FROM alpine:3.20

MAINTAINER Valentin Lab <valentin.lab@kalysto.org>

## coreutils is for ``date`` support of ``--rfc-3339=seconds`` argument.
## findutils is for ``find`` support of ``--newermt`` argument.
## gawk is for ``awk`` support of unicode strings.
## btrfs-progs is for ``btrfs`` support for snapshotting capacity
RUN apk add rsync sudo bash openssh-server coreutils findutils gawk btrfs-progs
RUN ssh-keygen -A

## New user/group rsync/rsync with home dir in /var/lib/rsync
RUN mkdir -p /var/lib/rsync /var/log/rsync && \
    addgroup -S rsync && \
    adduser -S rsync -h /var/lib/rsync -G rsync && \
    chown rsync:rsync /var/lib/rsync /var/log/rsync

## Without this, account is considered locked by SSH
RUN sed -ri 's/^rsync:!:/rsync:*NP*:/g' /etc/shadow

## Withouth this, force-command will not run
RUN sed -ri 's%^(rsync.*:)[^:]+$%\1/bin/bash%g' /etc/passwd

## Allow rsync to access /var/mirror
COPY /src /

RUN chmod 440 /etc/sudoers.d/*

RUN mkdir /var/run/sshd

ENV SCRIPT_LOGCHUNK_SHA="0.1.0"

RUN apk add curl; export pkg ; \
    for pkg in logchunk; do \
        echo "Getting $pkg..." ; \
        bash -c -- 'varname=${pkg^^} ; varname=${varname//-/_} ; \
            eval curl https://docker.0k.io/downloads/$pkg-\${SCRIPT_${varname^^}_SHA}' > \
                /usr/local/bin/"$pkg" || exit 1 ; \
        chmod +x /usr/local/bin/"$pkg" ; \
    done


COPY ./entrypoint.sh /entrypoint.sh

EXPOSE 22

ENTRYPOINT [ "/entrypoint.sh" ]