FROM debian:latest

# Change these
ENV LISTEN_PORT=4410
ENV ADMIN_EMAIL='me@example.com'

# Install deps
RUN apt-get update && apt-get install --yes \
	sudo curl apache2 openssl wireguard-tools dnsutils ipv6calc jq \
	&& rm -rf /var/lib/apt/lists/*

# Copy over index.cgi
RUN mkdir /var/www/cgi-bin/ && chown www-data:www-data /var/www/cgi-bin/
COPY admin.cgi /var/www/cgi-bin/index.cgi
COPY lib/ /usr/local/bin/

# Configure apache
RUN a2enmod cgi rewrite
RUN sed -i "s/^Listen 80$/Listen ${LISTEN_PORT}/" \
	/etc/apache2/ports.conf
RUN sed -i "s/^<VirtualHost \*:80>$/<VirtualHost *:${LISTEN_PORT}>/" \
	/etc/apache2/sites-available/000-default.conf
RUN sed -i "s/ServerAdmin .*$/ServerAdmin ${ADMIN_EMAIL}/" \
	/etc/apache2/sites-available/000-default.conf
RUN sed -i "s|DocumentRoot .*$|DocumentRoot /var/www/cgi-bin\n\tScriptAlias / /var/www/cgi-bin/index.cgi|" \
	/etc/apache2/sites-available/000-default.conf

# Allow http to run these binaries as root with sudo
RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /usr/bin/[, /usr/bin/tee, /bin/cat, /bin/mkdir, /bin/rm, /bin/chmod" \
| sudo EDITOR='tee -a' visudo

# Create temporary files
RUN touch /var/local/wgapi_tokens
RUN chown www-data:www-data /var/local/wgapi_tokens

# Run time!
EXPOSE ${LISTEN_PORT}
CMD ["apachectl", "-D", "FOREGROUND"]