# syntax=docker/dockerfile:1
FROM python:3.13-slim

# Install SSH client
RUN apt-get update && apt-get install -y --no-install-recommends \
    openssh-client \
    && rm -rf /var/lib/apt/lists/*

# Install uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

# Set working directory
WORKDIR /app

# Copy dependency files first for better caching
COPY pyproject.toml uv.lock ./

# Install dependencies
RUN uv sync --frozen --no-dev

# Copy application code
COPY cf_bouncer.py api_server.py cfb ./

# Create directories for backups and logs
RUN mkdir -p /root/cf-bouncer-manager/backups

# SSH key mount point
VOLUME ["/root/.ssh"]

# Environment variables for SSH connection (2 servers)
# Bouncer server (crowdsec-cloudflare-worker-bouncer)
ENV CFB_BOUNCER_HOST=""
ENV CFB_BOUNCER_PORT="22"
ENV CFB_BOUNCER_USER="root"
ENV CFB_BOUNCER_KEY=""

# CrowdSec server
ENV CFB_CROWDSEC_HOST=""
ENV CFB_CROWDSEC_PORT="22"
ENV CFB_CROWDSEC_USER="root"
ENV CFB_CROWDSEC_KEY=""

# API server settings
ENV CFB_API_HOST="0.0.0.0"
ENV CFB_API_PORT="8000"

# Expose API port
EXPOSE 8000

# Default: CLI mode
# For API server mode, use: --entrypoint uvicorn ... api_server:app
ENTRYPOINT ["uv", "run", "python", "cf_bouncer.py"]
CMD ["--help"]