From 4f13a498a2cfe3a8c4793ae5381ba4bd323174a5 Mon Sep 17 00:00:00 2001
From: Marc <marc@gitea.taginu.com>
Date: Thu, 2 Oct 2025 10:35:24 +0200
Subject: [PATCH] small fixes

---
 docker-compose.yml           |  3 ++-
 docker/shulker/Dockerfile    |  5 +++--
 docker/shulker/entrypoint.sh | 16 +++++++++++++++-
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 9d61b6d..9d5505a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,13 +5,14 @@ services:
     image: gitea.taginu.com/marc/tfmc-website:latest
     container_name: shulker
     restart: unless-stopped
+    user: "root"
     # Configure everything inline here; no .env file required
     environment:
       # Discord configuration (fill these)
       DISCORD_TOKEN: "MTA3MTEwMzcwMDAyMzY0ODMyMA.GIlFkn.o10LKcpjlaLDvVsgF_WKZhz5ykPYf1KEds_g3I"
       DISCORD_CHANNEL_ID: "1247178901004877916"
       # If set, webhook mode is used; leave empty to use the bot account
-      WEBHOOK_URL: ""
+      WEBHOOK_URL: "https://discord.com/api/webhooks/1423056957434101850/QOQgLa1Y3TkH2JPOJuLXvh4IO8YXo-hMUVeOErZ4Hcz27uticHY09x9Z1cm-AksDeJ7Z"
 
       # Display name/avatar for server-origin messages (webhook mode)
       SERVER_NAME: "TFMC"
diff --git a/docker/shulker/Dockerfile b/docker/shulker/Dockerfile
index 9a285fb..c65e40e 100644
--- a/docker/shulker/Dockerfile
+++ b/docker/shulker/Dockerfile
@@ -35,9 +35,10 @@ COPY docker/shulker/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
 # Install helpful runtime tools
-RUN apk add --no-cache jq
+RUN apk add --no-cache jq su-exec
 
-USER shulker
+# Start as root to allow entrypoint to chown mounted volumes, then drop to non-root
+USER root
 
 # Shulker default port
 EXPOSE 8000
diff --git a/docker/shulker/entrypoint.sh b/docker/shulker/entrypoint.sh
index c49bebc..9af3aa2 100644
--- a/docker/shulker/entrypoint.sh
+++ b/docker/shulker/entrypoint.sh
@@ -1,6 +1,13 @@
 #!/bin/sh
 set -e
 
+# Ensure runtime dirs exist and are writable for the app user when running as root
+if [ "$(id -u)" = "0" ]; then
+  mkdir -p /data /minecraft/logs || true
+  # 10001 is the shulker user created in the image
+  chown -R 10001:10001 /data /minecraft || true
+fi
+
 # If no config exists in /data, seed it from the example and apply env overrides if provided
 if [ ! -f /data/config.json ]; then
   echo "Seeding /data/config.json from example"
@@ -67,4 +74,11 @@ jq ".IS_LOCAL_FILE=${IS_LOCAL_FILE} | .LOCAL_FILE_PATH=\"${LOCAL_FILE_PATH}\"" /
 # Link config into app directory where shulker expects it
 ln -sf /data/config.json /app/config.json
 
-exec "$@"
+# If running as root, drop privileges to shulker before starting the app
+if [ "$(id -u)" = "0" ]; then
+  # Ensure ownership after seeding as root
+  chown -R 10001:10001 /data || true
+  exec su-exec 10001:10001 "$@"
+else
+  exec "$@"
+fi