From cc08ed6a109881f95b41ad6adc6f5a7b7a351969 Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 11:23:04 +0000
Subject: [PATCH 1/6] Update Dockerfile

remove root user requirement
---
 services/AUTOMATIC1111/Dockerfile | 45 +++++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/services/AUTOMATIC1111/Dockerfile b/services/AUTOMATIC1111/Dockerfile
index 54d41ba..a33fb1d 100644
--- a/services/AUTOMATIC1111/Dockerfile
+++ b/services/AUTOMATIC1111/Dockerfile
@@ -24,8 +24,45 @@ RUN --mount=type=cache,target=/var/cache/apt \
   # we need those
   apt-get install -y fonts-dejavu-core rsync git jq moreutils aria2 \
   # extensions needs those
-  ffmpeg libglfw3-dev libgles2-mesa-dev pkg-config libcairo2 libcairo2-dev build-essential
+  ffmpeg libglfw3-dev libgles2-mesa-dev pkg-config libcairo2 libcairo2-dev build-essential \
+  apt-get clean
 
+ARG PUID=0
+ARG PGID=0
+ARG USER_HOME=/root
+# set build args as container environment variables for entrypoint reference
+ENV PUID=$PUID
+ENV PGID=$PGID
+ENV USER_HOME=$USER_HOME
+
+# if user home does not exist, create it
+RUN mkdir -p "$USER_HOME"
+
+# home already exists, chown it
+RUN chown -R "${PUID}:${PGID}" "$USER_HOME"
+
+# Only groupadd if we're non root
+RUN if [ "$PGID" -ne "0" ]; then \
+      echo non root group detected; \
+      groupadd \
+        --gid "$PGID" \
+        stablediffusion ;\
+    else \
+      echo "root group detected" ; \
+    fi
+
+# Only useradd if we're non root
+RUN if [ "$PUID" -ne "0" ]; then \
+      echo non root user detected; \
+      useradd \
+        --gid="$PGID" \
+        --no-user-group \
+        -M \
+        --home "$USER_HOME" \
+        stablediffusion ; \
+    else \
+      echo "root group detected" ; \
+    fi
 
 WORKDIR /
 RUN --mount=type=cache,target=/root/.cache/pip \
@@ -36,9 +73,13 @@ RUN --mount=type=cache,target=/root/.cache/pip \
 
 RUN pip install --upgrade typing-extensions
 
+RUN chown -R "$PUID:$PGID" /stable-diffusion-webui
+
+# drop permissions (if build targets non root)
+USER $PUID:$PGID
 ENV ROOT=/stable-diffusion-webui
 
-COPY --from=download /repositories/ ${ROOT}/repositories/
+COPY --from=download --chown=${PUID}:${PGID} /repositories/ ${ROOT}/repositories/
 RUN mkdir ${ROOT}/interrogate && cp ${ROOT}/repositories/clip-interrogator/clip_interrogator/data/* ${ROOT}/interrogate
 
 RUN --mount=type=cache,target=/root/.cache/pip \

From b52f5c6f4bd6248c3a921dc31a4e3d0e13a4393a Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 11:26:04 +0000
Subject: [PATCH 2/6] Update entrypoint.sh

remove root user
---
 services/AUTOMATIC1111/entrypoint.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/services/AUTOMATIC1111/entrypoint.sh b/services/AUTOMATIC1111/entrypoint.sh
index 3b4d92b..e5b5bcb 100755
--- a/services/AUTOMATIC1111/entrypoint.sh
+++ b/services/AUTOMATIC1111/entrypoint.sh
@@ -31,7 +31,8 @@ rsync --info=NAME ${ROOT}/models/karlo/ /data/models/karlo/
 
 declare -A MOUNTS
 
-MOUNTS["/root/.cache"]="/data/.cache"
+#MOUNTS["/root/.cache"]="/data/.cache"
+MOUNTS["${USER_HOME}/.cache"]="/data/.cache"
 MOUNTS["${ROOT}/models"]="/data/models"
 
 MOUNTS["${ROOT}/embeddings"]="/data/embeddings"
@@ -58,8 +59,7 @@ done
 
 echo "Installing extension dependencies (if any)"
 
-# because we build our container as root:
-chown -R root ~/.cache/
+chown -R $PUID:$PGID ~/.cache/
 chmod 766 ~/.cache/
 
 shopt -s nullglob

From 66a1490c87bd95eba3c1e6012accec20cb953362 Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 11:27:21 +0000
Subject: [PATCH 3/6] Update entrypoint.sh

make output belong to user too
---
 services/AUTOMATIC1111/entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/AUTOMATIC1111/entrypoint.sh b/services/AUTOMATIC1111/entrypoint.sh
index e5b5bcb..4313803 100755
--- a/services/AUTOMATIC1111/entrypoint.sh
+++ b/services/AUTOMATIC1111/entrypoint.sh
@@ -62,6 +62,9 @@ echo "Installing extension dependencies (if any)"
 chown -R $PUID:$PGID ~/.cache/
 chmod 766 ~/.cache/
 
+chown -R $PUID:$PGID /output
+chmod 766 /output
+
 shopt -s nullglob
 # For install.py, please refer to https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki/Developing-extensions#installpy
 list=(./extensions/*/install.py)

