simplify uid/gid mapping

1 month ago · d2eb6a16fb
11 changed files with 44 additions and 66 deletions
--- a/nextcloud/nextcloud-app.container
+++ b/nextcloud/nextcloud-app.container
@ -21,12 +21,10 @@ User=www-data
 Group=www-data

 # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
-UIDMap=0:1000000:82
-UIDMap=82:10008:1
-UIDMap=83:1000083:65453
-GIDMap=0:1000000:82
-GIDMap=82:10000:1
-GIDMap=83:1000083:65453
+UIDMap=0:1000000:65535
+UIDMap=+82:10008:1
+GIDMap=0:1000000:65535
+GIDMap=+82:10000:1

 # Network configuration
 Network=host
--- a/nextcloud/nextcloud-collabora.container
+++ b/nextcloud/nextcloud-collabora.container
@ -18,12 +18,10 @@ User=1001
 Group=1001

 # UID/GID mapping to map the 1001 user inside the container to arbitrary user 10016 / group 10000 on the host
-UIDMap=0:1000000:1001
-UIDMap=1001:10016:1
-UIDMap=1002:1001002:64534
-GIDMap=0:1000000:1001
-GIDMap=1001:10000:1
-GIDMap=1002:1001002:64534
+UIDMap=0:1000000:65535
+UIDMap=+1001:10016:1
+GIDMap=0:1000000:65535
+GIDMap=+1001:10000:1

 # Security
 SeccompProfile=/etc/quadlets/nextcloud/collabora-seccomp-profile.json
--- a/nextcloud/nextcloud-cron.container
+++ b/nextcloud/nextcloud-cron.container
@ -18,12 +18,10 @@ User=www-data
 Group=www-data

 # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
-UIDMap=0:1000000:82
-UIDMap=82:10008:1
-UIDMap=83:1000083:65453
-GIDMap=0:1000000:82
-GIDMap=82:10000:1
-GIDMap=83:1000083:65453
+UIDMap=0:1000000:65535
+UIDMap=+82:10008:1
+GIDMap=0:1000000:65535
+GIDMap=+82:10000:1

 # Network configuration
 Network=host
--- a/nextcloud/nextcloud-init.container
+++ b/nextcloud/nextcloud-init.container
@ -22,12 +22,10 @@ User=www-data
 Group=www-data

 # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
-UIDMap=0:1000000:82
-UIDMap=82:10008:1
-UIDMap=83:1000083:65453
-GIDMap=0:1000000:82
-GIDMap=82:10000:1
-GIDMap=83:1000083:65453
+UIDMap=0:1000000:65535
+UIDMap=+82:10008:1
+GIDMap=0:1000000:65535
+GIDMap=+82:10000:1

 # Network configuration
 Network=host
--- a/nextcloud/nextcloud-nginx.container
+++ b/nextcloud/nextcloud-nginx.container
@ -23,12 +23,10 @@ User=nginx
 Group=nginx

 # UID/GID mapping to map the nginx (101) user inside the container to arbitrary user 10008 / group 10000 on the host
-UIDMap=0:1000000:101
-UIDMap=101:10008:1
-UIDMap=102:1000102:65434
-GIDMap=0:1000000:101
-GIDMap=101:10000:1
-GIDMap=102:1000102:65434
+UIDMap=0:1000000:65535
+UIDMap=+101:10008:1
+GIDMap=0:1000000:65535
+GIDMap=+101:10000:1

 # Volume mounts
 Volume=/var/lib/virtiofs/data/nextcloud:/var/www/html:z
--- a/nextcloud/nextcloud-redis.container
+++ b/nextcloud/nextcloud-redis.container
@ -24,12 +24,10 @@ User=redis
 Group=redis

