#!/usr/bin/with-contenv bash
# shellcheck shell=bash

# create folders
mkdir -p \
    /etc/docker \
    /config/{.ssh,ssh_host_keys,logs/openssh,logs/dockerd,var/lib/docker}

USER_NAME=${USER_NAME:-jenkins}
echo "User name is set to $USER_NAME"

USER_PASSWORD=${USER_PASSWORD:-$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c"${1:-8}";echo;)}
echo "${USER_NAME}:${USER_PASSWORD}" | chpasswd

# symlink out ssh config directory
if [[ ! -L /etc/ssh ]]; then
    if [[ ! -f /config/ssh_host_keys/sshd_config ]]; then
        sed -i '/#PidFile/c\PidFile \/config\/sshd.pid' /etc/ssh/sshd_config
        cp -a /etc/ssh/sshd_config /config/ssh_host_keys/
    fi
    rm -Rf /etc/ssh
    ln -s /config/ssh_host_keys /etc/ssh
    ssh-keygen -A
fi

# custom port
if [[ -n "${LISTEN_PORT}" ]]; then
    sed -i "s/^#Port [[:digit:]]\+/Port ${LISTEN_PORT}"/ /etc/ssh/sshd_config
    sed -i "s/^Port [[:digit:]]\+/Port ${LISTEN_PORT}"/ /etc/ssh/sshd_config
    echo "sshd is listening on port ${LISTEN_PORT}"
else
    sed -i "s/^#Port [[:digit:]]\+/Port 2222"/ /etc/ssh/sshd_config
    sed -i "s/^Port [[:digit:]]\+/Port 2222"/ /etc/ssh/sshd_config
    echo "sshd is listening on port 2222"
fi

# password access
if [[ "$PASSWORD_ACCESS" == "true" ]]; then
    sed -i '/^#PasswordAuthentication/c\PasswordAuthentication yes' /etc/ssh/sshd_config
    sed -i '/^PasswordAuthentication/c\PasswordAuthentication yes' /etc/ssh/sshd_config
    chown root:"${USER_NAME}" \
        /etc/shadow
    echo "User/password ssh access is enabled."
else
    sed -i '/^PasswordAuthentication/c\PasswordAuthentication no' /etc/ssh/sshd_config
    chown root:root \
        /etc/shadow
    echo "User/password ssh access is disabled."
fi

# set umask for sftp
UMASK=${UMASK:-022}
sed -i "s|/usr/lib/ssh/sftp-server$|/usr/lib/ssh/sftp-server -u ${UMASK}|g" /etc/ssh/sshd_config

# set key auth in file
if [[ ! -f /config/.ssh/authorized_keys ]]; then
    touch /config/.ssh/authorized_keys
fi

if [[ -n "$PUBLIC_KEY" ]]; then
    if ! grep -q "${PUBLIC_KEY}" /config/.ssh/authorized_keys; then
        echo "$PUBLIC_KEY" >> /config/.ssh/authorized_keys
        echo "Public key from env variable added"
    fi
fi

if [[ -n "$PUBLIC_KEY_URL" ]]; then
    PUBLIC_KEY_DOWNLOADED=$(curl -s "$PUBLIC_KEY_URL")
    if ! grep -q "$PUBLIC_KEY_DOWNLOADED" /config/.ssh/authorized_keys; then
        echo "$PUBLIC_KEY_DOWNLOADED" >> /config/.ssh/authorized_keys
        echo "Public key downloaded from '$PUBLIC_KEY_URL' added"
    fi
fi

if [[ -n "$PUBLIC_KEY_FILE" ]] && [[ -f "$PUBLIC_KEY_FILE" ]]; then
    PUBLIC_KEY2=$(cat "$PUBLIC_KEY_FILE")
    if ! grep -q "$PUBLIC_KEY2" /config/.ssh/authorized_keys; then
        echo "$PUBLIC_KEY2" >> /config/.ssh/authorized_keys
        echo "Public key from file added"
    fi
fi

if [[ -d "$PUBLIC_KEY_DIR" ]]; then
    for F in "${PUBLIC_KEY_DIR}"/*; do
        PUBLIC_KEYN=$(cat "$F")
        if ! grep -q "$PUBLIC_KEYN" /config/.ssh/authorized_keys; then
            echo "$PUBLIC_KEYN" >> /config/.ssh/authorized_keys
            echo "Public key from file '$F' added"
        fi
    done
fi

# add log file info
if [[ ! -f /config/logs/loginfo.txt ]]; then
    echo "The current log file is named \"current\". The rotated log files are gzipped, named with a TAI64N timestamp and a \".s\" extension" > /config/logs/loginfo.txt
fi

# delete Docker PID if exists
find /run /var/run -iname 'docker*.pid' -delete || :

# create docker group and add abc to it
groupadd -f docker
if ! id -nG "$(id -nu "${PUID:-911}")" | grep -q "docker"; then
    usermod -aG docker "$(id -nu "${PUID:-911}")"
fi

HOME=/config git config --global user.email "ci@linuxserver.io"
HOME=/config git config --global user.name "LinuxServer-CI"

# Remove old Docker image store
if [[ -d "/config/var/lib/docker/overlay2/" ]]; then
    rm -rf "/config/var/lib/docker/overlay2/"
fi

if [[ -d "/config/var/lib/docker/image/" ]]; then
    rm -rf "/config/var/lib/docker/image/"
fi

# Enable containerd image store
cat <<EOF >/etc/docker/daemon.json
{
    "features": {
        "containerd-snapshotter": true
    }
}
EOF

# permissions
lsiown -R "${USER_NAME}":"${USER_NAME}" \
    /config
chmod go-w \
    /config
chmod 700 \
    /config/.ssh
chmod 600 \
    /config/.ssh/authorized_keys
