From 569c59f0d653852d53c4e8239b1c66f743f74b13 Mon Sep 17 00:00:00 2001
From: Michele Bologna <michele.bologna@gmail.com>
Date: Tue, 15 Jan 2019 19:50:59 +0100
Subject: [PATCH] Feat: supply etc config via Docker volume

---
 Dockerfile               |  17 ++--
 README.md                |  15 +---
 docker-compose.yml       |   9 +-
 etc/bitlbee/bitlbee.conf | 175 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 191 insertions(+), 25 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 55e767c..9f338d8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -70,17 +70,12 @@ rm -fr telegram-purple* && \
 rm -fr v1.1.2.tar.gz bitlbee-facebook-* && \
 rm -fr purple-hangouts && \
 rm -rf bitlbee-mastodon && \
-mkdir -p /var/lib/bitlbee && \
-chown -R daemon:daemon /var/lib/bitlbee* # dup: otherwise it won't be chown'ed when using volumes
-
-COPY etc/bitlbee/bitlbee.conf /usr/local/etc/bitlbee/bitlbee.conf
-COPY etc/bitlbee/motd.txt /usr/local/etc/bitlbee/motd.txt
+# add user bitlbee
+adduser --system --home /var/lib/bitlbee --disabled-password --disabled-login --shell /usr/sbin/nologin bitlbee && \
+touch /var/run/bitlbee.pid && chown bitlbee:nogroup /var/run/bitlbee.pid
 
+VOLUME ["/usr/local/etc/bitlbee"]
 VOLUME ["/var/lib/bitlbee"]
-RUN touch /var/run/bitlbee.pid && \
-	chown daemon:daemon /var/run/bitlbee.pid && \
-	chown -R daemon:daemon /usr/local/etc/* && \
-	chown -R daemon:daemon /var/lib/bitlbee*  # dup: otherwise it won't be chown'ed when using volumes
-USER daemon
 EXPOSE 6667
-CMD ["/usr/local/sbin/bitlbee", "-c", "/usr/local/etc/bitlbee/bitlbee.conf", "-n", "-u", "daemon"]
+CMD ["/usr/local/sbin/bitlbee", "-c", "/usr/local/etc/bitlbee/bitlbee.conf", "-n", "-v"]
+USER bitlbee
diff --git a/README.md b/README.md
index 0139b6e..f6bcb9a 100644
--- a/README.md
+++ b/README.md
@@ -25,11 +25,9 @@ In addition to the [Bitlbee's out of the box supported protocols](https://wiki.b
 
 ## Usage
 
-1. (optional and only for those who build the image) configure bitlbee
+1. (Optional) Customize bitlbee configuration file in `etc/bitlbee/bitlbee.conf`
 
-customize etc/bitlbee/bitlbee.conf to suit your needs
-
-2. run bitlbee via:
+2. Run bitlbee via:
 
     a. [Docker Compose](https://docs.docker.com/compose/install/):
 
@@ -37,13 +35,8 @@ customize etc/bitlbee/bitlbee.conf to suit your needs
 
     b. or via Docker:
 
-    - without persistent configuration:
-
-          docker run -d --name bitlbee -p 16667:6667 --restart=always mbologna/docker-bitlbee
-
-    - with persistent configuration store in volume:
-
-          docker run -d --name bitlbee -p 16667:6667 --restart=always -v <data-dir>:/var/lib/bitlbee mbologna/docker-bitlbee
+        docker volume create bitlbee_data
+        docker run -d --name bitlbee -p 16667:6667 --restart=always -v $PWD/etc/bitlbee:/usr/local/etc/bitlbee mbologna/docker-bitlbee
 
 ## Contributing
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 2daef29..20811bd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,13 +1,16 @@
-version: "3.3"
+version: "2.0"
 
 services:
   app:
     image: mbologna/docker-bitlbee
+    container_name: bitlbee
     restart: always
     ports:
       - "16667:6667"
+    network_mode: bridge
     volumes:
-      - data:/var/lib/bitlbee
+      - ./etc/bitlbee:/usr/local/etc/bitlbee
+      - bitlbee_data:/var/lib/bitlbee
 
