FROM docker.elastic.co/kibana/kibana:8.13.4

# 切换到 root 用户进行系统级安装
USER root

ARG ARGUS_BUILD_UID=2133
ARG ARGUS_BUILD_GID=2015

ENV ARGUS_BUILD_UID=${ARGUS_BUILD_UID} \
    ARGUS_BUILD_GID=${ARGUS_BUILD_GID}

# 调整 kibana 用户与用户组 ID 以匹配宿主机配置
RUN set -eux; \
    current_gid="$(getent group kibana | awk -F: '{print $3}')"; \
    if [ -z "$current_gid" ]; then \
        groupadd -g "${ARGUS_BUILD_GID}" kibana; \
    elif [ "$current_gid" != "${ARGUS_BUILD_GID}" ]; then \
        groupmod -g "${ARGUS_BUILD_GID}" kibana; \
    fi; \
    if id kibana >/dev/null 2>&1; then \
        current_uid="$(id -u kibana)"; \
        if [ "$current_uid" != "${ARGUS_BUILD_UID}" ]; then \
            usermod -u "${ARGUS_BUILD_UID}" kibana; \
        fi; \
    else \
        useradd -m -u "${ARGUS_BUILD_UID}" -g "${ARGUS_BUILD_GID}" kibana; \
    fi; \
    chown -R "${ARGUS_BUILD_UID}:${ARGUS_BUILD_GID}" /usr/share/kibana

# 设置构建参数
ARG USE_INTRANET=false

# 配置内网 apt 源 (如果指定了内网选项)
RUN if [ "$USE_INTRANET" = "true" ]; then \
        echo "Configuring intranet apt sources..." && \
        cp /etc/apt/sources.list /etc/apt/sources.list.bak && \
        echo "deb [trusted=yes]  http://10.68.64.1/ubuntu2204/ jammy main" > /etc/apt/sources.list && \
        echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/99disable-ssl-check && \
        echo 'Acquire::https::Verify-Host "false";' >> /etc/apt/apt.conf.d/99disable-ssl-check; \
    fi

# 安装 supervisor, net-tools, vim
RUN apt-get update && \
    apt-get install -y supervisor net-tools inetutils-ping vim && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# 配置部署时使用的apt源
RUN if [ "$USE_INTRANET" = "true" ]; then \
        echo "deb [trusted=yes] https://10.92.132.52/mirrors/ubuntu2204/ jammy main" > /etc/apt/sources.list; \
    fi

# 创建 supervisor 日志目录
RUN mkdir -p /var/log/supervisor


# 复制 supervisor 配置文件
COPY src/log/kibana/build/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

# 复制启动脚本
COPY src/log/kibana/build/start-kibana-supervised.sh /usr/local/bin/start-kibana-supervised.sh
COPY src/log/kibana/build/kibana-post-start.sh /usr/local/bin/kibana-post-start.sh
RUN chmod +x /usr/local/bin/start-kibana-supervised.sh /usr/local/bin/kibana-post-start.sh

# 复制DNS监控脚本
COPY src/log/kibana/build/dns-monitor.sh /usr/local/bin/dns-monitor.sh
RUN chmod +x /usr/local/bin/dns-monitor.sh

# kibana需要用到 /root/.config/puppeteer 路径
RUN chmod 777 /root

# 保持 root 用户，由 supervisor 管理用户切换
USER root

# 暴露端口
EXPOSE 5601

# 使用 supervisor 作为入口点
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]