#!/bin/bash

source /opt/scarif/.env

# Add me as a user and git for SSH passthrough to gitea (change passwords after finishing)
useradd -m -p $(echo $USER_PASSWORD | openssl passwd -1 -stdin) chris
useradd -m -p $(echo $GIT_PASSWORD | openssl passwd -1 -stdin) -u1200 git

# Install necessary packages
pacman -S --needed --noconfirm sudo wget tmux htop vim docker docker-compose git ufw

# Set up privileges
echo "chris ALL=(ALL) ALL" >> /etc/sudoers

# Make files necessary for SSH passthrough (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough)
mkdir -p /var/lib/gitea
mkdir -p /app/gitea
tee /app/gitea/gitea <<END
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\\"\$SSH_ORIGINAL_COMMAND\\" \$0 \$@"
END

chmod +x /app/gitea/gitea

chown -R git /app/gitea/gitea
chown -R git /var/lib/gitea
rm -f /home/git/.ssh/*

sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f/home/git/.ssh/id_rsa -q -N ""

sudo -u git touch /home/git/.ssh/authorized_keys
echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys
echo $SSH_KEY >> /home/git/.ssh/authorized_keys

sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config

systemctl restart sshd

# Set up firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

# Start the docker service and build docker compose
systemctl enable docker --now

docker-compose -f "/opt/scarif/docker-compose.yml" --env-file "/opt/scarif/.env" up -d

docker exec -it scarif_pinry_1 python manage.py createsuperuser --settings=pinry.settings.docker