cleanup .env.docker variable names and placement in the file

.env.docker

@@ -1,3 +1,4 @@
+#!/bin/bash
 # -*- mode: bash -*-
 # vi: ft=bash
 
@@ -7,19 +8,6 @@
 # Pixelfed application configuration
 ################################################################################
 
-# The docker tag prefix to use for pulling images, can be one of
-#
-#  * latest
-#  * <some semver release>
-#  * staging
-#  * edge
-#  * branch-<some branch name>
-#  * pr-<some merge request id>
-#
-# Combined with [DOCKER_RUNTIME] and [PHP_VERSION] configured
-# elsewhere in this file, the final Docker tag is computed.
-PIXELFED_RELEASE="branch-jippi-fork"
-
 # A random 32-character string to be used as an encryption key.
 #
 # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@@ -207,7 +195,7 @@ APP_TIMEZONE="UTC"
 # Defaults to "Pixelfed - Photo sharing for everyone".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#instance_description
-#INSTANCE_DESCRIPTION=
+#INSTANCE_DESCRIPTION=""
 
 # Defaults to "false".
 #
@@ -227,7 +215,7 @@ INSTANCE_CONTACT_EMAIL="admin@${APP_DOMAIN}"
 # Defaults to "".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#banned_usernames
-#BANNED_USERNAMES=
+#BANNED_USERNAMES=""
 
 # Defaults to "false".
 #
@@ -263,7 +251,7 @@ LETSENCRYPT_EMAIL="__CHANGE_ME__"
 # Database version to use (as Docker tag)
 #
 # See: https://hub.docker.com/_/mariadb
-#DB_VERSION="11.2"
+DB_VERSION="11.2"
 
 # Here you may specify which of the database connections below
 # you wish to use as your default connection for all database work.
@@ -361,12 +349,12 @@ MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}"
 # Defaults to "".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#mail_username
-#MAIL_USERNAME=
+#MAIL_USERNAME=""
 
 # Defaults to "".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#mail_password
-#MAIL_PASSWORD=
+#MAIL_PASSWORD=""
 
 # Here you may specify the encryption protocol that should be used when the application send e-mail messages.
 #
@@ -381,11 +369,6 @@ MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}"
 # Redis configuration
 ################################################################################
 
-# Redis version to use as Docker tag
-#
-# See: https://hub.docker.com/_/redis
-#REDIS_VERSION="7.2"
-
 # Defaults to "phpredis".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#redis_client
@@ -401,17 +384,17 @@ MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}"
 # See: https://docs.pixelfed.org/technical-documentation/config/#redis_host
 REDIS_HOST="redis"
 
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#redis_password
 #REDIS_PASSWORD=
 
-# Defaults to 6379.
+# Defaults to "6379".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#redis_port
-#REDIS_PORT="6379"
+REDIS_PORT="6379"
 
-# Defaults to 0.
+# Defaults to "0".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#redis_database
 #REDIS_DATABASE="0"
@@ -595,26 +578,26 @@ ACTIVITY_PUB="true"
 #MEDIA_DELETE_LOCAL_AFTER_CLOUD="true"
 
 ################################################################################
-# Storage (cloud) - S3 andS S3 *compatible* providers (most of them)
+# Storage (cloud) - S3 andS S3 *compatible* providers
 ################################################################################
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#aws_access_key_id
-#AWS_ACCESS_KEY_ID=
+#AWS_ACCESS_KEY_ID=""
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#aws_secret_access_key
-#AWS_SECRET_ACCESS_KEY=
+#AWS_SECRET_ACCESS_KEY=""
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#aws_default_region
-#AWS_DEFAULT_REGION=
+#AWS_DEFAULT_REGION=""
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#aws_bucket
-#AWS_BUCKET=
+#AWS_BUCKET=""
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#aws_url
-#AWS_URL=
+#AWS_URL=""
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#aws_endpoint
-#AWS_ENDPOINT=
+#AWS_ENDPOINT=""
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#aws_use_path_style_endpoint
 #AWS_USE_PATH_STYLE_ENDPOINT="false"
@@ -625,60 +608,60 @@ ACTIVITY_PUB="true"
 
 # Comma-separated list of domains to block.
 #
-# Defaults to null
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_domains
-#CS_BLOCKED_DOMAINS=
+#CS_BLOCKED_DOMAINS=""
 
 # Comma-separated list of domains to add warnings.
 #
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_domains
-#CS_CW_DOMAINS=
+#CS_CW_DOMAINS=""
 
 # Comma-separated list of domains to remove from public timelines.
 #
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_domains
-#CS_UNLISTED_DOMAINS=
+#CS_UNLISTED_DOMAINS=""
 
