Use regular user for executing service

Praise modular copy-pasteable designs

Dockerfile

@@ -1,11 +1,22 @@
 FROM golang:1.22-alpine
 
-RUN mkdir /app
+ENV USER=tiamat
+ENV GROUPNAME=$USER
+ENV UID=1000
+ENV GID=1000
+ENV APP_HOME="/home/tiamat/app"
 
-ADD . /app
+RUN addgroup --gid "$GID" "$GROUPNAME"
+RUN adduser --gecos "" --disabled-password --ingroup "$GROUPNAME" --uid "$UID" "$USER"
 
-WORKDIR /app
+USER "$USER"
+
+RUN mkdir "$APP_HOME"
+
+ADD . "$APP_HOME"
+
+WORKDIR "$APP_HOME"
 
 RUN go build -o main .
 
-CMD ["/app/main", "server"]
+CMD ["./main", "server"]

docker-compose.yml

@@ -5,9 +5,8 @@ networks:
     driver: bridge
 
 services:
-  tiamat:
+  default:
     container_name: "tiamat"
-    #image: "tiamat"
     build:
       context: .
       dockerfile: "Dockerfile"
@@ -17,4 +16,4 @@ services:
     networks:
       - tiamat
     volumes:
-      - ./sample-config/:/root/.config/tiamat/
+      - ./sample-config/:/home/tiamat/.config/tiamat/