{ pkgs, ... }:
let
  sish = pkgs.sish.overrideAttrs (oldAttrs: {
    patches = oldAttrs.patches or [ ] ++ [ ./proxy-ssl-termination.patch ];
  });
in
pkgs.dockerTools.buildImage {
  name = "sish";
  fromImage = import ../base { inherit pkgs; };

  copyToRoot = pkgs.buildEnv {
    name = "root";
    paths = [ sish ];
    pathsToLink = [ "/bin" ];
  };

  config = {
    Entrypoint = [ "/bin/sish" ];
    Cmd = [
      "--ssh-address=0.0.0.0:2222"
      "--http-address=0.0.0.0:80"
      "--load-templates=false"
      "--private-keys-directory=/etc/sish/keys"
      "--authentication-password=\"\""
      "--authentication-keys-directory=/etc/sish/pubkeys"
    ];
    ExposedPorts = {
      "2222/tcp" = { };
    };
    Volumes = {
      "/etc/sish/keys" = { };
      "/etc/sish/pubkeys" = { };
    };
  };
}