# This Dockerfile sets up a simple SSH server for hosting git repositories. It installs the necessary packages, creates the required directories, and configures SSH to allow access using authorized keys.

# Start with a base Debian image
FROM debian:13.4

# Install dependencies and clean up apt cache to reduce image size
RUN apt-get update && apt-get install -y --no-install-recommends \
    openssh-server \
    git \
    cron \
    && rm -rf /var/lib/apt/lists/*

# Create the privilage separation directory as openssh-server post-install script doesn't do it in docker build context
RUN mkdir -p /var/run/sshd

# Create a git user and set up the home directory
RUN useradd -m -s /bin/bash git

# Create the repositories directory and set appropriate permissions
RUN mkdir -p /repositories && chown git:git /repositories

# Disallow password authentication for security reasons
RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config

# Copy the entrypoint script into the container
COPY entrypoint.bash /

# Copy cron jobs
COPY etc/cron.d/* /etc/cron.d/

# Set appropriate permissions for the cron jobs
RUN chmod 0644 /etc/cron.d/*

# Copy scripts
COPY scripts/* /scripts/

# Set appropriate permissions for the scripts
RUN chmod +x /scripts/*

# Copy git home overlay
COPY home/git/* /home/git/

# Copy git-wrapper
COPY usr/local/bin/git-wrapper /usr/local/bin/git-wrapper

# Set appropriate permissions for the git-wrapper
RUN chmod +x /usr/local/bin/git-wrapper

# Add our git-wrapper to a new Match block in the sshd_config
RUN echo "Match User git" >> /etc/ssh/sshd_config && \
    echo "    ForceCommand /usr/local/bin/git-wrapper" >> /etc/ssh/sshd_config

# Make the entrypoint script executable
RUN chmod +x /entrypoint.bash

# Expose port 22 for SSH access
EXPOSE 22

# Define our entrypoint
ENTRYPOINT [ "/entrypoint.bash" ]