# Dockerfile — coturn + playit (Option 1, noninteractive install)
FROM coturn/coturn:edge-debian

# Build args (change if upstream playit repo changes)
ARG PLAYIT_GPG_URL="https://playit-cloud.github.io/ppa/key.gpg"
ARG PLAYIT_APT_LINE="deb [signed-by=/etc/apt/trusted.gpg.d/playit.gpg] https://playit-cloud.github.io/ppa/data ./"

# Set timezone and noninteractive frontend to avoid debconf prompts
ENV DEBIAN_FRONTEND=noninteractive \
    TZ=Etc/UTC \
    LANG=C.UTF-8

USER root

# Install required packages, add playit apt repo, install playit package
RUN set -eux; \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        apt-transport-https \
        ca-certificates \
        curl\
        socat\
        gnupg \
        tzdata \
        dirmngr \
        net-tools \
        gettext-base \
    ; \
    # ensure tzdata doesn't prompt (already set TZ env); configure timezone non-interactively
    ln -fs /usr/share/zoneinfo/$TZ /etc/localtime; \
    dpkg-reconfigure --frontend noninteractive tzdata || true; \
    # prepare apt trusted key location
    mkdir -p /etc/apt/trusted.gpg.d; \
    # fetch playit GPG key and dearmor it for apt
    curl -fsSL "${PLAYIT_GPG_URL}" -o /tmp/playit.key.gpg; \
    gpg --dearmor --batch --yes -o /etc/apt/trusted.gpg.d/playit.gpg /tmp/playit.key.gpg; \
    rm -f /tmp/playit.key.gpg; \
    # add apt source list
    echo "${PLAYIT_APT_LINE}" > /etc/apt/sources.list.d/playit-cloud.list; \
    apt-get update; \
    # Install playit, telling dpkg to accept default config answers if asked
    apt-get install -y --no-install-recommends -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" playit; \
    # cleanup apt caches
    apt-get clean; \
    rm -rf /var/lib/apt/lists/* /tmp/*
    
# COPY --chown=root rule.p1 /etc/iptables/rules.v4

# Create non-root user and runtime dirs
RUN useradd -m -u 1000 appuser || true; \
    mkdir -p /etc/coturn /var/lib/coturn /home/appuser/app; \
    chown -R appuser:appuser /home/appuser /var/lib/coturn

WORKDIR /home/appuser/app

# Copy optional local coturn config; prefer mounting at runtime for secrets
COPY turnserver.conf /etc/coturn/turnserver.conf

# Copy entrypoint (make sure you have entrypoint.sh in build context)
COPY init.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh

# Expose typical ports
# EXPOSE 3478/tcp 3478/udp 5349/tcp 5349/udp 7860/tcp

EXPOSE 7860 42656 5349 50000-50010/udp 

USER root
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
#CMD ["echo", "All Started"]
# CMD ["turnserver", "-c", "/etc/coturn/turnserver.conf", "--listening-port=7860","--tls-listening-port=5349","--user=myuser:mypassword","--log-file=stdout","--simple-log", "--no-cli", "--log-file=stdout"]