FROM debian:13-slim

ENV DEBIAN_FRONTEND=noninteractive

# Install mysql system dependencies
RUN apt-get update && apt-get install -y \
    wget gnupg lsb-release debconf-utils \
    tzdata \
    && apt-get clean

ENV TZ=Europe/Riga
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

# Preconfigure MySQL APT repo to avoid interactive prompt
RUN echo "mysql-apt-config mysql-apt-config/select-server select mysql-8.0" | debconf-set-selections && \
    echo "mysql-apt-config mysql-apt-config/repo-distro select debian" | debconf-set-selections && \
    echo "mysql-apt-config mysql-apt-config/repo-codename select bookworm" | debconf-set-selections

# Download and install MySQL APT config
RUN wget https://dev.mysql.com/get/mysql-apt-config_0.8.29-1_all.deb && \
    dpkg -i mysql-apt-config_0.8.29-1_all.deb 

# Install system dependencies
RUN apt-get update && apt-get install -y \
    apache2 \
    apache2-dev \
    libapache2-mod-wsgi-py3 \
    libapache2-mod-auth-openidc \
    pkg-config \
    mysql-client \
    mc \
    sudo \
    cron \
    certbot \
    python3-certbot-apache \
    ssl-cert \
    python3 python3-venv python3-pip \
    python3-flask \
    python3-flaskext.wtf \
    python3-peewee \
    python3-pymysql \
    python3-wtforms \
    python3-numpy \
    python3-paho-mqtt \
    python3-dotenv\
    python3-email-validator \
    python3-cryptography \
    python3-jinja2 \
    python3-itsdangerous \
    python3-tzlocal \
    python3-requests \
    && rm -rf /var/lib/apt/lists/*

# Set working directory
WORKDIR /var/www/optiwarm

# Copy requirements and install Python dependencies
#COPY requirements.txt .
#RUN pip install --no-cache-dir -r requirements.txt
#RUN pip install --upgrade --root-user-action ignore pip && pip install --root-user-action ignore flask-wtf

# Copy application code
COPY . .

# Create WSGI file
RUN echo "#!/usr/bin/env python3\nimport sys\nimport os\nsys.path.insert(0, '/var/www/optiwarm/')\nfrom run import app as application\nif __name__ == '__main__':\n    application.run()" > /var/www/optiwarm/wsgi.py

# Set proper permissions
RUN chown -R www-data:www-data /var/www/optiwarm
RUN chmod +x /var/www/optiwarm/wsgi.py

# Enable Apache modules
RUN a2enmod wsgi
RUN a2enmod auth_openidc
RUN a2enmod ssl
RUN a2enmod headers
RUN a2enmod rewrite

# Copy Apache configuration
COPY docker/apache/optiwarm.conf /etc/apache2/sites-available/optiwarm.conf
COPY docker/apache/optiwarm_ssl.conf /etc/apache2/sites-available/optiwarm_ssl.conf
RUN echo 'ServerName ${DOMAIN}' | tee /etc/apache2/conf-available/servername.conf
RUN a2dissite 000-default
RUN a2enconf servername
RUN a2ensite optiwarm

# Expose port
EXPOSE 80 443

# Create certificate renewal script
RUN echo '#!/bin/bash\n\
/usr/bin/certbot renew --quiet --apache\n\
/usr/sbin/apache2ctl graceful' > /usr/local/bin/renew-certs.sh && \
    chmod +x /usr/local/bin/renew-certs.sh

# Setup cron for certificate renewal (runs every 12 hours)
RUN echo "0 */12 * * * /usr/local/bin/renew-certs.sh" > /var/spool/cron/crontabs/root && \
    chmod 600 /var/spool/cron/crontabs/root

# Create startup script
RUN echo '#!/bin/bash\n\
# Wait for database to be ready\n\
while ! mysqladmin ping -h"$DB_HOST" -P"$DB_PORT" -u"$DB_USER" -p"$DB_PASS" --silent; do\n\
    echo "Waiting for database..."\n\
    sleep 2\n\
done\n\
\n\
# Start cron for certificate renewal\n\
service cron start\n\
\n\
# Check if SSL certificates exist and domain is set\n\
if [ -n "$DOMAIN" ] && [ -n "$LETSENCRYPT_EMAIL" ] && [ ! -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then\n\
    echo "Obtaining SSL certificate for $DOMAIN..."\n\
    certbot --apache --non-interactive --agree-tos --email $LETSENCRYPT_EMAIL --domains $DOMAIN \n\
    if [ $? -eq 0 ]; then\n\
        echo "SSL certificate obtained successfully for $DOMAIN"\n\
    else\n\
        echo "Failed to obtain SSL certificate for $DOMAIN"\n\
    fi\n\
    apache2ctl stop\n\
fi\n\
\n\
ls -l /etc/letsencrypt/live/*\n\
if [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then\n\
  a2dissite optiwarm\n\
  a2ensite optiwarm_ssl\n\
fi\n\
\n\
sudo -E -u www-data /var/www/optiwarm/boiler_controller.py &\n\
sudo -E -u www-data /var/www/optiwarm/mqtt_sensor_collector.py &\n\
# Start Apache\n\
exec apache2ctl -D FOREGROUND' > /usr/local/bin/start-optiwarm.sh

RUN chmod +x /usr/local/bin/start-optiwarm.sh
RUN mkdir /var/log/optiwarm && chmod o+rw /var/log/optiwarm
RUN printenv | awk -F= '/^(DB_|MQTT_)/ {printf "%s ", $1}' | \
    xargs -I{} echo 'Defaults env_keep += "{}"' > /etc/sudoers.d/env_keep && \
    chmod 0440 /etc/sudoers.d/env_keep

CMD ["/usr/local/bin/start-optiwarm.sh"]