From ae54910f511b83541e9870dd42dd8873b4ee3cbf Mon Sep 17 00:00:00 2001
From: vikingowl <christian@nachtigall.dev>
Date: Sun, 22 Feb 2026 10:19:19 +0100
Subject: [PATCH] fix(docker): use existing nobody user instead of creating UID
 65534

---
 backend/deploy/Dockerfile | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/backend/deploy/Dockerfile b/backend/deploy/Dockerfile
index 07ef359..6354daa 100644
--- a/backend/deploy/Dockerfile
+++ b/backend/deploy/Dockerfile
@@ -18,16 +18,14 @@ FROM alpine:3.21
 
 RUN apk add --no-cache ca-certificates tzdata
 
-# UID 65534 = nobody on Alpine, matches podSecurityContext.runAsUser
-RUN adduser -D -u 65534 -g '' nonroot
-
 WORKDIR /app
 
 COPY --from=builder /api .
 COPY --from=builder /go/bin/migrate /usr/local/bin/migrate
 COPY migrations/ ./migrations/
 
-USER nonroot:nonroot
+# alpine:3.21 already ships nobody at UID 65534 — matches podSecurityContext.runAsUser
+USER nobody:nobody
 
 EXPOSE 8080