From d96da5143a8b42352aacc1abbe648d4bce15b6da Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Wed, 26 Apr 2023 22:12:14 +0200
Subject: [PATCH] Run as unprivileged user (#20)

Squashed commit of the following:

commit 6a7884c1fb173937b512cd3f762d30b447be06e0
Author: Thor77 <thor77@thor77.org>
Date:   Sat Mar 25 16:07:05 2023 +0100

    Run as unprivileged user

commit 0bef82b1e964f651cf83a827c8fb4b22cbb1cd51
Author: Thor77 <thor77@thor77.org>
Date:   Sat Mar 25 16:06:29 2023 +0100

    Add dumb-init entrypoint

    to allow for clean shutdown

commit 92b5d441105819af32c1e618316bbe320ab9dab5
Author: Thor77 <thor77@thor77.org>
Date:   Sat Mar 25 16:05:18 2023 +0100

    Update base image to debian bullseye

closes #20

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 Dockerfile | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 70f84cb..77e9cfd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:stretch
+FROM debian:bullseye
 
 LABEL maintainer Knut Ahlers <knut@ahlers.me>
 
@@ -6,23 +6,27 @@ LABEL maintainer Knut Ahlers <knut@ahlers.me>
 ENV TEAMSPEAK_VERSION=3.13.7 \
     TEAMSPEAK_SHA256=775a5731a9809801e4c8f9066cd9bc562a1b368553139c1249f2a0740d50041e
 
-SHELL ["/bin/bash", "-exo", "pipefail",  "-c"]
 RUN apt-get update \
- && apt-get install -y curl bzip2 ca-certificates --no-install-recommends \
+ && apt-get install -y curl bzip2 ca-certificates dumb-init --no-install-recommends \
  && curl -sSfLo teamspeak3-server_linux-amd64.tar.bz2 \
-      "https://files.teamspeak-services.com/releases/server/${TEAMSPEAK_VERSION}/teamspeak3-server_linux_amd64-${TEAMSPEAK_VERSION}.tar.bz2" \
+    "https://files.teamspeak-services.com/releases/server/${TEAMSPEAK_VERSION}/teamspeak3-server_linux_amd64-${TEAMSPEAK_VERSION}.tar.bz2" \
  && echo "${TEAMSPEAK_SHA256} *teamspeak3-server_linux-amd64.tar.bz2" | sha256sum -c - \
  && tar -C /opt -xjf teamspeak3-server_linux-amd64.tar.bz2 \
  && rm teamspeak3-server_linux-amd64.tar.bz2 \
  && apt-get purge -y curl bzip2 && apt-get autoremove -y \
  && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && groupadd -g 1000 teamspeak \
+ && useradd -u 1000 -g 1000 teamspeak \
+ && chown -R teamspeak:teamspeak /opt/teamspeak3-server_linux_amd64
 
 COPY docker-ts3.sh /opt/docker-ts3.sh
 
 # Inject a Volume for any TS3-Data that needs to be persisted or to be accessible from the host. (e.g. for Backups)
 VOLUME ["/teamspeak3"]
 
+USER teamspeak
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD ["/opt/docker-ts3.sh"]
 
 # Expose the Standard TS3 port, for files, for serverquery