ARG BASE_IMAGE=ghcr.io/openclaw/openclaw:latest
FROM $BASE_IMAGE

USER root

RUN apt-get update && apt-get install -y --no-install-recommends \
        podman \
        fuse-overlayfs \
        crun \
        uidmap \
        slirp4netns \
        ca-certificates \
        # Chromium/Playwright runtime dependencies
        libnss3 libnss3-tools libnspr4 libatk1.0-0 libatk-bridge2.0-0 \
        libcups2 libdrm2 libxkbcommon0 libatspi2.0-0 libxcomposite1 \
        libxdamage1 libxfixes3 libxrandr2 libgbm1 libpango-1.0-0 \
        libcairo2 libasound2 fonts-liberation xdg-utils \
    && rm -rf /var/lib/apt/lists/*

# Allow rootless podman for the node user (uid 1000)
RUN echo "node:100000:65536" >> /etc/subuid \
 && echo "node:100000:65536" >> /etc/subgid

# Create user-level containers config so rootless podman uses the
# bind-mounted /var/lib/containers volume instead of ~/.local/share
RUN mkdir -p /home/node/.config/containers \
 && printf '[storage]\ndriver = "overlay"\ngraphroot = "/var/lib/containers/storage"\nrunroot = "/run/containers/storage"\n\n[storage.options.overlay]\nmount_program = "/usr/bin/fuse-overlayfs"\n' \
    > /home/node/.config/containers/storage.conf \
 && chown -R node:node /home/node/.config

# Install matrix extension dependencies (bundled but not installed in base image)
RUN if [ -d /app/extensions/matrix ] && [ -f /app/extensions/matrix/package.json ]; then \
        cd /app/extensions/matrix && npm install --omit=dev; \
    fi

USER node
