Merge branch 'master' of gitlab.brainfood.com:brainfood/docker-image-recipes

+The MIT License (MIT)
+
+Copyright (c) 2017 brainfood.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

+This repository contains a series of simple docker image recipes.  These are
+meant to be referenced via docker-compose, and built for each project
+separately.  No sharing of images.  This provides sanity for each project, as
+you don't have to worry about an image changing underneath you.  It also means
+that you can be certain you can rebuild on your own whenever the situation
+calls for it.
+
+Here are the best practices in these files:
+
+* Generally, any image listed here should run without any external
+  dependencies.  No includes from other images, etc.  This makes it easier to
+  understand and extend.
+
+* Each Dockerfile is designed to have minimal layers.  This makes rebuilds
+  faster, as there are less docker-runs.  It also makes many things easier to
+  accomplish, as there is a real shell script that can do sophisticated
+  things.
+
+* Images also tend to make use of standard, unmodified debian packages.  Let
+  someone else do the hard-work of system integration, while these recipes
+  then just do slight tweaks.
+
+* Any files that need to be shared between a host and a container should make
+  use of UID/GID being sent in from the host.  The daemon in the container
+  should run as the UID/GID, and it's files changed to have that ownership.
+
+  During entrypoint, the target container user is then modified to have the
+  correct uid/gid setting.  If there is no target user, then one should be
+  added during the image build, generally calling it hostuser/hostgroup.
+
+* Daemons that have complex binary file setups should have those files created
+  during image build, then the entire structure placed in a tarball.  The
+  entrypoint can then extract this seed tarball, but only if the target
+  directory is empty.  This allows for the volume mounting of these
+  directories from the host.  Make certain the uid/gid mapping is sane when
+  this occurs.

@@ -4,12 +4,12 @@ set -ex
 
 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
 
-if [[ $GID ]]; then
+if [[ $GID && $GID -ne 0 ]]; then
 	old_gid=$(getent group hostgroup | cut -f 3 -d :)
 	groupmod -g $GID hostgroup
 	find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
 fi
-if [[ $UID ]]; then
+if [[ $UID && $UID -ne 0 ]]; then
 	usermod -u $UID hostuser
 fi
 

+FROM debian:stretch-slim
+
+ARG JAVA_EXTRA_PACKAGES
+
+COPY files/ /tmp/files/
+RUN /tmp/files/configure
+
+ENTRYPOINT ["/sbin/entrypoint"]

+#!/bin/sh
+
+set -e
+apt-get update
+mkdir -p /usr/share/man/man1
+apt-get install -y ssmtp sudo openjdk-8-jdk $JAVA_EXTRA_PACKAGES
+
+cp /tmp/files/entrypoint /sbin/entrypoint
+
+addgroup hostgroup
+adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser
+
+rm -rf /tmp/files

+#!/bin/bash
+
+set -ex
+
+TARGET_USER=hostuser
+TARGET_GROUP=hostgroup
+
+target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
+
+if [[ $GID && $GID -ne 0 ]]; then
+	groupmod -g $GID "$TARGET_GROUP"
+fi
+if [[ $UID && $UID -ne 0 ]]; then
+	usermod -u $UID "$TARGET_USER"
+fi
+
+find "$target_home" \
+	'(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
+	'(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
+	'(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
+	-true
+
+if [[ $http_proxy =~ ^([^:]+)://([^/:]*)(:([0-9]+?))?(/.*)?$ ]]; then
+	http_proxy_protocol="${BASH_REMATCH[1]}"
+	http_proxy_domain="${BASH_REMATCH[2]}"
+	http_proxy_port="${BASH_REMATCH[4]}"
+fi
+
+if [[ $http_proxy ]]; then
+	mkdir -p "$target_home/.m2"
+	cat > "$target_home/.m2/settings.xml" << _EOF_
+<settings>
+  <proxies>
+   <proxy>
+      <id>app-build-proxy</id>
+      <active>true</active>
+      <protocol>${http_proxy_protocol}</protocol>
+      <host>${http_proxy_domain}</host>
+      <port>${http_proxy_port}</port>
+    </proxy>
+  </proxies>
+</settings>
+_EOF_
+fi
+
+exec "$@"

