docs(container): close out ADR-T-009 with Phase 9 audit & docs (ADR-T-009 Phase 9)

Land Phase 9 of ADR-T-009 by wiring the documentation,
audit-trail, and CI guards that turn the preceding eight
phases into a defended baseline. With this commit the ADR
flips from "Proposed" to "Implemented (Phases 1–9 complete)"
and the implementation-plan tracker marks every phase as
Done. There are no behavioural changes to the running
application; everything here is enforcement scaffolding,
operator-facing prose, and the matching test/sample-file
fallout.

CI guards (`.github/workflows/container.yaml`):

- New `lints` job (Container infra) gating the existing
  `test` matrix via `needs: lints`. Three independent
  audits run before any image is built:
  - `compose-baseline-no-mailcatcher` strips `# …` comments
    from `compose.yaml` (preserving line numbers via `awk`
    so error annotations point at the real source line)
    and greps the result for
    `mailcatcher|MAILER|SMTP|smtp_`. The override file is
    deliberately excluded — it is *expected* to mention
    `mailcatcher` — and the comment-stripping prevents the
    explanatory header in `compose.yaml` from tripping the
    audit. Re-introducing the dev mail sidecar into the
    production-shaped baseline now fails the build with a
    `::error file=compose.yaml::…` annotation referencing
    ADR-T-009 §8.1 / §9.1.3.
  - `su-exec-audit` parses the most recent `SHA-256:` line
    from the `## Audit Log` section of
    `contrib/dev-tools/su-exec/AUDIT.md` and compares it
    to `sha256sum contrib/dev-tools/su-exec/su-exec.c`.
    Any drift (file changed without a matching audit
    entry, or audit entry missing) fails the build with a
    pointer to ADR-T-009 §9.2 and the exact append-required
    SHA. Reviewer-discretionary drift is no longer
    possible.
  - `entry-env-docs` parses the
    `# ENTRY_ENV_VARS:` … `# END_ENTRY_ENV_VARS` manifest
    block in `share/container/entry_script_sh` and asserts
    that every variable listed appears somewhere in
    `docs/containers.md`. Also asserts that
    `compose.override.yaml` is mentioned. Adding an env
    var to the entry script without documenting it now
    fails the build (ADR-T-009 §9 / Acceptance Criterion
    #7).

Vendoring audit (`contrib/dev-tools/su-exec/AUDIT.md`, new):

- Records provenance (upstream `ncopa/su-exec`, MIT,
  vendored 2023-10-14 in repo commit `1f5351db`),
  initial SHA-256, and the choice rationale against
  `gosu`/`setpriv`/`su`/`runuser` (binary size on
  distroless, dependency footprint, and PID-1/signal
  preservation respectively).
- Documents the two re-audit triggers — file-change
  (automated, the CI guard above) and CVE (manual) —
  and explicitly rejects a calendar trigger per
  ADR-T-009 §D8: static frozen C with a finite review
  surface does not decay with time.
- Opens the append-only `## Audit Log` with the
  2026-04-21 initial-audit entry: full read-through
  against upstream, byte-identical, no shell/network/
  signal/env surprises, no findings. The entry ends
  with the structured `SHA-256:` line the CI guard
  parses.

Entry-script manifest
(`share/container/entry_script_sh`):

- New canonical `# ENTRY_ENV_VARS:` … `# END_ENTRY_ENV_VARS`
  block at the top of the script enumerates every env
  var the script consults — including the dynamically
  constructed `AUTH__{PRIVATE,PUBLIC}_KEY_{PEM,PATH}`
  names that a naive grep of `${...}` expansions would
  miss. This is the single source of truth the CI lint
  reads; the docs/env-table is the consumer.

