Working version

Not sure that I'd bet the bank that this is secure. It probably is. From what I can see, you have to be able to go in and do things as root.
2025-12-06 09:47:00 -05:00
parent 0d5dbcae2c
commit acbd740392
6 changed files with 76 additions and 31 deletions
--- a/start.bash
+++ b/start.bash
@@ -1,5 +1,25 @@
 #!/bin/bash

+# /app/data gets mounted by Cloudron.
+# Any files there at image creation time will disappear.
+# So, copy things in from elsewhere if they're needed at startup.
+
+# Make the working directories for garage. Files will get stored here.
+mkdir -p /app/data/garage/meta
+mkdir -p /app/data/garage/data
+
+# Copy the config in. This is symlinked from /etc.
+# FIXME: Don't do this every time.
+cp /garage/garage.toml /app/data/garage.toml
+
+# Generate an RPC secret file. This is used for clusters.
+# We don't have clusters, but garage wantses it.
+# It is precious to garage.
+openssl rand -hex 32 > /app/data/garage/rpc-secret
+chmod 600 /app/data/garage/rpc-secret
+
+# FIXME: Go back to info level.
 RUST_LOG=garage=debug
-chown -R cloudron:cloudron /app/data
-gosu cloudron:cloudron garage -c /app/data/garage.toml server
+# Chown the things and run.
+chown -R cloudron:cloudron /tmp/garage /app/data/garage
+gosu cloudron:cloudron /usr/bin/garage server