# ====== Stage 1: Builder image ======
FROM fedora:latest AS builder

RUN dnf update -y && dnf install -y git golang

RUN git clone https://github.com/rfjakob/gocryptfs.git

WORKDIR /gocryptfs

RUN ./build-without-openssl.bash

# ====== Stage 2: Server image ======
FROM quay.io/fedora/fedora-silverblue:42

COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs

# Set up custom SELinux policies
#COPY synapse.te /tmp/synapse.te
#COPY benZfsSnapshotAutomount.te /tmp/benZfsSnapshotAutomount.te
#RUN checkmodule -M -m -o /tmp/synapse.mod /tmp/synapse.te \
#    && semodule_package -o /tmp/synapse.pp -m /tmp/synapse.mod \
#    && semodule -r synapse || true \
#    && semodule -i /tmp/synapse.pp \
#    && rm -f /tmp/synapse.{te,mod,pp} \
#    && checkmodule -M -m -o /tmp/benZfsSnapshotAutomount.mod /tmp/benZfsSnapshotAutomount.te \
#    && semodule_package -o /tmp/benZfsSnapshotAutomount.pp -m /tmp/benZfsSnapshotAutomount.mod \
#    && semodule -r benZfsSnapshotAutomount || true \
#    && semodule -i /tmp/benZfsSnapshotAutomount.pp \
#    && rm -f /tmp/benZfsSnapshotAutomount.{te,mod,pp}


# Install ZFS repository
RUN dnf install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-2-8$(rpm --eval "%{dist}").noarch.rpm && \
    # cleanup and verification stage
    dnf clean all

# Install ZFS build deps
RUN dnf install -y \
    kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \
    # cleanup and verification stage
    dnf clean all

# TODO: Remove the following line once this bug is fixed: https://github.com/coreos/rpm-ostree/issues/4201
RUN test -f /usr/bin/ld || ln -s /usr/bin/ld.bfd /usr/bin/ld

# Install zfs
RUN dnf install -y zfs && \
    dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') \
    && dnf clean all

# TODO: Remove the following line once this bug is fixed: https://github.com/coreos/rpm-ostree/issues/4201
RUN test -h /usr/bin/ld && rm -v /usr/bin/ld

# Install zrepl repository
COPY zrepl.asc /var/roothome/zrepl.asc
RUN rpm --import /var/roothome/zrepl.asc
COPY zrepl.repo /etc/yum.repos.d/zrepl.repo

# Install smallstep repository
COPY smallstep.repo /etc/yum.repos.d/smallstep.repo

RUN dnf install -y \
    ansible \
    borgbackup \
    certbot \
    distrobox \
    fail2ban \
    fuse-encfs \
    fuse-sshfs \
    hddtemp \
    htop \
    iftop \
    iotop \
    ipmitool \
    libvirt \
    lm_sensors \
    net-tools \
    netcat \
    nginx \
    nut \
    pv \
    python3-certbot-nginx \
    qemu-kvm \
    rclone \
    screen \
    smartmontools \
    step-cli \
    strace \
    stress-ng \
    telnet \
    vim \
    zrepl-v0.6.0-1.x86_64

# Cleanup image for linting
RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \
    test -f /usr/lib/sysusers.d/qat.conf || echo -e 'g qat 995' > /usr/lib/sysusers.d/qat.conf

# Cleanup image for linting
RUN rm -rf /var && mkdir /var && \
    rm -rf /boot && mkdir /boot

# Verify image is good
RUN bootc container lint --fatal-warnings --skip baseimage-composefs

