mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-28 14:30:13 +00:00
f08103ca15
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/81d1b5cc-ab2d-4337-801b-25755355183e Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
66 lines
2.4 KiB
Bash
66 lines
2.4 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
# Validate required environment variables
|
|
if [ -z "$BASE_URL" ]; then
|
|
echo "BASE_URL must be provided. Exiting!"
|
|
exit 1
|
|
fi
|
|
|
|
export TZ="${TZ:-Etc/UTC}"
|
|
|
|
# The Docker daemon injects SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt and
|
|
# SSL_CERT_DIR=/etc/ssl/certs into every container, but /etc/ssl/certs/ is mode 700
|
|
# (root only) in the base Windmill image, so uid=1000 cannot traverse it.
|
|
# Build a combined, world-readable CA bundle in the writable /tmp tmpfs and
|
|
# override all SSL cert env vars so Windmill and its sub-processes use it.
|
|
_COMBINED_BUNDLE="/tmp/ca-bundle.crt"
|
|
cat /etc/ssl/ca-bundle.crt /etc/ssl/cert.pem > "$_COMBINED_BUNDLE" 2>/dev/null || \
|
|
cat /etc/ssl/ca-bundle.crt > "$_COMBINED_BUNDLE" 2>/dev/null || true
|
|
if [ -s "$_COMBINED_BUNDLE" ]; then
|
|
export SSL_CERT_FILE="$_COMBINED_BUNDLE"
|
|
export CURL_CA_BUNDLE="$_COMBINED_BUNDLE"
|
|
export REQUESTS_CA_BUNDLE="$_COMBINED_BUNDLE"
|
|
export NODE_EXTRA_CA_CERTS="$_COMBINED_BUNDLE"
|
|
# Unset SSL_CERT_DIR so rustls-native-certs does not also try to traverse
|
|
# the inaccessible /etc/ssl/certs/ directory.
|
|
unset SSL_CERT_DIR
|
|
fi
|
|
|
|
PGDATA="/var/lib/postgresql/data"
|
|
|
|
# Initialize PostgreSQL data directory on first run.
|
|
# No su/chown needed — we already own PGDATA (the windmill user owns the volume).
|
|
if [ -z "$(ls -A "$PGDATA" 2>/dev/null)" ]; then
|
|
echo "Initializing PostgreSQL database for Windmill..."
|
|
|
|
initdb -D "$PGDATA" \
|
|
--username=windmill \
|
|
--auth-local=trust \
|
|
--auth-host=trust \
|
|
--no-instructions
|
|
|
|
# Allow local connections without a password; listen only on localhost
|
|
cat > "$PGDATA/pg_hba.conf" << 'EOF'
|
|
# TYPE DATABASE USER ADDRESS METHOD
|
|
local all all trust
|
|
host all all 127.0.0.1/32 trust
|
|
host all all ::1/128 trust
|
|
EOF
|
|
|
|
cat >> "$PGDATA/postgresql.conf" << 'EOF'
|
|
listen_addresses = 'localhost'
|
|
EOF
|
|
|
|
# Start PostgreSQL temporarily to create the windmill database, then stop it.
|
|
# supervisord will restart it properly afterward.
|
|
pg_ctl -D "$PGDATA" start -w -o "-k /var/run/postgresql"
|
|
psql -h /var/run/postgresql -U windmill postgres \
|
|
-c "CREATE DATABASE windmill OWNER windmill;"
|
|
pg_ctl -D "$PGDATA" stop -w
|
|
|
|
echo "PostgreSQL initialization complete."
|
|
fi
|
|
|
|
exec supervisord -c /supervisord.conf
|