diff --git a/README.md b/README.md index 5f2daab..958d531 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,14 @@ The web app and the server are both accessible at `http://SERVERIP:8088`. Note: It is recommended to use `http` as the external proto with a reverse proxy due to `https` not working with external plex clients. +## Read-Only Operation + +This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/). + +## Non-Root Operation + +This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/). + ## Usage To help you get started creating a container from this image you can either use docker-compose or the docker cli. @@ -104,6 +112,8 @@ Containers are configured using parameters passed at runtime (such as those abov | :----: | --- | | `-p 8088:8088` | Web app and server port | | `-e AUTH_LIST=plexuser1,plexuser2,email1,machineid1` | If set, only the users defined here and the users of the plex servers defined here will be able to access the server. Use e-mails, plex usernames and/or plex server machine ids, comma separated, no spaces. | +| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). | +| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). | ## Environment variables from files (Docker secrets) @@ -249,6 +259,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **19.12.24:** - Add support for read-only and non-root operation. * **05.12.24:** - Rebase to Alpine 3.21. * **04.06.24:** - Rebase to Alpine 3.20. * **26.08.23:** - Rebase to Alpine 3.19. Remove deprecated `AUTOJOIN_ENABLED` & `AUTOJOIN_ROOM` options. diff --git a/readme-vars.yml b/readme-vars.yml index af81b77..6a8f98e 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -13,8 +13,6 @@ available_architectures: # container parameters common_param_env_vars_enabled: false param_container_name: "{{ project_name }}" -param_usage_include_vols: false -param_volumes: param_usage_include_ports: true param_ports: - {external_port: "8088", internal_port: "8088", port_desc: "Web app and server port"} @@ -22,9 +20,8 @@ param_ports: opt_param_usage_include_env: true opt_param_env_vars: - {env_var: "AUTH_LIST", env_value: "plexuser1,plexuser2,email1,machineid1", desc: "If set, only the users defined here and the users of the plex servers defined here will be able to access the server. Use e-mails, plex usernames and/or plex server machine ids, comma separated, no spaces."} -# optional parameters -optional_block_1: false -optional_block_1_items: "" +readonly_supported: true +nonroot_supported: true # application setup block app_setup_block_enabled: true app_setup_block: | @@ -70,6 +67,7 @@ init_diagram: | "synclounge:latest" <- Base Images # changelog changelogs: + - {date: "19.12.24:", desc: "Add support for read-only and non-root operation."} - {date: "05.12.24:", desc: "Rebase to Alpine 3.21."} - {date: "04.06.24:", desc: "Rebase to Alpine 3.20."} - {date: "26.08.23:", desc: "Rebase to Alpine 3.19. Remove deprecated `AUTOJOIN_ENABLED` & `AUTOJOIN_ROOM` options."} diff --git a/root/etc/s6-overlay/s6-rc.d/svc-synclounge/run b/root/etc/s6-overlay/s6-rc.d/svc-synclounge/run index 3ee8c7d..75dbe6d 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-synclounge/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-synclounge/run @@ -6,6 +6,12 @@ if [ -n "${AUTH_LIST}" ]; then export authentication__authorized="[\"$(echo ${AUTH_LIST} | sed 's|,|", "|g')\"]" fi -exec \ - s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 8088" \ - s6-setuidgid abc synclounge +if [[ -z ${LSIO_NON_ROOT_USER} ]]; then + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 8088" \ + s6-setuidgid abc synclounge +else + exec \ + s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 8088" \ + synclounge +fi