From 2f1babc681ca5004d4f6e060bcdbfc2d4932f0b1 Mon Sep 17 00:00:00 2001 From: Joachim Friberg Date: Tue, 24 Mar 2026 11:21:57 +0100 Subject: [PATCH] fix(ark-suac): align ports, service naming, and permissions bootstrap --- Apps/ark-suac/README.md | 10 ++- Apps/ark-suac/docker-compose.yaml | 99 +++++++++++++++++++++++------- dist/phirna-appstore.zip | Bin 302482 -> 303044 bytes 3 files changed, 86 insertions(+), 23 deletions(-) diff --git a/Apps/ark-suac/README.md b/Apps/ark-suac/README.md index 5d7b3f4..2c4cd52 100644 --- a/Apps/ark-suac/README.md +++ b/Apps/ark-suac/README.md @@ -23,7 +23,7 @@ This app provides a dedicated server for ARK: Survival Ascended, allowing you to ### Volumes -All volumes are mounted under `/DATA/AppData/ark-survival-ascended/`: +All volumes are mounted under `/DATA/AppData/ark-suac/`: - `steam`: Steam runtime files - `steamcmd`: SteamCMD installation @@ -46,6 +46,12 @@ All volumes are mounted under `/DATA/AppData/ark-survival-ascended/`: - No privileged mode required - No Docker socket access +### Permission Bootstrap + +The compose includes a one-shot helper service `set-permissions` that runs as `root` +before the game server starts. It only performs `chown` on app-specific bind mounts so +the main `ark-asa-server` service can run as non-root `gameserver`. + ### Data Persistence All game data, including server files, save games, and configuration, is persisted in the bound volumes. The container will automatically download and update server files on startup. @@ -121,4 +127,4 @@ Set `ENABLE_DEBUG=1` to prevent server startup and investigate container issues. ## Support For issues specific to this ZimaOS integration, please contact the Zima Apps Team. -For game server issues, refer to the upstream repository or ARK official support. \ No newline at end of file +For game server issues, refer to the upstream repository or ARK official support. diff --git a/Apps/ark-suac/docker-compose.yaml b/Apps/ark-suac/docker-compose.yaml index cc2ce69..d0bf77b 100644 --- a/Apps/ark-suac/docker-compose.yaml +++ b/Apps/ark-suac/docker-compose.yaml @@ -1,26 +1,48 @@ -name: ark-survival-ascended +name: ark-suac services: - server: + ark-asa-server: image: mschnitzer/asa-linux-server:1.4.0 - container_name: