# Dockerfile Master pour lecoffre_node - Architecture autonome complète
FROM debian:bookworm-slim

# Métadonnées
LABEL maintainer="4NK Team" \
      description="LeCoffre Node - Master Container avec Nginx intégré" \
      version="1.0.0"

# Variables d'environnement
ENV DEBIAN_FRONTEND=noninteractive \
    TZ=Europe/Paris \
    NGINX_VERSION=1.22.1 \
    DOCKER_COMPOSE_VERSION=2.21.0

# Installation des dépendances système
RUN apt-get update && apt-get upgrade -y && \
    apt-get install -y --no-install-recommends \
        ca-certificates \
        curl \
        wget \
        git \
        jq \
        python3 \
        python3-pip \
        docker.io \
        docker-compose \
        nginx \
        supervisor \
        cron \
        logrotate \
        openssl \
        procps \
        ncurses-bin \
        ncurses-term \
        && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Installation de Docker Compose
RUN curl -L "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" \
    -o /usr/local/bin/docker-compose && \
    chmod +x /usr/local/bin/docker-compose

# Création des utilisateurs
RUN useradd -m -u 1000 appuser && \
    useradd -m -u 10000 lecoffreuser && \
    usermod -aG docker appuser

# Répertoire de travail
WORKDIR /app

# Copie des fichiers de configuration
COPY conf/nginx/ /etc/nginx/sites-available/
COPY conf/nginx/nginx.conf /etc/nginx/nginx.conf
COPY conf/supervisor/ /etc/supervisor/conf.d/
COPY scripts/ /app/scripts/
COPY web/ /var/www/lecoffre/
COPY docker-compose.yml /app/
COPY .env.master /app/.env

# Configuration Nginx autonome et génération des certificats SSL
RUN mkdir -p /var/www/lecoffre/status /var/www/lecoffre/assets /app/logs/nginx && \
    ln -sf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/ && \
    rm -f /etc/nginx/sites-enabled/default && \
    /app/scripts/generate-ssl-certs.sh && \
    nginx -t && \
    chown -R www-data:www-data /var/www/lecoffre

# Configuration Supervisor
RUN mkdir -p /var/log/supervisor && \
    chown -R appuser:appuser /app

# Scripts d'initialisation
RUN chmod +x /app/scripts/*.sh

# Ports exposés
EXPOSE 80 443 3000

# Volumes pour persistance
VOLUME ["/app/data", "/app/logs", "/var/lib/docker"]

# Utilisateur non-root
USER appuser

# Healthcheck
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost/status/ || exit 1

# Point d'entrée
ENTRYPOINT ["/app/scripts/entrypoint.sh"]
CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]