Mastodon hachyterm.io

Today I improved my Nim web application by running the docker container as non=root-user:

## base image
FROM nimlang/nim:1.0.4-regular

## install dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends libpq-dev netcat-openbsd

## set working directory
WORKDIR /usr/src/app

## add user
RUN addgroup --system nim && adduser --system --group nim
RUN chown -R nim:nim /usr/src/app && chmod -R 755 /usr/src/app

## Nim environment
ENV NIM_ENV=production
ENV NIMBLE_DIR=/home/nim/.nimble
ENV PATH=$PATH:/home/nim/.nimble/bin

## copy entrypoint, make executable
COPY ./entrypoint.sh .
RUN chmod +x entrypoint.sh

## install dependencies, bundle assets, compile
RUN nimble refresh && nimble install nimassets jester
COPY . .
RUN nimassets -d=public -o=src/views/assetsfile.nim && \
        nimble c -d:release src/urlShortener

## switch to non-root user
USER nim

CMD ["./src/urlShortener"]