diff --git a/dist/docker/Dockerfile b/dist/docker/Dockerfile index 8bf8937f1..4b0bd4552 100644 --- a/dist/docker/Dockerfile +++ b/dist/docker/Dockerfile @@ -40,9 +40,17 @@ FROM alpine:latest RUN \ apk --no-cache add \ + doas \ libtorrent-rasterbar \ qt6-qtbase \ - tini + tini && \ + adduser \ + -D \ + -H \ + -s /sbin/nologin \ + -u 1000 \ + qbtUser && \ + echo "permit nopass :root" >> "/etc/doas.d/doas.conf" COPY --from=builder /usr/local/bin/qbittorrent-nox /usr/bin/qbittorrent-nox diff --git a/dist/docker/Readme.md b/dist/docker/Readme.md index d5d4b0d6d..faedf359c 100644 --- a/dist/docker/Readme.md +++ b/dist/docker/Readme.md @@ -35,6 +35,7 @@ docker build \ QBT_WEBUI_PORT=8080 docker run \ -it \ + --read-only \ --rm \ --name qbittorrent-nox \ -e QBT_EULA \ @@ -42,8 +43,8 @@ docker build \ -p "$QBT_WEBUI_PORT":"$QBT_WEBUI_PORT" \ -p 6881:6881/tcp \ -p 6881:6881/udp \ - -v /your_path/config:/config \ - -v /your_path/downloads:/downloads \ + -v /config:/config \ + -v /downloads:/downloads \ qbittorrent-nox:"$QBT_VERSION" ``` Then you can login at: `http://127.0.0.1:8080` @@ -67,5 +68,5 @@ docker build \ ### Volumes There are some paths involved: -* `/your_path/config` on your host machine will contain qBittorrent configurations -* `/your_path/downloads` on your host machine will contain the files downloaded by qBittorrent +* `/config` on your host machine will contain qBittorrent configurations +* `/downloads` on your host machine will contain the files downloaded by qBittorrent diff --git a/dist/docker/entrypoint.sh b/dist/docker/entrypoint.sh index 20f551217..c49f0b76c 100755 --- a/dist/docker/entrypoint.sh +++ b/dist/docker/entrypoint.sh @@ -1,5 +1,6 @@ #!/bin/sh +downloadsPath="/downloads" profilePath="/config" qbtConfigFile="$profilePath/qBittorrent/config/qBittorrent.conf" @@ -22,7 +23,13 @@ EOF fi fi -qbittorrent-nox \ - --profile="$profilePath" \ - --webui-port="$QBT_WEBUI_PORT" \ - "$@" +# those are owned by root by default +# don't change existing files owner in `$downloadsPath` +chown qbtUser:qbtUser "$downloadsPath" +chown qbtUser:qbtUser -R "$profilePath" + +doas -u qbtUser \ + qbittorrent-nox \ + --profile="$profilePath" \ + --webui-port="$QBT_WEBUI_PORT" \ + "$@"