ark-survival-ascended + container_name: ark-asa-server + hostname: ark-asa-server + entrypoint: /usr/bin/start_server + user: gameserver + tty: true restart: unless-stopped environment: TZ: Europe/Stockholm - PUID: "1000" - PGID: "1000" - WEBUI_PORT: "8080" + ASA_START_PARAMS: 'TheIsland_WP?listen?Port=7777?RCONPort=27020?RCONEnabled=True -WinLiveMaxPlayers=50 -clusterid=default -ClusterDirOverride="/home/gameserver/cluster-shared"' + ENABLE_DEBUG: "0" ports: - - target: 8080 - published: "8080" + - target: 7777 + published: "7777" + protocol: udp + - target: 27020 + published: "27020" protocol: tcp + depends_on: + - set-permissions + volumes: - type: bind - source: /DATA/AppData/$AppID/config - target: /config + source: /DATA/AppData/$AppID/steam + target: /home/gameserver/Steam + - type: bind + source: /DATA/AppData/$AppID/steamcmd + target: /home/gameserver/steamcmd + - type: bind + source: /DATA/AppData/$AppID/server-files + target: /home/gameserver/server-files + - type: bind + source: /DATA/AppData/$AppID/cluster-shared + target: /home/gameserver/cluster-shared + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true # Secure-by-default baseline. Relax only if appen kräver det. security_opt: @@ -32,27 +54,62 @@ services: envs: - container: TZ description: - en_US: Timezone, for example Europe/Stockholm - - container: PUID + en_us: Timezone, for example Europe/Stockholm + - container: ASA_START_PARAMS description: - en_US: User ID for filesystem permissions - - container: PGID + en_us: ARK start params, including map and ports + - container: ENABLE_DEBUG description: - en_US: Group ID for filesystem permissions + en_us: Set 1 to enter debug mode without starting the server ports: - - container: "8080" + - container: "7777" description: - en_US: Web UI port + en_us: Game port for player connections (UDP) + - container: "27020" + description: + en_us: RCON admin port (TCP) volumes: - - container: /config + - container: /home/gameserver/Steam description: - en_US: Application configuration directory + en_us: Steam runtime cache + - container: /home/gameserver/steamcmd + description: + en_us: SteamCMD cache + - container: /home/gameserver/server-files + description: + en_us: ARK server files and saved