#!/bin/bash -e
#
# This script creates an mmdebstrap .tar and imports it into systemd-nspawn
#  where it can be managed by machinectl
#
# This script configures the container in multiple ways:
#  1. Installs system very similar to Debian genericcloud build including 
#      cloud tools and cloud variant Linux kernel.
#  2. Installs and configures sudo with NOPASSWD enabled for suoders
#  3. Installs public SSH keys to user and root for pre-shared auth out-
#      of-the-box
#  4. Installs netplan.io (which is also used with Debian genericcloud
#      and configures it to bring the link-local interface up only
#  5. Purges multiple packages that are not part of Debian genericcloud
#  6. Configures /etc/hosts, /etc/hostname, and /etc/motd with the 
#      container name
#  7. Sets the container locale to `en_US.UTF-8 UTF-8`
#  8. Imports the container into machined
#
#  With systemd-contianer connecting to the container should be as easy
#   as `ssh <container>`
#  systemd-container takes care of creating a virtual ethernet interface
#   shared between the host and the container, and libnss-mymachines
#   handles the name resolution for containers
# 
# Start the container:
#   sudo machinectl start <container>
#
# Access the container:
#    ssh <container>
#       - or -
#    machinectl login <container>
#       - or -
#    machinectl shell <container>
#
# If you want to ssh in to the container as root edit /etc/ssh/sshd_config
#   on the container and use:
#     PermitRootLogin yes
#

if [[ $# -ne 1 ]]; then
  echo "USAGE: $0 <container name>"
  exit 0
else
    containerName="$1"
fi

user="dhya"
pass=""
groups="adm,staff,sudo"

sources_list="# For information about how to configure apt package sources,
# see the sources.list(5) manual.

deb http://deb.debian.org/debian/ bookworm main contrib
deb-src http://deb.debian.org/debian/ bookworm main contrib

deb http://deb.debian.org/debian/ bookworm-proposed-updates main contrib
deb-src http://deb.debian.org/debian/ bookworm-proposed-updates main contrib

deb http://deb.debian.org/debian/ bookworm-updates main contrib
deb-src http://deb.debian.org/debian/ bookworm-updates main contrib

deb http://security.debian.org/debian-security bookworm-security main contrib
deb-src http://security.debian.org/debian-security bookworm-security main contrib"

netplanConf=$(cat << 'EOF'
network:
  version: 2
  ethernets:
    enp1s0:
      link-local: [ ipv6 ]
EOF
)

motdText="\n\t${containerName}\n"

# Apt proxy to use for mmdebstrap build
aptProxy='Acquire::http { Proxy "http://192.168.0.35:3142"; }'
# Apt proxy to configure in container
aptProxyConf='Acquire::http::Proxy::deb.debian.org \"http://192.168.0.35:3142/\";'

# User public SSH key for pre-shared auth with container
user_ssh_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFaTibSQqYaaBk86kbjI6GCtq0Et6j3yrhVRdIaKhSTO dhya@fusion"

# Root public SSH key for pre-shared auth with container
root_ssh_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAooLnlfGBOOfWtGD5kf4fAgHnUcNM5Fjcq6V7bUJoX root@fusion"

# Note: $ needs to be escaped, e.g. Perl capture group reference $1
# machinectl requires systemd and dbus (dbus-broker) in the container
mmdebstrap \
 --aptopt=''"${aptProxy}"'' \
 --aptopt='Apt::Install-Recommends "false"' \
 --include=dbus-broker,systemd-container,linux-image-cloud-amd64,locales,netplan.io,sudo \
 --customize-hook='chroot "$1" apt -y purge linux-image-amd64 ifupdown nano vim-tiny vim-common firmware-linux-free busybox console-setup console-setup-linux cron cron-daemon-common dbus-user-session debconf-i18n dictionaries-common discover discover-data dmidecode efibootmgr emacsen-common firmware-linux-free iamerican ibritish ienglish-common intel-microcode isc-dhcp-common ispell iucode-tool laptop-detect logrotate shared-mime-info task-english tasksel tasksel-data usbutils util-linux-locales wamerican xdg-user-dirs xkb-data' \
 --customize-hook='echo '"${containerName}"' > "$1/etc/hostname"' \
 --customize-hook='printf "127.0.0.1\tlocalhost\n127.0.1.1\t'"${containerName}"'\n\n::1\tlocalhost ip6-localhost ip6-loopback\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters" > "$1/etc/hosts"' \
 --customize-hook='printf "'"${netplanConf}"'" > "$1/etc/netplan/50-cloud-init.yaml"' \
 --customize-hook='printf "'"${sources_list}"'" > "$1/etc/apt/sources.list"' \
 --customize-hook='printf "'"${aptProxyConf}"'" > "$1/etc/apt/apt.conf.d/02proxy"' \
 --customize-hook='printf "'"${motdText}"'" > "$1/etc/motd"' \
 --customize-hook='echo '"en_US.UTF-8 UTF-8"' >> "$1/etc/locale.gen"' \
 --customize-hook='chroot "$1" useradd -s /bin/bash -m -G '"${groups}"' '"${user}"'' \
 --customize-hook='printf "'"${root_ssh_key}"'" > "$1/root/.ssh/authorized_keys"' \
 --customize-hook='echo '"${user}":"${pass}"' | chroot "$1" chpasswd' \
 --customize-hook='mkdir "$1/home/'"${user}"'/.ssh"' \
 --customize-hook='printf "'"${user_ssh_key}"'" > "$1/home/'"${user}"'/.ssh/authorized_keys"' \
 --customize-hook='chown -R '"${user}"':'"${user}"' "$1/home/'"${user}"'/.ssh"' \
 --customize-hook='perl -pi -e "s/(^%sudo\s+ALL=\(ALL:ALL\)\s+)ALL/\$1NOPASSWD:ALL/" "$1/etc/sudoers"' \
 --customize-hook='chroot "$1" apt --no-install-recommends -y install vim openssh-server python3 cloud-guest-utils cloud-image-utils cloud-init cloud-initramfs-growroot cloud-utils distro-info-data rsync' \
 --customize-hook='chroot "$1" rm -rf /etc/network' \
 --customize-hook='chroot "$1" locale-gen' \
 bookworm ${containerName}.tar

printf "\nFinished creating ${containerName} container: ${containerName}.tar\n"
sudo machinectl import-tar ${containerName}.tar ${containerName}
printf "\nFinished importing ${containerName}.tar\n"
printf "It can be started with:\n\$ sudo machinectl start $containerName\n"