# Simple production Dockerfile for tuwunel
# Built by buildkitd on the x86_64 server — no cross-compilation needed.

FROM rust:slim-bookworm AS builder

RUN apt-get update && apt-get install -y --no-install-recommends \
    libclang-dev clang cmake pkg-config make liburing-dev \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /usr/src/tuwunel

# Copy manifests first for dependency caching
COPY Cargo.toml Cargo.lock rust-toolchain.toml ./
COPY .cargo/ .cargo/
COPY src/ src/

# Strip unnecessary cross-compilation targets from rust-toolchain.toml
# to avoid downloading toolchains we don't need
RUN sed -i '/x86_64-unknown-linux-musl/d; /aarch64-/d; /apple-/d; /rust-src/d; /rust-analyzer/d; /rustfmt/d; /clippy/d' rust-toolchain.toml

RUN --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=cache,target=/usr/local/cargo/git \
    cargo build --release --locked \
    && cp target/release/tuwunel /usr/local/bin/tuwunel

FROM debian:bookworm-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates tini liburing2 \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /usr/local/bin/tuwunel /usr/local/bin/tuwunel

EXPOSE 6167

ENTRYPOINT ["tini", "--"]
CMD ["tuwunel"]