Shipped-config consolidation
(`share/default/config/`):

- Drop the `.{mysql,sqlite3}.toml` suffix split for the
  container-shipped defaults now that Phase 5 made
  `database.connect_url` mandatory (the file no longer
  encodes a driver choice). Two pairs collapse into
  single files:
  - `index.container.{mysql,sqlite3}.toml` →
    `index.container.toml` (the `mysql` variant was
    already the canonical content; the `sqlite3` variant
    is removed).
  - `index.public.e2e.container.{mysql,sqlite3}.toml` →
    `index.public.e2e.container.toml` (kept the more
    explicit `listed = false` / `private = false`
    settings from the sqlite variant for clarity).
- `index.private.e2e.container.sqlite3.toml` and
  `index.development.sqlite3.toml` lose their now-empty
  `[auth]` stanza (auth keys are never seeded from the
  shipped TOML — they come from the entry script's
  defaults or operator overrides). The development
  template additionally moves `[net.tls]` above
  `[tracker]` to keep all top-level sections grouped.
- `packages/index-config/tests/shipped_samples.rs`
  follows the rename in lockstep so the samples remain
  exercised by the loader's parse + validate pipeline.
- All four e2e runner scripts under
  `contrib/dev-tools/container/e2e/{mysql,sqlite/mode/public}/`
  point at the unified file names.

Operator docs:

- `docs/containers.md` gains:
  - a "Test-Stage Gate" section documenting the
    Containerfile's `test` / `test_debug` build-time
    test stages, the deliberate absence of a
    `--skip-tests` escape hatch, and the supported
    `#[ignore]`-then-fix escalation path. Backlinked
    to ADR-T-009 §D9.
  - a `TZ` row in the env-var table covering the
    Containerfile's pass-through default of `Etc/UTC`.
  - a pointer at the entry-script manifest block,
    explaining the CI contract that keeps the table
    and the manifest in sync.
  - prose updates reflecting the single
    `index.container.toml` default (no more
    `{sqlite3,mysql}` split).
- `README.md`:
  - Container quickstart blocks now show the two
    mandatory overrides (`TRACKER__TOKEN`,
    `DATABASE__CONNECT_URL`) so a copy-paste
    `docker run` / `podman run` succeeds against the
    Phase 5 schema. A leading note explains *why* a
    bare invocation now fails, with a link to
    ADR-T-009 §D2.
  - New "Compose (development sandbox)" subsection
    introducing `make up-dev` / `make up-prod` and
    pointing at the Compose Split docs section.
  - The ADR-T-009 entry in the "Architecture Decision
    Records" list is rewritten to match the
    actually-landed scope (runtime base split, three
    helper crates, mandatory schema fields, Compose
    split, vendored-`su-exec` audit) rather than the
    earlier "hardening" framing.
- `CHANGELOG.md`:
  - Expands the ADR-T-009 entry under `Added` to
    summarise Phases 1–9 in operator-visible terms
    (runtime image split with the
    `0700`/`0500 root:root` posture on the lean
    toolset, three extracted helper crates including
    their renames from the old `health_check` /
    `torrust-generate-auth-keypair` names, the
    Compose split with the two `make` wrappers, and
    the new vendoring audit + CI guard).
  - Three new **BREAKING** entries under `Changed`
    spelling out the operator-facing migrations:
    mandatory `database.connect_url` /
    `tracker.token` (with the precise override env-var
    names), the PEM/PATH mutual-exclusion contract on
    auth keys (D3), and the narrowed scope of
    `TORRUST_INDEX_DATABASE_DRIVER` as a first-boot
    TOML selector only (no longer a runtime database
    dispatcher).

ADR & implementation plan:

- `adr/009-container-infrastructure-refactor.md`
  status flips from "Proposed" to "Implemented
  (Phases 1–9 complete)".
- `adr/009-implementation-plan.md` marks Phase 9 as
  Done, and corrects the §9 changelog-prose template:
  the `[net.tsl]` → `[net.tls]` wire-key rename was
  already logged at Phase 3 (config-crate extraction)
  and must not be re-stated under the Phase 9 summary
  bullet. The plan now calls this out inline so a
  future re-reader does not duplicate the entry.

Repo housekeeping:

- `AGENTS.md` reorders the helper-crate enumeration
  (`index-cli-common` to the end of the list) so the
  three Phase-2/6 helpers cluster together. No
  behavioural meaning — the share-the-`T-`-prefix rule
  is unchanged.

Refs: ADR-T-009 §D8, §D9, §9.

