FROM debian:12-slim

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y \
    openssh-server \
    curl \
    wget \
    sudo \
    iproute2 \
    iptables \
    ca-certificates \
    procps \
    net-tools \
    vim \
    nano \
    htop \
    git \
    unzip \
    gnupg \
    lsb-release \
    nginx \
    && rm -rf /var/lib/apt/lists/*

RUN curl -fsSL https://tailscale.com/install.sh | sh

RUN mkdir -p /run/sshd /var/run/tailscale /var/lib/tailscale /var/cache/tailscale

RUN echo 'root:root' | chpasswd

RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config && \
    sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config

RUN cat > /etc/nginx/sites-available/default << 'EOF'
server {
    listen 7860;
    root /var/www/html;
    index index.html;
    location / {
        try_files $uri $uri/ =404;
    }
}
EOF

RUN echo '<h1>vps-container</h1>' > /var/www/html/index.html

RUN cat > /entrypoint.sh << 'EOF'
#!/bin/bash
set -e
AUTH_KEY="${TAILSCALE_AUTH_KEY:-tskey-auth-kgZytga7Zg11CNTRL-epGREyt4LXVPA5pEq1vCYV7SuKt8pVLqT}"
HOSTNAME="${CONTAINER_HOSTNAME:-vps-container1}"

/usr/sbin/sshd
nginx -g 'daemon off;' &

tailscaled --tun=userspace-networking --statedir=/var/lib/tailscale &
TAILSCALED_PID=$!
sleep 2

tailscale up --auth-key="$AUTH_KEY" --hostname="$HOSTNAME" --accept-routes

echo ""
echo "=== Container ready ==="
echo "Tailscale IP: $(tailscale ip -4 2>/dev/null)"
echo "SSH password: root"
echo "HTTP port   : 7860"
echo "======================="

wait $TAILSCALED_PID
EOF

RUN chmod +x /entrypoint.sh

EXPOSE 22 7860

ENTRYPOINT ["/entrypoint.sh"]