docker: image: Run cron jobs with root privileges. (#98)

docker-compose.yml

@@ -6,5 +6,6 @@ services:
       SECRETS_FOR_DYNACONF: /etc/xdg/mobilizon-reshare/0.1.0/.secrets.toml
       ENV_FOR_DYNACONF: production
     volumes:
-      - ./etc:/etc/xdg/mobilizon-reshare/0.1.0
+      - ./.secrets.toml:/etc/xdg/mobilizon-reshare/0.1.0/.secrets.toml:ro
+      - ./mobilizon_reshare.toml:/etc/xdg/mobilizon-reshare/0.1.0/mobilizon_reshare.toml:ro
       - ./var:/var/lib/mobilizon-reshare

docker/image-debug.scm

@@ -0,0 +1,26 @@
+(define-module (docker image-debug)
+  #:use-module (gnu)
+  #:use-module (gnu packages base)          ;; for coreutils
+  #:use-module (gnu packages bash)          ;; for bash
+  #:use-module (gnu packages gawk)          ;; for gawk
+  #:use-module (gnu packages less)          ;; for less
+  #:use-module (gnu services base)          ;; for special-file-service-type
+  #:use-module (docker image))          ;; for special-file-service-type
+
+(operating-system
+  (inherit mobilizon-reshare-docker-image)
+  (packages
+   (list
+    coreutils
+    findutils
+    less
+    grep
+    gawk
+    sed))
+
+  (services
+    (append
+     %mobilizon-reshare-services
+     (list
+      (service special-files-service-type
+               `(("/bin/sh" ,(file-append bash "/bin/bash"))))))))

docker/image.scm

@@ -1,24 +1,28 @@
 (define-module (docker image)
   #:use-module (gnu)
-  #:use-module (gnu packages admin)         ;; for shadow
-  #:use-module (gnu packages base)          ;; for coreutils
-  #:use-module (gnu packages bash)          ;; for bash
-  #:use-module (gnu packages gawk)          ;; for gawk
-  #:use-module (gnu packages less)          ;; for less
   #:use-module (guix gexp)                  ;; for #$ and #~
   #:use-module (docker mobilizon-reshare)   ;; for mobilizon-reshare.git
   #:use-module (docker service)             ;; for mobilizon-reshare-service-type
-  #:use-module (gnu services base)          ;; for special-file-service-type
   #:use-module (gnu services mcron))        ;; for mcron
 
 (define mobilizon-reshare-job
   ;; Run mobilizon-reshare every 15th minute.
   #~(job "*/15 * * * *"
-         (string-append #$mobilizon-reshare.git "/bin/mobilizon-reshare start")
+         (string-append
+          #$mobilizon-reshare.git
+          "/bin/mobilizon-reshare start > /proc/1/fd/1 2>/proc/1/fd/2")
          "mobilizon-reshare-start"
-         #:user "mobilizon-reshare"))
+         #:user "root"))
 
-(define mobilizon-reshare-docker-image
+(define-public %mobilizon-reshare-services
+  (list
+    (service mobilizon-reshare-service-type)
+    (service mcron-service-type)
+    (simple-service 'mobilizon-reshare-cron-jobs
+                    mcron-service-type
+                    (list mobilizon-reshare-job))))
+
+(define-public mobilizon-reshare-docker-image
   (operating-system
     (locale "it_IT.utf8")
     (timezone "Europe/Rome")
@@ -39,22 +43,9 @@
     (host-name "mobilizon-reshare-scheduler")
 
     (packages
-     (list
-      coreutils
-      findutils
-      less
-      grep
-      gawk
-      sed))
+     (list))
 
     (services
-     (list
-      (service mobilizon-reshare-service-type)
-      (service special-files-service-type
-               `(("/bin/sh" ,(file-append bash "/bin/bash"))))
-      (service mcron-service-type)
-      (simple-service 'mobilizon-reshare-cron-jobs
-                      mcron-service-type
-                      (list mobilizon-reshare-job))))))
+     %mobilizon-reshare-services)))
 
 mobilizon-reshare-docker-image

docker/service.scm

@@ -23,6 +23,7 @@
                 (name "mobilizon-reshare")
                 (comment "Mobilizon Reshare's Service Account")
                 (group "mobilizon-reshare")
+                (supplementary-groups '("tty"))
                 (system? #t)
                 (home-directory "/var/empty")
                 (shell (file-append shadow "/sbin/nologin")))))