_DIR_DATA / CONTAINERS_DIR_DATA placeholders survive into the
|
|
# deployed compose and dockerComposeUp refuses to start. (The orphan
|
|
# tagsProcessorStandardReplacements function carried these alone — wiring
|
|
# them in directly so they're always applied to every app's templating.)
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "CONFIGS_DIR_TAG" "${configs_dir%/}"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "CONTAINERS_DIR_TAG" "${containers_dir%/}"
|
|
# Generic CFG_<APP>_<KEY> -> #LIBREPORTAL|<APP>_<KEY>_TAG| fill. Covers
|
|
# every app-specific config value (secrets included) with no
|
|
# hand-maintained list — the app-specific block further down is only
|
|
# for the few tags that need computed (non-CFG) values.
|
|
tagsProcessorAppConfigValues "$full_file_path" "$app_name"
|
|
tagsProcessorDockerInstallation "$full_file_path" "$CFG_DOCKER_INSTALL_TYPE" "$CFG_DOCKER_INSTALL_USER"
|
|
tagsProcessorSocketConfiguration "$full_file_path" "$CFG_DOCKER_INSTALL_TYPE" "$CFG_DOCKER_INSTALL_USER" "$docker_rooted_socket"
|
|
# Run the container as the same identity that owns its bind-mounted
|
|
# files (the WebUI writes .auth.json into ./frontend). That identity
|
|
# is install-type dependent and already resolved into
|
|
# $docker_install_user by check_install_type.sh: rooted -> the host
|
|
# $sudo_user_name, rootless -> $CFG_DOCKER_INSTALL_USER. Hardcoding a
|
|
# UID (was 1001) breaks wherever that user's UID differs — the
|
|
# container dies with EACCES on first write and never binds its port.
|
|
# No-op for compose files without a USER_TAG.
|
|
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
|
|
# Rootless: the daemon runs as the install user, so container UID 0
|
|
# maps to it on the host — it owns the bind-mounts and the rootless
|
|
# socket. Using the host UID instead lands on an unmapped sub-UID
|
|
# (EACCES on writes; and group_add then calls setgroups() with a
|
|
# sub-GID outside the userns → EINVAL, container won't start).
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "0:0"
|
|
else
|
|
local container_user="${docker_install_user:-$sudo_user_name}"
|
|
local install_uid install_gid
|
|
install_uid=$(id -u "$container_user" 2>/dev/null)
|
|
install_gid=$(id -g "$container_user" 2>/dev/null)
|
|
if [[ -n "$install_uid" && -n "$install_gid" ]]; then
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "USER_TAG" "${install_uid}:${install_gid}"
|
|
fi
|
|
fi
|
|
tagsProcessorPasswordAndKeyGeneration "$full_file_path"
|
|
tagsProcessorRandomUserGeneration "$full_file_path"
|
|
tagsProcessorHealthcheck "$full_file_path" "$healthcheck"
|
|
|
|
###############################################
|
|
# Public/Traefik Updates
|
|
###############################################
|
|
# Legacy whole-app middleware (single MIDDLEWARE_TAG). Kept until
|
|
# all apps have been converted to the per-port routers below.
|
|
traefikSetupLabelsMiddlewares "$app_name"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MIDDLEWARE_TAG" "$traefik_middlewares"
|
|
|
|
# Per-port middleware (MIDDLEWARE_TAG_1, _2, ...). New apps with
|
|
# one router per Traefik-managed port use this — each port can
|
|
# independently enable basic auth via its login_required column,
|
|
# and Authelia takes precedence when installed.
|
|
tagsProcessorPortMiddlewares "$full_file_path" "$app_name"
