Add ability to run the docker container with configurable user and group ids

Dockerfile

@@ -28,10 +28,17 @@ LABEL maintainer="maintainers@vikunja.io"
 
 WORKDIR /app/vikunja/
 COPY --from=build-env /go/src/code.vikunja.io/api/vikunja .
-RUN adduser -S -D vikunja -h /app/vikunja -H \
-  && chown vikunja -R /app/vikunja
 ENV VIKUNJA_SERVICE_ROOTPATH=/app/vikunja/
 
+# Dynamic permission changing stuff
+ENV PUID 1000
+ENV PGID 1000
+RUN apk --no-cache add shadow && \
+  addgroup -g ${PGID} vikunja && \
+  adduser -s /bin/sh -D -G vikunja -u ${PUID} vikunja -h /app/vikunja -H && \
+  chown vikunja -R /app/vikunja
+COPY run.sh /run.sh
+
 # Fix time zone settings not working
 RUN apk --no-cache add tzdata
 
@@ -40,6 +47,5 @@ RUN mkdir /app/vikunja/files && \
   chown -R vikunja /app/vikunja/files
 VOLUME /app/vikunja/files
 
-USER vikunja
+CMD ["/run.sh"]
-CMD ["/app/vikunja/vikunja"]
 EXPOSE 3456

docs/content/doc/setup/full-docker-example.md

@@ -30,6 +30,8 @@ services:
       VIKUNJA_REDIS_HOST: 'redis:6379'
       VIKUNJA_CACHE_ENABLED: 1
       VIKUNJA_CACHE_TYPE: redis
+    volumes:
+      - ./files:/app/vikunja/files
   redis:
     image: redis
 {{< /highlight >}}

docs/content/doc/setup/install-backend.md

@@ -106,7 +106,7 @@ docker run -p 3456:3456 vikunja/api
 {{< /highlight >}}
 
 to run with a standard configuration.
-This will expose 
+This will expose vikunja on port `3456` on the host running the container.
 
 You can mount a local configuration like so:
 
@@ -117,6 +117,18 @@ docker run -p 3456:3456 -v /path/to/config/on/host.yml:/app/vikunja/config.yml:r
 Though it is recommended to use eviroment variables or `.env` files to configure Vikunja in docker.
 See [config]({{< ref "config.md">}}) for a list of available configuration options.
 
+### Files volume
+
+By default the container stores all files uploaded and used through vikunja inside of `/app/vikunja/files` which is created as a docker volume.
+You should mount the volume somewhere to the host to permanently store the files and don't loose them if the container restarts.
+
+### Setting user and group id of the user running vikunja
+
+You can set the user and group id of the user running vikunja with the `PUID` and `PGID` evironment variables.
+This follows the pattern used by [the linuxserver.io](https://docs.linuxserver.io/general/understanding-puid-and-pgid) docker images.
+
+This is useful to solve general permission problems when host-mounting volumes such as the volume used for task attachments.
+
 ### Docker compose
 
 To run the backend with a mariadb database you can use this example [docker-compose](https://docs.docker.com/compose/) file:
@@ -132,6 +144,8 @@ services:
       VIKUNJA_DATABASE_TYPE: mysql
       VIKUNJA_DATABASE_USER: root
       VIKUNJA_SERVICE_JWTSECRET: <generated secret>
+    volumes:
+      - ./files:/app/vikunja/files
   db:
     image: mariadb:10
     environment:

docs/content/doc/setup/install-frontend.md

@@ -45,6 +45,11 @@ which will run the docker image and expose port 80 on the host.
 
 See [full docker example]({{< ref "full-docker-example.md">}}) for more varations of this config.
 
+### Setting user and group id of the user running vikunja
+
+You can set the user and group id of the user running vikunja with the `PUID` and `PGID` evironment variables.
+This follows the pattern used by [the linuxserver.io](https://docs.linuxserver.io/general/understanding-puid-and-pgid) docker images.
+
 ### API URL configuration in docker
 
 When running the frontend with docker, it is possible to set the environment variable `$VIKUNJA_API_URL` to the api url.

run.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Set the uid and gid of the vikunja run user
+usermod --non-unique --uid ${PUID} vikunja
+groupmod --non-unique --gid ${PGID} vikunja
+
+su vikunja -c '/app/vikunja/vikunja'