From 21b9f76ebced4ad11e586216b9328b2b5b74c9a4 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 17 Nov 2022 14:34:55 +0100
Subject: [PATCH] setup doesn't need root

---
 setup/Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/setup/Dockerfile b/setup/Dockerfile
index 7be8f1b0..d6a5f083 100644
--- a/setup/Dockerfile
+++ b/setup/Dockerfile
@@ -12,9 +12,14 @@ COPY static ./static
 COPY server.py ./server.py
 COPY main.py ./main.py
 
+RUN set -euxo pipefail \
+ ; apk add --no-cache libcap \
+ ; setcap 'cap_net_bind_service=+ep' /app/venv/bin/gunicorn
+
 RUN echo $VERSION >> /version
 
 EXPOSE 80/tcp
 HEALTHCHECK --start-period=350s CMD curl -skfLo /dev/null http://localhost/
+USER mailu
 
 CMD gunicorn -w 4 -b :80 --access-logfile - --error-logfile - --preload main:app