FROM git.zontreck.com/packages/debian:build

ENV HOME /root
USER root
WORKDIR /

RUN apt-get update && apt-get upgrade -y
RUN apt-get install -y curl moreutils bash

SHELL ["/bin/bash", "-c"]

RUN apt-get install -y ca-certificates openssh-client git
RUN [ -e /etc/nsswitch.conf ] && grep '^hosts: files dns' /etc/nsswitch.conf

RUN set -eux addgroup -g 2375 -S docker

ENV DOCKER_VERSION 28.0.1

RUN set -eux ;\
    wget -O docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-28.0.1.tgz; \
    tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ --no-same-owner 'docker/docker'; rm docker.tgz; \
    docker --version

ENV DOCKER_BUILDX_VERSION 0.21.2

RUN set -eux; \
    wget -O docker-buildx https://github.com/docker/buildx/releases/download/v0.21.2/buildx-v0.21.2.linux-amd64; \
    mkdir -pv /usr/local/libexec/docker/cli-plugins/; \
    mv -vT docker-buildx /usr/local/libexec/docker/cli-plugins/docker-buildx; \
    chmod +x /usr/local/libexec/docker/cli-plugins/docker-buildx; \
    ln -sv /usr/local/libexec/docker/cli-plugins/docker-buildx /usr/local/bin/docker-buildx; \
    docker buildx version

ENV DOCKER_COMPOSE_VERSION 2.34.0

RUN set -eux; \
    wget -O docker-compose https://github.com/docker/compose/releases/download/v2.34.0/docker-compose-linux-x86_64; \
    mv -vT docker-compose /usr/local/libexec/docker/cli-plugins/docker-compose; \
    chmod +x /usr/local/libexec/docker/cli-plugins/docker-compose; \
    ln -sv /usr/local/libexec/docker/cli-plugins/docker-compose /usr/local/bin/docker-compose; \
    docker compose version

COPY ./modprobe.sh /usr/local/bin/modprobe
COPY ./docker-entrypoint.sh /usr/local/bin/docker-entrypoint

ENV DOCKER_TLS_CERTDIR=/certs
RUN mkdir -pv /certs/client && chmod 1777 /certs /certs/client
ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]
CMD ["bash"]

# Here's where we get into all the fun stuff. This is the main docker-in-docker portion of the image.

RUN apt-get install -y e2fsprogs e2fsprogs-extra build-essential openssl iptables ip6tables pigz shadow-uidmap xfsprogs xz zfs
RUN apt-get install -y iptables-legacy;\
    mkdir -pv /usr/local/sbin/.iptables-legacy; \
    for f in iptables iptables-save iptables-restore ip6tables ip6tables-save ip6tables-restore; \
    do b="$(command -v "${f/tables/tables-legacy}")"; \
    "$b" --version; \
    ln -svT "$b" "/usr/local/sbin/.iptables-legacy/$f"; \
    done; \
    export PATH="/usr/local/sbin/.iptables-legacy:$PATH"; \
    iptables --version | grep legacy

RUN set -eux;\
    addgroup -S dockremap; \
    adduser -S -G dockremap dockremap; \
    echo "dockremap:165536:65536" >> /etc/subuid; \
    echo "dockremap:165536:65536" >> /etc/subgid

RUN dockerd --version
RUN wget -O /usr/local/bin/dind https://raw.githubusercontent.com/moby/moby/refs/heads/master/hack/dind; \
    chmod +x /usr/local/bin/dind

COPY ./dockerd-entrypoint.sh /usr/local/bin/dockerd-entrypoint
VOLUME [/var/lib/docker]
EXPOSE 2375/tcp 2376/tcp
ENTRYPOINT ["/usr/local/bin/dockerd-entrypoint"]
CMD []