data + - container: /home/gameserver/cluster-shared + description: + en_us: Shared cluster transfer data + + set-permissions: + image: opensuse/leap:15.6 + container_name: ark-asa-set-permissions + user: root + restart: "no" + entrypoint: + - /bin/bash + - -c + - chown -R 25000:25000 /steam /steamcmd /server-files /cluster-shared + volumes: + - type: bind + source: /DATA/AppData/$AppID/steam + target: /steam + - type: bind + source: /DATA/AppData/$AppID/steamcmd + target: /steamcmd + - type: bind + source: /DATA/AppData/$AppID/server-files + target: /server-files + - type: bind + source: /DATA/AppData/$AppID/cluster-shared + target: /cluster-shared x-casaos: architectures: - amd64 - arm64 - main: server + main: ark-asa-server category: phirna author: Joachim Friberg developer: Joachim Friberg @@ -69,4 +126,4 @@ x-casaos: title: en_us: ARK Survival Ascended Server index: / - port_map: "8080" + port_map: "7777" diff --git a/dist/phirna-appstore.zip b/dist/phirna-appstore.zip index a1536dde951899991056e368834d108230e73dad..05e65ed0304a32093e1a21165509ee0b4079ddd1 100644 GIT binary patch delta 7856 zcmZWtcRZEv8$O)Jijckc-jTf}EBV?aDD=e$o=JKgPWIx5qHSipe6V8}6%hcl@}NxfYAJiS~q zRc{eT9?l{X+l;eih`8`TwkZ(@g7gwGlJCL`F?eBiI+4US&JHstiPSccMjm2UEDR-( z$Rkh>2^A>}J)~4Xpj}j|0EYBwjSvW;?I#G2GH4)B1w$->CBmwRK<=#h1n4iP_$HLy zOGNN+h-)80O5_?MfvZ~zs3Q<0;6|waM_6!Mhnneth}kwysCQH3Fd}9VRUm@vnTmNJ zP^VZQpd82HZsUY{9ZmsAJz3{&f>^@e4SI9}kWo-zup7q$ zS=iGqp$Pe}%M39*(OY-le=3F?+afIB8|Oq>_wh8-cXobrvC=^sazw z^ZIO&>U~ZU+DZ8PA*9}o&F=J%Kq{#PJR^|kgHIr&^x*4oC7lpt%Iww515(Ogy<4M%zyA zKw~3iV6-tZV_Pks9TO!-K%)W?bkmJ~bR>fGN87?2zL*3Axf(MKBbm5F1mQZh3?qAD zk%NkCVo@v(;qb)ez?|kdOHC|GCBlD*TgpLUc17Cg*L6H|%;QbvN}{wqT4wza(4L``ctJ$R;OGU7G`tjS z5wJP;HN$_gfY*jun8d3m!&)Fw&f{TmfjaHXFU?1{%Y(%`vzl0b=@gjfx?G$vx+(E1 z-Tn8x4r$ca4l^9XD5%=q_24RfSt!51@GS{dCE6BSN6)5*4W1R98NT9n9yV>3;Xj9I zIsdL!2&(6#&-yPkLyAc`{m8V4)?2zqS*{s<2 zgnEBtOhB7^x@QJ8ZzuTx}+#OEY!KcSTXThOvYV!p%VB&f=UJQ)QZa zd?m{Q+eTBV!*K#DY%fkW?=>S?RgGkVyrka9JH2M*zAk)^O`tCHBuO|E#czjv)>)09 zv{Nz4v|$**3+qg{OV@k`zDIti_U5n++I>T=`h4SX&2xXJ&KUV!2il2TgZXCFc^k^s z!W#p#%1{_FO^8>t+FbY@V7J! zXj88-Pz%d*c%=E{C0||$v$uEJ<=d0qmUiti*Z064k9wNf`l>Vod7h86Mifg2cWLXN zGpLTOo04IFFC9phP^QpB8~(wy$L3f?iTrKKWswpg4Vf>iD{{uhZ+b*~mUbb_xyZb!u-C2cn;hD;TkSNXQHul%)b;7HcW%IwQ=FExeMvNP(`q;lpd8Fy6 z?