Add authMechanism config, make creds optional, update docs

README.md

@@ -172,12 +172,14 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=Etc/UTC
-      - MONGO_USER=unifi
-      - MONGO_PASS=
       - MONGO_HOST=unifi-db
       - MONGO_PORT=27017
       - MONGO_DBNAME=unifi
-      - MONGO_AUTHSOURCE=admin
+      - MONGO_STATDBNAME=unifi_stat #optional
+      - MONGO_USER=unifi #optional
+      - MONGO_PASS= #optional
+      - MONGO_AUTHSOURCE=admin #optional
+      - MONGO_AUTHMECHANISM=SCRAM-SHA-256 #optional
       - MEM_LIMIT=1024 #optional
       - MEM_STARTUP=1024 #optional
       - MONGO_TLS= #optional
@@ -204,12 +206,14 @@ docker run -d \
   -e PUID=1000 \
   -e PGID=1000 \
   -e TZ=Etc/UTC \
-  -e MONGO_USER=unifi \
-  -e MONGO_PASS= \
   -e MONGO_HOST=unifi-db \
   -e MONGO_PORT=27017 \
   -e MONGO_DBNAME=unifi \
-  -e MONGO_AUTHSOURCE=admin \
+  -e MONGO_STATDBNAME=unifi_stat `#optional` \
+  -e MONGO_USER=unifi `#optional` \
+  -e MONGO_PASS= `#optional` \
+  -e MONGO_AUTHSOURCE=admin `#optional` \
+  -e MONGO_AUTHMECHANISM=SCRAM-SHA-256 `#optional` \
   -e MEM_LIMIT=1024 `#optional` \
   -e MEM_STARTUP=1024 `#optional` \
   -e MONGO_TLS= `#optional` \
@@ -249,7 +253,9 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e MONGO_PASS=` | Mongodb Password. Only evaluated on first run. **Special characters must be [url encoded](https://en.wikipedia.org/wiki/Percent-encoding)**. |
 | `-e MONGO_HOST=unifi-db` | Mongodb Hostname. Only evaluated on first run. |
 | `-e MONGO_PORT=27017` | Mongodb Port. Only evaluated on first run. |
-| `-e MONGO_DBNAME=unifi` | Mongodb Database Name (stats DB is automatically suffixed with `_stat`). Only evaluated on first run. |
+| `-e MONGO_DBNAME=unifi` | Mongodb Database Name. Only evaluated on first run. |
+| `-e MONGO_STATDBNAME=unifi_stat` | Mongodb stats Database Name. If not specified will use MONGO_DBNAME with `_stat` suffix. Only evaluated on first run. |
+| `-e MONGO_AUTHMECHANISM=SCRAM-SHA-256` | Mongodb [authMechanism](https://www.mongodb.com/docs/drivers/java/sync/current/fundamentals/auth/). For FerretDB with Postgres set to `PLAIN`. Only evaluated on first run. |
 | `-e MONGO_AUTHSOURCE=admin` | Mongodb [authSource](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource). For Atlas set to `admin`. Only evaluated on first run. |
 | `-e MEM_LIMIT=1024` | Optionally change the Java memory limit (in Megabytes). Set to `default` to reset to default |
 | `-e MEM_STARTUP=1024` | Optionally change the Java initial/minimum memory (in Megabytes). Set to `default` to reset to default |

readme-vars.yml

@@ -23,15 +23,17 @@ param_ports:
   - {external_port: "8080", internal_port: "8080", port_desc: "Required for device communication"}
 param_usage_include_env: true
 param_env_vars:
-  - {env_var: "MONGO_USER", env_value: "unifi", desc: "Mongodb Username. Only evaluated on first run. **Special characters must be [url encoded](https://en.wikipedia.org/wiki/Percent-encoding)**."}
-  - {env_var: "MONGO_PASS", env_value: "", desc: "Mongodb Password. Only evaluated on first run. **Special characters must be [url encoded](https://en.wikipedia.org/wiki/Percent-encoding)**."}
   - {env_var: "MONGO_HOST", env_value: "unifi-db", desc: "Mongodb Hostname. Only evaluated on first run."}
   - {env_var: "MONGO_PORT", env_value: "27017", desc: "Mongodb Port. Only evaluated on first run."}
-  - {env_var: "MONGO_DBNAME", env_value: "unifi", desc: "Mongodb Database Name (stats DB is automatically suffixed with `_stat`). Only evaluated on first run."}
-  - {env_var: "MONGO_AUTHSOURCE", env_value: "admin", desc: "Mongodb [authSource](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource). For Atlas set to `admin`. Only evaluated on first run."}
+  - {env_var: "MONGO_DBNAME", env_value: "unifi", desc: "Mongodb Database Name. Only evaluated on first run."}
 # optional container parameters
 opt_param_usage_include_env: true
 opt_param_env_vars:
+  - {env_var: "MONGO_USER", env_value: "unifi", desc: "Mongodb Username. Only evaluated on first run. **Special characters must be [url encoded](https://en.wikipedia.org/wiki/Percent-encoding)**."}
+  - {env_var: "MONGO_PASS", env_value: "", desc: "Mongodb Password. Only evaluated on first run. **Special characters must be [url encoded](https://en.wikipedia.org/wiki/Percent-encoding)**."}
+  - {env_var: "MONGO_STATDBNAME", env_value: "unifi_stat", desc: "Mongodb stats Database Name. If not specified will use MONGO_DBNAME with `_stat` suffix. Only evaluated on first run."}
+  - {env_var: "MONGO_AUTHSOURCE", env_value: "admin", desc: "Mongodb [authSource](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource). For Atlas set to `admin`. Only evaluated on first run."}
+  - {env_var: "MONGO_AUTHMECHANISM", env_value: "SCRAM-SHA-256", desc: "Mongodb [authMechanism](https://www.mongodb.com/docs/drivers/java/sync/current/fundamentals/auth/). For FerretDB with Postgres set to `PLAIN`. Only evaluated on first run."}
   - {env_var: "MEM_LIMIT", env_value: "1024", desc: "Optionally change the Java memory limit (in Megabytes). Set to `default` to reset to default"}
   - {env_var: "MEM_STARTUP", env_value: "1024", desc: "Optionally change the Java initial/minimum memory (in Megabytes). Set to `default` to reset to default"}
   - {env_var: "MONGO_TLS", env_value: "", desc: "Mongodb enable [TLS](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.tls). Only evaluated on first run."}

