# ABOUTME: Nix expression for building PhaseFlow Docker image.
# ABOUTME: Creates standalone Next.js production bundle with minimal dependencies.
{ pkgs }:

let
  src = pkgs.lib.cleanSource ./.;

  # Build the Next.js application using pnpm
  # Note: This builds with network access. For fully reproducible builds,
  # consider using pnpm.fetchDeps or dream2nix in the future.
  phaseflow = pkgs.stdenv.mkDerivation {
    pname = "phaseflow";
    version = "0.1.0";
    inherit src;

    nativeBuildInputs = with pkgs; [
      nodejs_24
      pnpm
      cacert
    ];

    # Allow network access for pnpm install
    __noChroot = true;

    # Enable network during build (requires trusted-users in nix.conf)
    # Alternative: use sandbox = false for this derivation
    impureEnvVars = pkgs.lib.fetchers.proxyImpureEnvVars ++ [
      "HOME"
      "npm_config_cache"
    ];

    buildPhase = ''
      export HOME=$TMPDIR
      export NEXT_TELEMETRY_DISABLED=1

      # Provide dummy env vars for build (actual values injected at runtime)
      export RESEND_API_KEY="re_build_placeholder"
      export ENCRYPTION_KEY="build_placeholder_32_chars_long!"
      export CRON_SECRET="build_placeholder_secret"
      export POCKETBASE_URL="http://localhost:8090"
      export APP_URL="https://phaseflow.v.paler.net"

      # Install dependencies
      pnpm install --frozen-lockfile

      # Build the Next.js app with standalone output
      pnpm build
    '';

    # Disable broken symlink check - pnpm creates internal symlinks we don't need
    dontCheckForBrokenSymlinks = true;

    installPhase = ''
      mkdir -p $out

      # Copy standalone server (self-contained with minimal node_modules)
      cp -r .next/standalone/* $out/

      # Copy static assets (Next.js standalone requires these separately)
      mkdir -p $out/.next
      cp -r .next/static $out/.next/static

      # Copy public assets
      if [ -d public ]; then
        cp -r public $out/public
      fi
    '';
  };
in
pkgs.dockerTools.buildImage {
  name = "gitea.v.paler.net/alo/phaseflow";
  tag = "latest";

  copyToRoot = pkgs.buildEnv {
    name = "phaseflow-env";
    paths = with pkgs; [
      # System utilities
      busybox
      bash

      # Node.js runtime
      nodejs_24

      # Docker filesystem helpers
      dockerTools.usrBinEnv
      dockerTools.binSh
      dockerTools.fakeNss
      dockerTools.caCertificates
    ];
  };

  # Copy the built application
  extraCommands = ''
    mkdir -p -m 1777 tmp
    mkdir -p app
    cp -r ${phaseflow}/* app/
  '';

  config = {
    Env = [
      "NODE_ENV=production"
      "PORT=3000"
      "HOSTNAME=0.0.0.0"
    ];
    ExposedPorts = {
      "3000/tcp" = {};
    };
    Cmd = [ "${pkgs.nodejs_24}/bin/node" "/app/server.js" ];
    WorkingDir = "/app";
  };
}