fix(cli): ensure user is allowed to run docker commands before starting

.github/workflows/alpha-release.yml

@@ -138,7 +138,7 @@ jobs:
 
   publish-release:
     runs-on: ubuntu-latest
-    needs: [create-tag, build-images, build-cli]
+    needs: [create-tag, build-images, build-cli, build-worker]
 
     steps:
       - name: Download CLI

packages/cli/assets/docker-compose.yml

@@ -6,8 +6,8 @@ services:
     image: traefik:v2.8
     restart: on-failure
     ports:
-      - ${NGINX_PORT-80}:80
-      - ${NGINX_PORT_SSL-443}:443
+      - ${NGINX_PORT:-80}:80
+      - ${NGINX_PORT_SSL:-443}:443
     command: --providers.docker
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
@@ -22,7 +22,7 @@ services:
     restart: on-failure
     stop_grace_period: 1m
     ports:
-      - ${POSTGRES_PORT-5432}:5432
+      - ${POSTGRES_PORT:-5432}:5432
     volumes:
       - ./data/postgres:/var/lib/postgresql/data
     environment:
@@ -74,17 +74,20 @@ services:
     environment:
       NODE_ENV: production
     volumes:
+      # Core
       - /:/host/root:ro
       - /proc:/host/proc
       - /var/run/docker.sock:/var/run/docker.sock
-      - ${PWD}/.env:/app/.env
-      - ${PWD}/state:/app/state
-      - ${PWD}/repos:/app/repos
-      - ${PWD}/apps:/app/apps
-      - ${STORAGE_PATH:-$PWD}/app-data:/storage/app-data
-      - ${PWD}/logs:/app/logs
-      - ${PWD}/traefik:/app/traefik
-      - ${PWD}/user-config:/app/user-config
+      # App
+      - ./.env:/app/.env
+      - ./state:/app/state
+      - ./repos:/app/repos
+      - ./apps:/app/apps
+      - ./logs:/app/logs
+      - ./traefik:/app/traefik
+      - ./user-config:/app/user-config
+      - ./media:/app/media
+      - ${STORAGE_PATH:-.}:/storage
     networks:
       - tipi_main_network
 
@@ -99,18 +102,19 @@ services:
         condition: service_healthy
       tipi-redis:
         condition: service_healthy
-    env_file:
-      - .env
-    environment:
-      NODE_ENV: production
+      tipi-worker:
+        condition: service_healthy
     volumes:
       - ./.env:/runtipi/.env
       - ./state:/runtipi/state
       - ./repos:/runtipi/repos:ro
       - ./apps:/runtipi/apps
       - ./logs:/app/logs
-      - ./traefik:/runtipi/traefik
-      - ${STORAGE_PATH}:/app/storage
+      - ${STORAGE_PATH:-.}:/app/storage
+    env_file:
+      - .env
+    environment:
+      NODE_ENV: production
     labels:
       # Main
       traefik.enable: true

packages/cli/src/executors/system/system.executors.ts

@@ -97,6 +97,17 @@ export class SystemExecutors {
     try {
       await this.logger.flush();
 
+      // Check if user is in docker group
+      spinner.setMessage('Checking docker permissions...');
+      spinner.start();
+      const { stdout: dockerVersion } = await execAsync('docker --version');
+
+      if (!dockerVersion) {
+        spinner.fail('Your user is not allowed to run docker commands. Please add your user to the docker group or run Tipi as root.');
+        return { success: false, message: 'You need to be in the docker group to run Tipi' };
+      }
+      spinner.done('User allowed to run docker commands');
+
       spinner.setMessage('Copying system files...');
       spinner.start();
 

packages/worker/src/index.ts

@@ -67,7 +67,7 @@ const main = async () => {
     // Start all apps
     const appExecutor = new AppExecutors();
     logger.info('Starting all apps...');
-    await appExecutor.startAllApps();
+    appExecutor.startAllApps();
 
     const server = http.createServer((req, res) => {
       if (req.url === '/healthcheck') {

scripts/install.sh

@@ -74,6 +74,7 @@ function install_generic() {
 function install_docker() {
   local os="${1}"
   echo "Installing docker for os ${os}"
+  echo "Your sudo password might be asked to install docker"
 
   if [[ "${os}" == "debian" ]]; then
     sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ca-certificates curl gnupg lsb-release
@@ -134,6 +135,14 @@ if ! command -v docker >/dev/null; then
       exit 1
     fi
   fi
+
+  # Make sure user is in docker group
+  if ! groups | grep -q '\bdocker\b'; then
+    sudo usermod -aG docker "$USER"
+  fi
+
+  # Reload user groups
+  newgrp docker
 fi
 
 function check_dependency_and_install() {
@@ -185,10 +194,4 @@ fi
 curl --location "$URL" -o ./runtipi-cli
 chmod +x ./runtipi-cli
 
-# Check if git is installed
-if ! command -v git >/dev/null; then
-  echo "Git is not installed. Please install git and restart the script."
-  exit 1
-fi
-
-sudo ./runtipi-cli start
+./runtipi-cli start