root/defaults/system.properties

@@ -41,6 +41,6 @@
 # unifi.throughput.port=6789
 #
 db.mongo.local=false
-db.mongo.uri=mongodb://~MONGO_USER~:~MONGO_PASS~@~MONGO_HOST~:~MONGO_PORT~/~MONGO_DBNAME~?tls=~MONGO_TLS~~MONGO_AUTHSOURCE~
-statdb.mongo.uri=mongodb://~MONGO_USER~:~MONGO_PASS~@~MONGO_HOST~:~MONGO_PORT~/~MONGO_DBNAME~_stat?tls=~MONGO_TLS~~MONGO_AUTHSOURCE~
+db.mongo.uri=mongodb://~MONGO_CREDS~~MONGO_HOST~:~MONGO_PORT~/~MONGO_DBNAME~?tls=~MONGO_TLS~~MONGO_AUTHSOURCE~~MONGO_AUTHMECHANISM~
+statdb.mongo.uri=mongodb://~MONGO_CREDS~~MONGO_HOST~:~MONGO_PORT~/~MONGO_STATDBNAME~?tls=~MONGO_TLS~~MONGO_AUTHSOURCE~~MONGO_AUTHMECHANISM~
 unifi.db.name=~MONGO_DBNAME~

root/etc/s6-overlay/s6-rc.d/init-unifi-network-application-config/run

@@ -1,6 +1,8 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
+STATDB_NAME=${MONGO_STATDBNAME:-${MONGO_DBNAME}_stat}
+
 # create our folders
 mkdir -p \
     /run/unifi/work/ROOT \
@@ -45,11 +47,15 @@ if [[ ! -e /config/data/system.properties ]]; then
             fi
             sleep 5
         done
-        sed -i "s/~MONGO_USER~/${MONGO_USER}/" /defaults/system.properties
+        if [[ -n "${MONGO_USER}" || -n "${MONGO_PASS}" ]]; then
+            sed -i "s/~MONGO_CREDS~/${MONGO_USER}:${MONGO_PASS}@/" /defaults/system.properties
+        else
+            sed -i "s/~MONGO_CREDS~//" /defaults/system.properties
+        fi
         sed -i "s/~MONGO_HOST~/${MONGO_HOST}/" /defaults/system.properties
         sed -i "s/~MONGO_PORT~/${MONGO_PORT}/" /defaults/system.properties
         sed -i "s/~MONGO_DBNAME~/${MONGO_DBNAME}/" /defaults/system.properties
-        sed -i "s/~MONGO_PASS~/${MONGO_PASS}/" /defaults/system.properties
+        sed -i "s/~MONGO_STATDBNAME~/${STATDB_NAME}/" /defaults/system.properties
         if [[ "${MONGO_TLS,,}" = "true" ]]; then
             sed -i "s/~MONGO_TLS~/true/" /defaults/system.properties
         else
@@ -60,6 +66,11 @@ if [[ ! -e /config/data/system.properties ]]; then
         else
             sed -i "s/~MONGO_AUTHSOURCE~/\&authSource=${MONGO_AUTHSOURCE}/" /defaults/system.properties
         fi
+        if [[ -z "${MONGO_AUTHMECHANISM}" ]]; then
+            sed -i "s/~MONGO_AUTHMECHANISM~//" /defaults/system.properties
+        else
+            sed -i "s/~MONGO_AUTHMECHANISM~/\&authMechanism=${MONGO_AUTHMECHANISM}/" /defaults/system.properties
+        fi
         cp /defaults/system.properties /config/data
     fi
 fi