FROM ubuntu:22.04

ENV DEBIAN_FRONTEND=noninteractive
ENV PATH="/usr/local/bin:${PATH}"

# Install required dependencies
RUN apt-get update && apt-get install -y \
    curl gnupg2 sudo lsb-release iproute2 \
    python3 python3-pip python3-venv \
    ca-certificates iputils-ping \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Install Tailscale
RUN curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | tee /usr/share/keyrings/tailscale-archive-keyring.gpg > /dev/null \
 && curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list \
 | sed 's/^deb /deb [signed-by=\/usr\/share\/keyrings\/tailscale-archive-keyring.gpg] /' \
 | tee /etc/apt/sources.list.d/tailscale.list \
 && apt-get update \
 && apt-get install -y tailscale \
 && apt-get clean && rm -rf /var/lib/apt/lists/*

# Create Draco user
RUN useradd -m -u 1000 -s /bin/bash Draco \
 && echo "Draco ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/draco \
 && chmod 0440 /etc/sudoers.d/draco

USER Draco
WORKDIR /home/Draco

# Start tailscaled silently in userspace mode, bring up with auth key, and run web server
CMD tailscaled --tun=userspace-networking --socks5-server=localhost:1055 > /dev/null 2>&1 & \
 && sleep 2 \
 && tailscale up --authkey=tskey-auth-krBh6cJ4GS11CNTRL-Ys653FbsA8VzjZbm7CdD8Vy4C1iCpmh2 --ssh --netfilter-mode=off > /dev/null 2>&1 \
 && python3 -m http.server 7860