# --- Stage 1: Portainer Agent ---
FROM portainer/agent:latest AS agent

# --- Stage 2: Tailscale ---
FROM tailscale/tailscale:latest AS tailscale

# --- Stage 3: Finales Image (Alpine) ---
FROM alpine:3.20

# Basis-Pakete
RUN apk add --no-cache \
      iptables \
      iproute2 \
      ca-certificates \
      curl \
      bash \
      tini

# Binaries von Tailscale kopieren
COPY --from=tailscale /usr/local/bin/tailscaled /usr/local/bin/tailscaled
COPY --from=tailscale /usr/local/bin/tailscale /usr/local/bin/tailscale

# Komplette Portainer-Agent-App übernehmen
COPY --from=agent /app /app

# Arbeitsverzeichnis
WORKDIR /app

# Startskript hinzufügen
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# TUN-Gerät vorbereiten
RUN mkdir -p /dev/net
VOLUME ["/var/lib/tailscale"]

# Portainer Agent Port
EXPOSE 9001

ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/entrypoint.sh"]