From 83a89e548b5921c43ef89f923f72cf588e768e2e Mon Sep 17 00:00:00 2001
From: Matthew Tran <matthewlamtran@berkeley.edu>
Date: Sun, 10 Sep 2023 11:21:51 +0000
Subject: [PATCH] switch to non-root user in container

---
 README.md               |  1 +
 compose.yml             | 22 ++++++++++++++++------
 minecraft/.dockerignore |  1 +
 minecraft/Dockerfile    | 14 ++++++++------
 monerod/.dockerignore   |  1 +
 monerod/Dockerfile      |  8 +++++---
 p2pool/Dockerfile       |  9 +++++++++
 terraria/.dockerignore  |  1 +
 terraria/Dockerfile     | 14 ++++++++------
 terraria/config.txt     |  4 ++--
 10 files changed, 52 insertions(+), 23 deletions(-)
 create mode 100644 minecraft/.dockerignore
 create mode 100644 monerod/.dockerignore
 create mode 100644 p2pool/Dockerfile
 create mode 100644 terraria/.dockerignore

diff --git a/README.md b/README.md
index 3673021..333614b 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@ Stuff that's deployed on [matthewtran.com](matthewtran.com). Tested on Ubuntu Se
 - p2pool (`xmrig -o matthewtran.com:3333`)
 - minecraft
 - terraria
+- wireguard
 
 ## setup
 
diff --git a/compose.yml b/compose.yml
index 4746d32..73d4f28 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,25 +2,35 @@ services:
   monerod:
     restart: always
     build: monerod/.
-    entrypoint: ["/bin/sh", "/root/entry.sh"]
+    entrypoint: ["/bin/sh", "/home/matt/entry.sh"]
     ports:
       - "18080:18080"
       - "18083:18083"
     volumes:
-      - ./monerod/.bitmonero:/root/.bitmonero
+      - ./monerod/.bitmonero:/home/matt/.bitmonero
+  p2pool:
+    restart: always
+    build: p2pool/.
+    # entrypoint: ["/bin/sh", "/home/matt/entry.sh"]
+    ports:
+      - "3333:3333"
+      - "37888:37888"
+      - "37889:37889"
+    # volumes:
+    #   - ./monerod/.bitmonero:/home/matt/.bitmonero
   minecraft:
     restart: always
     build: minecraft/.
-    entrypoint: ["/bin/sh", "/root/entry.sh"]
+    entrypoint: ["/bin/sh", "/home/matt/entry.sh"]
     ports:
       - "25565:25565"
     volumes:
-      - ./minecraft/world:/root/world
+      - ./minecraft/world:/home/matt/world
   terraria:
     restart: always
     build: terraria/.
-    entrypoint: ["/bin/sh", "/root/entry.sh"]
+    entrypoint: ["/bin/sh", "/home/matt/entry.sh"]
     ports:
       - "7777:7777"
     volumes:
-      - ./terraria/worlds:/root/worlds
+      - ./terraria/worlds:/home/matt/worlds
diff --git a/minecraft/.dockerignore b/minecraft/.dockerignore
new file mode 100644
index 0000000..1f7dba6
--- /dev/null
+++ b/minecraft/.dockerignore
@@ -0,0 +1 @@
+world/
diff --git a/minecraft/Dockerfile b/minecraft/Dockerfile
index 5ef22b7..c8ae68d 100644
--- a/minecraft/Dockerfile
+++ b/minecraft/Dockerfile
@@ -1,17 +1,19 @@
 FROM ubuntu:22.04
 
-WORKDIR /root
-
 RUN apt-get update && apt-get upgrade
 RUN apt-get install -y wget openjdk-18-jre
 
+RUN useradd -m matt
+USER matt
+WORKDIR /home/matt
+
 RUN wget https://github.com/Tiiffi/mcrcon/releases/download/v0.7.2/mcrcon-0.7.2-linux-x86-64.tar.gz
 RUN tar xvf mcrcon-0.7.2-linux-x86-64.tar.gz
 