%-IW+425sZ2sS&kJ2j_s3J(O=7&-WTsp0P)k3`WQ>3$bEa%>;{2~>#dm@i2Y~;&5 z-@n&(t6u4|l?xap9gZ-P%+GN(>sA|s z{ap+0#}$=tk&`g;ym@0bFvuX5C)I9rThq|MbZAWSe73E+kM!V6F7Ckl7REkJr+1S& zll~ZTWIDq){YtU3>2Bw*IVa+zmxEcK?pfD6-5GDDWq%l-sE51PI_XKKUi#Q8uY~x6 z2<-xy{9{w)amnhZ9wg=DMVVC#-vTP3Q$)9grIhlh7>Um>xm3*lSFI2!mtylpete8{ z37Rl`c-K~OI9gLZ8Yi_7CEdKB_&vV7U=BJGVprKdppnETTzy6Un_${6w$iQ-x`qquhN)t^WM#kgKF3UbeB#hGEGzZG@Th}X)t6nF zRyT|_Cx;R;A4>gtuYXutWmZD7v8agJ#IDeNk*98=h3tVd9``pxH>ob%4WTQRQgdolZ*;6nYf#mo?1i+40qGnC zwxs$!%W|85_;H80R()T0C&!B_hnDG6$r#I74AaXEsVB8cxSO8a;)IR4wHH@|-x_N6 zUN0Y6n3_^@wmWDORMURN^148R*}N^0*`@j*ceUZ4_xN6aZ~2{Gn2W2-Gf(h)r&H?U z!`xV+=Bh3$!p&Cel*TvA`}qtF6h@pYQ^|C>ik^glb8n2b#Sy6%lb~pQ8L<@!uiH)M z9$>TMYxjCL$|XJ>i?hd#`1#yDl@c_cv2f|>RQM3`r#a=3vvr^6XNm*qwkoBqutdxbJ#Pe}cq&@%GM#+Li1n7J{7gbPsGtWxNx6 z1uRC@Z=M|~NU+vv1Jfgg;e2jBoN|60N3BMbVnvl-ljuOzxTa)2RbG!9siYCv8;pB~{9*EpZ zSMbP6@17`r+ozHvtT@;@L$eYltJJ>EQ2Jdn9s0#rv^T!v&oS2T ztCf=9-Qu_sy_N*pY3&L=|W$VCh-%J;4IK-q2O8emT#0Nkmnw zvLonEzoF8iwe(TPieud}r>v`m@luW@{O^hNrHiwX{R)nE=W$P*-QIm#ChLg-I~Ed znPh>ZW3fc?_{N&GM_D{1?LSXD>=n^K=~JI}ub<*+I$v-!A(}>KWd5Cw$pvRN0|D^|FVZ@y z%%!zBFUG3}3@WB9T@(`R6-^6}w!ds-bLVY*0BfIK(Qy%H{^Bze>fHS#nQGxwxWmu2 zA9n6fs(S7E=F|K22kpW=Y}G&23jGCp!g<{iR!@XjtNMR%!OpjTX|}lAsh)4X7RMh` z$@=;1iovchpxQpyP32KU{n=oup0RJV$9Cvge{A;KPvq;T`923cttZO+W!Rj5qos6& ztDWQl*Uu>vyOrfhKh zLdP#lI?2o3PntZ!OtMEU_P(-jwvx%sh2NgaO8iXwGyW}?8QV@E*<;L~AC#`Ff z7oW~jm)0T_|{m9L@C}L|Ew_In=vcfIRen;CuHMWz#RVkt67ukAQ zuO;JwfVFE1^OTYLKUSnzf78X`%A+cTW+@ng`)1n(+*?oH(%oN7pKNE9&S~+hPIV3k zKkJY?3W#GAE4KZXvi&j)d5&WDZYSWkVW@Kyi(EOh5Ix7*!7o0L!x&a&lh;x*hBbq4 zFrYwcAh;*QJvby-+RAe41!nUd3)=r0Yp^MSGGAkBV1>pMRu?IAb_$E7K*~U-X@LCy zUbdmBk6Udao;hqROusaT)j?{^&tYd7U~uFwR&En)q6Gb9F!qcLAonmW%;dlp@hr1R zM2z012FPp>paIRWwu1&Bmn;a4i56%heI01Q3ZaJu3sBw!p)3~g71k!Q0>lfVeZ>m) zBU&LgphU3Z%(JCMcpW?dxp>)HvmRb>2+`8>feeDSLIkL8f_N=zL$RVjb2~xUPw?4% zZFh+}1nv-+`z^MeXITId!Z;mPTWwm%t$`dtu5JeoB7V~BfErx#z8yG#G-o~nvnsH`tGk-+KdHbZqPcY|-%@A7G4*WqrW`I7a;B z`vPTj{);crLC02p;2@gc>j&h}F{3|lLi2O|fd@L~3;?0%xG?}6N5^V`z!#1YKZAk5 z4ITd%w82O6V?n?Nt#=Ow;pljMGe-DO2=GJK6AA@kXnt2Hh(YHaPJk$Me(eN^N9Rk! zKqNY^623D(84k{%^9d0ELdWVSK^{6@Ik}NX{Nnp_K>d-x8BH>b0*UB&ISQOc$9d5k zLm-DnK4zz>7co2Y;W$u;*2|sRS%3T#NJi%qV|Vg(;&#S=;y@|PM~3K#2RO9e{xnEJ z$D|1$8y&YLfLydb;LOfLLz)Ou(fk{U8;1s&SLf``Lp5|31fuIXB!OdS{o5oEjl|SD z@8qDgb3g{k@xVFsdjb!Jg>dhWznsIA$ErPn{+t8CNGAfDkly@5zsbg6XfdC(b;cmG zRKQ4PWk~{GDsL@TX)@p-PTxpEX`@&Ql8rnv+&Y|}+0K(eA4jn?