|
|
|
|
# Per-port subdomains (DOMAINSUBNAME_TAG_1, _2, ...): one host per
|
|
# Traefik-managed port, so a container can serve unlimited hosts.
|
|
tagsProcessorPortSubdomains "$full_file_path" "$app_name"
|
|
|
|
# Strip (comment out) router blocks for ports that aren't Traefik-managed,
|
|
# so an unfilled DOMAINSUBNAME_DATA_<n> placeholder can never ship.
|
|
tagsProcessorPortRouterBlocks "$full_file_path" "$app_name"
|
|
|
|
tagsProcessorTraefikControl "$full_file_path" "$public"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "DOMAINSUBNAME_TAG" "$host_setup"
|
|
|
|
###############################################
|
|
# Network Updates (IP + Port Systems)
|
|
###############################################
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "DOCKER_NETWORK_TAG" "$CFG_NETWORK_NAME"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "PUBLIC_IP_TAG" "$public_ip_v4"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "NETWORK_SUBNET_TAG" "$CFG_NETWORK_SUBNET"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "NETWORK_MTU_TAG" "$CFG_NETWORK_MTU"
|
|
ipUpdateComposeTags "$app_name" "$full_file_path"
|
|
portUpdateComposeTags "$app_name" "$full_file_path"
|
|
tagsProcessorTrustedDomains "$full_file_path"
|
|
tagsProcessorAppUrl "$full_file_path" "$app_name" "$public" "$host_setup" "$public_ip_v4"
|
|
|
|
###############################################
|
|
# Mail Server Settings
|
|
###############################################
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_ENABLED_TAG" "$CFG_MAIL_ENABLED"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_HOST_TAG" "$CFG_MAIL_HOST"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_PORT_TAG" "$CFG_MAIL_PORT"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_SECURE_TAG" "$CFG_MAIL_SECURE"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_USERNAME_TAG" "$CFG_MAIL_USERNAME"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_PASSWORD_TAG" "$CFG_MAIL_PASSWORD"
|
|
tagsManagerUpdateUniversalTag "$full_file_path" "MAIL_FROM_TAG" "$CFG_MAIL_FROM"
|
|
|
|
###############################################
|
|
# App Specific (per-app hook)
|
|
###############################################
|
|
# An app needing computed (non-CFG) compose tags ships
|
|
# containers/<app>/scripts/<app>_compose_tags.sh defining
|
|
# appSetupComposeTags_<app> (live-sourced by the container scan; called
|
|
# with the compose path, reads host_setup/public_ip_v4/CFG_* from scope).
|
|
# Plain CFG_<APP>_<KEY> values are already filled by
|
|
# tagsProcessorAppConfigValues above, so most apps need no hook.
|
|
local _tags_hook="appSetupComposeTags_${app_name}"
|
|
if declare -F "$_tags_hook" >/dev/null 2>&1; then
|
|
"$_tags_hook" "$full_file_path"
|
|
fi
|
|
|
|
###############################################
|
|
# Network mode (route through a gateway provider, e.g. gluetun)
|
|
###############################################
|
|
# An app may route through a gateway named in CFG_<APP>_NETWORK. The
|
|
# provider owns the wiring via hooks in containers/<provider>/scripts/:
|
|
# appNetworkApplyMode_<provider> "$file" — switch this app's compose
|
|
# appNetworkRegisterPorts_<provider> — refresh the provider's ports
|
|
# so no provider name is hardcoded here.
|
|
local network_var="CFG_${app_name^^}_NETWORK"
|
|
local network_mode="${!network_var:-default}"
|
|
if [[ "$network_mode" != "default" && "$network_mode" != "$app_name" ]]; then
|
|
declare -F "appNetworkApplyMode_${network_mode}" >/dev/null 2>&1 \
|
|
&& "appNetworkApplyMode_${network_mode}" "$full_file_path"
|
|
declare -F "appNetworkRegisterPorts_${network_mode}" >/dev/null 2>&1 \
|
|
&& "appNetworkRegisterPorts_${network_mode}"
|
|
fi
|
|
|
|
else
|
|
isNotice "Database not available, unable to setup app."
|
|
fi
|
|
} |