FROM alpine:latest

# Core packages (Alpine equivalents)
RUN apk update && apk add --no-cache \
        openssh \
        sudo \
        ca-certificates \
        git \
        curl wget \
        vim nano \
        htop \
        build-base \
        fastfetch

# Create 'micro' user with UID 1000 and primary group 'micro'
RUN addgroup -g 1000 micro && \
    adduser -D -u 1000 -G micro -s /bin/sh micro && \
    echo "micro:ChangeMe123" | chpasswd

# Create sudo group and add micro to it
RUN addgroup -S sudo && \
    adduser micro sudo && \
    # Enable sudo for %sudo group in /etc/sudoers
    sed -i 's/# %sudo/%sudo/' /etc/sudoers

# Prepare .ssh directory
RUN mkdir -p /home/micro/.ssh && \
    chown -R micro:micro /home/micro && \
    chmod 700 /home/micro/.ssh

# SSH server config: key-only login, use ~/.ssh/authorized_keys
RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config || true && \
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config || true && \
    sed -i 's/#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config || true && \
    sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config || true && \
    sed -i 's|#AuthorizedKeysFile.*|AuthorizedKeysFile .ssh/authorized_keys|' /etc/ssh/sshd_config || true && \
    echo 'UsePAM no' >> /etc/ssh/sshd_config

# sshd runtime dirs + host keys
RUN mkdir -p /var/run/sshd && \
    ssh-keygen -A

# Fastfetch config for micro
RUN mkdir -p /home/micro/.config/fastfetch
COPY fastfetch_config.json /home/micro/.config/fastfetch/config.jsonc
RUN chown -R micro:micro /home/micro/.config && \
    echo 'if command -v fastfetch >/dev/null 2>&1; then fastfetch; fi' >> /home/micro/.profile && \
    chown micro:micro /home/micro/.profile

EXPOSE 22

CMD ["/usr/sbin/sshd", "-D"]