FROM docker.io/library/python:3.11-slim
RUN set -ex; \
    export DEBIAN_FRONTEND=noninteractive; \
    apt-get update; \
    apt-get install --no-install-recommends -y \
        curl \
    ; \
    rm -rf /var/lib/apt/lists/*

# UID and GID might be read-only values, so use non-conflicting ones
ARG CONTAINER_UID="${CONTAINER_UID:-1000}"
ARG CONTAINER_GID="${CONTAINER_GID:-1000}"
ENV APP="tailscalesd"
ENV APP_BASE="/srv"
RUN set -ex; \
    groupadd -r -g ${CONTAINER_GID} ${APP}; \
    useradd --no-log-init -r -u ${CONTAINER_UID} -g ${APP} ${APP}; \
    mkdir -p /home/${APP} && chown -R ${APP}. /home/${APP}; \
    mkdir -p ${APP_BASE}/${APP}; \
    chown ${APP}. ${APP_BASE}/${APP};

COPY --chmod=0774 docker/entrypoint.sh /entrypoint.sh
USER ${APP}

WORKDIR ${APP_BASE}/${APP}
COPY --chown=${APP}:${APP} requirements.frozen.txt requirements.frozen.txt
RUN pip3 install -r requirements.frozen.txt
COPY --chown=${APP}:${APP} tailscalesd tailscalesd

ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
USER ${APP}
ARG APP_VERSION
ENV APP_VERSION="${APP_VERSION}"