#!/bin/bash

##########################
# Install Script for Sya #
##########################

set -euxo pipefail

# Check system version: CentOS 7 required.

echo "Checking system version"
grep "release 7" /etc/centos-release

# Check running as root

echo "Checking running as root"
test "$UID" -eq 0

# Install dependencies

yum install --assumeyes bind-utils net-tools git jq

# Configure machine hostname and get ip

read -p "Set hostname:" HOSTNAME
HOSTIP=$(curl -s 'ipinfo.io' | jq -r '.ip')
test -n "$HOSTIP"
ip -o addr | grep $HOSTIP
hostnamectl set-hostname $HOSTNAME

# Install Nginx from official repository
# https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#official-red-hat-centos-packages

cat <<\EOF > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
EOF

yum makecache
yum install --assumeyes nginx

systemctl enable nginx
systemctl start nginx

nginx -t

curl $HOSTNAME

# Install Docker from official repository
# https://docs.docker.com/install/linux/docker-ce/centos/#install-using-the-repository

yum install --assumeyes yum-utils \
    device-mapper-persistent-data \
    lvm2

yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

yum install --assumeyes docker-ce

systemctl enable docker
systemctl start docker

docker info

# Configure Docker daemon
# https://docs.docker.com/engine/reference/commandline/dockerd/

cat <<\EOF > /etc/docker/daemon.json
{
    "hosts": [
        "tcp://0.0.0.0:2376",
        "unix:///var/run/docker.sock"
    ],
    "live-restore": true,
    "log-driver": "journald",
    "tlsverify": true,
    "tlscacert": "/root/tls/ca.pem",
    "tlscert": "/root/tls/cert.pem",
    "tlskey": "/root/tls/key.pem"
}
EOF

bash <( curl -o- https://install.sya.org.cn/cert/$HOSTNAME/$HOSTIP )

mkdir -p /etc/systemd/system/docker.service.d
cat <<\EOF > /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
EOF

systemctl daemon-reload
systemctl restart docker
docker info

# Configure authorized_keys

mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/

# Other works

echo "
################################################################################
# Add following firewall rules in your cloud service:
#
# * Allow TCP/2375 from $(dig +short sya.run) (sya.run)
# * Allow TCP/2375 from $(dig +short monitor.sya.org.cn) (monitor.sya.org.cn)
# * Deny  TCP/2375 from other IPs
#
# Add your public key to /root/.ssh/authorized_keys
#
# $ ssh-copy-id root@$HOSTNAME
#
# Happy Deploying!
################################################################################
"