# 简化版 Dockerfile
# 构建命令示例：
#   docker build -t fy93:latest .
#   docker build --no-cache -t fy93:latest .
# 运行测试命令示例：
#   docker run -it --rm -p 80:80 fy93:latest
# 本镜像提供一个“空白”环境，仅安装 nginx、python、php 和 mysql，
# 便于初学者在此基础上添加自己的配置和代码。

# 轻量级基础镜像
# 使用 Debian 12 (bookworm) 作为基础镜像
FROM debian:bookworm-slim

# 设置环境变量
ENV DEBIAN_FRONTEND=noninteractive \
    TZ=Asia/Shanghai \
    ENCRYPTION_PASSWORD=ChangeMe123! \
    SFTP_USER=wen \
    SFTP_PASSWORD=Aa123456 \
    VOLUME_SIZE_GB=5

# 1. 配置阿里云镜像源
RUN echo "deb http://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware" > /etc/apt/sources.list && \
    echo "deb http://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.aliyun.com/debian-security bookworm-security main non-free non-free-firmware" >> /etc/apt/sources.list && \
    rm -rf /etc/apt/sources.list.d/*

# 2. 安装必要软件包
# 2. 安装必要软件包（仅新增 wireguard-tools、iproute2、iptables、kmod）
RUN apt-get update && apt-get install -y --no-install-recommends \
    apt-utils \
    openssh-server \
    openssh-sftp-server \
    cryptsetup \
    e2fsprogs \
    rsync \
    curl \
    nano \
    procps \
    net-tools \
    iputils-ping\
    # 新增 WireGuard 相关依赖包
    wireguard-tools \
    iproute2 \
    iptables \
    openresolv\
    kmod \
    && rm -rf /var/lib/apt/lists/*

# 3. 创建 SSH 运行目录和权限分离目录
RUN mkdir -p /run/sshd && \
    chmod 0755 /run/sshd
    
# 3. 创建用户和目录
RUN useradd -m -s /bin/bash ${SFTP_USER} && \
    echo "${SFTP_USER}:${SFTP_PASSWORD}" | chpasswd && \
    mkdir -p /home/${SFTP_USER}/.ssh && \
    chown -R ${SFTP_USER}:${SFTP_USER} /home/${SFTP_USER} && \
    chmod 700 /home/${SFTP_USER}/.ssh

# 4. 创建加密卷存储位置
RUN mkdir -p /encrypted-storage && \
    mkdir -p /mnt/encrypted-volume

# 5. 复制配置文件
COPY sshd_config /etc/ssh/sshd_config
COPY entrypoint.sh /entrypoint.sh

# 6. 设置权限
RUN chmod +x /entrypoint.sh && \
    chmod 600 /etc/ssh/sshd_config && \
    ssh-keygen -A

# 7. 暴露端口
EXPOSE 22

# 8. 设置入口点
#ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/sbin/sshd", "-D", "-e"]
#CMD ["sleep 1000000000"]