 volumes:
-  data:
+  bitlbee_data:
diff --git a/etc/bitlbee/bitlbee.conf b/etc/bitlbee/bitlbee.conf
index 2eee7d4..0b0e32f 100644
--- a/etc/bitlbee/bitlbee.conf
+++ b/etc/bitlbee/bitlbee.conf
@@ -1,5 +1,180 @@
+## BitlBee default configuration file
+##
+## Comments are marked like this. The rest of the file is INI-style. The
+## comments should tell you enough about what all settings mean.
+##
+
 [settings]
+
+## RunMode:
+##
+##  Inetd -- Run from inetd (default)
+##  Daemon -- Run as a stand-alone daemon, serving all users from one process.
+##    This saves memory if there are more users, the downside is that when one
+##    user hits a crash-bug, all other users will also lose their connection.
+##  ForkDaemon -- Run as a stand-alone daemon, but keep all clients in separate
+##    child processes. This should be pretty safe and reliable to use instead
+##    of inetd mode.
+##
 RunMode = ForkDaemon
+
+## User:
+## 
+## If BitlBee is started by root as a daemon, it can drop root privileges,
+## and change to the specified user.
+##
+User = bitlbee
+
+## DaemonPort/DaemonInterface:
+##
+## For daemon mode, you can specify on what interface and port the daemon
+## should be listening for connections.
+##
+# DaemonInterface = 0.0.0.0
+# DaemonPort = 6667
+
+## ClientInterface:
+##
+## If for any reason, you want BitlBee to use a specific address/interface
+## for outgoing traffic (IM connections, HTTP(S), etc.), set it here.
+##
+# ClientInterface = 0.0.0.0
+
+## AuthMode
+##
+##  Open -- Accept connections from anyone, use NickServ for user authentication.
+##    (default)
+##  Closed -- Require authorization (using the PASS command during login) before
+##    allowing the user to connect at all.
+##  Registered -- Only allow registered users to use this server; this disables
+##    the register- and the account command until the user identifies itself.
+##
+# AuthMode = Open
+
+## AuthBackend
+##
+## By default, the authentication data for a user is stored in the storage
+## backend. If you want to authenticate against another authentication system
+## (e.g. ldap), you can specify that here.
+##
+## Beware that this disables password changes and causes passwords for the
+## accounts people create to be stored in plain text instead of encrypted with
+## their bitlbee password.
+##
+## Currently available backends:
+##
+## - storage (internal storage)
+## - pam (Linux PAM authentication)
+## - ldap (LDAP server configured in the openldap settings)
+#
+# AuthBackend = storage
+#
+
+## AuthPassword
+##
+## Password the user should enter when logging into a closed BitlBee server.
+## You can also have a BitlBee-style MD5 hash here. Format: "md5:", followed
+## by a hash as generated by "bitlbee -x hash <password>".
+##
+# AuthPassword = ItllBeBitlBee   ## Heh.. Our slogan. ;-)
+## or
+# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl
+
+## OperPassword
+##
+## Password that unlocks access to special operator commands.
+##
+# OperPassword = ChangeMe!
+## or
+# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX
+
+## AllowAccountAdd
+##
+## Whether to allow registered and identified users to add new accounts using
+## 'account add'
+##
+# AllowAccountAdd 1
+
+## HostName
+##
+## Normally, BitlBee gets a hostname using getsockname(). If you have a nicer
+## alias for your BitlBee daemon, you can set it here and BitlBee will identify
+## itself with that name instead.
+##
 HostName = bitlbee
 
+## MotdFile
+##
+## Specify an alternative MOTD (Message Of The Day) file. Default value depends
+## on the --etcdir argument to configure.
+##
+# MotdFile = /etc/bitlbee/motd.txt
+
+## ConfigDir
+##
+## Specify an alternative directory to store all the per-user configuration
+## files. (.nicks/.accounts)
+##
+# ConfigDir = /var/lib/bitlbee
+
+## Ping settings
+##
+## BitlBee can send PING requests to the client to check whether it's still
+## alive. This is not very useful on local servers, but it does make sense
+## when most clients connect to the server over a real network interface.
+## (Public servers) Pinging the client will make sure lost clients are
+## detected and cleaned up sooner.
+##
+## PING requests are sent every PingInterval seconds. If no PONG reply has
+## been received for PingTimeOut seconds, BitlBee aborts the connection.
+##
+## To disable the pinging, set at least one of these to 0.
+##
+# PingInterval = 180
+# PingTimeOut = 300
+
+## Using proxy servers for outgoing connections
+##
+## If you're running BitlBee on a host which is behind a restrictive firewall
+## and a proxy server, you can tell BitlBee to use that proxy server here.
+## The setting has to be a URL, formatted like one of these examples:
+##
+## (Obviously, the username and password are optional)
+##
+# Proxy = http://john:doe@proxy.localnet.com:8080
+# Proxy = socks4://socksproxy.localnet.com
+# Proxy = socks5://socksproxy.localnet.com
+
+## Protocols offered by bitlbee
+## 
+## As recompiling may be quite unpractical for some people, this option
+## allows to remove the support of protocol, even if compiled in. If
+## nothing is given, there are no restrictions.
+## 
+# Protocols = jabber yahoo
+
+## Trusted CAs
+##
+## Path to a file containing a list of trusted certificate authorities used in
+## the verification of server certificates.
+##
+## Uncomment this and make sure the file actually exists and contains all
+## certificate authorities you're willing to accept (default value should
+## work on at least Debian/Ubuntu systems with the "ca-certificates" package
+## installed). As long as the line is commented out, SSL certificate
+## verification is completely disabled.
+##
+## The location of this file may be different on other distros/OSes. For
+## example, try /etc/ssl/ca-bundle.pem on OpenSUSE.
+##
+CAfile = /etc/ssl/certs/ca-certificates.crt
+
 [defaults]
+
+## Here you can override the defaults for some per-user settings. Users are
+## still able to override your defaults, so this is not a way to restrict
+## your users...
+
+## To enable private mode by default, for example:
+
+## private = 1