FROM alpine:latest

# ----------------------------------------
# Install required packages
# ----------------------------------------
RUN apk update && apk add --no-cache \
    wireguard-tools \
    wireguard-virt \
    nftables \
    supervisor \
    nodejs \
    npm \
    curl \
    bash

# ----------------------------------------
# Setup nftables base config
# You will manage rules from Node.js or mounted config
# ----------------------------------------
RUN mkdir -p /etc/nftables
COPY nftables.conf /etc/nftables/nftables.conf

# ----------------------------------------
# Application
# ----------------------------------------
WORKDIR /app

COPY ../package.json ./
RUN npm install --production
COPY .. .

# ----------------------------------------
# Supervisor config
# ----------------------------------------
COPY supervisor.conf /etc/
COPY start.sh /usr/local/bin/start.sh
RUN chmod +x /usr/local/bin/start.sh

# ----------------------------------------
# Volumes
# ----------------------------------------
VOLUME ["/etc/wireguard", "/etc/nftables", "/app/data"]

EXPOSE 3000

CMD ["/usr/local/bin/start.sh"]