+FROM debian:stretch-slim
+
+COPY files/ /tmp/files/
+RUN /tmp/files/configure
+
+ENTRYPOINT ["/sbin/entrypoint"]
+VOLUME "/data"
+CMD ["sudo", "-u", "mongodb", "/usr/bin/mongod", "--nounixsocket", "--dbpath", "/var/lib/mongodb"]

+#!/bin/sh
+
+set -e
+apt-get update
+apt-get install -y sudo ssmtp mongodb-server
+
+cp /tmp/files/entrypoint /sbin/entrypoint
+
+rm -rf /tmp/files

+#!/bin/bash
+
+set -ex
+
+TARGET_USER=mongodb
+TARGET_GROUP=mongodb
+
+target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
+
+if [[ $GID && $GID -ne 0 ]]; then
+	groupmod -g $GID "$TARGET_GROUP"
+fi
+if [[ $UID && $UID -ne 0 ]]; then
+	usermod -u $UID "$TARGET_USER"
+fi
+
+find "$target_home" \
+	'(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
+	'(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
+	'(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
+	-true
+
+exec "$@"

+FROM debian:stretch-slim
+
+COPY files/ /tmp/files/
+RUN /tmp/files/configure
+
+ENTRYPOINT ["/sbin/entrypoint"]
+CMD ["/usr/bin/mysqld_safe"]

+#!/bin/sh
+
+set -e
+apt-get update
+apt-get install -y ssmtp mysql-server
+
+mkdir /var/lib/container
+tar -cC /var/lib/mysql/ . | gzip -9v > /var/lib/container/var_lib_mysql.tar.gz
+rm -rf /var/lib/mysql
+mkdir /var/lib/mysql
+
+cp -a /tmp/files/entrypoint /sbin
+
+rm -rf /tmp/files

+#!/bin/bash
+
+set -ex
+
+_mysql() {
+	mysqld_safe "$@"
+}
+
+if [[ $GID && $GID -ne 0 ]]; then
+	old_gid=$(getent group mysql | cut -f 3 -d :)
+	groupmod -g $GID mysql
+fi
+
+if [[ $UID && $UID -ne 0 ]]; then
+	usermod -u $UID mysql
+fi
+
+if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
+	mkdir -p /var/lib/mysql
+	zcat /var/lib/container/var_lib_mysql.tar.gz | tar -C /var/lib/mysql -xf -
+fi
+
+declare -i i=0
+mysqld_safe --skip-networking &
+while eval [[ \$DB_INFO_$i ]]; do
+	IFS=: eval declare -a DB_INFO=\(\$DB_INFO_$i\)
+	echo "database=${DB_INFO[0]} user=${DB_INFO[1]} password=${DB_INFO[2]}" 1>&2
+	mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "CREATE DATABASE IF NOT EXISTS \`${DB_INFO[0]}\` DEFAULT CHARACTER SET \`utf8mb4\` COLLATE \`utf8mb4_ci\`;"
+	mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "GRANT ALL PRIVILEGES ON \`${DB_INFO[0]}\`.* TO '${DB_INFO[1]}' IDENTIFIED BY '${DB_INFO[2]}';"
+	i=$(($i + 1))
+done
+mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "shutdown;"
+wait
+
+exec "$@"

-FROM debian:stretch
+FROM debian:stretch-slim
 
 ARG NGINX_EXTRA_PACKAGES
 
 COPY files/ /tmp/files/
 RUN /tmp/files/configure
 
-ENTRYPOINT ["/sbin/entrypoint.sh"]
+ENTRYPOINT ["/sbin/entrypoint"]
 CMD ["nginx", "-g", "daemon off;"]

