From 3de5a4f2a2e593998c9da95305b9c93ee3c44686 Mon Sep 17 00:00:00 2001
From: Adam Rahja <adam@resolve.com>
Date: Mon, 11 Mar 2024 11:50:10 -0500
Subject: [PATCH 1/2] Reworked adding non-root user to docker images. This
 gives you the ability to run ntfy as a non-root user. fixes binwiederhier#966

---
 Dockerfile       | 3 ++-
 Dockerfile-arm   | 1 +
 Dockerfile-build | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 45dad05d..23c875e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,8 @@ LABEL org.opencontainers.image.licenses="Apache-2.0, GPL-2.0"
 LABEL org.opencontainers.image.title="ntfy"
 LABEL org.opencontainers.image.description="Send push notifications to your phone or desktop using PUT/POST"
 
-RUN apk add --no-cache tzdata
+RUN apk add --no-cache tzdata \
+ && /usr/sbin/adduser -D -u 1000 ntfy
 COPY ntfy /usr/bin
 
 EXPOSE 80/tcp
diff --git a/Dockerfile-arm b/Dockerfile-arm
index 755092fd..b6054b83 100644
--- a/Dockerfile-arm
+++ b/Dockerfile-arm
@@ -12,6 +12,7 @@ LABEL org.opencontainers.image.description="Send push notifications to your phon
 # Alpine does not support adding "tzdata" on ARM anymore, see
 # https://github.com/binwiederhier/ntfy/issues/894
 
+RUN /usr/sbin/adduser -D -u 1000 ntfy
 COPY ntfy /usr/bin
 
 EXPOSE 80/tcp
diff --git a/Dockerfile-build b/Dockerfile-build
index 4530ec47..738077d2 100644
--- a/Dockerfile-build
+++ b/Dockerfile-build
@@ -53,6 +53,8 @@ LABEL org.opencontainers.image.licenses="Apache-2.0, GPL-2.0"
 LABEL org.opencontainers.image.title="ntfy"
 LABEL org.opencontainers.image.description="Send push notifications to your phone or desktop using PUT/POST"
 
+RUN /usr/sbin/adduser -D -u 1000 ntfy
+
 COPY --from=builder /app/dist/ntfy_linux_server/ntfy /usr/bin/ntfy
 
 EXPOSE 80/tcp

From 5d2351a13afa3d5dd02a8638a625bfa6bd1b772a Mon Sep 17 00:00:00 2001
From: Adam Rahja <adam@resolve.com>
Date: Fri, 29 Mar 2024 08:30:30 -0500
Subject: [PATCH 2/2] Updated the ntfy user uuid to 10,000+ to follow best
 practices.

---
 Dockerfile       | 2 +-
 Dockerfile-arm   | 3 ++-
 Dockerfile-build | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 23c875e1..0981fbfd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,7 @@ LABEL org.opencontainers.image.title="ntfy"
 LABEL org.opencontainers.image.description="Send push notifications to your phone or desktop using PUT/POST"
 
 RUN apk add --no-cache tzdata \
- && /usr/sbin/adduser -D -u 1000 ntfy
+ && /usr/sbin/adduser -D -u 10001 ntfy
 COPY ntfy /usr/bin
 
 EXPOSE 80/tcp
diff --git a/Dockerfile-arm b/Dockerfile-arm
index b6054b83..c1a68a2f 100644
--- a/Dockerfile-arm
+++ b/Dockerfile-arm
@@ -12,7 +12,8 @@ LABEL org.opencontainers.image.description="Send push notifications to your phon
 # Alpine does not support adding "tzdata" on ARM anymore, see
 # https://github.com/binwiederhier/ntfy/issues/894
 
-RUN /usr/sbin/adduser -D -u 1000 ntfy
+RUN /usr/sbin/adduser -D -u 10001 ntfy
+
 COPY ntfy /usr/bin
 
 EXPOSE 80/tcp
diff --git a/Dockerfile-build b/Dockerfile-build
index 738077d2..5a48d08b 100644
--- a/Dockerfile-build
+++ b/Dockerfile-build
@@ -53,7 +53,7 @@ LABEL org.opencontainers.image.licenses="Apache-2.0, GPL-2.0"
 LABEL org.opencontainers.image.title="ntfy"
 LABEL org.opencontainers.image.description="Send push notifications to your phone or desktop using PUT/POST"
 
-RUN /usr/sbin/adduser -D -u 1000 ntfy
+RUN /usr/sbin/adduser -D -u 10001 ntfy
 
 COPY --from=builder /app/dist/ntfy_linux_server/ntfy /usr/bin/ntfy