|B$>>@TB;cgbq+? z3SdM`!OtAdG<=fj4V+}(Y7dtuI8JU(n9IOBF2R5HqUQS)>q(Fh9#@E&>QsCww`oEt z$a4zIwCMxcc|xnk`3)cVFLg>}DPbQ`un*FOtt2T#Iftb}O+xT9;N7+~h<|>*Ho;)T zQGUu}2hdWkbij-hC+J3E94xQm?^QMN_o^H_bU%q8?F_&OC8YyuL<0M1O~?EBMX`~b z->kP|5{MQ~@*pBYpOk|+Rz>)=`hx%P@8~l}V6#Ju)Bu?ZsWzX1Z#BIKuEtIs9C9=y z6#mh)bEC~N@fRiR|94N&XG8@x^QYM9Z51iB!~@v=l`1??ycjfS6j0mnavj^^ME4T){!wX^~G)=0>L4&fO@qR?e?!jAX8)|A;Y|RlKd8mYgLwS}x@RZuIKQk^HflP0U-OoW%~=$RCKq>Y|tQ+f}NAb6yRz0MmuTrs5OR9+#i@^`rl3x z8Dw0z^NA2%h^Kj4p=dpYJG(8xjAG_n!k>LRR?QU( zC;qK$_la!6hm;Sb4|ZNeU1e^+n!pktms?&yC^!oFlb)8`$+AC`{Y7>wYK z4md~HnFM+_x{C3RtK2snuN7}RrC_s!Qo19@1F(3b@P}?ksXTAUv;?r?OW}Xg(?c;O NfSPpH8-GEC`5#Mk;PLsJH|FA4J4TjPN+4u@NZ z%OV!=$g}UV8VufLRbX(9HH%otqQJ1B+aW-N3lF$xOdO3_WX~eOa1~u;*|2UE&tp+q z!#B}1iXO7;WFT!)tbTYHN@deRp#e4?b{LxA)YFyZMPI1o7WM0)2#yP^eCr zim(V`Iw<5XR*FDBH!CtAT5U)Twvw7CDP8g=8?5dmYluRS>;Xjm`}S>XahRSg2o7sF zqSr%kLxV--wOL?2dxbz0>Q@*<^r*`2C^WCUS&qgkB<)9){7JrW*a*oPMVQvn)ESLs zUf(OuUTb`$mfu_sqFGv8w2|Ikc&tLMo_mq<&U<;U#bJ6=-5!+zmmDkLXP9G*TQ=+YkdC8PA8zE4@ zdIBQ_lynr4O#Tl>1gPk!qMKMwrJx+CW5qD1^B6j*ZJScYk#T;NhK^(#F})etpD!7H zjJP(xOd`U%knM^}F^W{k31=WFRXOQZIV`k`wW}%zFJ`npix}r&vVkx<%#On)u7`$h z;-x9{`5Fu+$8qCWzy}r_4!J?)xOj%oY6~B|cR}hTRGamtezU#QfU0imKH(4}Zv**T zz8S%pox0X%b~(n(rT_R?nP}w}bBBeSe_C+l=GVxHo_pJUbw9szwApm&_9nNCYHL!- zIUAdjIYPPY&(>^8B{45NSLejvPF|E(T#rr;olxm5j-5;@tfcA`?(N5L$O}%yN(wk$_eFz3%x=3Na25` zrnQV*M*k&no+>>qnzmalzk1}u-1+?A#)_vlL(#<-3l&L?qa1vXljT3e_7H?C#RDi$ zZ7scb>@a#C6ImV%+#Wof7Vz?ZZUj3!Mom z@Bi?9%QrdZ7AEuWx);Ib23Gq^P8F^-z~P+iff50(jf`IMNs zD1jzJu~z-k{f;0?*!^UbRH{*Gs#p#|RQ2og_Obh$@9D@?D<;p1Gxy2|1eO-7tuHLa`KO}v`U0PR+xGgj$8}y+VBgFCz59MphyrV7T(Pr|Za2@n znT@5TSN~h8cYLDB{o%6k)1fkV-uj2Nl!XVv&&3W&+NJNAoQY6R?A>CQrZf5Zceybt z{zymM8EHvxoc2)HwWd8!&))v@Y93#;VxF>JIjNeDR1nCYYtd%vuO8>LuY)?bzxTZ;QMx8O{!HI)g^KB*&q57y;a}&8m+Q06b5KSq zUxa3mx6I{bW%0QTD&_fFC;1s$R;+7(Q2RuG&h}&Gh(|;Ft=ch(72cgk>of25{Na2e z&z>S-?;&Nb66-VxslEU6Q@PT)lzbE5cz~_FM`nI`t7RibDS6{7J0KY1HZa`RQKpqTxZcb^X#Wdj23AYdueH zT>d~z*niqMv1#w{z39Ns*+Z1b?ulU~-};(+^-7#GwZTw+WpVnM6N2OG5BFP2@h4if zO50GJMecl__NQ(-2pKCsWF79fsB*`weAoT+*OX1aUJVs!