@@ -4,6 +4,6 @@ set -e
 apt-get update
 apt-get install -y ssmtp nginx libnginx-mod-http-subs-filter $NGINX_EXTRA_PACKAGES
 rm /etc/nginx/sites-enabled/default
-cp -a /tmp/files/entrypoint.sh /sbin
+cp -a /tmp/files/entrypoint /sbin
 
 rm -rf /tmp/files

-FROM node
+FROM debian:stretch-slim
 
 ARG NODE_EXTRA_PACKAGES
 
 COPY files/ /tmp/files/
 RUN /tmp/files/configure
 
-#ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp
-#RUN ["chmod", "755", "/usr/local/bin/wp"]
-
-ENTRYPOINT ["/root/entrypoint"]
-#CMD ["/usr/sbin/php5-fpm", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php5/fpm/php-fpm.conf"]
+ENTRYPOINT ["/sbin/entrypoint"]

@@ -2,9 +2,20 @@
 
 set -e
 apt-get update
-apt-get install -y ssmtp sudo $NODE_EXTRA_PACKAGES
-#npm install -g gulp grunt
+apt-get install -y apt-transport-https gnupg
+cp /tmp/files/nodesource.list /etc/apt/sources.list.d
+cp /tmp/files/nodesource.gpg.key /etc/apt/trusted.gpg.d/nodesource.asc
+apt-get update
+
+apt-get install -y ssmtp sudo nodejs npm $NODE_EXTRA_PACKAGES
+
+if ! [ "z$NPM_GLOBAL_INSTALL" = "z" ]; then
+	npm install -g $NPM_GLOBAL_INSTALL
+fi
+
+addgroup node
+adduser --gecos 'node' --ingroup node --disabled-password node
 
-cp /tmp/files/entrypoint /root/entrypoint
+cp /tmp/files/entrypoint /sbin/entrypoint
 
 rm -rf /tmp/files

@@ -4,14 +4,24 @@ set -ex
 
 node_home="$(getent passwd node | cut -f 6 -d :)"
 
-if [[ $GID ]]; then
-	old_gid=$(getent group node | cut -f 3 -d :)
+if [[ $GID && $GID -ne 0 ]]; then
 	groupmod -g $GID node
-	find "$node_home" -gid $old_gid -print0 | xargs -0r chgrp node
 fi
-if [[ $UID ]]; then
+if [[ $UID && $UID -ne 0 ]]; then
 	usermod -u $UID node
 fi
+
+find "$node_home" \
+	'(' -not -user node -a -not -group node -exec chown node:node '{}' + ')' -o \
+	'(' -not -user node -exec chown node '{}' + ')' -o \
+	'(' -not -group node -exec chgrp node '{}' + ')' -o \
+	-true
+
+npm -g config set http_proxy "$http_proxy"
+npm -g config set https_proxy "$http_proxy"
+sudo -u node npm config set http_proxy "$http_proxy"
+sudo -u node npm config set https_proxy "$http_proxy"
+
 if [[ -e package.json ]]; then
 	sudo -u node npm install
 fi

