Dedicated DevContainer user + NVM

* Use dedicated DevContainer user to run Apache (ensure file permissions)
* Install NVM for node

Signed-off-by: GitHub <noreply@github.com>

.devcontainer/Dockerfile

@@ -33,18 +33,15 @@ RUN apt-get install --no-install-recommends -y \
     curl \
     lsof \
     make \
-    nodejs \
+	unzip
-    npm
 
 # Composer
-# Download the Composer installer script to a temporary file
 RUN curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php && \
     curl -sS https://composer.github.io/installer.sig -o /tmp/composer-setup.sig && \
     php -r "if (hash_file('sha384', '/tmp/composer-setup.php') !== trim(file_get_contents('/tmp/composer-setup.sig'))) { echo 'Composer installation failed, invalid hash'; exit(1); }" && \
     php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer && \
     rm /tmp/composer-setup.php /tmp/composer-setup.sig
 
-
 RUN echo "xdebug.remote_enable = 1" >> /etc/php/8.1/cli/conf.d/20-xdebug.ini && \
     echo "xdebug.remote_autostart = 1" >> /etc/php/8.1/cli/conf.d/20-xdebug.ini
 
@@ -70,4 +67,19 @@ RUN apt-get -y install \
     apt-get install -y docker-ce docker-ce-cli containerd.io && \
     ln -s /var/run/docker-host.sock /var/run/docker.sock
 
+# Dedicated DevContainer user runs Apache
+ENV APACHE_RUN_USER=devcontainer
+ENV APACHE_RUN_GROUP=devcontainer
+RUN useradd -ms /bin/bash ${APACHE_RUN_USER} && \
+	adduser ${APACHE_RUN_USER} sudo && \
+	echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
+	sed -ri "s/^export APACHE_RUN_USER=.*$/export APACHE_RUN_USER=${APACHE_RUN_USER}/" "/etc/apache2/envvars" && \
+    sed -ri "s/^export APACHE_RUN_GROUP=.*$/export APACHE_RUN_GROUP=${APACHE_RUN_GROUP}/" "/etc/apache2/envvars"
+
+USER devcontainer
+
+# NVM
+RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
+RUN bash --login -i -c 'source /home/devcontainer/.bashrc && nvm install 16'
+
 WORKDIR /var/www/html

.devcontainer/README.md

@@ -31,5 +31,42 @@ The following services will be started:
 |---------|------------|-------------|
 | Nextcloud (served via Apache) | `80` | The main application |
 | Mailhog | `8025` | SMTP email delivery for testing |
-| Adminer | `8080` | Database viewer. Use credentials from above and connect to `localhost:5432` to get access to the NC database | 
+| Adminer | `8080` | Database viewer. Use credentials from above and connect to `localhost` to get access to the NC database | 
 
+## Permissions
+
+The container runs with the user `devcontainer` who is also running the Apache2 process. All mounted source files have
+proper permissions so that this user can access everything which is inside the current workspace. If you need to
+get root permissions for whatever reason, use `sudo su` or `sudo <command>` (for example `sudo service apache2 restart`).
+Everything else (like building the application, adjusting files, ...) should be done as `devcontainer` user.
+
+## NodeJs and NVM
+
+The container comes with [`nvm`](https://github.com/nvm-sh/nvm) and Node 16 installed. This should be sufficient to
+build Nextcloud Core sources via `make`. If you need a different Node Version (for example for
+app development), you can easily switch between different versions by running:
+
+```bash
+# Install and use Node 14
+nvm install 14
+nvm use 14
+
+# Check version 
+node -v
+
+# Switch back to Node 16
+nvm use 16
+
+# Check version
+node -v
+```
+
+Note that `nvm` is only installed for the user `devcontainer` and won't work out of the box for
+any other user.
+
+## Debugging
+
+The Apache webserver is already configured to automatically try to connect to a debugger process
+listening on port `9003`. To start the VSCode debugger process, use the delivered debug profile `Listen for XDebug`.
+After you started the VSCode debugger, just navigate to the appropriate Nextcloud URL to get your
+debug hits. 

.devcontainer/codespace.config.php

@@ -14,7 +14,9 @@ $CONFIG = [
 ];
 
 if(is_string($codespaceName) && !empty($codespaceName) && is_string($codespaceDomain) && !empty($codespaceDomain)) {
-    $CONFIG['overwritehost'] = $codespaceName . '-80.' . $codespaceDomain;
+    $host = $codespaceName . '-80.' . $codespaceDomain;
+    $CONFIG['overwritehost'] = $host;
+    $CONFIG['overwrite.cli.url'] = 'https://' . $host;
     $CONFIG['overwriteprotocol'] = 'https';
-	$CONFIG['trusted_domains'] = [ $CONFIG['overwritehost'] ];
+	$CONFIG['trusted_domains'] = [ $host ];
 }

.devcontainer/devcontainer.json

@@ -3,7 +3,6 @@
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "nextclouddev",
 	"postCreateCommand": ".devcontainer/setup.sh",
-	"postStartCommand": "chown -R www-data:www-data /var/www/html",
 	"forwardPorts": [
 		80,
 		8080,
@@ -23,5 +22,6 @@
 			}
 		}
 	},
-	"workspaceFolder": "/var/www/html"
+	"workspaceFolder": "/var/www/html",
+	"remoteUser": "devcontainer"
 }

.devcontainer/entrypoint.sh

@@ -1,6 +1,5 @@
 #!/bin/bash
 
-# Set proper permissions and start webserver
+sudo service apache2 start
-chown -R www-data:www-data /var/www/html && service apache2 start
 
 while sleep 1000; do :; done

.devcontainer/setup.sh

@@ -12,9 +12,9 @@ git config --global --add safe.directory /var/www/html
 git config --global --add safe.directory /var/www/html/3rdparty
 
 # Onetime installation setup
-if [[ ! $(sudo -u www-data php occ status) =~ installed:[[:space:]]*true ]]; then
+if [[ ! $(sudo -u ${APACHE_RUN_USER} php occ status) =~ installed:[[:space:]]*true ]]; then
     echo "Running NC installation"
-    sudo -u www-data php occ maintenance:install \
+    sudo -u ${APACHE_RUN_USER} php occ maintenance:install \
         --verbose \
         --database=pgsql \
         --database-name=postgres \
@@ -26,4 +26,4 @@ if [[ ! $(sudo -u www-data php occ status) =~ installed:[[:space:]]*true ]]; the
         --admin-pass admin
 fi
 
-service apache2 restart
+sudo service apache2 restart