# inspiration
# https://github.com/AntoineMary/docker-softether-vpn-bridge/blob/master/Dockerfile

# resources
# https://www.sdrplay.com/community/viewtopic.php?t=4209
# https://stackoverflow.com/questions/37818831/is-there-a-best-practice-on-setting-up-glibc-on-docker-alpine-linux-base-image
# https://www.startpage.com/sp/search?query=%22-s+%2Fsbin%2Fnologin%22+debian&t=device&lui=english&sc=XHeLBvq6o3Va00&cat=web
# https://www.startpage.com/do/dsearch?query=dockerfile+groupid&language=english&cat=web&pl=ext-chrome&extVersion=1.1.2
# https://snyk.io/blog/10-docker-image-security-best-practices/

FROM bitnami/minideb:bullseye
LABEL maintainer "M Peters <8779484+petrosmm@users.noreply.github.com>"

### SET ENVIRONNEMENT
ENV LANG="en_US.UTF-8" \
    SOFTETHER_VERSION="v4.38-9760-rtm" \
    SOFTETHER_VERSION_DATE="2021.08.17" \
    SOFTETHER_VERSION_CPU="linux-x64-64bit" \
    SSL_LIBS="libssl1.1 libssl-dev" \
    GID="1000"

ENV FILENAME_WO_EXT=softether-vpnbridge-${SOFTETHER_VERSION}-${SOFTETHER_VERSION_DATE}-${SOFTETHER_VERSION_CPU}
ENV FILENAME=${FILENAME_WO_EXT}.tar.gz
ENV DOWNLOAD=https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/${SOFTETHER_VERSION}/${FILENAME}

### SETUP
RUN mkdir /assets
COPY assets /assets

RUN apt update && apt install -y wget curl make gcc musl-dev libreadline-dev libncurses-dev libcap-dev ${SSL_LIBS} && \
    
    # clean-up
    rm -rf /var/lib/apt/lists/* && \

    # props to dmrub for this wonderful code https://gist.github.com/dmrub/b311d36492f230887ab0743b3af7309b
    set -ex; \
    \
    curl -o /usr/local/bin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/master/su-exec.c; \
    \
    fetch_deps='gcc libc-dev'; \
    apt-get update; \
    apt-get install -y --no-install-recommends $fetch_deps; \
    rm -rf /var/lib/apt/lists/*; \
    gcc -Wall /usr/local/bin/su-exec.c -o/usr/local/bin/su-exec; \
    chown root:root /usr/local/bin/su-exec; \
    chmod 0755 /usr/local/bin/su-exec; \
    rm /usr/local/bin/su-exec.c; \

    # CONVERTED FROM ALPINE addgroup softether && adduser -g 'softether' -G softether -s /sbin/nologin -D -H softether && \
    #       TODO need some help cleaning this up properly
    addgroup softether --gid ${GID} && \
    useradd -g 1000 -ms /bin/bash softether && \
    usermod -s /usr/sbin/nologin softether && \

    mv /assets/entrypoint.sh / && \
    chmod +x /entrypoint.sh && \

    # fetch sources
    wget --no-check-certificate -O ${FILENAME} ${DOWNLOAD} && \

    # untar
    tar zxvpf ${FILENAME} && \
    cd vpnbridge && \    
    chown -R softether:softether /assets /vpnbridge && \

    # patching sources
    for file in /assets/patchs/*.sh; do /bin/sh "$file"; done && \

    # install
    make && ./.install.sh && \

    # to agree to terms
    echo 1 && \

    # Cleaning
    apt-get remove --purge -y wget curl make gcc musl-dev libreadline-dev ncurses-dev libssl-dev libncurses-dev libcap-dev && \

    # Reintroduce necessary libraries
    # 
    apt update && apt install -y ${SSL_LIBS} libreadline8 libncurses6  && \
    
    # Removing vpnclient, vpncmd vpnserver and build files
    # TODO
    cd ..
    # \ && 

    # TODO
    # rm -rf /${FILENAME}
    # /assets 
    # blah blah blah

EXPOSE 443/tcp 992/tcp 1194/udp 5555/tcp

ENTRYPOINT ["/entrypoint.sh"]

# DEBUG
#ENTRYPOINT ["/bin/sh"]

# TODO move to /usr/vpnbridge/vpnbridge
CMD ["/vpnbridge/vpnbridge", "execsvc"]