Make .env being writable optional when configuring via environment variables

[schnerring]

Is your feature request related to a problem? Please describe.

The Linkace setup process requires .env to be writable during first time setup. In the TrueCharts app repo we implemented a Linkace Helm chart that allows TrueNAS SCALE users to easily deploy Linkace with a few clicks.

The Helm chart uses only environment variables to configure Linkace. However, the first-time-setup process requires .env to be writable by the www-data user.

Right now, the user needs to connect to the container via shell, chmod a+w /app/.env, and then finish the setup. The DB connection is actually written to .env. However, these changes are never used and discarded the next time the container starts.

Describe the solution you'd like

When the configuration via environment variables is sufficient, /app/.env being writable should be optional.

Describe alternatives you've considered

Fix (more of a hack) the issue by modifying the Docker image like this:

FROM linkace/linkace:v1.10.2-simple@sha256:3f6b38b698b8792d37b2ba90953deefbc9159d44e27344dd78b4b2f65faa6185
RUN chmod a+w /app/.env

[Kovah]

Hey, thanks for the input!
Technically, the .env file is not really needed to setup LinkAce, it just needs to be configured correctly. See https://www.linkace.org/docs/v1/setup/setup-with-docker/advanced-configuration/ for more details.
But I'll see what I can do to improve the setup process and make it more clear and easy to use.

[schnerring]

it just needs to be configured correctly.

We're not mounting any custom .env file, it's just the default one included in the Docker image.

The file is part of root filesystem and owned by root:

/app # ls -l .env
-rw-r--r--    1 root     root           644 Jun 10 17:31 .env

So chown 82:82 /app/.env like in this related issue or chmod a+w /app/.env fixes the issue. Neither of this is apparent from the docs.

The setup writing to .env also makes it impossible to run the container in a Kubernetes environment with:

securityContext:
  readOnlyRootFilesystem: true

This is the docker run --read-only equivalent.

[Kovah]

I'll see if I can update the setup documentation. It is possible to configure LinkAce without the built in setup, which also does not need the env file being writable.

[stavros-k]

It's not just about documentation. The included .env file in the container needs to have the correct default permissions.
Currently it's owned by root. But the preflight check is done by user www-data if I'm not wrong

This is the preflight check of the container without mounting a .env file.

Required env's are defined
https://github.com/truecharts/apps/blob/aa51656f2b966d1d1399dd0120c951622eefb68d/charts/stable/linkace/values.yaml#L30-L68

[AlexKalopsia]

I am having the same issue. .env is owned by root, and I still get that fail. Should I change to something specific? I don't have a www-data user

[Kovah]

For the setup process it should be enough to make the file read and writable by others (0766) and then switch it back after that.

[AlexKalopsia]

This still doesn't work for me, perhaps it's because I have a different folder setup.
My docker-compose.yaml is in ${DOCKER_PATH} , and in ${DOCKER_PATH} I have .env as well as a linkace/ folder (where I wanna mount the volumes.
My docker-compose looks like this

linkace:
    image: linkace/linkace:simple
    container_name: linkace
    depends_on:
      - mariadb
    environment:
      - APP_KEY=${LINKACE_API}
      - DB_CONNECTION=mysql
      - DB_HOST=${IP}
      - DB_DATABASE=${LINKACE_DB}
      - DB_USERNAME=${LINKACE_USER}
      - DB_PASSWORD=${LINKACE_PSW}
      - COMPOSE_PROJECT_NAME=linkace
    ports:
      - "0.0.0.0:7788:80"
    volumes:
      - ${DOCKER_PATH}/linkace/linkace_logs:/app/storage/logs
      - ${DOCKER_PATH}/linkace/backups:/app/storage/app/backups
    restart: unless-stopped

I gave 0766 to .env or even 0777, but LinkAce still says it can't be written to. I have also tried to have a separate .env file in ${DOCKER_PATH}/linkace/ with 0766, but that didn't work either

[Kovah]

Just noticed that the thread is about using Docker environment data and the setup without the env file.
To be honest, I can't take care of these type of issues and help debugging. As stated in the documentation, this installation method is not fully tested and thus not supported.

[stavros-k]

The .env file is being written and read by the www-data user.
chown ing this file for that user in the Dockerfile, will most likely solve the problems.

It won't affect the rest of the installations anyway

[piegamesde]

I ran into this as well. I create a .env file and made it writable in order to succeed. The setup dialog left the file empty (because everything was already configured in environment variables), and moreover it was wrong because I used "hidden" environment variables for configuration (namely "DB_SOCKET" instead of host/username/password).

I suggest having an option to disable the setup entirely, which will both skip that step and also not require the .env file. Admins who disable the setup will have to do these steps themselves of course.