FROM kalilinux/kali-rolling

ENV DESKTOP_ENVIRONMENT="xfce"
ENV REMOTE_ACCESS="vnc"
ENV KALI_PACKAGE="core"
ENV SSH_PORT=22
ENV VNC_PORT=5901
ENV VNC_DISPLAY=1
ENV NO_VNC_PORT=6080
ENV UNAME="student"
ENV UPASS="student"

ENV DEBIAN_FRONTEND=noninteractive

# Set environment variables for X11
ENV DISPLAY=:1
ENV VNC_RESOLUTION=1440x800
ENV VNC_COL_DEPTH=24

# Desktop environment setup
ENV DESKTOP_ENVIRONMENT=${DESKTOP_ENVIRONMENT:-xfce}
ENV DESKTOP_PKG=kali-desktop-${DESKTOP_ENVIRONMENT}
ENV REMOTE_ACCESS=${REMOTE_ACCESS:-x2go}
ENV KALI_PACKAGE=${KALI_PACKAGE:-default}
ENV KALI_PKG=kali-linux-${KALI_PACKAGE}

# Update and install base packages including fonts
RUN apt update -q --fix-missing && \
    apt upgrade -y && \
    apt install -y --no-install-recommends \
        sudo \
        wget \
        curl \
        dbus-x11 \
        xinit \
        xauth \
        x11-xserver-utils \
        openssh-server \
        tightvncserver \
        tigervnc-standalone-server \
        tigervnc-common \
        novnc \
        git \
        websockify \
        locales \
        expect \
        net-tools \
        procps \
        xfonts-base \
        xfonts-75dpi \
        xfonts-100dpi \
        fonts-dejavu \
        fonts-dejavu-core \
        fonts-dejavu-extra \
        ${DESKTOP_PKG} \
        wireshark tcpdump softflowd nfdump ffmpeg sox slowhttptest\
        nmap ncat hping3 python3 netcat-traditional curl wget iperf3 vsftpd telnet \
        libcap2-bin 
# Set up locale
RUN sed -i 's/^# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
    locale-gen

# Install Kali packages
RUN apt install -y --no-install-recommends ${KALI_PKG}

# Clean up
RUN apt autoremove -y && \
    apt autoclean && \
    rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -m -s /bin/bash -G sudo ${UNAME} && \
    echo "${UNAME}:${UPASS}" | chpasswd && \
    echo "root:root" | chpasswd

# Keep scripts owned by student
COPY --chown=${UNAME}:${UNAME} --chmod=755 scripts /scripts
COPY --chown=${UNAME}:${UNAME} --chmod=755 files /files


# Allow non-root capture: create wireshark group, add student, chgrp+setcap dumpcap
RUN groupadd -f wireshark && \
    usermod -aG wireshark student && \
    DUMPCAP_BIN=$(which dumpcap 2>/dev/null || echo /usr/bin/dumpcap) && \
    if [ -f "$DUMPCAP_BIN" ]; then \
      chgrp wireshark "$DUMPCAP_BIN" && \
      chmod 750 "$DUMPCAP_BIN" && \
      setcap cap_net_raw,cap_net_admin+eip "$DUMPCAP_BIN" || true; \
    fi

# SSH configuration
RUN mkdir -p /var/run/sshd && \
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config && \
    sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
    sed -i 's/#X11Forwarding no/X11Forwarding yes/' /etc/ssh/sshd_config && \
    sed -i 's/#X11UseLocalhost yes/X11UseLocalhost no/' /etc/ssh/sshd_config && \
    echo "Port ${SSH_PORT}" >> /etc/ssh/sshd_config

# Fix XFCE power manager issues
RUN rm -f /etc/xdg/autostart/xfce4-power-manager.desktop && \
    if [ -e /etc/xdg/xfce4/panel/default.xml ]; then \
        sed -i 's/power/fail/' /etc/xdg/xfce4/panel/default.xml; \
    fi

# Switch to user for VNC setup
USER ${UNAME}
WORKDIR /home/${UNAME}

# Create VNC directory and set password
RUN mkdir -p /home/${UNAME}/.vnc && \
    echo "${UPASS}" | vncpasswd -f > /home/${UNAME}/.vnc/passwd && \
    chmod 600 /home/${UNAME}/.vnc/passwd