 # Comma-separated list of keywords to block.
 #
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_keywords
-#CS_BLOCKED_KEYWORDS=
+#CS_BLOCKED_KEYWORDS=""
 
 # Comma-separated list of keywords to add warnings.
 #
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_keywords
-#CS_CW_KEYWORDS=
+#CS_CW_KEYWORDS=""
 
 # Comma-separated list of keywords to remove from public timelines.
 #
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_keywords
-#CS_UNLISTED_KEYWORDS=
+#CS_UNLISTED_KEYWORDS=""
 
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_actor
-#CS_BLOCKED_ACTOR=
+#CS_BLOCKED_ACTOR=""
 
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_actor
-#CS_CW_ACTOR=
+#CS_CW_ACTOR=""
 
-# Defaults to null.
+# Defaults to null (not set/commented out).
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_actor
-#CS_UNLISTED_ACTOR=
+#CS_UNLISTED_ACTOR=""
 
 ###############################################################
 # Media
@@ -730,14 +713,14 @@ LOG_CHANNEL="stderr"
 # Defaults to "".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#log_stderr_formatter
-#LOG_STDERR_FORMATTER=
+#LOG_STDERR_FORMATTER=""
 
 # Used by slack.
 #
 # Defaults to "".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#log_slack_webhook_url
-#LOG_SLACK_WEBHOOK_URL=
+#LOG_SLACK_WEBHOOK_URL=""
 
 ###############################################################
 # Broadcasting settings
@@ -795,7 +778,7 @@ QUEUE_DRIVER="redis"
 # Defaults to "https://sqs.us-east-1.amazonaws.com/your-account-id".
 #
 # See: https://docs.pixelfed.org/technical-documentation/config/#sqs_prefix
-#SQS_PREFIX=
+#SQS_PREFIX=""
 
 # Defaults to "your-queue-name".
 #
@@ -879,60 +862,18 @@ TRUST_PROXIES="*"
 # variables when that is more convenient.
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#passport_private_key
-#PASSPORT_PRIVATE_KEY=
+#PASSPORT_PRIVATE_KEY=""
 
 # See: https://docs.pixelfed.org/technical-documentation/config/#passport_public_key
-#PASSPORT_PUBLIC_KEY=
+#PASSPORT_PUBLIC_KEY=""
 
 ###############################################################
 # PHP configuration
 ###############################################################
 
-# The PHP version to use for [web] and [worker] container
-#
-# Any version published on https://hub.docker.com/_/php should work
-#
-# Example:
-#
-#   * 8.1
-#   * 8.2
-#   * 8.2.14
-#   * latest
-#
-# Do *NOT* use the full Docker tag (e.g. "8.3.2RC1-fpm-bullseye")
-# *only* the version part. The rest of the full tag is derived from
-# the [DOCKER_RUNTIME] and [PHP_DEBIAN_RELEASE] settings
-PHP_VERSION="8.1"
-
 # See: https://www.php.net/manual/en/ini.core.php#ini.memory-limit
 #PHP_MEMORY_LIMIT="128M"
 
-# The Debian release variant to use of the [php] Docker image
-#PHP_DEBIAN_RELEASE="bullseye"
-
-# The [php] Docker image base type
-#
-# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/runtimes.md
-#PHP_BASE_TYPE="apache"
-
-# List of extra APT packages (separated by space) to install when building
-# locally using [docker compose build].
-#
-# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md
-#APT_PACKAGES_EXTRA=""
-
-# List of *extra* PECL extensions (separated by space) to install when
-# building locally using [docker compose build].
-#
-# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md
-#PHP_PECL_EXTENSIONS_EXTRA=""
-
-# List of *extra* PHP extensions (separated by space) to install when
-# building locally using [docker compose build].
-#
-# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md
-#PHP_EXTENSIONS_EXTRA=""
-
 ################################################################################
 # Other configuration
 ################################################################################
@@ -951,8 +892,63 @@ PHP_VERSION="8.1"
 TZ="${APP_TIMEZONE}"
 
