51 lines
1.4 KiB
Docker
51 lines
1.4 KiB
Docker
FROM python:3.11-slim
|
||
WORKDIR /app
|
||
|
||
# deps (curl for healthcheck; gosu only needed when running as root)
|
||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||
sqlite3 curl gosu \
|
||
&& rm -rf /var/lib/apt/lists/*
|
||
|
||
# Create a default appuser (will be ignored if process isn’t root)
|
||
RUN groupadd -g 1000 appuser && useradd -u 1000 -g appuser -m appuser
|
||
|
||
COPY requirements.txt .
|
||
RUN pip install --no-cache-dir -r requirements.txt
|
||
|
||
# Copy new modular structure
|
||
COPY nfoguard.py .
|
||
COPY core/ ./core/
|
||
COPY clients/ ./clients/
|
||
COPY VERSION .
|
||
|
||
RUN mkdir -p /app/data && chown -R appuser:appuser /app
|
||
|
||
# Root-aware entrypoint
|
||
RUN cat > /entrypoint.sh << 'EOF'
|
||
#!/bin/bash
|
||
set -euo pipefail
|
||
|
||
PUID=${PUID:-1000}
|
||
PGID=${PGID:-1000}
|
||
|
||
if [ "$(id -u)" -eq 0 ]; then
|
||
# running as root: we can adjust IDs and drop privileges
|
||
groupmod -o -g "$PGID" appuser 2>/dev/null || groupadd -o -g "$PGID" appuser
|
||
id appuser &>/dev/null || useradd -o -u "$PUID" -g "$PGID" -m appuser
|
||
usermod -o -u "$PUID" -g "$PGID" appuser 2>/dev/null || true
|
||
chown -R "$PUID:$PGID" /app || true
|
||
exec gosu appuser "$@"
|
||
else
|
||
# not root (e.g., compose set user: 1000:1000) — just run
|
||
exec "$@"
|
||
fi
|
||
EOF
|
||
RUN chmod +x /entrypoint.sh
|
||
|
||
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
|
||
CMD curl -f http://localhost:8080/health || exit 1
|
||
|
||
EXPOSE 8080
|
||
ENTRYPOINT ["/entrypoint.sh"]
|
||
CMD ["python", "nfoguard.py"]
|