From c64fa651a271968bd670b046cf08a60e17116872 Mon Sep 17 00:00:00 2001
From: James Ketrenos <james_git@ketrenos.com>
Date: Wed, 1 Oct 2025 09:44:27 -0700
Subject: [PATCH] docker: make runtime image user/group creation robust in
 Dockerfile.server (support HOST_UID/HOST_GID; reuse existing UID/GID; chown
 by numeric UID:GID; use numeric USER)

---
 Dockerfile.server | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/Dockerfile.server b/Dockerfile.server
index 7d3341a..4d12853 100644
--- a/Dockerfile.server
+++ b/Dockerfile.server
@@ -14,6 +14,10 @@ RUN npm run build
 ## Production image
 FROM node:20-alpine AS runtime
 
+# Allow host UID/GID to be specified at build time.
+ARG HOST_UID=1000
+ARG HOST_GID=1000
+
 WORKDIR /
 
 # Copy built server
@@ -21,7 +25,25 @@ COPY --from=builder /server/dist ./server/dist
 COPY --from=builder /server/node_modules ./server/node_modules
 COPY server/package*.json /server/
 
+## Create hostuser in runtime image so runtime-created files have proper uid/gid
+RUN if ! getent group ${HOST_GID} >/dev/null 2>&1; then \
+			addgroup -g ${HOST_GID} hostgroup; \
+		else \
+			echo "group for GID ${HOST_GID} already exists"; \
+		fi
+
+RUN if ! getent passwd ${HOST_UID} >/dev/null 2>&1; then \
+			adduser -D -u ${HOST_UID} -G hostgroup hostuser; \
+		else \
+			echo "user for UID ${HOST_UID} already exists"; \
+			mkdir -p /home/hostuser || true; \
+		fi
+
+RUN chown -R ${HOST_UID}:${HOST_GID} /server || true
+
 WORKDIR /server
 ENV NODE_ENV=production
+ENV HOME=/home/hostuser
+USER ${HOST_UID}:${HOST_GID}
 EXPOSE 8930
 CMD ["npm", "start"]