Adjusted to use non-root user.

nvim/tools/Dockerfile

@@ -5,14 +5,20 @@ FROM debian:unstable
 RUN apt-get update && apt-get install -y locales
 
 # Set image locale.
-ENV LANG en_US.UTF-8
-ENV LANGUAGE en_US:en
-ENV LC_ALL en_US.UTF-8
+ENV LANG=en_US.UTF-8
+ENV LANGUAGE=en_US:en
+ENV LC_ALL=en_US.UTF-8
 ENV TZ=America/New_York
 ENV TERM=xterm-256color
 
-# Update repositories and install software:
-RUN apt-get update && apt-get -y install curl fzf ripgrep tree git xclip python3 python3-pip python3-venv nodejs npm tzdata ninja-build gettext libtool libtool-bin autoconf automake cmake g++ pkg-config zip unzip fish tmux
+# Create a non-root user with UID 1000
+RUN useradd -m -u 1000 -s /usr/bin/fish shaun
+
+# Install required software
+RUN apt-get update && apt-get -y install \
+    curl fzf ripgrep tree git xclip python3 python3-pip python3-venv nodejs npm \
+    tzdata ninja-build gettext libtool libtool-bin autoconf automake cmake g++ \
+    pkg-config zip unzip fish tmux
 
 # Cooperate Neovim with Python 3.
 RUN python3 -m pip install --break-system-packages --root-user-action ignore pynvim
@@ -21,45 +27,47 @@ RUN python3 -m pip install --break-system-packages --root-user-action ignore pyn
 RUN npm i -g neovim
 
 # Install Neovim from source.
-RUN mkdir -p /root/TMP
-RUN cd /root/TMP && git clone https://github.com/neovim/neovim
-RUN cd /root/TMP/neovim && git checkout stable && make -j4 && make install
-RUN rm -rf /root/TMP
+RUN mkdir -p /tmp/neovim-src && \
+    git clone --depth 1 --branch stable https://github.com/neovim/neovim /tmp/neovim-src && \
+    cd /tmp/neovim-src && make -j$(nproc) && make install && \
+    rm -rf /tmp/neovim-src
 
 # Clone configuration files.
-RUN git clone https://gitea.setlock.net/shaun/dotfiles.git /root/dotfiles
+USER shaun
+WORKDIR /home/shaun
 
-# Create directory configuration files.
-RUN mkdir -p /root/.config
+RUN git clone https://gitea.setlock.net/shaun/dotfiles.git /home/shaun/dotfiles
 
-# fish needs the .ssh directory
-RUN mkdir -p /root/.ssh
+# Create directories.
+RUN mkdir -p /home/shaun/.config /home/shaun/.ssh
 
 # Softlink configuration files.
-RUN ln -s /root/dotfiles/nvim /root/.config
-RUN ln -s /root/dotfiles/fish /root/.config
-RUN ln -s /root/dotfiles/tmux /root/.config
+RUN ln -s /home/shaun/dotfiles/nvim /home/shaun/.config
+RUN ln -s /home/shaun/dotfiles/fish /home/shaun/.config
+RUN ln -s /home/shaun/dotfiles/tmux /home/shaun/.config
 
-# Make sure tmux plug-in manager is installed.
-RUN git clone https://github.com/tmux-plugins/tpm /root/.config/tmux/plugins/tpm
-RUN /root/.config/tmux/plugins/tpm/scripts/install_plugins.sh
+# Install tmux plugin manager.
+RUN git clone https://github.com/tmux-plugins/tpm /home/shaun/.config/tmux/plugins/tpm && \
+    /home/shaun/.config/tmux/plugins/tpm/scripts/install_plugins.sh
 
 # Get oh-my-fish and bob-the-fish installed.
 RUN curl https://raw.githubusercontent.com/oh-my-fish/oh-my-fish/master/bin/install > install
 RUN fish install --noninteractive
 RUN fish -c "omf install bobthefish"
 
-# Install neovim plugins
+# Install Neovim plugins
 RUN nvim --headless "+Lazy! sync" +qa
 
-# Set root's default shell.
-RUN usermod --shell /usr/bin/fish root
+# Set default shell for shaun
+USER root
+RUN usermod --shell /usr/bin/fish shaun
 
-# Create directory for projects (there should be mounted from host).
-RUN mkdir -p /root/workspace
+# Set workspace directory
+RUN mkdir -p /workspace && chown shaun:shaun /workspace
+WORKDIR /workspace
 
-# Set default location after container startup.
-WORKDIR /root/workspace
+# Switch to non-root user
+USER shaun
 
 # Avoid container exit.
 CMD ["tail", "-f", "/dev/null"]