 ################################################################################
-# Docker Specific configuration
+# Docker configuraton for *all* services
+################################################################################
+
+# Prefix for container names (without any dash at the end)
+DOCKER_ALL_CONTAINER_NAME_PREFIX="${APP_DOMAIN}"
+
+# How often Docker health check should run for all services
+#
+# Can be overridden by individual [DOCKER_*_HEALTHCHECK_INTERVAL] settings further down
+DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL="10s"
+
+# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their data
+DOCKER_ALL_HOST_DATA_ROOT_PATH="./docker-compose-state/data"
+
+# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their confguration
+DOCKER_ALL_HOST_CONFIG_ROOT_PATH="./docker-compose-state/config"
+
 ################################################################################
+# Docker [web] + [worker] (also know as "app") shared service configuration
+################################################################################
+
+# The docker tag prefix to use for pulling images, can be one of
+#
+#  * latest
+#  * <some semver release>
+#  * staging
+#  * edge
+#  * branch-<some branch name>
+#  * pr-<some merge request id>
+#
+# Combined with [DOCKER_APP_RUNTIME] and [PHP_VERSION] configured
+# elsewhere in this file, the final Docker tag is computed.
+DOCKER_APP_RELEASE="branch-jippi-fork"
+
+# The PHP version to use for [web] and [worker] container
+#
+# Any version published on https://hub.docker.com/_/php should work
+#
+# Example:
+#
+#   * 8.1
+#   * 8.2
+#   * 8.2.14
+#   * latest
+#
+# Do *NOT* use the full Docker tag (e.g. "8.3.2RC1-fpm-bullseye")
+# *only* the version part. The rest of the full tag is derived from
+# the [DOCKER_APP_RUNTIME] and [PHP_DEBIAN_RELEASE] settings
+DOCKER_APP_PHP_VERSION="8.2"
+
+# The [php] Docker image base type
+#
+# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/runtimes.md
+DOCKER_APP_BASE_TYPE="apache"
+
+# The Debian release variant to use of the [php] Docker image
+DOCKER_APP_DEBIAN_RELEASE="bullseye"
 
 # Image to pull the Pixelfed Docker images from.
 #
@@ -962,129 +958,176 @@ TZ="${APP_TIMEZONE}"
 #   * "pixelfed/pixelfed"         to pull from DockerHub
 #   * "your/fork"                 to pull from a custom fork
 #
-DOCKER_IMAGE="ghcr.io/jippi/pixelfed"
+DOCKER_APP_IMAGE="ghcr.io/jippi/pixelfed"
 
 # The container runtime to use.
 #
 # See: https://github.com/jippi/pixelfed/blob/jippi-fork/docker/runtimes.md
-DOCKER_RUNTIME="apache"
+DOCKER_APP_RUNTIME="apache"
 
 # Pixelfed version (image tag) to pull from the registry.
 #
 # See: https://github.com/pixelfed/pixelfed/pkgs/container/pixelfed
-DOCKER_TAG="${PIXELFED_RELEASE}-${DOCKER_RUNTIME}-${PHP_VERSION}"
-
-# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their data
-DOCKER_DATA_ROOT="./docker-compose-state/data"
-
-# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their confguration
-DOCKER_CONFIG_ROOT="./docker-compose-state/config"
-
-# Path (on host system) where the [db] container will store its data
-#
-# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path)
-DOCKER_DB_DATA_PATH="${DOCKER_DATA_ROOT}/db"
-
-# Path (on host system) where the [redis] container will store its data
-#
-# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path)
-DOCKER_REDIS_DATA_PATH="${DOCKER_DATA_ROOT}/redis"
+DOCKER_APP_TAG="${DOCKER_APP_RELEASE}-${DOCKER_APP_RUNTIME}-${DOCKER_APP_PHP_VERSION}"
 
 # Path (on host system) where the [app] + [worker] container will write
 # its [storage] data (e.g uploads/images/profile pictures etc.).
 #
 # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path)
-DOCKER_APP_STORAGE_PATH="${DOCKER_DATA_ROOT}/pixelfed/storage"
+DOCKER_APP_HOST_STORAGE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/storage"
 
 # Path (on host system) where the [app] + [worker] container will write
 # its [cache] data.
 #
 # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path)
-DOCKER_APP_CACHE_PATH="${DOCKER_DATA_ROOT}/pixelfed/cache"
+DOCKER_APP_HOST_CACHE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/cache"
 
