franga2000/whydididothis.sh

## whydididothis.sh
# This is quite possibly the most horrific command I have ever written

# So... There's this thing (code-server) that runs in a Docker container.
# For some reason, the Dockerfile creates a new user for itself with the UID 1000 and that is the only UID it can properly run as.
# If I try to run it with a different UID (--user), it complains because it can't access a whole bunch of stuff.
# But I need it to run under UID 1001 and also be in the www-data group.

# So, in short:
# First, I give the container all privileges and mount the FUSE device so I can use bindfs.
# I mount the dir I want into ~/project_real set the entrypoint to a shell.
# Through the shell, I bindfs and use it to mount ~/project_real into ~/project (the dir the app uses)
# In the bindfs mapping I first map UID 1001 to 1000 (so it can access 1001's stuff).
# To make sure it can't access the REAL 1000's stuff, I also map 1000 one to 1001 (anything else would work too)
# After all that, I have to add the user to www-data (which, thankfully, matches the GID on the host).
# But since groups aren't updated until you log in again, I use su (through sudo, so I don't need a password) to start a new session.
# Inside that new session, I can finally run code-server -- the app that I've been trying to run this whole time.
# (well, there is the whole dumb-init thing, but that's a rant for another day)

docker run \
  --device /dev/fuse \
  --privileged \
  --entrypoint=/bin/sh \
  -it \
  --rm \
  -p 8401:8443 \
  -v "/var/www:/home/coder/project_real" \
  --entrypoint=/bin/sh codercom/code-server \
  -c '\sudo apt install bindfs -y \
    && sudo bindfs --map=1000/1001:1001/1000 /home/coder/project_real /home/coder/project \
    && sudo adduser coder www-data \
    && sudo su coder -c '\''\
      dumb-init code-server \
        --allow-http'\'''
	# This is quite possibly the most horrific command I have ever written

	# So... There's this thing (code-server) that runs in a Docker container.
	# For some reason, the Dockerfile creates a new user for itself with the UID 1000 and that is the only UID it can properly run as.
	# If I try to run it with a different UID (--user), it complains because it can't access a whole bunch of stuff.
	# But I need it to run under UID 1001 and also be in the www-data group.

	# So, in short:
	# First, I give the container all privileges and mount the FUSE device so I can use bindfs.
	# I mount the dir I want into ~/project_real set the entrypoint to a shell.
	# Through the shell, I bindfs and use it to mount ~/project_real into ~/project (the dir the app uses)
	# In the bindfs mapping I first map UID 1001 to 1000 (so it can access 1001's stuff).
	# To make sure it can't access the REAL 1000's stuff, I also map 1000 one to 1001 (anything else would work too)
	# After all that, I have to add the user to www-data (which, thankfully, matches the GID on the host).
	# But since groups aren't updated until you log in again, I use su (through sudo, so I don't need a password) to start a new session.
	# Inside that new session, I can finally run code-server -- the app that I've been trying to run this whole time.
	# (well, there is the whole dumb-init thing, but that's a rant for another day)

	docker run \
	--device /dev/fuse \
	--privileged \
	--entrypoint=/bin/sh \
	-it \
	--rm \
	-p 8401:8443 \
	-v "/var/www:/home/coder/project_real" \
	--entrypoint=/bin/sh codercom/code-server \
	-c '\sudo apt install bindfs -y \
	&& sudo bindfs --map=1000/1001:1001/1000 /home/coder/project_real /home/coder/project \
	&& sudo adduser coder www-data \
	&& sudo su coder -c '\''\
	dumb-init code-server \
	--allow-http'\'''