# OpenClaw Gateway - Custom ARM64 Build
# Platform: linux/arm64
# All configs via named volumes - copy files in with docker cp

FROM --platform=linux/arm64 ghcr.io/openclaw/openclaw:latest

USER root

# Install additional system packages
RUN apt-get update && apt-get install -y \
    jq \
    curl \
    htop \
    tree \
    ca-certificates \
    gnupg \
    && rm -rf /var/lib/apt/lists/*

# Install Google Cloud SDK (for gcloud CLI if needed)
RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
    | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list \
    && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg \
    | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg \
    && apt-get update && apt-get install -y google-cloud-cli \
    && rm -rf /var/lib/apt/lists/*

# Install gogcli (Google Workspace CLI) for ARM64
RUN GOG_VERSION=$(curl -s https://api.github.com/repos/steipete/gogcli/releases/latest | jq -r .tag_name) \
    && curl -L "https://github.com/steipete/gogcli/releases/download/${GOG_VERSION}/gogcli_${GOG_VERSION#v}_linux_arm64.tar.gz" \
    | tar -xz -C /usr/local/bin/ \
    && chmod +x /usr/local/bin/gog

# Install Tailscale
RUN curl -fsSL https://tailscale.com/install.sh | HEADLESS=true sh

# Create tailscale directories
RUN mkdir -p /var/run/tailscale /home/node/.local/share/tailscale /home/node/.local/share/tailscale/files /home/node/.local/bin && \
    chmod 777 /var/run/tailscale && \
    chown -R node:node /home/node/.local

# Create tailscale startup script (runs as node user)
RUN echo '#!/bin/sh' > /home/node/.local/bin/tailscale-start.sh && \
    echo 'mkdir -p /var/run/tailscale /home/node/.local/share/tailscale /home/node/.local/share/tailscale/files' >> /home/node/.local/bin/tailscale-start.sh && \
    echo 'tailscaled --socket=/tmp/tailscale.sock --tun=userspace-networking &' >> /home/node/.local/bin/tailscale-start.sh && \
    echo 'sleep 3' >> /home/node/.local/bin/tailscale-start.sh && \
    echo 'if [ -n "$TAILSCALE_AUTH_KEY" ]; then tailscale --socket=/tmp/tailscale.sock up --authkey="$TAILSCALE_AUTH_KEY" --hostname="${TAILSCALE_HOSTNAME:-openclaw-gateway}" || true; fi' >> /home/node/.local/bin/tailscale-start.sh && \
    echo 'sleep 2' >> /home/node/.local/bin/tailscale-start.sh && \
    echo 'tailscale --socket=/tmp/tailscale.sock serve --bg 18789 || true' >> /home/node/.local/bin/tailscale-start.sh && \
    chmod +x /home/node/.local/bin/tailscale-start.sh

# Copy custom tools into the image
COPY tools/* /usr/local/bin/
COPY bin/* /usr/local/bin/
RUN chmod +x /usr/local/bin/*

# Create directories in the persistent volume location
RUN mkdir -p /var/tmp/openclaw-compile-cache /home/node/.openclaw/ssh /home/node/.openclaw/gog /home/node/.openclaw/gws /opt/openclaw/defaults \
    && chown -R node:node /home/node/.openclaw /opt/openclaw/defaults /var/tmp/openclaw-compile-cache

# Link ssh to standard locations
RUN mkdir -p /home/node/.ssh \
    && ln -sf /home/node/.openclaw/ssh /home/node/.ssh

# Copy default config into the image
COPY config/openclaw.json /opt/openclaw/defaults/openclaw.json

# Switch back to node user
USER node
