ARG REPO=library
FROM multiarch/qemu-user-static:4.1.0-1 as qemu-user-static
FROM ${REPO}/alpine:3.9

COPY --from=qemu-user-static /usr/bin/qemu-* /usr/bin/

# Install SSH and set up basic config
RUN apk add --no-cache openssh-server~=7.9 augeas~=1.11

# Create sshd configs
RUN mkdir /var/run/sshd
# Allow providing authorized_keys to ~/mole/.ssh/authorized_keys or to /etc/authorized_keys/<user>
RUN augtool 'set /files/etc/ssh/sshd_config/AuthorizedKeysFile ".ssh/authorized_keys /etc/authorized_keys/%u"'
# Prevent running commands or getting an X11 session
RUN augtool 'set /files/etc/ssh/sshd_config/ForceCommand echo no-commands-allowed'
RUN augtool 'set /files/etc/ssh/sshd_config/X11Forwarding no'
# Prevent logging in as root user or with a password
RUN augtool 'set /files/etc/ssh/sshd_config/PermitRootLogin no'
RUN augtool 'set /files/etc/ssh/sshd_config/PasswordAuthentication no'
# Use a non-reserved port so we can run as a non-root user
RUN augtool 'set /files/etc/ssh/sshd_config/Port 2222'
# Ensure we can forward TCP
RUN augtool 'set /files/etc/ssh/sshd_config/AllowTcpForwarding yes'

EXPOSE 2222

# Create mole user
RUN adduser --system --home /mole mole
USER mole
RUN mkdir -p /mole/.ssh

CMD ["/usr/sbin/sshd", "-D"]