# --------------------------------------------------
# Overleaf Base Image (sharelatex/sharelatex-base)
# --------------------------------------------------

FROM phusion/baseimage:noble-1.0.3

# Makes sure LuaTeX cache is writable
# -----------------------------------
ENV TEXMFVAR=/var/lib/overleaf/tmp/texmf-var

# Update to ensure dependencies are updated
# ------------------------------------------
ENV REBUILT_AFTER="2026-05-21"

# Install dependencies
# --------------------
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
# Technically, we are using potentially stale package-lists with the below line.
# Practically, apt refreshes the lists as needed and release builds run in fresh CI VMs without the cache.
    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked true \
# Enable caching: https://docs.docker.com/reference/dockerfile/#example-cache-apt-packages
&&  rm -f /etc/apt/apt.conf.d/docker-clean && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \
&&  apt-get update \
&&  apt-get install -y \
      unattended-upgrades \
      build-essential wget net-tools unzip time poppler-utils optipng strace nginx git python3 python-is-python3 zlib1g-dev libpcre3-dev gettext-base libwww-perl ca-certificates curl gnupg \
      qpdf \
      pandoc \
# upgrade base-image, batch all the upgrades together, rather than installing them on-by-one (which is slow!)
&&  unattended-upgrade --verbose --no-minimal-upgrade-steps \
# install Node.js https://github.com/nodesource/distributions#nodejs
&&  mkdir -p /etc/apt/keyrings \
&&  curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
&&  echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
&&  apt-get update \
&&  apt-get install -y nodejs \
    \
&&  rm -rf \
# We are adding a custom nginx config in the main Dockerfile.
      /etc/nginx/nginx.conf \
      /etc/nginx/sites-enabled/default

# Install Quarto (bundles Typst for PDF rendering — no LaTeX needed)
# ------------------------------------------------------------------
ARG QUARTO_VERSION=1.6.39
RUN curl -fsSL "https://github.com/quarto-dev/quarto-cli/releases/download/v${QUARTO_VERSION}/quarto-${QUARTO_VERSION}-linux-amd64.deb" -o /tmp/quarto.deb \
&&  dpkg -i /tmp/quarto.deb \
&&  rm /tmp/quarto.deb \
&&  mkdir -p /var/www/.cache/quarto /var/www/.local/share \
&&  chown -R www-data:www-data /var/www/.cache /var/www/.local

# Install official Typst binary (Quarto bundles a modified fork without --synctex)
# ---------------------------------------------------------------------------------
ARG TYPST_VERSION=0.13.1
RUN curl -fsSL "https://github.com/typst/typst/releases/download/v${TYPST_VERSION}/typst-x86_64-unknown-linux-musl.tar.xz" \
    | tar -xJC /usr/local/bin --strip-components=1 "typst-x86_64-unknown-linux-musl/typst"

# Pre-install popular Quarto extensions
# -----------------------------------------------------------------------
# Extensions land in /opt/quarto-extensions/_extensions/<author>/<name>/.
# QuartoRunner copies them into each project's compile dir (no-clobber,
# so user-uploaded extensions in their project always take precedence).
# To add more: append another line:  && quarto add --no-prompt <author>/<repo>
# -----------------------------------------------------------------------
RUN mkdir -p /opt/quarto-extensions \
&&  cd /opt/quarto-extensions \
    \
    # Typst document formats
&&  quarto add --no-prompt igorlima/charged-ieee \
    \
    # RevealJS presentation plugins (official Quarto extensions)
&&  quarto add --no-prompt quarto-ext/fontawesome \
&&  quarto add --no-prompt quarto-ext/attribution \
&&  quarto add --no-prompt quarto-ext/pointer \
&&  quarto add --no-prompt quarto-ext/drop \
    \
&&  chown -R www-data:www-data /opt/quarto-extensions

# Install Jupyter so Quarto can execute Python code cells in documents/decks
# -----------------------------------------------------------------------
# Quarto runs ```{python}``` cells through a Jupyter kernel. It uses the system
# python3 it detected (/usr/bin/python3), so Jupyter must be installed there.
# We install only the headless execution stack Quarto needs (jupyter-client +
# nbclient/nbformat + the ipykernel kernel + pyyaml, which Quarto's own
# /opt/quarto/share/jupyter wrapper imports), not the notebook/lab servers, and
# register a system-wide "python3" kernelspec under /usr/local/share/jupyter so
# it is discoverable regardless of HOME/XDG. Noble's Python is externally
# managed (PEP 668), hence --break-system-packages in this controlled image.
# The runtime user (www-data) writes Jupyter's runtime/connection files under
# its HOME (/var/www/.local), which is made writable in the Quarto step above.
# python3-venv is needed so a project's requirements.txt can be installed into
# a per-project venv (see QuartoRunner / PythonVenvGate).
RUN apt-get update \
&&  apt-get install -y python3-pip python3-venv \
&&  pip3 install --no-cache-dir --break-system-packages \
      jupyter-core jupyter-client nbclient nbformat ipykernel pyyaml \
&&  python3 -m ipykernel install --prefix /usr/local --name python3 --display-name "Python 3" \
# Bundle the common scientific-Python stack so most decks "just work" without
# any per-project install. matplotlib renders headless (Agg) automatically;
# opencv-python-headless is the GUI-less OpenCV build (provides cv2) suited to
# a server. To add more later, append to this list (the cheapest way to cover
# a library many projects need).
&&  pip3 install --no-cache-dir --break-system-packages \
      numpy pandas scipy matplotlib seaborn scikit-learn sympy plotly tabulate \
      opencv-python-headless tqdm \
&&  rm -rf /var/lib/apt/lists/* /root/.cache

