summaryrefslogtreecommitdiff
path: root/worker/Dockerfile
diff options
context:
space:
mode:
Diffstat (limited to 'worker/Dockerfile')
-rw-r--r--worker/Dockerfile16
1 files changed, 11 insertions, 5 deletions
diff --git a/worker/Dockerfile b/worker/Dockerfile
index 396f73b..71e2ecf 100644
--- a/worker/Dockerfile
+++ b/worker/Dockerfile
@@ -19,13 +19,19 @@ RUN chmod +x /app/worker/dist/scripts/*
RUN mkdir -p /var/lib/laminar/cfg
RUN cp -r /app/worker/jobs /var/lib/laminar/cfg
-RUN chown -R 1000:1000 /var/lib/laminar
+# see: https://github.com/nodejs/docker-node/blame/89b29ef06b421598ec007605a2604ede0348b298/22/bullseye-slim/Dockerfile#L3-L4
+RUN chown -R node:node /var/lib/laminar
RUN curl -fsSL https://get.docker.com | sh
-# see: https://github.com/nodejs/docker-node/blame/89b29ef06b421598ec007605a2604ede0348b298/22/bullseye-slim/Dockerfile#L3-L4
-RUN usermod -a -d /var/lib/laminar -G docker node
-# RUN useradd --system --home-dir /var/lib/laminar \
-# --no-user-group --groups users,docker --uid 1000 laminar
+
+# adding a user to only the group"docker" doesn't deterministically give it access to the
+# docker socket of the host.
+# e.g. host has /etc/groups: docker:995, container has /etc/groups: docker:996
+# because i'm likely the only one to ever touch this, and i FORCE "docker" to be 996, this will
+# be hardcoded defaulting to 995.
+ARG DOCKER_GID="995" # but it may be overridden via this `DOCKER_GID` build arg.
+RUN groupmod -g ${DOCKER_GID} docker
+RUN usermod -a -d /var/lib/laminar -G docker node
COPY --from=worker_dependencies /bw /usr/local/bin/
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-20 22:41:35 +0000