FROM debian:stable
MAINTAINER busti <oss@busti.cool>

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update && apt install -y --no-install-recommends \
    openssh-server \
    sssd \
    sssd-ldap \
    libnss-sss \
    libpam-sss \
    libpam-modules \
    gettext \
 && apt-get autoclean \
 && apt-get autoremove \
 && rm -rf /var/lib/apt/lists/*

RUN mkdir /var/run/sshd
RUN passwd --lock root
RUN sed -i 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' /etc/pam.d/sshd
RUN sed -i 's/#*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
RUN echo "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" >> /etc/ssh/sshd_config
RUN echo "AuthorizedKeysCommandUser nobody" >> /etc/ssh/sshd_config
RUN echo "session	optional	pam_mkhomedir.so" >> /etc/pam.d/common_session

RUN echo "proc	/proc	proc	defaults,hidepid=2	0	0" >> /etc/fstab

WORKDIR /home

EXPOSE 22

COPY sssd.conf /etc/sssd/sssd.conf.env
COPY nsswitch.conf /etc/nsswitch.conf
COPY common-session /etc/pam.d/common-session
COPY skel /etc/skel

COPY startup.sh /root/startup.sh

VOLUME /home

CMD ["/bin/bash", "/root/startup.sh"]