# checkov:skip=CKV_DOCKER_2:Test container doesn't need healthcheck
# checkov:skip=CKV_DOCKER_3:OpenVPN server requires root for NET_ADMIN
# checkov:skip=CKV_DOCKER_7:Base image is parameterized, some use latest tag
ARG BASE_IMAGE=ubuntu:24.04
FROM ${BASE_IMAGE}

ARG BASE_IMAGE
ENV DEBIAN_FRONTEND=noninteractive

# Install basic dependencies based on the OS
RUN if command -v apt-get >/dev/null; then \
        apt-get update && apt-get install -y \
            iproute2 iptables curl procps systemd systemd-sysv \
        && rm -rf /var/lib/apt/lists/*; \
    elif command -v dnf >/dev/null; then \
        dnf install -y --allowerasing \
            iproute iptables curl procps-ng systemd tar gzip \
        && dnf clean all; \
    elif command -v yum >/dev/null; then \
        yum install -y \
            iproute iptables curl procps-ng systemd tar gzip \
        && yum clean all; \
    elif command -v pacman >/dev/null; then \
        pacman -Syu --noconfirm \
            iproute2 iptables curl procps-ng \
        && pacman -Scc --noconfirm; \
    fi

# Create TUN device (will be mounted at runtime)
RUN mkdir -p /dev/net

# Copy the install script
COPY openvpn-install.sh /opt/openvpn-install.sh
RUN chmod +x /opt/openvpn-install.sh

# Copy test scripts
COPY test/server-entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

WORKDIR /opt

ENTRYPOINT ["/entrypoint.sh"]