From b642d3a7f25acaf1c12d2721cdca61a3251f11ee Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 11:34:35 +0000
Subject: [PATCH 4/6] Update Dockerfile

fix
---
 services/AUTOMATIC1111/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/AUTOMATIC1111/Dockerfile b/services/AUTOMATIC1111/Dockerfile
index a33fb1d..3f2c893 100644
--- a/services/AUTOMATIC1111/Dockerfile
+++ b/services/AUTOMATIC1111/Dockerfile
@@ -24,7 +24,7 @@ RUN --mount=type=cache,target=/var/cache/apt \
   # we need those
   apt-get install -y fonts-dejavu-core rsync git jq moreutils aria2 \
   # extensions needs those
-  ffmpeg libglfw3-dev libgles2-mesa-dev pkg-config libcairo2 libcairo2-dev build-essential \
+  ffmpeg libglfw3-dev libgles2-mesa-dev pkg-config libcairo2 libcairo2-dev build-essential && \
   apt-get clean
 
 ARG PUID=0

From 18709fa51227d0394aae30a55b2c7253568cc44e Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 11:55:04 +0000
Subject: [PATCH 5/6] Update docker-compose.yml

---
 docker-compose.yml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 995427e..30db3ec 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,6 +20,7 @@ services:
     profiles: ["download"]
     volumes:
       - *v1
+      
   auto: &automatic
     <<: *base_service
     profiles: ["auto"]
@@ -27,6 +28,8 @@ services:
     image: sd-auto:80
     environment:
       - CLI_ARGS=--allow-code --medvram --xformers --enable-insecure-extension-access --api
+      - PUID=1000
+      - PGID=1000
 
   forge: &forge
     <<: *base_service
@@ -35,6 +38,8 @@ services:
     image: sd-forge:80
     environment:
       - CLI_ARGS=--allow-code --xformers --enable-insecure-extension-access --api --pin-shared-memory --cuda-malloc --cuda-stream
+      - PUID=1000
+      - PGID=1000
 
   auto-cpu:
     <<: *automatic
@@ -42,6 +47,9 @@ services:
     deploy: {}
     environment:
       - CLI_ARGS=--no-half --precision full --allow-code --enable-insecure-extension-access --api
+      - PUID=1000
+      - PGID=1000
+
   invoke: &invoke
     <<: *base_service
     profiles: ["invoke"]
@@ -50,12 +58,16 @@ services:
     environment:
       - PRELOAD=true
       - CLI_ARGS=--xformers
+      - PUID=1000
+      - PGID=1000
+
   # invoke-cpu:
   #   <<: *invoke
   #   profiles: ["invoke-cpu"]
   #   environment:
   #     - PRELOAD=true
   #     - CLI_ARGS=--always_use_cpu
+
   comfy: &comfy
     <<: *base_service
     profiles: ["comfy"]
@@ -63,12 +75,17 @@ services:
     image: sd-comfy:6
     environment:
       - CLI_ARGS=
+      - PUID=1000
+      - PGID=1000
+
   comfy-cpu:
     <<: *comfy
     profiles: ["comfy-cpu"]
     deploy: {}
     environment:
       - CLI_ARGS=--cpu
+      - PUID=1000
+      - PGID=1000
 
   fooocus: &fooocus
     <<: *base_service
@@ -76,4 +93,6 @@ services:
     build: ./services/fooocus/
     image: sd-fooocus:3
     environment:
-      - CLI_ARGS=
\ No newline at end of file
+      - CLI_ARGS=
+      - PUID=1000
+      - PGID=1000

From fe5caa90661dc3d17a553c2134093c5f26812290 Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 12:06:54 +0000
Subject: [PATCH 6/6] Discard changes to docker-compose.yml

---
 docker-compose.yml | 21 +--------------------
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 30db3ec..995427e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,7 +20,6 @@ services:
     profiles: ["download"]
     volumes:
       - *v1
-      
   auto: &automatic
     <<: *base_service
     profiles: ["auto"]
@@ -28,8 +27,6 @@ services:
     image: sd-auto:80
     environment:
       - CLI_ARGS=--allow-code --medvram --xformers --enable-insecure-extension-access --api
-      - PUID=1000
-      - PGID=1000
 
   forge: &forge
     <<: *base_service
@@ -38,8 +35,6 @@ services:
     image: sd-forge:80
     environment:
       - CLI_ARGS=--allow-code --xformers --enable-insecure-extension-access --api --pin-shared-memory --cuda-malloc --cuda-stream
-      - PUID=1000
-      - PGID=1000
 
   auto-cpu:
     <<: *automatic
@@ -47,9 +42,6 @@ services:
     deploy: {}
     environment:
       - CLI_ARGS=--no-half --precision full --allow-code --enable-insecure-extension-access --api
-      - PUID=1000
-      - PGID=1000
-
   invoke: &invoke
     <<: *base_service
     profiles: ["invoke"]
@@ -58,16 +50,12 @@ services:
     environment:
       - PRELOAD=true
       - CLI_ARGS=--xformers
-      - PUID=1000
-      - PGID=1000
-
   # invoke-cpu:
   #   <<: *invoke
   #   profiles: ["invoke-cpu"]
   #   environment:
   #     - PRELOAD=true
   #     - CLI_ARGS=--always_use_cpu
-
   comfy: &comfy
     <<: *base_service
     profiles: ["comfy"]
@@ -75,17 +63,12 @@ services:
     image: sd-comfy:6
     environment:
       - CLI_ARGS=
-      - PUID=1000
-      - PGID=1000
-
   comfy-cpu:
     <<: *comfy
     profiles: ["comfy-cpu"]
     deploy: {}
     environment:
       - CLI_ARGS=--cpu
-      - PUID=1000
-      - PGID=1000
 
   fooocus: &fooocus
     <<: *base_service
@@ -93,6 +76,4 @@ services:
     build: ./services/fooocus/
     image: sd-fooocus:3
     environment:
-      - CLI_ARGS=
-      - PUID=1000
-      - PGID=1000
+      - CLI_ARGS=
\ No newline at end of file