# Use the latest Ubuntu image
FROM ubuntu:focal

# Set environment variable to avoid interactive prompts
ENV DEBIAN_FRONTEND=noninteractive

# Set timezone to your desired timezone (e.g., "America/New_York")
#RUN ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime && \
#    echo "India/Kolkata" > /etc/timezone

# Update package list, install required packages, and clean up
RUN apt-get update && \
    apt-get install -y \
    ufw\
    sudo\
    bash \
    passwd\
    sshpass\
    python3\
    keychain\
    net-tools\
    python3-pip\
    python3-venv\
    openssh-server &&\
    apt clean && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# Create the 'admin' user with home directory and password, and 'administrator' group
#RUN useradd -m -s /bin/bash admin && \
#    echo 'admin:password' | chpasswd && \
#    useradd -m -s /bin/bash ubuntu && \
#    echo 'ubuntu:password' | chpasswd && \
#    groupadd administrator && \
#    usermod -aG administrator,sudo admin && \
#    usermod -aG administrator,sudo ubuntu

# Create the 'admin' and 'ubuntu' users with home directories and passwords, and add them to the 'sudo' group
#RUN groupadd -r admin && useradd -r -g users admin && \
#    echo 'admin:password' | chpasswd && \
#    echo 'ubuntu:password' | chpasswd && \

RUN useradd -m -u 1000 admin && \
    echo "admin:password" | chpasswd &&\
    usermod -aG sudo admin && \
    echo "admin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers 

    
#ENV HOME =/home/admin &&\
#    PATH =/home/admin/.local/bin:$PATH
#    usermod -aG sudo admin && \
#    echo "admin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers 

#RUN id -u ubuntu &>/dev/null || useradd -m -s /bin/bash ubuntu && \
#    usermod -aG sudo ubuntu && \
#    echo "ubuntu:password" | chpasswd && \
#    echo "ubuntu ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
    
#RUN echo "password" | su - ubuntu -c "whoami"

# Copy the application code to the container
COPY . /app

# Create necessary directories and set permissions
#RUN mkdir -p /var/run/sshd /app /app/users/sshs /app/ssh && \
#    chmod -R 777 /app 
    # chmod -R 777 /home/admin/.ssh && \
    #cp /app/ssh_config /home/admin/.ssh/config
    #touch /etc/sudoers

# Grant full sudo access to the 'administrator' group
#RUN sed -i 's/Defaults !requiretty/Defaults requiretty/' /etc/sudoers && \
#    echo 'admin ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
#    echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
#RUN echo "%administrator ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# Generate SSH host keys
#RUN ssh-keygen -A &&\
#    sudo ufw allow 2222/tcp

#RUN sudo ufw disable
RUN cp /app/sshd_config /etc/ssh/sshd_config # && cat /etc/ssh/sshd_config
    
RUN chmod -R 755 /etc/ssh/* &&\
    rm -f /etc/ssh/ssh_host_rsa_* && \
    rm -f /etc/ssh/ssh_host_ecdsa_* && \
    rm -f /etc/ssh/ssh_host_ed25519_* && \
    rm -f /etc/ssh/ssh_known_* && \
    touch  /etc/ssh/ssh_known_hosts
    
    

RUN yes y | ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N "" && \
    yes y | ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N "" && \
    yes y | ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" && \
    ssh-keygen -Hf /etc/ssh/ssh_known_hosts && \
    chmod -R 755 /etc/ssh/* && \
    echo " Public Key $(cat /etc/ssh/ssh_host_rsa_key.pub)" && \
    echo " Private Key $(cat /etc/ssh/ssh_host_rsa_key)" 
    
    #ssh-keyscan -p 2222 0.0.0.0 >> /etc/ssh/ssh_known_hosts
    
    
# Secure SSH Configuration
#RUN sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config && \
#    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config && \
#    sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && \
#    sed -i 's/#UsePAM yes/UsePAM no/' /etc/ssh/sshd_config && \
#    sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config && \
#    echo "AllowUsers *" >> /etc/ssh/sshd_config && \
#    echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config && \
#    echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config && \
#    echo "AuthorizedKeysFile .ssh/authorized_keys" >> /etc/ssh/sshd_config && \



# Copy all the contents of /etc/ssh to /app/ssh
#RUN mkdir -p /app/ssh && cp -r /etc/ssh/* /app/ssh


# Set the permissions for the SSH keys
#RUN chmod 777 /etc/ssh/ssh_* && \
#    touch /app/ssh/ssh_known_hosts && \
#    chmod 777 /app/ssh/ssh_* && \
#    chmod 777 /home

# List contents of /etc/ssh and /app/ssh
RUN ls -la /etc/ssh/ # && ls -l /app/ssh/

# Install WebSSH
RUN python3 -m venv /app/WebSSHEnv && \
    /app/WebSSHEnv/bin/pip install --no-cache-dir --upgrade pip && \
    /app/WebSSHEnv/bin/pip install --no-cache-dir -r /app/WebSSH/requirements.txt && \
    /app/WebSSHEnv/bin/pip list 
    
# Expose the new SSH port
EXPOSE 2222

EXPOSE 7860

RUN chmod -R 777 /app

USER admin
WORKDIR /home/admin


# Generate SSH keys
#RUN ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N "" -y && \
#    ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N "" -y && \
#    ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" -y
    

# Copy the start.sh script
#RUN chmod 777 /app/venv/lib/python3.12/site-packages/
#RUN touch /app/venv/lib/python3.12/site-packages/known_hosts
#RUN chmod 777 /app/venv/lib/python3.12/site-packages/known_hosts

#CMD [ "/usr/sbin/sshd -p 2222 &&","source /app/venv/bin/activate &&","wssh --address='0.0.0.0' --port=7860 --xsrf=False --debug=True --maxconn=4 --policy=autoadd"]


ENTRYPOINT ["/app/start.sh"]