don't run su-exec if container starts as non-root

Adding support for 0.17's new banlist and adminlist options

0.17/docker-compose.yml

@@ -7,3 +7,5 @@ services:
      - "27015:27015/tcp"
     volumes:
      - /opt/factorio:/factorio
+#    user: 845:845
+#    user: 1000:1000

0.17/files/docker-entrypoint.sh

@@ -2,7 +2,7 @@
 set -e
 
 id
-#
+
 FACTORIO_VOL=/factorio
 mkdir -p $FACTORIO_VOL
 mkdir -p $SAVES
@@ -12,15 +12,18 @@ mkdir -p $SCENARIOS
 mkdir -p $SCRIPTOUTPUT
 
 if [ ! -f $CONFIG/rconpw ]; then
+  # Generate a new RCON password if none exists
   echo $(pwgen 15 1) > $CONFIG/rconpw
 fi
 
 if [ ! -f $CONFIG/server-settings.json ]; then
+  # Copy default settings if server-settings.json doesn't exist
   cp /opt/factorio/data/server-settings.example.json $CONFIG/server-settings.json
 fi
 
 if [ ! -f $CONFIG/map-gen-settings.json ]; then
-#  cp /opt/factorio/data/map-gen-settings.example.json $CONFIG/map-gen-settings.json
+  # TODO: Need a valid map-gen-settings.json
+  # cp /opt/factorio/data/map-gen-settings.example.json $CONFIG/map-gen-settings.json
   echo "{}" > $CONFIG/map-gen-settings.json
 fi
 
@@ -29,10 +32,12 @@ if [ ! -f $CONFIG/map-settings.json ]; then
 fi
 
 if find -L $SAVES -iname \*.tmp.zip -mindepth 1 -print | grep -q .; then
+  # Delete incomplete saves (such as after a forced exit)
   rm -f $SAVES/*.tmp.zip
 fi
 
 if ! find -L $SAVES -iname \*.zip -mindepth 1 -print | grep -q .; then
+  # Generate a new map if no save ZIPs exist
   /opt/factorio/bin/x64/factorio \
     --create $SAVES/_autosave1.zip  \
     --map-gen-settings $CONFIG/map-gen-settings.json \
@@ -40,10 +45,13 @@ if ! find -L $SAVES -iname \*.zip -mindepth 1 -print | grep -q .; then
 fi
 
 if [ "$(id -u)" = '0' ]; then
+  # Take ownership of factorio data if running as root
   chown -R factorio:factorio $FACTORIO_VOL
+  # We want to drop to the factorio user
+  SU_EXEC="su-exec factorio"
 fi
 
-exec su-exec factorio /opt/factorio/bin/x64/factorio \
+exec ${SU_EXEC} /opt/factorio/bin/x64/factorio \
   --port $PORT \
   --start-server-load-latest \
   --server-settings $CONFIG/server-settings.json \
@@ -51,6 +59,8 @@ exec su-exec factorio /opt/factorio/bin/x64/factorio \
   --rcon-port $RCON_PORT \
   --server-whitelist $CONFIG/server-whitelist.json \
   --use-server-whitelist \
+  --server-adminlist $CONFIG/server-adminlist.json \
+  --server-banlist $CONFIG/server-banlist.json \
   --rcon-password "$(cat $CONFIG/rconpw)" \
   --server-id /factorio/config/server-id.json \
-  $@
+  "$@"

README.md

@@ -8,9 +8,9 @@
 
 *Tag descriptions*
 
-* `latest` - the most up-to-date version (may be experimental).
-* `stable` - the version declared stable on [factorio.com](https://www.factorio.com).
-* `0.x` - highest version in a branch: may be experimental.
+* `latest` - most up-to-date version (may be experimental).
+* `stable` - version declared stable on [factorio.com](https://www.factorio.com).
+* `0.x` - latest version in a branch.
 * `0.x.y` - a specific version.
 * `0.x-dev` - whatever is in master for that version.
 
@@ -164,6 +164,24 @@ Create file `config/server-whitelist.json` and add the whitelisted users.
 		"friend"
 	]
 
+## Banlisting (0.17.1+)
+
+Create file `config/server-banlist.json` and add the banlisted users.
+
+    [
+        "bad_person",
+        "other_bad_person"
+    ]
+
+## Adminlisting (0.17.1+)
+
+Create file `config/server-adminlist.json` and add the adminlisted users.
+
+    [
+        "you",
+        "friend"
+    ]
+
 # Container Details
 
 The philosophy is to [keep it simple](http://wiki.c2.com/?KeepItSimple).
@@ -182,7 +200,9 @@ To keep things simple, the container uses a single volume mounted at `/factorio`
     |   |-- map-gen-settings.json
     |   |-- rconpw
     |   |-- server-settings.json
-    |   `-- server-whitelist.json
+    |   |-- server-whitelist.json
+    |   |-- server-banlist.json
+    |   `-- server-adminlist.json
     |-- mods
     |   `-- fancymod.zip
     `-- saves