FROM opensuse/leap:15.1
LABEL maintainer="stephane.lesimple+bastion@ovhcloud.com"

# cache builds efficiently: just copy the scripts to install packages first
COPY bin/admin/install-ttyrec.sh bin/admin/install-yubico-piv-checker.sh bin/admin/packages-check.sh /opt/bastion/bin/admin/
COPY lib/shell                                                                                       /opt/bastion/lib/shell/
RUN ["/opt/bastion/bin/admin/packages-check.sh","-i","-d","-s"]
RUN ["/opt/bastion/bin/admin/install-ttyrec.sh","-r"]
RUN ["/opt/bastion/bin/admin/install-yubico-piv-checker.sh","-r"]

# disable /dev/kmsg handling by syslog-ng and explicitly enable /dev/log
RUN test -e /etc/syslog-ng/syslog-ng.conf && \
    sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf

# at each modification of our code, we'll start from here thanks to build cache
COPY . /opt/bastion

# tests that the environment works
RUN ["/opt/bastion/bin/dev/perl-check.sh"]

# setup ssh/sshd config and setup bastion install
RUN ["/opt/bastion/bin/admin/install","--new-install","--no-wait"]

# start at entrypoint
ENTRYPOINT /opt/bastion/docker/entrypoint.sh

# TESTENV HAS_ED25519=1 HAS_BLACKLIST=0 HAS_MFA=0 HAS_PAMTESTER=0 HAS_PIV=1