-# How often Docker health check should run for all services
+# Automatically run "One-time setup tasks" commands.
 #
-# Can be overridden by individual [DOCKER_*_HEALTHCHECK_INTERVAL] settings further down
-DOCKER_DEFAULT_HEALTHCHECK_INTERVAL="10s"
+# If you are migrating to this docker-compose setup or have manually run the "One time seutp"
+# tasks (https://docs.pixelfed.org/running-pixelfed/installation/#setting-up-services)
+# you can set this to "0" to prevent them from running.
+#
+# Otherwise, leave it at "1" to have them run *once*.
+#DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS="1"
+
+# A space-seperated list of paths (inside the container) to *recursively* [chown]
+# to the container user/group id (UID/GID) in case of permission issues.
+#
+# ! You should *not* leave this on permanently, at it can significantly slow down startup
+# ! time for the container, and during normal operations there should never be permission
+# ! issues. Please report a bug if you see behavior requiring this to be permanently on
+#
+# Example: "/var/www/storage /var/www/bootstrap/cache"
+#DOCKER_APP_ENSURE_OWNERSHIP_PATHS=""
+
+# Enable Docker Entrypoint debug mode (will call [set -x] in bash scripts)
+# by setting this to "1".
+#DOCKER_APP_ENTRYPOINT_DEBUG="0"
+
+# List of extra APT packages (separated by space) to install when building
+# locally using [docker compose build].
+#
+# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md
+#DOCKER_APP_APT_PACKAGES_EXTRA=""
+
+# List of *extra* PECL extensions (separated by space) to install when
+# building locally using [docker compose build].
+#
+# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md
+#DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA=""
+
+# List of *extra* PHP extensions (separated by space) to install when
+# building locally using [docker compose build].
+#
+# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md
+#DOCKER_APP_PHP_EXTENSIONS_EXTRA=""
+
+################################################################################
+# Docker [redis] service configuration
+################################################################################
+
+# Redis version to use as Docker tag
+#
+# See: https://hub.docker.com/_/redis
+DOCKER_REDIS_VERSION="7.2"
+
+# Path (on host system) where the [redis] container will store its data
+#
+# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path)
+DOCKER_REDIS_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/redis"
 
 # Port that Redis will listen on *outside* the container (e.g. the host machine)
-DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT:-6379}"
+DOCKER_REDIS_HOST_PORT="${REDIS_PORT}"
 
 # The filename that Redis should store its config file within
 #
 # NOTE: The file *MUST* exists (even empty) before enabling this setting!
 #
-# Use a command like [touch "${DOCKER_CONFIG_ROOT}/redis/redis.conf"] to create it.
+# Use a command like [touch "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis/redis.conf"] to create it.
 #
 # Defaults to ""
 #DOCKER_REDIS_CONFIG_FILE="/etc/redis/redis.conf"
 
 # How often Docker health check should run for [redis] service
-DOCKER_REDIS_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}"
+#
+# Defaults to "10s"
+DOCKER_REDIS_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}"
+
+################################################################################
+# Docker [db] service configuration
+################################################################################
+
+# Set this to a non-empty value (e.g. "disabled") to disable the [db] service
+#DOCKER_DB_PROFILE=""
+
+# Path (on host system) where the [db] container will store its data
+#
+# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path)
+DOCKER_DB_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/db"
 
 # Port that the database will listen on *outside* the container (e.g. the host machine)
 #
 # Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL
-DOCKER_DB_PORT_EXTERNAL="${DB_PORT}"
+DOCKER_DB_HOST_PORT="${DB_PORT}"
 
 # How often Docker health check should run for [db] service
-DOCKER_DB_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}"
+DOCKER_DB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}"
 
-# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTP traffic
-DOCKER_PROXY_PORT_EXTERNAL_HTTP="80"
+################################################################################
+# Docker [web] service configuration
+################################################################################
 
-# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
-DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443"
+# Set this to a non-empty value (e.g. "disabled") to disable the [web] service
+#DOCKER_WEB_PROFILE=""
 
 # Port to expose [web] container will listen on *outside* the container (e.g. the host machine) for *HTTP* traffic only
 DOCKER_WEB_PORT_EXTERNAL_HTTP="8080"
 
 # How often Docker health check should run for [web] service
-DOCKER_WEB_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}"
+DOCKER_WEB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}"
 
-# How often Docker health check should run for [worker] service
-DOCKER_WORKER_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}"
+################################################################################
+# Docker [worker] service configuration
+################################################################################
 
-# Path to the Docker socket on the *host*
-DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock"
+# Set this to a non-empty value (e.g. "disabled") to disable the [worker] service
+#DOCKER_WORKER_PROFILE=""
 
-# Prefix for container names (without any dash at the end)
-DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}"
+# How often Docker health check should run for [worker] service
+DOCKER_WORKER_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}"
+
+################################################################################
+# Docker [proxy] + [proxy-acme] service configuration
+################################################################################
 
 # Set this to a non-empty value (e.g. "disabled") to disable the [proxy] and [proxy-acme] service
-DOCKER_PROXY_PROFILE=""
+#DOCKER_PROXY_PROFILE=""
 
 # Set this to a non-empty value (e.g. "disabled") to disable the [proxy-acme] service
-DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE}"
+#DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE:-}"
 
 # How often Docker health check should run for [proxy] service
-DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}"
+DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}"
 
