From 6e8d31ecee785eb00c44f643c3e24c50a5880fd0 Mon Sep 17 00:00:00 2001
From: Stavros kois <s.kois@outlook.com>
Date: Fri, 10 Nov 2023 18:16:56 +0200
Subject: [PATCH] rootless api

---
 library/ix-dev/community/vikunja/Chart.yaml   |  2 +-
 .../community/vikunja/ci/extra-values.yaml    | 23 +++++++++++++++++
 .../ix-dev/community/vikunja/metadata.yaml    | 18 +++++--------
 .../ix-dev/community/vikunja/questions.yaml   | 25 +++++++++++++++++++
 .../vikunja/templates/_vikunja_api.tpl        | 15 ++++++-----
 library/ix-dev/community/vikunja/values.yaml  |  4 +++
 6 files changed, 66 insertions(+), 21 deletions(-)
 create mode 100644 library/ix-dev/community/vikunja/ci/extra-values.yaml

diff --git a/library/ix-dev/community/vikunja/Chart.yaml b/library/ix-dev/community/vikunja/Chart.yaml
index 2a74c7dcca..58b7ba01ce 100644
--- a/library/ix-dev/community/vikunja/Chart.yaml
+++ b/library/ix-dev/community/vikunja/Chart.yaml
@@ -5,7 +5,7 @@ annotations:
 type: application
 version: 1.0.0
 apiVersion: v2
-appVersion: latest
+appVersion: 0.21.0
 kubeVersion: '>=1.16.0-0'
 maintainers:
   - name: truenas
diff --git a/library/ix-dev/community/vikunja/ci/extra-values.yaml b/library/ix-dev/community/vikunja/ci/extra-values.yaml
new file mode 100644
index 0000000000..97c9fb7859
--- /dev/null
+++ b/library/ix-dev/community/vikunja/ci/extra-values.yaml
@@ -0,0 +1,23 @@
+vikunjaNetwork:
+  webPort: 31000
+
+vikunjaConfig:
+  url: http://localhost:31000
+  maxFileSize: 20
+
+vikunjaRunAs:
+  user: 1000
+  group: 1000
+
+vikunjaStorage:
+  data:
+    type: pvc
+  pgData:
+    type: pvc
+  pgBackup:
+    type: emptyDir
+  additionalStorages:
+  - type: pvc
+    mountPath: /data1
+  - type: pvc
+    mountPath: /data2
diff --git a/library/ix-dev/community/vikunja/metadata.yaml b/library/ix-dev/community/vikunja/metadata.yaml
index 204f7ea486..f9d4033de1 100644
--- a/library/ix-dev/community/vikunja/metadata.yaml
+++ b/library/ix-dev/community/vikunja/metadata.yaml
@@ -1,9 +1,9 @@
 runAsContext:
-  - userName: root
-    groupName: root
-    gid: 0
-    uid: 0
-    description: Vikunja API runs as root user.
+  - userName: vikunja
+    groupName: vikunja
+    gid: 568
+    uid: 568
+    description: Vikunja API can run as any non-root user
   - userName: nginx
     groupName: nginx
     gid: 101
@@ -19,11 +19,5 @@ runAsContext:
     gid: 999
     uid: 999
     description: Postgres runs as a non-root user.
-capabilities:
-  - name: CHOWN
-    description: Vikunka API is able to chown files.
-  - name: SETGID
-    description: Vikunka API is able to set group ID for it's sub-processes.
-  - name: SETUID
-    description: Vikunka API is able to set user ID for it's sub-processes.
+capabilities: []
 hostMounts: []
diff --git a/library/ix-dev/community/vikunja/questions.yaml b/library/ix-dev/community/vikunja/questions.yaml
index 1b15c15735..b3e580e0ea 100644
--- a/library/ix-dev/community/vikunja/questions.yaml
+++ b/library/ix-dev/community/vikunja/questions.yaml
@@ -1,6 +1,8 @@
 groups:
   - name: Vikunja Configuration
     description: Configure Vikunja
+  - name: User and Group Configuration
+    description: Configure User and Group for Vikunja
   - name: Network Configuration
     description: Configure Network for Vikunja
   - name: Storage Configuration
@@ -77,6 +79,29 @@ questions:
                         type: string
                         required: true
 
+  - variable: vikunjaRunAs
+    label: ""
+    group: User and Group Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: user
+          label: User ID
+          description: The user id that Vikunja will run as.
+          schema:
+            type: int
+            min: 2
+            default: 568
+            required: true
+        - variable: group
+          label: Group ID
+          description: The group id that Vikunja will run as.
+          schema:
+            type: int
+            min: 2
+            default: 568
+            required: true
+
   - variable: vikunjaNetwork
     label: ""
     group: Network Configuration
diff --git a/library/ix-dev/community/vikunja/templates/_vikunja_api.tpl b/library/ix-dev/community/vikunja/templates/_vikunja_api.tpl
index 791ab3b3e7..1f8b1d7406 100644
--- a/library/ix-dev/community/vikunja/templates/_vikunja_api.tpl
+++ b/library/ix-dev/community/vikunja/templates/_vikunja_api.tpl
@@ -12,15 +12,14 @@ workload:
           primary: true
           imageSelector: image
           securityContext:
-            runAsUser: 0
-            runAsGroup: 0
+            runAsUser: {{ .Values.vikunjaRunAs.user }}
+            runAsGroup: {{ .Values.vikunjaRunAs.group }}
             runAsNonRoot: false
-            readOnlyRootFilesystem: false
-            capabilities:
-              add:
-                - CHOWN
-                - SETGID
-                - SETUID
+
+          env:
+            # Make vikunja skip user creation
+            PUID: ""
+            PGID: ""
           envFrom:
             - secretRef:
                 name: vikunja-creds
diff --git a/library/ix-dev/community/vikunja/values.yaml b/library/ix-dev/community/vikunja/values.yaml
index dcd59d5dc9..ac430bcd6c 100644
--- a/library/ix-dev/community/vikunja/values.yaml
+++ b/library/ix-dev/community/vikunja/values.yaml
@@ -21,6 +21,10 @@ vikunjaConfig:
   maxFileSize: 20
   additionalEnvs: []
 
+vikunjaRunAs:
+  user: 568
+  group: 568
+
 vikunjaNetwork:
   webPort: 31002