#!/bin/bash
template templates/hostname /etc/hostname


rex doas apk update
rex doas apk add bash doas openssh


# ass swap file ????
# ------ disable root user and login


# ----- install nabula
echo "prsync nebula bin"
prsync -h "$hosts_file" -avz ./sbin/nebula /4server/nebula
rex doas mv /4server/nebula /usr/bin/ 

rex doas mkdir -p /etc/nebula
rex doas chmod 700 /etc/nebula

template templates/nebula/config.yml /etc/nebula/config.yml
template templates/nebula/host.key /etc/nebula/host.key            
template templates/nebula/host.crt /etc/nebula/host.crt
template templates/nebula/ca.crt /etc/nebula/ca.crt

rex doas chmod 700 /etc/nebula

template templates/init.d/nebula /etc/init.d/nebula
rex doas chmod 0755 /etc/init.d/nebula
rex doas chown root:root /etc/init.d/nebula
rex doas rc-update add nebula default
rex doas rc-service nebula restart

template templates/init.d/ping_service /etc/init.d/ping_service
rex doas chmod 0755 /etc/init.d/ping_service
rex doas chown root:root /etc/init.d/ping_service
rex doas rc-update add ping_service default
rex doas rc-service ping_service restart


# ADD USER 4SERVER
rex doas adduser -D -s /bin/bash 4server

SSH_DIR="/home/4server/.ssh"
rex doas mkdir -p "$SSH_DIR"
rex doas chmod 700 "$SSH_DIR"
rex doas chown 4server:4server "$SSH_DIR"

template templates/ssh/id_ed25519.pub /home/4server/.ssh/authorized_keys

rex doas chmod 755 /home/4server
rex doas chmod 700 /home/4server/.ssh
rex doas chmod 600 /home/4server/.ssh/authorized_keys
rex doas chown 4server:4server /home/4server/.ssh/authorized_keys

rex doas passwd -u 4server




rex doas mkdir -p /etc/doas.d

rex "doas sh -c 'grep -q \"permit nopass 4server as root\" /etc/doas.d/4server.conf 2>/dev/null || echo \"permit nopass 4server as root\" | tee -a /etc/doas.d/4server.conf > /dev/null'"

rex "doas sh -c 'sed -i \"s/^#\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config'"

rex doas rc-service sshd restart