Mercurial > code > home > repos > photoprism
changeset 7:07aa4c3cddc4
redo user accounts
| author | drewp@bigasterisk.com |
|---|---|
| date | Sun, 19 Mar 2023 17:19:47 -0700 |
| parents | 4bf137b25259 |
| children | 55a0dc78fc3a |
| files | Dockerfile.mariadb Dockerfile.photoprism deploy.yaml skaffold.yaml update/Dockerfile update/update.sh update_job.yaml |
| diffstat | 7 files changed, 50 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Dockerfile.mariadb Sun Mar 19 17:19:47 2023 -0700 @@ -0,0 +1,11 @@ +FROM docker.io/mariadb:10.10.3 + +RUN adduser \ + --no-create-home \ + --uid 1050 \ + --ingroup photoprism \ + --disabled-password \ + --disabled-login \ + photoprism + +USER photoprism \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Dockerfile.photoprism Sun Mar 19 17:19:47 2023 -0700 @@ -0,0 +1,17 @@ +# https://github.com/photoprism/photoprism/releases +# image: docker.io/photoprism/photoprism:221118-jammy + +FROM docker.io/photoprism/photoprism:preview + + +RUN deluser photoprism && \ + deluser user-1050 && \ + adduser \ + --no-create-home \ + --uid 1050 \ + --ingroup photoprism \ + --disabled-password \ + --disabled-login \ + photoprism + +USER photoprism
--- a/deploy.yaml Sun Mar 19 17:18:17 2023 -0700 +++ b/deploy.yaml Sun Mar 19 17:19:47 2023 -0700 @@ -68,9 +68,9 @@ - { name: run-mysqld, emptyDir: {} } containers: - name: photoprism - # https://github.com/photoprism/photoprism/releases - # image: docker.io/photoprism/photoprism:221118-jammy - image: docker.io/photoprism/photoprism:preview + image: bang5:5000/photoprism_server + securityContext: + runAsUser: 1050 env: - { name: PHOTOPRISM_UPLOAD_NSFW, value: "true" } - { name: PHOTOPRISM_READONLY, value: "true" } @@ -107,9 +107,9 @@ # tensorflow analysis goes to like 1200Mi memory: 2500Mi - name: mariadb - image: docker.io/mariadb:10.10.3 + image: bang5:5000/photoprism_mariadb securityContext: - runAsUser: 1000 + runAsUser: 1050 # let https://github.com/MariaDB/mariadb-docker/blob/749c720c63306d1572849afc6ab1cfa02fd08338/10.8/docker-entrypoint.sh # do the startup. We could write to /etc/mysql/mariadb.conf.d if we really needed to config things. # command: suggested from photoprism docs @@ -147,6 +147,8 @@ # GRANT SELECT ON performance_schema.* TO 'exporter'@'localhost'; # GRANT ALL ON photoprism.* TO 'exporter'@'localhost'; image: prom/mysqld-exporter:v0.14.0 + securityContext: + runAsUser: 1050 args: # see: k exec -it deploy/photoprism -c mariadb-exporter -- /bin/mysqld_exporter --help - "--collect.info_schema.tables.databases=photoprism"
--- a/skaffold.yaml Sun Mar 19 17:18:17 2023 -0700 +++ b/skaffold.yaml Sun Mar 19 17:19:47 2023 -0700 @@ -15,3 +15,11 @@ artifacts: - image: bang5:5000/photoprism_update context: update/ + - image: bang5:5000/photoprism_server + context: . + docker: + dockerfile: Dockerfile.photoprism + - image: bang5:5000/photoprism_mariadb + context: . + docker: + dockerfile: Dockerfile.mariadb
--- a/update/Dockerfile Sun Mar 19 17:18:17 2023 -0700 +++ b/update/Dockerfile Sun Mar 19 17:19:47 2023 -0700 @@ -9,4 +9,8 @@ COPY update.sh ./ +RUN useradd -MN -u 501 drewp + +RUN useradd --no-create-home --uid 1050 photoprism + CMD ["./update.sh"] \ No newline at end of file
--- a/update/update.sh Sun Mar 19 17:18:17 2023 -0700 +++ b/update/update.sh Sun Mar 19 17:19:47 2023 -0700 @@ -1,7 +1,8 @@ #!/bin/zsh +print update runnning as `id` + date -useradd -MN -u 501 drewp grep drewp /etc/passwd runuser -u drewp -- /my/pda/note10/copy_photos > /tmp/photo_touched_dirs wc /tmp/photo_touched_dirs @@ -11,4 +12,4 @@ ./kubectl exec deploy/photoprism -c photoprism -- photoprism index $x } -touch /my/pda/note10/photos_updated +runuser -u drewp -- touch /my/pda/note10/photos_updated