# --- Stage 1: Portainer Agent ---
FROM portainer/agent:latest AS agent

# --- Stage 2: Tailscale ---
FROM tailscale/tailscale:latest AS tailscale

# --- Stage 3: Finales Image (Alpine) ---
FROM alpine:3.20

# Basis-Pakete
RUN apk add --update \
      iptables \
      iproute2 \
      ca-certificates \
      curl \
      bash \
      tini \
   && rm -rf /var/cache/apk/*

# Binaries von Tailscale kopieren
COPY --from=tailscale /usr/local/bin/tailscaled /usr/local/bin/tailscaled
COPY --from=tailscale /usr/local/bin/tailscale /usr/local/bin/tailscale

# Komplette Portainer-Agent-App übernehmen
COPY --from=agent /app /app

# Arbeitsverzeichnis
WORKDIR /app

# Startskript hinzufügen
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# TUN-Gerät vorbereiten
RUN mkdir -p /dev/net
VOLUME ["/var/lib/tailscale"]

# Portainer Agent Port
EXPOSE 9001

LABEL org.opencontainers.image.title="Portainer Agent Tailscale"
LABEL org.opencontainers.image.description="Tailscale-fähiger Portainer-Agent für ARM64/AMD64"
LABEL org.opencontainers.image.version="1.0.0"
LABEL org.opencontainers.image.authors="Patrick Buchhorst <patrick@buchhorster.de>"
LABEL org.opencontainers.image.source="https://gitea.buchhorster.de/patrick/portainer-agent-tailscale"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.vendor="Buchhorster IT"
LABEL org.opencontainers.image.os="linux"

ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/entrypoint.sh"]
