feat: optional non-root docker user #207

.dockerignore

@@ -2,6 +2,8 @@
 .gitignore
 .dockerignore
 Dockerfile
+Dockerfile.dev
+data
 README.md
 
 frontend/.svelte-kit

.gitignore

@@ -193,6 +193,7 @@ package
 # End of https://www.toptal.com/developers/gitignore/api/go,visualstudiocode,svelte,node
 
 build
+data
 
 backend/pb_data
 backend/pb_public/*

Dockerfile.dev

@@ -0,0 +1,24 @@
+FROM node:alpine as node
+WORKDIR /app
+COPY frontend/ .
+RUN npm i -g pnpm &&\
+    pnpm i &&\
+    pnpm run build
+
+FROM golang:alpine as go
+WORKDIR /app
+COPY backend/ .
+COPY --from=node /app/build ./pb_public
+ENV CGO_ENABLED=0
+RUN go build -o upsnap main.go &&\
+    chmod +x upsnap
+
+FROM alpine:3
+RUN apk update &&\
+    apk add --no-cache tzdata ca-certificates nmap samba samba-common-tools openssh sshpass curl &&\
+    rm -rf /var/cache/apk/*
+WORKDIR /app
+COPY --from=go /app/upsnap upsnap
+HEALTHCHECK --interval=10s \
+    CMD curl -fs "http://localhost:8090/api/health" || exit 1
+ENTRYPOINT ["./upsnap", "serve", "--http=0.0.0.0:8090"]

backend/networking/ping.go

@@ -2,6 +2,7 @@ package networking
 
 import (
 	"net"
+	"runtime"
 	"time"
 
 	"github.com/pocketbase/pocketbase/models"
@@ -17,7 +18,13 @@ func PingDevice(device *models.Record) bool {
 	}
 	pinger.Count = 1
 	pinger.Timeout = 500 * time.Millisecond
-	pinger.SetPrivileged(true)
+
+	// windows needs privileged permissions.
+	// If you have issues on linux, see here: https://github.com/prometheus-community/pro-bing#linux
+	if runtime.GOOS == "windows" {
+		pinger.SetPrivileged(true)
+	}
+
 	err = pinger.Run()
 	if err != nil {
 		logger.Error.Println(err)

docker-compose.dev.yml

@@ -0,0 +1,29 @@
+version: "3"
+services:
+  upsnap:
+    container_name: upsnap
+    build:
+      dockerfile: Dockerfile.dev
+    network_mode: host
+    restart: unless-stopped
+    volumes:
+      - ./data:/app/pb_data
+    # # To use a non-root user, create the mountpoint first before starting
+    # # the container (mkdir data) so that it has the right permissions.
+    # user: 1000:1000
+    # environment:
+    #   - TZ=Europe/Berlin # Set container timezone for cron schedules
+    #   - UPSNAP_INTERVAL=@every 10s # Sets the interval in which the devices are pinged
+    #   - UPSNAP_SCAN_RANGE=192.168.1.0/24 # Scan range is used for device discovery on local network
+    #   - UPSNAP_WEBSITE_TITLE=Custom name # Custom website title
+    # # dns is used for name resolution during network scan
+    # dns:
+    #   - 192.18.0.1
+    #   - 192.18.0.2
+    # # you can change the listen ip:port inside the container like this:
+    # entrypoint: /bin/sh -c "./upsnap serve --http 0.0.0.0:5000"
+    # healthcheck:
+    #   test: curl -fs "http://localhost:5000/api/health" || exit 1
+    #   interval: 10s
+    # # or install custom packages for shutdown
+    # entrypoint: /bin/sh -c "apk update && apk add --no-cache <YOUR_PACKAGE> && rm -rf /var/cache/apk/* && ./upsnap serve --http 0.0.0.0:8090"

docker-compose.yml

@@ -7,6 +7,8 @@ services:
     restart: unless-stopped
     volumes:
       - ./data:/app/pb_data
+    # # To use a non-root user, create the mountpoint first (mkdir data) so that it has the right permission.
+    # user: 1000:1000
     # environment:
     #   - TZ=Europe/Berlin # Set container timezone for cron schedules
     #   - UPSNAP_INTERVAL=@every 10s # Sets the interval in which the devices are pinged