FROM debian:bookworm-slim

ENV DEBIAN_FRONTEND=noninteractive
ENV HOME=/home/user
ENV PATH=/usr/local/bin:$HOME/.local/bin:$PATH

RUN apt-get update && apt-get install -y \
    curl wget git sudo vim nano unzip procps net-tools \
    netcat-openbsd build-essential cmake pkg-config python3 \
    nginx xz-utils bzip2 ca-certificates \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
    && apt-get install -y nodejs \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN npm install -g openclaw@latest --unsafe-perm

RUN wget https://github.com/tsl0922/ttyd/releases/download/1.7.7/ttyd.x86_64 -O /usr/bin/ttyd \
    && chmod +x /usr/bin/ttyd

RUN wget https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.6.0/oauth2-proxy-v7.6.0.linux-amd64.tar.gz \
    && tar -xzvf oauth2-proxy-v7.6.0.linux-amd64.tar.gz \
    && mv oauth2-proxy-v7.6.0.linux-amd64/oauth2-proxy /usr/bin/ \
    && chmod +x /usr/bin/oauth2-proxy \
    && rm -rf oauth2-proxy-v7.6.0.linux-amd64*

RUN useradd -m -u 1000 -s /bin/bash user \
    && echo "user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers \
    && mkdir -p /var/log/nginx /var/lib/nginx /run/nginx /var/www/html/theme \
    && chown -R user:user /var/log/nginx /var/lib/nginx /run/nginx /etc/nginx /var/www/html /home/user

COPY --chown=user:user nginx.conf /etc/nginx/nginx.conf
COPY --chown=user:user start.sh /home/user/start.sh
COPY --chown=user:user sign_in.html /var/www/html/theme/sign_in.html

RUN chmod +x /home/user/start.sh

USER user
WORKDIR /home/user
EXPOSE 7860

CMD ["./start.sh"]