# Particle-OS Server Containerfile
# Builds on the minimal image and adds server-specific packages
# This creates the Phase 2 deliverable: Debian CoreOS equivalent

FROM particle-os:minimal

# Install server-specific packages
RUN apt-get update && apt-get install -y \
    # SSH server
    openssh-server \
    # Web-based management
    cockpit \
    cockpit-system \
    cockpit-networkmanager \
    # Network utilities
    iptables \
    ufw \
    # Monitoring tools
    htop \
    iotop \
    # Additional server utilities
    rsync \
    screen \
    tmux \
    # Server-specific OSTree packages
    ostree-grub2 \
    && rm -rf /var/lib/apt/lists/*

# Configure SSH
RUN mkdir -p /var/run/sshd && \
    echo "PermitRootLogin yes" >> /etc/ssh/sshd_config && \
    echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config

# Configure Cockpit
RUN systemctl enable cockpit.socket && \
    systemctl enable ssh

# Set up firewall
RUN ufw --force enable && \
    ufw allow ssh && \
    ufw allow 9090/tcp  # Cockpit

# Update OSTree configuration for server variant
RUN echo "OSTREE_OSVARIANT=server" >> /etc/ostree/ostree.conf && \
    echo "OSTREE_SERVICES=ssh,cockpit" >> /etc/ostree/ostree.conf

# Create server-specific OSTree deployment structure
RUN mkdir -p /sysroot/ostree/deploy/particle-os/server/deploy && \
    mkdir -p /sysroot/ostree/deploy/particle-os/server/var && \
    mkdir -p /sysroot/ostree/deploy/particle-os/server/usr

# Set up server-specific systemd services
RUN systemctl enable ssh && \
    systemctl enable cockpit.socket

# Label the image with OSTree-compliant labels
LABEL org.opencontainers.image.title="Particle-OS Server"
LABEL org.opencontainers.image.description="Server-focused Debian immutable OS"
LABEL org.opencontainers.image.version="0.1.0"
LABEL org.opencontainers.image.vendor="Particle-OS Project"
LABEL org.opencontainers.image.source="https://github.com/your-org/particle-os"
LABEL org.opencontainers.image.revision="0.1.0"
LABEL org.opencontainers.image.created="2024-01-01T00:00:00Z"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.ref.name="particle-os-server"
LABEL org.opencontainers.image.ostree.osname="particle-os"
LABEL org.opencontainers.image.ostree.osversion="0.1.0"
LABEL org.opencontainers.image.ostree.osvariant="server"

# Expose ports
EXPOSE 22 9090

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD systemctl is-system-running && systemctl is-active ssh && systemctl is-active cockpit.socket || exit 1

# Default command
CMD ["/bin/bash"]