feat(git): use non-root and add robots.

author: Yuqian Yang <crupest@crupest.life> 2025-02-28 16:18:56 +0800
committer: Yuqian Yang <crupest@crupest.life> 2025-02-28 16:33:19 +0800
commit: 5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b (patch)
tree: 726e6b0ec2f86a4530161e4e4e90c0632c134f5a /services/docker/git-server/Dockerfile
parent: d201f6ef9c4b937f0ae8ee98dc291d7cfa10da92 (diff)
download: crupest-5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b.tar.gz
crupest-5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b.tar.bz2
crupest-5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/services/docker/git-server/Dockerfile b/services/docker/git-server/Dockerfile
index b725122..274ba6a 100644
--- a/services/docker/git-server/Dockerfile
+++ b/services/docker/git-server/Dockerfile
@@ -3,13 +3,14 @@ RUN apt-get update && apt-get install -y \
     git cgit lighttpd apache2-utils python3-pygments python3-markdown \
     tar gzip bzip2 zip unzip tini && \
     rm -rf /var/lib/apt/lists/*
+RUN groupadd -g 1000 git && useradd -m -u 1000 -g 1000 -s /usr/bin/bash git
 
 ENV GIT_CONFIG_SYSTEM=/etc/gitconfig GIT_CONFIG_GLOBAL=/git/private/gitconfig
 
 ADD gitconfig /etc/gitconfig
-ADD --chmod=755 hooks/* /etc/git/hooks/
-ADD git-lighttpd.conf git-auth.conf /app/
-ADD --chmod=755 lighttpd-wrapper.bash /app/
+ADD hooks/* /etc/git/hooks/
+ADD git-lighttpd.conf git-auth.conf lighttpd-wrapper.bash /app/
 
+USER git:git
 VOLUME [ "/git" ]
 CMD [ "tini", "--", "/app/lighttpd-wrapper.bash" ]
author	Yuqian Yang <crupest@crupest.life>	2025-02-28 16:18:56 +0800
committer	Yuqian Yang <crupest@crupest.life>	2025-02-28 16:33:19 +0800
commit	5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b (patch)
tree	726e6b0ec2f86a4530161e4e4e90c0632c134f5a /services/docker/git-server/Dockerfile
parent	d201f6ef9c4b937f0ae8ee98dc291d7cfa10da92 (diff)
download	crupest-5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b.tar.gz crupest-5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b.tar.bz2 crupest-5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b.zip