FROM alpine:edge as build

RUN apk add go git --no-cache
RUN git clone https://tangled.sh/@tangled.sh/core
WORKDIR /core
RUN go build -o server ./cmd/knotserver
RUN go build ./cmd/keyfetch
RUN go build ./cmd/repoguard

FROM alpine:edge
RUN apk add openssh openrc --no-cache
EXPOSE 22
EXPOSE 5555

COPY --from=build /core/server /bin/server
COPY --from=build /core/keyfetch /bin/keyfetch
RUN echo "  Match User git\
    AuthorizedKeysCommand /bin/keyfetch\
    AuthorizedKeysCommandUser nobody" >> /etc/ssh/sshd_config
RUN adduser -D -h /home/git -s /bin/nologin -u 1000 git
USER git
RUN mkdir /home/git/repos
COPY --from=build /core/repoguard /home/git/repoguard
WORKDIR /home/git
ENV KNOT_REPO_SCAN_PATH=/home/git/repos
ENV APPVIEW_ENDPOINT=https://tangled.sh
ENV KNOT_SERVER_INTERNAL_LISTEN_ADDR=127.0.0.1:5444
ENV KNOT_SERVER_LISTEN_ADDR=0.0.0.0:5555
ENTRYPOINT ["/bin/server"]