From 07b0744c783f58a242488a7d44eac33c1fb7aceb Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Sat, 28 Mar 2026 15:55:03 -0700
Subject: [PATCH] Clean up Dockerfile for rootless podman compatibility
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove USER, VOLUME, and user creation — rootless podman runs as the
host user and bind-mounts /srv/mcns directly.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 Dockerfile | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0386d33..6f1788a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,26 +13,14 @@ RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w -X main.version=${VERSION}"
 
 FROM alpine:3.21
 
-RUN apk add --no-cache ca-certificates tzdata \
-    && addgroup -S mcns \
-    && adduser -S -G mcns -h /srv/mcns -s /sbin/nologin mcns \
-    && mkdir -p /srv/mcns && chown mcns:mcns /srv/mcns
+RUN apk add --no-cache ca-certificates tzdata
 
 COPY --from=builder /build/mcns /usr/local/bin/mcns
 
-# /srv/mcns is the single volume mount point.
-# It must contain:
-#   mcns.toml  — configuration file
-#   certs/     — TLS certificate and key
-#   mcns.db    — created automatically on first run
-VOLUME /srv/mcns
 WORKDIR /srv/mcns
-
 EXPOSE 53/udp 53/tcp
 EXPOSE 8443
 EXPOSE 9443
 
-USER mcns
-
 ENTRYPOINT ["mcns"]
 CMD ["server", "--config", "/srv/mcns/mcns.toml"]