b135f11557
Security (P0): - Remove committed session-secret default; auto-generate and persist a random secret to the config volume when SESSION_SECRET is unset (prevents forgeable session cookies / auth bypass). - Validate playlist names to a safe charset and render sldl configs via literal Python substitution instead of sed (closes a command-injection and path-traversal path through playlist names). - shlex-quote credential values written to shell-sourced env files, and strip newlines from values patched into .conf files. - Render playlist .conf files 0600; warn at startup if the master key is co-located with the config volume; document keeping it separate. Portability: - Configurable timezone via TZ (default UTC) instead of hardcoded Edmonton. - Remove personal defaults (navidrome user "andrew", ephemeral.club URLs). - Ship generic example seeds; move the cross-album dedup keep-list and the legacy playlist import to editable config files; drop the personal _upgrade.csv. - Generic VPN reference in docker-compose.snippet.yml. First-run experience: - Redirect to /setup instead of 500 when OIDC is unconfigured; surface a missing master key inline; entrypoint exits with an actionable message when the config folder is not writable. - Add unauthenticated /health (JSON) and /setup (checklist) diagnostics. Docs: - Write docs/ARCHITECTURE.md and docs/MIGRATION.md (previously referenced but missing); expand README with ownership, backups, advanced settings, and migration guidance. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
41 lines
1.9 KiB
Bash
41 lines
1.9 KiB
Bash
#!/bin/bash
|
|
# entrypoint.sh — seed first-run instance state into the config volume, then
|
|
# start the app. The image itself is code-only and stateless/rebuildable;
|
|
# everything mutable lives under $ALEMBIC_CONFIG_DIR (see docs/ARCHITECTURE.md).
|
|
set -euo pipefail
|
|
|
|
ALEMBIC_CONFIG_DIR="${ALEMBIC_CONFIG_DIR:-/config}"
|
|
PIPELINE_DIR="${PIPELINE_DIR:-/app/pipeline}"
|
|
|
|
# The container runs as uid 1000. If the mounted config folder is owned by
|
|
# root on the host (the usual result of `mkdir` as your normal user), the
|
|
# first write fails and the container would otherwise exit with a bare
|
|
# "Permission denied". Catch that here and say exactly how to fix it.
|
|
if ! mkdir -p \
|
|
"$ALEMBIC_CONFIG_DIR/beets/data" \
|
|
"$ALEMBIC_CONFIG_DIR/pipeline" \
|
|
"$ALEMBIC_CONFIG_DIR/logs" 2>/dev/null; then
|
|
echo "[entrypoint] ERROR: cannot write to $ALEMBIC_CONFIG_DIR" >&2
|
|
echo "[entrypoint] The container runs as uid 1000 but that folder is not writable by it." >&2
|
|
echo "[entrypoint] On the host, run: chown -R 1000:1000 <the folder mounted at /config>" >&2
|
|
exit 1
|
|
fi
|
|
|
|
seed_if_absent() {
|
|
local src="$1" dst="$2"
|
|
if [[ ! -f "$dst" ]]; then
|
|
cp "$src" "$dst"
|
|
echo "[entrypoint] seeded $dst from $(basename "$src")"
|
|
fi
|
|
}
|
|
|
|
seed_if_absent "$PIPELINE_DIR/beets/config.yaml.example" "$ALEMBIC_CONFIG_DIR/beets/config.yaml"
|
|
seed_if_absent "$PIPELINE_DIR/configs/artist-canonical.list.example" "$ALEMBIC_CONFIG_DIR/pipeline/artist-canonical.list"
|
|
seed_if_absent "$PIPELINE_DIR/configs/djmix-albums.txt.example" "$ALEMBIC_CONFIG_DIR/pipeline/djmix-albums.txt"
|
|
seed_if_absent "$PIPELINE_DIR/configs/genres-whitelist.txt.example" "$ALEMBIC_CONFIG_DIR/pipeline/genres-whitelist.txt"
|
|
seed_if_absent "$PIPELINE_DIR/configs/cross-album-keep.list.example" "$ALEMBIC_CONFIG_DIR/pipeline/cross-album-keep.list"
|
|
|
|
export BEETSDIR="$ALEMBIC_CONFIG_DIR/beets"
|
|
|
|
exec uvicorn app.main:app --host 0.0.0.0 --port "${ALEMBIC_PORT:-8420}"
|