#! /bin/sh
#
# docker.sh
# Spins up a Docker container with the contents of this repo ready to run
#
# NOTE: This file contains a reference to itself
#
set -e
if [ -n "$ANSIBLE_SSH_KEY" ]; then
	# Set up an unprivileged user with the same UID-GID as the user who owns the volume
	targetUID="$(stat -c %u /etc/ansible.orig)"
	targetGID="$(stat -c %g /etc/ansible.orig)"
	printf "\e[37mCreating a user with $targetUID:$targetGID...\e[0m\n"
	groupadd ansible -g "$targetGID"
	useradd ansible \
		-d /home/ansible \
		-g ansible \
		-s /bin/bash
	# And has sudo rights
	mkdir /etc/sudoers.d
	echo 'ansible ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/50-playbookuser
	# And owns their home
	mkdir -p /home/ansible
	chown ansible. ~ansible

	# Dump the private key as fast as possible to reduce leak
	printf '\e[37mInstalling private key...\e[0m\n'
	mkdir -p ~ansible/.ssh
	echo "$ANSIBLE_SSH_KEY" > ~ansible/.ssh/desu
	unset ANSIBLE_SSH_KEY
	chmod 0600 ~ansible/.ssh/desu
	chown ansible. ~ansible/.ssh/desu

	# Give the ansible user a managable profile
	cp /etc/ansible.orig/roles/common/templates/profile.sh /etc/profile.d/50-ansible.sh

	# Install the packages we need to test things in the repo
	printf '\e[37mUpdating repositories...\e[0m\n'
	apt-get update > /dev/null 2>&1
	printf '\e[37mInstalling packages from APT...\e[0m\n'
	apt-get install -y openssh-client python-is-python3 python3-docker python3-pip rsync sudo vim > /dev/null 2>&1
	printf '\e[37mInstalling packages from PIP (this may take a minute)...\e[0m\n'
	pip install -q ansible ansible-lint

	# Setup our playbook environment roles
	printf '\e[37mCreating local copy of playbook files...\e[0m\n'
	mkdir /etc/ansible
	chown ansible. /etc/ansible
	sudo -u ansible rsync -aHS /etc/ansible.orig/ /etc/ansible/ --exclude .git
	printf '\e[37mInstalling roles...\e[0m\n'
	sudo -u ansible ansible-galaxy install -r requirements.yml
	cd /etc/ansible

	# Drop to the ansible user
	printf '\e[32mAnsible is ready to run\e[0m\n'
	printf ' * \e[33mThe repo is located at /etc/ansible\e[0m\n'
	printf ' * For documentation, see README.md\n'
	printf ' * For the main playbook, see site.yml\n'
	printf 'You have passwordless sudo in this container\n'
	printf '\n'
	exec sudo -u ansible -i
	exit
fi
ANSIBLE_SSH_KEY="$(cat ~/.ssh/desu)"
docker run -it \
	-e "ANSIBLE_SSH_KEY=$ANSIBLE_SSH_KEY" \
	-v "$PWD:/etc/ansible.orig:ro" \
	ubuntu:focal \
	bash -c 'cd /etc/ansible.orig && ./contrib/docker.sh'