FROM python:3.11-slim-trixie AS python-stage
RUN python3 -m venv /opt/py3

FROM ghcr.io/1panel-dev/maxkb-vector-model:v2.0.2 AS vector-model

FROM postgres:17.6-trixie
COPY --from=python-stage /usr/local /usr/local
COPY --from=python-stage /opt/py3 /opt/py3
COPY installer/*.sh /usr/bin/
COPY installer/init.sql /docker-entrypoint-initdb.d/

ARG DEPENDENCIES="                    \
        curl                          \
        ca-certificates               \
        vim                           \
        wait-for-it                   \
        redis-server                  \
        postgresql-17-pgvector        \
        postgresql-17-age"

RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
    echo "Asia/Shanghai" > /etc/timezone && \
    apt-get update && apt-get install -y --no-install-recommends $DEPENDENCIES && \
    chmod 755 /usr/bin/start-*.sh && \
    find /etc/ -type f ! -path '/etc/resolv.conf' ! -path '/etc/hosts' | xargs chmod g-rx && \
    curl -L --connect-timeout 120 -m 1800 https://resource.fit2cloud.com/maxkb/ffmpeg/get-ffmpeg-linux | sh && \
    mkdir -p /opt/maxkb-app/sandbox && \
    useradd --no-create-home --home /opt/maxkb-app/sandbox sandbox -g root && \
    chown -R sandbox:root /opt/maxkb-app/sandbox && \
    chmod g-xr /usr/local/bin/* /usr/bin/* /bin/* /usr/sbin/* /sbin/* /usr/lib/postgresql/17/bin/* && \
    chmod g+xr /usr/bin/ld.so && \
    chmod g+x /usr/local/bin/python* && \
    apt-get clean all && \
    rm -rf /var/lib/apt/lists/* /usr/share/doc/* /usr/share/man/* /usr/share/info/* /usr/share/locale/* /usr/share/lintian/* /usr/share/linda/* /var/cache/* /var/log/* /var/tmp/* /tmp/*
COPY --from=vector-model --chmod=700 /opt/maxkb-app/model /opt/maxkb-app/model

ENV PATH=/opt/py3/bin:$PATH \
    PGDATA=/opt/maxkb/data/postgresql/pgdata \
    POSTGRES_USER=root \
    POSTGRES_PASSWORD=Password123@postgres \
    POSTGRES_MAX_CONNECTIONS=1000 \
    REDIS_PASSWORD=Password123@redis \
    LANG=en_US.UTF-8 \
    PYTHONUNBUFFERED=1 \
    MAXKB_CONFIG_TYPE=ENV \
    MAXKB_LOG_LEVEL=INFO \
    MAXKB_SANDBOX=1 \
    MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS="/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages" \
    MAXKB_SANDBOX_PYTHON_BANNED_KEYWORDS="subprocess.,system(,exec(,execve(,pty.,eval(,compile(,shutil.,input(,__import__" \
    MAXKB_ADMIN_PATH=/admin

EXPOSE 6379