# Create xstartup script for VNC
RUN cat > /home/${UNAME}/.vnc/xstartup << 'EOF'
#!/bin/bash
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
export XKL_XMODMAP_DISABLE=1
export XDG_CURRENT_DESKTOP="XFCE"
export XDG_SESSION_DESKTOP="xfce"

# Start dbus
eval $(dbus-launch --sh-syntax --exit-with-session)

# Generate and merge Xauth
xauth generate ${DISPLAY} . trusted 2>/dev/null || true
xauth add ${DISPLAY} . $(xxd -l 16 -p /dev/urandom) 2>/dev/null || true

# Start window manager
exec startxfce4
EOF

RUN chmod +x /home/${UNAME}/.vnc/xstartup

# Create Xauthority file
RUN touch /home/${UNAME}/.Xauthority && \
    chmod 600 /home/${UNAME}/.Xauthority

# Switch back to root for final setup
USER root

# Fix VNC server script font paths
RUN sed -i 's|$fontPath = "";|$fontPath = "/usr/share/fonts/X11/misc/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/";|g' /usr/bin/vncserver || true

# Create custom VNC configuration
RUN cat > /etc/vnc.conf << 'EOF'
# VNC Configuration
$geometry = "1440x800";
$depth = 24;
$fontPath = "/usr/share/fonts/X11/misc/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/";
EOF

# Install noVNC
RUN git clone https://github.com/novnc/noVNC.git /opt/novnc && \
    git clone https://github.com/novnc/websockify /opt/novnc/utils/websockify && \
    ln -s /opt/novnc/vnc.html /opt/novnc/index.html


# Create cleanup and startup script
RUN cat > /startkali.sh << 'EOF'
#!/bin/bash


echo "Starting Kali Linux container..."

# Function to cleanup VNC properly
cleanup_vnc() {
    echo "Cleaning up existing VNC sessions..."
    
    # Kill existing VNC processes
    pkill -f "Xvnc.*:${VNC_DISPLAY}" 2>/dev/null || true
    pkill -f "Xtightvnc.*:${VNC_DISPLAY}" 2>/dev/null || true
    
    # Remove socket files
    rm -f /tmp/.X11-unix/X${VNC_DISPLAY} 2>/dev/null || true
    rm -f /tmp/.X${VNC_DISPLAY}-lock 2>/dev/null || true
    
    # Clean user VNC files
    su - ${UNAME} -c "vncserver -kill :${VNC_DISPLAY}" 2>/dev/null || true
    rm -f /home/${UNAME}/.vnc/*.pid 2>/dev/null || true
    rm -f /home/${UNAME}/.vnc/*.log 2>/dev/null || true
    
    sleep 2
}

# Function to start VNC server with proper options
start_vnc() {
    echo "Starting VNC server..."
    
    # Set up X11 authorization
    export DISPLAY=:${VNC_DISPLAY}
    touch /home/${UNAME}/.Xauthority
    chown ${UNAME}:${UNAME} /home/${UNAME}/.Xauthority
    
    # Try TigerVNC first, then fallback to tightvnc
    VNC_SUCCESS=false
    
    # Method 1: Try tigervnc-standalone-server
    if command -v Xtigervnc >/dev/null 2>&1; then
        echo "Trying TigerVNC..."
        su - ${UNAME} -c "
            export DISPLAY=:${VNC_DISPLAY}
            vncserver :${VNC_DISPLAY} -geometry ${VNC_RESOLUTION} -depth ${VNC_COL_DEPTH} -localhost=no
        " && VNC_SUCCESS=true
    fi
    