# Install Inkscape (for the LaTeX svg package via shell-escape)
# Must come AFTER the pip installs above: inkscape pulls in python3-numpy via
# apt, which would block pip from upgrading numpy. With pip's numpy already in
# /usr/local/lib, apt installs its own copy into /usr/lib alongside it — no
# conflict — and Python resolves /usr/local/lib first at import time.
RUN apt-get update \
&&  apt-get install -y inkscape \
&&  rm -rf /var/lib/apt/lists/*

# Install decktape + headless Chromium (for exporting RevealJS decks to PDF)
# -----------------------------------------------------------------------
# decktape drives a headless Chromium (via Puppeteer) to print the rendered
# reveal.js slides to a faithful, one-slide-per-page PDF. Chromium is the
# open-source engine (BSD); decktape is MIT, Puppeteer Apache-2.0 — all
# permissive and AGPL-compatible. They are invoked as a separate process
# (QuartoRunner runs `decktape ...`), never linked into the app.
#
# Puppeteer downloads its Chromium into PUPPETEER_CACHE_DIR during the global
# install; we put it in a world-readable /opt path so the www-data runtime user
# can launch it. Playwright is used only as a robust, distro-aware installer for
# Chromium's system libraries (handles Ubuntu Noble's t64 package renames).
ENV PUPPETEER_CACHE_DIR=/opt/puppeteer
RUN npm install -g decktape \
&&  npx --yes playwright@latest install-deps chromium \
&&  chmod -R a+rX /opt/puppeteer \
&&  rm -rf /root/.npm /root/.cache

# Install TeX Live (for compiling .tex projects with latexmk)
# -----------------------------------------------------------------------
# Verso compiles .qmd with Quarto and .tex with latexmk; both engines live
# side by side.
#
# MINIMAL install (current): the upstream-Overleaf approach — scheme-basic
# (~300 MB) plus a few essential packages via tlmgr. Fast to build and small.
# Many documents that need extra packages (tikz, beamer, siunitx, extra
# fonts, ...) will NOT compile out of the box; users can be told to keep
# those projects in Quarto/Typst for now.
#
# TO GO FULL LATER (when the project is mature): change
#   selected_scheme scheme-basic  ->  scheme-full
# and optionally drop the explicit `tlmgr install` line. That single change
# restores a complete LaTeX toolchain at the cost of size/build time.
# Alternatively add individual packages to the `tlmgr install` list below.
# -----------------------------------------------------------------------
ARG TEXLIVE_MIRROR=https://mirror.ox.ac.uk/sites/ctan.org/systems/texlive/tlnet
ENV PATH="${PATH}:/usr/local/texlive/bin/x86_64-linux"

RUN mkdir /install-tl-unx \
&&  curl -sSL ${TEXLIVE_MIRROR}/install-tl-unx.tar.gz \
    | tar -xzC /install-tl-unx --strip-components=1 \
&&  echo "tlpdbopt_autobackup 0"       >> /install-tl-unx/texlive.profile \
&&  echo "tlpdbopt_install_docfiles 0" >> /install-tl-unx/texlive.profile \
&&  echo "tlpdbopt_install_srcfiles 0" >> /install-tl-unx/texlive.profile \
&&  echo "selected_scheme scheme-full" >> /install-tl-unx/texlive.profile \
&&  echo "TEXDIR /usr/local/texlive"   >> /install-tl-unx/texlive.profile \
&&  /install-tl-unx/install-tl \
      -profile /install-tl-unx/texlive.profile \
      -repository ${TEXLIVE_MIRROR} \
&&  rm -rf /install-tl-unx


# Set up overleaf user and home directory
# -----------------------------------------
RUN adduser --system --group --home /overleaf --no-create-home overleaf && \
	mkdir -p /var/lib/overleaf && \
	chown www-data:www-data /var/lib/overleaf && \
	mkdir -p /var/log/overleaf && \
	chown www-data:www-data /var/log/overleaf && \
	mkdir -p /var/lib/overleaf/data/template_files && \
	chown www-data:www-data /var/lib/overleaf/data/template_files
