# ===========================================================================
# "Fake VPS" jail image for managing docker-mailserver
# ===========================================================================
# A disposable shell box. The ONLY real host data an SSH session can reach is
# the single directory bind-mounted into it (see docker-compose.yml). This
# image's own filesystem is throwaway alpine + tooling — NOT your server.
#
# docker:cli gives us the docker client; we add the compose plugin + a few
# niceties so the shell feels like a real box (bash, editors, pager, git).
# ===========================================================================
FROM docker:27-cli

RUN apk add --no-cache \
        bash bash-completion \
        docker-cli-compose \
        vim nano less git curl ca-certificates \
        tini

# Land here; matches the bind-mount path so `docker compose` resolves the
# stack's relative bind paths to the same absolute paths the host daemon sees.
WORKDIR /srv/docker-mailserver

# Stay alive so the bastion can `docker exec` into us on each SSH session.
# tini reaps the zombie shells those sessions leave behind.
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["tail", "-f", "/dev/null"]