Author: peer-cat

.github/workflows/container.yaml

@@ -15,8 +15,90 @@ env:
   CARGO_TERM_COLOR: always
 
 jobs:
+  lints:
+    name: Lints (Container infra)
+    runs-on: ubuntu-latest
+
+    steps:
+      - id: checkout
+        name: Checkout Repository
+        uses: actions/checkout@v6
+
+      # Phase 9 §9.1.3 — guard against re-introducing the
+      # `mailcatcher` dev sidecar (or any SMTP/mail config)
+      # into the production-shaped baseline. The override
+      # file is *expected* to mention `mailcatcher` and is
+      # deliberately excluded from the audit. Comments are
+      # stripped before grepping so the explanatory header
+      # in `compose.yaml` (which legitimately references
+      # `mailcatcher` in prose) does not trip the audit;
+      # we are looking for live YAML config, not docs.
+      - id: compose-baseline-no-mailcatcher
+        name: compose.yaml has no mailcatcher / SMTP wiring
+        run: |
+          set -eu
+          # awk strips `# ...` comments while preserving line
+          # numbering 1:1 with the source file, so any error
+          # output points the reader at the real line.
+          if awk '{ sub(/#.*/, ""); print }' compose.yaml \
+              | grep -nE 'mailcatcher|MAILER|SMTP|smtp_'; then
+            echo "::error file=compose.yaml::dev mail sidecar / SMTP config present in production-shaped baseline (ADR-T-009 §8.1, §9.1.3)"
+            exit 1
+          fi
+          echo "compose.yaml clean."
+
+      # Phase 9 §9.2 — vendored `su-exec.c` must not change
+      # without a fresh audit entry recording the new SHA-256
+      # in contrib/dev-tools/su-exec/AUDIT.md.
+      - id: su-exec-audit
+        name: su-exec audit log matches vendored source
+        run: |
+          set -eu
+          audit=contrib/dev-tools/su-exec/AUDIT.md
+          test -s "$audit"
+          recorded=$(sed -n '/^## Audit Log/,$ { s/^SHA-256: \([0-9a-f]\{64\}\)$/\1/p; }' "$audit" | tail -1)
+          actual=$(sha256sum contrib/dev-tools/su-exec/su-exec.c | cut -d' ' -f1)
+          if [ -z "$recorded" ]; then
+            echo "::error file=$audit::no SHA-256 entry found in '## Audit Log' section (ADR-T-009 §9.2)"
+            exit 1
+          fi
+          if [ "$recorded" != "$actual" ]; then
+            echo "::error file=$audit::recorded SHA-256 ($recorded) does not match contrib/dev-tools/su-exec/su-exec.c ($actual). Append a new dated audit entry per ADR-T-009 §9.2."
+            exit 1
+          fi
+          echo "su-exec audit current ($actual)."
+
+      # Phase 9 §9 / Acceptance Criterion #7 — every env var
+      # listed in the entry script's manifest block must be
+      # documented in docs/containers.md.
+      - id: entry-env-docs
+        name: entry-script env vars documented
+        run: |
+          set -eu
+          script=share/container/entry_script_sh
+          vars=$(sed -n '/^# ENTRY_ENV_VARS:/,/^# END_ENTRY_ENV_VARS/p' "$script" \
+                  | grep -oE '[A-Z][A-Z0-9_]+' \
+                  | sort -u)
+          if [ -z "$vars" ]; then
+            echo "::error file=$script::ENTRY_ENV_VARS manifest block not found or empty (ADR-T-009 §9 Crit. #7)"
+            exit 1
+          fi
+          missing=0
+          for v in $vars; do
+            grep -q "$v" docs/containers.md || {
+              echo "::error file=docs/containers.md::env var '$v' is in the entry-script manifest but not documented"
+              missing=1
+            }
+          done
+          grep -q 'compose\.override\.yaml' docs/containers.md || {
+            echo "::error file=docs/containers.md::two-file Compose split (compose.override.yaml) is not documented"
+            missing=1
+          }
+          [ "$missing" -eq 0 ]
+
   test:
     name: Test (Docker)
+    needs: lints
     runs-on: ubuntu-latest
 
     strategy:

AGENTS.md

@@ -80,8 +80,8 @@ use their own `ADR-<PREFIX>-<NNN>` form without the `§` prefix.
 | `M-`   | Mudlark              | `packages/mudlark/docs/idea.md`  |
 | `R-`   | render-text-as-image | `packages/render-text-as-image/` |
 
