FROM ghcr.io/allanger/dumb-downloader as dudo
ARG OPENVPN_VERSION
RUN apt update && apt install gnupg tar -y
RUN mkdir /output
# ------------------------------------------------------
# -- Downlaod OpenVPN
# ------------------------------------------------------
RUN dudo -l "https://keys.openpgp.org/vks/v1/by-fingerprint/F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7" -d security-openvpn-net.asc -p DUMMY
RUN gpg --import security-openvpn-net.asc
RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz.asc" -d /tmp/openvpn.asc -p ${OPENVPN_VERSION}
# ------------------------------------------------------
# -- todo: I should fix it later
# ------------------------------------------------------
# RUN gpg  --no-tty --verify /tmp/openvpn.asc
RUN dudo -l "https://swupdate.openvpn.org/community/releases/openvpn-{{ version }}.tar.gz " -d /tmp/openvpn.tar.gz -p ${OPENVPN_VERSION}
RUN tar -xf /tmp/openvpn.tar.gz  -C /tmp && rm -f /tmp/openvpn.tar.gz
RUN mv /tmp/openvpn-${OPENVPN_VERSION} /output/openvpn

FROM ubuntu:24.04 as builder
# ------------------------------------------------------
# -- TODO: Define it only once
# ------------------------------------------------------
ARG OPENVPN_VERSION
COPY --from=dudo /output /src
RUN apt-get update &&\
      apt-get install -y wget tar unzip build-essential \
      libssl-dev iproute2 liblz4-dev liblzo2-dev \
      libpam0g-dev libpkcs11-helper1-dev libsystemd-dev \
      easy-rsa iptables pkg-config libcap-ng-dev
WORKDIR /src/openvpn
RUN ./configure --disable-systemd --enable-async-push --enable-iproute2
RUN make && make install
RUN mkdir /output
RUN cp $(which openvpn) /output
RUN cp /src/openvpn/sample/sample-config-files/server.conf /output

# ------------------------------------------------------
# -- Final container
# ------------------------------------------------------
FROM ubuntu:24.04
LABEL maintainer="allanger <allanger@badhouseplants.net>"
VOLUME /opt/data/openvpn
WORKDIR /opt/data/openvpn

ENV EASYRSA_BATCH=yes
ENV EASYRSA_REQ_CN=openvpn-server

COPY --from=builder /output/openvpn /src/openvpn
COPY --from=builder /output/server.conf /opt/config/server.conf

# -------------------------------------------------------
# -- Prepare system deps
# -- It's also installing the openvpn package but 
# -- it's required for getting dependencies, later
# -- it's rewritten by the binary that from the builder
# -------------------------------------------------------
RUN apt update &&\
      apt upgrade -y && \
      apt install openvpn easy-rsa -y && \
      mv /src/openvpn $(which openvpn)

CMD ["ovpn_run"]

COPY --chmod='755' ./bin /usr/local/bin