Fix entrypoint: reuse existing GID/UID instead of blindly creating

Alpine's built-in 'users' group owns GID 100 and 'nobody' owns UID 99.
The old check tested by name (appgroup/appuser) which always passed,
then hit 'addgroup: gid 100 in use' on creation.

Now checks by GID/UID via getent — reuses the existing group/user if
the ID is already taken, only creates new ones when the ID is free.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docker-entrypoint.sh

@@ -7,12 +7,24 @@ PGID=${PGID:-100}
 
 echo "[entrypoint] Starting Family Planner (PUID=${PUID}, PGID=${PGID})"
 
-# Create the app user/group if they don't already exist at the requested IDs
+# Resolve group: reuse existing group at PGID, or create a new one
-if ! getent group appgroup > /dev/null 2>&1; then
+if getent group "${PGID}" > /dev/null 2>&1; then
-  addgroup -g "${PGID}" appgroup
+  APP_GROUP=$(getent group "${PGID}" | cut -d: -f1)
+  echo "[entrypoint] Reusing existing group '${APP_GROUP}' (GID=${PGID})"
+else
+  APP_GROUP=appgroup
+  addgroup -g "${PGID}" "${APP_GROUP}"
+  echo "[entrypoint] Created group '${APP_GROUP}' (GID=${PGID})"
 fi
-if ! getent passwd appuser > /dev/null 2>&1; then
+
-  adduser -D -u "${PUID}" -G appgroup appuser
+# Resolve user: reuse existing user at PUID, or create a new one
+if getent passwd "${PUID}" > /dev/null 2>&1; then
+  APP_USER=$(getent passwd "${PUID}" | cut -d: -f1)
+  echo "[entrypoint] Reusing existing user '${APP_USER}' (UID=${PUID})"
+else
+  APP_USER=appuser
+  adduser -D -u "${PUID}" -G "${APP_GROUP}" "${APP_USER}"
+  echo "[entrypoint] Created user '${APP_USER}' (UID=${PUID})"
 fi
 
 # Ensure /data is owned by the app user so SQLite can write