FROM rust:1-slim-buster as build

WORKDIR /usr/src/tarssh

# Make a blank project with our deps for Docker to cache.
# We skip rusty-sandbox because it does nothing useful on Linux.
COPY Cargo.toml Cargo.lock ./
RUN mkdir -p src \
  && echo 'fn main() { }' >src/main.rs \
  && cargo build --release --no-default-features --features drop_privs \
  && rm -r target/release/.fingerprint/tarssh-*

# Copy in the full project and build
COPY . .
RUN cargo build --release --no-default-features --features drop_privs

# Use a fairly minimal enviroment for deployment
FROM debian:buster-slim

RUN mkdir /var/empty && chmod 0555 /var/empty
COPY --from=build /usr/src/tarssh/target/release/tarssh /opt/tarssh

EXPOSE 22

ENTRYPOINT [ "/opt/tarssh" ]
CMD [ "-v", "--user=nobody", "--chroot=/var/empty", "--listen=0.0.0.0:22" ]