Zfs fixes

Dockerfile

@@ -12,16 +12,46 @@ RUN CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} go build -ldflags="-s -w" -o zur
 FROM alpine:3 AS obfuscator
 WORKDIR /app
 COPY --from=builder /app/zurg .
-RUN apk add --no-cache upx
-RUN upx --brute zurg
+# RUN apk add --no-cache upx
+# RUN upx --brute zurg
+# Create a health check script that extracts the port from the config file
+RUN echo $'#!/bin/sh\n\
+port=$(yaml read /app/config.yml port)\n\
+nc -z localhost $port || exit 1' > /app/healthcheck.sh && \
+    chmod +x /app/healthcheck.sh
 
 # Final stage
 FROM alpine:3
 WORKDIR /app
-COPY --from=builder /app/zurg .
-RUN apk add --no-cache fuse3 netcat-openbsd
 
-HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
-  CMD nc -z localhost 9999 || exit 1
+# Accept UID and GID as build arguments with default values
+ARG UID=1000
+ARG GID=1000
+
+# Add a group with the specified GID
+RUN addgroup -g ${GID} appgroup
+
+# Add a user with the specified UID and add to the group
+RUN adduser -u ${UID} -D -G appgroup appuser
+
+# Change the ownership of the /app directory to the appuser
+RUN chown -R appuser:appgroup /app
+
+# Copy the obfuscated binary from the obfuscator stage
+COPY --from=obfuscator /app/zurg .
+COPY --from=obfuscator /app/healthcheck.sh .
+
+# Copy the rest of the application files, including the config.yml
+COPY config.yml.example /app/config.yml
+
+# Install runtime dependencies and configure FUSE
+RUN apk add --no-cache fuse3 netcat-openbsd yaml-cpp \
+    && echo 'user_allow_other' >> /etc/fuse.conf
+
+# Use the non-root user to run the application
+USER appuser
+
+# Use the script for the health check
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD /app/healthcheck.sh
 
 ENTRYPOINT ["./zurg"]