FROM alpine:latest as dist
LABEL maintainer aynic.os <support+docker@asycn.io>
ARG DOCKER_BUILD_DIR
ARG GIT_AUTHOR_NAME
ARG GIT_AUTHOR_EMAIL
ARG OPERATING_SYSTEM=Linux
ARG PROCESSOR_ARCHITECTURE=x86_64

ENV GIT_AUTHOR_NAME=${GIT_AUTHOR_NAME}
ENV GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
ENV GIT_COMMITTER_NAME=${GIT_AUTHOR_NAME}
ENV GIT_COMMITTER_EMAIL=${GIT_AUTHOR_EMAIL}

RUN apk upgrade --no-cache \
 && apk add --no-cache \
        bash \
        curl \
        gettext \
        git \
        gpg \
        gpg-agent \
        make \
        nano \
        netcat-openbsd \
        openssh \
        screen \
        socat \
        tmux \
        wget \
        xz

RUN git clone https://github.com/ingydotnet/git-subrepo \
 && cd git-subrepo \
 && git fetch origin +refs/heads/release/0.4.0: \
 && git checkout release/0.4.0 \
 && git fetch origin pull/314/head \
 && git rebase 9cbe7ba2f61552ce97fb312c8133813f970ab4a5 \
 && sed -i 's/install -C/install/' Makefile \
 && make install \
 && cd .. \
 && rm -rf git-subrepo

ARG IPFS_VERSION=0.13.0

RUN { OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
    ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \
    wget -qO - https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.${OS}.${ARCH}.tar.xz \
     |tar --strip-components 1 -C /usr/local/bin -xJf - shellcheck-stable/shellcheck; } \
 && { ARCH="$(echo ${PROCESSOR_ARCHITECTURE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
    wget -qO - https://github.com/ipfs/go-ipfs/releases/download/v${IPFS_VERSION}/go-ipfs_v${IPFS_VERSION}_${OS}-${ARCH}.tar.gz \
     |tar --strip-components 1 -C /usr/local/bin -xzf - go-ipfs/ipfs; } \
 && mkdir -p /usr/local/lib/shellspec \
 && wget -qO - https://github.com/shellspec/shellspec/archive/refs/heads/master.tar.gz \
     |tar --strip-components 1 -C /usr/local/lib/shellspec -xzf - \
 && ln -s /usr/local/lib/shellspec/shellspec /usr/local/bin/shellspec

ADD https://raw.github.com/kvz/cronlock/master/cronlock /usr/local/bin/cronlock
RUN chmod +rx /usr/local/bin/cronlock

# Setup environment variables; export SSH_AUTH_SOCK from socket directory
ENV SOCKET_DIR /tmp/ssh-agent
ENV SSH_AUTH_SOCK ${SOCKET_DIR}/socket
ENV SSH_AUTH_PROXY_SOCK ${SOCKET_DIR}/proxy-socket

COPY ${DOCKER_BUILD_DIR}/docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]

CMD ["start"]

FROM dist as master
ARG DOCKER_BUILD_DIR
ARG DOCKER_GID
ARG SHELL=/bin/bash
ARG SSH_BASTION_HOSTNAME
ARG SSH_BASTION_USERNAME
ARG SSH_PRIVATE_IP_RANGE
ARG SSH_PUBLIC_HOSTS
ARG UID
ARG USER
ENV UID=${UID}
ENV GID=${UID}
ENV USER=${USER}

RUN apk add --no-cache \
#         docker \
#         docker-compose \
#         mysql-client \
#         postgresql-client \
        sudo
#         vim \
#         zsh

# If we provide a numeric UID
RUN [ "$UID" -eq "$UID" ] 2>/dev/null \
# Remove user with $UID if it is not our $USER
 && if [ "$(getent passwd $UID |awk -F: '{print $1}')" != "$USER" ]; then \
      sed -i '/^'$(getent passwd $UID |awk -F: '{print $1}')':x:'$UID':/d' /etc/passwd; \
      sed -i '/^'$(getent group $GID |awk -F: '{print $1}')':x:'$GID':/d' /etc/group; \
    fi \
# Force $UID if our $USER already exists
 && sed -i 's/^'$USER':x:[0-9]\+:[0-9]\+:/'$USER':x:'$UID':'$GID':/' /etc/passwd \
 && sed -i 's/^'$USER':x:[0-9]\+:/'$USER':x:'$GID':/' /etc/group \
# Create $USER if it does not exist
 && if [ "$(getent passwd $UID)" = "" ]; then \
      echo "$USER:x:$UID:$GID::/home/$USER:$SHELL" >> /etc/passwd; \
      echo "$USER:\!:$(($(date +%s) / 60 / 60 / 24)):0:99999:7:::" >> /etc/shadow; \
      echo "$USER:x:$GID:" >> /etc/group; \
    fi \
 && mkdir -p /home/$USER \
 && chown $UID:$GID /home/$USER \
 || true

# If we provide a numeric DOCKER_GID
RUN [ "$DOCKER_GID" -eq "$DOCKER_GID" ] 2>/dev/null \
 && if [ "$(getent group docker |awk -F: '{print $3}')" != "$DOCKER_GID" ]; then \
      sed -i 's/^docker:x:[0-9]\+:/docker:x:'$DOCKER_GID':/' /etc/group; \
    fi \
|| true

## User groups
RUN adduser $USER wheel \
#  && adduser $USER docker \
 && echo '%wheel ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

RUN echo -e "\n\
Host *\n\
  LogLevel quiet\n\
  Compression yes\n\
" >> /etc/ssh/ssh_config \
 && if [ -n "${SSH_PRIVATE_IP_RANGE}" ] && [ -n "${SSH_BASTION_HOSTNAME}" ]; then \
      echo -e "\
Host ${SSH_PRIVATE_IP_RANGE}\n\
  ProxyCommand ssh -q ssh-bastion nc -q0 %h 22\n\
  HostName %h\n\
  StrictHostKeyChecking no\n\
  UserKnownHostsFile /dev/null\n\
Host ssh-bastion\n\
  HostName ${SSH_BASTION_HOSTNAME}\
" >> /etc/ssh/ssh_config; \
      if [ -n "${SSH_BASTION_USERNAME}" ]; then \
        echo -e "\
  User ${SSH_BASTION_USERNAME}\n\
" >> /etc/ssh/ssh_config; \
      fi \
    fi

# Custom rc functions
COPY ansible/roles/hosts/files/etc/profile.d/rc*.sh /etc/profile.d/

RUN mkdir -p $SOCKET_DIR && chown $USER $SOCKET_DIR

VOLUME ${SOCKET_DIR}

USER $USER
ENV SHELL=${SHELL}
WORKDIR /home/$USER

# git config
RUN mkdir -p ~/.ssh ~/.config/git \
 && ssh-keyscan -t rsa -H ${SSH_PUBLIC_HOSTS} >> ~/.ssh/known_hosts \
 && echo -e "\
.DS_Store\n\
.idea/\n\
.nfs*\n\
.theia/settings.json\n\
*~\n\
*.log\n\
*.swp\n\
Thumbs.db\n\
" > ~/.config/git/ignore

# dot files
COPY ${DOCKER_BUILD_DIR}/.* /home/$USER/