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+Comment: GPGTools - https://gpgtools.org
+
+mQINBFObJLYBEADkFW8HMjsoYRJQ4nCYC/6Eh0yLWHWfCh+/9ZSIj4w/pOe2V6V+
+W6DHY3kK3a+2bxrax9EqKe7uxkSKf95gfns+I9+R+RJfRpb1qvljURr54y35IZgs
+fMG22Np+TmM2RLgdFCZa18h0+RbH9i0b+ZrB9XPZmLb/h9ou7SowGqQ3wwOtT3Vy
+qmif0A2GCcjFTqWW6TXaY8eZJ9BCEqW3k/0Cjw7K/mSy/utxYiUIvZNKgaG/P8U7
+89QyvxeRxAf93YFAVzMXhoKxu12IuH4VnSwAfb8gQyxKRyiGOUwk0YoBPpqRnMmD
+Dl7SdmY3oQHEJzBelTMjTM8AjbB9mWoPBX5G8t4u47/FZ6PgdfmRg9hsKXhkLJc7
+C1btblOHNgDx19fzASWX+xOjZiKpP6MkEEzq1bilUFul6RDtxkTWsTa5TGixgCB/
+G2fK8I9JL/yQhDc6OGY9mjPOxMb5PgUlT8ox3v8wt25erWj9z30QoEBwfSg4tzLc
+Jq6N/iepQemNfo6Is+TG+JzI6vhXjlsBm/Xmz0ZiFPPObAH/vGCY5I6886vXQ7ft
+qWHYHT8jz/R4tigMGC+tvZ/kcmYBsLCCI5uSEP6JJRQQhHrCvOX0UaytItfsQfLm
+EYRd2F72o1yGh3yvWWfDIBXRmaBuIGXGpajC0JyBGSOWb9UxMNZY/2LJEwARAQAB
+tB9Ob2RlU291cmNlIDxncGdAbm9kZXNvdXJjZS5jb20+iQI4BBMBAgAiBQJTmyS2
+AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAWVaCraFdigHTmD/9OKhUy
+jJ+h8gMRg6ri5EQxOExccSRU0i7UHktecSs0DVC4lZG9AOzBe+Q36cym5Z1di6JQ
+kHl69q3zBdV3KTW+H1pdmnZlebYGz8paG9iQ/wS9gpnSeEyx0Enyi167Bzm0O4A1
+GK0prkLnz/yROHHEfHjsTgMvFwAnf9uaxwWgE1d1RitIWgJpAnp1DZ5O0uVlsPPm
+XAhuBJ32mU8S5BezPTuJJICwBlLYECGb1Y65Cil4OALU7T7sbUqfLCuaRKxuPtcU
+VnJ6/qiyPygvKZWhV6Od0Yxlyed1kftMJyYoL8kPHfeHJ+vIyt0s7cropfiwXoka
+1iJB5nKyt/eqMnPQ9aRpqkm9ABS/r7AauMA/9RALudQRHBdWIzfIg0Mlqb52yyTI
+IgQJHNGNX1T3z1XgZhI+Vi8SLFFSh8x9FeUZC6YJu0VXXj5iz+eZmk/nYjUt4Mtc
+pVsVYIB7oIDIbImODm8ggsgrIzqxOzQVP1zsCGek5U6QFc9GYrQ+Wv3/fG8hfkDn
+xXLww0OGaEQxfodm8cLFZ5b8JaG3+Yxfe7JkNclwvRimvlAjqIiW5OK0vvfHco+Y
+gANhQrlMnTx//IdZssaxvYytSHpPZTYw+qPEjbBJOLpoLrz8ZafN1uekpAqQjffI
+AOqW9SdIzq/kSHgl0bzWbPJPw86XzzftewjKNbkCDQRTmyS2ARAAxSSdQi+WpPQZ
+fOflkx9sYJa0cWzLl2w++FQnZ1Pn5F09D/kPMNh4qOsyvXWlekaV/SseDZtVziHJ
+Km6V8TBG3flmFlC3DWQfNNFwn5+pWSB8WHG4bTA5RyYEEYfpbekMtdoWW/Ro8Kmh
+41nuxZDSuBJhDeFIp0ccnN2Lp1o6XfIeDYPegyEPSSZqrudfqLrSZhStDlJgXjea
+JjW6UP6txPtYaaila9/Hn6vF87AQ5bR2dEWB/xRJzgNwRiax7KSU0xca6xAuf+TD
+xCjZ5pp2JwdCjquXLTmUnbIZ9LGV54UZ/MeiG8yVu6pxbiGnXo4Ekbk6xgi1ewLi
+vGmz4QRfVklV0dba3Zj0fRozfZ22qUHxCfDM7ad0eBXMFmHiN8hg3IUHTO+UdlX/
+aH3gADFAvSVDv0v8t6dGc6XE9Dr7mGEFnQMHO4zhM1HaS2Nh0TiL2tFLttLbfG5o
+QlxCfXX9/nasj3K9qnlEg9G3+4T7lpdPmZRRe1O8cHCI5imVg6cLIiBLPO16e0fK
+yHIgYswLdrJFfaHNYM/SWJxHpX795zn+iCwyvZSlLfH9mlegOeVmj9cyhN/VOmS3
+QRhlYXoA2z7WZTNoC6iAIlyIpMTcZr+ntaGVtFOLS6fwdBqDXjmSQu66mDKwU5Ek
+fNlbyrpzZMyFCDWEYo4AIR/18aGZBYUAEQEAAYkCHwQYAQIACQUCU5sktgIbDAAK
+CRAWVaCraFdigIPQEACcYh8rR19wMZZ/hgYv5so6Y1HcJNARuzmffQKozS/rxqec
+0xM3wceL1AIMuGhlXFeGd0wRv/RVzeZjnTGwhN1DnCDy1I66hUTgehONsfVanuP1
+PZKoL38EAxsMzdYgkYH6T9a4wJH/IPt+uuFTFFy3o8TKMvKaJk98+Jsp2X/QuNxh
+qpcIGaVbtQ1bn7m+k5Qe/fz+bFuUeXPivafLLlGc6KbdgMvSW9EVMO7yBy/2JE15
+ZJgl7lXKLQ31VQPAHT3an5IV2C/ie12eEqZWlnCiHV/wT+zhOkSpWdrheWfBT+ac
+hR4jDH80AS3F8jo3byQATJb3RoCYUCVc3u1ouhNZa5yLgYZ/iZkpk5gKjxHPudFb
+DdWjbGflN9k17VCf4Z9yAb9QMqHzHwIGXrb7ryFcuROMCLLVUp07PrTrRxnO9A/4
+xxECi0l/BzNxeU1gK88hEaNjIfviPR/h6Gq6KOcNKZ8rVFdwFpjbvwHMQBWhrqfu
+G3KaePvbnObKHXpfIKoAM7X2qfO+IFnLGTPyhFTcrl6vZBTMZTfZiC1XDQLuGUnd
+sckuXINIU3DFWzZGr0QrqkuE/jyr7FXeUJj9B7cLo+s/TXo+RaVfi3kOc9BoxIvy
+/qiNGs/TKy2/Ujqp/affmIMoMXSozKmga81JSwkADO1JMgUy6dApXz9kP4EE3g==
+=CLGF
+-----END PGP PUBLIC KEY BLOCK-----

