From fa1b87af5ad37e10f6ed5df378403d760b7ed5c3 Mon Sep 17 00:00:00 2001
From: Alex Palaistras <alex@deuill.org>
Date: Sun, 19 Sep 2021 17:30:34 +0100
Subject: [PATCH] discord-ircd: Run container as root, daemon as user

This allows us to do some early setup tasks as root, which are then
required for the correct operation of the daemon.
---
 config/service/discord-ircd/Containerfile        | 4 +---
 config/service/discord-ircd/container/run-rdircd | 7 ++++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/config/service/discord-ircd/Containerfile b/config/service/discord-ircd/Containerfile
index 92f5ed1..702234a 100644
--- a/config/service/discord-ircd/Containerfile
+++ b/config/service/discord-ircd/Containerfile
@@ -1,7 +1,7 @@
 FROM docker.io/debian:bullseye-slim
 
 RUN apt-get update -y && apt-get install -y --no-install-recommends \
-    ca-certificates python3 python3-aiohttp gettext git
+    ca-certificates python3 python3-aiohttp gettext git sudo
 
 RUN git clone --depth 1 https://github.com/mk-fg/reliable-discord-client-irc-daemon.git /rdircd && \
     cp /rdircd/rdircd /usr/bin && chmod 0755 /usr/bin/rdircd && \
@@ -14,7 +14,5 @@ COPY container/config /etc/rdircd
 COPY container/run-rdircd /run-rdircd
 RUN chown -R rdircd:rdircd /etc/rdircd
 
-USER rdircd
 EXPOSE 6667
-
 ENTRYPOINT ["/run-rdircd"]
diff --git a/config/service/discord-ircd/container/run-rdircd b/config/service/discord-ircd/container/run-rdircd
index cb66cda..a2a2065 100755
--- a/config/service/discord-ircd/container/run-rdircd
+++ b/config/service/discord-ircd/container/run-rdircd
@@ -1,12 +1,13 @@
 #!/bin/sh
 
 # Prepare configuration files for environment variable substitution.
-ENV_NAMES="`env | awk -F '=' '{printf "$%s ", $1}'`"
+ENV_NAMES="$(env | awk -F '=' '{printf "$%s ", $1}')"
 for file in /etc/rdircd/*.template; do
-	envsubst "${ENV_NAMES}" < "$file" > "`echo $file | awk -F '.template$' '{print $1}'`"
+	envsubst "$ENV_NAMES" < "$file" > "$(echo "$file" | awk -F '.template$' '{print $1}')"
 done
 
 # Ensure state file exists before starting service.
 touch /var/lib/rdircd/state.conf
+chmod -R rdircd:rdircd /var/lib/rdircd
 
-/usr/bin/rdircd --conf /etc/rdircd/rdircd.conf --conf /var/lib/rdircd/state.conf "$@"
+sudo --user rdircd -- /usr/bin/rdircd --conf /etc/rdircd/rdircd.conf --conf /var/lib/rdircd/state.conf "$@"