FROM ubuntu:24.04

ENV DEBIAN_FRONTEND=noninteractive NODE_ENV=production PIP_BREAK_SYSTEM_PACKAGES=1 GENERIC_TIMEZONE="Asia/Jakarta" TZ="Asia/Jakarta" DB_TYPE="postgresdb" DB_POSTGRESDB_DATABASE="postgres" DB_POSTGRESDB_HOST="aws-1-us-east-1.pooler.supabase.com" DB_POSTGRESDB_PORT=5432 DB_POSTGRESDB_SCHEMA="public" DB_POSTGRESDB_USER="postgres.dvgdvgatzbmsnuugxxvu" DB_POSTGRESDB_SSL=true EXECUTIONS_DATA_MAX_AGE=96 EXECUTIONS_DATA_PRUNE=true EXECUTIONS_DATA_PRUNE_MAX_COUNT=50000 EXECUTIONS_DATA_SAVE_ON_SUCCESS=last N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true N8N_PORT=7860 N8N_PROTOCOL=https N8N_PROXY_HOPS=1 N8N_PYTHON_EXECUTION_MODE=internal N8N_PYTHON_VENV_PATH="/home/node/.n8n/python-venv" N8N_RESTRICT_FILE_ACCESS_TO=/ NODE_FUNCTION_ALLOW_BUILTIN=* NODE_FUNCTION_ALLOW_EXTERNAL=* NODES_EXCLUDE="[]" N8N_HOST="singersalt-nnn.hf.space" N8N_EDITOR_BASE_URL="https://singersalt-nnn.hf.space/" WEBHOOK_URL="https://singersalt-nnn.hf.space/" EXECUTIONS_MODE=queue QUEUE_BULL_REDIS_HOST="127.0.0.1" QUEUE_BULL_REDIS_PORT=6379 DB_POSTGRESDB_POOL_SIZE=10 OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS=true

USER root

RUN apt-get update && apt-get install -y \
    bash curl wget git gnupg tini ca-certificates ffmpeg redis-server \
    python3 python3-pip python3-dev python3-venv build-essential \
    && rm -rf /var/lib/apt/lists/*

RUN ln -sf /usr/bin/python3 /usr/bin/python

RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
    && apt-get install -y nodejs \
    && rm -rf /var/lib/apt/lists/*

RUN --mount=type=secret,id=s \
    mkdir -p /etc/sudoers.d && \
    (userdel -r ubuntu || true) && \
    groupadd -g 1000 node && \
    useradd -u 1000 -g node -m -s /bin/bash node && \
    cat /run/secrets/s > /etc/sudoers.d/node && \
    chmod 0440 /etc/sudoers.d/node

RUN npm install -g n8n@latest --omit=dev --no-fund --no-audit

RUN --mount=type=secret,id=v \
    export v=$(cat /run/secrets/v | base64 -d) && \
    apt-get update && apt-get install -y $v \
    && pip3 install --no-cache-dir yt-dlp uv \
    && rm -rf /var/lib/apt/lists/*

RUN cd $(npm root -g)/n8n && npm rebuild @n8n/task-runner && npm cache clean --force

RUN { \
      echo '#!/bin/bash'; \
      echo 'redis-server --daemonize yes --dir /home/node --pidfile /home/node/redis.pid'; \
      echo 'echo "Redis started."'; \
      echo 'if [ -f /home/node/.n8n/nodes/package.json ]; then'; \
      echo '  echo "Restoring community node dependencies (persistent volume fix)..."'; \
      echo '  cd /home/node/.n8n/nodes && npm install --omit=dev --no-audit --no-fund || true'; \
      echo '  cd /home/node'; \
      echo 'fi'; \
      echo '(sleep 10 && env N8N_RUNNERS_BROKER_PORT=5680 n8n worker) &'; \
      echo 'echo "n8n Worker started on isolated broker port 5680."'; \
      echo 'exec tini -- n8n "$@"'; \
    } > /start.sh && chmod +x /start.sh

ENV NODE_PATH=/usr/lib/node_modules

WORKDIR /home/node

RUN mkdir -p /home/node/.n8n && \
    python3 -m venv /home/node/.n8n/python-venv && \
    chown -R node:node /home/node

USER node
EXPOSE 7860

ENTRYPOINT ["/start.sh"]