FROM nvidia/cuda:12.9.1-base-ubuntu20.04

ENV DEBIAN_FRONTEND=noninteractive \
	TZ=Europe/Paris

# Remove any third-party apt sources to avoid issues with expiring keys.
# Install some basic utilities
RUN rm -f /etc/apt/sources.list.d/*.list && \
    apt-get update && apt-get install -y --no-install-recommends \
    curl ca-certificates sudo git wget procps git-lfs htop vim nano bzip2 libx11-6 build-essential libsndfile-dev software-properties-common \
    zip \
    unzip \
 && rm -rf /var/lib/apt/lists/*

RUN curl -fsSL https://get.pnpm.io/install.sh | bash && \
    curl -sL https://deb.nodesource.com/setup_24.x  | bash && \
    apt-get install -y nodejs && \
    npm install -g configurable-http-proxy && \
    dpkg --add-architecture i386 && \
    apt update && \
    apt install -y nsis lld clang && \
    apt install -y default-jdk openjdk-11-jdk openjdk-17-jdk openjdk-21-jdk default-jre openjdk-11-jre openjdk-17-jre openjdk-21-jre && \
    apt install -y wimtools  p7zip-full p7zip-rar mkisofs && \
    apt install -y aptitude && \
    aptitude install -y llvm wine64 wine32 && \
    aptitude install -y aria2

# Create a working directory
WORKDIR /app

# Create a non-root user and switch to it
RUN adduser --disabled-password --gecos '' --shell /bin/bash user \
 && chown -R user:user /app
RUN echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-user
USER user

# All users can use /home/user as their home directory
ENV HOME=/home/user
RUN mkdir $HOME/.cache $HOME/.config $HOME/.cargo $HOME/.xwin \
 && chmod -R 777 $HOME

# Set up the Conda environment
ENV CONDA_AUTO_UPDATE_CONDA=false \
    PATH=$HOME/anaconda/bin:$PATH
RUN curl -sLo ~/anaconda.sh https://repo.anaconda.com/archive/Anaconda3-2025.12-2-Linux-x86_64.sh \
 && chmod +x ~/anaconda.sh \
 && ~/anaconda.sh -b -p ~/anaconda \
 && rm ~/anaconda.sh \
 && conda clean -ya

WORKDIR $HOME/app

#######################################
# Start root user section
#######################################

USER root

# User Debian packages
## Security warning : Potential user code executed as root (build time)
RUN --mount=target=/root/packages.txt,source=packages.txt \
    apt-get update && \
    xargs -r -a /root/packages.txt apt-get install -y --no-install-recommends \
    && rm -rf /var/lib/apt/lists/*

RUN --mount=target=/root/on_startup.sh,source=on_startup.sh,readwrite \
	bash /root/on_startup.sh

RUN mkdir /data && chown user:user /data

#######################################
# End root user section
#######################################

USER user

ENV PATH="$HOME/.cargo/bin:$PATH"
RUN curl -LsSf https://astral.org.cn/uv/install.sh | bash && \
    curl -fsSL https://bun.com/install | bash && \
    curl -fsSL https://deno.land/install.sh | sh -s - -y && \
    curl -fsSL https://pixi.sh/install.sh | bash && \
    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s - --default-toolchain beta --profile complete -y && \
    rustup target add x86_64-pc-windows-msvc && \
    cargo install --locked cargo-xwin && \
    cargo xwin cache xwin && \
    cargo xwin cache windows-msvc-sysroot

# Python packages
RUN --mount=target=requirements.txt,source=requirements.txt \
    pip install --no-cache-dir --upgrade -r requirements.txt

COPY --chown=user start_server.sh $HOME/start_server.sh

RUN chmod +x ../start_server.sh

COPY --chown=user login.html /home/user/anaconda/lib/python3.13/site-packages/jupyter_server/templates/login.html
COPY --chown=user config.toml /home/user/.cargo/config.toml

ENV PYTHONUNBUFFERED=1 \
	SYSTEM=spaces \
	SHELL=/bin/bash

CMD ["../start_server.sh"]