#!/bin/ash

# See: Dockerfile
UID=431
GID=431

# Grab origin
ORIGIN=`git remote get-url origin`

echo "Setting access to /var/run/docker.sock."
chown -v $UID:$GID /var/run/docker.sock

echo "Setting read access to /etc/lixonet/."
chown -R $UID:$GID /etc/lixonet/
chmod -R 440 /etc/lixonet/
chmod -R a+X /etc/lixonet/

echo "Setting write access to service directories."
mkdir /etc/bind
chown -R $UID:$GID /etc/bind/
chmod -R 660 /etc/bind/
chmod -R a+X /etc/bind/

mkdir /etc/bird
chown -R $UID:$GID /etc/bird/
chmod -R 660 /etc/bird/
chmod -R a+X /etc/bird/

mkdir /etc/tinc
chown -R $UID:$GID /etc/tinc/
chmod -R 660 /etc/tinc/
chmod -R a+X /etc/tinc/

mkdir /etc/wireguard
chown -R $UID:$GID /etc/wireguard/
chmod -R 660 /etc/wireguard/
chmod -R a+X /etc/wireguard/

echo "Setting exclusive read access to SSH keys."
chmod -v 400 /etc/lixonet/id_rsa
chmod -v 400 /etc/lixonet/*/id_rsa
stat /etc/lixonet/id_rsa
stat /etc/lixonet/*/id_rsa

echo "Enabling write access to /etc/lixonet/version."
touch /etc/lixonet/version
chmod 660 /etc/lixonet/version
stat /etc/lixonet/version

docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/wireguard:/etc/wireguard/ -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa --name lixonet-ee lixonet-ee