ah no, it's docker specification idiocy, it will always COPY a file as root unless ownership explicitly declared, USER is ignored, is there a single thing about docker that doesn't totally suck
Discussion
yo, nostr:npub1ysufjjd485tftr4wy2a83fqyqvtfq0yn820gl8vl6hcsdz8uv2hskx2jyl you need to do --chown=pleroma in the Dockerfile for the config copy and set more restrictive permissions on confix.exs in the repo