# initial
FROM registry.yandex.net/ubuntu:bionic
ADD . /lunapark
WORKDIR /lunapark

# set tz
ENV TZ=Europe/Moscow
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

# essential tools
RUN apt-get clean && apt-get update -q && apt-get install --no-install-recommends --no-install-suggests -y gnupg
COPY build/lunapark_sources.list /etc/apt/sources.list.d/lunapark-sources.list

RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7FCD11186050CD1A
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C8F1E19FE0C56BD4
RUN apt-get update -q && apt-get install --no-install-recommends --no-install-suggests -y \
    curl ca-certificates
RUN touch /etc/apt/sources.list.d/pgdg.list && \
    echo "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
    curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
RUN apt-get update -q && \
    apt-get install --no-install-recommends --no-install-suggests -y --allow-unauthenticated\
    vim less telnet rsyslog cron expect tcl8.6 logrotate \
    gcc python3-pip python3-dev python3-setuptools screen \
    libpq-dev postgresql-client-10 curl wget clickhouse-client \
    nginx gettext-base iputils-ping yandex-environment-intranet openssh-client yandex-arc-launcher

COPY build/nginx.conf /etc/nginx/
COPY build/entrypoint.sh /usr/local/bin
COPY build/broken_jobs.sh /etc/cron.daily/broken_jobs
RUN chmod 777 -R /usr/local/bin/entrypoint.sh
RUN chmod +x /lunapark/build/broken_jobs.sh
RUN chmod +x /lunapark/build/tank_status.sh

# pip
RUN pip3 install --upgrade pip
RUN pip3 install --extra-index-url https://pypi.yandex-team.ru/simple -r build/reqs.txt

# yandex certificate
RUN mkdir -p /usr/local/share/ca-certificates/Yandex
RUN wget "https://crls.yandex.net/allCAs.pem" -O /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt
RUN openssl x509 -in /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.crt \
    -out /usr/local/share/ca-certificates/Yandex/YandexInternalRootCA.pem -outform PEM

RUN mkdir /var/log/lunapark && chown www-data:www-data /var/log/lunapark
RUN mkdir /var/log/lunapark/django && chown www-data:www-data /var/log/lunapark/django
RUN mkdir /var/log/lunapark/nginx && chown www-data:www-data /var/log/lunapark/nginx
RUN touch /var/log/broken_jobs.log

ENTRYPOINT ["entrypoint.sh"]
EXPOSE 80
