#FROM debian:bookworm
FROM ubuntu:questing

MAINTAINER Roman VANICEK <roman.vanicek@ivasoft.cz>

ENV ADMIN_PASSWORD_SECRET=samba-admin-password \
    ADMIN_ACCOUNT=Administrator \
    BIND_INTERFACES_ONLY=yes \
    INTERFACES="lo eth0" \
    LOG_LEVEL=1 \
    MODEL=standard \
    NETBIOS_NAME= \
    REALM=ad.example.com \
    SERVER_STRING="Samba Member Server" \
    TZ=UTC \
    WINBIND_USE_DEFAULT_DOMAIN=yes \
    WORKGROUP=AD \
		CLUSTER_NODE_NAMES= \
		CLUSTER_NAME= \
		CLUSTER_SYSDIR_SHARED= \
		CLUSTER_SYSDIR_LOCAL= \
		CLUSTER_LOG_LEVEL= \
    CUPS_TRUSTED_PROXY= \
		EXPORTER_ENABLED=true \
		EXPORTER_LISTEN_ADDRESS=127.0.0.1:9922

COPY shutdown_on_exit.py /etc/supervisor/scripts/
COPY *.sh /
COPY ctdb_scripts/*.script /root/
COPY imker-ubuntu-samba-exporter-ppa-plucky.sources /etc/apt/sources.list.d/

RUN apt-get -y update && \
		# HACK: ubuntu:plucky has broken ca-certificates and apt-get update fails for samba-exporter repository
		DEBIAN_FRONTEND=noninteractive apt-get -yqq --no-install-recommends install ca-certificates && \
		# HACK: samba-exporter needs adduser and systemctl for its postinstall script
		DEBIAN_FRONTEND=noninteractive apt-get -yqq --no-install-recommends install adduser systemd && \
		echo '#!/bin/sh' > /usr/bin/systemctl && chmod +x /usr/bin/systemctl && \
		apt-get -y update && \
    DEBIAN_FRONTEND=noninteractive apt-get -yqq --no-install-recommends install \
        nano \
        tzdata \
        acl \
				cron \
        krb5-user \
        libpam-krb5 \
        adcli \
        winbind \
        libnss-winbind \
        libpam-winbind \
        samba \
        samba-common-bin \
        samba-dsdb-modules \
        samba-client \
        samba-vfs-modules \
        logrotate \
        attr \
        libpam-mount \
        supervisor \
        cups \
				ctdb \
				samba-exporter && \
	apt-get clean && \
	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
	# HACK: samba-exporter
	rm /usr/bin/systemctl && \
	\
	chmod +x /entrypoint.sh && \
	chmod +x /ensureJoined.sh && \
	chmod +x /smbd_ctdb.sh && \
	chmod +x /resolveNodes.sh && \
	chmod +x /persistCups.sh && \
	chmod +x /etc/supervisor/scripts/shutdown_on_exit.py && \
	chmod +x /usr/share/ctdb/events/legacy/* && \
	cp /root/*.script /usr/share/ctdb/events/legacy/ && \
	rm /root/*.script && \
	ctdb event script enable legacy 47.samba-dcerpcd && \
	ctdb event script enable legacy 48.netbios && \
	ctdb event script enable legacy 49.winbind && \
	ctdb event script enable legacy 50.samba && \
	sed -E -i "s:^(passwd\:\s*files\s*)$:\1 winbind:" /etc/nsswitch.conf && \
	sed -E -i "s:^(group\:\s*files\s*)$:\1 winbind:" /etc/nsswitch.conf && \
	pam-auth-update --package && \
	mkdir -p /etc/cups-persist/ppd && \
	ln -s /etc/cups-persist/printers.conf /etc/cups/printers.conf && \
	rmdir /etc/cups/ppd && \
	ln -s /etc/cups-persist/ppd /etc/cups/ppd && \
	sed -i "s:Listen localhost\:631:Port 631\nServerAlias \*:" /etc/cups/cupsd.conf && \
	useradd guest

#RUN chmod 777 /home

COPY *.conf.j2 /root/
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY crontab /etc

#VOLUME /etc/samba /var/lib/samba /etc/cups-persist

EXPOSE 135 137 138 139 445 631 4379 9100 9922

ENTRYPOINT ["/entrypoint.sh"]
CMD [""]