+deb https://deb.nodesource.com/node_8.x stretch main

-FROM debian:stretch
+FROM debian:stretch-slim
 
 ARG PHPFPM_EXTRA_PACKAGES
 
@@ -8,5 +8,5 @@ RUN /tmp/files/configure
 ADD https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar /usr/local/bin/wp
 RUN ["chmod", "755", "/usr/local/bin/wp"]
 
-ENTRYPOINT ["/root/entrypoint"]
+ENTRYPOINT ["/sbin/entrypoint"]
 CMD ["/usr/sbin/php-fpm7.0", "--nodaemonize", "--force-stderr", "--fpm-config", "/etc/php/7.0/fpm/php-fpm.conf"]

@@ -7,7 +7,7 @@ apt-get install -y sudo ssmtp php7.0-fpm php7.0-mysql php7.0-curl php7.0-imagick
 rm /etc/php/7.0/fpm/pool.d/www.conf
 cp -a /tmp/files/app-defaults.conf /etc/php/7.0/fpm
 
-cp /tmp/files/entrypoint /root/entrypoint
+cp /tmp/files/entrypoint /sbin/entrypoint
 
 addgroup hostgroup
 adduser --gecos 'Host User' --ingroup hostgroup --disabled-password hostuser

@@ -4,12 +4,12 @@ set -ex
 
 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
 
-if [[ $GID ]]; then
+if [[ $GID && $GID -ne 0 ]]; then
 	old_gid=$(getent group hostgroup | cut -f 3 -d :)
 	groupmod -g $GID hostgroup
 	find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
 fi
-if [[ $UID ]]; then
+if [[ $UID && $GID -ne 0 ]]; then
 	usermod -u $UID hostuser
 fi
 mkdir -p /run/php

@@ -4,12 +4,12 @@ set -ex
 
 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
 
-if [[ $GID ]]; then
+if [[ $GID && $GID -ne 0 ]]; then
 	old_gid=$(getent group hostgroup | cut -f 3 -d :)
 	groupmod -g $GID hostgroup
 	find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
 fi
-if [[ $UID ]]; then
+if [[ $UID && $UID -ne 0 ]]; then
 	usermod -u $UID hostuser
 fi
 