-# Automatically run "One-time setup tasks" commands.
-#
-# If you are migrating to this docker-compose setup or have manually run the "One time seutp"
-# tasks (https://docs.pixelfed.org/running-pixelfed/installation/#setting-up-services)
-# you can set this to "0" to prevent them from running.
-#
-# Otherwise, leave it at "1" to have them run *once*.
-#DOCKER_RUN_ONE_TIME_SETUP_TASKS="1"
+# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTP traffic
+DOCKER_PROXY_HOST_PORT_HTTP="80"
 
-# A space-seperated list of paths (inside the container) to *recursively* [chown]
-# to the container user/group id (UID/GID) in case of permission issues.
-#
-# ! You should *not* leave this on permanently, at it can significantly slow down startup
-# ! time for the container, and during normal operations there should never be permission
-# ! issues. Please report a bug if you see behavior requiring this to be permanently on
-#
-# Example: "/var/www/storage /var/www/bootstrap/cache"
-#DOCKER_ENSURE_OWNERSHIP_PATHS=""
+# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
+DOCKER_PROXY_HOST_PORT_HTTPS="443"
 
-# Enable Docker Entrypoint debug mode (will call [set -x] in bash scripts)
-# by setting this to "1".
-#ENTRYPOINT_DEBUG="0"
+# Path to the Docker socket on the *host*
+DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH="/var/run/docker.sock"
+
+# ! ----------------------------------------------------------------------------
+# ! STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP
+# ! ----------------------------------------------------------------------------
+# ! Below this line is default environment variables for various [db] backends
+# ! You very likely do *NOT* need to modify any of this, ever.
+# ! ----------------------------------------------------------------------------
 
 ################################################################################
-# MySQL DB container configuration
+# Docker [db] service environment variables for MySQL (Oracle)
 ################################################################################
 #
 # See "Environment Variables" at https://hub.docker.com/_/mysql
@@ -1097,7 +1140,7 @@ MYSQL_PASSWORD="${DB_PASSWORD}"
 MYSQL_DATABASE="${DB_DATABASE}"
 
 ################################################################################
-# MySQL (MariaDB) DB container configuration
+# Docker [db] service environment variables for MySQL (MariaDB)
 ################################################################################
 #
 # See "Start a mariadb server instance with user, password and database"
@@ -1111,7 +1154,7 @@ MARIADB_PASSWORD="${DB_PASSWORD}"
 MARIADB_DATABASE="${DB_DATABASE}"
 
 ################################################################################
-# PostgreSQL DB container configuration
+# Docker [db] service environment variables for PostgreSQL
 ################################################################################
 #
 # See "Environment Variables" at https://hub.docker.com/_/postgres

docker-compose.migrate.yml

@@ -15,7 +15,7 @@ services:
       # OLD
       - "app-storage:/migrate/app-storage/old"
       # NEW
-      - "${DOCKER_APP_STORAGE_PATH}:/migrate/app-storage/new"
+      - "${DOCKER_APP_HOST_STORAGE_PATH}:/migrate/app-storage/new"
 
       ################################
       # MySQL/DB volume
@@ -23,7 +23,7 @@ services:
       # OLD
       - "db-data:/migrate/db-data/old"
       # NEW
-      - "${DOCKER_DB_DATA_PATH}:/migrate/db-data/new"
+      - "${DOCKER_DB_HOST_DATA_PATH}:/migrate/db-data/new"
 
       ################################
       # Redis volume
@@ -31,7 +31,7 @@ services:
       # OLD
       - "redis-data:/migrate/redis-data/old"
       # NEW
-      - "${DOCKER_REDIS_DATA_PATH}:/migrate/redis-data/new"
+      - "${DOCKER_REDIS_HOST_DATA_PATH}:/migrate/redis-data/new"
 
 # Volumes from the old [docker-compose.yml] file
 # https://github.com/pixelfed/pixelfed/blob/b1ff44ca2f75c088a11576fb03b5bad2fbed4d5c/docker-compose.yml#L72-L76

docker-compose.yml

@@ -20,22 +20,22 @@ services:
   # See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
   proxy:
     image: nginxproxy/nginx-proxy:1.4
-    container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy"
     restart: unless-stopped
     profiles:
       - ${DOCKER_PROXY_PROFILE:-}
     volumes:
-      - "${DOCKER_HOST_SOCKET_PATH}:/tmp/docker.sock:ro"
-      - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
-      - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
-      - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
-      - "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
+      - "${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/tmp/docker.sock:ro"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs"
+      - "${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html"
     ports:
-      - "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80"
-      - "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443"
+      - "${DOCKER_PROXY_HOST_PORT_HTTP}:80"
+      - "${DOCKER_PROXY_HOST_PORT_HTTPS}:443"
     healthcheck:
       test: "curl --fail https://${APP_DOMAIN}/api/service/health-check"
-      interval: "${DOCKER_PROXY_HEALTHCHECK_INTERVAL:-10s}"
+      interval: "${DOCKER_PROXY_HEALTHCHECK_INTERVAL}"
       retries: 2
       timeout: 5s
 
