#!/bin/bash

function check_container_exists() {
    if ! container_exists "$CONTAINER"; then
        echoerr "container <$CONTAINER> does not exist!"
        exit 1
    fi
}

function check() {
    check_container_exists || return 1
    return 0
}

function enable_ssh() {
    echo "lxc: enable ssh in container <$CONTAINER> for user <$SSH_USER>"

    if ! container_running "$CONTAINER"; then
        echowarn "container <$CONTAINER> seems to be asleep, starting ..."
        lxc start "$CONTAINER"
        echowarn DONE
    fi

    lxc exec "$CONTAINER" -- bash <<EOF
        set -Eeuo pipefail
        if ! id "$SSH_USER" &>/dev/null; then
            echo "adding new user <$SSH_USER>"
            useradd -ms /bin/bash -G sudo "$SSH_USER"
        else
            echo "bash: $SSH_USER exists already!"
        fi
EOF

    miaou_user=$(whoami)
    shadow_passwd=$(load_yaml_from_expanded credential.shadow)
    shadow_remainder=$(lxc exec "$CONTAINER" -- bash -c "grep $SSH_USER /etc/shadow | cut -d':' -f3-")
    lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/append_or_replace "^$SSH_USER:.*:" "$SSH_USER:$shadow_passwd:$shadow_remainder" /etc/shadow >/dev/null

    lxc exec "$CONTAINER" -- /opt/miaou-bash/tools/idem_apt_install openssh-server
    previous_users=($(
        lxc exec "$CONTAINER" -- bash <<EOF
        set -Eeuo pipefail
        if [[ -f /etc/ssh/sshd_config ]] && grep -q AllowUsers /etc/ssh/sshd_config ; then
            cat /etc/ssh/sshd_config | grep AllowUsers | cut -d' ' -f 2-
        fi
EOF
    ))

    if containsElement previous_users "$SSH_USER"; then
        echo "sshd_config: AllowUsers $SSH_USER already done!"
    else
        echo "previous_users ${previous_users[*]}"
        previous_users+=("$SSH_USER")
        echo -n "building template for sshd_config..."
        USERS=${previous_users[*]} tera -e --env-key env -t "$MIAOU_BASEDIR/templates/dev-container-ssh/sshd_config.j2" -o "/tmp/sshd_config" "$MIAOU_CONFIGDIR/miaou.expanded.yaml" >/dev/null
        echo 'OK'
        echo -n "copying sshd_config to container <$CONTAINER> ... "
        lxc file push --uid 0 --gid 0 "/tmp/sshd_config" "$CONTAINER/etc/ssh/sshd_config" &>/dev/null
        echo 'OK'
        lxc exec "$CONTAINER" -- systemctl reload sshd.service
    fi

    lxc exec "$CONTAINER" -- mkdir -p "/home/$SSH_USER/.ssh"
    lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh"
    lxc exec "$CONTAINER" -- chmod 760 "/home/$SSH_USER/.ssh"

    if [[ -f "/home/$miaou_user/.ssh/authorized_keys" ]]; then
        lxc file push --uid 0 --gid 0 "/home/$miaou_user/.ssh/authorized_keys" "$CONTAINER/home/$SSH_USER/.ssh/authorized_keys" &>/dev/null
        lxc exec "$CONTAINER" -- chown "$SSH_USER:$SSH_USER" "/home/$SSH_USER/.ssh/authorized_keys"
        lxc exec "$CONTAINER" -- chmod 600 "/home/$SSH_USER/.ssh/authorized_keys"
    fi

    echo "create symbolic link for curl from TOOLBOX as required for Codium remote-ssh"
    lxc exec "$CONTAINER" -- ln -sf /TOOLBOX/curl /usr/bin/

    echo "SUCCESS: container $CONTAINER listening on port 22"
}

## MAIN
. "$MIAOU_BASEDIR/lib/init.sh"

arg1_required "$@"
readonly CONTAINER=$1
if [[ -z "${2:-}" ]]; then
    readonly SSH_USER=$(id -un)
else
    readonly SSH_USER="$2"
fi

check
enable_ssh