FROM hashicorp/vault:latest

# Install Bash
RUN apk add --no-cache --upgrade bash

# Install python/pip (needed to run some of the initialization logic)
ENV PYTHONUNBUFFERED=1
RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
RUN python3 -m venv .venv \
    && source .venv/bin/activate \
    && python -m ensurepip \
    && pip install --no-cache --upgrade pip setuptools

# Needed for parsing JSON in Bash (which is needed to parse the unseal keys and root token)
RUN apk add --no-cache jq

# Copy the Vault configuration file into the container
COPY vault-config.hcl /vault/config/vault-config.hcl

# Copy the startup script into the container (also verifying it's encoded properly)
COPY ./entrypoint.sh /entrypoint.sh
RUN dos2unix /entrypoint.sh

# Copy the Python startup stuff into the container
COPY ./setup-scripts /setup-scripts

# Copy the snapshot server Python code into the container
COPY ./snapshot-server /snapshot-server

# | Port | Purpose                                                             |
# | ---- | ------------------------------------------------------------------- |
# | 8200 | Vault API                                                           |
# | 8300 | Custom snapshot server (for creating and serving backups over HTTP) |
EXPOSE 8200 8300

ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]