 # from https://www.minecraft.net/en-us/download/server (currently 1.20.1)
 RUN wget https://piston-data.mojang.com/v1/objects/84194a2f286ef7c14ed7ce0090dba59902951553/server.jar
 
-COPY eula.txt ./
-COPY entry.sh ./
-COPY server.properties ./
-COPY ops.json ./
+COPY --chown=matt:matt eula.txt ./
+COPY --chown=matt:matt entry.sh ./
+COPY --chown=matt:matt server.properties ./
+COPY --chown=matt:matt ops.json ./
diff --git a/monerod/.dockerignore b/monerod/.dockerignore
new file mode 100644
index 0000000..64677db
--- /dev/null
+++ b/monerod/.dockerignore
@@ -0,0 +1 @@
+.bitmonero
diff --git a/monerod/Dockerfile b/monerod/Dockerfile
index c8a124d..d6e1839 100644
--- a/monerod/Dockerfile
+++ b/monerod/Dockerfile
@@ -1,12 +1,14 @@
 FROM ubuntu:22.04
 
-WORKDIR /root
-
 RUN apt-get update && apt-get upgrade
 RUN apt-get install -y wget bzip2
 
+RUN useradd -m matt
+USER matt
+WORKDIR /home/matt
+
 RUN wget https://downloads.getmonero.org/linux64
 RUN tar xvf linux64 && rm linux64
 RUN mv monero-x86_64-linux-gnu-v0.18.2.2/ monero/
 
-COPY entry.sh ./
+COPY --chown=matt:matt entry.sh ./
diff --git a/p2pool/Dockerfile b/p2pool/Dockerfile
new file mode 100644
index 0000000..81de9db
--- /dev/null
+++ b/p2pool/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:22.04
+
+RUN apt-get update && apt-get upgrade
+
+RUN useradd -m matt
+USER matt
+WORKDIR /home/matt
+
+# TODO everything else
diff --git a/terraria/.dockerignore b/terraria/.dockerignore
new file mode 100644
index 0000000..6a2fdbd
--- /dev/null
+++ b/terraria/.dockerignore
@@ -0,0 +1 @@
+worlds/
diff --git a/terraria/Dockerfile b/terraria/Dockerfile
index f37ef5d..2ef49ca 100644
--- a/terraria/Dockerfile
+++ b/terraria/Dockerfile
@@ -1,19 +1,21 @@
 FROM ubuntu:22.04
 
-WORKDIR /root
-
 RUN apt-get update && apt-get upgrade
 RUN apt-get install -y wget unzip
 
+RUN useradd -m matt
+USER matt
+WORKDIR /home/matt
+
 # from https://terraria.fandom.com/wiki/Server (currently 1.4.4.9)
 RUN wget https://terraria.org/api/download/pc-dedicated-server/terraria-server-1449.zip
 RUN unzip terraria-server-1449.zip && rm terraria-server-1449.zip
 RUN mv 1449/ server/
 
-COPY entry.sh ./
+COPY --chown=matt:matt entry.sh ./
 
-WORKDIR /root/server/Linux
+WORKDIR /home/matt/server/Linux
 
 RUN chmod +x TerrariaServer.bin.x86_64
-COPY password.default ./password.txt
-COPY config.txt password.tx[t] ./
+COPY --chown=matt:matt password.default ./password.txt
+COPY --chown=matt:matt config.txt password.tx[t] ./
diff --git a/terraria/config.txt b/terraria/config.txt
index 9dbf757..2c2712c 100644
--- a/terraria/config.txt
+++ b/terraria/config.txt
@@ -1,5 +1,5 @@
-world=/root/worlds/default.wld
+world=/home/matt/worlds/default.wld
 autocreate=3
 worldname=default
 difficulty=2
-worldpath=/root/worlds
+worldpath=/home/matt/worlds