FROM ubuntu:22.04

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y --no-install-recommends \
    nginx \
    php8.1-fpm \
    php8.1-mysql \
    php8.1-ldap \
    php8.1-xml \
    php8.1-mbstring \
    openssh-server \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Configure SSH
RUN mkdir /var/run/sshd && \
    echo 'PermitRootLogin no' >> /etc/ssh/sshd_config && \
    echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

# Create app users
{% for user in users %}
RUN useradd -m -s /bin/bash {{ user.username | shell_quote }} && \
    echo {{ (user.username ~ ':' ~ user.password) | shell_quote }} | chpasswd
{% endfor %}

# Copy nginx config
COPY nginx.conf /etc/nginx/sites-available/default

# Set up web root
RUN mkdir -p /var/www/portal/admin /var/www/portal/api /var/www/portal/reports

# Create flag files (if any are on this host)
{% for flag in flags %}
{% if flag.host == 'web' and '/' in flag.path %}
RUN mkdir -p $(dirname {{ flag.path | shell_quote }}) && \
    echo {{ flag.value | shell_quote }} > {{ flag.path | shell_quote }}
{% endif %}
{% endfor %}

# Logging
RUN mkdir -p /var/log/app && \
    ln -sf /var/log/app/access.log /var/log/nginx/access.log && \
    ln -sf /var/log/app/error.log /var/log/nginx/error.log

EXPOSE 80 443 22

CMD service ssh start && \
    service php8.1-fpm start && \
    nginx -g 'daemon off;'