@@ -47,41 +47,43 @@ services:
   # See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
   proxy-acme:
     image: nginxproxy/acme-companion
-    container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme"
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy-acme"
     restart: unless-stopped
     profiles:
       - ${DOCKER_PROXY_ACME_PROFILE:-}
     environment:
       DEBUG: 0
       DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
-      NGINX_PROXY_CONTAINER: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
+      NGINX_PROXY_CONTAINER: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy"
     depends_on:
       - proxy
     volumes:
-      - "${DOCKER_CONFIG_ROOT}/proxy-acme:/etc/acme.sh"
-      - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
-      - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
-      - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
-      - "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
-      - "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy-acme:/etc/acme.sh"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d"
+      - "${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html"
+      - "${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/var/run/docker.sock:ro"
 
   web:
-    image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
-    container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-web"
+    image: "${DOCKER_APP_IMAGE}:${DOCKER_APP_TAG}"
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-web"
     restart: unless-stopped
+    profiles:
+      - ${DOCKER_WEB_PROFILE:-}
     build:
-      target: ${DOCKER_RUNTIME}-runtime
+      target: ${DOCKER_APP_RUNTIME}-runtime
       args:
-        PHP_VERSION: "${PHP_VERSION:-8.1}"
-        PHP_BASE_TYPE: "${PHP_BASE_TYPE:-apache}"
-        PHP_DEBIAN_RELEASE: "${PHP_DEBIAN_RELEASE:-bullseye}"
-        APT_PACKAGES_EXTRA: "${APT_PACKAGES_EXTRA:-}"
-        PHP_PECL_EXTENSIONS_EXTRA: "${PHP_PECL_EXTENSIONS_EXTRA:-}"
-        PHP_EXTENSIONS_EXTRA: "${PHP_EXTENSIONS_EXTRA:-}"
+        PHP_VERSION: "${DOCKER_APP_PHP_VERSION}"
+        PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}"
+        PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}"
+        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
+        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
+        PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}"
     volumes:
       - "./.env:/var/www/.env"
-      - "${DOCKER_APP_CACHE_PATH}:/var/www/bootstrap/cache"
-      - "${DOCKER_APP_STORAGE_PATH}:/var/www/storage"
+      - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache"
+      - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage"
     environment:
       LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
       LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
@@ -93,54 +95,58 @@ services:
       com.github.nginx-proxy.nginx-proxy.http2.enable: true
       com.github.nginx-proxy.nginx-proxy.http3.enable: true
     ports:
-      - "${DOCKER_WEB_PORT_EXTERNAL_HTTP:-8080}:80"
+      - "${DOCKER_WEB_PORT_EXTERNAL_HTTP}:80"
     depends_on:
       - db
       - redis
     healthcheck:
       test: 'curl --header "Host: ${APP_DOMAIN}" --fail http://localhost/api/service/health-check'
-      interval: "${DOCKER_WEB_HEALTHCHECK_INTERVAL:-10s}"
+      interval: "${DOCKER_WEB_HEALTHCHECK_INTERVAL}"
       retries: 2
       timeout: 5s
 
   worker:
-    image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
-    container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-worker"
+    image: "${DOCKER_APP_IMAGE}:${DOCKER_APP_TAG}"
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-worker"
     command: gosu www-data php artisan horizon
     restart: unless-stopped
+    profiles:
+      - ${DOCKER_WORKER_PROFILE:-}
     build:
-      target: ${DOCKER_RUNTIME}-runtime
+      target: ${DOCKER_APP_RUNTIME}-runtime
       args:
-        PHP_VERSION: "${PHP_VERSION:-8.1}"
-        PHP_BASE_TYPE: "${PHP_BASE_TYPE:-apache}"
-        PHP_DEBIAN_RELEASE: "${PHP_DEBIAN_RELEASE:-bullseye}"
-        APT_PACKAGES_EXTRA: "${APT_PACKAGES_EXTRA:-}"
-        PHP_PECL_EXTENSIONS_EXTRA: "${PHP_PECL_EXTENSIONS_EXTRA:-}"
-        PHP_EXTENSIONS_EXTRA: "${PHP_EXTENSIONS_EXTRA:-}"
+        PHP_VERSION: "${DOCKER_APP_PHP_VERSION}"
+        PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}"
+        PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}"
+        APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}"
+        PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}"
+        PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}"
     volumes:
       - "./.env:/var/www/.env"
-      - "${DOCKER_APP_CACHE_PATH}:/var/www/bootstrap/cache"
-      - "${DOCKER_APP_STORAGE_PATH}:/var/www/storage"
+      - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache"
+      - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage"
     depends_on:
       - db
       - redis
     healthcheck:
       test: gosu www-data php artisan horizon:status | grep running
-      interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL:-10s}"
+      interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL}"
       timeout: 5s
       retries: 2
 
