#!/usr/bin/env bash

# This script is idempotent in the sense that running it more
# than once will not change the state beyond the initial application

set -euxo pipefail

CHAIN=$1
DOMAIN=$2
BRANCH=$3
COMMIT=$4
REVISION="ord-$BRANCH-$COMMIT"

touch ~/.hushlogin

sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config

mkdir -p \
  /etc/systemd/system/bitcoind.service.d \
  /etc/systemd/system/ord.service.d

printf "[Service]\nEnvironment=CHAIN=%s\n" $CHAIN \
  | tee /etc/systemd/system/bitcoind.service.d/override.conf \
  > /etc/systemd/system/ord.service.d/override.conf

printf 'BRANCH=%s\n' $BRANCH >> /etc/environment \
  && printf 'COMMIT=%s\n' $COMMIT >> /etc/environment \
  && printf 'REVISION=%s\n' $REVISION >> /etc/environment

hostnamectl set-hostname $DOMAIN

apt-get install --yes \
  acl \
  clang \
  libsqlite3-dev\
  libssl-dev \
  pkg-config \
  ufw \
  vim

ufw default allow outgoing
ufw default deny incoming

ufw allow 8080
ufw allow http
ufw allow https
ufw allow ssh