FROM walt3rl/proton-privoxy AS proton
FROM jesec/rtorrent AS rtorrent
FROM debian

ARG PVPN_CLI_VER=2.2.12
ARG USERNAME=proton

ENV PVPN_USERNAME= \
    PVPN_USERNAME_FILE= \
    PVPN_PASSWORD= \
    PVPN_PASSWORD_FILE= \
    PVPN_TIER=2 \
    PVPN_PROTOCOL=udp \
    PVPN_TAGS="+pmp" \
    PVPN_CMD_ARGS="connect --p2p --random" \
    PVPN_DEBUG= \
    HOST_NETWORK= \
    DNS_SERVERS_OVERRIDE= \
    PUID=1000 \
    PGID=1000 \
    PHOME=/home/${USERNAME} \
    NATPMP_TIMEOUT=60 \
    NATPMP_INTERVAL= \
    MAX_UPTIME=

WORKDIR /root
COPY --from=rtorrent / /

RUN apt-get update -y \
    && apt-get upgrade -y \
    && apt-get install -y \
        git \
        iproute2 \
        iptables \
        natpmpc \
        openvpn \
        pipenv \
        procps \
        python3 \
        python3-pip \
        python3-setuptools \
        sudo \
    && rm -rf /var/lib/apt/lists

RUN pip3 install --break-system-packages git+https://github.com/Rafficer/linux-cli-community.git@v$PVPN_CLI_VER#egg=protonvpn-cli

RUN mkdir /app
COPY --from=proton /app/proton-privoxy/run /app/proton
COPY --from=proton /root/.pvpn-cli/pvpn-cli.cfg.clean /root/.pvpn-cli/pvpn-cli.cfg

RUN \
    sed -i \
        -e "/^exec privoxy/d" \
        -e "/^ln -s/d" \
        /app/proton \
    && install -t /usr/local/bin /app/proton \
    && rm /app/proton

RUN printf "%s\n" \
        "python3 /app/pvpn-cli.py \"\$@\"" > ./pvpn-cli \
    && install -Dm 755 ./pvpn-cli /usr/local/bin \
    && rm ./pvpn-cli

RUN printf "%s\n" \
        "#!/bin/bash" \
        "groupadd --gid \$PGID ${USERNAME} > /dev/null" \
        "useradd --create-home --home-dir \$PHOME ${USERNAME} --uid \$PUID -g ${USERNAME} 2>/dev/null" \
        "chown ${USERNAME} \$PHOME" \
        '[ ! -z "$1" ] && [ "$1" = "init" ] && export PVPN_CMD_ARGS="$@"' \
        'if [ -z "$PVPN_USERNAME" ] && [ -z "$PVPN_USERNAME_FILE" ]; then' \
        "    echo 'Error: Either env var \$PVPN_USERNAME or \$PVPN_USERNAME_FILE is required.'" \
        "exit 1" \
        "fi" \
        "" \
        'if [ -z "$PVPN_PASSWORD" ] && [ -z "$PVPN_PASSWORD_FILE" ]; then' \
        "echo 'Error: Either env var \$PVPN_PASSWORD or \$PVPN_PASSWORD_FILE is required.'" \
        "exit 1" \
        "fi" \
        "" \
        '[ -f "$PVPN_USERNAME_FILE" ] && PVPN_USERNAME=$(cat "$PVPN_USERNAME_FILE")' \
        '[ -f "$PVPN_PASSWORD_FILE" ] && PVPN_PASSWORD=$(cat "$PVPN_PASSWORD_FILE")' \
        "pvpn-cli || exit" \
        'ip link show proton0 > /dev/null 2>&1 || exit' \
        'fallback="$(expr ${NATPMP_TIMEOUT} \* 3 / 4)"' \
        'export NATPMP_INTERVAL="${NATPMP_INTERVAL:-$fallback}"' \
        'echo "Opening a port using NAT-PMP for $NATPMP_TIMEOUT seconds…"' \
        'output="$(natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT")"' \
        'natpmpc -a 0 0 udp "$NATPMP_TIMEOUT"' \
        'port="$(echo "$output" | grep -m 1 " public port [[:digit:]]\+ " | sed "s/.* public port \([[:digit:]]\+\).*/\\1/")"' \
        'echo "Port $port has been opened for P2P data transfer!"' \
        'echo "The NAT-PMP port forwarding will be updated every $NATPMP_INTERVAL seconds"' \
        'export PEERPORT="$port"' \
        "{" \
        "    while true" \
        "    do" \
        '        echo "Refreshing NAT-PMP port forwarding…"' \
        '        natpmpc -a 0 0 udp "$NATPMP_TIMEOUT"' \
        '        natpmpc -a 0 0 tcp "$NATPMP_TIMEOUT"' \
        '        echo "NAT-PMP port forwarding has been refreshed!"' \
        '        sleep "$NATPMP_INTERVAL"' \
        "    done" \
        "} &" \
        "set -m" \
        '[ ${MAX_UPTIME:-0} -gt 0 ] && {' \
        '    sudo -iu '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@ &' \
        '    pid=$!' \
        '    sleep "$MAX_UPTIME"' \
        '    pkill -9 $pid' \
        '} || {' \
        '    sudo -u '"${USERNAME}"' rtorrent -o network.port_range.set=$port-$port,system.daemon.set=true $@' \
        '}' > ./rtorrent-entrypoint \
        && install -Dm 755 ./rtorrent-entrypoint /usr/local/bin \
        && rm ./rtorrent-entrypoint

COPY pvpn-cli.py /app/pvpn-cli.py

#RUN apt-get update -y \
#    && apt-get install -y sudo
# RUN echo "${USERNAME} ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers

VOLUME [ "/proton" ]
ENTRYPOINT [ "rtorrent-entrypoint" ]