FROM node:24

RUN apt-get update && apt-get upgrade -y && \
    apt-get install -y --no-install-recommends \
    podman \
    uidmap \
    slirp4netns \
    fuse-overlayfs \
    dbus-user-session \
    containernetworking-plugins \
    netavark \
    aardvark-dns \
    iptables \
    ca-certificates && \
    rm -rf /var/lib/apt/lists/*

RUN set -eux; \
    userdel -r node; \
    groupadd -g 1000 opencode; \
    useradd -m -u 1000 -g 1000 -s /usr/bin/bash opencode; \
    awk -F: '!seen[$1":"$2":"$3]++' /etc/subuid > /etc/subuid.tmp; \
    mv /etc/subuid.tmp /etc/subuid; \
    awk -F: '!seen[$1":"$2":"$3]++' /etc/subgid > /etc/subgid.tmp; \
    mv /etc/subgid.tmp /etc/subgid; \
    mkdir -p /home/opencode/.config/containers /home/opencode/.local/share/containers; \
    printf '%s\n' '[storage]' 'driver = "vfs"' > /home/opencode/.config/containers/storage.conf; \
    printf '%s\n' '[engine]' 'cgroup_manager = "cgroupfs"' 'events_logger = "file"' > /home/opencode/.config/containers/containers.conf; \
    chown -R 1000:1000 /home/opencode/.config /home/opencode/.local; \
    npm update -g && \
    npm install -g opencode-ai n2-soul@9.0.8 && \
    chown -R 1000:1000 /usr/local/lib/node_modules/n2-soul/ && \
    npm cache clean --force

COPY --chmod=755 opencode-attach /usr/local/bin/opencode-attach
COPY --from=registry.k8s.io/kubectl:v1.35.3 /bin/kubectl /usr/local/bin/kubectl

ENV XDG_RUNTIME_DIR=/tmp/run-user/1000
ENV _CONTAINERS_USERNS_CONFIGURED=""

RUN mkdir -p /tmp/run-user/1000 && chown -R 1000:1000 /tmp/run-user

USER opencode
WORKDIR /home/opencode

RUN opencode --version
RUN podman --version

ENTRYPOINT ["opencode"]