From 3de5a4f2a2e593998c9da95305b9c93ee3c44686 Mon Sep 17 00:00:00 2001
From: Adam Rahja <adam@resolve.com>
Date: Mon, 11 Mar 2024 11:50:10 -0500
Subject: [PATCH] Reworked adding non-root user to docker images. This gives
 you the ability to run ntfy as a non-root user. fixes binwiederhier#966

---
 Dockerfile       | 3 ++-
 Dockerfile-arm   | 1 +
 Dockerfile-build | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 45dad05d..23c875e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,8 @@ LABEL org.opencontainers.image.licenses="Apache-2.0, GPL-2.0"
 LABEL org.opencontainers.image.title="ntfy"
 LABEL org.opencontainers.image.description="Send push notifications to your phone or desktop using PUT/POST"
 
-RUN apk add --no-cache tzdata
+RUN apk add --no-cache tzdata \
+ && /usr/sbin/adduser -D -u 1000 ntfy
 COPY ntfy /usr/bin
 
 EXPOSE 80/tcp
diff --git a/Dockerfile-arm b/Dockerfile-arm
index 755092fd..b6054b83 100644
--- a/Dockerfile-arm
+++ b/Dockerfile-arm
@@ -12,6 +12,7 @@ LABEL org.opencontainers.image.description="Send push notifications to your phon
 # Alpine does not support adding "tzdata" on ARM anymore, see
 # https://github.com/binwiederhier/ntfy/issues/894
 
+RUN /usr/sbin/adduser -D -u 1000 ntfy
 COPY ntfy /usr/bin
 
 EXPOSE 80/tcp
diff --git a/Dockerfile-build b/Dockerfile-build
index 4530ec47..738077d2 100644
--- a/Dockerfile-build
+++ b/Dockerfile-build
@@ -53,6 +53,8 @@ LABEL org.opencontainers.image.licenses="Apache-2.0, GPL-2.0"
 LABEL org.opencontainers.image.title="ntfy"
 LABEL org.opencontainers.image.description="Send push notifications to your phone or desktop using PUT/POST"
 
+RUN /usr/sbin/adduser -D -u 1000 ntfy
+
 COPY --from=builder /app/dist/ntfy_linux_server/ntfy /usr/bin/ntfy
 
 EXPOSE 80/tcp