# syntax=docker/dockerfile:1
FROM letsencrypt/boulder-tools:go1.25.5_2025-12-03 AS boulder-tools

FROM ubuntu:noble AS builder

RUN export DEBIAN_FRONTEND=noninteractive \
    && apt-get update \
    && apt-get install -y --no-install-recommends \
        ca-certificates \
        curl \
        gnupg \
    && install -m 0755 -d /etc/apt/keyrings \
    && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
    && chmod a+r /etc/apt/keyrings/docker.gpg \
    && echo \
        "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
        "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
        tee /etc/apt/sources.list.d/docker.list > /dev/null \
    && apt-get update \
    && apt-get install -y --no-install-recommends \
        docker-ce \
        docker-ce-cli \
        containerd.io \
        docker-compose-plugin \
    && dcver=$(docker compose version | grep v2.19 | wc -l) \
    && if [ "$dcver" != "0" ]; then \
            dc18=$(apt list docker-compose-plugin -a 2>/dev/null | grep 2.18 | cut -d ' ' -f 2); \
            apt install -y --allow-downgrades docker-compose-plugin=${dc18}; \
        fi \
    && rm -rf /var/lib/apt/lists/*

FROM ubuntu:noble

RUN export DEBIAN_FRONTEND=noninteractive \
    && apt update \
    && apt install -y --no-install-recommends --reinstall software-properties-common \
    && add-apt-repository -y ppa:deadsnakes/ppa \
    && apt-get update \
    && apt-get install -y --no-install-recommends \
        ca-certificates \
        cron \
        curl \
        python3.10-venv \
        softhsm2 \
        tzdata \
        ucspi-tcp \
    && python3.10 -m venv /opt/certbot \
    && /opt/certbot/bin/pip install --upgrade pip \
    && /opt/certbot/bin/pip install certbot \
    && ln -sf /opt/certbot/bin/certbot /usr/bin/certbot \
    && rm -rf /var/lib/apt/lists/*

COPY --from=boulder-tools /usr/local/bin/minica /usr/local/bin/minica

COPY --from=builder /usr/bin/docker /usr/bin/docker
COPY --from=builder /usr/libexec/docker/cli-plugins/docker-compose /usr/libexec/docker/cli-plugins/docker-compose

COPY tmp/backup /opt/labca/
COPY tmp/checkcrl /opt/labca/
COPY tmp/checkrenew /opt/labca/
COPY tmp/commander /opt/labca/
COPY tmp/control.sh /opt/labca/
COPY tmp/cron_d /opt/labca/
COPY tmp/renew /opt/labca/
COPY tmp/restore /opt/labca/
COPY tmp/utils.sh /opt/labca/
COPY tmp/src/labca /opt/staging/boulder_labca
COPY tmp/admin/apply-boulder /opt/labca/
COPY tmp/admin/apply /opt/labca/
COPY tmp/labca-gui /opt/labca/bin/

COPY tmp/admin/static /opt/staging/static
COPY tmp/admin/data /opt/staging/data
COPY tmp/nginx.conf /opt/staging/
COPY tmp/proxy.inc /opt/staging/
COPY tmp/admin/apply-nginx /opt/labca/

COPY tmp/bin/boulder /opt/boulder/bin/

RUN mkdir /opt/logs