# ====== Stage 1: Builder image ======
FROM fedora:latest AS builder

RUN dnf update -y && dnf install -y git golang

RUN git clone https://github.com/rfjakob/gocryptfs.git

WORKDIR /gocryptfs

RUN ./build-without-openssl.bash

# ====== Stage 2: Server image ======
FROM quay.io/fedora/fedora-silverblue:42

COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs

# Set up custom SELinux policies
COPY synapse.te /tmp/synapse.te
COPY benZfsSnapshotAutomount.te /tmp/benZfsSnapshotAutomount.te
RUN checkmodule -M -m -o /tmp/synapse.mod /tmp/synapse.te \
    && semodule_package -o /tmp/synapse.pp -m /tmp/synapse.mod \
    && semodule -r synapse || true \
    && semodule -i /tmp/synapse.pp \
    && rm -f /tmp/synapse.{te,mod,pp} \
    && checkmodule -M -m -o /tmp/benZfsSnapshotAutomount.mod /tmp/benZfsSnapshotAutomount.te \
    && semodule_package -o /tmp/benZfsSnapshotAutomount.pp -m /tmp/benZfsSnapshotAutomount.mod \
    && semodule -r benZfsSnapshotAutomount || true \
    && semodule -i /tmp/benZfsSnapshotAutomount.pp \
    && rm -f /tmp/benZfsSnapshotAutomount.{te,mod,pp}


# Install ZFS repository
RUN rpm-ostree install https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-2-8$(rpm --eval "%{dist}").noarch.rpm && \
    # cleanup and verification stage
    rm -vrf /var /*.rpm && \
    ostree container commit

# Install ZFS build deps
RUN rpm-ostree install \
    kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \
    # cleanup and verification stage
    rm -vrf /var && \
    ostree container commit

# TODO: Remove the following line once this bug is fixed: https://github.com/coreos/rpm-ostree/issues/4201
RUN test -f /usr/bin/ld || ln -s /usr/bin/ld.bfd /usr/bin/ld

# Install zfs
RUN rpm-ostree install zfs && \
    dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
    # cleanup and verification stage
    rm -vrf /var && \
    ostree container commit

# TODO: Remove the following line once this bug is fixed: https://github.com/coreos/rpm-ostree/issues/4201
RUN test -h /usr/bin/ld && rm -v /usr/bin/ld

# Install zrepl repository
COPY zrepl.asc /var/roothome/zrepl.asc
RUN rpm --import /var/roothome/zrepl.asc
COPY zrepl.repo /etc/yum.repos.d/zrepl.repo

# Install smallstep repository
COPY smallstep.repo /etc/yum.repos.d/smallstep.repo

RUN rpm-ostree install \
    ansible \
    borgbackup \
    certbot \
    distrobox \
    fail2ban \
    fuse-encfs \
    fuse-sshfs \
    hddtemp \
    htop \
    iftop \
    iotop \
    ipmitool \
    libvirt \
    lm_sensors \
    net-tools \
    netcat \
    nginx \
    nut \
    ostree-grub2 \
    pv \
    python3-certbot-nginx \
    qemu-kvm \
    rclone \
    screen \
    smartmontools \
    step-cli \
    strace \
    stress-ng \
    telnet \
    vim \
    zrepl-v0.6.0-1.x86_64 \
    && rm -vrf /var && ostree container commit