Dockerfile.automated

FROM ubuntu:20.04

ARG ADD_PUM

# Initial setup
RUN apt-get update && \
	DEBIAN_FRONTEND=noninteractive apt-get install -y -q build-essential git nano curl jq wget gawk \
		nginx lsb-release rsyslog systemd apt-transport-https ca-certificates netcat sudo && \
	mkdir -p /etc/ssl/nginx /deployment

COPY ./container/startNIM.sh /deployment/

RUN --mount=type=secret,id=nginx-crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode=0644 \
        --mount=type=secret,id=nginx-key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
	set -x \
	&& chmod +x /deployment/startNIM.sh \
	&& printf "deb https://pkgs.nginx.com/nms/ubuntu `lsb_release -cs` nginx-plus\n" > /etc/apt/sources.list.d/nms.list \
	&& wget -q -O /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \
	&& wget -O /tmp/nginx_signing.key https://cs.nginx.com/static/keys/nginx_signing.key \
	&& apt-key add /tmp/nginx_signing.key \
	&& apt-get update \
	&& apt-get install -y nms-instance-manager \
	&& curl -s http://hg.nginx.org/nginx.org/raw-file/tip/xml/en/security_advisories.xml > /usr/share/nms/cve.xml \
	# Optional WAF Policy Compiler
	&& if [ ! -z "${ADD_PUM}" ] ; then \
	apt-get -y install nms-nap-compiler-$ADD_PUM; fi \
	# Set permissions
	&& chmod +x /etc/nms/scripts/*.sh \
	&& wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_`dpkg --print-architecture` -O /usr/bin/yq \
	&& chmod +x /usr/bin/yq

WORKDIR /deployment
CMD /deployment/startNIM.sh