FROM docker.io/library/debian:bookworm-slim
SHELL [ "/bin/sh", "-ec" ]

## install tools
RUN apt-get update ; \
    apt-get -y upgrade ; \
    apt-get -y install \
      ca-certificates \
      curl \
      dumb-init \
      gnupg \
      iproute2 \
      jq \
      less \
      libcap2-bin \
      lsof \
      netbase \
      openssl \
      procps \
      psmisc \
      tzdata \
      vim-tiny \
    ; \
    ## install vim-tiny as variant for vim
    update-alternatives --install /usr/bin/vim vim /usr/bin/vim.tiny 1 ; \
    ## quirk for vim-tiny
    find /usr/share/vim/ -name debian.vim -print0 \
    | sed -z 's/debian.vim/defaults.vim/' \
    | xargs -0 -r touch ; \
    ## cleanup
    find /var/lib/apt/lists/ /var/cache/apt/archives/ -mindepth 1 -delete

## setup user/group/homedir
RUN _uid=22222 ; \
    echo "vault:x:${_uid}:${_uid}:vault:/home/vault:/bin/false" >> /etc/passwd ; \
    echo "vault:!:::::::" >> /etc/shadow ; \
    echo "vault:x:${_uid}:" >> /etc/group ; \
    install -d -o vault -g vault -m 0750 /home/vault /vault
WORKDIR /home/vault

## setup layout & volumes
RUN env -C /vault \
    install -d -o vault -g vault -m 0750 config file logs
VOLUME [ "/vault/file", "/vault/logs" ]

EXPOSE 8200

ENTRYPOINT [ "dumb-init", "--", "docker-entrypoint.sh" ]
CMD [ "server", "-dev" ]