From 51af7fce7457f9af663c7a106166eb3699e33d21 Mon Sep 17 00:00:00 2001
From: Alexandre <44178713+alexbelgium@users.noreply.github.com>
Date: Sat, 10 Jan 2026 09:54:59 +0100
Subject: [PATCH] Update 91-configure.sh

---
 .../rootfs/etc/cont-init.d/91-configure.sh    | 130 ++++++++++--------
 1 file changed, 69 insertions(+), 61 deletions(-)

diff --git a/netalertx/rootfs/etc/cont-init.d/91-configure.sh b/netalertx/rootfs/etc/cont-init.d/91-configure.sh
index 6e01cb376..a7d1679b7 100755
--- a/netalertx/rootfs/etc/cont-init.d/91-configure.sh
+++ b/netalertx/rootfs/etc/cont-init.d/91-configure.sh
@@ -8,28 +8,48 @@ set -e
 
 APP_UID=20211
 
-# 1. Fix the directories
-for folder in /tmp/run/tmp /tmp/api /tmp/log /tmp/run /tmp/nginx/active-config "$TMP_DIR" "$NETALERTX_DATA" "$NETALERTX_DB" "$NETALERTX_CONFIG"; do
-    mkdir -p "$folder"
-    chown -R $APP_UID:$APP_UID "$folder"
-    chmod -R 755 "$folder"
+# CRITICAL: ensure newly-created files (like /config/config/app.conf on first run) are not root-only
+umask 022
+export UMASK=022
+
+# Ensure base dirs exist and have sane perms for the app user
+mkdir -p /config/config /config/db
+chown -R "${APP_UID}:${APP_UID}" /config/config /config/db
+chmod 775 /config/config /config/db
+
+# 1. Fix the directories (skip empty vars)
+for folder in \
+    /tmp/run/tmp \
+    /tmp/api \
+    /tmp/log \
+    /tmp/run \
+    /tmp/nginx/active-config \
+    "${TMP_DIR:-}" \
+    "${NETALERTX_DATA:-}" \
+    "${NETALERTX_DB:-}" \
+    "${NETALERTX_CONFIG:-}"
+do
+    [[ -z "${folder}" ]] && continue
+    mkdir -p "${folder}"
+    chown -R "${APP_UID}:${APP_UID}" "${folder}"
+    chmod -R 755 "${folder}"
 done
 
 # 2. Fix /tmp and Standard Streams (CRITICAL)
 chmod -R 1777 /tmp
-# This allows the non-root user to write to the container logs
+# Allow non-root user to write to container logs
 chmod 666 /dev/stdout /dev/stderr
 
 # 3. Pre-create and chown log files
 touch /tmp/log/app.php_errors.log /tmp/log/cron.log /tmp/log/stdout.log /tmp/log/stderr.log
-chown $APP_UID:$APP_UID /tmp/log/*.log
+chown "${APP_UID}:${APP_UID}" /tmp/log/*.log
 
 # 4. Create Symlinks
 for item in db config; do
-    rm -rf "/data/$item"
-    ln -sf "/config/$item" "/data/$item"
-    chown -R $APP_UID:$APP_UID "/data/$item"
-    chmod -R 755 "/data/$item"
+    rm -rf "/data/${item}"
+    ln -sf "/config/${item}" "/data/${item}"
+    chown -R "${APP_UID}:${APP_UID}" "/data/${item}"
+    chmod -R 755 "/data/${item}"
 done
 
 # Fix php
@@ -41,76 +61,64 @@ sed -i "/default_type/a include /etc/nginx/http.d/ingress.conf;" "${SYSTEM_NGINX
 # Configure network #
 #####################
 
-# Configuration file path
 config_file="/config/config/app.conf"
 
-if [ -f /config/db/app.db ]; then
-    chmod a+rwx /config/db/app.db
+# If DB already exists, ensure it’s readable/writable by the app user
+if [[ -f /config/db/app.db ]]; then
+    chown "${APP_UID}:${APP_UID}" /config/db/app.db || true
+    chmod 664 /config/db/app.db || true
 fi
 
-# Function to execute the main logic
 execute_main_logic() {
     bashio::log.info "Initiating scan of Home Assistant network configuration..."
 