   db:
-    image: mariadb:${DB_VERSION:-11.2}
-    container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-db"
+    image: mariadb:${DB_VERSION}
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-db"
     command: --default-authentication-plugin=mysql_native_password
     restart: unless-stopped
+    profiles:
+      - ${DOCKER_DB_PROFILE:-}
     env_file:
       - ".env"
     volumes:
-      - "${DOCKER_DB_DATA_PATH}:/var/lib/mysql"
+      - "${DOCKER_DB_HOST_DATA_PATH}:/var/lib/mysql"
     ports:
-      - "${DOCKER_DB_PORT_EXTERNAL}:3306"
+      - "${DOCKER_DB_HOST_PORT}:3306"
     healthcheck:
       test:
         [
@@ -150,13 +156,13 @@ services:
           "--connect",
           "--innodb_initialized",
         ]
-      interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL:-10s}"
+      interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL}"
       retries: 2
       timeout: 5s
 
   redis:
-    image: redis:${REDIS_VERSION:-7.2}
-    container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-redis"
+    image: redis:${DOCKER_REDIS_VERSION}
+    container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-redis"
     restart: unless-stopped
     command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'"
     environment:
@@ -164,12 +170,12 @@ services:
     env_file:
       - ".env"
     volumes:
-      - "${DOCKER_CONFIG_ROOT}/redis:/etc/redis"
-      - "${DOCKER_REDIS_DATA_PATH}:/data"
+      - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis:/etc/redis"
+      - "${DOCKER_REDIS_HOST_DATA_PATH}:/data"
     ports:
-      - "${DOCKER_REDIS_PORT_EXTERNAL}:6379"
+      - "${DOCKER_REDIS_HOST_PORT}:6379"
     healthcheck:
       test: ["CMD", "redis-cli", "-p", "6379", "ping"]
-      interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL:-10s}"
+      interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL}"
       retries: 2
       timeout: 5s

docker/customizing.md

@@ -15,7 +15,7 @@ When a Pixelfed container starts up, the [`ENTRYPOINT`](https://docs.docker.com/
 
 ### Debugging
 
-You can set environment variable `ENTRYPOINT_DEBUG=1` to show verbose output of what each `entrypoint.d` script is doing.
+You can set environment variable `DOCKER_APP_ENTRYPOINT_DEBUG=1` to show verbose output of what each `entrypoint.d` script is doing.
 
 You can also `docker exec` or `docker run` into a container and run `/`
 
@@ -73,12 +73,12 @@ Please see the
 
 ## Fixing ownership on startup
 
-You can set the environment variable `DOCKER_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping.
+You can set the environment variable `DOCKER_APP_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping.
 
 The variable is a space-delimited list shown below and accepts both relative and absolute paths:
 
-* `DOCKER_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"`
-* `DOCKER_ENSURE_OWNERSHIP_PATHS="/some/other/folder"`
+* `DOCKER_APP_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"`
+* `DOCKER_APP_ENSURE_OWNERSHIP_PATHS="/some/other/folder"`
 
 ## Build settings (arguments)
 

docker/faq.md

@@ -19,7 +19,7 @@ No problem! All you have to do is:
 1. Change the `DOCKER_PROXY_ACME_PROFILE` key/value pair in your `.env` file to `"disabled"`.
     * This disabled the `proxy-acme` service in `docker-compose.yml`.
     * It does *not* disable the `proxy` service.
-1. Put your certificates in `${DOCKER_CONFIG_ROOT}/proxy/certs` (e.g. `./docker-compose/config/proxy/certs`)
+1. Put your certificates in `${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs` (e.g. `./docker-compose/config/proxy/certs`)
     * You may need to create this folder manually if it does not exists.
     * The following files are expected to exist in the directory for the proxy to detect and use them automatically (this is the same directory and file names as LetsEncrypt uses)
         1. `${APP_DOMAIN}.cert.pem`
@@ -31,4 +31,4 @@ No problem! All you have to do is:
 