    # Method 2: Try tightvnc with manual Xvnc call
    if [ "$VNC_SUCCESS" = false ]; then
        echo "Trying TightVNC with manual configuration..."
        su - ${UNAME} -c "
            export DISPLAY=:${VNC_DISPLAY}
            Xvnc :${VNC_DISPLAY} \
                -geometry ${VNC_RESOLUTION} \
                -depth ${VNC_COL_DEPTH} \
                -rfbport ${VNC_PORT} \
                -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ \
                -pn -rfbauth /home/${UNAME}/.vnc/passwd &
        "
        sleep 3
        if pgrep -f "Xvnc.*:${VNC_DISPLAY}"; then
            VNC_SUCCESS=true
            # Start the desktop session
            su - ${UNAME} -c "
                export DISPLAY=:${VNC_DISPLAY}
                /home/${UNAME}/.vnc/xstartup &
            "
        fi
    fi
    
    # Wait for VNC to start and verify
    sleep 3
    VNC_PID=$(pgrep -f "(Xvnc|Xtigervnc).*:${VNC_DISPLAY}")
    if [ -n "$VNC_PID" ] && [ "$VNC_SUCCESS" = true ]; then
        echo "VNC server started successfully (PID: $VNC_PID)"
        netstat -ln | grep :${VNC_PORT} && echo "VNC listening on port ${VNC_PORT}"
        return 0
    else
        echo "ERROR: VNC server failed to start"
        echo "Checking available VNC servers:"
        which vncserver Xvnc Xtigervnc 2>/dev/null || echo "No VNC servers found"
        return 1
    fi
}

# Function to start noVNC
start_novnc() {
    echo "Starting noVNC web server..."
    
    # Test VNC connection first
    if ! nc -z localhost ${VNC_PORT}; then
        echo "ERROR: Cannot connect to VNC server on port ${VNC_PORT}"
        return 1
    fi
    
    # Start websockify/noVNC
    # websockify --web=/usr/share/novnc/ --wrap-mode=ignore ${NO_VNC_PORT} localhost:${VNC_PORT} &
    # NOVNC_PID=$!
    /opt/novnc/utils/novnc_proxy --vnc localhost:${VNC_PORT} --listen 0.0.0.0:${NO_VNC_PORT} &
    
    # sleep 2
    # if kill -0 $NOVNC_PID 2>/dev/null; then
    #     echo "noVNC started successfully (PID: $NOVNC_PID)"
    #     return 0
    # else
    #     echo "ERROR: noVNC failed to start"
    #     return 1
    # fi
}

# Generate SSH host keys if they don't exist
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
    echo "Generating SSH host keys..."
    ssh-keygen -A
fi

# Start SSH service
echo "Starting SSH service..."
service ssh start

# Update font cache
echo "Updating font cache..."
fc-cache -fv >/dev/null 2>&1 || true

# Main startup sequence
cleanup_vnc

if start_vnc && start_novnc; then
    echo ""
    echo "================================================"
    echo "Services started successfully:"
    echo "SSH: localhost:${SSH_PORT} (user: ${UNAME})"
    echo "VNC: localhost:${VNC_PORT} (password: ${UPASS})"
    echo "Web VNC: http://localhost:${NO_VNC_PORT}"
    echo "================================================"
    echo ""
    echo "If VNC doesn't work, check logs:"
    echo "cat /home/${UNAME}/.vnc/*.log"
else
    echo "ERROR: Failed to start VNC services"
    echo "Debug information:"
    echo "Available fonts:"
    ls -la /usr/share/fonts/X11/ 2>/dev/null || echo "No X11 fonts found"
    echo "VNC server logs:"
    cat /home/${UNAME}/.vnc/*.log 2>/dev/null || echo "No VNC logs found"
    # exit 1
fi

# Keep container running
tail -f /dev/null
EOF

RUN chmod +x /startkali.sh
# Create FTP user
RUN useradd -m ftpuser && echo "ftpuser:12345" | chpasswd

# Create FTP directory
RUN mkdir -p /home/ftpuser/ftp_data && chown -R ftpuser:ftpuser /home/ftpuser

# Copy configuration and startup script
RUN chmod +x /scripts/startftp.sh
RUN chown root:root /files/vsftpd.conf

# Expose ports
EXPOSE ${SSH_PORT} ${VNC_PORT} ${NO_VNC_PORT} ${FTP_PORTS}

WORKDIR /root
ENTRYPOINT ["/bin/bash"]
CMD ["/scripts/start_all.sh"]