# syntax=docker/dockerfile:latest
# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
# SPDX-License-Identifier: AGPL-3.0-only
# From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
FROM postgres:18.3-alpine

ENV PGDATA=/var/lib/postgresql/data

COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh
COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh

RUN set -ex; \
    apk upgrade --no-cache -a; \
    apk add --no-cache \
        bash \
        openssl \
        shadow \
        netcat-openbsd \
        grep; \
    \
# We need to use the same gid and uid as on old installations
    deluser postgres; \
    groupmod -g 9999 ping; \
    addgroup -g 999 -S postgres; \
    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
    apk del --no-cache shadow; \
    \
# Fix default permissions
    mkdir -p /var/lib/postgresql/data; \
    chown -R postgres:postgres /var/lib/postgresql; \
    chown -R postgres:postgres /var/run/postgresql; \
    chmod -R 777 /var/run/postgresql; \
    chown -R postgres:postgres "$PGDATA"; \
    \
    mkdir /mnt/data; \
    chown postgres:postgres /mnt/data; \
    \
# Give root a random password
    echo "root:$(openssl rand -base64 12)" | chpasswd; \
    apk --no-cache del openssl; \
    \
# Get rid of unused binaries
    rm -f /usr/local/bin/gosu /usr/local/bin/su-exec;

VOLUME /mnt/data

USER 999
ENTRYPOINT ["/start.sh"]

HEALTHCHECK CMD /healthcheck.sh
LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    org.opencontainers.image.title="PostgreSQL for Nextcloud AIO" \
    org.opencontainers.image.description="PostgreSQL database for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