-    # Get the local IPv4 address
     local_ip="$(bashio::network.ipv4_address)"
-    local_ip="${local_ip%/*}" # Remove CIDR notation
-    echo "... Detected local IP: $local_ip"
+    local_ip="${local_ip%/*}"
+    echo "... Detected local IP: ${local_ip}"
     echo "... Scanning network for changes"
 
-    # Ensure arp-scan is installed
-    if ! command -v arp-scan &> /dev/null; then
+    if ! command -v arp-scan &>/dev/null; then
         bashio::log.error "arp-scan command not found. Please install arp-scan to proceed."
         exit 1
     fi
 
-    # Get current settings
-    if ! grep -q "^SCAN_SUBNETS" "$config_file"; then
-        bashio::log.fatal "SCAN_SUBNETS is not found in your $config_file, please correct your file first"
+    if [[ ! -f "${config_file}" ]]; then
+        bashio::log.warning "Config file not present yet (${config_file}); skipping network scan update."
+        return 0
     fi
 
-    # Iterate over network interfaces
-    for interface in $(bashio::network.interfaces); do
-        echo "Scanning interface: $interface"
+    # Make sure the app user can read it (covers upgrades / odd umask cases)
+    chown "${APP_UID}:${APP_UID}" "${config_file}" 2>/dev/null || true
+    chmod 664 "${config_file}" 2>/dev/null || true
 
-        # Check if the interface is already configured
-        if grep -q "$interface" "$config_file"; then
-            echo "... $interface is already configured in app.conf"
-        else
-            # Update SCAN_SUBNETS in app.conf
-            SCAN_SUBNETS="$(grep "^SCAN_SUBNETS" "$config_file" | head -1)"
-            if [[ "$SCAN_SUBNETS" != *"$local_ip"*"$interface"* ]]; then
-                # Add to the app.conf
-                NEW_SCAN_SUBNETS="${SCAN_SUBNETS%]}, '${local_ip}/24 --interface=${interface}']"
-                sed -i "/^SCAN_SUBNETS/c\\$NEW_SCAN_SUBNETS" "$config_file"
-                # Check availability of hosts
-                VALUE="$(arp-scan --interface="$interface" "${local_ip}/24" 2> /dev/null \
-                    | grep "responded" \
-                    | awk -F'.' '{print $NF}' \
-                    | awk '{print $1}' || true)"
-                echo "... $interface is available in Home Assistant (with $VALUE devices), added to app.conf"
-            fi
+    if ! grep -q "^SCAN_SUBNETS" "${config_file}"; then
+        bashio::log.fatal "SCAN_SUBNETS is not found in ${config_file}, please correct your file first"
+        return 1
+    fi
+
+    for interface in $(bashio::network.interfaces); do
+        echo "Scanning interface: ${interface}"
+
+        if grep -q "${interface}" "${config_file}"; then
+            echo "... ${interface} is already configured in app.conf"
+            continue
+        fi
+
+        SCAN_SUBNETS="$(grep "^SCAN_SUBNETS" "${config_file}" | head -1)"
+        if [[ "${SCAN_SUBNETS}" != *"${local_ip}"*"${interface}"* ]]; then
+            NEW_SCAN_SUBNETS="${SCAN_SUBNETS%]}, '${local_ip}/24 --interface=${interface}']"
+            sed -i "/^SCAN_SUBNETS/c\\${NEW_SCAN_SUBNETS}" "${config_file}"
+
+            VALUE="$(arp-scan --interface="${interface}" "${local_ip}/24" 2>/dev/null \
+                | grep "responded" \
+                | awk -F'.' '{print $NF}' \
+                | awk '{print $1}' || true)"
+
+            echo "... ${interface} is available in Home Assistant (with ${VALUE} devices), added to app.conf"
         fi
     done
 
     bashio::log.info "Network scan completed."
-
 }
 
-# Function to wait for the config file
-wait_for_config_file() {
-    echo "Waiting for $config_file to become available..."
-    while [ ! -f "$config_file" ]; do
-        sleep 5 # Wait for 5 seconds before checking again
-    done
-    echo "$config_file is now available. Starting the script."
-    execute_main_logic
-}
-
-# Main script logic
-if [ -f "$config_file" ]; then
-    execute_main_logic
-else
-    wait_for_config_file &
-    true
-fi
+execute_main_logic || true