#!/bin/bash

set -o errexit
set -o pipefail
set -o nounset

REMOTE_GIT_HOST="git.faercol.me"
REMOTE_GIT_PORT="2222"
REMOTE_GIT_USER="git"
REMOTE_GIT_PUBKEY="[${REMOTE_GIT_HOST}]:${REMOTE_GIT_PORT} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIMXY7I7Dq9uiBXbqdBX8Q5rdlTNFjGSx0IJxvsxyb9t"

GITEA_API_HOST="https://git.faercol.me"

PROVISIONER_DEST="$HOME/.local/provisioner"
PROVISIONER_REPO="ssh://$REMOTE_GIT_USER@$REMOTE_GIT_HOST:$REMOTE_GIT_PORT/faercol/provisioner.git"


display_step() {
    echo -e "\e[94m  - $1\e[0m"
}

display_category() {
    echo -e "\e[34m\e[1m[$1]\e[0m"
}

display_success() {
    echo -e -e "\e[32m\e[1m$1\e[0m"
}

install_tools() {
    sudo pacman --noconfirm -S git curl
}

configure_git_access() {
    display_step "Checking the presence of a SSH keypair"
    expected_files=("id_ed25519" "id_ecdsa" "id_rsa")
    used_key=""
    for expected_file in "${expected_files[@]}"; do
        if [[ -f "$HOME/.ssh/$expected_file" ]]; then
            display_step "Using ssh key $expected_file"
            used_key=$expected_file
            break
        fi
    done

    if [[ -z $used_key ]]; then
        display_step "Creating new ssh keypair id_ed25519"
        ssh-keygen -t ed25519 -q -f "$HOME/.ssh/id_ed25519"
        used_key="id_ed25519"
    fi

    if [[ ! -f "$HOME/.ssh/${used_key}.pub" ]]; then
        display_step "Private key is present, but public key is missing, generating it"
        ssh-keygen -q -f "$HOME/.ssh/$used_key" -y > "$HOME/.ssh/${used_key}.pub"
    fi

    key_val="$(cat "$HOME"/.ssh/"${used_key}".pub)"
    key_name="$USER-$(cat /etc/hostname)-$(cat /etc/machine-id)"
    key_body="{\"key\":\"$key_val\",\"read_only\":false,\"title\":\"$key_name\"}"
    display_step "Posting public key to gitea API"
    curl -f -S -o /dev/null -X 'POST' \
  "${GITEA_API_HOST}/api/v1/user/keys" \
  -H 'accept: application/json' \
  -H "Authorization: token ${GITEA_API_TOKEN}" \
  -H 'Content-Type: application/json' \
  -d "$key_body"
}

check_git_access() {
    display_step "Creating correct ssh dir if not present"
    install -m 0700 -d "${HOME}/.ssh/"
    touch "${HOME}/.ssh/known_hosts"

    display_step "Checking remote git public key"
    if grep -q "$REMOTE_GIT_PUBKEY" "${HOME}/.ssh/known_hosts"; then
        display_step "git host already known, continuing"
    else
        display_step "Adding expected remote git server pubkey"
        echo "$REMOTE_GIT_PUBKEY" >> "${HOME}/.ssh/known_hosts"
    fi

    display_step "Checking SSH private key"

    set +o errexit
    ssh -o BatchMode=yes -p "$REMOTE_GIT_PORT" "${REMOTE_GIT_USER}@${REMOTE_GIT_HOST}" > /dev/null 2>&1
    ssh_returncode=$?
    set -o errexit

    if [ $ssh_returncode -eq 0 ]; then
        display_step "Access is allowed to git server, continuing"
    else
        display_category "Configuring access to the remote git server"
        configure_git_access
    fi
}

download_provisioner() {
    display_step "Cloning the provisioner to ${PROVISIONER_DEST}"
    git clone "$PROVISIONER_REPO" "$PROVISIONER_DEST"
}

main() {
    display_category "Installing necessary tools"
    install_tools

    display_category "Checking access to the remote git server"
    check_git_access

    display_category "Downloading and installing the remote installer"
    download_provisioner

    display_success "Remote installer ready and configured, passing control to it"
    exec "$PROVISIONER_DEST/provisioner.sh"
}

main