rootless container

[devthejo]

Is your feature request related to a problem? Please describe.
I want to run it on a kubernetes cluster that doesn't allow root containers, so I want to be able to run it as non root

Describe alternatives you've considered
Tried to play with security context to override uid, but fail with missing permissions on folders and port that is <1024 and require privileges

Additional context
I've fixed this here https://codeberg.org/devthefuture/nominatim-docker-rootless/src/branch/master/Dockerfile
if you're OK to accept a PR on this, I will do one.

another topic ;-) :
concerning your issue

nominatim-docker/4.3/Dockerfile

Line 143 in a8fff59

# i cannot figure out a way to remove this duplication, if anyone knows, please get in touch

the trick is to put an ARG at the top of Dockerfile (before any stage/FROM) with the default value, then call ARG again but without value in the stage, it will be usable as variable in the stage with the default (or build-arg value) from the top one:

ARG NOMINATIM_VERSION=4.3.2
FROM ubuntu:jammy AS build
# ...
FROM scratch
ARG NOMINATIM_VERSION
ENV NOMINATIM_VERSION=$NOMINATIM_VERSION
ENV USER_AGENT=mediagis/nominatim-docker:$NOMINATIM_VERSION