Making it so mobius does not run as root in Docker.

diff --git a/Dockerfile b/Dockerfile
index 421cfb5c6cbec647cbbc66aa2bdcc216a1c94572..bd7de5eb6eadaea4845626af2c0a68dfdd7f3ad6 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,12 +5,18 @@ COPY . .
 
 RUN CGO_ENABLED=0 go build -o /app/server cmd/mobius-hotline-server/main.go && chmod a+x /app/server
 
 
 RUN CGO_ENABLED=0 go build -o /app/server cmd/mobius-hotline-server/main.go && chmod a+x /app/server
 

-FROM scratch
+FROM debian:stable-slim
+
+# Change these as you see fit. This makes bind mounting easier so you don't have to edit bind mounted config files as root.
+ARG USERNAME=mobius
+ARG UID=1001
+ARG GUID=1001

 
 COPY --from=builder /app/server /app/server
 COPY --from=builder /app/cmd/mobius-hotline-server/mobius/config /usr/local/var/mobius/config
 
 COPY --from=builder /app/server /app/server
 COPY --from=builder /app/cmd/mobius-hotline-server/mobius/config /usr/local/var/mobius/config

-
+RUN useradd -d /app -u ${UID} ${USERNAME}
+RUN chown -R ${USERNAME}:${USERNAME} /app

 EXPOSE 5500 5501
 
 EXPOSE 5500 5501
 

+USER ${USERNAME}

 ENTRYPOINT ["/app/server"]
 ENTRYPOINT ["/app/server"]

-CMD ["/app/server"]