FROM postgres:15-alpine

# Install additional packages for encryption and utilities
RUN apk add --no-cache \
    openssl \
    curl \
    bash \
    && rm -rf /var/cache/apk/*

# Set environment variables for non-interactive operation
ENV PGUSER=postgres \
    POSTGRES_HOST_AUTH_METHOD=scram-sha-256 \
    PAGER=cat \
    ENABLE_FALLBACK_SSL=true

# Create necessary directories
RUN mkdir -p /var/lib/postgresql/ssl \
    && mkdir -p /var/log/postgresql \
    && mkdir -p /docker-entrypoint-initdb.d

# Copy configuration files
COPY postgresql.conf /etc/postgresql/postgresql.conf
COPY entrypoint.sh /usr/local/bin/entrypoint.sh

# Make scripts executable
RUN chmod +x /usr/local/bin/entrypoint.sh

# Set proper ownership
RUN chown -R postgres:postgres /var/lib/postgresql/ssl \
    && chown -R postgres:postgres /var/log/postgresql \
    && chown postgres:postgres /etc/postgresql/postgresql.conf

# Expose PostgreSQL port
EXPOSE 5432

# Set the custom start script as entrypoint
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]