-Helper crates (`index-cli-common`, `index-health-check`,
-`index-auth-keypair`, `index-config`, `index-config-probe`,
+Helper crates (`index-health-check`, `index-auth-keypair`,
+`index-config`, `index-config-probe`, `index-cli-common`,
 `index-entry-script`) are internal implementation details of
 the root crate and do not own separate ADRs or specification
 docs. They share the `T-` prefix for any cross-references

CHANGELOG.md

@@ -9,7 +9,35 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- ADR-T-009: Container infrastructure hardening (Phases 1, 2, 3, 4, 5 & 6).
+- ADR-T-009: Container infrastructure refactor (Phases 1–9). Beyond
+  the tactical hardening already noted under Phase 3, the refactor:
+  - Splits the runtime image into a lean `release` (distroless
+    `cc-debian13`) and `debug` (`cc-debian13:debug`) target. The
+    `release` image keeps `/bin/busybox`, `/bin/su-exec`, and
+    `/usr/bin/jq` root-only (mode `0700`/`0500 root:root`); the
+    unprivileged `torrust` user gets `EACCES` on the entire toolset
+    after privilege drop. The `debug` target retains the upstream
+    `/busybox/` tree on `PATH` for interactive debugging.
+  - Extracts three helper binaries into their own workspace crates
+    with no transitive HTTP/TLS/async-runtime dependencies:
+    `torrust-index-health-check` (renamed from `health_check`),
+    `torrust-index-auth-keypair` (renamed from
+    `torrust-generate-auth-keypair`), and the new
+    `torrust-index-config-probe` (the same loader the application
+    uses, exposing the resolved schema/database/auth state as JSON).
+  - Splits Compose into a production-shaped
+    [`compose.yaml`](./compose.yaml) baseline (no `mailcatcher`, no
+    `tty`, dev ports bound to `127.0.0.1`, credentials referenced
+    as bare `${VAR}`) and an auto-loaded
+    [`compose.override.yaml`](./compose.override.yaml) supplying the
+    dev sandbox. Two `Makefile` targets (`make up-dev`, `make up-prod`)
+    wrap the documented invocation paths and validate required env
+    vars before any container starts.
+  - Adds `contrib/dev-tools/su-exec/AUDIT.md` recording provenance,
+    rationale, and a SHA-256-anchored append-only audit log for the
+    vendored `su-exec.c`. CI fails the build when the file changes
+    without a matching audit entry.
+
 - `torrust-index-config` workspace crate (`packages/index-config/`)
   containing the parsing surface of the configuration system: schema
   modules, validator, `load_settings`, `Info`, `Error`, the
@@ -188,6 +216,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- **BREAKING:** `database.connect_url` and `tracker.token` are now
+  mandatory schema fields (no defaults in shipped TOMLs). Operators
+  must supply both via env-var override
+  (`TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL`,
+  `TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN`) or by mounting a
+  populated `index.toml`. Missing values fail at config-parse time
+  with a precise serde `missing field` error rather than silently
+  falling back to a hidden default (ADR-T-009 §D2).
+- **BREAKING:** `TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__*_PEM` and
+  `TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__*_PATH` are mutually exclusive
+  within a single key, both keys must use the same delivery
+  mechanism, and the pair must either both be configured or both be
+  absent. Mixed/half-pair configurations are rejected by the entry
+  script before the application starts (ADR-T-009 §D3).
+- **BREAKING:** `TORRUST_INDEX_DATABASE_DRIVER` no longer dispatches
+  the application's runtime database driver — that is derived from
+  the URL scheme of `database.connect_url`. It is retained as an
+  input-validation gate at container start (`sqlite3` / `mysql`);
+  both values seed the same driver-agnostic `index.container.toml`
+  template into `/etc/torrust/index/` on first boot. Operators who
+  scripted around this env var to switch databases at runtime must
+  instead supply `TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL`
+  (ADR-T-009 §D2/§7.4).
 - `.containerignore` now excludes `/adr/` and `/docs/` from the build
   context (ADR-T-009 Phase 1).
 - Container `HEALTHCHECK` now invokes `torrust-index-health-check` (was

README.md

@@ -31,24 +31,56 @@ If you are using `Version 1` of `torrust-tracker-backend`, please view our [upgr
 
 ### Container Version
 
-The Torrust Index is [deployed to DockerHub][dockerhub], you can run a demo immediately with the following commands:
+The Torrust Index is [deployed to DockerHub][dockerhub], you can run a demo
+immediately with the following commands. Per
+[ADR-T-009 §D2](./adr/009-container-infrastructure-refactor.md), the image
+no longer ships a default tracker token or `database.connect_url`, so two
+overrides are mandatory at startup — a bare `docker run -it
+torrust/index:develop` now fails with a `missing field` error rather than
+booting against hidden defaults.
 
