from rust:1.87.0-alpine as rust

run apk add --no-cache git musl-dev libudev-zero-dev # pkgconfig cryptsetup-dev lvm2-dev clang-dev clang-static

workdir /src
copy . .
run --mount=type=cache,id=novit-rs,target=/usr/local/cargo/registry \
    --mount=type=cache,id=novit-rs-target,sharing=private,target=/src/target \
    cargo build --release && cp target/release/init /

# ------------------------------------------------------------------------
from alpine:3.22.0 as initrd
run apk add zstd lz4

workdir /system

run . /etc/os-release \
 && wget -O- https://dl-cdn.alpinelinux.org/alpine/v${VERSION_ID%.*}/releases/x86_64/alpine-minirootfs-${VERSION_ID}-x86_64.tar.gz |tar zxv

run apk add --no-cache --update -p . musl coreutils \
 lvm2 lvm2-extra lvm2-dmeventd udev cryptsetup \
 e2fsprogs lsblk openssh-server wireguard-tools-wg-quick \
 && rm -rf usr/share/apk var/cache/apk etc/motd

copy etc/sshd_config etc/ssh/sshd_config

run mkdir /layer \
 && mv dev /layer \
# && find |cpio -H newc -o |lz4 >/layer/system.alz4
 && find |cpio -H newc -o |zstd -19 >/layer/system.azstd

workdir /layer
copy --from=rust /init init
run mkdir -p bin run var/log; cd bin && for cmd in init-version init-connect bootstrap; do ln -s ../init $cmd; done

# check viability
run chroot . init-version

run find |cpio -H newc -o >/initrd

# ------------------------------------------------------------------------
from alpine:3.22.0
copy --from=initrd /initrd /
entrypoint ["base64","/initrd"]