feat: non-root support

dotconfig404 · dotconfig404 · commit 13c499c50d2f · 2025-10-31T12:26:29.000+01:00
diff --git a/openvoxserver/Containerfile.alpine b/openvoxserver/Containerfile.alpine
@@ -196,6 +196,13 @@ RUN apk update \
 # install puppet gem as library into jruby loadpath
 && puppetserver gem install --no-document openvox
 
+RUN chown -R puppet:puppet /var/log/puppetlabs/puppetserver/ \
+&& chown -R puppet:puppet /etc/puppetlabs/puppet/ \
+&& chown -R puppet:puppet /opt/puppetlabs/server/data/puppetserver/ \
+&& chown -R puppet:puppet /etc/puppetlabs/puppetserver/
+
+USER puppet
+
 # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK
 HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"]
 
diff --git a/openvoxserver/container-entrypoint.d/10-init-nonroot-puppet.sh b/openvoxserver/container-entrypoint.d/10-init-nonroot-puppet.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+# init confdir for non-root user
+[ ! -d ~/.puppetlabs/etc/puppet ] && mkdir -p ~/.puppetlabs/etc/puppet
+# to make CLI tools work properly confdir and codedir need the same as the user dirs (defaults to root user dirs)
+hocon -f /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf set jruby-puppet.master-conf-dir $(puppet config print confdir)
+hocon -f /etc/puppetlabs/puppetserver/conf.d/puppetserver.conf set jruby-puppet.master-code-dir $(puppet config print codedir)  
diff --git a/openvoxserver/container-entrypoint.d/30-set-permissions.sh b/openvoxserver/container-entrypoint.d/30-set-permissions.sh