 #### Docker
 
 ```sh
-docker run -it torrust/index:develop
+docker run -it \
+    --env TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \
+    --env TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL="sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc" \
+    torrust/index:develop
 ```
 
 > Please read our [container guide][containers.md] for more information.
 
 #### Podman
 
 ```sh
-podman run -it torrust/index:develop
+podman run -it \
+    --env TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \
+    --env TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL="sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc" \
+    torrust/index:develop
 ```
 
 > Please read our [container guide][containers.md] for more information.
 
+#### Compose (development sandbox)
+
+For a complete local stack (index + tracker + MySQL + mailcatcher) the
+repository ships a Compose split: a production-shaped
+[`compose.yaml`](./compose.yaml) baseline plus an auto-loaded
+[`compose.override.yaml`](./compose.override.yaml) that supplies dev
+defaults. Two `Makefile` wrappers cover the documented invocation
+paths:
+
+```sh
+# Dev sandbox (auto-loads compose.override.yaml):
+make up-dev
+
+# Production-shaped (validates required credentials first):
+make up-prod
+```
+
+See [Compose Split](./docs/containers.md#compose-split) in the container
+guide for the required env vars and the validation contract.
+
 ### Development Version
 
 - Please assure you have the ___[latest stable (or nightly) version of Rust][Rust]___.
@@ -144,7 +176,7 @@ The following services are provided by the default configuration:
 - [ADR-T-006: Refactor the Error System](adr/006-error-system-refactor.md) — Replace the 41-variant `ServiceError` god enum with domain-scoped error enums (`AuthError`, `UserError`, `TorrentError`, `CategoryTagError`) and a thin `ApiError` wrapper.
 - [ADR-T-007: Refactor the JWT System](adr/007-jwt-system-refactor.md) — Centralise JWT handling into `src/jwt.rs`, redesign claims to RFC 7519, move to RS256 asymmetric signing, and consolidate session validation into a single code path.
 - [ADR-T-008: Refactor the Roles and Permissions System](adr/008-roles-and-permissions-refactor.md) — Replace Casbin with a native Rust permission system (`PermissionMatrix` + `RequirePermission<A>` Axum extractors), migrate from `administrator: bool` to a `role` column, and add a `/me/permissions` discovery endpoint.
-- [ADR-T-009: Container Infrastructure Hardening](adr/009-container-infrastructure-refactor.md) — Split runtime bases (release/debug), extract the configuration parser into the `torrust-index-config` workspace crate, ship dedicated helper-binary crates (`torrust-index-health-check`, `torrust-index-auth-keypair`, `torrust-index-config-probe`), and tighten the entry script's invariants (mandatory `connect_url`/`tracker.token`, single source of truth for auth-key paths, refuse-if-root, refuse-if-stdout-is-a-TTY).
+- [ADR-T-009: Container Infrastructure Refactor](adr/009-container-infrastructure-refactor.md) — Split the runtime image into `release` (distroless, root-only toolset) and `debug` bases; extract three helper binaries (`torrust-index-health-check`, `torrust-index-auth-keypair`, `torrust-index-config-probe`) into their own workspace crates with no HTTP/TLS/async-runtime deps; strip credentials from shipped TOMLs and make `database.connect_url` / `tracker.token` mandatory schema fields; split Compose into a production-shaped `compose.yaml` baseline plus an auto-loaded `compose.override.yaml` dev sandbox; and add an internal audit record for vendored `su-exec`.
 
