# syntax=docker/dockerfile:1.7

############################################
# Stage 1: fetch source (pin to tag/sha)
############################################
FROM alpine:3.20 AS source
ARG DALOREF=master
ARG MIRROR_URL=https://gitea.portal.tulsacounty.org/external-repos/daloradius.git
RUN apk add --no-cache git && \
    git clone --depth=1 --branch ${DALOREF} ${MIRROR_URL} /src

############################################
# Stage 2: runtime (PHP 8, Apache)
############################################
FROM php:8.3-apache

ENV TZ=UTC

# System deps (no php-pear package here)
RUN apt-get update && apt-get -y upgrade && \
    apt-get install -y --no-install-recommends \
      ca-certificates tzdata curl git \
      libpng-dev libjpeg62-turbo-dev libfreetype6-dev libwebp-dev \
      libmariadb-dev \
    && rm -rf /var/lib/apt/lists/* && \
    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ >/etc/timezone && \
    update-ca-certificates -f

# PHP extensions
RUN docker-php-ext-configure gd --with-freetype --with-jpeg && \
    docker-php-ext-install gd mysqli pdo_mysql

# Install PEAR manually, then required PEAR packages
RUN curl -fsSL https://pear.php.net/install-pear-nozlib.phar -o /tmp/pear.phar \
 && php /tmp/pear.phar \
 && rm /tmp/pear.phar \
 && pear channel-update pear.php.net \
 && pear install -a -f DB \
 && pear install -a -f Mail \
 && pear install -a -f Mail_Mime

# App
COPY --from=source /src/app/ /var/www/html/daloradius/
COPY --from=source /src/app/common/includes/daloradius.conf.php.sample /opt/daloradius.conf.php.tmpl
COPY --from=source /src/contrib/scripts/apache-config.sh /usr/local/bin/apache-config.sh

# Apache + perms (+ run helper to set DocumentRoot=/var/www/html/daloradius)
RUN chown -R www-data:www-data /var/www/html && \
    chmod +x /usr/local/bin/apache-config.sh && \
    a2enmod rewrite && \
    /usr/local/bin/apache-config.sh && \
    printf 'ServerName localhost\n' > /etc/apache2/conf-available/servername.conf && a2enconf servername


# Entry script renders config from env only if not bind-mounted or if forced
COPY <<'EOF' /entrypoint.sh
#!/usr/bin/env bash
set -euo pipefail

CFG="/var/www/html/daloradius/common/includes/daloradius.conf.php"
TMPL="/opt/daloradius.conf.php.tmpl"

# If no config present, seed from template
if [ ! -f "$CFG" ]; then
  cp "$TMPL" "$CFG"
fi

# Only edit if envs are provided and not explicitly skipped
if [ "${FORCE_RENDER:-0}" = "1" ] || [ ! -s "$CFG" ]; then
  : "${DBHOST:?set DBHOST}"; : "${DBNAME:?set DBNAME}"; : "${DBUSER:?set DBUSER}"; : "${DBPASS:?set DBPASS}"
  sed -i \
    -e "s|\$configValues\['CONFIG_DB_HOST'\].*|\$configValues['CONFIG_DB_HOST']   = '${DBHOST}';|g" \
    -e "s|\$configValues\['CONFIG_DB_USER'\].*|\$configValues['CONFIG_DB_USER']   = '${DBUSER}';|g" \
    -e "s|\$configValues\['CONFIG_DB_PASS'\].*|\$configValues['CONFIG_DB_PASS']   = '${DBPASS}';|g" \
    -e "s|\$configValues\['CONFIG_DB_NAME'\].*|\$configValues['CONFIG_DB_NAME']   = '${DBNAME}';|g" \
    "$CFG"
fi

exec apachectl -DFOREGROUND
EOF

HEALTHCHECK --interval=30s --timeout=5s --retries=5 CMD curl -fsS http://localhost/ || exit 1

RUN chmod +x /entrypoint.sh