# ===== Dockerfile: Debian + Guix agent sandbox =====

# Base image: Debian (stable, with minimal packages)
FROM debian:stable-slim

# Prevent interactive prompts
ENV DEBIAN_FRONTEND=noninteractive

# Install essential tools for Guix bootstrap and build
RUN apt-get update && apt-get install -y --no-install-recommends \
    wget curl git xz-utils bzip2 gzip tar ca-certificates \
    gcc make patch sudo locales && \
    rm -rf /var/lib/apt/lists/*

# Set locale
RUN locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Add a non-root user for sandboxed agent environments
RUN useradd -m -s /bin/bash guixuser && echo "guixuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
USER guixuser
WORKDIR /home/guixuser

# Install Guix
RUN wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh -O guix-install.sh && \
    bash guix-install.sh && rm guix-install.sh

# Add Guix to PATH
ENV PATH="/home/guixuser/.guix-profile/bin:/home/guixuser/.guix-profile/sbin:$PATH"
ENV GUIX_PROFILE="/home/guixuser/.guix-profile"

# Initialize Guix daemon for user
RUN mkdir -p /home/guixuser/guix-cache && \
    guix pull

# Optional: pre-install a few common packages for your agents
RUN guix package -i python python-pip gcc-toolchain bash zlib zstd \
    --profile=$GUIX_PROFILE

# Switch back to root if you want to manage the container externally
USER root

# Set default command
CMD ["/bin/bash"]