+FROM debian:stretch-slim
+
+ARG POSTGRESQL_EXTRA_PACKAGES
+
+COPY files/ /tmp/files
+RUN /tmp/files/configure
+
+ENTRYPOINT ["/sbin/entrypoint"]
+CMD ["pg_ctlcluster", "9.6", "main", "start", "--foreground"]

+#!/bin/sh
+
+set -e
+
+mkdir /usr/share/man/man1 /usr/share/man/man7
+cp /tmp/files/no-suggests-recommends.conf /etc/apt/apt.conf.d/no-suggests-recommends
+apt-get update
+apt-get install -y postgresql-9.6 \
+	$POSTGRESQL_EXTRA_PACKAGES \
+	&& true
+
+rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
+
+mkdir /var/lib/container
+tar -cC /var/lib/postgresql/ . | gzip -9v > /var/lib/container/var_lib_postgresql.tar.gz
+rm -rf /var/lib/postgresql
+mkdir /var/lib/postgresql
+
+cp -a /tmp/files/entrypoint /sbin
+
+rm -rf /tmp/files

+#!/bin/bash
+
+set -ex
+
+if [[ $(find /var/lib/postgresql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
+	zcat /var/lib/container/var_lib_postgresql.tar.gz | tar xf - -C /var/lib/postgresql
+fi
+
+postgres_home="$(getent passwd postgres | cut -f 6 -d :)"
+
+if [[ $GID && $GID -ne 0 ]]; then
+	old_gid=$(getent group postgres | cut -f 3 -d :)
+	groupmod -g $GID postgres
+	find "$postgres_home" /etc/postgresql /var/run/postgresql -gid $old_gid -print0 | xargs -0r chgrp postgres
+fi
+
+if [[ $UID && $UID -ne 0 ]]; then
+	old_uid=$(getent passwd postgres | cut -f 3 -d :)
+	usermod -u $UID postgres
+	find /etc/postgresql /var/run/postgresql -uid $old_uid -print0 | xargs -0r chown postgres
+fi
+
+exec "$@"

+APT::Install-Suggests false;
+APT::Install-Recommends false;

+FROM debian:stretch-slim
+
+COPY files/ /tmp/files/
+RUN /tmp/files/configure
+
+ENTRYPOINT ["/sbin/entrypoint"]
+VOLUME "/data"
+CMD ["sudo", "-u", "redis", "redis-server", "/etc/redis/redis.conf"],

+#!/bin/sh
+
+set -e
+apt-get update
+apt-get install -y sudo ssmtp redis-server
+
+cp /tmp/files/entrypoint /sbin/entrypoint
+
+rm -rf /tmp/files

+#!/bin/bash
+
+set -ex
+
+TARGET_GROUP=redis
+TARGET_USER=redis
+
+target_home="$(getent passwd "$TARGET_USER" | cut -f 6 -d :)"
+
+if [[ $GID && $GID -ne 0 ]]; then
+	groupmod -g $GID "$TARGET_GROUP"
+fi
+if [[ $UID && $UID -ne 0 ]]; then
+	usermod -u $UID "$TARGET_USER"
+fi
+
+find "$target_home" \
+	'(' -not -user "$TARGET_USER" -a -not -group "$TARGET_GROUP" -exec chown "$TARGET_USER:$TARGET_GROUP" '{}' + ')' -o \
+	'(' -not -user "$TARGET_USER" -exec chown "$TARGET_USER" '{}' + ')' -o \
+	'(' -not -group "$TARGET_GROUP" -exec chgrp "$TARGET_GROUP" '{}' + ')' -o \
+	-true
+
+exec "$@"

@@ -4,12 +4,12 @@ set -ex
 
 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
 
-if [[ $GID ]]; then
+if [[ $GID && $GID -ne 0 ]]; then
 	old_gid=$(getent group hostgroup | cut -f 3 -d :)
 	groupmod -g $GID hostgroup
 	find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
 fi
-if [[ $UID ]]; then
+if [[ $UID && $UID -ne 0 ]]; then
 	usermod -u $UID hostuser
 fi