# ───────────────────
# Stage 1: Base Image
# ───────────────────
FROM archlinux:base-devel-20250511.0.348143 as base

ARG DEV_USER=devuser
ARG DEV_UID=1001
ARG DEV_GID=1001

# Install all necessary packages and clean up cache
RUN pacman -Sy --noconfirm && \
  pacman -S --noconfirm --needed \
  base-devel neovim git git-lfs fish tmux go-yq \
  nodejs python fzf fd ripgrep jdk-openjdk fisher yazi less \
  lazygit luarocks python-pynvim npm bash-completion tree-sitter-cli kitty-terminfo \
  lua51 openssh && \
  pacman -Scc --noconfirm && \
  rm -rf /var/cache/pacman/pkg/*

# Create user/groups as per your script, with -l to avoid system user quirks
RUN groupadd -g $DEV_GID $DEV_USER && \
  groupadd -g 1002 secproc && \
  useradd -l -ms /bin/fish -G secproc -u $DEV_UID -g $DEV_GID $DEV_USER

# ────────────────────────
# Stage 2: Workspace Image
# ────────────────────────
FROM base as workspace

ARG DEV_USER=devuser
ARG DEV_UID=1001
ARG DEV_GID=1001
ARG DEV_HOME=/home/$DEV_USER

# Use ADD for extracting archives
ADD home.tar.gz $DEV_HOME

# Prepare .ssh and known_hosts, and fix permissions only if dirs exist
RUN mkdir -p $DEV_HOME/.ssh && \
  ssh-keyscan -p 2222 10.88.0.1 >> $DEV_HOME/.ssh/known_hosts && \
  ssh-keyscan -p 22 github.com >> $DEV_HOME/.ssh/known_hosts && \
  for d in $DEV_HOME/.local \
  $DEV_HOME/.config/fish/completions \
  $DEV_HOME/.config/fish/functions \
  $DEV_HOME/.config/fish/fish_variables \
  $DEV_HOME/.ssh; do \
  if [ -e "$d" ]; then chown -R $DEV_USER:$DEV_USER "$d"; fi; \
  done && \
  for d in $DEV_HOME/.local \
  $DEV_HOME/.config \
  $DEV_HOME/.config/fish \
  $DEV_HOME/.config/tmux; do \
  if [ -e "$d" ]; then chown $DEV_USER:$DEV_USER "$d"; fi; \
  done

WORKDIR /app
USER $DEV_USER

CMD ["/home/devuser/start.sh"]