FROM ubuntu:xenial

# Required users
RUN addgroup statbox && adduser --disabled-password --ingroup statbox statbox
RUN addgroup monitor && adduser --disabled-password --ingroup monitor monitor

# Yandex GPG keyring and basic packages
COPY files/apt.sources.list.d/common-stable.list /etc/apt/sources.list.d
RUN sed -i 's/\/archive\.ubuntu\.com/\/ru.archive.ubuntu.com/g' /etc/apt/sources.list
RUN apt-get update
RUN apt-get install -y --allow-unauthenticated yandex-archive-keyring

# Yandex repos and root ca
COPY files/apt.sources.list.d /etc/apt/sources.list.d
RUN apt-get update
RUN apt-get install -y yandex-internal-root-ca

# Yandex api package
RUN mkdir /etc/yandex
RUN YENV_TYPE='development' apt-get install -y yandex-passport-api
RUN echo 'development' > /etc/yandex/environment.type

# Additional packages
RUN apt-get install yandex-passport-as-data uatraits-data yandex-lang-detect-data passport-admin-secrets-passport-front cron

# Create secrets
ARG EXT_USER
COPY files/yav-deploy-development.conf /etc/yandex/yav-deploy/development.conf
COPY files/yav-deploy-development-tvm.tmpl /etc/yandex/yav-deploy/templates/tvm/development.tvm.tpl
RUN --mount=type=ssh yav-deploy --rsa-login $EXT_USER --skip-post-update

# TODO: remove hack after moving secrets package to arc
RUN sed -i "s/REDIS_PASSWORD = '.*'/REDIS_PASSWORD = ''/" /usr/lib/yandex/passport-secrets/settings.py
RUN sed -i "s/REDIS_PASSWORD_2 = '.*'/REDIS_PASSWORD_2 = ''/" /usr/lib/yandex/passport-secrets/settings.py

# App
RUN mkdir /app
COPY files/run.sh /app
CMD /app/run.sh
