# BetterFrame server — BSB container with built plugins.
#
# sec-config.yaml is generated at build time from sec-config.template.yaml
# via envsubst. Secrets come from Coolify build args (set in UI, not in git).
#
# Build args (set in Coolify UI as secrets):
#   BF_PG_PASSWORD          postgres password
#   BF_FIRMWARE_SIGNING_KEY Ed25519 PEM for firmware signing
#   BF_FIRMWARE_IMPORT_API_KEY  CI bearer token
#   BF_OTA_IMPORT_API_KEY       CI bearer token
#   BF_MQTT_URL             mqtt://broker:1883 (optional)
#   BF_MQTT_USERNAME        (optional)
#   BF_MQTT_PASSWORD        (optional)
#
# Non-secret build args (defaults work for standard compose):
#   BF_DB_DRIVER            postgres|sqlite (default: postgres)
#   BF_PG_HOST              (default: postgres)
#   BF_PG_PORT              (default: 5432)
#   BF_PG_DATABASE          (default: betterframe)
#   BF_PG_USER              (default: betterframe)
#   BF_NODERED_URL          (default: http://nodered:1880)
#   BF_SELF_URL             (default: http://server:18080)
#   BF_SERVER_VERSION       (default: dev)

FROM node:24-trixie-slim AS builder

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential python3 \
    && rm -rf /var/lib/apt/lists/*

COPY package.json package-lock.json ./
COPY server/package.json ./server/
COPY tsconfig.base.json ./
RUN npm ci && npm rebuild argon2

COPY server ./server

WORKDIR /app/server
RUN npm run build

# ---- Runtime ----
FROM betterweb/service-base:node

# All config build args — secrets set in Coolify UI, not in git
ARG BF_SERVER_VERSION=dev
ARG BF_DB_DRIVER=postgres
ARG BF_PG_HOST=postgres
ARG BF_PG_PORT=5432
ARG BF_PG_DATABASE=betterframe
ARG BF_PG_USER=betterframe
ARG BF_PG_PASSWORD=betterframe
ARG BF_PG_POOL_MAX=10
ARG BF_NODERED_URL=http://nodered:1880
ARG BF_SELF_URL=http://server:18080
ARG BF_FIRMWARE_SIGNING_KEY=
ARG BF_FIRMWARE_IMPORT_API_KEY=
ARG BF_OTA_IMPORT_API_KEY=
ARG BF_MQTT_URL=
ARG BF_MQTT_USERNAME=
ARG BF_MQTT_PASSWORD=
ARG BF_MQTT_TOPIC_PREFIX=betterframe

USER root

# envsubst + ffmpeg
RUN apt-get update && apt-get install -y --no-install-recommends \
    gettext-base ffmpeg \
    && rm -rf /var/lib/apt/lists/*

RUN mkdir -p /var/lib/betterframe && chown node:node /var/lib/betterframe

WORKDIR /home/bsb

# Copy built plugin + deps
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/server/lib ./lib
COPY --from=builder /app/server/bsb-plugin.json ./bsb-plugin.json
COPY --from=builder /app/server/package.json ./package.json
COPY --from=builder /app/tsconfig.base.json ./tsconfig.base.json

# Generate sec-config.yaml from template + build args
COPY sec-config.template.yaml /tmp/sec-config.template.yaml
RUN envsubst < /tmp/sec-config.template.yaml > /home/bsb/sec-config.yaml \
    && chmod 444 /home/bsb/sec-config.yaml \
    && rm /tmp/sec-config.template.yaml

# Bake version
RUN echo "$BF_SERVER_VERSION" > /home/bsb/.bf-version

VOLUME /var/lib/betterframe

EXPOSE 18080 18081 18082

USER node