_|_EBah&WmZEanuy}0GY zW8MSf&H{43Ri07HKc1ba;j7RS#lCf&hI8S!pPWs8A&T<80q%G8>NRBXM+PlxPHao7 zkQ?QC@6P|xvOMqkwuVWb3k}=TCuPogDm3?O*E3;eC!m!$;I{vih zDC?vg#UQGTSnJXptfTE`4(7y#zba{KE-nC(#>>W%>`7Njh4}ogP^K2$=E)rn6AK$i z-%mf8(0b!x?C=L?uxQw2qrXq<^9Bl$Hl4j~7PEQ9S=7IrO{h6KIM?#BqCvjh$APYY z_C0&+X8qY(Ky;r&Z8EsNG-m7^?tG2yQ z&hf?X>z_)Q`b~m7sB+@;@YaA^j&)_D>3#8ESVRo!hs-Y>yktmB?IFl2@y_LSI_x9+ zrYU|2eY?ETS(UQ>m2~CRZq_+p^*2VRq`&=cM#=7pygKsZ3ijnY&SPW$`haCtP8{w! z?P(~5lYmrnfDC2zjq87&h$T+5cC)|nA6;?D4%*`0k!zO9|8}2!P?-oIX5`0ZYJZe{ zIF$I(%k>Elt8_-O{dIV?WuZrp4)TVT@$sBE-h{|JpXm9_1O-wYe}ZI74Iy{FZs8BaG~m` z4vlTf4lLIl)_Yf%BGzUZb#;Aq%YhL4iw|&B_?jW2YuTeKL9Y2V3r^cY2?KKhjqQn2 ziX^4~l&8`z#AR~#rfWzpQ0CPQ$Aek|ikVw{nt2|Vae6-4t3QqBx){gy_wnmI*OJ&Y&o<5GkO{xl z2t07t_peG8>*EUWF21KS_}RKN@pPiX5y_A2fvRH8TII{X+pOR|T723`VGZtjCdM7v zz?Zo9=ko{N{}j)d-)^=m9pPFen5u^bT^}${I?~>e(-3M>aVKEAg-P1_jZQn*JR@Y> z2+uvMGd{Td*-)SSSK42927TMOF;?J&Yqz>vGnv@+mJo7m$D#287vfxFbMZv9< zvW-*Qwob~qD;Mt8aZi_ah&z`>S^jY+Alx{@()+M4rc6G9n-g8PEg=L_EQpqbj{m@OVy!iYlfA zUie)%rGfKK0PO@_1hEJJaY*MiegmrI_!>`z!|uMuo1$8q-{7AM!ysS<8YpPU3T|+~ zAO{yfkJepQT)=g$cKf3LzxI#(0PPmi766^F%Ax>3Ptc6x0Awi$Oweq3g5W)pEma)o zp|xHY2k+q6o=vM|p|N}tzzmIbl>oX(QH9d0u_$j*8lb1@)n$Au18mV)3t5nl#NJZ? z1`LpSi?tMi@tOlZyF!p6ut5c0Dgr99#i2XaRIls+2jTM|q^Jt4P-cQE_`VJX6e3XRro(8h}a!{I+u~k)0uU46PW${i69N@?@9y^)($@cPGW7jqjW!7FD<_W^yMh<#*z|~ zKswfzp@8F9`v!&H1UfW<$;?G@QPJDW`6W>W?Ll{{0{Tc zCKgix1sk861~Rd>ZaOH!+ON|=2{!&r2J_J9W`Z0n|DR0y(4hTBpI{!U?V+zIKWtpLl6sU2wJ3p*xUD4%m)n+6uD~H{(Ac z9G#8B@#Ef@@K50(>Jz*$2g!*I{!F;KTDNk51m2V3g$AbaoNROg+Ma4IjnIlAa6p@8 z@O;0pDq)txG(8D)D;I1)3xn@Fd-7@CXAcptIAoj$*w7}Cva>oikP};sn9FBG(;?*-6?6yiLO>g0Znx1C&PQG0IbJ)U(vj* zBOFk55!e82E(9BYT_jfj^{{i(>Ndf;$RK1}7n90qYx0(M$uQN@O%H+I6aqf1-sU1& zvKBsAPnt<@3p^^E0)wJ695~#B2o9&fq{ju_E~MQC`ig)ET02sKz@^BgXTM6QS8u6$=c>1aoXcLLuA?k?mt@7+L*XnYWr4tHYr&kfte*Fiq`Y$ zKUqc;{a1C007ofe8~=WiR{IJ8@+kuf|I>H~M02{yBTlFd0)k8noS!9`xrY^p`%J5l zxjJPLfiS%<@Q$l`G7Obxx+K@VvxrB4Mqp!Z8@B^c-+PJY_o4FZA# zl_TPR{cSj$qOor4(j`uvVxHm~u=BD$-N|3}OBY@E@+BqOdMVQ`4W^RVP2dpZ1q0pb zzA~Cr6@n{3$>xCLf0j(GoW@vZN>4^(2w`Rco~0JpuVA_A=YW2eGk2^~L1ReTVi-vk zfE!&#SfdeU=PBy;cP!q5y}R62Re9n0jg<(W4Gl0v>b>kdUdnCWp7u zmH@sqnL^au;h~X(W-IA8Npxofey3G2z;Kd&Uuy!rL8V^zq_w+nDrhJ?Nv` z;{~`eg~N?4!;-OnbiY#7+Wp1=z6F@y35vke%7ZUKCdmWA02koz6HPwse_)4CL`0PG Z!Km;s#*on7^o5|7DzKitjYh-a{tu