{ pkgs ? import <nixpkgs> {}, ... }:

with (import ../../deployment/utils.nix {});
flag: calculator-app: docker-entrypoint: name:
let 
  protocols = pkgs.writeTextDir "etc/protocols" ''
tcp              6 TCP            # Transmission Control
  '';
  config = pkgs.writeTextDir "etc/xinetd.conf" 
  ''
    service ctf
{
    disable = no
    socket_type = stream
    protocol    = tcp
    wait        = no
    user        = ig
    type        = UNLISTED
    port        = 20000
    bind        = 0.0.0.0
    server      = /home/ig/docker-entrypoint.sh
    # banner_fail = /etc/banner_fail
    # safety options
    # the maximum instances of this service per source IP address
    per_source	= 10
    # the maximum number of CPU seconds that the service may use
    rlimit_cpu	= 20 
    # the Address Space resource limit for the service
    rlimit_as  = 512M 
    # kafel_rule = /etc/pwn.kafel
}
  '';
  add_files = [ 
    (copy docker-entrypoint "home/ig/docker-entrypoint.sh")
    (copy flag "home/ig/flag.txt")
    (copy calculator-app "home/ig/calculator-app.rkt")
  ];
  image = pkgs.dockerTools.buildImage {
  name = name ;
  tag = "latest";

  runAsRoot = ''
  #!${pkgs.stdenv.shell}
  ${pkgs.dockerTools.shadowSetup}
    useradd -U -m ig && mkdir -p /home/ig
    chown -R ig:ig /home/ig
    mkdir -p /usr/local/bin
    chmod -R -w /home/ig
    chmod +x /home/ig/docker-entrypoint.sh
  '';

  contents = [ pkgs.bash pkgs.racket config protocols ] ++ add_files;
  config = {
    ExposedPorts = {
      "20000/tcp" = {};
    };

    Cmd = [ "${pkgs.xinetd}/bin/xinetd" "-dontfork" "-stayalive" ];
  };
}; in image