make rootless

Dockerfile

@@ -1,14 +1,24 @@
 FROM debian:12-slim
 
-WORKDIR /app
-
 RUN apt-get update -qq && apt-get install -qq libmariadb3 --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
-COPY ./DarkflameServer/build /app
+ARG PUID=1000
-COPY ./start.sh /app/
+ENV GROUP dockergroup
-COPY ./masterconfig.ini /app/
+ENV USER docker
+ENV HOMEDIR "/home/${USER}"
+ENV PATH ${HOMEDIR}/.local/bin:$PATH
+RUN useradd -u "${PUID}" -m "${USER}"
 
-RUN chmod +x /app/start.sh
+WORKDIR ${HOMEDIR}
+
+COPY ./DarkflameServer/build ${HOMEDIR}/app
+COPY ./start.sh ${HOMEDIR}/app/
+COPY ./masterconfig.ini ${HOMEDIR}/app/
+COPY ./authconfig.ini ${HOMEDIR}/app/
+
+RUN chown -R 1000:1000 ${HOMEDIR}
+
+RUN chmod +x ${HOMEDIR}/app/start.sh
 
 ENV MYSQL_HOST darkflame_db
 ENV MYSQL_DATABASE darkflame
@@ -17,4 +27,7 @@ ENV MAX_CLIENTS 999
 ENV TEAM_LOOT 1
 ENV CLIENT_VERSION 171022
 
-ENTRYPOINT [ "/app/start.sh" ]
+USER ${USER}
+WORKDIR ${HOMEDIR}
+
+ENTRYPOINT [ "${HOMEDIR}/app/start.sh" ]

authconfig.ini

@@ -0,0 +1,6 @@
+# Port number. The client has the authserver port hardcoded to 1001
+port=11001
+
+# 0 or 1, should ignore playkeys
+# If 1 everyone with an account will be able to login, regardless of if they have a key or not
+dont_use_keys=0

masterconfig.ini

@@ -2,10 +2,10 @@
 master_ip=localhost
 
 # Port number
-port=2000
+port=12000
 
 # The port number to start world servers on. Will be incremented for each world
-world_port_start=3000
+world_port_start=13000
 
 # Use sudo when launching the auth server.
 # Required by default if on Linux as auth runs on port 1001