Update cron.sh to fix permission errors in cron jobs (#5)

files/nextcloud/cron.sh

@@ -1,6 +1,34 @@
 #!/bin/sh
-set -eu
 # https://github.com/nextcloud/docker/issues/1740#issuecomment-1308141561
-adduser --disabled-password --gecos "" --no-create-home --uid "$UID" cron
-mv /var/spool/cron/crontabs/www-data /var/spool/cron/crontabs/cron
-exec busybox crond -f -L /dev/stdout
+set -eu
+
+# FIXME: cron jobs are hardcoded for `www-data` user,
+# but apache doesn't run under `www-data` in non-root containers,
+# which leads to permission errors in cron jobs.
+#
+# We create a user with the UID under which apache is running,
+# and then move the cron job from `www-data` to that user.
+
+UID_USER="$(getent passwd $UID | cut -d: -f1)"
+
+if [ -z "$UID_USER" ]; then
+  UID_USER=user
+  adduser --disabled-password \
+          --gecos "" \
+          --uid "$UID" \
+          $UID_USER
+fi
+
+if ! [ -f "/crontabs/$UID_USER" ]; then
+  mkdir /crontabs || true
+  cp /var/spool/cron/crontabs/www-data \
+     /crontabs/$UID_USER
+  # NOTE: crontab must be "own"ed by root,
+  # but we make it g+w to allow a non-root host user to edit it.
+  chown "root:$GID" /crontabs/$UID_USER
+  chmod g+w /crontabs/$UID_USER
+fi
+
+exec busybox crond -f -l 0 \
+                   -L /dev/stdout \
+                   -c /crontabs

tasks/main.yml

@@ -14,6 +14,7 @@
     owner: "{{ docker_compose_generator_uid }}"
     group: "{{ docker_compose_generator_gid }}"
     mode: "0600"
+    backup: true
 
 - name: Include nextcloud tasks
   ansible.builtin.include_tasks: nextcloud.yml

tasks/nextcloud.yml

@@ -32,3 +32,4 @@
     owner: "{{ docker_compose_generator_uid }}"
     group: "{{ docker_compose_generator_gid }}"
     mode: "0600"
+    backup: true