ARG BUILD_BASE_IMAGE=debian:bookworm

FROM ${BUILD_BASE_IMAGE}

ARG BUILD_MAINTAINER
ARG BUILD_TZ
ARG BUILD_APP_NAME
ARG BUILD_LANG
ARG BUILD_LANGUAGE
ARG BUILD_LC_ALL
ARG BUILD_COUNTRY

LABEL maintainer="${BUILD_MAINTAINER}"
LABEL org.opencontainers.image.title="${BUILD_APP_NAME}"

ENV TZ=${BUILD_TZ}
ENV LANG=${BUILD_LANG}
ENV LANGUAGE=${BUILD_LANGUAGE}
ENV LC_ALL=${BUILD_LC_ALL}
ENV COUNTRY=${BUILD_COUNTRY}
ENV DEBIAN_FRONTEND=noninteractive

RUN sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources && \
    apt-get update && apt-get install -y \
    xrdp \
    sssd \
    sssd-tools \
    libpam-sss \
    libnss-sss \
    libsss-sudo \
    ldap-utils \
    ca-certificates \
    dbus-x11 \
    xfce4 \
    xfce4-terminal \
    sudo \
    firefox-esr \
    firefox-esr-l10n-${COUNTRY} \
    thunderbird \
    thunderbird-l10n-${COUNTRY} \
    locales \
    tzdata \
    keyboard-configuration \
    x11-xkb-utils \
    pulseaudio \
    build-essential \
    dpkg-dev \
    git \
    libpulse-dev \
    meson \
    ninja-build \
    pkg-config \
    autoconf \
    libtool && \
    apt-get build-dep -y pulseaudio && \
    cd /tmp && \
    apt-get source pulseaudio && \
    PULSE_DIR=$(find /tmp -maxdepth 1 -type d -name "pulseaudio-*" | head -n 1) && \
    cd $PULSE_DIR && \
    meson setup build \
        -Dman=false \
        -Dtests=false \
        -Ddoxygen=false && \
    cd /tmp && \
    git clone https://github.com/neutrinolabs/pulseaudio-module-xrdp.git && \
    cd pulseaudio-module-xrdp && \
    ./bootstrap && \
    ./configure PULSE_DIR=$PULSE_DIR && \
    make && \
    make install && \
    cd / && \
    rm -rf /tmp/pulseaudio-* /tmp/pulseaudio-module-xrdp && \
    apt-get remove -y build-essential dpkg-dev meson ninja-build autoconf libtool && \
    apt-get autoremove -y && \
    rm -rf /var/lib/apt/lists/* && \
    echo "${LANG} UTF-8" > /etc/locale.gen && \
    locale-gen ${LANG} && \
    update-locale LANG=${LANG} LANGUAGE=${LANGUAGE} && \
    ln -fs /usr/share/zoneinfo/${TZ} /etc/localtime && \
    dpkg-reconfigure -f noninteractive tzdata && \
    printf 'XKBMODEL="pc105"\nXKBLAYOUT="%s"\nXKBVARIANT=""\nXKBOPTIONS=""\nBACKSPACE="guess"\n' "${COUNTRY}" > /etc/default/keyboard && \
    dpkg-reconfigure -f noninteractive keyboard-configuration

# NEU: Systemweite statische Konfigurationen für LDAP/PAM/Sudo
# 1. Entfernt die gefährliche %users Regel
# 2. Sagt nsswitch, dass Sudoers auch im SSS (LDAP) gesucht werden sollen
# 3. Aktiviert das automatische Erstellen von Home-Verzeichnissen (mkhomedir)
RUN sed -i '/%users/s/^/# /' /etc/sudoers && \
    echo "sudoers: files sss" >> /etc/nsswitch.conf && \
    echo "session required pam_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session

RUN chmod 440 /etc/sudoers && \
    mkdir -p /etc/sssd && chown root:root /etc/sssd && chmod 755 /etc/sssd && \
    mkdir -p /home && chmod 755 /home && \
    chown xrdp:xrdp /etc/xrdp/key.pem /etc/xrdp/cert.pem /etc/xrdp/rsakeys.ini && \
    chmod 600 /etc/xrdp/key.pem /etc/xrdp/rsakeys.ini && \
    chmod 644 /etc/xrdp/cert.pem && \
    echo "LANG=${LANG}" >> /etc/environment && \
    echo "LANGUAGE=${LANGUAGE}" >> /etc/environment && \
    echo "LC_ALL=${LC_ALL}" >> /etc/environment && \
    sed -i '2i export LANG=${LANG}\nexport LANGUAGE=${LANGUAGE}\nexport LC_ALL=${LC_ALL}\npulseaudio --start\npactl load-module module-xrdp-sink.so\npactl load-module module-xrdp-source.so' /etc/xrdp/startwm.sh && \
    chmod +x /etc/xrdp/startwm.sh && \
    mkdir -p /etc/xdg/xfce4 && \
    echo "setxkbmap ${COUNTRY}" >> /etc/xdg/xfce4/xinitrc

EXPOSE 3389

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
CMD ["/entrypoint.sh"]