#!/bin/sh

set -e

# Upgrade system and install required packages
apk update
apk upgrade

apk add \
        curl \
        docker \
        openntpd \
        openssh \
        shadow \
        tzdata

groupadd -g {{ .StackScript.SharedGroupGid }} shared-flow
groupadd -g 1001 flow
useradd -s /bin/bash -g 1001 -u 1001 -m -G docker,shared-flow flow

mkdir /home/flow/.ssh
chmod 0700 /home/flow/.ssh
chown flow:flow /home/flow/.ssh
touch /home/flow/.ssh/authorized_keys
chown flow:flow /home/flow/.ssh/authorized_keys
chmod 0600 /home/flow/.ssh/authorized_keys
echo "{{ .StackScript.AuthorizedKey }}" | tee /home/flow/.ssh/authorized_keys

# TODO: Mount volume and edit /etc/fstab

# TODO: SSH Hardening (backup original config)
# Port 3142
# PermitRootLogin no
# PasswordAuthentication no
# PermitEmptyPasswords no
# AllowTcpForwarding no
# GatewayPorts no
# X11Forwarding no

# Set the timezone and local time
mkdir -p /etc/zoneinfo/Europe
chmod -R 0755 /etc/zoneinfo
cp /usr/share/zoneinfo/Europe/London /etc/zoneinfo/Europe/
ln -fs /etc/zoneinfo/Europe/London /etc/localtime
echo "Europe/London" > /etc/timezone
apk del tzdata