From 5685e2ace2f4a65cfe25b5e29aed9211884560e2 Mon Sep 17 00:00:00 2001
From: Ben Allfree <ben@benallfree.com>
Date: Thu, 2 Nov 2023 11:54:51 +0000
Subject: [PATCH 1/2] fix: dockerfile CA images

---
 src/services/PocketBaseService/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/services/PocketBaseService/Dockerfile b/src/services/PocketBaseService/Dockerfile
index 746b2ef0..a8c1bc9f 100644
--- a/src/services/PocketBaseService/Dockerfile
+++ b/src/services/PocketBaseService/Dockerfile
@@ -1,4 +1,5 @@
-FROM node:20.9.0-slim
+FROM node:20.9.0-alpine3.18
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
 
 EXPOSE 3000
 

From 51a98bd0251093e441297c973d44d49ee3364a48 Mon Sep 17 00:00:00 2001
From: Ben Allfree <ben@benallfree.com>
Date: Fri, 3 Nov 2023 04:52:36 +0000
Subject: [PATCH 2/2] fix: make pockethost bind mount read-only

---
 src/services/PocketBaseService/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/services/PocketBaseService/index.ts b/src/services/PocketBaseService/index.ts
index 742aa10f..f9bae553 100644
--- a/src/services/PocketBaseService/index.ts
+++ b/src/services/PocketBaseService/index.ts
@@ -159,7 +159,7 @@ export const createPocketbaseService = async (
           '8090/tcp': [{ HostPort: `${port}` }],
         },
         Binds: [
-          `${dirname(binPath)}:/host_bin`,
+          `${dirname(binPath)}:/host_bin:ro`,
           `${mkInstanceDataPath(slug)}:/host_data`,
           `${
             isMothership