#!/bin/bash

if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root."
    exit 1
fi

echo "OK: Root user detected."
echo "NEXT: Checking for apt-get executable."

APT_GET_CMD=$(which apt-get)

if [[ -z $APT_GET_CMD ]]; then
    echo "No apt-get executable found. Exiting."
    exit 1;
fi

echo "OK: apt-get found."
echo "NEXT: Check and eventually install necessary packages."

REQUIRED_PKG="autossh"
PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "install ok installed")

echo Checking for $REQUIRED_PKG: $PKG_OK

if [ "" = "$PKG_OK" ]; then
    echo "No $REQUIRED_PKG. Setting up $REQUIRED_PKG."
    apt-get --yes install $REQUIRED_PKG
fi

echo "NEXT: Check for existence of autossh dedicated user."

if [ ! id -u autossh >/dev/null 2>&1 ]; then
    echo "The user is missing so we will create for you."
    useradd -m -s /bin/false autossh
fi

if id -u autossh >/dev/null 2>&1; then
    echo "OK: user autossh exists."
else
    echo "There are some problems with user creation. Exiting."
    exit 1;
fi

echo "NEXT: Setup autossh home."

mkdir -p "/home/autossh/.ssh"
touch -a /home/autossh/.ssh/authorized_keys

if [ ! -s authorized_keys ]; then
    echo "WARNING: authorized_keys in setup folder seems empty so you should manually setup host authorized_keys or rerun this script."
fi
cat authorized_keys >> /home/autossh/.ssh/authorized_keys

echo "OK: Files and content ready."
echo "NEXT: Setup file and folder permissions."

chown -R autossh:autossh /home/autossh/.ssh
chmod 700 /home/autossh/.ssh
chmod 600 /home/autossh/.ssh/authorized_keys

echo "OK: File and folder permissions setup."
echo "NEXT: Checking for systemd."

SYSTEMCTL_CMD=$(which systemctl)
if [[ -z $SYSTEMCTL_CMD ]]; then
    echo "NEXT: Copy targets into /etc/default."

    cp -n targets/* /etc/default/

    echo "OK: Targets copied."
    echo "NEXT: Setup systemd service."

    cp secure-tunnel@.service /etc/systemd/system/
    systemctl daemon-reload

    echo "OK: Systemd service created."
else
    echo "WARNING: No systemd installation found. You should manually setup an autossh service to keep tunnel alive."
fi

echo "All done. What you need to do now:\n"
echo "- generate an ssh keypair with ssh-keygen for user autossh and push signature to the jump server"
echo "- configure remote host /etc/ssh/sshd_config with option 'GatewayPorts yes' and 'AllowTcpForwarding yes'"
echo "- configure your ~/.ssh/config like the provided one with this repo"