FROM rust:1.90.0-trixie AS builder

RUN apt update -y && apt install -y libxkbcommon-dev

COPY fönster /fönster

WORKDIR /fönster

RUN cargo build -r

FROM debian:trixie-slim

RUN apt update -y && apt install -y dropbear libxkbcommon-dev

# passwd: lösenord
RUN useradd -p '$y$j9T$fT1ViPhnhUaAkijJ2KTeD/$0TY8GZ4Jtx4RVKZLhnZsakh4YNP1ZB8PUt.H20QjSbA' -m user 
RUN chown -R user:user /home/user

COPY entrypoint.sh /
COPY --from=builder /fönster/target/release/fönster /

RUN chown root:root /fönster && \
    chmod 555 /fönster /entrypoint.sh

# Paranoid sanity checks, don't worry about those.
RUN find / -ignore_readdir_race -type f \( -perm -4000 -o -perm -2000 \) -delete || true
USER user
RUN ! find / -writable -or -user $(id -un) -or -group $(id -Gn|sed -e 's/ / -or -group /g') 2> /dev/null | grep -Ev -m 1 '^(/dev|/run|/proc|/sys|/tmp|/var/tmp|/var/lock|/var/mail|/var/spool/mail|/home/user)(/|$)'
USER root

EXPOSE 443
CMD ["bash", "entrypoint.sh"]