 ## Contributing
 

adr/009-container-infrastructure-refactor.md

@@ -1,6 +1,6 @@
 # ADR-T-009: Container Infrastructure Refactor
 
-**Status:** Proposed
+**Status:** Implemented (Phases 1–9 complete)
 **Date:** 2026-04-19
 **Supersedes:** Earlier `ADR-T-009` draft ("Container
 Infrastructure Hardening") whose tactical S-N items were

adr/009-implementation-plan.md

@@ -1,7 +1,7 @@
 # ADR-T-009 — Implementation Plan
 
 **Companion to:** [adr/009-container-infrastructure-refactor.md](009-container-infrastructure-refactor.md)
-**Status:** Tracking
+**Status:** Implemented (Phases 1–9 complete)
 **Date:** 2026-04-19
 
 This document captures the *how* of ADR-T-009. The ADR records
@@ -22,7 +22,7 @@ re-litigated here — when in doubt, defer to the ADR.
 | 6     | Config probe                       | Done        |
 | 7     | Entry-script contract              | Done        |
 | 8     | Compose split                      | Done        |
-| 9     | Documentation & audit (D8, D9)     | Not started |
+| 9     | Documentation & audit (D8, D9)     | Done        |
 
 ## Phase Dependency Graph
 
@@ -2661,13 +2661,16 @@ version section summarising the container infrastructure
 refactor: mandatory `connect_url` / `tracker.token`,
 compose split, runtime-base split, helper-crate
 extractions, the new `torrust-index-config-probe`
-entrypoint, the `[net.tsl]` → `[net.tls]` wire-key
-rename (breaking change for operator TOMLs and JSON API
-consumers), the PEM+PATH mutual-exclusion enforcement
+entrypoint, the PEM+PATH mutual-exclusion enforcement
 (D3), and the narrowed scope of
 `TORRUST_INDEX_DATABASE_DRIVER` (now a TOML-selection
 knob only, no longer a runtime database dispatcher).
 
+The `[net.tsl]` → `[net.tls]` wire-key rename is *not*
+re-stated in this Phase 9 entry — it was logged as its
+own breaking-change bullet at the time it landed (Phase 3
+config-crate extraction). Keep it there; do not duplicate.
+
 ### 9.1.3 Add `mailcatcher` CI lint on `compose.yaml`
 
 Phase 8 §8.1 prescribed a CI lint that re-runs the

contrib/dev-tools/container/e2e/mysql/e2e-env-down.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
-TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.mysql.toml) \
+TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.toml) \
 TORRUST_TRACKER_CONFIG_TOML=$(cat ./share/default/config/tracker.public.e2e.container.sqlite3.toml) \
     docker compose down

contrib/dev-tools/container/e2e/mysql/e2e-env-up.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
-TORRUST_INDEX_CONFIG=$(cat ./share/default/config/index.public.e2e.container.mysql.toml) \
+TORRUST_INDEX_CONFIG=$(cat ./share/default/config/index.public.e2e.container.toml) \
     docker compose build
 
 USER_ID=${USER_ID:-1000} \
-    TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.mysql.toml) \
+    TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.toml) \
     TORRUST_INDEX_DATABASE="torrust_index_e2e_testing" \
     TORRUST_INDEX_DATABASE_DRIVER="mysql" \
     TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \

contrib/dev-tools/container/e2e/mysql/run-e2e-tests.sh

@@ -43,7 +43,7 @@ docker ps
 # overrides; see ADR-T-009 §D2). Inject host-side overrides so the test
 # process can load the same config file the container uses.
 TORRUST_INDEX_E2E_SHARED=true \
-    TORRUST_INDEX_CONFIG_TOML_PATH="./share/default/config/index.public.e2e.container.mysql.toml" \
+    TORRUST_INDEX_CONFIG_TOML_PATH="./share/default/config/index.public.e2e.container.toml" \
     TORRUST_INDEX_E2E_DB_CONNECT_URL="mysql://root:root_secret_password@127.0.0.1:3306/torrust_index_e2e_testing" \
     TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \
     TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL="mysql://root:root_secret_password@127.0.0.1:3306/torrust_index_e2e_testing" \

contrib/dev-tools/container/e2e/sqlite/mode/public/e2e-env-down.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
-TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.sqlite3.toml) \
+TORRUST_INDEX_CONFIG_TOML=$(cat ./share/default/config/index.public.e2e.container.toml) \
 TORRUST_TRACKER_CONFIG_TOML=$(cat ./share/default/config/tracker.public.e2e.container.sqlite3.toml) \
     docker compose down