FROM docker.io/gentoo/portage:latest as portage

FROM docker.io/gentoo/stage3:systemd
COPY --from=portage /var/db/repos/gentoo /var/db/repos/gentoo

# Speed-up using binpkgs
RUN echo "MAKEOPTS=\"-j$(nproc) -l$(nproc)\"" >> /etc/portage/make.conf
RUN echo "EMERGE_DEFAULT_OPTS=\"-j$(nproc) -l$(nproc)\"" >> /etc/portage/make.conf
RUN echo "FEATURES=\"getbinpkg binpkg-ignore-signature parallel-fetch parallel-install pkgdir-index-trusted\"" >> /etc/portage/make.conf

# systemd-boot, no need to install intramfs with kernel
RUN echo "USE=\"boot kernel-install pkcs7 pkcs11 tpm -initramfs\"" >> /etc/portage/make.conf

# Use debian's installkernel
RUN echo 'sys-kernel/installkernel -systemd' >> /etc/portage/package.use/kernel

# Enable ukify and cryptsetup tools (includes unit generator for crypttab)
RUN echo 'sys-apps/systemd ukify cryptsetup' >> /etc/portage/package.use/systemd

# Support thin volumes and build all of LVM2 including daemons and tools like lvchange
RUN echo 'sys-fs/lvm2 thin lvm' >> /etc/portage/package.use/lvm2

RUN emerge --quiet --deep --autounmask-continue=y --with-bdeps=n \
    app-admin/rsyslog \
    app-arch/cpio \
    app-crypt/tpm2-tools \
    app-crypt/sbsigntools \
    app-emulation/qemu \
    app-misc/jq \
    app-portage/gentoolkit \
    app-shells/dash \
    dev-lang/rust-bin \
    net-fs/cifs-utils \
    net-fs/nfs-utils \
    net-misc/dhcp \
    net-wireless/bluez \
    sys-apps/biosdevname \
    sys-apps/busybox \
    sys-apps/nvme-cli \
    sys-apps/rng-tools \
    sys-apps/systemd \
    sys-block/nbd \
    sys-block/open-iscsi \
    sys-block/parted \
    sys-block/tgt \
    sys-fs/btrfs-progs \
    sys-fs/cryptsetup \
    sys-fs/dmraid \
    sys-fs/mdadm \
    sys-fs/multipath-tools \
    sys-fs/ntfs3g \
    sys-fs/squashfs-tools \
    sys-kernel/gentoo-kernel-bin \
    sys-libs/libxcrypt \
    sys-libs/glibc \
    virtual/pkgconfig \
    && rm -rf /var/cache/* /usr/share/doc/* /usr/share/man/*

RUN emerge --depclean --with-bdeps=n