#!/bin/bash
# Target DMZ
set -e
if [ -z $MILXCGUARD ] ; then exit 1; fi
DIR=`dirname $0`
cd `dirname $0`

# disable systemd-resolved which conflicts with nsd
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved

apt-get update
DEB_VERSION=`cat /etc/debian_version | cut -d'.' -f1`
if [ $DEB_VERSION -eq "11" ] # DEB 11 aka Bullseye
then
  DEBIAN_FRONTEND=noninteractive apt-get install -y  certbot python3-certbot-apache
else
  echo "Unsupported Debian version"
  exit 1
fi


# preconfig TLS and certbot
a2enmod ssl
a2ensite default-ssl.conf
echo -e "
email=admin@kaz.milxc
agree-tos=1
no-verify-ssl=1
" >> /etc/letsencrypt/cli.ini

# Go KAZ !
# KAZ specific things
#installation de docker, docker-compose et on y fourre le user debian dans le groupe idoine

DEBIAN_FRONTEND=noninteractive apt-get install -y docker.io docker-compose docker-clean git apg curl sudo unzip rsync fuse-overlayfs
usermod -G docker debian
# activation dans alias dans /root/.bashrc
sed -i \
-e 's/^\# alias/alias/g' \
-e 's/^\# export/export/g' \
-e 's/^\# eval/eval/g' \
/root/.bashrc

if ! grep -q "for file in /dockers" /root/.bashrc 2>/dev/null; then
cat >> /root/.bashrc <<EOF
# enable bash completion in interactive shells
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
for file in /kaz/bin/.*-completion.bash ; do
source "\${file}"
done
EOF
fi


# On met le KAZGUARD pour la mise au point
echo "export KAZGUARD='true'" >> /root/.bashrc

# On active fuse-overlayfs pour docker
cat >> /etc/docker/daemon.json <<EOF
{ "storage-driver": "fuse-overlayfs" }
EOF
service docker restart
mknod -m 666 /dev/fuse c 10 229 # + dans le rc.local ? + modprobe fuse sur l'ĥôte ?

./kaz.sh

# clear apt cache
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
DEBIAN_FRONTEND=noninteractive apt-get clean