FROM almalinux:8
MAINTAINER Roman Vanicek "roman.vanicek@ivasoft.cz"
ARG BUILD_DATE
ARG VCS_REF
LABEL org.label-schema.build-date=$BUILD_DATE \
    org.label-schema.license=GPL-3.0 \
    org.label-schema.name=certmonger \
    org.label-schema.vcs-ref=$VCS_REF

RUN dnf install -y wget certmonger

COPY createCertChain.sh /
COPY entrypoint.sh /

ENV CERTMONGER_PVT_ADDRESS=unix:path=/var/run/certmonger.sock \
    SCEP_URL="http://example.org" \
    CERT_NAME="cn=Server" \
    CERT_KEY_BITS=2048 \
    CERT_KEY_USAGE="-u digitalSignature -u keyEncipherment -u keyAgreement -U id-kp-serverAuth -U id-kp-clientAuth -U id-kp-EmailProtection" \
    CERT_ALT_NAMES="-D Server.example.org -D Server" \
    CONTAINER_KEY_FILE="/etc/pki/tls/private/cert.pem" \
    CONTAINER_CERT_FILE="/etc/pki/tls/certs/cert.pem" \
    CONTAINER_CA_FILE="/var/lib/samba/private/tls/ca.pem" \
    CONTAINER_FULLCHAIN_FILE="/var/lib/samba/private/tls/full.pem"

VOLUME /var/lib/certmonger

ENTRYPOINT ["/entrypoint.sh"]