FROM debian:stable-slim

ENV DEBIAN_FRONTEND=noninteractive

# Basic tools + SSH + dev stack (+ fastfetch if available)
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        openssh-server \
        sudo \
        ca-certificates \
        git \
        curl wget \
        vim nano \
        htop \
        build-essential \
        fastfetch || true && \
    rm -rf /var/lib/apt/lists/*

# Create 'micro' user with fixed uid/gid 1000
RUN useradd -m -u 1000 -U -s /bin/bash micro && \
    echo "micro:ChangeMe123" | chpasswd && \
    usermod -aG sudo micro

# Prepare .ssh directory
RUN mkdir -p /home/micro/.ssh && \
    chown -R micro:micro /home/micro && \
    chmod 700 /home/micro/.ssh

# SSH server config: key-only login, use ~/.ssh/authorized_keys
RUN sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config || true && \
    sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config || true && \
    sed -i 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config || true && \
    sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config || true && \
    sed -i 's|^#AuthorizedKeysFile.*|AuthorizedKeysFile .ssh/authorized_keys|' /etc/ssh/sshd_config || true && \
    echo 'UsePAM no' >> /etc/ssh/sshd_config

# Generate host keys and make sure run dir exists
RUN mkdir -p /var/run/sshd && \
    ssh-keygen -A

# Fastfetch config for micro (optional flair)
RUN mkdir -p /home/micro/.config/fastfetch
COPY fastfetch_config.json /home/micro/.config/fastfetch/config.jsonc
RUN chown -R micro:micro /home/micro/.config && \
    echo 'if command -v fastfetch >/dev/null 2>&1; then fastfetch; fi' >> /home/micro/.bashrc && \
    chown micro:micro /home/micro/.bashrc

EXPOSE 22

CMD ["/usr/sbin/sshd", "-D"]