netbird/client/Dockerfile-rootless

# build & run locally with:
#   cd "$(git rev-parse --show-toplevel)"
#   CGO_ENABLED=0 go build -o netbird ./client
#   podman build -t localhost/netbird:latest -f client/Dockerfile --ignorefile .dockerignore-client .
#   podman run --rm -it --cap-add={BPF,NET_ADMIN,NET_RAW} localhost/netbird:latest

FROM alpine:3.22.0

RUN apk add --no-cache \
      bash \
      ca-certificates \
    && adduser -D -h /var/lib/netbird netbird

WORKDIR /var/lib/netbird
USER netbird:netbird

ENV \
    NETBIRD_BIN="/usr/local/bin/netbird" \
    NB_USE_NETSTACK_MODE="true" \
    NB_ENABLE_NETSTACK_LOCAL_FORWARDING="true" \
    NB_CONFIG="/var/lib/netbird/config.json" \
    NB_STATE_DIR="/var/lib/netbird" \
    NB_DAEMON_ADDR="unix:///var/lib/netbird/netbird.sock" \
    NB_LOG_FILE="console,/var/lib/netbird/client.log" \
    NB_DISABLE_DNS="true" \
    NB_ENTRYPOINT_SERVICE_TIMEOUT="5" \
    NB_ENTRYPOINT_LOGIN_TIMEOUT="1"

ENTRYPOINT [ "/usr/local/bin/netbird-entrypoint.sh" ]

ARG NETBIRD_BINARY=netbird
COPY client/netbird-entrypoint.sh /usr/local/bin/netbird-entrypoint.sh
COPY "${NETBIRD_BINARY}"  /usr/local/bin/netbird