nginx: Add default user to shared GID=10000

Users and groups used within Podman containers are usually assigned UID
and GID 10000. Files for these containers are sometimes served by Nginx,
and may be given permissions that restrict access to those outside the
group, but which are intended to be served nonetheless.

This commit adds the pre-defined `nginx` user to a `nginx-shared` group
with GID 10000, which will then allow access to these files as needed.

service/nginx/Containerfile

@@ -1,7 +1,11 @@
 FROM docker.io/nginx:1.21
 
+RUN addgroup --system --gid 10000 nginx-shared
+RUN gpasswd --add nginx nginx-shared
+
 COPY container/config /etc/nginx
 COPY container/run-nginx /run-nginx
+
 RUN nginx -t
 
 EXPOSE 80 443

service/spectrum/container/config/spectrum.cfg.template

@@ -86,6 +86,9 @@ enable_public_registration=${SPECTRUM_REGISTRATION_ENABLED}
 # local_account_server_timeout=10000
 
 [purple]
+# Download user icons for WhatsApp.
+get-icons = true
+
 # Improve compatibility with WhatsApp protocol plugin.
 bridge-compatibility = true
 

service/spectrum/container/run-spectrum

@@ -6,4 +6,8 @@ for file in /etc/spectrum2/*.template; do
 	envsubst "${ENV_NAMES}" < "${file}" > $(echo "${file}" | awk -F '.template$' '{print $1}')
 done
 
+# Correct permissions for data files.
+chown -R spectrum:spectrum /var/lib/spectrum2 /var/lib/spectrum2-media
+
+# Run entrypoint.
 /usr/bin/spectrum2 -n /etc/spectrum2/spectrum.cfg