# 简化版 Dockerfile
# 构建命令示例：
#   docker build -t fy93:latest .
#   docker build --no-cache -t fy93:latest .
# 运行测试命令示例：
#   docker run -it --rm  --network macvlan_dhcp_network --mac-address 02:42:ac:11:00:02  fy93:latest bash
# 本镜像提供一个“空白”环境，仅安装 nginx、python、php 和 mysql，
# 便于初学者在此基础上添加自己的配置和代码。

# 轻量级基础镜像
# 使用 Debian 12 (bookworm) 作为基础镜像
FROM debian:bookworm-slim

# 设置环境变量
ENV DEBIAN_FRONTEND=noninteractive \
    TZ=Asia/Shanghai \
    ENCRYPTION_PASSWORD=ChangeMe123! \
    SFTP_USER=wen \
    SFTP_PASSWORD=Aa123456 \
    VOLUME_SIZE_GB=5

# 1. 配置阿里云镜像源
RUN echo "deb http://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware" > /etc/apt/sources.list && \
    echo "deb http://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.aliyun.com/debian-security bookworm-security main non-free non-free-firmware" >> /etc/apt/sources.list && \
    rm -rf /etc/apt/sources.list.d/*

# 2. 安装必要软件包
# 2. 安装必要软件包（仅新增 wireguard-tools、iproute2、iptables、kmod）
RUN apt-get update && apt-get install -y --no-install-recommends \
    apt-utils \
    # 进程管理器
    runit \
    # 网络工具
    nginx \
    openssh-server \
    openssh-sftp-server \
    cryptsetup \
    e2fsprogs \
    rsync \
    curl \
    nano \
    procps \
    net-tools \
    iputils-ping\
    # 新增 WireGuard 相关依赖包
    wireguard-tools \
    iproute2 \
    iptables \
    openresolv\
    kmod \
    && rm -rf /var/lib/apt/lists/*

# 3. 创建 SSH 运行目录和权限分离目录
RUN mkdir -p /run/sshd && \
    chmod 0755 /run/sshd
    
# 3. 创建用户和目录
RUN useradd -m -s /bin/bash ${SFTP_USER} && \
    echo "${SFTP_USER}:${SFTP_PASSWORD}" | chpasswd && \
    mkdir -p /home/${SFTP_USER}/.ssh && \
    chown -R ${SFTP_USER}:${SFTP_USER} /home/${SFTP_USER} && \
    chmod 700 /home/${SFTP_USER}/.ssh


# 5. 复制配置文件
COPY ssh/sshd_config /etc/ssh/sshd_config
# 设置 SSH 配置文件权限
RUN chmod 600 /etc/ssh/sshd_config && \
    # 生成 SSH 主机密钥
    ssh-keygen -A

#设置 entrypoint
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

  
# SSH服务
RUN mkdir -p /etc/service/sshd && \
    echo '#!/bin/sh' > /etc/service/sshd/run && \
    echo 'exec /usr/sbin/sshd -D 2>&1' >> /etc/service/sshd/run && \
    chmod +x /etc/service/sshd/run

# Nginx服务
RUN mkdir -p /etc/service/nginx && \
    echo '#!/bin/sh' > /etc/service/nginx/run && \
    echo 'exec /usr/sbin/nginx -g "daemon off;" 2>&1' >> /etc/service/nginx/run && \
    chmod +x /etc/service/nginx/run

# 7. 暴露端口
EXPOSE 22
EXPOSE 80

# 8. 设置入口点
ENTRYPOINT ["/entrypoint.sh"]
CMD ["runsvdir", "-P", "/etc/service"]