 # UID/GID mapping to map the redis (999) user / redis (1000) group inside the container to arbitrary user 10008 / group 10000 on the host
-UIDMap=0:1000000:999
-UIDMap=999:10008:1
-UIDMap=1000:1001000:64536
-GIDMap=0:1000000:1000
-GIDMap=1000:10000:1
-GIDMap=1001:1001001:64535
+UIDMap=0:1000000:65535
+UIDMap=+999:10008:1
+GIDMap=0:1000000:65535
+GIDMap=+1000:10000:1

 # Environment variables
 Environment=REDISCLI_AUTH=${REDIS_HOST_PASSWORD}
--- a/nextcloud/nextcloud-upgrade.container
+++ b/nextcloud/nextcloud-upgrade.container
@ -22,12 +22,10 @@ User=www-data
 Group=www-data

 # UID/GID mapping to map the www-data (82) user inside the container to arbitrary user 10008 / group 10000 on the host
-UIDMap=0:1000000:82
-UIDMap=82:10008:1
-UIDMap=83:1000083:65453
-GIDMap=0:1000000:82
-GIDMap=82:10000:1
-GIDMap=83:1000083:65453
+UIDMap=0:1000000:65535
+UIDMap=+82:10008:1
+GIDMap=0:1000000:65535
+GIDMap=+82:10000:1

 # Network configuration
 Network=host
--- a/postgresql/postgresql-backup.container
+++ b/postgresql/postgresql-backup.container
@ -25,12 +25,10 @@ User=postgres
 Group=postgres

 # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
-UIDMap=0:1000000:70
-UIDMap=70:10004:1
-UIDMap=71:1000071:65465
-GIDMap=0:1000000:70
-GIDMap=70:10000:1
-GIDMap=71:1000071:65465
+UIDMap=0:1000000:65535
+UIDMap=+70:10004:1
+GIDMap=0:1000000:65535
+GIDMap=+70:10000:1

 # Avoid issues with built-in volumes being created by root
 PodmanArgs=--image-volume=ignore
--- a/postgresql/postgresql-init.container
+++ b/postgresql/postgresql-init.container
@ -37,12 +37,10 @@ User=postgres
 Group=postgres

 # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
-UIDMap=0:1000000:70
-UIDMap=70:10004:1
-UIDMap=71:1000071:65465
-GIDMap=0:1000000:70
-GIDMap=70:10000:1
-GIDMap=71:1000071:65465
+UIDMap=0:1000000:65535
+UIDMap=+70:10004:1
+GIDMap=0:1000000:65535
+GIDMap=+70:10000:1

 # Avoid issues with built-in volumes being created by root
 PodmanArgs=--image-volume=ignore
--- a/postgresql/postgresql-server.container
+++ b/postgresql/postgresql-server.container
@ -42,12 +42,10 @@ User=postgres
 Group=postgres

 # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
-UIDMap=0:1000000:70
-UIDMap=70:10004:1
-UIDMap=71:1000071:65465
-GIDMap=0:1000000:70
-GIDMap=70:10000:1
-GIDMap=71:1000071:65465
+UIDMap=0:1000000:65535
+UIDMap=+70:10004:1
+GIDMap=0:1000000:65535
+GIDMap=+70:10000:1

 # Avoid issues with built-in volumes being created by root
 PodmanArgs=--image-volume=ignore
--- a/postgresql/postgresql-upgrade.container
+++ b/postgresql/postgresql-upgrade.container
@ -33,12 +33,10 @@ User=postgres
 Group=postgres

 # UID/GID mapping to map the postgres (70) user inside the container to arbitrary user 10004 / group 10000 on the host
-UIDMap=0:1000000:70
-UIDMap=70:10004:1
-UIDMap=71:1000071:65465
-GIDMap=0:1000000:70
-GIDMap=70:10000:1
-GIDMap=71:1000071:65465
+UIDMap=0:1000000:65535
+UIDMap=+70:10004:1
+GIDMap=0:1000000:65535
+GIDMap=+70:10000:1

 # Avoid issues with built-in volumes being created by root
 PodmanArgs=--image-volume=ignore