 ## How do I change the container name prefix?
 
-Change the `DOCKER_CONTAINER_NAME_PREFIX` key/value pair in your `.env` file.
+Change the `DOCKER_ALL_CONTAINER_NAME_PREFIX` key/value pair in your `.env` file.

docker/migration.md

@@ -61,8 +61,8 @@ In *particular* the following sections
   * The `PHP_VERSION` settings controls your PHP version
   * The `PHP_MEMORY_LIMIT` settings controls your PHP memory limit
 * `Docker Specific configuration` section (near the end of the file) where
-  * The `DOCKER_DATA_ROOT` setting dictate where the new migrated data will live.
-  * The `DOCKER_RUN_ONE_TIME_SETUP_TASKS` controls if the `One time setup tasks` should run or not. We do *not* want this, since your Pixelfed instance already is set up!
+  * The `DOCKER_ALL_HOST_DATA_ROOT_PATH` setting dictate where the new migrated data will live.
+  * The `DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS` controls if the `One time setup tasks` should run or not. We do *not* want this, since your Pixelfed instance already is set up!
 * [Frequently Asked Question / FAQ](faq.md)
   * [How do I use my own Proxy server?](faq.md#how-do-i-use-my-own-proxy-server)
   * [How do I use my own SSL certificate?](faq.md#how-do-i-use-my-own-ssl-certificate)
@@ -232,9 +232,9 @@ If the worker is crash looping, inspect the logs and try to resolve the issues.
 
 You can consider the following additional steps:
 
-* Enabling `ENTRYPOINT_DEBUG` which will show even more log output to help understand whats going on
-* Enabling `DOCKER_ENSURE_OWNERSHIP_PATHS` against the path(s) that might have permission issues
-* Fixing permission issues directly on the host since your data should all be in the `${DOCKER_DATA_ROOT}` folder (`./docker-compose-state/data` by default)
+* Enabling `DOCKER_APP_ENTRYPOINT_DEBUG` which will show even more log output to help understand whats going on
+* Enabling `DOCKER_APP_ENSURE_OWNERSHIP_PATHS` against the path(s) that might have permission issues
+* Fixing permission issues directly on the host since your data should all be in the `${DOCKER_ALL_HOST_DATA_ROOT_PATH}` folder (`./docker-compose-state/data` by default)
 
 ##### Web
 

docker/shared/root/docker/entrypoint.d/01-permissions.sh

@@ -13,13 +13,13 @@ run-as-current-user chown --verbose "${RUNTIME_UID}:${RUNTIME_GID}" "./bootstrap
 run-as-current-user chown --verbose "${RUNTIME_UID}:${RUNTIME_GID}" "./storage"
 
 # Optionally fix ownership of configured paths
-: "${DOCKER_ENSURE_OWNERSHIP_PATHS:=""}"
+: "${DOCKER_APP_ENSURE_OWNERSHIP_PATHS:=""}"
 
 declare -a ensure_ownership_paths=()
-IFS=' ' read -ar ensure_ownership_paths <<<"${DOCKER_ENSURE_OWNERSHIP_PATHS}"
+IFS=' ' read -ar ensure_ownership_paths <<<"${DOCKER_APP_ENSURE_OWNERSHIP_PATHS}"
 
 if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then
-    log-info "No paths has been configured for ownership fixes via [\$DOCKER_ENSURE_OWNERSHIP_PATHS]."
+    log-info "No paths has been configured for ownership fixes via [\$DOCKER_APP_ENSURE_OWNERSHIP_PATHS]."
 
     exit 0
 fi

docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh

@@ -7,11 +7,11 @@ source "${ENTRYPOINT_ROOT}/helpers.sh"
 entrypoint-set-script-name "$0"
 
 # Allow automatic applying of outstanding/new migrations on startup
-: "${DOCKER_RUN_ONE_TIME_SETUP_TASKS:=1}"
+: "${DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS:=1}"
 
-if is-false "${DOCKER_RUN_ONE_TIME_SETUP_TASKS}"; then
+if is-false "${DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS}"; then
     log-warning "Automatic run of the 'One-time setup tasks' is disabled."
-    log-warning "Please set [DOCKER_RUN_ONE_TIME_SETUP_TASKS=1] in your [.env] file to enable this."
+    log-warning "Please set [DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS=1] in your [.env] file to enable this."
 
     exit 0
 fi

docker/shared/root/docker/helpers.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e -o errexit -o nounset -o pipefail
 
-[[ ${ENTRYPOINT_DEBUG:=0} == 1 ]] && set -x
+[[ ${DOCKER_APP_ENTRYPOINT_DEBUG:=0} == 1 ]] && set -x
 
 : "${RUNTIME_UID:="33"}"
 : "${RUNTIME_GID:="33"}"