FROM python:3.11-slim

WORKDIR /app

# openssh-client + rsync: used for optional event shipping to VPS
# (only active when VPS_EVENTS_HOST is set in the environment)
RUN apt-get update && apt-get install -y --no-install-recommends \
        openssh-client \
        rsync \
    && rm -rf /var/lib/apt/lists/*

# docker SDK  : container health checks and cleanup (dangling images, prune)
# psutil      : fallback system metrics (not used in main path; /proc is primary)
# pyyaml      : may be needed for reading host config snippets
RUN pip install --no-cache-dir "docker>=6.0" psutil pyyaml

RUN useradd -m -u 1000 homelab

COPY src/ /app/src/

ENV PYTHONUNBUFFERED=1

USER homelab
CMD ["python", "src/node_agent.py"]
